[NETFILTER]: nf_conntrack: don't use nfct in skb if conntrack is disabled

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_state.c

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5c5f6dcab974d954ce3940bb8e8b46071b4cd1c8..63a20e818164577dbdf06affacfa8af7d55d690d 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -233,7 +233,7 @@ static inline unsigned long make_jiffies(long secs)
 static void xfrm_timer_handler(unsigned long data)
 {
        struct xfrm_state *x = (struct xfrm_state*)data;
-       unsigned long now = (unsigned long)xtime.tv_sec;
+       unsigned long now = get_seconds();
        long next = LONG_MAX;
        int warn = 0;
        int err = 0;
@@ -326,7 +326,7 @@ struct xfrm_state *xfrm_state_alloc(void)
                init_timer(&x->rtimer);
                x->rtimer.function = xfrm_replay_timer_handler;
                x->rtimer.data     = (unsigned long)x;
-               x->curlft.add_time = (unsigned long)xtime.tv_sec;
+               x->curlft.add_time = get_seconds();
                x->lft.soft_byte_limit = XFRM_INF;
                x->lft.soft_packet_limit = XFRM_INF;
                x->lft.hard_byte_limit = XFRM_INF;
@@ -1051,7 +1051,7 @@ EXPORT_SYMBOL(xfrm_state_update);
 int xfrm_state_check_expire(struct xfrm_state *x)
 {
        if (!x->curlft.use_time)
-               x->curlft.use_time = (unsigned long)xtime.tv_sec;
+               x->curlft.use_time = get_seconds();
 
        if (x->km.state != XFRM_STATE_VALID)
                return -EINVAL;
@@ -1371,7 +1371,8 @@ int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
                return 0;
 
        diff = x->replay.seq - seq;
-       if (diff >= x->props.replay_window) {
+       if (diff >= min_t(unsigned int, x->props.replay_window,
+                         sizeof(x->replay.bitmap) * 8)) {
                x->stats.replay_window++;
                return -EINVAL;
        }