On Fri, Nov 19, 2021 at 06:20:16PM +0100, Nicolas Dichtel wrote:
> From: Ghalem Boudour <ghalem.boudour@xxxxxxxxx>
>
> On egress side, xfrm lookup is called from __gre6_xmit() with the
> fl6_gre_key field not initialized leading to policies selectors check
> failure. Consequently, gre packets are sent without encryption.
>
> On ingress side, INET6_PROTO_NOPOLICY was set, thus packets were not
> checked against xfrm policies. Like for egress side, fl6_gre_key should be
> correctly set, this is now done in decode_session6().
>
> Fixes: c12b395a4664 ("gre: Support GRE over IPv6")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Ghalem Boudour <ghalem.boudour@xxxxxxxxx>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
Patch applied, thanks a lot!
