6 files changed, 9 insertions, 5 deletions

diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 4e22e3a35359..cdfe473181af 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -489,7 +489,7 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old)
         new->network_header     = old->network_header;
         new->mac_header         = old->mac_header;
         new->dst                = dst_clone(old->dst);
-#ifdef CONFIG_INET
+#ifdef CONFIG_XFRM
         new->sp                 = secpath_get(old->sp);
 #endif
         memcpy(new->cb, old->cb, sizeof(old->cb));
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 72b2de76f1cd..e9d6ea0b49ca 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -976,9 +976,10 @@ int icmp_rcv(struct sk_buff *skb)
         struct net *net = dev_net(rt->u.dst.dev);
 
         if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
+                struct sec_path *sp = skb_sec_path(skb);
                 int nh;
 
-                if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
+                if (!(sp && sp->xvec[sp->len - 1]->props.flags &
                                  XFRM_STATE_ICMP))
                         goto drop;
 
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index 450016b89a18..df3fe50bbf0d 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -106,7 +106,7 @@ int ip_forward(struct sk_buff *skb)
          *      We now generate an ICMP HOST REDIRECT giving the route
          *      we calculated.
          */
-        if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb->sp)
+        if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb_sec_path(skb))
                 ip_rt_send_redirect(skb);
 
         skb->priority = rt_tos2priority(iph->tos);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 21ce7e1b2284..ffb2c5705432 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1399,7 +1399,9 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
                                 rt->u.dst.path          = &rt->u.dst;
                                 rt->u.dst.neighbour     = NULL;
                                 rt->u.dst.hh            = NULL;
+#ifdef CONFIG_XFRM
                                 rt->u.dst.xfrm          = NULL;
+#endif
                                 rt->rt_genid            = rt_genid(net);
                                 rt->rt_flags            |= RTCF_REDIRECTED;
 
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 9b7d19ae5ced..508a713ac045 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -646,9 +646,10 @@ static int icmpv6_rcv(struct sk_buff *skb)
         int type;
 
         if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
+                struct sec_path *sp = skb_sec_path(skb);
                 int nh;
 
-                if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
+                if (!(sp && sp->xvec[sp->len - 1]->props.flags &
                                  XFRM_STATE_ICMP))
                         goto drop_no_count;
 
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index c77db0b95e26..7d92fd97cfb9 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -490,7 +490,7 @@ int ip6_forward(struct sk_buff *skb)
            We don't send redirects to frames decapsulated from IPsec.
          */
         if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 &&
-            !skb->sp) {
+            !skb_sec_path(skb)) {
                 struct in6_addr *target = NULL;
                 struct rt6_info *rt;
                 struct neighbour *n = dst->neighbour;