linux 4.15 currupts ipsec packets over non ethernet devices

Bug #1771276 reported by msaxl on 2018-05-15
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Medium
Unassigned
Bionic
Medium
Unassigned

Bug Description

Linux 4.15 has a bug that currupts ipsec packets if they are received over a non ethernet interface.
This is a serve showstopper bug for me since it breaks my VPN setup and locks me out of my server.

see https://wiki.strongswan.org/issues/2571 and https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=87cdf3148b11

since 4.15 is already EOL, the only possibility is backporting the linked patch

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1771276

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
msaxl (saxl) wrote :

There is no crash. All needed information is on https://wiki.strongswan.org/issues/2571 #6
The reason is explained https://wiki.strongswan.org/issues/2571 #17, so the issue is already resolved in 4.16, but since 4.15 is EOL and 4.14 did non have this issue and Ubuntu 18.04 is a LTS release you might consider applying https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=87cdf3148b11

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.17 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.17-rc5

Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → Medium
Changed in linux (Ubuntu):
status: Confirmed → Triaged
tags: added: kernel-da-key
tags: added: bionic
msaxl (saxl) wrote :

upstream works

it was included upstream here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=87cdf3148b11d46382dbce2754ae7036aba96380

somehow they did non backport it to 4.15 (the only version that is affected)

tags: added: kernel-fixed-upstream
msaxl (saxl) on 2018-05-17
Changed in linux (Ubuntu Bionic):
status: Triaged → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers