[IPV4/IPV6]: Clear security path for tunnel packets.

net/ipv4/ip_gre.c

@@ -37,6 +37,7 @@
 #include <net/arp.h>
 #include <net/checksum.h>
 #include <net/inet_ecn.h>
+#include <net/xfrm.h>
 
 #ifdef CONFIG_IPV6
 #include <net/ipv6.h>
@@ -600,6 +601,9 @@ int ipgre_rcv(struct sk_buff *skb)
 
 	read_lock(&ipgre_lock);
 	if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) {
+		secpath_put(skb->sp);
+		skb->sp = NULL;
+
 		skb->mac.raw = skb->nh.raw;
 		skb->nh.raw = __pskb_pull(skb, offset);
 		memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));

net/ipv4/ipip.c

@@ -483,6 +483,9 @@ static int ipip_rcv(struct sk_buff *skb)
 			return 0;
 		}
 
+		secpath_put(skb->sp);
+		skb->sp = NULL;
+
 		skb->mac.raw = skb->nh.raw;
 		skb->nh.raw = skb->data;
 		memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));

net/ipv6/ip6_tunnel.c

@@ -47,6 +47,7 @@
 #include <net/ip6_route.h>
 #include <net/addrconf.h>
 #include <net/ip6_tunnel.h>
+#include <net/xfrm.h>
 
 MODULE_AUTHOR("Ville Nuorvala");
 MODULE_DESCRIPTION("IPv6-in-IPv6 tunnel");
@@ -514,6 +515,8 @@ int ip6ip6_rcv(struct sk_buff **pskb, unsigned int *nhoffp)
 			read_unlock(&ip6ip6_lock);
 			goto discard;
 		}
+		secpath_put(skb->sp);
+		skb->sp = NULL;
 		skb->mac.raw = skb->nh.raw;
 		skb->nh.raw = skb->data;
 		skb->protocol = htons(ETH_P_IPV6);

net/ipv6/sit.c

@@ -49,6 +49,7 @@
 #include <net/icmp.h>
 #include <net/ipip.h>
 #include <net/inet_ecn.h>
+#include <net/xfrm.h>
 
 /*
    This version of net/ipv6/sit.c is cloned of net/ipv4/ip_gre.c
@@ -376,6 +377,8 @@ static int ipip6_rcv(struct sk_buff *skb)
 
 	read_lock(&ipip6_lock);
 	if ((tunnel = ipip6_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
+		secpath_put(skb->sp);
+		skb->sp = NULL;
 		skb->mac.raw = skb->nh.raw;
 		skb->nh.raw = skb->data;
 		memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));