diff options
| author | David S. Miller <davem@davemloft.net> | 2022-01-06 11:55:45 +0000 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2022-01-06 11:55:45 +0000 |
| commit | c4251db3b9d2ad4411f95e65ca00ea0f6800319b (patch) | |
| tree | 5ea9d88c7d33ecfef80fe4cb6578d53d4e68cb5d /include/net | |
| parent | 502a2ce9cdf4225983a07c8d99ea2afd53f48837 (diff) | |
| parent | 45a98ef4922def8c679ca7c454403d1957fe70e7 (diff) | |
| download | linux-c4251db3b9d2ad4411f95e65ca00ea0f6800319b.tar.gz | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says: ==================== pull request (net): ipsec 2022-01-06 1) Fix xfrm policy lookups for ipv6 gre packets by initializing fl6_gre_key properly. From Ghalem Boudour. 2) Fix the dflt policy check on forwarding when there is no policy configured. The check was done for the wrong direction. From Nicolas Dichtel. 3) Use the correct 'struct xfrm_user_offload' when calculating netlink message lenghts in xfrm_sa_len(). From Eric Dumazet. 4) Tread inserting xfrm interface id 0 as an error. From Antony Antony. 5) Fail if xfrm state or policy is inserted with XFRMA_IF_ID 0, xfrm interfaces with id 0 are not allowed. From Antony Antony. 6) Fix inner_ipproto setting in the sec_path for tunnel mode. From Raed Salem. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/xfrm.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 2308210793a0..55e574511af5 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1162,7 +1162,7 @@ static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) { struct net *net = dev_net(skb->dev); - if (xfrm_default_allow(net, XFRM_POLICY_FWD)) + if (xfrm_default_allow(net, XFRM_POLICY_OUT)) return !net->xfrm.policy_count[XFRM_POLICY_OUT] || (skb_dst(skb)->flags & DST_NOXFRM) || __xfrm_route_forward(skb, family); |