[IPSEC]: Add ICMP host relookup support

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2e10d46c0e8cc1373fc810e49b2c03b6e1769f42..a83b5e1349ed4985c77c8ce361059a01d646f91b 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1469,11 +1469,13 @@ restart:
                        goto dropdst;
        }
 
+       err = -ENOENT;
+
        if (!policy) {
                /* To accelerate a bit...  */
                if ((dst_orig->flags & DST_NOXFRM) ||
                    !xfrm_policy_count[XFRM_POLICY_OUT])
-                       return 0;
+                       goto nopol;
 
                policy = flow_cache_lookup(fl, dst_orig->ops->family,
                                           dir, xfrm_policy_lookup);
@@ -1483,14 +1485,18 @@ restart:
        }
 
        if (!policy)
-               return 0;
+               goto nopol;
 
        family = dst_orig->ops->family;
-       policy->curlft.use_time = get_seconds();
        pols[0] = policy;
        npols ++;
        xfrm_nr += pols[0]->xfrm_nr;
 
+       if ((flags & XFRM_LOOKUP_ICMP) && !(policy->flags & XFRM_POLICY_ICMP))
+               goto error;
+
+       policy->curlft.use_time = get_seconds();
+
        switch (policy->action) {
        default:
        case XFRM_POLICY_BLOCK:
@@ -1649,6 +1655,11 @@ dropdst:
        dst_release(dst_orig);
        *dst_p = NULL;
        return err;
+
+nopol:
+       if (flags & XFRM_LOOKUP_ICMP)
+               goto dropdst;
+       return 0;
 }
 EXPORT_SYMBOL(__xfrm_lookup);