xfrm: allow migration from UDP encapsulated to non-encapsulated ESP

The current code prevents migrating an SA from UDP encapsulation to
plain ESP. This is needed when moving from a NATed path to a non-NATed
one, for example when switching from IPv4+NAT to IPv6.

Only copy the existing encapsulation during migration if the encap
attribute is explicitly provided.

Note: PF_KEY's SADB_X_MIGRATE always passes encap=NULL and never
supported encapsulation in migration. PF_KEY is deprecated and was
in feature freeze when UDP encapsulation was added to xfrm.

Tested-by: Yan Yan <evitayan@google.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 53d88b87bdbd0d382835e0e3b182316091ecb63b..933541bc9093660d7e3834a9514c1249f1211eec 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2008,14 +2008,8 @@ static struct xfrm_state *xfrm_state_clone_and_setup(struct xfrm_state *orig,
        }
        x->props.calgo = orig->props.calgo;
 
-       if (encap || orig->encap) {
-               if (encap)
-                       x->encap = kmemdup(encap, sizeof(*x->encap),
-                                       GFP_KERNEL);
-               else
-                       x->encap = kmemdup(orig->encap, sizeof(*x->encap),
-                                       GFP_KERNEL);
-
+       if (encap) {
+               x->encap = kmemdup(encap, sizeof(*x->encap), GFP_KERNEL);
                if (!x->encap)
                        goto error;
        }