Chapter 11. Networking

The permanent address of virtual devices such as bridge or veth was incorrectly set to their link layer address, instead of being all zeroes. This update restores the original behavior for devices that do not have a permanent address so that the ethtool -P command now returns an all-zero address once again. (BZ#1318500)

Previously, the wpa_supplicant service stopped responding to Extensible Authentication Protocol (EAP) Identity Request packets after wpa_supplicant was reloaded. As a consequence, clients using IEEE802.1x-port-based authentication lost connectivity until wpa_supplicant was restarted. With this update, the client is deauthenticated after reconfiguration. As a result, clients using IEEE802.1x-port-based authentication no longer lose connectivity in the described situation. (BZ#1359044)

Previously, a transform (XFRM) lookup could be performed on an already transformed destination cache entry (dst_entry) using UDP over IPv6 with a connected socket in conjunction with IPsec in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments were transmitted from the host or the kernel could terminate unexpectedly due to a socket buffer (SKB) underrun. With this update, XFRM lookup on already transformed dst_entry is not possible. Using UDP iperf over IPv6 ESP no longer causes invalid IPv6 fragments transmissions or a kernel panic. (BZ#1327680)

When providing certain services and using the Integrated Services Digital Network (ISDN), the system could terminate unexpectedly due to the call of the tty_ldisc_flush() function. The provided patch removes this call and the system no longer hangs in the described scenario. (BZ#1328115)