ip/xfrm: Do not allow redundant algorithm combinations to be specified

AEAD algorithms perform both encryption and authentication; they are not combined with separate encryption or authentication algorithms. Signed-off-by: David Ward <david.ward@ll.mit.edu>

ip/xfrm: Do not allow redundant algorithm combinations to be specified
AEAD algorithms perform both encryption and authentication; they are not combined with separate encryption or authentication algorithms. Signed-off-by: David Ward <david.ward@ll.mit.edu>
ec839527 · David Ward · Stephen Hemminger · 1d26e1fe · ec839527
Commit ec839527 authored Mar 25, 2013 by David Ward Committed by Stephen Hemminger Mar 28, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

ip/xfrm_state.c ip/xfrm_state.c +3 -3

No files found.
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -379,18 +379,18 @@ static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)

 				switch (type) {
 				case XFRMA_ALG_AEAD:
-					if (aeadop)
+					if (ealgop || aalgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					aeadop = *argv;
 					break;
 				case XFRMA_ALG_CRYPT:
-					if (ealgop)
+					if (ealgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					ealgop = *argv;
 					break;
 				case XFRMA_ALG_AUTH:
 				case XFRMA_ALG_AUTH_TRUNC:
-					if (aalgop)
+					if (aalgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					aalgop = *argv;
 					break;