korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-15 16:24:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
5fc46f9421
linux/net/xfrm
History
Martin Willi 5fc46f9421 Revert "Fix XFRM-I support for nested ESP tunnels" 
This reverts commit b0355dbbf1.

The reverted commit clears the secpath on packets received via xfrm interfaces
to support nested IPsec tunnels. This breaks Netfilter policy matching using
xt_policy in the FORWARD chain, as the secpath is missing during forwarding.
Additionally, Benedict Wong reports that it breaks Transport-in-Tunnel mode.

Fix this regression by reverting the commit until we have a better approach
for nested IPsec tunnels.

Fixes: b0355dbbf1 ("Fix XFRM-I support for nested ESP tunnels")
Link: https://lore.kernel.org/netdev/20230412085615.124791-1-martin@strongswan.org/
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2023-04-25 09:50:34 +02:00
..
espintcp.c net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF 2022-12-05 21:58:27 -08:00
xfrm_algo.c xfrm: Add support for SM4 symmetric cipher algorithm 2021-12-23 09:32:51 +01:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-01-23 07:44:09 +01:00
xfrm_device.c xfrm: Fix leak of dev tracker 2023-04-21 08:54:04 +02:00
xfrm_hash.c mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: fix bug with DSCP copy to v6 from v4 tunnel 2023-01-30 11:31:58 +01:00
xfrm_interface_bpf.c bpf: Add __bpf_kfunc tag to all kfuncs 2023-02-02 00:25:14 +01:00
xfrm_interface_core.c Revert "Fix XFRM-I support for nested ESP tunnels" 2023-04-25 09:50:34 +02:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm_output.c xfrm: add TX datapath support for IPsec packet offload mode 2022-12-05 10:34:49 +01:00
xfrm_policy.c Revert "Fix XFRM-I support for nested ESP tunnels" 2023-04-25 09:50:34 +02:00
xfrm_proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state.c ipsec-2023-03-15 2023-03-16 17:23:48 -07:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: release all offloaded policy memory 2023-04-21 08:51:48 +02:00