Thanks, that patch has solved issue.
On Thu, Mar 29, 2018 at 7:51 PM, Steffen Klassert
<steffen.klass...@secunet.com> wrote:
> Please always make sure to Cc net...@vger.kernel.org
> on networking problems.
>
> On Wed, Mar 28, 2018 at 10:21:32PM +0000, Derek Robson wrote:
>> The ipsec VPN is broken in 4.16-rc7 and seem to have been broken in all of
>> 4.15
>>
>> connecting from an iphone seems to give a timeout.
>>
>>
>> A bisect brings me to this commit as the one that is the issue.
>>
>> commit: acf568ee859f098279eadf551612f103afdacb4e (xfrm: Reinject
>> transport-mode packets through tasklet)
>
> I have a fix queued for this commit in the ipsec tree.
>
> Can you please try if the patch below fixes your problems?
>
> Thanks!
>
> Subject: [PATCH] xfrm: Fix transport mode skb control buffer usage.
>
> A recent commit introduced a new struct xfrm_trans_cb
> that is used with the sk_buff control buffer. Unfortunately
> it placed the structure in front of the control buffer and
> overlooked that the IPv4/IPv6 control buffer is still needed
> for some layer 4 protocols. As a result the IPv4/IPv6 control
> buffer is overwritten with this structure. Fix this by setting
> a apropriate header in front of the structure.
>
> Fixes acf568ee859f ("xfrm: Reinject transport-mode packets ...")
> Signed-off-by: Steffen Klassert <steffen.klass...@secunet.com>
> ---
> net/xfrm/xfrm_input.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
> index 1472c0857975..81788105c164 100644
> --- a/net/xfrm/xfrm_input.c
> +++ b/net/xfrm/xfrm_input.c
> @@ -26,6 +26,12 @@ struct xfrm_trans_tasklet {
> };
>
> struct xfrm_trans_cb {
> + union {
> + struct inet_skb_parm h4;
> +#if IS_ENABLED(CONFIG_IPV6)
> + struct inet6_skb_parm h6;
> +#endif
> + } header;
> int (*finish)(struct net *net, struct sock *sk, struct sk_buff *skb);
> };
>
> --
> 2.14.1
>
