Merge tag 'v6.6-rc7' into core

Linux 6.6-rc7
author: Joerg Roedel <jroedel@suse.de> 2023-10-26 17:05:58 +0200
committer: Joerg Roedel <jroedel@suse.de> 2023-10-26 17:05:58 +0200
commit: 3613047280ec42a4e1350fdc1a6dd161ff4008cc (patch)
tree: 6cf2f03f518537f3229e6066a8b2638755f0bb48 /net/ipv6/tcp_ipv6.c
parent: bbc70e0aec287e164344b1a071bd46466a4f29b3 (diff)
parent: 05d3ef8bba77c1b5f98d941d8b2d4aeab8118ef1 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 3a88545a265d..44b6949d72b2 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1640,9 +1640,12 @@ process:
 		struct sock *nsk;
 
 		sk = req->rsk_listener;
-		drop_reason = tcp_inbound_md5_hash(sk, skb,
-						   &hdr->saddr, &hdr->daddr,
-						   AF_INET6, dif, sdif);
+		if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
+			drop_reason = SKB_DROP_REASON_XFRM_POLICY;
+		else
+			drop_reason = tcp_inbound_md5_hash(sk, skb,
+							   &hdr->saddr, &hdr->daddr,
+							   AF_INET6, dif, sdif);
 		if (drop_reason) {
 			sk_drops_add(sk, skb);
 			reqsk_put(req);
@@ -1689,6 +1692,7 @@ process:
 			}
 			goto discard_and_relse;
 		}
+		nf_reset_ct(skb);
 		if (nsk == sk) {
 			reqsk_put(req);
 			tcp_v6_restore_cb(skb);
author	Joerg Roedel <jroedel@suse.de>	2023-10-26 17:05:58 +0200
committer	Joerg Roedel <jroedel@suse.de>	2023-10-26 17:05:58 +0200
commit	3613047280ec42a4e1350fdc1a6dd161ff4008cc (patch)
tree	6cf2f03f518537f3229e6066a8b2638755f0bb48 /net/ipv6/tcp_ipv6.c
parent	bbc70e0aec287e164344b1a071bd46466a4f29b3 (diff)
parent	05d3ef8bba77c1b5f98d941d8b2d4aeab8118ef1 (diff)