[NETFILTER]: nf_conntrack: don't use nfct in skb if conntrack is disabled

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_state.c

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a35f9e4ede2674625b13191a9fd58736e81cbe91..63a20e818164577dbdf06affacfa8af7d55d690d 100644 (file)
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -233,7 +233,7 @@ static inline unsigned long make_jiffies(long secs)
 static void xfrm_timer_handler(unsigned long data)
 {
        struct xfrm_state *x = (struct xfrm_state*)data;
-       unsigned long now = (unsigned long)xtime.tv_sec;
+       unsigned long now = get_seconds();
        long next = LONG_MAX;
        int warn = 0;
        int err = 0;
@@ -326,7 +326,7 @@ struct xfrm_state *xfrm_state_alloc(void)
                init_timer(&x->rtimer);
                x->rtimer.function = xfrm_replay_timer_handler;
                x->rtimer.data     = (unsigned long)x;
-               x->curlft.add_time = (unsigned long)xtime.tv_sec;
+               x->curlft.add_time = get_seconds();
                x->lft.soft_byte_limit = XFRM_INF;
                x->lft.soft_packet_limit = XFRM_INF;
                x->lft.hard_byte_limit = XFRM_INF;
@@ -704,7 +704,8 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re
                    x->props.mode   != mode ||
                    x->props.family != family ||
                    x->km.state     != XFRM_STATE_ACQ ||
-                   x->id.spi       != 0)
+                   x->id.spi       != 0 ||
+                   x->id.proto     != proto)
                        continue;
 
                switch (family) {
@@ -801,7 +802,8 @@ int xfrm_state_add(struct xfrm_state *x)
 
        if (use_spi && x->km.seq) {
                x1 = __xfrm_find_acq_byseq(x->km.seq);
-               if (x1 && xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family)) {
+               if (x1 && ((x1->id.proto != x->id.proto) ||
+                   xfrm_addr_cmp(&x1->id.daddr, &x->id.daddr, family))) {
                        xfrm_state_put(x1);
                        x1 = NULL;
                }
@@ -1049,7 +1051,7 @@ EXPORT_SYMBOL(xfrm_state_update);
 int xfrm_state_check_expire(struct xfrm_state *x)
 {
        if (!x->curlft.use_time)
-               x->curlft.use_time = (unsigned long)xtime.tv_sec;
+               x->curlft.use_time = get_seconds();
 
        if (x->km.state != XFRM_STATE_VALID)
                return -EINVAL;
@@ -1369,7 +1371,8 @@ int xfrm_replay_check(struct xfrm_state *x, __be32 net_seq)
                return 0;
 
        diff = x->replay.seq - seq;
-       if (diff >= x->props.replay_window) {
+       if (diff >= min_t(unsigned int, x->props.replay_window,
+                         sizeof(x->replay.bitmap) * 8)) {
                x->stats.replay_window++;
                return -EINVAL;
        }