]> err.no Git - linux-2.6/commitdiff
[IPSEC] Fix xfrm to pfkey SA state conversion
authorHerbert Xu <herbert@gondor.apana.org.au>
Sun, 19 Jun 2005 05:43:43 +0000 (22:43 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sun, 19 Jun 2005 05:43:43 +0000 (22:43 -0700)
This patch adjusts the SA state conversion in af_key such that
XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD
instead of SADB_STATE_DYING.

According to RFC 2367, SADB_STATE_DYING SAs can be turned into
mature ones through updating their lifetime settings.  Since SAs
which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot
be resurrected, this value is unsuitable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
net/key/af_key.c

index d086c117f5f07796c02cae27c3ebebead1b52f6c..560c93c1089074e35b73ca12b0c6c5b97b28c556 100644 (file)
@@ -656,13 +656,18 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
        sa->sadb_sa_exttype = SADB_EXT_SA;
        sa->sadb_sa_spi = x->id.spi;
        sa->sadb_sa_replay = x->props.replay_window;
-       sa->sadb_sa_state = SADB_SASTATE_DYING;
-       if (x->km.state == XFRM_STATE_VALID && !x->km.dying)
-               sa->sadb_sa_state = SADB_SASTATE_MATURE;
-       else if (x->km.state == XFRM_STATE_ACQ)
+       switch (x->km.state) {
+       case XFRM_STATE_VALID:
+               sa->sadb_sa_state = x->km.dying ?
+                       SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
+               break;
+       case XFRM_STATE_ACQ:
                sa->sadb_sa_state = SADB_SASTATE_LARVAL;
-       else if (x->km.state == XFRM_STATE_EXPIRED)
+               break;
+       default:
                sa->sadb_sa_state = SADB_SASTATE_DEAD;
+               break;
+       }
        sa->sadb_sa_auth = 0;
        if (x->aalg) {
                struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);