UPSTREAM: xfrm: Remove xfrmi interface ID from flowi

	return dst_orig;

}

static inline struct dst_entry *

xfrm_lookup_with_ifid(struct net *net, struct dst_entry *dst_orig,

		      const struct flowi *fl, const struct sock *sk,

		      int flags, u32 if_id)

{

	return dst_orig;

}

static inline struct dst_entry *xfrm_lookup_route(struct net *net,

						  struct dst_entry *dst_orig,

						  const struct flowi *fl,

			      const struct flowi *fl, const struct sock *sk,

			      int flags);

struct dst_entry *xfrm_lookup_with_ifid(struct net *net,

					struct dst_entry *dst_orig,

					const struct flowi *fl,

					const struct sock *sk, int flags,

					u32 if_id);

struct dst_entry *xfrm_lookup_route(struct net *net, struct dst_entry *dst_orig,

				    const struct flowi *fl, const struct sock *sk,

				    int flags);

	__be64			tun_id;

};

struct flowi_xfrm {

	__u32			if_id;

};

struct flowi_common {

	int	flowic_oif;

	int	flowic_iif;

#define FLOWI_FLAG_SKIP_NH_OIF		0x04

	__u32	flowic_secid;

	struct flowi_tunnel flowic_tun_key;

	struct flowi_xfrm xfrm;

	kuid_t  flowic_uid;

};

#define flowi4_secid		__fl_common.flowic_secid

#define flowi4_tun_key		__fl_common.flowic_tun_key

#define flowi4_uid		__fl_common.flowic_uid

#define flowi4_xfrm		__fl_common.xfrm

	/* (saddr,daddr) must be grouped, same order as in IP header */

	__be32			saddr;

	fl4->flowi4_flags = flags;

	fl4->flowi4_secid = 0;

	fl4->flowi4_tun_key.tun_id = 0;

	fl4->flowi4_xfrm.if_id = 0;

	fl4->flowi4_uid = uid;

	fl4->daddr = daddr;

	fl4->saddr = saddr;

#define flowi6_secid		__fl_common.flowic_secid

#define flowi6_tun_key		__fl_common.flowic_tun_key

#define flowi6_uid		__fl_common.flowic_uid

#define flowi6_xfrm		__fl_common.xfrm

	struct in6_addr		daddr;

	struct in6_addr		saddr;

	/* Note: flowi6_tos is encoded in flowlabel, too. */

#define flowi_secid	u.__fl_common.flowic_secid

#define flowi_tun_key	u.__fl_common.flowic_tun_key

#define flowi_uid	u.__fl_common.flowic_uid

#define flowi_xfrm	u.__fl_common.xfrm

} __attribute__((__aligned__(BITS_PER_LONG/8)));

static inline struct flowi *flowi4_to_flowi(struct flowi4 *fl4)

				   const struct flowi *fl,

				   struct xfrm_tmpl *tmpl,

				   struct xfrm_policy *pol, int *err,

				   unsigned short family);

				   unsigned short family, u32 if_id);

struct xfrm_state *xfrm_stateonly_find(struct net *net, u32 mark, u32 if_id,

				       xfrm_address_t *daddr,

				       xfrm_address_t *saddr,

	if (!dst)

		goto tx_err_link_failure;

	fl->flowi_xfrm.if_id = xi->p.if_id;

	dst_hold(dst);

	dst = xfrm_lookup(xi->net, dst, fl, NULL, 0);

	dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);

	if (IS_ERR(dst)) {

		err = PTR_ERR(dst);

		dst = NULL;

 */

static int xfrm_policy_match(const struct xfrm_policy *pol,

			     const struct flowi *fl,

			     u8 type, u16 family, int dir)

			     u8 type, u16 family, int dir, u32 if_id)

{

	const struct xfrm_selector *sel = &pol->selector;

	int ret = -ESRCH;

	bool match;

	if (pol->family != family ||

	    pol->if_id != fl->flowi_xfrm.if_id ||

	    pol->if_id != if_id ||

	    (fl->flowi_mark & pol->mark.m) != pol->mark.v ||

	    pol->type != type)

		return ret;

static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,

						     const struct flowi *fl,

						     u16 family, u8 dir)

						     u16 family, u8 dir,

						     u32 if_id)

{

	int err;

	struct xfrm_policy *pol, *ret;

	priority = ~0U;

	ret = NULL;

	hlist_for_each_entry_rcu(pol, chain, bydst) {

		err = xfrm_policy_match(pol, fl, type, family, dir);

		err = xfrm_policy_match(pol, fl, type, family, dir, if_id);

		if (err) {

			if (err == -ESRCH)

				continue;

		if ((pol->priority >= priority) && ret)

			break;

		err = xfrm_policy_match(pol, fl, type, family, dir);

		err = xfrm_policy_match(pol, fl, type, family, dir, if_id);

		if (err) {

			if (err == -ESRCH)

				continue;

	return ret;

}

static struct xfrm_policy *

xfrm_policy_lookup(struct net *net, const struct flowi *fl, u16 family, u8 dir)

static struct xfrm_policy *xfrm_policy_lookup(struct net *net,

					      const struct flowi *fl,

					      u16 family, u8 dir, u32 if_id)

{

#ifdef CONFIG_XFRM_SUB_POLICY

	struct xfrm_policy *pol;

	pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir);

	pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family,

					dir, if_id);

	if (pol != NULL)

		return pol;

#endif

	return xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir);

	return xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family,

					 dir, if_id);

}

static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,

						 const struct flowi *fl, u16 family)

						 const struct flowi *fl,

						 u16 family, u32 if_id)

{

	struct xfrm_policy *pol;

		match = xfrm_selector_match(&pol->selector, fl, family);

		if (match) {

			if ((sk->sk_mark & pol->mark.m) != pol->mark.v ||

			    pol->if_id != fl->flowi_xfrm.if_id) {

			    pol->if_id != if_id) {

				pol = NULL;

				goto out;

			}

			}

		}

		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);

		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error,

				    family, policy->if_id);

		if (x && x->km.state == XFRM_STATE_VALID) {

			xfrm[nx++] = x;

		pols[1] = xfrm_policy_lookup_bytype(xp_net(pols[0]),

						    XFRM_POLICY_TYPE_MAIN,

						    fl, family,

						    XFRM_POLICY_OUT);

						    XFRM_POLICY_OUT,

						    pols[0]->if_id);

		if (pols[1]) {

			if (IS_ERR(pols[1])) {

				xfrm_pols_put(pols, *num_pols);

	goto out;

}

static struct xfrm_dst *

xfrm_bundle_lookup(struct net *net, const struct flowi *fl, u16 family, u8 dir, struct xfrm_flo *xflo)

static struct xfrm_dst *xfrm_bundle_lookup(struct net *net,

					   const struct flowi *fl,

					   u16 family, u8 dir,

					   struct xfrm_flo *xflo, u32 if_id)

{

	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];

	int num_pols = 0, num_xfrms = 0, err;

	/* Resolve policies to use if we couldn't get them from

	 * previous cache entry */

	num_pols = 1;

	pols[0] = xfrm_policy_lookup(net, fl, family, dir);

	pols[0] = xfrm_policy_lookup(net, fl, family, dir, if_id);

	err = xfrm_expand_policies(fl, family, pols,

					   &num_pols, &num_xfrms);

	if (err < 0)

	return ret;

}

/* Main function: finds/creates a bundle for given flow.

/* Finds/creates a bundle for given flow and if_id

 *

 * At the moment we eat a raw IP route. Mostly to speed up lookups

 * on interfaces with disabled IPsec.

 *

 * xfrm_lookup uses an if_id of 0 by default, and is provided for

 * compatibility

 */

struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,

struct dst_entry *xfrm_lookup_with_ifid(struct net *net,

					struct dst_entry *dst_orig,

					const struct flowi *fl,

			      const struct sock *sk, int flags)

					const struct sock *sk,

					int flags, u32 if_id)

{

	struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];

	struct xfrm_dst *xdst;

	sk = sk_const_to_full_sk(sk);

	if (sk && sk->sk_policy[XFRM_POLICY_OUT]) {

		num_pols = 1;

		pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl, family);

		pols[0] = xfrm_sk_policy_lookup(sk, XFRM_POLICY_OUT, fl, family,

						if_id);

		err = xfrm_expand_policies(fl, family, pols,

					   &num_pols, &num_xfrms);

		if (err < 0)

		    !net->xfrm.policy_count[XFRM_POLICY_OUT])

			goto nopol;

		xdst = xfrm_bundle_lookup(net, fl, family, dir, &xflo);

		xdst = xfrm_bundle_lookup(net, fl, family, dir, &xflo, if_id);

		if (xdst == NULL)

			goto nopol;

		if (IS_ERR(xdst)) {

	xfrm_pols_put(pols, drop_pols);

	return ERR_PTR(err);

}

EXPORT_SYMBOL(xfrm_lookup_with_ifid);

/* Main function: finds/creates a bundle for given flow.

 *

 * At the moment we eat a raw IP route. Mostly to speed up lookups

 * on interfaces with disabled IPsec.

 */

struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,

			      const struct flowi *fl, const struct sock *sk,

			      int flags)

{

	return xfrm_lookup_with_ifid(net, dst_orig, fl, sk, flags, 0);

}

EXPORT_SYMBOL(xfrm_lookup);

/* Callers of xfrm_lookup_route() must ensure a call to dst_output().

			  unsigned int family, int reverse)

{

	const struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);

	const struct xfrm_if_cb *ifcb = xfrm_if_get_cb();

	struct xfrm_if *xi;

	int err;

	if (unlikely(afinfo == NULL))

		return -EAFNOSUPPORT;

	afinfo->decode_session(skb, fl, reverse);

	if (ifcb) {

		xi = ifcb->decode_session(skb);

		if (xi)

			fl->flowi_xfrm.if_id = xi->p.if_id;

	}

	err = security_xfrm_decode_session(skb, &fl->flowi_secid);

	rcu_read_unlock();

	int reverse;

	struct flowi fl;

	int xerr_idx = -1;

	const struct xfrm_if_cb *ifcb;

	struct xfrm_if *xi;

	u32 if_id = 0;

	rcu_read_lock();

	ifcb = xfrm_if_get_cb();

	if (ifcb) {

		xi = ifcb->decode_session(skb);

		if (xi)

			if_id = xi->p.if_id;

	}

	rcu_read_unlock();

	reverse = dir & ~XFRM_POLICY_MASK;

	dir &= XFRM_POLICY_MASK;

	pol = NULL;

	sk = sk_to_full_sk(sk);

	if (sk && sk->sk_policy[dir]) {

		pol = xfrm_sk_policy_lookup(sk, dir, &fl, family);

		pol = xfrm_sk_policy_lookup(sk, dir, &fl, family, if_id);

		if (IS_ERR(pol)) {

			XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);

			return 0;

	}

	if (!pol)

		pol = xfrm_policy_lookup(net, &fl, family, dir);

		pol = xfrm_policy_lookup(net, &fl, family, dir, if_id);

	if (IS_ERR(pol)) {

		XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);

	if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {

		pols[1] = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN,

						    &fl, family,

						    XFRM_POLICY_IN);

						    XFRM_POLICY_IN, if_id);

		if (pols[1]) {

			if (IS_ERR(pols[1])) {

				XFRM_INC_STATS(net, LINUX_MIB_XFRMINPOLERROR);