]> www.pilppa.org Git - linux-2.6-omap-h63xx.git/blobdiff - net/ipv6/icmp.c
projects / linux-2.6-omap-h63xx.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[IPSEC]: Do not let packets pass when ICMP flag is off
[linux-2.6-omap-h63xx.git] / net / ipv6 / icmp.c
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index 1659d2fb01fee445eaeae74470cf3c98c56b51b5..c3bbd8687307368f232999b5b7b22afb4da7f8a4 100644 (file)
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -644,10 +644,13 @@ static int icmpv6_rcv(struct sk_buff *skb)
        struct icmp6hdr *hdr;
        int type;
 
-       if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb) && skb->sp &&
-           skb->sp->xvec[skb->sp->len - 1]->props.flags & XFRM_STATE_ICMP) {
+       if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
                int nh;
 
+               if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
+                                XFRM_STATE_ICMP))
+                       goto drop_no_count;
+
                if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
                        goto drop_no_count;
 
Unnamed repository; edit this file 'description' to name the repository.