lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250716115443.16763-1-antonio@openvpn.net>
Date: Wed, 16 Jul 2025 13:54:40 +0200
From: Antonio Quartulli <antonio@...nvpn.net>
To: netdev@...r.kernel.org
Cc: Antonio Quartulli <antonio@...nvpn.net>,
	Sabrina Dubroca <sd@...asysnail.net>,
	"David S . Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>
Subject: [PATCH net 0/3] pull request: ovpn for net 2025-07-16

Hi netdev-team,
[2025-07-16: patch 2 reworked to use attribute subsets in yaml spec]

In this batch you can find the following bug fixes:

Patch 1: make sure to propagate any socket FW mark set by userspace
(via SO_MARK) to skbs being sent over that socket.

Patch 2: reject unexpected netlink attributes in user requests.
This was partly open-coded and partly implemented via ovpn.yaml spec.

Patch 3: reset the skb's GSO state when moving a packet from transport
to tunnel layer.

Please pull or let me know of any issue!

Thanks a lot.
Antonio,

The following changes since commit dae7f9cbd1909de2b0bccc30afef95c23f93e477:

  Merge branch 'mptcp-fix-fallback-related-races' (2025-07-15 17:31:30 -0700)

are available in the Git repository at:

  https://github.com/OpenVPN/ovpn-net-next tags/ovpn-net-20250716

for you to fetch changes up to 2022d704014d7a5b19dfe0a1ae5c67be0498e37c:

  ovpn: reset GSO metadata after decapsulation (2025-07-16 11:53:19 +0200)

----------------------------------------------------------------
This bugfix batch includes the following changes:
* properly propagate sk mark to skb->mark field
* reject unexpected incoming netlink attributes
* reset GSO state when moving skb from transport to tunnel layer

----------------------------------------------------------------
Antonio Quartulli (1):
      ovpn: reject unexpected netlink attributes

Ralf Lici (2):
      ovpn: propagate socket mark to skb in UDP
      ovpn: reset GSO metadata after decapsulation

 Documentation/netlink/specs/ovpn.yaml | 153 ++++++++++++++++++++++++++++++++--
 drivers/net/ovpn/io.c                 |   7 ++
 drivers/net/ovpn/netlink-gen.c        |  61 ++++++++++++--
 drivers/net/ovpn/netlink-gen.h        |   6 ++
 drivers/net/ovpn/netlink.c            |  51 ++++++++++--
 drivers/net/ovpn/udp.c                |   1 +
 6 files changed, 259 insertions(+), 20 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ