git.baikalelectronics.ru Git - kernel.git/commit

author	Herbert Xu <herbert@gondor.apana.org.au>
	Fri, 15 Dec 2017 05:40:44 +0000 (16:40 +1100)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Tue, 19 Dec 2017 07:23:21 +0000 (08:23 +0100)
commit	e3690f7cbda02ed29561fad3f7621c62c542f505
tree	2ca6509d139079ad95e37bdfb94bf570fc094a6d	tree \| snapshot
parent	7f2e55898cd1b53ddbb1b9e6676535d09b933591	commit \| diff

xfrm: Reinject transport-mode packets through tasklet

This is an old bugbear of mine:

https://www.mail-archive.com/netdev@vger.kernel.org/msg03894.html

By crafting special packets, it is possible to cause recursion
in our kernel when processing transport-mode packets at levels
that are only limited by packet size.

The easiest one is with DNAT, but an even worse one is where
UDP encapsulation is used in which case you just have to insert
an UDP encapsulation header in between each level of recursion.

This patch avoids this problem by reinjecting tranport-mode packets
through a tasklet.

Fixes: 4da5e75a3753 ("[IPV4/6]: Netfilter IPsec input hooks")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

include/net/xfrm.h		diff \| blob \| history
net/ipv4/xfrm4_input.c		diff \| blob \| history
net/ipv6/xfrm6_input.c		diff \| blob \| history
net/xfrm/xfrm_input.c		diff \| blob \| history