Bug 90901 - No traffic when connected to SSL vpn (bisected)
Summary: No traffic when connected to SSL vpn (bisected)
Status: RESOLVED PATCH_ALREADY_AVAILABLE
Alias: None
Product: Networking
Classification: Unclassified
Component: Other (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: Stephen Hemminger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-07 17:56 UTC by William Shuman
Modified: 2015-05-19 22:00 UTC (History)
3 users (show)

See Also:
Kernel Version: 3.19rc1 - 3.19rc5
Subsystem:
Regression: No
Bisected commit-id:


Attachments

Description William Shuman 2015-01-07 17:56:37 UTC
When I connect to our Juniper SSL vpn, I can not do anything.  Let me know if you need anymore information.

e0b46d0ee9c240c7430a47e9b0365674d4a04522 is the first bad commit
commit e0b46d0ee9c240c7430a47e9b0365674d4a04522
Author: Herbert Xu <herbert@gondor.apana.org.au>
Date:   Fri Nov 7 21:22:23 2014 +0800

    tun: Use iovec iterators
    
    This patch removes the use of skb_copy_datagram_const_iovec in
    favour of the iovec iterator-based skb_copy_datagram_iter.
Comment 1 William Shuman 2015-01-21 18:43:17 UTC
I tried at suggested changeset (8c847d254146d32c86574a1b16923ff91bb784dd) but I was still getting no traffic through vpn.

http://marc.info/?l=linux-netdev&m=142075067324049&w=2
Comment 2 William Shuman 2015-01-22 14:13:57 UTC
the following patch from net-next resolved the issue for me.

From 957f094f221f81e457133b1f4c4d95ffa49ff731 Mon Sep 17 00:00:00 2001
From: Alex Gartrell <agartrell@fb.com>
Date: Thu, 25 Dec 2014 23:22:49 -0800
Subject: tun: return proper error code from tun_do_read

Instead of -1 with EAGAIN, read on a O_NONBLOCK tun fd will return 0.  This
fixes this by properly returning the error code from __skb_recv_datagram.

Signed-off-by: Alex Gartrell <agartrell@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index df5e948..c0df872 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -1380,7 +1380,7 @@ static ssize_t tun_do_read(struct tun_struct *tun, struct tun_file *tfile,
 	skb = __skb_recv_datagram(tfile->socket.sk, noblock ? MSG_DONTWAIT : 0,
 				  &peeked, &off, &err);
 	if (!skb)
-		return 0;
+		return err;
 
 	ret = tun_put_user(tun, tfile, skb, to);
 	if (unlikely(ret < 0))
--
Comment 3 ngamradt 2015-05-19 22:00:39 UTC
I just wanted to note that I was having the same problem in Ubuntu 15.04.  I upgraded to the (currently) proposed 3.19.0-17-generic kernel and the Juniper SSL client is now working as expected.

Note You need to log in before you can comment on or make changes to this bug.