On Tue, Oct 29, 2024 at 11:18:04AM +0100, Antony Antony wrote:
On Mon, Oct 28, 2024 at 08:42:15 -0400, Sasha Levin wrote:
On Mon, Oct 28, 2024 at 12:08:23PM +0100, Antony Antony wrote:
> On Mon, Oct 28, 2024 at 07:25:13 +0100, Greg Kroah-Hartman wrote:
> > 6.6-stable review patch. If anyone has any objections, please let me know.
>
> Hi Greg,
>
> This patch is a part of a new feature SA direction and it appears the auto
> patch selector picked one patch out of patch set?
> I think this patch alone should not be applied to older stable kernel.
It was picked up as a dependency:
I understand how it got selected, however, please drop
a4a87fa4e96c ("xfrm: Add Direction to the SA in or out") from backports.
> > Stable-dep-of: 3f0ab59e6537 ("xfrm: validate new SA's prefixlen using SA family when sel.family is unset")
this is good fix to have in stable kernels
We can drop it, and the netfilter folks can provide us a backport of the
fix above?
It is an ipsec sub system patch.
Here is a backport. I compile tested it on 6.6. It will also apply to linx-6.1.y
To apply to older ones kernels, use -3.
I've replaced what we had in the queue with your backport, thanks!
--
Thanks,
Sasha
