Fixed by linux 6.5.0-27.28
** Changed in: linux (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2048942
Title:
Openvswitch matching broken for nat packets in the related state
Status in linux package in Ubuntu:
Fix Released
Bug description:
Linux kernel commit ebddb1404900 ("net: move the nat function to
nf_nat_ovs for ovs and tc") introduced a regression into the kernel
openvswitch datapath which prevented the match key from being updated
when nat was undone for packets in the related conntrack state. This
issue caused these packets (usually ICMP/ICMPv6 error packets) to
match the wrong openflow rule when processed by openvswitch.
This commit is present in Ubuntu kernel versions v6.2 and v6.5.
This issue was fixed in upstream linux kernel commit e6345d2824a3 ("netfilter:
nf_nat: fix action not being set for all ct states"). Which is included
in upstream linux kernel versions v6.7 and v6.6.11. This commit can be found
in the kernel stable tree:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e6345d2824a3f58aab82428d11645e0da861ac13
Discussion for this patch can be found on this netdev mailing list
thread:
https://lore.kernel.org/netdev/[email protected]/T/
Test cases to reproduce the bug with both the openvswitch test suite
and linux kernel self-tests can be found on the ovs-dev mailing list:
https://mail.openvswitch.org/pipermail/ovs-
dev/2024-January/410476.html
Can commit e6345d2824a3 be considered for SRU in jammy-hwe, lunar and
mantic?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2048942/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
