[prev in list] [next in list] [prev in thread] [next in thread] 

List:       git-commits-head
Subject:    [IPIP]: Avoid duplicate policy checks.
From:       Linux Kernel Mailing List <linux-kernel () vger ! kernel ! org>
Date:       2003-09-30 10:34:56
[Download RAW message or body]

ChangeSet 1.1375.5.9, 2003/09/30 03:34:56-07:00, herbert@gondor.apana.org.au

	[IPIP]: Avoid duplicate policy checks.


# This patch includes the following deltas:
#	           ChangeSet	1.1375.5.8 -> 1.1375.5.9
#	net/ipv4/xfrm4_tunnel.c	1.8     -> 1.9    
#	     net/ipv4/ipip.c	1.32    -> 1.33   
#

 ipip.c         |    5 +++++
 xfrm4_tunnel.c |    1 +
 2 files changed, 6 insertions(+)


diff -Nru a/net/ipv4/ipip.c b/net/ipv4/ipip.c
--- a/net/ipv4/ipip.c	Tue Sep 30 09:11:42 2003
+++ b/net/ipv4/ipip.c	Tue Sep 30 09:11:42 2003
@@ -483,6 +483,11 @@
 
 	read_lock(&ipip_lock);
 	if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
+		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
+			kfree_skb(skb);
+			return 0;
+		}
+
 		tunnel->stat.rx_packets++;
 		tunnel->stat.rx_bytes += skb->len;
 		skb->dev = tunnel->dev;
diff -Nru a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c
--- a/net/ipv4/xfrm4_tunnel.c	Tue Sep 30 09:11:42 2003
+++ b/net/ipv4/xfrm4_tunnel.c	Tue Sep 30 09:11:42 2003
@@ -169,6 +169,7 @@
 static struct inet_protocol ipip_protocol = {
 	.handler	=	ipip_rcv,
 	.err_handler	=	ipip_err,
+	.no_policy	=	1,
 };
 
 static int __init ipip_init(void)
-
To unsubscribe from this list: send the line "unsubscribe bk-commits-head" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]