Linode Forum
https://forum.linode.com/

ipsec drops packets with size > ~300 on lucid with 2.6.35
https://forum.linode.com/viewtopic.php?f=19&t=6806
Page 1 of 1

Author:  rhuddusa [ Thu Mar 10, 2011 7:26 pm ]
Post subject:  ipsec drops packets with size > ~300 on lucid with 2.6.35

running 64bit ubuntu lucid on pvgrub, using racoon and ipsec-tools.

upgraded from standard 2.6.32 kernel to
linux-headers-virtual-lts-backport-maverick (2.6.35).

under 2.6.35, ipsec fails to process any packets with size > ~300 bytes. this was tested for pings, udp, and tcp traffic. also tested were different encryption / authentication schemes, including null schemes.

ifconfig doesn't show any errors, and tcpdump shows esp/ah packets arriving at eth0, but disappearing after that. i was unable to find any logs or stats to indicated where the packets were going.

it was only receiving packets that dissapeared. i was able to send esp/ah packets as normal bytes.

i ended up reverting back to 2.6.32 after trying for several days to diagnose the problem. everything is working again under 2.6.32.

any thoughts? ... kernel bug?

Author:  hoopycat [ Thu Mar 10, 2011 10:15 pm ]
Post subject: 

Hmm, interesting kernel choice.

I don't see any relevant bugs specific to that package, nor did a quick search through the big Ubuntu kernel bug list find anything. Those would be the first two places I'd check, after testing to see whether you can reproduce it on a native maverick system.

Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/