summaryrefslogtreecommitdiff
path: root/net/xfrm/xfrm_policy.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
-rw-r--r--net/xfrm/xfrm_policy.c34
1 files changed, 17 insertions, 17 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 0248afa11cd..b1932a629ef 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1757,14 +1757,14 @@ static struct dst_entry *make_blackhole(struct net *net, u16 family,
* At the moment we eat a raw IP route. Mostly to speed up lookups
* on interfaces with disabled IPsec.
*/
-int xfrm_lookup(struct net *net, struct dst_entry **dst_p,
- const struct flowi *fl,
- struct sock *sk, int flags)
+struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
+ const struct flowi *fl,
+ struct sock *sk, int flags)
{
struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
struct flow_cache_object *flo;
struct xfrm_dst *xdst;
- struct dst_entry *dst, *dst_orig = *dst_p, *route;
+ struct dst_entry *dst, *route;
u16 family = dst_orig->ops->family;
u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
int i, err, num_pols, num_xfrms = 0, drop_pols = 0;
@@ -1847,11 +1847,7 @@ restart:
xfrm_pols_put(pols, drop_pols);
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
- dst = make_blackhole(net, family, dst_orig);
- if (IS_ERR(dst))
- return PTR_ERR(dst);
- *dst_p = dst;
- return 0;
+ return make_blackhole(net, family, dst_orig);
}
if (fl->flags & FLOWI_FLAG_CAN_SLEEP) {
DECLARE_WAITQUEUE(wait, current);
@@ -1895,27 +1891,28 @@ no_transform:
goto error;
} else if (num_xfrms > 0) {
/* Flow transformed */
- *dst_p = dst;
dst_release(dst_orig);
} else {
/* Flow passes untransformed */
dst_release(dst);
+ dst = dst_orig;
}
ok:
xfrm_pols_put(pols, drop_pols);
- return 0;
+ return dst;
nopol:
- if (!(flags & XFRM_LOOKUP_ICMP))
+ if (!(flags & XFRM_LOOKUP_ICMP)) {
+ dst = dst_orig;
goto ok;
+ }
err = -ENOENT;
error:
dst_release(dst);
dropdst:
dst_release(dst_orig);
- *dst_p = NULL;
xfrm_pols_put(pols, drop_pols);
- return err;
+ return ERR_PTR(err);
}
EXPORT_SYMBOL(xfrm_lookup);
@@ -2175,7 +2172,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
struct net *net = dev_net(skb->dev);
struct flowi fl;
struct dst_entry *dst;
- int res;
+ int res = 0;
if (xfrm_decode_session(skb, &fl, family) < 0) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMFWDHDRERROR);
@@ -2183,9 +2180,12 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
}
skb_dst_force(skb);
- dst = skb_dst(skb);
- res = xfrm_lookup(net, &dst, &fl, NULL, 0) == 0;
+ dst = xfrm_lookup(net, skb_dst(skb), &fl, NULL, 0);
+ if (IS_ERR(dst)) {
+ res = 1;
+ dst = NULL;
+ }
skb_dst_set(skb, dst);
return res;
}
generated by cgit v1.2.3-70-g09d2 (git 2.51.2) at 2025-11-04 01:44:45 +0000