From: Steffen Klassert <[email protected]> Date: Thu, 21 Feb 2019 09:22:00 +0100
> 1) Don't do TX bytes accounting for the esp trailer when sending > from a request socket as this will result in an out of bounds > memory write. From Martin Willi. > > 2) Destroy xfrm_state synchronously on net exit path to > avoid nested gc flush callbacks that may trigger a > warning in xfrm6_tunnel_net_exit(). From Cong Wang. > > 3) Do an unconditionally clone in pfkey_broadcast_one() > to avoid a race when freeing the skb. > From Sean Tranchetti. > > 4) Fix inbound traffic via XFRM interfaces across network > namespaces. We did the lookup for interfaces and policies > in the wrong namespace. From Tobias Brunner. > > Please pull or let me know if there are problems. Pulled, thanks.
