Received: by 10.213.65.68 with SMTP id h4csp2076994imn;
        Thu, 29 Mar 2018 17:25:37 -0700 (PDT)
X-Google-Smtp-Source: AIpwx4/3eVuSZU/1oY01jV3lIpbpz13yza1/fpQoxZzxsC5NuvhaQQqEAZvobJBsWnVfp2zIUZye
X-Received: by 10.98.141.20 with SMTP id z20mr7998195pfd.144.1522369537870;
        Thu, 29 Mar 2018 17:25:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1522369537; cv=none;
        d=google.com; s=arc-20160816;
        b=qG15q+Z/2ke5m/HZwikacG89tl16hsIkdj4WtLF7W3Bnp1mAsiJvfzfXE+x6mulqkN
         ZKIUiUV0+27brdS6DzzZJPlq2I7tXvIvjNIrKproGVGUqA+De2IpdCpm80ZmxRbrDQuc
         ludSlHNsDc4EXIncAawwmqpFJCqW0hDyKeWD6Ohp6CypPloxndYnCObj3DTjm/7EpHop
         CH5J5EJBC3hhO5fS2ISuT/3470Jy7nkk5ANdhQdOStyTvemVcYwaGb97luf+DZ8+WL4I
         DGsNFnBRvpH0WDLE3+B5Y0Rdcxa440VDq/zzp0HwMp48XcnnbLaNaSm+/QX4sjS0r3DH
         7BuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=V/VQw+IDysWidEFrVe2nW0h8vjGgOqJ3IAE6y6pL7yM=;
        b=gu0HAmhzY8fDo4h+QfcG05ChIdZfb77RzaQfRhMX/b0TdOgvGGpX0oI3UDCIc89Yev
         TAhxEHOJV1wd6zRrXVu/8De3AUh8hn7gTvhvojBfrtEGC4pHW+UyO6qiLzyCNtwhc8T2
         fFK15WbSwnaZgcIS2GeRYbU3YNs7xcvNaddhmmMnwAtRNElS+VsoRvemCjnUyNY8K+rj
         qB4zPv++lHvSJtSYE9qAjofX80ZjouUZiHtUGX8eZn3vBEnWzOM7KE5BwJ0oGBcnnUh0
         q5u/N8PwVR38ivAsTHEFGBlLiIaCr3NvWYXYC29Gv6juvXy6W8VI/Qf5KIWmJEyHgTHN
         pKxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=uf5j2H7f;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s13si5380581pfs.91.2018.03.29.17.25.12;
        Thu, 29 Mar 2018 17:25:37 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=uf5j2H7f;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752446AbeC3AW4 (ORCPT <rfc822;linux.lists.archive@gmail.com>
        + 99 others); Thu, 29 Mar 2018 20:22:56 -0400
Received: from mail-ot0-f194.google.com ([74.125.82.194]:36618 "EHLO
        mail-ot0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752254AbeC3AWu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 29 Mar 2018 20:22:50 -0400
Received: by mail-ot0-f194.google.com with SMTP id n40-v6so8159892otd.3;
        Thu, 29 Mar 2018 17:22:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=V/VQw+IDysWidEFrVe2nW0h8vjGgOqJ3IAE6y6pL7yM=;
        b=uf5j2H7foH4ZvUKjJFYU09n2wO81HYspBwpJ1A98to/apbfVzGjhcAqeCMbt1Li9ka
         Kuh8T8T2606OD+HOrNfqvtv4m3L0q+hfdRn1QVbtFgF30+h9uawLUOKoIm7SRczlKyBr
         LgYqP7U+Ao4+bjubRX7DzgRhMXyo+KXc8Yfuut2+48lXrC0DUmLjlvYOQamp6AjSbfLE
         0WkI+P/Nd9OqsGcwC7SSkdTmfdJ23YPaeNlU5RdhGFSnc62vD0woCo95pvAcUyCzxKJk
         lh5sy1tRcP04oKI+H8fuYOBI0FhqLcacxcruDIPM6zTP7GZNA+zHOdjavtnzffYuvW2B
         H97w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=V/VQw+IDysWidEFrVe2nW0h8vjGgOqJ3IAE6y6pL7yM=;
        b=uncTh2o4ejcX58nkOAbwxoYZi5WQvLz1333bNcDfizC8Fl44g/NK35E8Uun1RDujoL
         lye65ZofAZwToHaRCdoLLb3+Ied80YqMQoCg21MnmIGbY8vFRwhpR2wW/n17oTMs/HSO
         rRQjrybZyTeCDgbknhJDJo2CuU6mmx9uW3MmxYAss2XjM6irqDF3hG75p4fAbmPZkJdS
         yyWrOMg/JyfGIq9EP9ol8wd6o9eoWu9fCh6oQG6EkASDM9hiBPQfOsuyB2wk7TuXdNRY
         cWjCdjw4AM1t9uQt8i8sIMbuV0lSHTohlusf+v1Ct4I2fA0ZcoV0HmJXlPC7/subIqX/
         zpmA==
X-Gm-Message-State: AElRT7EU2b2sbH5aZrMZzf8UPu9dDRDpiYpbmmPCs2WH34eDlEnvGPcL
        O6tFcPBZv4Uw9evr0xDMelK3ELsAAZeF1bNi4fbjAw==
X-Received: by 2002:a9d:1920:: with SMTP id j32-v6mr6523567ota.383.1522369369884;
 Thu, 29 Mar 2018 17:22:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:4715:0:0:0:0:0 with HTTP; Thu, 29 Mar 2018 17:22:49
 -0700 (PDT)
In-Reply-To: <20180329065127.yn6sm3xvs2givubo@gauss3.secunet.de>
References: <CAMfSVWDZn28cYpseJCc=gO1uD1Cr_P5vKRW8FjaqczooyecHwg@mail.gmail.com>
 <20180329065127.yn6sm3xvs2givubo@gauss3.secunet.de>
From:   Derek Robson <robsonde@gmail.com>
Date:   Fri, 30 Mar 2018 13:22:49 +1300
Message-ID: <CAMfSVWBjuKaKvHtbpoAzZpyQjf88bge95Hp0mHMd_Y90H7DxLQ@mail.gmail.com>
Subject: Re: Regression in 4.16-rc7 - ipsec vpn broken
To:     Steffen Klassert <steffen.klassert@secunet.com>
Cc:     Herbert Xu <herbert@gondor.apana.org.au>, ben@decadent.org.uk,
        linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Thanks, that patch has solved issue.


On Thu, Mar 29, 2018 at 7:51 PM, Steffen Klassert
<steffen.klassert@secunet.com> wrote:
> Please always make sure to Cc netdev@vger.kernel.org
> on networking problems.
>
> On Wed, Mar 28, 2018 at 10:21:32PM +0000, Derek Robson wrote:
>> The ipsec VPN is broken in 4.16-rc7 and seem to have been broken in all of
>> 4.15
>>
>> connecting from an iphone seems to give a timeout.
>>
>>
>> A bisect brings me to this commit as the one that is the issue.
>>
>> commit: acf568ee859f098279eadf551612f103afdacb4e  (xfrm: Reinject
>> transport-mode packets through tasklet)
>
> I have a fix queued for this commit in the ipsec tree.
>
> Can you please try if the patch below fixes your problems?
>
> Thanks!
>
> Subject: [PATCH] xfrm: Fix transport mode skb control buffer usage.
>
> A recent commit introduced a new struct xfrm_trans_cb
> that is used with the sk_buff control buffer. Unfortunately
> it placed the structure in front of the control buffer and
> overlooked that the IPv4/IPv6 control buffer is still needed
> for some layer 4 protocols. As a result the IPv4/IPv6 control
> buffer is overwritten with this structure. Fix this by setting
> a apropriate header in front of the structure.
>
> Fixes acf568ee859f ("xfrm: Reinject transport-mode packets ...")
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> ---
>  net/xfrm/xfrm_input.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
> index 1472c0857975..81788105c164 100644
> --- a/net/xfrm/xfrm_input.c
> +++ b/net/xfrm/xfrm_input.c
> @@ -26,6 +26,12 @@ struct xfrm_trans_tasklet {
>  };
>
>  struct xfrm_trans_cb {
> +       union {
> +               struct inet_skb_parm    h4;
> +#if IS_ENABLED(CONFIG_IPV6)
> +               struct inet6_skb_parm   h6;
> +#endif
> +       } header;
>         int (*finish)(struct net *net, struct sock *sk, struct sk_buff *skb);
>  };
>
> --
> 2.14.1
>