• Herbert Xu's avatar
    [IPSEC]: Fix SPI generation by netlink_get_spi() · 94408b14
    Herbert Xu authored
    The issue is that two successive calls to netlink_get_spi is returning
    the same SA.  Since netlink_get_spi is meant to be a creation operation
    this is incorrect.
    
    The netlink_get_spi operation is modelled off the PFKEY SADB_GETSPI
    command which is specified in RFC 2367.  The purpose of SADB_GETSPI
    is to create a new larval SA that can then be filled in by SADB_UPDATE.
    
    Its semantics does not allow two SADB_GETSPI calls to return the same
    SA, even if there is no SADB_UPDATE call in between.
    
    The reason the second netlink_get_spi is returning the same SA is
    because in find_acq(), the code is looking at all larval states as
    opposed to only larval states with an SPI of zero.
    
    Since the only other caller of find_acq() -- xfrm_state_add() intentionally
    ignores all return values with a non-zero SPI, it is safe to not look at
    SAs with non-zero SPIs at all in find_acq().
    
    The following patch does exactly that.
    
    In fact, the find_acq() call in xfrm_state_add() is a remnant from
    the days when we had xfrm_state_replace() instead of xfrm_state_add()
    and xfrm_state_update().  It can now be safely removed.
    
    I'll post a separate patch for that.
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
    94408b14
xfrm4_state.c 3.02 KB