android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c5449195f8
android_kernel_xiaomi_sm8450/net/xfrm
History
Martin Willi c5449195f8 Revert "Fix XFRM-I support for nested ESP tunnels" 
[ Upstream commit 5fc46f94219d1d103ffb5f0832be9da674d85a73 ]

This reverts commit b0355dbbf13c0052931dd14c38c789efed64d3de.

The reverted commit clears the secpath on packets received via xfrm interfaces
to support nested IPsec tunnels. This breaks Netfilter policy matching using
xt_policy in the FORWARD chain, as the secpath is missing during forwarding.
Additionally, Benedict Wong reports that it breaks Transport-in-Tunnel mode.

Fix this regression by reverting the commit until we have a better approach
for nested IPsec tunnels.

Fixes: b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
Link: https://lore.kernel.org/netdev/20230412085615.124791-1-martin@strongswan.org/
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-30 12:57:51 +01:00
..
espintcp.c net: Fix data-races around netdev_max_backlog. 2022-08-31 17:15:19 +02:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: Provide API to register translator module 2020-09-24 08:53:03 +02:00
xfrm_algo.c crypto: skcipher - remove the "blkcipher" algorithm type 2019-11-01 13:38:32 +08:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-02-15 17:22:23 +01:00
xfrm_device.c xfrm: replay: Fix ESN wrap around for GSO 2022-12-02 17:39:58 +01:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: use complete IPv6 addresses for hash 2018-10-15 10:09:18 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: fix bug with DSCP copy to v6 from v4 tunnel 2023-02-15 17:22:23 +01:00
xfrm_interface.c Revert "Fix XFRM-I support for nested ESP tunnels" 2023-05-30 12:57:51 +01:00
xfrm_ipcomp.c xfrm: Update ipcomp_scratches with NULL when freed 2022-10-26 13:25:46 +02:00
xfrm_output.c xfrm: remove the fragment check for ipv6 beet mode 2021-07-14 16:56:19 +02:00
xfrm_policy.c Revert "Fix XFRM-I support for nested ESP tunnels" 2023-05-30 12:57:51 +01:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-12-02 17:39:58 +01:00
xfrm_state.c xfrm: Allow transport-mode states with AF_UNSPEC selector 2023-03-22 13:29:55 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: fix rcu lock in xfrm_notify_userpolicy() 2023-01-18 11:44:57 +01:00