Le 25/11/2021 à 07:57, Antony Antony a écrit :
Hi Nicolas,
Hi Antony,
On Mon, Nov 22, 2021 at 11:33:13 +0100, Nicolas Dichtel wrote:
When there is no policy configured on the system, the default policy is checked in xfrm_route_forward. However, it was done with the wrong direction (XFRM_POLICY_FWD instead of XFRM_POLICY_OUT).
How can I reproduce this? I tried adding fwd block and no policy and that blocked the forwarded traffic. I ran into another issue with fwd block and and tunnel. I will double check. Next week.
With the out default policy set to 'block' and no out policy configured, the packets are forwarded. After my patch, packets are blocked:
$ ip xfrm policy getdefault Default policies: in: accept fwd: accept out: block $ ip xfrm policy $
Regards, Nicolas