xfrm: Check if_id in inbound policy/secpath match
stable inclusion from stable-v5.10.183 commit bd99da647262d2765db7364eafbb2e42e3c3ccf0 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8IRR2 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bd99da647262d2765db7364eafbb2e42e3c3ccf0 -------------------------------- [ Upstream commit 8680407b ] This change ensures that if configured in the policy, the if_id set in the policy and secpath states match during the inbound policy check. Without this, there is potential for ambiguity where entries in the secpath differing by only the if_id could be mismatched. Notably, this is checked in the outbound direction when resolving templates to SAs, but not on the inbound path when matching SAs and policies. Test: Tested against Android kernel unit tests & CTS Signed-off-by:Benedict Wong <benedictwong@google.com> Signed-off-by:
Loading
Please sign in to comment