From: David S. Miller Date: Fri, 19 Dec 2008 03:23:56 +0000 (-0800) Subject: Revert "xfrm: Accept ESP packets regardless of UDP encapsulation mode" X-Git-Tag: v5.15~36171^2~121 X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=3de77cf23e9a19b9fc28e3b29371308325428c39;p=mirror_ubuntu-kernels.git Revert "xfrm: Accept ESP packets regardless of UDP encapsulation mode" This reverts commit e061b165c7f4ec5e2e160d990b49011b5b6e5c6a. Signed-off-by: David S. Miller --- diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c index 65bcf09251ef..b4a13178fb40 100644 --- a/net/xfrm/xfrm_input.c +++ b/net/xfrm/xfrm_input.c @@ -167,6 +167,11 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type) goto drop_unlock; } + if ((x->encap ? x->encap->encap_type : 0) != encap_type) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH); + goto drop_unlock; + } + if (x->props.replay_window && xfrm_replay_check(x, skb, seq)) { XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR); goto drop_unlock;