summaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2008-12-19 04:23:56 +0100
committerDavid S. Miller <davem@davemloft.net>2008-12-19 07:27:37 +0100
commit3de77cf23e9a19b9fc28e3b29371308325428c39 (patch)
tree20a6eafcdf351426ca0c8119cda1ff0e999f407d /net/xfrm
parentRevert "net: release skb->dst in sock_queue_rcv_skb()" (diff)
downloadlinux-3de77cf23e9a19b9fc28e3b29371308325428c39.tar.xz
linux-3de77cf23e9a19b9fc28e3b29371308325428c39.zip
Revert "xfrm: Accept ESP packets regardless of UDP encapsulation mode"
This reverts commit e061b165c7f4ec5e2e160d990b49011b5b6e5c6a. Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_input.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index 65bcf09251ef..b4a13178fb40 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -167,6 +167,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
goto drop_unlock;
}
+ if ((x->encap ? x->encap->encap_type : 0) != encap_type) {
+ XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
+ goto drop_unlock;
+ }
+
if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
goto drop_unlock;