lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 02 Dec 2014 15:41:39 -0500
From:	Valdis Kletnieks <Valdis.Kletnieks@...edu>
To:	Herbert Xu <herbert@...dor.apana.org.au>, davem@...emloft.net,
	Jason Wang <jasowang@...hat.com>
Cc:	netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: linux-next Problems with VPN tunnel - no packets sent

Recent linux-next has broken my Juniper VPN client.  The tunnel gets created,
routes get added, but trying to actually send packets across results in packets
just disappearing. 'ifconfig' consistently reports exactly 1 packet sent (even
after a 'ping' command or similar should have sent multiple packets.

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1400
        inet 172.27.1.40  netmask 255.255.255.255  destination 172.27.1.40
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 1  bytes 355 (355.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1  bytes 61 (61.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Still broken in next-20141201, and bisection fingers this commit:

commit e0b46d0ee9c240c7430a47e9b0365674d4a04522
Author: Herbert Xu <herbert@...dor.apana.org.au>
Date:   Fri Nov 7 21:22:23 2014 +0800

    tun: Use iovec iterators

    This patch removes the use of skb_copy_datagram_const_iovec in
    favour of the iovec iterator-based skb_copy_datagram_iter.

This commit is in the kernel, and does *not* fix the problem:

commit 8c847d254146d32c86574a1b16923ff91bb784dd
Author: Jason Wang <jasowang@...hat.com>
Date:   Thu Nov 13 16:54:14 2014 +0800

    tun: fix issues of iovec iterators using in tun_put_user()

So there's apparently additional issues that Jason didn't address. I tried to
revert Herbert's patch for testing, but there's at  least 5 or 6 other patches
that need reverting first, so I abandoned that unless it becomes necessary...

What's the best way to proceed?

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ