Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 20:46 +0100, Yves-Alexis Perez wrote: > Maybe. I tried with removing the MTU setting, and I get (on ping again) > > févr. 07 20:44:01 scapa kernel: mtu: 1266 > > which means I would get -EINVAL on standards kernels, which is not really good > either. Actually after

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 20:46 +0100, Yves-Alexis Perez wrote: > Maybe. I tried with removing the MTU setting, and I get (on ping again) > > févr. 07 20:44:01 scapa kernel: mtu: 1266 > > which means I would get -EINVAL on standards kernels, which is not really good > either. Actually after

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 13:50 -0500, Mike Maloney wrote: > On Wed, Feb 7, 2018 at 12:23 PM, Yves-Alexis Perez > > Hi Yves-Alexis - > > I apologize for the problem. It seems to me that tunneling with an > outer MTU that causes the inner MTU to be smaller than the min, is >

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 13:50 -0500, Mike Maloney wrote: > On Wed, Feb 7, 2018 at 12:23 PM, Yves-Alexis Perez > > Hi Yves-Alexis - > > I apologize for the problem. It seems to me that tunneling with an > outer MTU that causes the inner MTU to be smaller than the min, is > potentially problematic

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, Feb 7, 2018 at 12:23 PM, Yves-Alexis Perez wrote: > On Wed, 2018-02-07 at 18:05 +0100, Yves-Alexis Perez wrote: >> I'll try to printk the mtu before returning EINVAL to see why it's lower than >> 1280, but maybe the IP encapsulation is not correctly handled? > > I did:

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, Feb 7, 2018 at 12:23 PM, Yves-Alexis Perez wrote: > On Wed, 2018-02-07 at 18:05 +0100, Yves-Alexis Perez wrote: >> I'll try to printk the mtu before returning EINVAL to see why it's lower than >> 1280, but maybe the IP encapsulation is not correctly handled? > > I did: > > diff --git

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 18:05 +0100, Yves-Alexis Perez wrote: > I'll try to printk the mtu before returning EINVAL to see why it's lower than > 1280, but maybe the IP encapsulation is not correctly handled? I did: diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 18:05 +0100, Yves-Alexis Perez wrote: > I'll try to printk the mtu before returning EINVAL to see why it's lower than > 1280, but maybe the IP encapsulation is not correctly handled? I did: diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 17:38 +0100, Yves-Alexis Perez wrote: > Starting with 4.14.16, IPv6 traffic is broken. When trying a simple ping > to an IPv6 address I get: > > ping: sendmsg: Invalid argument I forgot an important bit of information: due to the way routers usually broke path MTU discovery

Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

On Wed, 2018-02-07 at 17:38 +0100, Yves-Alexis Perez wrote: > Starting with 4.14.16, IPv6 traffic is broken. When trying a simple ping > to an IPv6 address I get: > > ping: sendmsg: Invalid argument I forgot an important bit of information: due to the way routers usually broke path MTU discovery

Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

Hi Mike, I noticed a regression in 4.14.16 stable kernel (I assume it's also present in mainline). I'm using an IPsec setup where I tunnel all my IP trafic to a gateway. The tunnel can use either IPv6 or IPv4 (depending on what's available locally) and will route both IPv4 and IPv6 (my gateway

Regression for ip6-in-ip4 IPsec tunnel in 4.14.16

Hi Mike, I noticed a regression in 4.14.16 stable kernel (I assume it's also present in mainline). I'm using an IPsec setup where I tunnel all my IP trafic to a gateway. The tunnel can use either IPv6 or IPv4 (depending on what's available locally) and will route both IPv4 and IPv6 (my gateway