lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20151030.205305.233341348283456604.davem@davemloft.net>
Date:	Fri, 30 Oct 2015 20:53:05 +0900 (KST)
From:	David Miller <davem@...emloft.net>
To:	steffen.klassert@...unet.com
Cc:	herbert@...dor.apana.org.au, netdev@...r.kernel.org
Subject: Re: pull request (net-next): ipsec-next 2015-10-30

From: Steffen Klassert <steffen.klassert@...unet.com>
Date: Fri, 30 Oct 2015 07:16:25 +0100

> 1) The flow cache is limited by the flow cache limit which
>    depends on the number of cpus and the xfrm garbage collector
>    threshold which is independent of the number of cpus. This
>    leads to the fact that on systems with more than 16 cpus
>    we hit the xfrm garbage collector limit and refuse new
>    allocations, so new flows are dropped. On systems with 16
>    or less cpus, we hit the flowcache limit. In this case, we
>    shrink the flow cache instead of refusing new flows. 
> 
>    We increase the xfrm garbage collector threshold to INT_MAX
>    to get the same behaviour, independent of the number of cpus.
> 
> 2) Fix some unaligned accesses on sparc systems.
>    From Sowmini Varadhan.
> 
> 3) Fix some header checks in _decode_session4. We may call
>    pskb_may_pull with a negative value converted to unsigened
>    int from pskb_may_pull. This can lead to incorrect policy
>    lookups. We fix this by a check of the data pointer position
>    before we call pskb_may_pull.
> 
> 4) Reload skb header pointers after calling pskb_may_pull
>    in _decode_session4 as this may change the pointers into
>    the packet. 
> 
> 5) Add a missing statistic counter on inner mode errors.
> 
> Please pull or let me know if there are problems.
 ...
>   git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git master

Pulled, thanks a lot Steffen!
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ