lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 11 Feb 2018 09:33:32 +0100
From:   Artem Savkov <artem.savkov@...il.com>
To:     Yossi Kuperman <yossiku@...lanox.com>,
        Steffen Klassert <steffen.klassert@...unet.com>
Cc:     netdev@...r.kernel.org
Subject: ipsec through openvpn broken

Hi Yossi, Steffen,

I am using ipsec throug openvpn on one of my machines and it stopped
working since 4.15. Bisection showed that the culprit is:
5efec5c655dd xfrm: Fix eth_hdr(skb)->h_proto to reflect inner IP version

Reverting the patch does fix it for me.

I am seing h_proto being changed from 0x1bac to 0x8 and wireshark
doesn't see the ethernet header anymore:

Packet sent:

Frame 3: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits)
Ethernet II, Src: xx:xx:xx:xx:52:01 (xx:xx:xx:xx:52:01), Dst: IETF-VRRP-VRID_6a (xx:xx:xx:xx:01:6a)
Internet Protocol Version 4, Src: xx.xx.xx.xx, Dst: yy.yy.yy.yy
User Datagram Protocol, Src Port: 4500, Dst Port: 4500
UDP Encapsulation of IPsec Packets
Encapsulating Security Payload
    ESP SPI: 0xc4bbc7d8 (3300640728)
    ESP Sequence: 29


Packet received:

Frame 6: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits)
Raw packet data
Internet Protocol Version 4, Src: xx.xx.xx.xx, Dst: zz.zz.zz.zz
User Datagram Protocol, Src Port: 4500, Dst Port: 4500
UDP Encapsulation of IPsec Packets
Encapsulating Security Payload
    ESP SPI: 0xc4bbc7d8 (3300640728)
    ESP Sequence: 29

-- 
Regards,
  Artem Savkov

Powered by blists - more mailing lists