diff options
| author | Thomas Egerer <thomas.egerer@secunet.com> | 2016-10-25 15:38:19 (GMT) |
|---|---|---|
| committer | Thomas Egerer <hakke_007@gmx.de> | 2016-11-06 20:49:34 (GMT) |
| commit | f6f0fc25027997a76cc6fa2091189911cbf78ca7 (patch) | |
| tree | 54044419b42c4bbdaf8bbd9d89d6ef4fc67a2461 /lib/utils.c | |
| parent | d752558bc23430c6c536046ae44b93fd0b099f6c (diff) | |
| download | libnl-f6f0fc25027997a76cc6fa2091189911cbf78ca7.zip libnl-f6f0fc25027997a76cc6fa2091189911cbf78ca7.tar.gz libnl-f6f0fc25027997a76cc6fa2091189911cbf78ca7.tar.bz2 | |
xfrm: fix xfrm security context management
The data structure of choice when adding/processing a security context
for xfrm is struct xfrm(nl)_user_sec_ctx. The previous code did however
use the (also exported) struct xfrm(nl)_sec_ctx. While sizeof(struct
xfrm(nl)_*sec_ctx) yields the same result, the interpretation of one of
the data structures as the other one messes up the contents.
With this fix, the wrong data structure has been replaced with the
correct one. Also -- since the size of the context string is not known
-- one can now call xfrmnl_sa_get_sec_ctx with ctx_str being NULL, thus
retrieving the length of the context string.
A new capability has been introduced, to test whether libnl3 supports
the modified semantics of this function.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
Diffstat (limited to 'lib/utils.c')
| -rw-r--r-- | lib/utils.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/utils.c b/lib/utils.c index c1c1b72..7d339ae 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1190,7 +1190,7 @@ int nl_has_capability (int capability) NL_CAPABILITY_VERSION_3_2_28, NL_CAPABILITY_RTNL_ADDR_PEER_ID_FIX, NL_CAPABILITY_NL_ADDR_FILL_SOCKADDR, - 0, + NL_CAPABILITY_XFRM_SEC_CTX_LEN, 0, 0), /* IMPORTANT: these capability numbers are intended to be universal and stable |