group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #20907
[Bug 1744078] Re: linux < 4.8: x-netns vti is broken
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Xenial)
Status: New => Triaged
** Changed in: linux (Ubuntu)
Status: Confirmed => Triaged
** Tags added: kernel-da-key xenial
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1744078
Title:
linux < 4.8: x-netns vti is broken
Status in linux package in Ubuntu:
Triaged
Status in linux source package in Xenial:
Triaged
Bug description:
The following upstream patch is missing:
11d7a0bb95ea xfrm: Only add l3mdev oif to dst lookups
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=11d7a0bb95ea
There are several ways to reproduce this problem. Here an example:
# Prepare netns
ip netns add test
ip netns exec test sysctl -q -w net.ipv4.conf.all.forwarding=1
ip netns exec test ip link set lo up
ip netns exec test ip addr add 172.16.1.1/24 dev lo
# Create VTI iface and move it in netns test
ip addr add 1.1.1.1/32 dev lo
ip link add name vti_test type vti local 1.1.1.1 remote 2.2.2.2 key 0x1
ip link set dev vti_test netns test
# Configure IPsec
ip xfrm state add src 1.1.1.1 dst 2.2.2.2 proto esp spi 1 mode tunnel enc 'cbc(aes)' '0x11111111111111111111111111111111' auth-trunc 'hmac(sha1)' '0x2222222222222222222222222222222222222222' 96 flag align4 mark 0x1
ip xfrm state add src 2.2.2.2 dst 1.1.1.1 proto esp spi 2 mode tunnel enc 'cbc(aes)' '0x33333333333333333333333333333333' auth-trunc 'hmac(sha1)' '0x4444444444444444444444444444444444444444' 96 flag align4 mark 0x1
ip xfrm policy add dir out tmpl src 1.1.1.1 dst 2.2.2.2 proto esp mode tunnel mark 0x1
ip xfrm policy add dir in tmpl src 2.2.2.2 dst 1.1.1.1 proto esp mode tunnel mark 0x1
# Configure SVTI
ip netns exec test ip link set dev vti_test up
# Add route
ip netns exec test ip route add 172.16.2.0/24 dev vti_test
# Run a tcpdump on the output interface (given by "ip route get 2.2.2.2")
tcpdump -nei eth0 &
# Ping from the netns
ip netns exec test ping 172.16.2.1 -I 172.16.1.1 -c 4
------
On 4.4.0-109-generic:
(ping) From 172.16.1.1 icmp_seq=1 Destination Host Unreachable
(tcpdump) no IPsec packet
=> Problem
On 4.8.0-58-generic:
(ping): no error raised
(tcpdump) 15:09:45.109776 de:ad:de:01:02:03 > 52:55:0a:00:02:02, ethertype IPv4 (0x0800), length 166: 1.1.1.1 > 2.2.2.2: ESP(spi=0x00000001,seq=0x2), length 132
(tcpdump) 15:10:05.422243 de:ad:de:01:02:03 > 52:55:0a:00:02:02, ethertype IPv4 (0x0800), length 166: 1.1.1.1 > 2.2.2.2: ESP(spi=0x00000001,seq=0x3), length 132
=> No problem
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1744078/+subscriptions