Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)

To: Sven Luther <sven.luther@wanadoo.fr>
Cc: Fabio Massimo Di Nitto <fabbione@fabbione.net>, debian-kernel@lists.debian.org, 257120@bugs.debian.org
Subject: Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
From: Horms <horms@verge.net.au>
Date: Wed, 21 Jul 2004 10:15:16 +0900
Message-id: <[🔎] 20040721011514.GA25126@verge.net.au>
Mail-followup-to: Sven Luther <sven.luther@wanadoo.fr>, Fabio Massimo Di Nitto <fabbione@fabbione.net>, debian-kernel@lists.debian.org, 257120@bugs.debian.org
In-reply-to: <[🔎] 20040720155211.GA7443@pegasos>
References: <[🔎] Pine.LNX.4.58.0407080956560.12176@trider-g7.ext.fabbione.net> <[🔎] 20040712011606.GB2904@verge.net.au> <[🔎] Pine.LNX.4.58.0407120612180.27723@trider-g7.ext.fabbione.net> <[🔎] 20040715075737.GC10242@verge.net.au> <[🔎] 20040720082637.GA12895@debian.org> <[🔎] Pine.LNX.4.58.0407201108340.5060@trider-g7.ext.fabbione.net> <[🔎] 20040720155211.GA7443@pegasos>

On Tue, Jul 20, 2004 at 05:52:11PM +0200, Sven Luther wrote:
> On Tue, Jul 20, 2004 at 11:10:08AM +0200, Fabio Massimo Di Nitto wrote:
> > On Tue, 20 Jul 2004, Horms wrote:
> > 
> > > Hi,
> > >
> > > I am happy to report that I have found a fix for this
> > > problem which was developed by Hurbert Xu and posted
> > > by him to the netdev mailing list late last week (sorry for the
> > > delay, I have been on holidays the past few days).
> > 
> > that's cool.
> > 
> > >
> > > http://oss.sgi.com/projects/netdev/archive/2004-07/msg00386.html
> > >
> > > I have verified that this resolves the problem reported
> > > in this Bug report. I have put the fix into the debian-kernel
> > > svn tree and it should be included in the next release,
> > > tentatively kernel-source-2.4.26_2.4.26-4.
> > >
> > > I do not believe this bug warrants making that release -
> > > it is the only change so far. I am willing to be convinced
> > > otherwise.
> > 
> > Quoting Xu:
> > 
> > "his fixes a number of weird crashes including those AES crashes
> > that people have been seeing with the 2.4 backport + ipt_conntrack."
> > 
> > and this bug is RC since it hard freeze the system. I think it is worth to
> > have it fixed asap. Also.. if it has been reported it means that people
> > are using it.
> 
> Ok debian-kernel folk, what is the consensus of this ? I did not really follow
> this, but will we add the patch to kernel-source and thus make an upload of
> kernel-source asap ? Is there something i missed in this issue, or some other
> consideration we may have ? 

I have put the code into SVN. If there is a consensus that
we should make a new kernel-source release then I will do so
and also make a corresoponding kernel-image-i386 release.

I am not really convinced that it warrants a new release.
But if you are using ipsec with AES and seeing heavy, fragmented
UDP traffic - e.g. NFS - then your kernel will lock up.
Which is needless to say bad, but only for those people.

The only other RC bug I see against kernel-source relates to m68k
(Bug#257001). It is the topic of other discussion on the BTS and
debian-kernel right now. I suspect it will either be resolved by an
architecture specific patch, or a wontfix. In either case it seems
unlikely that kernel-source will be updated to resolve that problem.

-- 
Horms

Reply to:

References:
- bug 257120
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
- Re: bug 257120
  - From: Horms <horms@verge.net.au>
- Re: bug 257120
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
- Bug#257120: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
  - From: Horms <horms@verge.net.au>
- Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
  - From: Horms <horms@debian.org>
- Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
  - From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
- Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
  - From: Sven Luther <sven.luther@wanadoo.fr>

Prev by Date: [Fwd: initrd question about kernel-image-2.6.6-1-k7]
Next by Date: Re: ia64 added to svn
Previous by thread: Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
Next by thread: Re: bug 257120 (IPSEC with AES + Conntrack + UDP -> Panic)
Index(es):
- Date
- Thread