> I propose backporting commit e2612cd496e7 ("xfrm: Make set-mark default
> behavior backward compatible") to 4.19 and 4.20 kernels to fix a backwards
> compatibility bug introduced in 9b42c1f179a6 (“xfrm: Extend the
> output_mark to support input direction and masking”).
>
> The fix is small, relatively simple, and has unit tests. :)
>
> Without this change, systems using mark-based routing on 4.19 or 4.20
> kernels will by fail to route IPsec tunnel mode packets correctly in the
> default case. This specifically affects Android devices.Looks like it already includes a 'fixes: sha1' tag. I'm not sure what causes these patches to get picked up for stable... I'm guessing it's some sort of Greg-fu-style-magic...?
