diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-11 00:33:30 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-13 00:14:47 +0200 |
commit | b0157d47ec7ce3787f20f5515f317d7936b34265 (patch) | |
tree | a72a86fa9ddd0cd5010ae367b2596961f209cb63 | |
parent | 84b2e9a8f99b8f59264ad6f5ca4d44924c8d4b67 (diff) | |
download | linux-ft-nft-bulk-v6.2-9-veth.tar.gz |
xfrm: do not reset secpath for xfrm interface after policy validationnft-bulk-v6.2-9-veth
Partial revert of b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
because secpath is not available in netfilter forward chain for xfrm
interface.
-rw-r--r-- | net/xfrm/xfrm_policy.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 5c61ec04b839ba..47d3a485b86597 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -3745,9 +3745,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, goto reject; } - if (if_id) - secpath_reset(skb); - xfrm_pols_put(pols, npols); return 1; } |