[IPSEC]: Support for optional policies on input got lost.

6963351e · James Morris · David S. Miller · 0a182454 · 6963351e
Commit 6963351e authored Apr 08, 2003 by James Morris Committed by David S. Miller Apr 08, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

net/xfrm/xfrm_policy.c net/xfrm/xfrm_policy.c +2 -0

No files found.
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -963,6 +963,8 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
 			 * are implied between each two transformations.
 			 */
 			for (i = pol->xfrm_nr-1, k = 0; i >= 0; i--) {
+				if (pol->xfrm_vec[i].optional)
+					continue;
 				k = xfrm_policy_ok(pol->xfrm_vec+i, sp, k, family);
 				if (k < 0)
 					goto reject;