[IPSEC]: Remove bogus ref count in xfrm_secpath_reject

[linux-2.6] / net / xfrm / xfrm_policy.c

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 36dd31c40f4ab7b0efb69a8a83a0bbe1fa22bbfd..af27c193697c5ceede169a36588ed36cbd4e4abb 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1682,17 +1682,13 @@ static inline int
 xfrm_secpath_reject(int idx, struct sk_buff *skb, struct flowi *fl)
 {
        struct xfrm_state *x;
-       int err;
 
        if (!skb->sp || idx < 0 || idx >= skb->sp->len)
                return 0;
        x = skb->sp->xvec[idx];
        if (!x->type->reject)
                return 0;
-       xfrm_state_hold(x);
-       err = x->type->reject(x, skb, fl);
-       xfrm_state_put(x);
-       return err;
+       return x->type->reject(x, skb, fl);
 }
 
 /* When skb is transformed back to its "native" form, we have to
@@ -1949,8 +1945,8 @@ static int stale_bundle(struct dst_entry *dst)
 void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
 {
        while ((dst = dst->child) && dst->xfrm && dst->dev == dev) {
-               dst->dev = &loopback_dev;
-               dev_hold(&loopback_dev);
+               dst->dev = init_net.loopback_dev;
+               dev_hold(dst->dev);
                dev_put(dev);
        }
 }
@@ -2236,6 +2232,11 @@ static void xfrm_policy_unlock_afinfo(struct xfrm_policy_afinfo *afinfo)
 
 static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void *ptr)
 {
+       struct net_device *dev = ptr;
+
+       if (dev->nd_net != &init_net)
+               return NOTIFY_DONE;
+
        switch (event) {
        case NETDEV_DOWN:
                xfrm_flush_bundles();