]> err.no Git - linux-2.6/commit
[IPSEC]: Forbid BEET + ipcomp for now
authorHerbert Xu <herbert@gondor.apana.org.au>
Wed, 14 Nov 2007 05:39:08 +0000 (21:39 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 22:53:43 +0000 (14:53 -0800)
commite40b3286158565909692e5914ea4a11bdbcc68c8
tree5ef7b76f1e02406bb839e4887f6a79ff36dde39f
parent25ee3286dcbc830a833354bb1d15567956844813
[IPSEC]: Forbid BEET + ipcomp for now

While BEET can theoretically work with IPComp the current code can't
do that because it tries to construct a BEET mode tunnel type which
doesn't (and cannot) exist.  In fact as it is it won't even attach a
tunnel object at all for BEET which is bogus.

To support this fully we'd also need to change the policy checks on
input to recognise a plain tunnel as a legal variant of an optional
BEET transform.

This patch simply fails such constructions for now.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ipcomp.c
net/ipv6/ipcomp6.c