struct xfrm_dst *xdst = (struct xfrm_dst *) dst;
struct xfrm_policy *pol = xdst->pols[0];
struct xfrm_policy_queue *pq = &pol->polq;
+ const struct sk_buff *fclone = skb + 1;
+
+ if (unlikely(skb->fclone == SKB_FCLONE_ORIG &&
+ fclone->fclone == SKB_FCLONE_CLONE)) {
+ kfree_skb(skb);
+ return 0;
+ }
if (pq->hold_queue.qlen > XFRM_MAX_QUEUE_LEN) {
kfree_skb(skb);
flush_work(&net->xfrm.policy_hash_work);
#ifdef CONFIG_XFRM_SUB_POLICY
audit_info.loginuid = INVALID_UID;
- audit_info.sessionid = -1;
+ audit_info.sessionid = (unsigned int)-1;
audit_info.secid = 0;
xfrm_policy_flush(net, XFRM_POLICY_TYPE_SUB, &audit_info);
#endif
audit_info.loginuid = INVALID_UID;
- audit_info.sessionid = -1;
+ audit_info.sessionid = (unsigned int)-1;
audit_info.secid = 0;
xfrm_policy_flush(net, XFRM_POLICY_TYPE_MAIN, &audit_info);
}
void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
- kuid_t auid, u32 sessionid, u32 secid)
+ kuid_t auid, unsigned int sessionid, u32 secid)
{
struct audit_buffer *audit_buf;
EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
- kuid_t auid, u32 sessionid, u32 secid)
+ kuid_t auid, unsigned int sessionid, u32 secid)
{
struct audit_buffer *audit_buf;
projects / ~andy / linux / blobdiff