lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 06 Jan 2022 12:20:10 +0000
From:   patchwork-bot+netdevbpf@...nel.org
To:     Steffen Klassert <steffen.klassert@...unet.com>
Cc:     davem@...emloft.net, kuba@...nel.org, herbert@...dor.apana.org.au,
        netdev@...r.kernel.org
Subject: Re: [PATCH 1/6] xfrm: fix policy lookup for ipv6 gre packets

Hello:

This series was applied to netdev/net.git (master)
by Steffen Klassert <steffen.klassert@...unet.com>:

On Thu, 6 Jan 2022 10:36:01 +0100 you wrote:
> From: Ghalem Boudour <ghalem.boudour@...nd.com>
> 
> On egress side, xfrm lookup is called from __gre6_xmit() with the
> fl6_gre_key field not initialized leading to policies selectors check
> failure. Consequently, gre packets are sent without encryption.
> 
> On ingress side, INET6_PROTO_NOPOLICY was set, thus packets were not
> checked against xfrm policies. Like for egress side, fl6_gre_key should be
> correctly set, this is now done in decode_session6().
> 
> [...]

Here is the summary with links:
  - [1/6] xfrm: fix policy lookup for ipv6 gre packets
    https://git.kernel.org/netdev/net/c/bcf141b2eb55
  - [2/6] xfrm: fix dflt policy check when there is no policy configured
    https://git.kernel.org/netdev/net/c/ec3bb890817e
  - [3/6] xfrm: fix a small bug in xfrm_sa_len()
    https://git.kernel.org/netdev/net/c/7770a39d7c63
  - [4/6] xfrm: interface with if_id 0 should return error
    https://git.kernel.org/netdev/net/c/8dce43919566
  - [5/6] xfrm: state and policy should fail if XFRMA_IF_ID 0
    https://git.kernel.org/netdev/net/c/68ac0f3810e7
  - [6/6] net/xfrm: IPsec tunnel mode fix inner_ipproto setting in sec_path
    https://git.kernel.org/netdev/net/c/45a98ef4922d

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ