| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Aug 2015 15:21:19 +0200
From: Nicolas Dichtel <nicolas.dichtel@...nd.com>
To: stable <stable@...r.kernel.org>, netdev <netdev@...r.kernel.org>,
Sasha Levin <sasha.levin@...cle.com>
CC: David Miller <davem@...emloft.net>,
Alexander Duyck <alexander.h.duyck@...hat.com>,
Steffen Klassert <steffen.klassert@...unet.com>
Subject: [v3.18] Fixes for ip_vti and ip6_vti
Hi,
since commit ca7c7b9059e3 ("skbuff: Do not scrub skb mark within the same name
space", backport of upstream commit 213dd74aee76), the following three upstream
commits need also to be backported in the 3.18 branch:
- cd5279c194f8 ("ip_vti/ip6_vti: Do not touch skb->mark on xmit")
- 049f8e2e28d9 ("xfrm: Override skb->mark with tunnel->parm.i_key in
xfrm_input")
- d55c670cbc54 ("ip_vti/ip6_vti: Preserve skb->mark after rcv_cb call")
When the packet is handled by the ip_vti interface, it is temporarily marked
with the ip_vti interface key. Once the process is completed, the packet is
received via the ip_vti interface and its original mark should be restored
(typically to 0).
Before the backported patch, ip_vti counted on skb_scrub_packet to reset the
mark, but skb_scrub_packet nomore does.
Since the packet is still marked, it will match the outbound SP and so be
encrypted again.
Regards,
Nicolas
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists