[IPSEC] Fix xfrm to pfkey SA state conversion

This patch adjusts the SA state conversion in af_key such that
XFRM_STATE_ERROR/XFRM_STATE_DEAD will be converted to SADB_STATE_DEAD
instead of SADB_STATE_DYING.

According to RFC 2367, SADB_STATE_DYING SAs can be turned into
mature ones through updating their lifetime settings.  Since SAs
which are in the states XFRM_STATE_ERROR/XFRM_STATE_DEAD cannot
be resurrected, this value is unsuitable.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Herbert Xu 2005-06-18 22:43:43 -07:00 committed by David S. Miller
parent 4666faab09
commit 4f09f0bbc1

View file

@ -656,13 +656,18 @@ static struct sk_buff * pfkey_xfrm_state2msg(struct xfrm_state *x, int add_keys,
sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_exttype = SADB_EXT_SA;
sa->sadb_sa_spi = x->id.spi; sa->sadb_sa_spi = x->id.spi;
sa->sadb_sa_replay = x->props.replay_window; sa->sadb_sa_replay = x->props.replay_window;
sa->sadb_sa_state = SADB_SASTATE_DYING; switch (x->km.state) {
if (x->km.state == XFRM_STATE_VALID && !x->km.dying) case XFRM_STATE_VALID:
sa->sadb_sa_state = SADB_SASTATE_MATURE; sa->sadb_sa_state = x->km.dying ?
else if (x->km.state == XFRM_STATE_ACQ) SADB_SASTATE_DYING : SADB_SASTATE_MATURE;
break;
case XFRM_STATE_ACQ:
sa->sadb_sa_state = SADB_SASTATE_LARVAL; sa->sadb_sa_state = SADB_SASTATE_LARVAL;
else if (x->km.state == XFRM_STATE_EXPIRED) break;
default:
sa->sadb_sa_state = SADB_SASTATE_DEAD; sa->sadb_sa_state = SADB_SASTATE_DEAD;
break;
}
sa->sadb_sa_auth = 0; sa->sadb_sa_auth = 0;
if (x->aalg) { if (x->aalg) {
struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0); struct xfrm_algo_desc *a = xfrm_aalg_get_byname(x->aalg->alg_name, 0);