Revert "Fix XFRM-I support for nested ESP tunnels"

author Martin Willi <martin@strongswan.org>

Tue, 25 Apr 2023 07:46:18 +0000 (09:46 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Wed, 24 May 2023 16:36:48 +0000 (17:36 +0100)
author Martin Willi <martin@strongswan.org>
Tue, 25 Apr 2023 07:46:18 +0000 (09:46 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 24 May 2023 16:36:48 +0000 (17:36 +0100)
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c

index 694eec6ca147eadb4e70615cc38598a1c1452bb6..1e8b26eecb3f850fefd488682d0f0514358f03d7 100644 (file)
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -207,52 +207,6 @@ static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
         skb->mark = 0;
  }
  
-static int xfrmi_input(struct sk_buff *skb, int nexthdr, __be32 spi,
-                      int encap_type, unsigned short family)
-{
-       struct sec_path *sp;
-
-       sp = skb_sec_path(skb);
-       if (sp && (sp->len || sp->olen) &&
-           !xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family))
-               goto discard;
-
-       XFRM_SPI_SKB_CB(skb)->family = family;
-       if (family == AF_INET) {
-               XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
-               XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
-       } else {
-               XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);
-               XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;
-       }
-
-       return xfrm_input(skb, nexthdr, spi, encap_type);
-discard:
-       kfree_skb(skb);
-       return 0;
-}
-
-static int xfrmi4_rcv(struct sk_buff *skb)
-{
-       return xfrmi_input(skb, ip_hdr(skb)->protocol, 0, 0, AF_INET);
-}
-
-static int xfrmi6_rcv(struct sk_buff *skb)
-{
-       return xfrmi_input(skb, skb_network_header(skb)[IP6CB(skb)->nhoff],
-                          0, 0, AF_INET6);
-}
-
-static int xfrmi4_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
-{
-       return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET);
-}
-
-static int xfrmi6_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
-{
-       return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET6);
-}
-
  static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
  {
         const struct xfrm_mode *inner_mode;
@@ -820,8 +774,8 @@ static struct pernet_operations xfrmi_net_ops = {
  };
  
  static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
-       .handler        =       xfrmi6_rcv,
-       .input_handler  =       xfrmi6_input,
+       .handler        =       xfrm6_rcv,
+       .input_handler  =       xfrm_input,
         .cb_handler     =       xfrmi_rcv_cb,
         .err_handler    =       xfrmi6_err,
         .priority       =       10,
@@ -871,8 +825,8 @@ static struct xfrm6_tunnel xfrmi_ip6ip_handler __read_mostly = {
  #endif
  
  static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
-       .handler        =       xfrmi4_rcv,
-       .input_handler  =       xfrmi4_input,
+       .handler        =       xfrm4_rcv,
+       .input_handler  =       xfrm_input,
         .cb_handler     =       xfrmi_rcv_cb,
         .err_handler    =       xfrmi4_err,
         .priority       =       10,
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c

index 37eeda0f123cd65794e809bcfd40210cac04db84..c15ef8003caa95adb7a8ce04b4516f6078717984 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3663,9 +3663,6 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
                         goto reject;
                 }
  
-               if (if_id)
-                       secpath_reset(skb);
-
                 xfrm_pols_put(pols, npols);
                 return 1;
         }
author	Martin Willi <martin@strongswan.org>
	Tue, 25 Apr 2023 07:46:18 +0000 (09:46 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 24 May 2023 16:36:48 +0000 (17:36 +0100)
net/xfrm/xfrm_interface.c		patch \| blob \| history
net/xfrm/xfrm_policy.c		patch \| blob \| history