>From 54cfdfaab12270784623c60d91baf499765e50f5 Mon Sep 17 00:00:00 2001
From: Antony Antony <antony.antony@secunet.com>
Date: Mon, 2 Sep 2024 22:08:15 +0200
Subject: [PATCH ipsec] xfrm: use IPPROTO_ESP for route lookup without encapsulation

When there is no UDP or TCP encapsulation, use IPPROTO_ESP for route
lookup. This ensures that "ip rule" entries like the following match
correctly:
 ip rule add from 192.1.2.45 to 192.1.2.23 ipproto esp lookup 50

Signed-off-by: Antony Antony <antony.antony@secunet.com>
---
 net/xfrm/xfrm_policy.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 64bfd1390df0..9b0b1b448dce 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -327,6 +327,8 @@ static inline struct dst_entry *xfrm_dst_lookup(struct xfrm_state *x,
 			params.uli.ports.dport = x->encap->encap_dport;
 			break;
 		}
+	} else {
+		params.ipproto = IPPROTO_ESP;
 	}

 	dst = __xfrm_dst_lookup(family, &params);
--
2.43.0