Bug#652503: [Possible SPAM]-linux-image-2.6.32-5-kirkwood: L2TP tunnel fails when IPSEC SA rekeys (while using the pppol2tp kernel driver)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#652503: [Possible SPAM]-linux-image-2.6.32-5-kirkwood: L2TP tunnel fails when IPSEC SA rekeys (while using the pppol2tp kernel driver)
From: Frank L <frankl@debian-nas.org>
Date: Sat, 17 Dec 2011 22:02:19 +0100
Message-id: <[🔎] 20111217210219.12386.58669.reportbug@leavis-nas.leavis.lan>
Reply-to: Frank L <frankl@debian-nas.org>, 652503@bugs.debian.org

Package: linux-2.6
Version: 2.6.32-38
Severity: important
Tags: patch

When using a L2TP/IPSEC VPN, taking advantage of the pppol2tp kernel driver (e.g. using openl2tp), the l2tp tunnel fails when the IPSEC SA is rekeyed.
This is fixed by a commit to kernel 3.2-rc5 (see https://github.com/torvalds/linux/commit/71b1391a41289735676be02e35239e5aa9fe6ba6 )
I've included a version of this patch for kernel 2.6.32-38 (current Squeeze kernel) as attachment to this bugreport. This attached patch has been verified by me to be fixing the issue in Debian Squeeze.


-- Package-specific info:
** Version:
Linux version 2.6.32-5-kirkwood (Debian 2.6.32-38a~test) (frankl@debian-nas.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 Wed Aug 17 01:42:35 CEST 2011

** Command line:
console=ttyS0,115200 root=/dev/ram initrd=0xa00000,0x900000 ramdisk=32768

** Not tainted

** Kernel log:
not of importance

** Model information
Processor	: Feroceon 88FR131 rev 1 (v5l)
Hardware	: QNAP TS-119/TS-219
Revision	: 0000

** Loaded modules:
Module                  Size  Used by
nls_utf8                1042  0 
nls_cp437               4675  0 
pppol2tp               21620  0 
pppox                   1608  1 pppol2tp
ppp_generic            20064  2 pppol2tp,pppox
slhc                    4621  1 ppp_generic
ctr                     3241  0 
camellia               21397  0 
cast5                  16967  0 
rmd160                  8978  0 
sha1_generic            1717  0 
hmac                    2475  0 
crypto_null             2122  0 
ccm                     7224  0 
serpent                21417  0 
blowfish                8262  0 
twofish                 7467  0 
twofish_common         14498  1 twofish
ecb                     1739  0 
xcbc                    2219  0 
cbc                     2313  1 
sha256_generic          8818  2 
sha512_generic         10275  0 
des_generic            16617  0 
aes_generic            32820  2 
xfrm_user              18537  2 
ah6                     4213  0 
ah4                     3659  0 
esp6                    4543  0 
esp4                    4763  0 
xfrm4_mode_beet         1901  0 
xfrm4_tunnel            1407  0 
tunnel4                 2035  1 xfrm4_tunnel
xfrm4_mode_tunnel       1526  0 
xfrm4_mode_transport     1228  0 
xfrm6_mode_transport     1252  0 
xfrm6_mode_ro           1072  0 
xfrm6_mode_beet         1680  0 
xfrm6_mode_tunnel       1454  0 
ipcomp                  1698  0 
ipcomp6                 1710  0 
xfrm_ipcomp             3513  2 ipcomp,ipcomp6
xfrm6_tunnel            4567  1 ipcomp6
tunnel6                 1866  1 xfrm6_tunnel
af_key                 32257  0 
ipv6                  253494  35 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6
fuse                   51232  1 
ext2                   55263  1 
loop                   11403  2 
vfat                    8136  0 
fat                    43553  1 vfat
ext3                  110940  2 
jbd                    37346  1 ext3
dm_crypt               11542  1 
dm_mod                 56499  3 dm_crypt
sata_mv                24382  1 
evdev                   6582  0 
mv643xx_eth            22530  0 
libata                137822  1 sata_mv
libphy                 14820  1 mv643xx_eth
gpio_keys               3050  0 
inet_lro                5060  1 mv643xx_eth
ext4                  288273  1 
mbcache                 4860  3 ext2,ext3,ext4
jbd2                   64063  1 ext4
sd_mod                 31292  6 
crc_t10dif              1106  1 sd_mod
usb_storage            35155  3 
scsi_mod              124172  3 libata,sd_mod,usb_storage
ehci_hcd               36381  0 
usbcore               122471  3 usb_storage,ehci_hcd
nls_base                5367  5 nls_utf8,nls_cp437,vfat,fat,usbcore

** PCI devices:

** Sound cards:

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: armel (armv5tel)

Kernel: Linux 2.6.32-5-kirkwood
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages linux-image-2.6.32-5-kirkwood depends on:
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration management sy
ii  initramfs-tools [linux-initra 0.98.8     tools for generating an initramfs
ii  linux-base                    2.6.32-38  Linux image base package
ii  module-init-tools             3.12-1     tools for managing Linux kernel mo

Versions of packages linux-image-2.6.32-5-kirkwood recommends:
ii  firmware-linux-free           2.6.32-38  Binary firmware for various driver
ii  uboot-mkimage                 0.4        generate kernel image for U-Boot

Versions of packages linux-image-2.6.32-5-kirkwood suggests:
pn  fdutils                       <none>     (no description available)
pn  linux-doc-2.6.32              <none>     (no description available)

Versions of packages linux-image-2.6.32-5-kirkwood is related to:
pn  firmware-bnx2                 <none>     (no description available)
pn  firmware-bnx2x                <none>     (no description available)
pn  firmware-ipw2x00              <none>     (no description available)
pn  firmware-ivtv                 <none>     (no description available)
pn  firmware-iwlwifi              <none>     (no description available)
pn  firmware-linux                <none>     (no description available)
pn  firmware-linux-nonfree        <none>     (no description available)
pn  firmware-qlogic               <none>     (no description available)
pn  firmware-ralink               <none>     (no description available)
pn  xen-hypervisor                <none>     (no description available)

-- debconf information excluded

--- a/drivers/net/pppol2tp.c	2009-12-03 04:51:21.000000000 +0100
+++ b/drivers/net/pppol2tp.c	2011-12-16 14:02:15.000000000 +0100
@@ -1172,7 +1172,7 @@
 
 	/* Get routing info from the tunnel socket */
 	skb_dst_drop(skb);
-	skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun)));
+	skb_dst_set(skb, dst_clone(__sk_dst_check(sk_tun, 0)));
 	pppol2tp_skb_set_owner_w(skb, sk_tun);
 
 	/* Calculate UDP checksum if configured to do so */

Reply to:

Follow-Ups:
- Bug#652503: linux-image-2.6.32-5-kirkwood: L2TP tunnel fails when IPSEC SA rekeys (while using the pppol2tp kernel driver)
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: [PATCH] m68k/irq: don't use pr_crit in an header
Next by Date: Re: [PATCH] m68k/irq: don't use pr_crit in an header
Previous by thread: Bug#652484: linux-image-3.1.0-1-amd64: kernel oops when USB drive hot unplugged
Next by thread: Bug#652503: linux-image-2.6.32-5-kirkwood: L2TP tunnel fails when IPSEC SA rekeys (while using the pppol2tp kernel driver)
Index(es):
- Date
- Thread