[IPSEC]: Sync series - policy expires

[cascardo/linux.git] / net / xfrm / xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 077bbf9..453551e 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -13,7 +13,6 @@
  *
  */
 
-#include <asm/bug.h>
 #include <linux/config.h>
 #include <linux/slab.h>
 #include <linux/kmod.h>
@@ -204,7 +203,7 @@ static void xfrm_policy_timer(unsigned long data)
        }
 
        if (warn)
-               km_policy_expired(xp, dir, 0);
+               km_policy_expired(xp, dir, 0, 0);
        if (next != LONG_MAX &&
            !mod_timer(&xp->timer, jiffies + make_jiffies(next)))
                xfrm_pol_hold(xp);
@@ -217,7 +216,7 @@ out:
 expired:
        read_unlock(&xp->lock);
        if (!xfrm_policy_delete(xp, dir))
-               km_policy_expired(xp, dir, 1);
+               km_policy_expired(xp, dir, 1, 0);
        xfrm_pol_put(xp);
 }
 
@@ -783,7 +782,7 @@ int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
        int nx = 0;
        int err;
        u32 genid;
-       u16 family = dst_orig->ops->family;
+       u16 family;
        u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
        u32 sk_sid = security_sk_sid(sk, fl, dir);
 restart:
@@ -797,13 +796,14 @@ restart:
                if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
                        return 0;
 
-               policy = flow_cache_lookup(fl, sk_sid, family, dir,
-                                          xfrm_policy_lookup);
+               policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family,
+                                          dir, xfrm_policy_lookup);
        }
 
        if (!policy)
                return 0;
 
+       family = dst_orig->ops->family;
        policy->curlft.use_time = (unsigned long)xtime.tv_sec;
 
        switch (policy->action) {
@@ -886,11 +886,11 @@ restart:
                         * We can't enlist stable bundles either.
                         */
                        write_unlock_bh(&policy->lock);
-
-                       xfrm_pol_put(policy);
                        if (dst)
                                dst_free(dst);
-                       goto restart;
+
+                       err = -EHOSTUNREACH;
+                       goto error;
                }
                dst->next = policy->bundles;
                policy->bundles = dst;
@@ -996,13 +996,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
                        struct sec_decap_state *xvec = &(skb->sp->x[i]);
                        if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family))
                                return 0;
-
-                       /* If there is a post_input processor, try running it */
-                       if (xvec->xvec->type->post_input &&
-                           (xvec->xvec->type->post_input)(xvec->xvec,
-                                                          &(xvec->decap),
-                                                          skb) != 0)
-                               return 0;
                }
        }