diff options
Diffstat (limited to 'net/ipv6/xfrm6_input.c')
| -rw-r--r-- | net/ipv6/xfrm6_input.c | 20 | 
1 files changed, 7 insertions, 13 deletions
| diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c index c6b8e132e10a..4abc5e9d6322 100644 --- a/net/ipv6/xfrm6_input.c +++ b/net/ipv6/xfrm6_input.c @@ -113,19 +113,6 @@ static int __xfrm6_udp_encap_rcv(struct sock *sk, struct sk_buff *skb, bool pull  			/* Must be an IKE packet.. pass it through */  			return 1;  		break; -	case UDP_ENCAP_ESPINUDP_NON_IKE: -		/* Check if this is a keepalive packet.  If so, eat it. */ -		if (len == 1 && udpdata[0] == 0xff) { -			return -EINVAL; -		} else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) && -			   udpdata32[0] == 0 && udpdata32[1] == 0) { - -			/* ESP Packet with Non-IKE marker */ -			len = sizeof(struct udphdr) + 2 * sizeof(u32); -		} else -			/* Must be an IKE packet.. pass it through */ -			return 1; -		break;  	}  	/* At this point we are sure that this is an ESPinUDP packet, @@ -283,6 +270,13 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,  		if (!x)  			continue; +		if (unlikely(x->dir && x->dir != XFRM_SA_DIR_IN)) { +			XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEDIRERROR); +			xfrm_state_put(x); +			x = NULL; +			continue; +		} +  		spin_lock(&x->lock);  		if ((!i || (x->props.flags & XFRM_STATE_WILDRECV)) && | 
