summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/net/xfrm.h6
-rw-r--r--net/xfrm/xfrm_state.c6
2 files changed, 9 insertions, 3 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 7627956..5b364b0 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -9,6 +9,7 @@
#include <linux/skbuff.h>
#include <linux/socket.h>
#include <linux/pfkeyv2.h>
+#include <linux/ipsec.h>
#include <linux/in6.h>
#include <linux/mutex.h>
@@ -835,6 +836,11 @@ static inline int xfrm_state_kern(struct xfrm_state *x)
return atomic_read(&x->tunnel_users);
}
+static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
+{
+ return (userproto == IPSEC_PROTO_ANY || proto == userproto);
+}
+
/*
* xfrm algorithm information
*/
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 1c79608..34c038c 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -294,7 +294,7 @@ void xfrm_state_flush(u8 proto)
restart:
list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
if (!xfrm_state_kern(x) &&
- (proto == IPSEC_PROTO_ANY || x->id.proto == proto)) {
+ xfrm_id_proto_match(x->id.proto, proto)) {
xfrm_state_hold(x);
spin_unlock_bh(&xfrm_state_lock);
@@ -772,7 +772,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
spin_lock_bh(&xfrm_state_lock);
for (i = 0; i < XFRM_DST_HSIZE; i++) {
list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
- if (proto == IPSEC_PROTO_ANY || x->id.proto == proto)
+ if (xfrm_id_proto_match(x->id.proto, proto))
count++;
}
}
@@ -783,7 +783,7 @@ int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*),
for (i = 0; i < XFRM_DST_HSIZE; i++) {
list_for_each_entry(x, xfrm_state_bydst+i, bydst) {
- if (proto != IPSEC_PROTO_ANY && x->id.proto != proto)
+ if (!xfrm_id_proto_match(x->id.proto, proto))
continue;
err = func(x, --count, data);
if (err)