]> git.proxmox.com Git - mirror_iproute2.git/commit - ip/ipxfrm.c
projects / mirror_iproute2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 06ec903) | patch
ip-xfrm: support 'proto any' with 'sport' and 'dport'
authorPavel Šimerda <psimerda@redhat.com>
Mon, 13 Apr 2015 14:00:57 +0000 (16:00 +0200)
committerStephen Hemminger <shemming@brocade.com>
Mon, 20 Apr 2015 16:56:44 +0000 (09:56 -0700)
commit11a3e5c4b31530840d6ea4339ce4078d5922b5d6
treedd50c5987e07e5a7904b8445c673141adb900ffetree
parent06ec9039c3aa07924f9c23b0daa8885204704a62commit | diff
ip-xfrm: support 'proto any' with 'sport' and 'dport'

When creating an IPsec SA that sets 'proto any' (IPPROTO_IP) and
specifies 'sport' and 'dport' at the same time in selector, the
following error is issued:

"sport" and "dport" are invalid with proto=ip

However using IPPROTO_IP with ports is completely legal and necessary
when one wants to share the SA on both TCP and UDP. One of the
applications requiring sharing SAs is 3GPP IMS AKA authentication.

See also:

 * https://bugzilla.redhat.com/show_bug.cgi?id=497355

Reported-by: Jiří Klimeš <jklimes@redhat.com>
Signed-off-by: Pavel Šimerda <psimerda@redhat.com>
ip/ipxfrm.c diff | blob | blame | history
Upstream mirror of iproute2