** Also affects: linux (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Hirsute)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Bionic)
Status: New => In Progress
** Changed in: linux (Ubuntu Focal)
Status: New => In Progress
** Changed in: linux (Ubuntu Hirsute)
Status: New => In Progress
** Changed in: linux (Ubuntu Impish)
Status: New => In Progress
** Changed in: linux (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Hirsute)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Impish)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Nicolas Dichtel (nicolas-dichtel)
** Changed in: linux (Ubuntu Focal)
Assignee: (unassigned) => Nicolas Dichtel (nicolas-dichtel)
** Changed in: linux (Ubuntu Hirsute)
Assignee: (unassigned) => Nicolas Dichtel (nicolas-dichtel)
** Changed in: linux (Ubuntu Impish)
Assignee: (unassigned) => Nicolas Dichtel (nicolas-dichtel)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark within the same name space
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
In Progress
Status in linux source package in Focal:
In Progress
Status in linux source package in Hirsute:
In Progress
Status in linux source package in Impish:
In Progress
Bug description:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can easily reset the mark, but it cannot
preserve it.
This kind of patch was already done in the past, see commit
963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
the same name space").
This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
not scrub skb mark within the same name space").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a
[Test Case]
Mark a packet in the POSTROUTING hook, redirect it to another
interface and display it with a netfilter log rule to check the mark.
[Regression Potential]
A user could expect that the mark is reset after a call to
bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
program himself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
