2 files changed, 10 insertions, 2 deletions

diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index febd00d7bfc6..37b5ac010c7b 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -116,7 +116,9 @@ enum
 #define XFRM_MSG_ACQUIRE	(XFRM_MSG_BASE + 7)
 #define XFRM_MSG_EXPIRE		(XFRM_MSG_BASE + 8)
 
-#define XFRM_MSG_MAX		(XFRM_MSG_EXPIRE+1)
+#define XFRM_MSG_UPDPOLICY	(XFRM_MSG_BASE + 9)
+
+#define XFRM_MSG_MAX		(XFRM_MSG_UPDPOLICY+1)
 
 struct xfrm_user_tmpl {
 	struct xfrm_id		id;
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 291b51b616e8..cecce180ea97 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -634,6 +634,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
 	struct xfrm_userpolicy_info *p = NLMSG_DATA(nlh);
 	struct xfrm_policy *xp;
 	int err;
+	int excl;
 
 	err = verify_newpolicy_info(p);
 	if (err)
@@ -643,7 +644,8 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
 	if (!xp)
 		return err;
 
-	err = xfrm_policy_insert(p->dir, xp, 1);
+	excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
+	err = xfrm_policy_insert(p->dir, xp, excl);
 	if (err) {
 		kfree(xp);
 		return err;
@@ -803,6 +805,7 @@ static const int xfrm_msg_min[(XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)] = {
 	NLMSG_LENGTH(sizeof(struct xfrm_userspi_info)),	/* ALLOC SPI */
 	NLMSG_LENGTH(sizeof(struct xfrm_user_acquire)),	/* ACQUIRE */
 	NLMSG_LENGTH(sizeof(struct xfrm_user_expire)),	/* EXPIRE */
+	NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_info)),/* UPD POLICY */
 };
 
 static struct xfrm_link {
@@ -822,6 +825,9 @@ static struct xfrm_link {
 		.dump	=	xfrm_dump_policy,
 	},
 	{	.doit	=	xfrm_alloc_userspi	},
+	{},
+	{},
+	{	.doit	=	xfrm_add_policy 	},
 };
 
 static int xfrm_done(struct netlink_callback *cb)