From: arno@natisbad.org (Arnaud Ebalard)
To: David Miller <davem@davemloft.net>
Cc: "YOSHIFUJI Hideaki / 吉藤英明" <yoshfuji@linux-ipv6.org>,
"Jiri Olsa" <jolsa@redhat.com>,
"Scott Otto" <scott.otto@alcatel-lucent.com>,
netdev@vger.kernel.org
Subject: [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0
Date: Wed, 26 May 2010 19:01:55 +0200 [thread overview]
Message-ID: <87zkzmppfg.fsf@small.ssi.corp> (raw)
Hi,
I just updated my laptop's kernel to 2.6.34 (previously running .33 and
configured to act as an IPsec/IKE-protected MIPv6 Mobile Node using
racoon and umip): after rebooting on the new kernel, the transport mode
SA protecting MIPv6 signaling traffic are missing.
I bisected the issue down to f4f914b58019f0e50d521bbbadfaee260d766f95
(net: ipv6 bind to device issue) which was added after 2.6.34-rc5:
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index c2438e8..05ebd78 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -815,7 +815,7 @@ struct dst_entry * ip6_route_output(struct net *net, struct sock *sk,
{
int flags = 0;
- if (rt6_need_strict(&fl->fl6_dst))
+ if (fl->oif || rt6_need_strict(&fl->fl6_dst))
flags |= RT6_LOOKUP_F_IFACE;
if (!ipv6_addr_any(&fl->fl6_src))
Reverting the patch on a 2.6.34 gives me a working kernel.
With MIPv6, the Home Address is bound to a tunnel interface but the
routing/XFRM code will not always send packet via this virtual device
(in fact, I would say never when IPsec is used for protecting signaling
and data traffic):
- Signaling traffic will be sent using a Care-of Address from another
interface (with the addition of a Home Address Option in a
Destination Option Header)
- Data traffic (when protected by tunnel mode IPsec) will also be sent
via another interface.
I *suspect* that previous commit somehow changes the lose coupling
between the address and the device to enforce a strict routing via
associated interface.
I will try and take a look at the code tomorrow to understand what
really happens but if someone has ideas, I am interested.
Cheers,
a+
ps: I use the same working setup for all kernels since 2.6.28
next reply other threads:[~2010-05-26 17:20 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-26 17:01 Arnaud Ebalard [this message]
2010-05-27 0:48 ` [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0 Brian Haley
2010-05-27 15:14 ` Arnaud Ebalard
2010-05-27 19:39 ` Brian Haley
2010-05-27 21:01 ` Arnaud Ebalard
2010-05-28 18:40 ` YOSHIFUJI Hideaki
2010-05-28 21:15 ` Arnaud Ebalard
2010-05-27 21:31 ` Scott C Otto
2010-05-28 8:51 ` Arnaud Ebalard
2010-05-28 17:59 ` Brian Haley
2010-05-28 18:17 ` [PATCH] IPv6: fix Mobile IPv6 regression Brian Haley
2010-05-29 6:03 ` David Miller
2010-05-31 8:46 ` Jiri Olsa
2010-05-31 12:49 ` Jiri Olsa
2010-05-27 17:39 ` [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0 YOSHIFUJI Hideaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zkzmppfg.fsf@small.ssi.corp \
--to=arno@natisbad.org \
--cc=davem@davemloft.net \
--cc=jolsa@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=scott.otto@alcatel-lucent.com \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.