From 7689059bdd4c10cad5fadb1089ef22355bdae302 Mon Sep 17 00:00:00 2001
From: Saurabh Mohan <saurabh.mohan@vyatta.com>
Date: Wed, 14 Nov 2012 18:08:15 -0800
Subject: [PATCH] --- yaml --- r: 335750 b: refs/heads/master c:
 b2942004fb5c9f3304b77e187b8a1977b3626c9b h: refs/heads/master v: v3

---
 [refs]                  | 2 +-
 trunk/net/ipv4/ip_vti.c | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index 67b0320501db..2f73c09f9e01 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 1ba56fb45a927d083f655302e75a1911a75b5da6
+refs/heads/master: b2942004fb5c9f3304b77e187b8a1977b3626c9b
diff --git a/trunk/net/ipv4/ip_vti.c b/trunk/net/ipv4/ip_vti.c
index 1831092f999f..858fddf6482a 100644
--- a/trunk/net/ipv4/ip_vti.c
+++ b/trunk/net/ipv4/ip_vti.c
@@ -338,12 +338,17 @@ static int vti_rcv(struct sk_buff *skb)
 	if (tunnel != NULL) {
 		struct pcpu_tstats *tstats;
 
+		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
+			return -1;
+
 		tstats = this_cpu_ptr(tunnel->dev->tstats);
 		u64_stats_update_begin(&tstats->syncp);
 		tstats->rx_packets++;
 		tstats->rx_bytes += skb->len;
 		u64_stats_update_end(&tstats->syncp);
 
+		skb->mark = 0;
+		secpath_reset(skb);
 		skb->dev = tunnel->dev;
 		return 1;
 	}