Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

Cross-merge networking fixes after downstream PR. No conflicts (or adjacent changes of note). Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Jakub Kicinski <kuba@kernel.org> 2023-10-05 13:16:31 -0700
committer: Jakub Kicinski <kuba@kernel.org> 2023-10-05 13:16:47 -0700
commit: 2606cf059c56bfb86d5d6bd0f41bd7eedefc8b0a (patch)
tree: 6bd918ad4fc55e677cc6ccb3212eab873c467c7f /net/ipv6
parent: 49e7265fd098fdade2bbdd9331e6b914cda7fa83 (diff)
parent: f291209eca5eba0b4704fa0832af57b12dbc1a02 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 8a6e2e97f673..bfe7d19ff4fd 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1639,9 +1639,12 @@ process:
 		struct sock *nsk;
 
 		sk = req->rsk_listener;
-		drop_reason = tcp_inbound_md5_hash(sk, skb,
-						   &hdr->saddr, &hdr->daddr,
-						   AF_INET6, dif, sdif);
+		if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb))
+			drop_reason = SKB_DROP_REASON_XFRM_POLICY;
+		else
+			drop_reason = tcp_inbound_md5_hash(sk, skb,
+							   &hdr->saddr, &hdr->daddr,
+							   AF_INET6, dif, sdif);
 		if (drop_reason) {
 			sk_drops_add(sk, skb);
 			reqsk_put(req);
@@ -1688,6 +1691,7 @@ process:
 			}
 			goto discard_and_relse;
 		}
+		nf_reset_ct(skb);
 		if (nsk == sk) {
 			reqsk_put(req);
 			tcp_v6_restore_cb(skb);
author	Jakub Kicinski <kuba@kernel.org>	2023-10-05 13:16:31 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2023-10-05 13:16:47 -0700
commit	2606cf059c56bfb86d5d6bd0f41bd7eedefc8b0a (patch)
tree	6bd918ad4fc55e677cc6ccb3212eab873c467c7f /net/ipv6
parent	49e7265fd098fdade2bbdd9331e6b914cda7fa83 (diff)
parent	f291209eca5eba0b4704fa0832af57b12dbc1a02 (diff)