diff options
| author | Benedict Wong <[email protected]> | 2023-05-10 01:30:22 +0000 |
|---|---|---|
| committer | Steffen Klassert <[email protected]> | 2023-05-21 09:21:37 +0200 |
| commit | a287f5b0cfc6804c5b12a4be13c7c9fe27869e90 (patch) | |
| tree | 82f547c52c0d81a2aad51a72595ce6de683eeeb2 /scripts/patch-kernel | |
| parent | 1f8b6df6a997a430b0c48b504638154b520781ad (diff) | |
xfrm: Ensure policies always checked on XFRM-I input path
This change adds methods in the XFRM-I input path that ensures that
policies are checked prior to processing of the subsequent decapsulated
packet, after which the relevant policies may no longer be resolvable
(due to changing src/dst/proto/etc).
Notably, raw ESP/AH packets did not perform policy checks inherently,
whereas all other encapsulated packets (UDP, TCP encapsulated) do policy
checks after calling xfrm_input handling in the respective encapsulation
layer.
Fixes: b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
Test: Verified with additional Android Kernel Unit tests
Test: Verified against Android CTS
Signed-off-by: Benedict Wong <[email protected]>
Signed-off-by: Steffen Klassert <[email protected]>
Diffstat (limited to 'scripts/patch-kernel')
0 files changed, 0 insertions, 0 deletions