1 files changed, 14 insertions, 3 deletions

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2e10d46c0e8c..a83b5e1349ed 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1469,11 +1469,13 @@ restart:
                         goto dropdst;
         }
 
+        err = -ENOENT;
+
         if (!policy) {
                 /* To accelerate a bit...  */
                 if ((dst_orig->flags & DST_NOXFRM) ||
                     !xfrm_policy_count[XFRM_POLICY_OUT])
-                        return 0;
+                        goto nopol;
 
                 policy = flow_cache_lookup(fl, dst_orig->ops->family,
                                            dir, xfrm_policy_lookup);
@@ -1483,14 +1485,18 @@ restart:
         }
 
         if (!policy)
-                return 0;
+                goto nopol;
 
         family = dst_orig->ops->family;
-        policy->curlft.use_time = get_seconds();
         pols[0] = policy;
         npols ++;
         xfrm_nr += pols[0]->xfrm_nr;
 
+        if ((flags & XFRM_LOOKUP_ICMP) && !(policy->flags & XFRM_POLICY_ICMP))
+                goto error;
+
+        policy->curlft.use_time = get_seconds();
+
         switch (policy->action) {
         default:
         case XFRM_POLICY_BLOCK:
@@ -1649,6 +1655,11 @@ dropdst:
         dst_release(dst_orig);
         *dst_p = NULL;
         return err;
+
+nopol:
+        if (flags & XFRM_LOOKUP_ICMP)
+                goto dropdst;
+        return 0;
 }
 EXPORT_SYMBOL(__xfrm_lookup);