xfrm: Fix installation of AH IPsec SAs The SPI check introduced in ea9884b3acf3311c8a11db67bfab21773f6f82ba was intended for IPComp SAs but actually prevented AH SAs from getting installed (depending on the SPI). Fixes: ea9884b3acf3 ("xfrm: check user specified spi for IPComp") Cc: Fan Du <fan.du@windriver.com> Signed-off-by: Tobias Brunner <tobias@strongswan.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

commit: a0e5ef53aac8e5049f9344857d8ec5237d31e58b [log] [tgz]
author: Tobias Brunner <tobias@strongswan.org> Thu Jun 26 15:12:45 2014 +0200
committer: Steffen Klassert <steffen.klassert@secunet.com> Mon Jun 30 07:42:12 2014 +0200
tree: 30aeaea34b3097a0de2d1be95337b7cd79b1f3cc
parent: b7eea4545ea775df957460f58eb56085a8892856 [diff]
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 412d9dc..d4db6eb 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c

@@ -177,9 +177,7 @@
 		    attrs[XFRMA_ALG_AEAD]	||
 		    attrs[XFRMA_ALG_CRYPT]	||
 		    attrs[XFRMA_ALG_COMP]	||
-		    attrs[XFRMA_TFCPAD]		||
-		    (ntohl(p->id.spi) >= 0x10000))
-
+		    attrs[XFRMA_TFCPAD])
 			goto out;
 		break;
 
@@ -207,7 +205,8 @@
 		    attrs[XFRMA_ALG_AUTH]	||
 		    attrs[XFRMA_ALG_AUTH_TRUNC]	||
 		    attrs[XFRMA_ALG_CRYPT]	||
-		    attrs[XFRMA_TFCPAD])
+		    attrs[XFRMA_TFCPAD]		||
+		    (ntohl(p->id.spi) >= 0x10000))
 			goto out;
 		break;
commit	a0e5ef53aac8e5049f9344857d8ec5237d31e58b	[log] [tgz]
author	Tobias Brunner <tobias@strongswan.org>	Thu Jun 26 15:12:45 2014 +0200
committer	Steffen Klassert <steffen.klassert@secunet.com>	Mon Jun 30 07:42:12 2014 +0200
tree	30aeaea34b3097a0de2d1be95337b7cd79b1f3cc
parent	b7eea4545ea775df957460f58eb56085a8892856 [diff]