1 files changed, 16 insertions, 12 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2ecd18a106cf..1ba0258b49c7 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -59,23 +59,27 @@ static struct xfrm_policy *__xfrm_policy_unlink(struct xfrm_policy *pol,
 static inline int
 __xfrm4_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 {
-        return  addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&
+        const struct flowi4 *fl4 = &fl->u.ip4;
-                addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&
-                !((xfrm_flowi_dport(fl, &fl->u.ip4.uli) ^ sel->dport) & sel->dport_mask) &&
+        return  addr_match(&fl4->daddr, &sel->daddr, sel->prefixlen_d) &&
-                !((xfrm_flowi_sport(fl, &fl->u.ip4.uli) ^ sel->sport) & sel->sport_mask) &&
+                addr_match(&fl4->saddr, &sel->saddr, sel->prefixlen_s) &&
-                (fl->flowi_proto == sel->proto || !sel->proto) &&
+                !((xfrm_flowi_dport(fl, &fl4->uli) ^ sel->dport) & sel->dport_mask) &&
-                (fl->flowi_oif == sel->ifindex || !sel->ifindex);
+                !((xfrm_flowi_sport(fl, &fl4->uli) ^ sel->sport) & sel->sport_mask) &&
+                (fl4->flowi4_proto == sel->proto || !sel->proto) &&
+                (fl4->flowi4_oif == sel->ifindex || !sel->ifindex);
 }
 static inline int
 __xfrm6_selector_match(const struct xfrm_selector *sel, const struct flowi *fl)
 {
-        return  addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&
+        const struct flowi6 *fl6 = &fl->u.ip6;
-                addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&
-                !((xfrm_flowi_dport(fl, &fl->u.ip6.uli) ^ sel->dport) & sel->dport_mask) &&
+        return  addr_match(&fl6->daddr, &sel->daddr, sel->prefixlen_d) &&
-                !((xfrm_flowi_sport(fl, &fl->u.ip6.uli) ^ sel->sport) & sel->sport_mask) &&
+                addr_match(&fl6->saddr, &sel->saddr, sel->prefixlen_s) &&
-                (fl->flowi_proto == sel->proto || !sel->proto) &&
+                !((xfrm_flowi_dport(fl, &fl6->uli) ^ sel->dport) & sel->dport_mask) &&
-                (fl->flowi_oif == sel->ifindex || !sel->ifindex);
+                !((xfrm_flowi_sport(fl, &fl6->uli) ^ sel->sport) & sel->sport_mask) &&
+                (fl6->flowi6_proto == sel->proto || !sel->proto) &&
+                (fl6->flowi6_oif == sel->ifindex || !sel->ifindex);
 }
 int xfrm_selector_match(const struct xfrm_selector *sel, const struct flowi *fl,

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 2ecd18a106cf..1ba0258b49c7 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -59,23 +59,27 @@ static struct xfrm_policy __xfrm_policy_unlink(struct xfrm_policy pol,
59	static inline int	59	static inline int
60	__xfrm4_selector_match(const struct xfrm_selector sel, const struct flowi fl)	60	__xfrm4_selector_match(const struct xfrm_selector sel, const struct flowi fl)
61	{	61	{
62	return addr_match(&fl->fl4_dst, &sel->daddr, sel->prefixlen_d) &&	62	const struct flowi4 *fl4 = &fl->u.ip4;
63	addr_match(&fl->fl4_src, &sel->saddr, sel->prefixlen_s) &&	63
64	!((xfrm_flowi_dport(fl, &fl->u.ip4.uli) ^ sel->dport) & sel->dport_mask) &&	64	return addr_match(&fl4->daddr, &sel->daddr, sel->prefixlen_d) &&
65	!((xfrm_flowi_sport(fl, &fl->u.ip4.uli) ^ sel->sport) & sel->sport_mask) &&	65	addr_match(&fl4->saddr, &sel->saddr, sel->prefixlen_s) &&
66	(fl->flowi_proto == sel->proto \|\| !sel->proto) &&	66	!((xfrm_flowi_dport(fl, &fl4->uli) ^ sel->dport) & sel->dport_mask) &&
67	(fl->flowi_oif == sel->ifindex \|\| !sel->ifindex);	67	!((xfrm_flowi_sport(fl, &fl4->uli) ^ sel->sport) & sel->sport_mask) &&
		68	(fl4->flowi4_proto == sel->proto \|\| !sel->proto) &&
		69	(fl4->flowi4_oif == sel->ifindex \|\| !sel->ifindex);
68	}	70	}
69		71
70	static inline int	72	static inline int
71	__xfrm6_selector_match(const struct xfrm_selector sel, const struct flowi fl)	73	__xfrm6_selector_match(const struct xfrm_selector sel, const struct flowi fl)
72	{	74	{
73	return addr_match(&fl->fl6_dst, &sel->daddr, sel->prefixlen_d) &&	75	const struct flowi6 *fl6 = &fl->u.ip6;
74	addr_match(&fl->fl6_src, &sel->saddr, sel->prefixlen_s) &&	76
75	!((xfrm_flowi_dport(fl, &fl->u.ip6.uli) ^ sel->dport) & sel->dport_mask) &&	77	return addr_match(&fl6->daddr, &sel->daddr, sel->prefixlen_d) &&
76	!((xfrm_flowi_sport(fl, &fl->u.ip6.uli) ^ sel->sport) & sel->sport_mask) &&	78	addr_match(&fl6->saddr, &sel->saddr, sel->prefixlen_s) &&
77	(fl->flowi_proto == sel->proto \|\| !sel->proto) &&	79	!((xfrm_flowi_dport(fl, &fl6->uli) ^ sel->dport) & sel->dport_mask) &&
78	(fl->flowi_oif == sel->ifindex \|\| !sel->ifindex);	80	!((xfrm_flowi_sport(fl, &fl6->uli) ^ sel->sport) & sel->sport_mask) &&
		81	(fl6->flowi6_proto == sel->proto \|\| !sel->proto) &&
		82	(fl6->flowi6_oif == sel->ifindex \|\| !sel->ifindex);
79	}	83	}
80		84
81	int xfrm_selector_match(const struct xfrm_selector sel, const struct flowi fl,	85	int xfrm_selector_match(const struct xfrm_selector sel, const struct flowi fl,