xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set

The XFRM_STATE_NOPMTUDISC flag is only meaningful for output SAs, but it was being applied regardless of the SA direction when the sysctl ip_no_pmtu_disc is enabled. This can unintentionally affect input SAs. Limit setting XFRM_STATE_NOPMTUDISC to output SAs when the SA direction is configured. Closes: https://github.com/strongswan/strongswan/issues/2946 Fixes: a4a87fa4e96c ("xfrm: Add Direction to the SA in or out") Signed-off-by: Antony Antony <antony.antony@secunet.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Antony Antony <antony.antony@secunet.com> 2025-12-11 13:30:27 +0300
committer: Steffen Klassert <steffen.klassert@secunet.com> 2025-12-15 13:06:25 +0300
commit: c196def07bbc6e8306d7a274433913444b0db20a (patch)
tree: a2c76876b9f9d77f84adbdcb9bd167a534b6ce0a
parent: 3d5221af9c7711b7aec8da1298c8fc393ef6183d (diff)
download: linux-c196def07bbc6e8306d7a274433913444b0db20a.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 9e14e453b55c..98b362d51836 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -3151,6 +3151,7 @@ int __xfrm_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack)
 	int err;
 
 	if (family == AF_INET &&
+	    (!x->dir || x->dir == XFRM_SA_DIR_OUT) &&
 	    READ_ONCE(xs_net(x)->ipv4.sysctl_ip_no_pmtu_disc))
 		x->props.flags |= XFRM_STATE_NOPMTUDISC;
author	Antony Antony <antony.antony@secunet.com>	2025-12-11 13:30:27 +0300
committer	Steffen Klassert <steffen.klassert@secunet.com>	2025-12-15 13:06:25 +0300
commit	c196def07bbc6e8306d7a274433913444b0db20a (patch)
tree	a2c76876b9f9d77f84adbdcb9bd167a534b6ce0a
parent	3d5221af9c7711b7aec8da1298c8fc393ef6183d (diff)
download	linux-c196def07bbc6e8306d7a274433913444b0db20a.tar.xz