Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git

[sfrench/cifs-2.6.git] / net / xfrm / xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 5e6b05ac126088386dc21a0f15c7543ff2d266b7..f5eae9febd26acbfca587264794011ef420a87e5 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -26,8 +26,8 @@
 #include <net/xfrm.h>
 #include <net/ip.h>
 
-DECLARE_MUTEX(xfrm_cfg_sem);
-EXPORT_SYMBOL(xfrm_cfg_sem);
+DEFINE_MUTEX(xfrm_cfg_mutex);
+EXPORT_SYMBOL(xfrm_cfg_mutex);
 
 static DEFINE_RWLOCK(xfrm_policy_lock);
 
@@ -203,7 +203,7 @@ static void xfrm_policy_timer(unsigned long data)
        }
 
        if (warn)
-               km_policy_expired(xp, dir, 0);
+               km_policy_expired(xp, dir, 0, 0);
        if (next != LONG_MAX &&
            !mod_timer(&xp->timer, jiffies + make_jiffies(next)))
                xfrm_pol_hold(xp);
@@ -216,7 +216,7 @@ out:
 expired:
        read_unlock(&xp->lock);
        if (!xfrm_policy_delete(xp, dir))
-               km_policy_expired(xp, dir, 1);
+               km_policy_expired(xp, dir, 1, 0);
        xfrm_pol_put(xp);
 }
 
@@ -621,6 +621,7 @@ int xfrm_policy_delete(struct xfrm_policy *pol, int dir)
        }
        return -ENOENT;
 }
+EXPORT_SYMBOL(xfrm_policy_delete);
 
 int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol)
 {
@@ -782,7 +783,7 @@ int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
        int nx = 0;
        int err;
        u32 genid;
-       u16 family = dst_orig->ops->family;
+       u16 family;
        u8 dir = policy_to_flow_dir(XFRM_POLICY_OUT);
        u32 sk_sid = security_sk_sid(sk, fl, dir);
 restart:
@@ -796,13 +797,14 @@ restart:
                if ((dst_orig->flags & DST_NOXFRM) || !xfrm_policy_list[XFRM_POLICY_OUT])
                        return 0;
 
-               policy = flow_cache_lookup(fl, sk_sid, family, dir,
-                                          xfrm_policy_lookup);
+               policy = flow_cache_lookup(fl, sk_sid, dst_orig->ops->family,
+                                          dir, xfrm_policy_lookup);
        }
 
        if (!policy)
                return 0;
 
+       family = dst_orig->ops->family;
        policy->curlft.use_time = (unsigned long)xtime.tv_sec;
 
        switch (policy->action) {
@@ -995,13 +997,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
                        struct sec_decap_state *xvec = &(skb->sp->x[i]);
                        if (!xfrm_selector_match(&xvec->xvec->sel, &fl, family))
                                return 0;
-
-                       /* If there is a post_input processor, try running it */
-                       if (xvec->xvec->type->post_input &&
-                           (xvec->xvec->type->post_input)(xvec->xvec,
-                                                          &(xvec->decap),
-                                                          skb) != 0)
-                               return 0;
                }
        }