diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/core/skbuff.c | 2 | ||||
-rw-r--r-- | net/ipv4/icmp.c | 3 | ||||
-rw-r--r-- | net/ipv4/ip_forward.c | 2 | ||||
-rw-r--r-- | net/ipv4/route.c | 2 | ||||
-rw-r--r-- | net/ipv6/icmp.c | 3 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 2 |
6 files changed, 9 insertions, 5 deletions
diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 4e22e3a35359..cdfe473181af 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c | |||
@@ -489,7 +489,7 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) | |||
489 | new->network_header = old->network_header; | 489 | new->network_header = old->network_header; |
490 | new->mac_header = old->mac_header; | 490 | new->mac_header = old->mac_header; |
491 | new->dst = dst_clone(old->dst); | 491 | new->dst = dst_clone(old->dst); |
492 | #ifdef CONFIG_INET | 492 | #ifdef CONFIG_XFRM |
493 | new->sp = secpath_get(old->sp); | 493 | new->sp = secpath_get(old->sp); |
494 | #endif | 494 | #endif |
495 | memcpy(new->cb, old->cb, sizeof(old->cb)); | 495 | memcpy(new->cb, old->cb, sizeof(old->cb)); |
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 72b2de76f1cd..e9d6ea0b49ca 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -976,9 +976,10 @@ int icmp_rcv(struct sk_buff *skb) | |||
976 | struct net *net = dev_net(rt->u.dst.dev); | 976 | struct net *net = dev_net(rt->u.dst.dev); |
977 | 977 | ||
978 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { | 978 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
979 | struct sec_path *sp = skb_sec_path(skb); | ||
979 | int nh; | 980 | int nh; |
980 | 981 | ||
981 | if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags & | 982 | if (!(sp && sp->xvec[sp->len - 1]->props.flags & |
982 | XFRM_STATE_ICMP)) | 983 | XFRM_STATE_ICMP)) |
983 | goto drop; | 984 | goto drop; |
984 | 985 | ||
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c index 450016b89a18..df3fe50bbf0d 100644 --- a/net/ipv4/ip_forward.c +++ b/net/ipv4/ip_forward.c | |||
@@ -106,7 +106,7 @@ int ip_forward(struct sk_buff *skb) | |||
106 | * We now generate an ICMP HOST REDIRECT giving the route | 106 | * We now generate an ICMP HOST REDIRECT giving the route |
107 | * we calculated. | 107 | * we calculated. |
108 | */ | 108 | */ |
109 | if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb->sp) | 109 | if (rt->rt_flags&RTCF_DOREDIRECT && !opt->srr && !skb_sec_path(skb)) |
110 | ip_rt_send_redirect(skb); | 110 | ip_rt_send_redirect(skb); |
111 | 111 | ||
112 | skb->priority = rt_tos2priority(iph->tos); | 112 | skb->priority = rt_tos2priority(iph->tos); |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 21ce7e1b2284..ffb2c5705432 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
@@ -1399,7 +1399,9 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw, | |||
1399 | rt->u.dst.path = &rt->u.dst; | 1399 | rt->u.dst.path = &rt->u.dst; |
1400 | rt->u.dst.neighbour = NULL; | 1400 | rt->u.dst.neighbour = NULL; |
1401 | rt->u.dst.hh = NULL; | 1401 | rt->u.dst.hh = NULL; |
1402 | #ifdef CONFIG_XFRM | ||
1402 | rt->u.dst.xfrm = NULL; | 1403 | rt->u.dst.xfrm = NULL; |
1404 | #endif | ||
1403 | rt->rt_genid = rt_genid(net); | 1405 | rt->rt_genid = rt_genid(net); |
1404 | rt->rt_flags |= RTCF_REDIRECTED; | 1406 | rt->rt_flags |= RTCF_REDIRECTED; |
1405 | 1407 | ||
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 9b7d19ae5ced..508a713ac045 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
@@ -646,9 +646,10 @@ static int icmpv6_rcv(struct sk_buff *skb) | |||
646 | int type; | 646 | int type; |
647 | 647 | ||
648 | if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { | 648 | if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
649 | struct sec_path *sp = skb_sec_path(skb); | ||
649 | int nh; | 650 | int nh; |
650 | 651 | ||
651 | if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags & | 652 | if (!(sp && sp->xvec[sp->len - 1]->props.flags & |
652 | XFRM_STATE_ICMP)) | 653 | XFRM_STATE_ICMP)) |
653 | goto drop_no_count; | 654 | goto drop_no_count; |
654 | 655 | ||
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index c77db0b95e26..7d92fd97cfb9 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -490,7 +490,7 @@ int ip6_forward(struct sk_buff *skb) | |||
490 | We don't send redirects to frames decapsulated from IPsec. | 490 | We don't send redirects to frames decapsulated from IPsec. |
491 | */ | 491 | */ |
492 | if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 && | 492 | if (skb->dev == dst->dev && dst->neighbour && opt->srcrt == 0 && |
493 | !skb->sp) { | 493 | !skb_sec_path(skb)) { |
494 | struct in6_addr *target = NULL; | 494 | struct in6_addr *target = NULL; |
495 | struct rt6_info *rt; | 495 | struct rt6_info *rt; |
496 | struct neighbour *n = dst->neighbour; | 496 | struct neighbour *n = dst->neighbour; |