lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1509530703-12707-1-git-send-email-steffen.klassert@secunet.com>
Date:   Wed, 1 Nov 2017 11:05:00 +0100
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     David Miller <davem@...emloft.net>
CC:     Herbert Xu <herbert@...dor.apana.org.au>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        <netdev@...r.kernel.org>
Subject: pull request (net): ipsec 2017-11-01

1) Fix a memleak when a packet matches a policy
   without a matching state.

2) Reset the socket cached dst_entry when inserting
   a socket policy, otherwise the policy might be
   ignored. From Jonathan Basseri.

3) Fix GSO for a IPsec, GRE tunnel combination.
   We reset the encapsulation field at the skb
   too erly, as a result GRE does not segment
   GSO packets. Fix this by resetting the the
   encapsulation field right before the
   transformation where the inner headers get
   invalid.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit 864f5af3a3525f588391cd230cb8129ad758708e:

  Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec (2017-10-24 20:17:47 +0900)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master

for you to fetch changes up to 73b9fc49b4c0116a04eda3979f64ed9b540b153c:

  xfrm: Fix GSO for IPsec with GRE tunnel. (2017-10-31 09:20:35 +0100)

----------------------------------------------------------------
Jonathan Basseri (1):
      xfrm: Clear sk_dst_cache when applying per-socket policy.

Steffen Klassert (2):
      xfrm: Fix xfrm_dst_cache memleak
      xfrm: Fix GSO for IPsec with GRE tunnel.

 net/xfrm/xfrm_output.c | 4 +++-
 net/xfrm/xfrm_policy.c | 1 -
 net/xfrm/xfrm_state.c  | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ