From bc79107243e579d8973288121ec0532d7fe3e24a Mon Sep 17 00:00:00 2001
From: Thomas Graf <tgraf@suug.ch>
Date: Mon, 10 Dec 2007 16:53:05 -0800
Subject: [PATCH] --- yaml --- r: 74796 b: refs/heads/master c:
 2017a72c070033830b460d31cd4703f9d2ec0d56 h: refs/heads/master v: v3

---
 [refs]                | 2 +-
 trunk/net/ipv4/esp4.c | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index de60a9d86da9..2222fe49f4a4 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: a4e65d36a959005f14142535b58c44cd0f1de8cb
+refs/heads/master: 2017a72c070033830b460d31cd4703f9d2ec0d56
diff --git a/trunk/net/ipv4/esp4.c b/trunk/net/ipv4/esp4.c
index c31bccb9b526..1738113268bc 100644
--- a/trunk/net/ipv4/esp4.c
+++ b/trunk/net/ipv4/esp4.c
@@ -9,6 +9,7 @@
 #include <linux/pfkeyv2.h>
 #include <linux/random.h>
 #include <linux/spinlock.h>
+#include <linux/in6.h>
 #include <net/icmp.h>
 #include <net/protocol.h>
 #include <net/udp.h>
@@ -224,6 +225,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
 
 	/* ... check padding bits here. Silly. :-) */
 
+	/* RFC4303: Drop dummy packets without any error */
+	if (nexthdr[1] == IPPROTO_NONE)
+		goto out;
+
 	iph = ip_hdr(skb);
 	ihl = iph->ihl * 4;