Re: [PATCH net v2] xfrm: fix policy lookup for ipv6 gre packets

On Fri, Nov 19, 2021 at 06:20:16PM +0100, Nicolas Dichtel wrote:

From: Ghalem Boudour ghalem.boudour@6wind.com

On egress side, xfrm lookup is called from __gre6_xmit() with the fl6_gre_key field not initialized leading to policies selectors check failure. Consequently, gre packets are sent without encryption.

On ingress side, INET6_PROTO_NOPOLICY was set, thus packets were not checked against xfrm policies. Like for egress side, fl6_gre_key should be correctly set, this is now done in decode_session6().

Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Cc: stable@vger.kernel.org Signed-off-by: Ghalem Boudour ghalem.boudour@6wind.com Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com

Patch applied, thanks a lot!