From: arno@natisbad•org (Arnaud Ebalard)
To: David Miller <davem@davemloft•net>
Cc: "YOSHIFUJI Hideaki / 吉藤英明" <yoshfuji@linux-ipv6•org>,
"Jiri Olsa" <jolsa@redhat•com>,
"Scott Otto" <scott.otto@alcatel-lucent•com>,
netdev@vger•kernel.org
Subject: [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0
Date: Wed, 26 May 2010 19:01:55 +0200 [thread overview]
Message-ID: <87zkzmppfg.fsf@small.ssi.corp> (raw)
Hi,
I just updated my laptop's kernel to 2.6.34 (previously running .33 and
configured to act as an IPsec/IKE-protected MIPv6 Mobile Node using
racoon and umip): after rebooting on the new kernel, the transport mode
SA protecting MIPv6 signaling traffic are missing.
I bisected the issue down to f4f914b58019f0e50d521bbbadfaee260d766f95
(net: ipv6 bind to device issue) which was added after 2.6.34-rc5:
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index c2438e8..05ebd78 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -815,7 +815,7 @@ struct dst_entry * ip6_route_output(struct net *net, struct sock *sk,
{
int flags = 0;
- if (rt6_need_strict(&fl->fl6_dst))
+ if (fl->oif || rt6_need_strict(&fl->fl6_dst))
flags |= RT6_LOOKUP_F_IFACE;
if (!ipv6_addr_any(&fl->fl6_src))
Reverting the patch on a 2.6.34 gives me a working kernel.
With MIPv6, the Home Address is bound to a tunnel interface but the
routing/XFRM code will not always send packet via this virtual device
(in fact, I would say never when IPsec is used for protecting signaling
and data traffic):
- Signaling traffic will be sent using a Care-of Address from another
interface (with the addition of a Home Address Option in a
Destination Option Header)
- Data traffic (when protected by tunnel mode IPsec) will also be sent
via another interface.
I *suspect* that previous commit somehow changes the lose coupling
between the address and the device to enforce a strict routing via
associated interface.
I will try and take a look at the code tomorrow to understand what
really happens but if someone has ideas, I am interested.
Cheers,
a+
ps: I use the same working setup for all kernels since 2.6.28
next reply other threads:[~2010-05-26 17:20 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-26 17:01 Arnaud Ebalard [this message]
2010-05-27 0:48 ` [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0 Brian Haley
2010-05-27 15:14 ` Arnaud Ebalard
2010-05-27 19:39 ` Brian Haley
2010-05-27 21:01 ` Arnaud Ebalard
2010-05-28 18:40 ` YOSHIFUJI Hideaki
2010-05-28 21:15 ` Arnaud Ebalard
2010-05-27 21:31 ` Scott C Otto
2010-05-28 8:51 ` Arnaud Ebalard
2010-05-28 17:59 ` Brian Haley
2010-05-28 18:17 ` [PATCH] IPv6: fix Mobile IPv6 regression Brian Haley
2010-05-29 6:03 ` David Miller
2010-05-31 8:46 ` Jiri Olsa
2010-05-31 12:49 ` Jiri Olsa
2010-05-27 17:39 ` [REGRESSION,BISECTED] MIPv6 support broken by f4f914b58019f0 YOSHIFUJI Hideaki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zkzmppfg.fsf@small.ssi.corp \
--to=arno@natisbad$(echo .)org \
--cc=davem@davemloft$(echo .)net \
--cc=jolsa@redhat$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=scott.otto@alcatel-lucent$(echo .)com \
--cc=yoshfuji@linux-ipv6$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox