On Sat, 2011-12-17 at 22:02 +0100, Frank L wrote: > Package: linux-2.6 > Version: 2.6.32-38 > Severity: important > Tags: patch > > When using a L2TP/IPSEC VPN, taking advantage of the pppol2tp kernel driver (e.g. using openl2tp), the l2tp tunnel fails when the IPSEC SA is rekeyed. > This is fixed by a commit to kernel 3.2-rc5 (see https://github.com/torvalds/linux/commit/71b1391a41289735676be02e35239e5aa9fe6ba6 ) > I've included a version of this patch for kernel 2.6.32-38 (current Squeeze kernel) as attachment to this bugreport. This attached patch has been verified by me to be fixing the issue in Debian Squeeze. [...] > --- a/drivers/net/pppol2tp.c 2009-12-03 04:51:21.000000000 +0100 > +++ b/drivers/net/pppol2tp.c 2011-12-16 14:02:15.000000000 +0100 > @@ -1172,7 +1172,7 @@ > > /* Get routing info from the tunnel socket */ > skb_dst_drop(skb); > - skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun))); > + skb_dst_set(skb, dst_clone(__sk_dst_check(sk_tun, 0))); > pppol2tp_skb_set_owner_w(skb, sk_tun); > > /* Calculate UDP checksum if configured to do so */ This seems reasonable. However, the code being changed in the original commit is holding the socket lock, whereas this code in 2.6.32 is instead holding a lock specific to the PPP channel. This may be sufficient but I'm not sure. James, can you comment? Ben. -- Ben Hutchings Beware of programmers who carry screwdrivers. - Leonard Brandwein
Attachment:
signature.asc
Description: This is a digitally signed message part