lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Feb 2018 09:33:32 +0100 From: Artem Savkov <artem.savkov@...il.com> To: Yossi Kuperman <yossiku@...lanox.com>, Steffen Klassert <steffen.klassert@...unet.com> Cc: netdev@...r.kernel.org Subject: ipsec through openvpn broken Hi Yossi, Steffen, I am using ipsec throug openvpn on one of my machines and it stopped working since 4.15. Bisection showed that the culprit is: 5efec5c655dd xfrm: Fix eth_hdr(skb)->h_proto to reflect inner IP version Reverting the patch does fix it for me. I am seing h_proto being changed from 0x1bac to 0x8 and wireshark doesn't see the ethernet header anymore: Packet sent: Frame 3: 142 bytes on wire (1136 bits), 142 bytes captured (1136 bits) Ethernet II, Src: xx:xx:xx:xx:52:01 (xx:xx:xx:xx:52:01), Dst: IETF-VRRP-VRID_6a (xx:xx:xx:xx:01:6a) Internet Protocol Version 4, Src: xx.xx.xx.xx, Dst: yy.yy.yy.yy User Datagram Protocol, Src Port: 4500, Dst Port: 4500 UDP Encapsulation of IPsec Packets Encapsulating Security Payload ESP SPI: 0xc4bbc7d8 (3300640728) ESP Sequence: 29 Packet received: Frame 6: 128 bytes on wire (1024 bits), 128 bytes captured (1024 bits) Raw packet data Internet Protocol Version 4, Src: xx.xx.xx.xx, Dst: zz.zz.zz.zz User Datagram Protocol, Src Port: 4500, Dst Port: 4500 UDP Encapsulation of IPsec Packets Encapsulating Security Payload ESP SPI: 0xc4bbc7d8 (3300640728) ESP Sequence: 29 -- Regards, Artem Savkov
Powered by blists - more mailing lists