[v1,1/1] linux-gen: ipsec: reject SA creation with ESN flag set

Message ID 1536670806-8209-2-git-send-email-odpbot@yandex.ru
State New
Headers show
Series
  • linux-gen: ipsec: reject SA creation with ESN flag set
Related show

Commit Message

Github ODP bot Sept. 11, 2018, 1 p.m.
From: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>


Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>

Fixes: https://bugs.linaro.org/show_bug.cgi?id=4002
---
/** Email created from pull request 698 (lumag:ipsec-no-esn)
 ** https://github.com/Linaro/odp/pull/698
 ** Patch: https://github.com/Linaro/odp/pull/698.patch
 ** Base sha: 33fbc04b6373960ec3f84de4e7e7b34c49d71508
 ** Merge commit sha: 3f3193c9ef13ae0a8bb5489142b1fd1b70f12a45
 **/
 platform/linux-generic/odp_ipsec_sad.c | 4 ++++
 1 file changed, 4 insertions(+)

Patch

diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c
index 11f37fd8f..3a066bbf9 100644
--- a/platform/linux-generic/odp_ipsec_sad.c
+++ b/platform/linux-generic/odp_ipsec_sad.c
@@ -289,6 +289,10 @@  odp_ipsec_sa_t odp_ipsec_sa_create(const odp_ipsec_sa_param_t *param)
 	ipsec_sa->queue = param->dest_queue;
 	ipsec_sa->mode = param->mode;
 	ipsec_sa->flags = 0;
+	if (param->opt.esn) {
+		ODP_ERR("ESN is not supported!\n");
+		return ODP_IPSEC_SA_INVALID;
+	}
 	if (ODP_IPSEC_DIR_INBOUND == param->dir) {
 		ipsec_sa->lookup_mode = param->inbound.lookup_mode;
 		if (ODP_IPSEC_LOOKUP_DSTADDR_SPI == ipsec_sa->lookup_mode) {