UPSTREAM: Revert "Fix XFRM-I support for nested ESP tunnels"
[ Upstream commit 5fc46f94 ] This reverts commit b0355dbb. The reverted commit clears the secpath on packets received via xfrm interfaces to support nested IPsec tunnels. This breaks Netfilter policy matching using xt_policy in the FORWARD chain, as the secpath is missing during forwarding. Additionally, Benedict Wong reports that it breaks Transport-in-Tunnel mode. Fix this regression by reverting the commit until we have a better approach for nested IPsec tunnels. Fixes: b0355dbb ("Fix XFRM-I support for nested ESP tunnels") Link: https://lore.kernel.org/netdev/20230412085615.124791-1-martin@strongswan.org/ Signed-off-by:Martin Willi <martin@strongswan.org> Signed-off-by:
Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by:
Sasha Levin <sashal@kernel.org> Bug: 289136405 Bug: 288489934 (cherry picked from commit 28824787) Change-Id: Iefaed6d21a641fefb02e0fd0067086a9ae3a802a Signed-off-by:
Carlos Llamas <cmllamas@google.com>
Loading
Please sign in to comment