xfrm: fix NAT-related field inheritance in SA migration

During SA migration via xfrm_state_clone_and_setup(),
nat_keepalive_interval was silently dropped and never copied to the new
SA. mapping_maxage was unconditionally copied even when migrating to a
non-encapsulated SA.

Both fields are only meaningful when UDP encapsulation (NAT-T) is in
use. Move mapping_maxage and add nat_keepalive_interval inside the
existing if (encap) block, so both are inherited when migrating with
encapsulation and correctly absent when migrating without it.

Fixes: f531d13bdfe3 ("xfrm: support sending NAT keepalives in ESP in UDP states")
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 933541bc9093660d7e3834a9514c1249f1211eec..b9de931d84c1de8ad4d4ed2983ac948b430bab7b 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2012,6 +2012,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
                x->encap = kmemdup(encap, sizeof(*x->encap), GFP_KERNEL);
                if (!x->encap)
                        goto error;
+               x->mapping_maxage = orig->mapping_maxage;
+               x->nat_keepalive_interval = orig->nat_keepalive_interval;
        }
 
        if (orig->security)
@@ -2046,7 +2048,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
        x->km.seq = orig->km.seq;
        x->replay = orig->replay;
        x->preplay = orig->preplay;
-       x->mapping_maxage = orig->mapping_maxage;
        x->lastused = orig->lastused;
        x->new_mapping = 0;
        x->new_mapping_sport = 0;