From 4ead88c0e8fe935c621208e7c636293604bcccbd Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 24 Jun 2022 10:01:50 +0200 Subject: [PATCH] Revert "xfrm: fix dflt policy check when there is no policy configured" This reverts commit 57c1bbe7098b516d535295a9fa762a44c871a74c which is ec3bb890817e4398f2d46e12e2e205495b116be9 commit upstream. It breaks the Android kernel ABI and if this really needs to be added to Android, it must come back in a format in the future that does not break the abi. Signed-off-by: Greg Kroah-Hartman Change-Id: Iebfe2659463646982cc41c7cd29db2d51ef5e6eb --- include/net/xfrm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 9a8c94f9bd74..5ef446431358 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1170,7 +1170,7 @@ static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) { struct net *net = dev_net(skb->dev); - if (xfrm_default_allow(net, XFRM_POLICY_OUT)) + if (xfrm_default_allow(net, XFRM_POLICY_FWD)) return !net->xfrm.policy_count[XFRM_POLICY_OUT] || (skb_dst(skb)->flags & DST_NOXFRM) || __xfrm_route_forward(skb, family);