From: Eric Paris <eparis@redhat.com> Subject: [RHEL5 PATCH] BZ 234485 Match proto when searching for larval SA Date: Mon, 04 Jun 2007 11:59:37 -0400 Bugzilla: 234485 Message-Id: <1180972777.3950.5.camel@localhost.localdomain> Changelog: [audit] Match proto when searching for larval SA BZ 234485 The code to look for larval SAs to delete when a real SA got created wasn't properly matching on the proto (AH/ESP). Upstream had 2 problems with this but RHEL5 only has one of those problems. This was causing double SAs to sometimes be created during the LSPP testing. With this patch the LSPP kernel is functioning properly. http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=75e252d981c0e80c14ce90df246e9b1300474c4f -Eric --- linux-2.6.18.i686/net/xfrm/xfrm_state.c.pre.multiple 2007-03-09 15:20:48.000000000 -0500 +++ linux-2.6.18.i686/net/xfrm/xfrm_state.c 2007-03-09 18:46:16.000000000 -0500 @@ -511,7 +511,8 @@ int xfrm_state_add(struct xfrm_state *x) if (x->km.seq) { x1 = __xfrm_find_acq_byseq(x->km.seq); - if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) { + if (x1 && ((x1->id.proto != x->id.proto) || + xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) { xfrm_state_put(x1); x1 = NULL; }