Google Git
Sign in
kernel / pub / scm / linux / kernel / git / pablo / linux-ft / refs/heads/nft-bulk-v6.2-8-veth^! / .
commitb6c09788743d4094da165cc2fa7a450a250d5d28[log] [tgz]
authorPablo Neira Ayuso <pablo@netfilter.org>Tue Apr 11 00:33:30 2023 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>Tue Apr 11 22:09:24 2023 +0200
tree27870c13d80140f45bccc697aca4ee13a13642b7
parentb38ced73c5c3c8fe4028adf966531fd36149d32a [diff]
xfrm: do not reset secpath for xfrm interface after policy validation

Partial revert of b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
because secpath is not available in netfilter forward chain for xfrm
interface.

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 5c61ec0..47d3a48 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c

@@ -3745,9 +3745,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
 			goto reject;
 		}
 
-		if (if_id)
-			secpath_reset(skb);
-
 		xfrm_pols_put(pols, npols);
 		return 1;
 	}