git.baikalelectronics.ru Git - kernel.git/commit

xfrm: fix policy lookup for ipv6 gre packets

On egress side, xfrm lookup is called from __gre6_xmit() with the
fl6_gre_key field not initialized leading to policies selectors check
failure. Consequently, gre packets are sent without encryption.

On ingress side, INET6_PROTO_NOPOLICY was set, thus packets were not
checked against xfrm policies. Like for egress side, fl6_gre_key should be
correctly set, this is now done in decode_session6().

Fixes: 3d8fd70921d8 ("gre: Support GRE over IPv6")
Cc: stable@vger.kernel.org
Signed-off-by: Ghalem Boudour <ghalem.boudour@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

author	Ghalem Boudour <ghalem.boudour@6wind.com>
	Fri, 19 Nov 2021 17:20:16 +0000 (18:20 +0100)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Tue, 23 Nov 2021 09:12:21 +0000 (10:12 +0100)
commit	30fbcd6f2051eaea2da968bcf009a4f8e3eca1ff
tree	b4f482db1463cfdd01d9e66b9ba0a489bf95d95f	tree \| snapshot
parent	33144898b380a66ff420aa2f6bc025cc263b36f8	commit \| diff

net/ipv6/ip6_gre.c		diff \| blob \| history
net/xfrm/xfrm_policy.c		diff \| blob \| history