Revert "xfrm: Accept ESP packets regardless of UDP encapsulation mode"
David S. Miller [Fri, 19 Dec 2008 03:23:56 +0000 (19:23 -0800)]
This reverts commit e061b165c7f4ec5e2e160d990b49011b5b6e5c6a.

Signed-off-by: David S. Miller <davem@davemloft.net>

net/xfrm/xfrm_input.c

index 65bcf09..b4a1317 100644 (file)
@@ -167,6 +167,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                        goto drop_unlock;
                }
 
+               if ((x->encap ? x->encap->encap_type : 0) != encap_type) {
+                       XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
+                       goto drop_unlock;
+               }
+
                if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) {
                        XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
                        goto drop_unlock;