# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/10/19 16:04:44+02:00 kaber@coreworks.de 
#   [XFRM]: Apply policy checks to packets with a secpath when the policy list is empty
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# include/net/xfrm.h
#   2004/10/19 16:04:18+02:00 kaber@coreworks.de +1 -1
#   [XFRM]: Apply policy checks to packets with a secpath when the policy list is empty
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/include/net/xfrm.h b/include/net/xfrm.h
--- a/include/net/xfrm.h	2004-10-19 16:05:39 +02:00
+++ b/include/net/xfrm.h	2004-10-19 16:05:39 +02:00
@@ -601,7 +601,7 @@
 	if (sk && sk->sk_policy[XFRM_POLICY_IN])
 		return __xfrm_policy_check(sk, dir, skb, family);
 		
-	return	!xfrm_policy_list[dir] ||
+	return	(!xfrm_policy_list[dir] && !skb->sp) ||
 		(skb->dst->flags & DST_NOPOLICY) ||
 		__xfrm_policy_check(sk, dir, skb, family);
 }