lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230620103430.1975055-1-steffen.klassert@secunet.com>
Date: Tue, 20 Jun 2023 12:34:24 +0200
From: Steffen Klassert <steffen.klassert@...unet.com>
To: David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>
CC: Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert
	<steffen.klassert@...unet.com>, <netdev@...r.kernel.org>
Subject: [PATCH 0/6] pull request (net): ipsec 2023-06-20

1) Treat already-verified secpath entries as optional
   to fix nested IPsec tunnels with xfrm interfaces.
   Fix from Benedict Wong.

2) Make sure that policies always checked on the input
   path with xfrm interfaces. Fix from Benedict Wong.

3) Add missing calls to delete offloaded policies.
   Fix from Leon Romanovsky.

4) Fix inbound ipv4/udp/esp packets to UDPv6 dualstack
   sockets. We need to make sure to call the handler
   of the correct address family.
   Fix from Maciej Żenczykowski.

5) Use the address faqmily from the xfrm_state selector
   for BEET mode input.
   Fix from Herbert Xu.

6) Linearize the skb after offloading if needed. This
   was forgotten when the ESP software GRO codepath
   was created. Fix from Sebastian Andrzej Siewior.

Please pull or let me know if there are problems.

Thanks!

The following changes since commit 67caf26d769e0cb17dba182b0acae015c7aa5881:

  Merge tag 'for-net-2023-05-19' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth (2023-05-19 22:48:26 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git tags/ipsec-2023-06-20

for you to fetch changes up to f015b900bc3285322029b4a7d132d6aeb0e51857:

  xfrm: Linearize the skb after offloading if needed. (2023-06-16 10:29:50 +0200)

----------------------------------------------------------------
ipsec-2023-06-20

----------------------------------------------------------------
Benedict Wong (2):
      xfrm: Treat already-verified secpath entries as optional
      xfrm: Ensure policies always checked on XFRM-I input path

Herbert Xu (1):
      xfrm: Use xfrm_state selector for BEET input

Leon Romanovsky (1):
      xfrm: add missed call to delete offloaded policies

Maciej Żenczykowski (1):
      xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets

Sebastian Andrzej Siewior (1):
      xfrm: Linearize the skb after offloading if needed.

 include/net/xfrm.h             |  1 +
 net/ipv4/esp4_offload.c        |  3 +++
 net/ipv4/xfrm4_input.c         |  1 +
 net/ipv6/esp6_offload.c        |  3 +++
 net/ipv6/xfrm6_input.c         |  3 +++
 net/xfrm/xfrm_input.c          |  8 +++----
 net/xfrm/xfrm_interface_core.c | 54 ++++++++++++++++++++++++++++++++++++++----
 net/xfrm/xfrm_policy.c         | 14 +++++++++++
 8 files changed, 79 insertions(+), 8 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ