← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1744078] Re: linux < 4.8: x-netns vti is broken

 

** Changed in: linux (Ubuntu)
   Importance: Undecided => Medium

** Also affects: linux (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Xenial)
       Status: New => Triaged

** Changed in: linux (Ubuntu)
       Status: Confirmed => Triaged

** Tags added: kernel-da-key xenial

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1744078

Title:
  linux < 4.8: x-netns vti is broken

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  Triaged

Bug description:
  The following upstream patch is missing:

  11d7a0bb95ea xfrm: Only add l3mdev oif to dst lookups 
  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=11d7a0bb95ea

  There are several ways to reproduce this problem. Here an example:

  # Prepare netns
  ip netns add test
  ip netns exec test sysctl -q -w net.ipv4.conf.all.forwarding=1
  ip netns exec test ip link set lo up
  ip netns exec test ip addr add 172.16.1.1/24 dev lo

  # Create VTI iface and move it in netns test
  ip addr add 1.1.1.1/32 dev lo
  ip link add name vti_test type vti local 1.1.1.1 remote 2.2.2.2 key 0x1
  ip link set dev vti_test netns test

  # Configure IPsec
  ip xfrm state add src 1.1.1.1 dst 2.2.2.2 proto esp spi 1 mode tunnel enc 'cbc(aes)' '0x11111111111111111111111111111111' auth-trunc 'hmac(sha1)' '0x2222222222222222222222222222222222222222' 96 flag  align4 mark 0x1
  ip xfrm state add src 2.2.2.2 dst 1.1.1.1 proto esp spi 2 mode tunnel enc 'cbc(aes)' '0x33333333333333333333333333333333' auth-trunc 'hmac(sha1)' '0x4444444444444444444444444444444444444444' 96 flag  align4 mark 0x1
  ip xfrm policy add dir out tmpl src 1.1.1.1 dst 2.2.2.2 proto esp mode tunnel mark 0x1
  ip xfrm policy add dir in tmpl src 2.2.2.2 dst 1.1.1.1 proto esp mode tunnel mark 0x1

  # Configure SVTI
  ip netns exec test ip link set dev vti_test up

  # Add route
  ip netns exec test ip route add 172.16.2.0/24 dev vti_test

  # Run a tcpdump on the output interface (given by "ip route get 2.2.2.2")
  tcpdump -nei eth0 &

  # Ping from the netns
  ip netns exec test ping 172.16.2.1 -I 172.16.1.1 -c 4

  ------

  On 4.4.0-109-generic:
  (ping) From 172.16.1.1 icmp_seq=1 Destination Host Unreachable
  (tcpdump) no IPsec packet

  => Problem

  On 4.8.0-58-generic:
  (ping): no error raised
  (tcpdump) 15:09:45.109776 de:ad:de:01:02:03 > 52:55:0a:00:02:02, ethertype IPv4 (0x0800), length 166: 1.1.1.1 > 2.2.2.2: ESP(spi=0x00000001,seq=0x2), length 132
  (tcpdump) 15:10:05.422243 de:ad:de:01:02:03 > 52:55:0a:00:02:02, ethertype IPv4 (0x0800), length 166: 1.1.1.1 > 2.2.2.2: ESP(spi=0x00000001,seq=0x3), length 132

  => No problem

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1744078/+subscriptions