lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m1d3d0oraf.fsf@fess.ebiederm.org>
Date:	Wed, 09 Nov 2011 14:38:16 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	dilip.daya@...com
Cc:	linux-kernel@...r.kernel.org, jmorris@...ei.org,
	<netdev@...r.kernel.org>, adobrian@...il.com
Subject: Re: ip_local_deliver_finish: proto 108 (IPComp) isn't netns-ready

Dilip Daya <dilip.daya@...com> writes:

> Hi All,
>
> LTP-network tests produced:
>
> 	"ip_local_deliver_finish: proto 108 (IPComp) isn't netns-ready"
>
> Question:
> Is the above a bug or feature (IPComp, mode: transport) not netns
> enabled?

I would call it a missing feature.

> Environment:
>
> * v3.1-stable kernel.
>
> * Configured two network-namespaces via "ip netns add ...".
>   on a single system: netns0 (assigned as server) and
>   netns1 (assigned as client).
>   - assigned multiple physical NICs to netns0 and netns1.
>
> * Entered netns1 (ip netns exec netns1 bash) to execute
>   ltp-network suite of tests between netns1 and netns0.
>
> * The following LTP tests produced messages:
>
>   "kernel: ip_local_deliver_finish: proto 108 isn't netns-ready"
>
>    - /usr/lib/ltp/testcases/bin/icmp4-multi-diffip06
>    - /usr/lib/ltp/testcases/bin/tcp4-multi-diffip13
>    - /usr/lib/ltp/testcases/bin/udp4-multi-diffip06
>    - /usr/lib/ltp/testcases/bin/udp4-multi-diffnic06
>    - /usr/lib/ltp/testcases/bin/udp4-multi-diffport06
>
> * I also noticed missing ".netns_ok = 1" in:
>   - http://lxr.linux.no/linux+v3.1/net/ipv4/ipcomp.c#L150

The .netns_ok flag indicates that someone has audited the code and made
certain it all works with network namespaces.

Skimming the code I don't see anything that jumps out as me as
wrong.  And it looks like Alexy did the work in Jan of 2010.

   commit a92df2545402c1a08e7a158f4477a52dea0eeeed
   Author: Alexey Dobriyan <adobriyan@...il.com>
   Date:   Mon Jan 25 10:38:34 2010 +0000
   
       netns xfrm: ipcomp support
       
       Signed-off-by: Alexey Dobriyan <adobriyan@...il.com>
       Signed-off-by: David S. Miller <davem@...emloft.net>

However it is clear that no one has actually tested ipcomp with
network namespaces.

If you have a clue what is going on with ip compression my
recommendation would be to add .netns_ok = 1.  Verify that the
everything works and send the patch.  You probably want to
verify and test ipv6 as well.  It really looks like the code
is fine and it just needs to be enabled.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ