Bug#652503: [Possible SPAM]-linux-image-2.6.32-5-kirkwood: L2TP tunnel fails when IPSEC SA rekeys (while using the pppol2tp kernel driver)
Package: linux-2.6
Version: 2.6.32-38
Severity: important
Tags: patch
When using a L2TP/IPSEC VPN, taking advantage of the pppol2tp kernel driver (e.g. using openl2tp), the l2tp tunnel fails when the IPSEC SA is rekeyed.
This is fixed by a commit to kernel 3.2-rc5 (see https://github.com/torvalds/linux/commit/71b1391a41289735676be02e35239e5aa9fe6ba6 )
I've included a version of this patch for kernel 2.6.32-38 (current Squeeze kernel) as attachment to this bugreport. This attached patch has been verified by me to be fixing the issue in Debian Squeeze.
-- Package-specific info:
** Version:
Linux version 2.6.32-5-kirkwood (Debian 2.6.32-38a~test) (frankl@debian-nas.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 Wed Aug 17 01:42:35 CEST 2011
** Command line:
console=ttyS0,115200 root=/dev/ram initrd=0xa00000,0x900000 ramdisk=32768
** Not tainted
** Kernel log:
not of importance
** Model information
Processor : Feroceon 88FR131 rev 1 (v5l)
Hardware : QNAP TS-119/TS-219
Revision : 0000
** Loaded modules:
Module Size Used by
nls_utf8 1042 0
nls_cp437 4675 0
pppol2tp 21620 0
pppox 1608 1 pppol2tp
ppp_generic 20064 2 pppol2tp,pppox
slhc 4621 1 ppp_generic
ctr 3241 0
camellia 21397 0
cast5 16967 0
rmd160 8978 0
sha1_generic 1717 0
hmac 2475 0
crypto_null 2122 0
ccm 7224 0
serpent 21417 0
blowfish 8262 0
twofish 7467 0
twofish_common 14498 1 twofish
ecb 1739 0
xcbc 2219 0
cbc 2313 1
sha256_generic 8818 2
sha512_generic 10275 0
des_generic 16617 0
aes_generic 32820 2
xfrm_user 18537 2
ah6 4213 0
ah4 3659 0
esp6 4543 0
esp4 4763 0
xfrm4_mode_beet 1901 0
xfrm4_tunnel 1407 0
tunnel4 2035 1 xfrm4_tunnel
xfrm4_mode_tunnel 1526 0
xfrm4_mode_transport 1228 0
xfrm6_mode_transport 1252 0
xfrm6_mode_ro 1072 0
xfrm6_mode_beet 1680 0
xfrm6_mode_tunnel 1454 0
ipcomp 1698 0
ipcomp6 1710 0
xfrm_ipcomp 3513 2 ipcomp,ipcomp6
xfrm6_tunnel 4567 1 ipcomp6
tunnel6 1866 1 xfrm6_tunnel
af_key 32257 0
ipv6 253494 35 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6
fuse 51232 1
ext2 55263 1
loop 11403 2
vfat 8136 0
fat 43553 1 vfat
ext3 110940 2
jbd 37346 1 ext3
dm_crypt 11542 1
dm_mod 56499 3 dm_crypt
sata_mv 24382 1
evdev 6582 0
mv643xx_eth 22530 0
libata 137822 1 sata_mv
libphy 14820 1 mv643xx_eth
gpio_keys 3050 0
inet_lro 5060 1 mv643xx_eth
ext4 288273 1
mbcache 4860 3 ext2,ext3,ext4
jbd2 64063 1 ext4
sd_mod 31292 6
crc_t10dif 1106 1 sd_mod
usb_storage 35155 3
scsi_mod 124172 3 libata,sd_mod,usb_storage
ehci_hcd 36381 0
usbcore 122471 3 usb_storage,ehci_hcd
nls_base 5367 5 nls_utf8,nls_cp437,vfat,fat,usbcore
** PCI devices:
** Sound cards:
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: armel (armv5tel)
Kernel: Linux 2.6.32-5-kirkwood
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages linux-image-2.6.32-5-kirkwood depends on:
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii initramfs-tools [linux-initra 0.98.8 tools for generating an initramfs
ii linux-base 2.6.32-38 Linux image base package
ii module-init-tools 3.12-1 tools for managing Linux kernel mo
Versions of packages linux-image-2.6.32-5-kirkwood recommends:
ii firmware-linux-free 2.6.32-38 Binary firmware for various driver
ii uboot-mkimage 0.4 generate kernel image for U-Boot
Versions of packages linux-image-2.6.32-5-kirkwood suggests:
pn fdutils <none> (no description available)
pn linux-doc-2.6.32 <none> (no description available)
Versions of packages linux-image-2.6.32-5-kirkwood is related to:
pn firmware-bnx2 <none> (no description available)
pn firmware-bnx2x <none> (no description available)
pn firmware-ipw2x00 <none> (no description available)
pn firmware-ivtv <none> (no description available)
pn firmware-iwlwifi <none> (no description available)
pn firmware-linux <none> (no description available)
pn firmware-linux-nonfree <none> (no description available)
pn firmware-qlogic <none> (no description available)
pn firmware-ralink <none> (no description available)
pn xen-hypervisor <none> (no description available)
-- debconf information excluded
--- a/drivers/net/pppol2tp.c 2009-12-03 04:51:21.000000000 +0100
+++ b/drivers/net/pppol2tp.c 2011-12-16 14:02:15.000000000 +0100
@@ -1172,7 +1172,7 @@
/* Get routing info from the tunnel socket */
skb_dst_drop(skb);
- skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun)));
+ skb_dst_set(skb, dst_clone(__sk_dst_check(sk_tun, 0)));
pppol2tp_skb_set_owner_w(skb, sk_tun);
/* Calculate UDP checksum if configured to do so */
Reply to: