Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394...

[linux-2.6-omap-h63xx.git] / net / ipv6 / xfrm6_input.c
diff --git a/net/ipv6/xfrm6_input.c b/net/ipv6/xfrm6_input.c

index 6644fc6d542797aba6880d969c0f4d40c9b408cb..a71c7ddcb41e0a7119a874c1c83e860453f2a4b5 100644 (file)
--- a/net/ipv6/xfrm6_input.c
+++ b/net/ipv6/xfrm6_input.c
@@ -34,19 +34,17 @@ int xfrm6_transport_finish(struct sk_buff *skb, int async)
         skb_network_header(skb)[IP6CB(skb)->nhoff] =
                 XFRM_MODE_SKB_CB(skb)->protocol;
  
-#ifdef CONFIG_NETFILTER
+#ifndef CONFIG_NETFILTER
+       if (!async)
+               return 1;
+#endif
+
         ipv6_hdr(skb)->payload_len = htons(skb->len);
         __skb_push(skb, skb->data - skb_network_header(skb));
  
         NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
                 ip6_rcv_finish);
         return -1;
-#else
-       if (async)
-               return ip6_rcv_finish(skb);
-
-       return 1;
-#endif
  }
  
  int xfrm6_rcv(struct sk_buff *skb)
@@ -61,9 +59,6 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
                      xfrm_address_t *saddr, u8 proto)
  {
         struct xfrm_state *x = NULL;
-       int wildcard = 0;
-       xfrm_address_t *xany;
-       int nh = 0;
         int i = 0;
  
         /* Allocate new secpath or COW existing one. */
@@ -85,10 +80,9 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
                 goto drop;
         }
  
-       xany = (xfrm_address_t *)&in6addr_any;
-
         for (i = 0; i < 3; i++) {
                 xfrm_address_t *dst, *src;
+
                 switch (i) {
                 case 0:
                         dst = daddr;
@@ -96,16 +90,13 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
                         break;
                 case 1:
                         /* lookup state with wild-card source address */
-                       wildcard = 1;
                         dst = daddr;
-                       src = xany;
+                       src = (xfrm_address_t *)&in6addr_any;
                         break;
-               case 2:
                 default:
                         /* lookup state with wild-card addresses */
-                       wildcard = 1; /* XXX */
-                       dst = xany;
-                       src = xany;
+                       dst = (xfrm_address_t *)&in6addr_any;
+                       src = (xfrm_address_t *)&in6addr_any;
                         break;
                 }
  
@@ -115,43 +106,24 @@ int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
  
                 spin_lock(&x->lock);
  
-               if (wildcard) {
-                       if ((x->props.flags & XFRM_STATE_WILDRECV) == 0) {
-                               spin_unlock(&x->lock);
-                               xfrm_state_put(x);
-                               x = NULL;
-                               continue;
-                       }
-               }
-
-               if (unlikely(x->km.state != XFRM_STATE_VALID)) {
+               if ((!i || (x->props.flags & XFRM_STATE_WILDRECV)) &&
+                   likely(x->km.state == XFRM_STATE_VALID) &&
+                   !xfrm_state_check_expire(x)) {
                         spin_unlock(&x->lock);
-                       xfrm_state_put(x);
-                       x = NULL;
-                       continue;
-               }
-               if (xfrm_state_check_expire(x)) {
+                       if (x->type->input(x, skb) > 0) {
+                               /* found a valid state */
+                               break;
+                       }
+               } else
                         spin_unlock(&x->lock);
-                       xfrm_state_put(x);
-                       x = NULL;
-                       continue;
-               }
-
-               spin_unlock(&x->lock);
-
-               nh = x->type->input(x, skb);
-               if (nh <= 0) {
-                       xfrm_state_put(x);
-                       x = NULL;
-                       continue;
-               }
  
-               /* Found a state */
-               break;
+               xfrm_state_put(x);
+               x = NULL;
         }
  
         if (!x) {
                 XFRM_INC_STATS(LINUX_MIB_XFRMINNOSTATES);
+               xfrm_audit_state_notfound_simple(skb, AF_INET6);
                 goto drop;
         }