[XFRM]: Apply policy checks to packets with a secpath when the policy list is empty

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

[XFRM]: Apply policy checks to packets with a secpath when the policy list is empty
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2b608e5a · Patrick McHardy · David S. Miller · 274837fb · 2b608e5a
Commit 2b608e5a authored Oct 20, 2004 by Patrick McHardy Committed by David S. Miller Oct 20, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

include/net/xfrm.h include/net/xfrm.h +1 -1

No files found.
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -601,7 +601,7 @@ static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *sk
 	if (sk && sk->sk_policy[XFRM_POLICY_IN])
 		return __xfrm_policy_check(sk, dir, skb, family);
 		
-	return	!xfrm_policy_list[dir] ||
+	return	(!xfrm_policy_list[dir] && !skb->sp) ||
 		(skb->dst->flags & DST_NOPOLICY) ||
 		__xfrm_policy_check(sk, dir, skb, family);
 }