From: Antony Antony Date: Tue, 26 May 2026 19:07:01 +0000 (+0200) Subject: xfrm: fix NAT-related field inheritance in SA migration X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=364e165e0b63e8142e76de83e96ae8e36c3b955a;p=thirdparty%2Flinux.git xfrm: fix NAT-related field inheritance in SA migration During SA migration via xfrm_state_clone_and_setup(), nat_keepalive_interval was silently dropped and never copied to the new SA. mapping_maxage was unconditionally copied even when migrating to a non-encapsulated SA. Both fields are only meaningful when UDP encapsulation (NAT-T) is in use. Move mapping_maxage and add nat_keepalive_interval inside the existing if (encap) block, so both are inherited when migrating with encapsulation and correctly absent when migrating without it. Fixes: f531d13bdfe3 ("xfrm: support sending NAT keepalives in ESP in UDP states") Reviewed-by: Sabrina Dubroca Signed-off-by: Antony Antony Signed-off-by: Steffen Klassert --- diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 933541bc90936..b9de931d84c1d 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -2012,6 +2012,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig, x->encap = kmemdup(encap, sizeof(*x->encap), GFP_KERNEL); if (!x->encap) goto error; + x->mapping_maxage = orig->mapping_maxage; + x->nat_keepalive_interval = orig->nat_keepalive_interval; } if (orig->security) @@ -2046,7 +2048,6 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig, x->km.seq = orig->km.seq; x->replay = orig->replay; x->preplay = orig->preplay; - x->mapping_maxage = orig->mapping_maxage; x->lastused = orig->lastused; x->new_mapping = 0; x->new_mapping_sport = 0;