[XFRM]: Fix missing protocol comparison of larval SAs.

I noticed that in xfrm_state_add we look for the larval SA in a few
places without checking for protocol match. So when using both
AH and ESP, whichever one gets added first, deletes the larval SA.
It seems AH always gets added first and ESP is always the larval
SA's protocol since the xfrm->tmpl has it first. Thus causing the
additional km_query()

Adding the check eliminates accidental double SA creation.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index c656cbaf35e8453d36441db9665feb54493515c9..4318aa0f8b8606f65b71f70e8fc63b6a5485ec90 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -465,7 +465,8 @@ int xfrm_state_add(struct xfrm_state *x)
 
        if (x->km.seq) {
                x1 = __xfrm_find_acq_byseq(x->km.seq);
-               if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
+               if (x1 && ((x1->id.proto != x->id.proto) ||
+                   xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
                        xfrm_state_put(x1);
                        x1 = NULL;
                }