Bug#652503: linux-image-2.6.32-5-kirkwood: L2TP tunnel fails when IPSEC SA rekeys (while using the pppol2tp kernel driver)
On Sat, 2011-12-17 at 22:02 +0100, Frank L wrote:
> Package: linux-2.6
> Version: 2.6.32-38
> Severity: important
> Tags: patch
> When using a L2TP/IPSEC VPN, taking advantage of the pppol2tp kernel driver (e.g. using openl2tp), the l2tp tunnel fails when the IPSEC SA is rekeyed.
> This is fixed by a commit to kernel 3.2-rc5 (see https://github.com/torvalds/linux/commit/71b1391a41289735676be02e35239e5aa9fe6ba6 )
> I've included a version of this patch for kernel 2.6.32-38 (current Squeeze kernel) as attachment to this bugreport. This attached patch has been verified by me to be fixing the issue in Debian Squeeze.
> --- a/drivers/net/pppol2tp.c 2009-12-03 04:51:21.000000000 +0100
> +++ b/drivers/net/pppol2tp.c 2011-12-16 14:02:15.000000000 +0100
> @@ -1172,7 +1172,7 @@
> /* Get routing info from the tunnel socket */
> - skb_dst_set(skb, dst_clone(__sk_dst_get(sk_tun)));
> + skb_dst_set(skb, dst_clone(__sk_dst_check(sk_tun, 0)));
> pppol2tp_skb_set_owner_w(skb, sk_tun);
> /* Calculate UDP checksum if configured to do so */
This seems reasonable. However, the code being changed in the original
commit is holding the socket lock, whereas this code in 2.6.32 is
instead holding a lock specific to the PPP channel. This may be
sufficient but I'm not sure. James, can you comment?
Beware of programmers who carry screwdrivers. - Leonard Brandwein