Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
1) Initialize the satype field in key_notify_policy_flush(),
   this was left uninitialized. From Nicolas Dichtel.

2) The sequence number difference for replay notifications
   was misscalculated on ESN sequence number wrap. We need
   a separate replay notify function for esn.

3) Fix an off by one in the esn replay notify function.
   From Mathias Krause.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

diff --combined net/key/af_key.c
index 8555f331ea60d4bca67cbe91390ed077f62a091e,d5a4a796f0250ac1d48f6d116eec6b4f9a81f339..5b1e5af257137e4c6a03a2c575f1adb5a949e25e
--- 1/net/key/af_key.c
--- 2/net/key/af_key.c
+++ b/net/key/af_key.c
@@@ -225,6 -225,7 +225,6 @@@ static int pfkey_broadcast(struct sk_bu
  {
        struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
        struct sock *sk;
 -      struct hlist_node *node;
        struct sk_buff *skb2 = NULL;
        int err = -ESRCH;
  
@@@ -235,7 -236,7 +235,7 @@@
                return -ENOMEM;
  
        rcu_read_lock();
 -      sk_for_each_rcu(sk, node, &net_pfkey->table) {
 +      sk_for_each_rcu(sk, &net_pfkey->table) {
                struct pfkey_sock *pfk = pfkey_sk(sk);
                int err2;
  
@@@ -2201,7 -2202,7 +2201,7 @@@ static int pfkey_spdadd(struct sock *sk
                      XFRM_POLICY_BLOCK : XFRM_POLICY_ALLOW);
        xp->priority = pol->sadb_x_policy_priority;
  
 -      sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
 +      sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
        xp->family = pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.saddr);
        if (!xp->family) {
                err = -EINVAL;
@@@ -2214,7 -2215,7 +2214,7 @@@
        if (xp->selector.sport)
                xp->selector.sport_mask = htons(0xffff);
  
 -      sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
 +      sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
        pfkey_sadb_addr2xfrm_addr(sa, &xp->selector.daddr);
        xp->selector.prefixlen_d = sa->sadb_address_prefixlen;
  
@@@ -2315,7 -2316,7 +2315,7 @@@ static int pfkey_spddelete(struct sock 
  
        memset(&sel, 0, sizeof(sel));
  
 -      sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1],
 +      sa = ext_hdrs[SADB_EXT_ADDRESS_SRC-1];
        sel.family = pfkey_sadb_addr2xfrm_addr(sa, &sel.saddr);
        sel.prefixlen_s = sa->sadb_address_prefixlen;
        sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
@@@ -2323,7 -2324,7 +2323,7 @@@
        if (sel.sport)
                sel.sport_mask = htons(0xffff);
  
 -      sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1],
 +      sa = ext_hdrs[SADB_EXT_ADDRESS_DST-1];
        pfkey_sadb_addr2xfrm_addr(sa, &sel.daddr);
        sel.prefixlen_d = sa->sadb_address_prefixlen;
        sel.proto = pfkey_proto_to_xfrm(sa->sadb_address_proto);
@@@ -2693,6 -2694,7 +2693,7 @@@ static int key_notify_policy_flush(cons
        hdr->sadb_msg_pid = c->portid;
        hdr->sadb_msg_version = PF_KEY_V2;
        hdr->sadb_msg_errno = (uint8_t) 0;
+       hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
        hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
        pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
        return 0;