| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2022 13:10:12 +0000
From: patchwork-bot+netdevbpf@...nel.org
To: Sewook Seo <ssewook@...il.com>
Cc: sewookseo@...gle.com, netdev@...r.kernel.org, davem@...emloft.net,
yoshfuji@...ux-ipv6.org, dsahern@...nel.org, kuba@...nel.org,
pabeni@...hat.com, maze@...gle.com, edumazet@...gle.com,
steffen.klassert@...unet.com, seheele@...gle.com
Subject: Re: [PATCH v5 net-next] net: Find dst with sk's xfrm policy not ctl_sk
Hello:
This patch was applied to netdev/net-next.git (master)
by David S. Miller <davem@...emloft.net>:
On Thu, 7 Jul 2022 10:01:39 +0000 you wrote:
> From: sewookseo <sewookseo@...gle.com>
>
> If we set XFRM security policy by calling setsockopt with option
> IPV6_XFRM_POLICY, the policy will be stored in 'sock_policy' in 'sock'
> struct. However tcp_v6_send_response doesn't look up dst_entry with the
> actual socket but looks up with tcp control socket. This may cause a
> problem that a RST packet is sent without ESP encryption & peer's TCP
> socket can't receive it.
> This patch will make the function look up dest_entry with actual socket,
> if the socket has XFRM policy(sock_policy), so that the TCP response
> packet via this function can be encrypted, & aligned on the encrypted
> TCP socket.
>
> [...]
Here is the summary with links:
- [v5,net-next] net: Find dst with sk's xfrm policy not ctl_sk
https://git.kernel.org/netdev/net-next/c/e22aa1486668
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Powered by blists - more mailing lists