iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
acf568ee85
linux/include
History
Herbert Xu acf568ee85 xfrm: Reinject transport-mode packets through tasklet 
This is an old bugbear of mine:

https://www.mail-archive.com/netdev@vger.kernel.org/msg03894.html

By crafting special packets, it is possible to cause recursion
in our kernel when processing transport-mode packets at levels
that are only limited by packet size.

The easiest one is with DNAT, but an even worse one is where
UDP encapsulation is used in which case you just have to insert
an UDP encapsulation header in between each level of recursion.

This patch avoids this problem by reinjecting tranport-mode packets
through a tasklet.

Fixes: b05e106698 ("[IPV4/6]: Netfilter IPsec input hooks")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
2017-12-19 08:23:21 +01:00
..
acpi TTY/Serial patches for 4.15-rc1 2017-11-13 21:05:31 -08:00
asm-generic include/asm-generic/topology.h: remove unused parent_node() macro 2017-11-17 16:10:05 -08:00
clocksource arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-14 10:52:09 -08:00
drm fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
dt-bindings fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
keys
kvm KVM: arm/arm64: Rework kvm_timer_should_fire 2017-11-06 16:23:17 +01:00
lib
linux Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-23 21:18:46 -10:00
math-emu
media media updates for v4.15-rc1 2017-11-15 20:30:12 -08:00
memory
misc
net xfrm: Reinject transport-mode packets through tasklet 2017-12-19 08:23:21 +01:00
pcmcia
ras
rdma Updates for 4.15 kernel merge window 2017-11-15 14:54:53 -08:00
scsi scsi: Use 'blist_flags_t' for scsi_devinfo flags 2017-11-16 17:43:27 -05:00
soc We have two changes to the core framework this time around. The first being a 2017-11-17 20:04:24 -08:00
sound ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization 2017-11-22 12:34:56 +01:00
target A couple of configfs cleanups: 2017-11-14 14:44:04 -08:00
trace rxrpc: Fix service endpoint expiry 2017-11-24 10:18:42 +00:00
uapi uapi: add SPDX identifier to vm_sockets_diag.h 2017-11-26 04:24:48 +09:00
video fbdev changes for v4.15: 2017-11-20 21:50:24 -10:00
xen xen: features and fixes for v4.15-rc1 2017-11-16 13:06:27 -08:00