Commit 4e7caf86 authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[IPIP]: Avoid duplicate policy checks.

parent 586a9859
...@@ -483,6 +483,11 @@ static int ipip_rcv(struct sk_buff *skb) ...@@ -483,6 +483,11 @@ static int ipip_rcv(struct sk_buff *skb)
read_lock(&ipip_lock); read_lock(&ipip_lock);
if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) { if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
kfree_skb(skb);
return 0;
}
tunnel->stat.rx_packets++; tunnel->stat.rx_packets++;
tunnel->stat.rx_bytes += skb->len; tunnel->stat.rx_bytes += skb->len;
skb->dev = tunnel->dev; skb->dev = tunnel->dev;
......
...@@ -169,6 +169,7 @@ static struct xfrm_type ipip_type = { ...@@ -169,6 +169,7 @@ static struct xfrm_type ipip_type = {
static struct inet_protocol ipip_protocol = { static struct inet_protocol ipip_protocol = {
.handler = ipip_rcv, .handler = ipip_rcv,
.err_handler = ipip_err, .err_handler = ipip_err,
.no_policy = 1,
}; };
static int __init ipip_init(void) static int __init ipip_init(void)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment