diff options
author | David S. Miller <davem@davemloft.net> | 2008-12-18 19:23:56 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-12-18 22:27:37 -0800 |
commit | 3de77cf23e9a19b9fc28e3b29371308325428c39 (patch) | |
tree | 20a6eafcdf351426ca0c8119cda1ff0e999f407d | |
parent | 49ad9599d42da4787d5b3a19263440e0fcd4d1fc (diff) |
Revert "xfrm: Accept ESP packets regardless of UDP encapsulation mode"
This reverts commit e061b165c7f4ec5e2e160d990b49011b5b6e5c6a.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/xfrm/xfrm_input.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 65bcf09251e..b4a13178fb4 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -167,6 +167,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) goto drop_unlock; } + if ((x->encap ? x->encap->encap_type : 0) != encap_type) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); + goto drop_unlock; + } + if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); goto drop_unlock; |