system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-15 15:59:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/xfrm
History
Sabrina Dubroca 430cac4874 xfrm: don't check the default policy if the policy allows the packet 
The current code doesn't let a simple "allow" policy counteract a
default policy blocking all incoming packets:

    ip x p setdefault in block
    ip x p a src 192.168.2.1/32 dst 192.168.2.2/32 dir in action allow

At this stage, we have an allow policy (with or without transforms)
for this packet. It doesn't matter what the default policy says, since
the policy we looked up lets the packet through. The case of a
blocking policy is already handled separately, so we can remove this
check.

Fixes: 2d151d3907 ("xfrm: Add possibility to set the default to block if we have no policy")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2023-04-06 12:04:31 +02:00
..
espintcp.c net/sock: Introduce trace_sk_data_ready() 2023-01-23 11:26:50 +00:00
Kconfig xfrm/compat: Add 32=>64-bit messages translator 2020-09-24 08:53:03 +02:00
Makefile xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF 2022-12-05 21:58:27 -08:00
xfrm_algo.c xfrm: Add support for SM4 symmetric cipher algorithm 2021-12-23 09:32:51 +01:00
xfrm_compat.c xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() 2023-01-23 07:44:09 +01:00
xfrm_device.c netlink: provide an ability to set default extack message 2023-02-01 21:04:09 -08:00
xfrm_hash.c
xfrm_hash.h xfrm: add state hashtable keyed by seq 2021-05-14 13:52:01 +02:00
xfrm_inout.h xfrm: move xfrm4_extract_header to common helper 2020-05-06 09:40:08 +02:00
xfrm_input.c xfrm: fix bug with DSCP copy to v6 from v4 tunnel 2023-01-30 11:31:58 +01:00
xfrm_interface_bpf.c bpf: Add __bpf_kfunc tag to all kfuncs 2023-02-02 00:25:14 +01:00
xfrm_interface_core.c Fix XFRM-I support for nested ESP tunnels 2023-01-09 07:11:05 +01:00
xfrm_ipcomp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-10-03 17:44:18 -07:00
xfrm_output.c xfrm: add TX datapath support for IPsec packet offload mode 2022-12-05 10:34:49 +01:00
xfrm_policy.c xfrm: don't check the default policy if the policy allows the packet 2023-04-06 12:04:31 +02:00
xfrm_proc.c
xfrm_replay.c xfrm: replay: Fix ESN wrap around for GSO 2022-10-19 09:00:53 +02:00
xfrm_state.c ipsec-2023-03-15 2023-03-16 17:23:48 -07:00
xfrm_sysctl.c
xfrm_user.c xfrm: Zero padding when dumping algos and encap 2023-02-13 13:38:58 +01:00