[Kernel-packages] [Bug 2024187] Re: xfrm: packets sent trough a raw socket don't match ipsec policies with proto selector
For the record, the patch has been backported in Lunar/Jammy/Focal:
https://lists.ubuntu.com/archives/kernel-team/2023-August/141562.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2024187
Title:
xfrm: packets sent trough a raw socket don't match ipsec policies with
proto selector
Status in linux package in Ubuntu:
Expired
Bug description:
[Impact]
When a userland application sends packets through an IPv4 or IPv6 raw
socket, these packets don't match ipsec policies that are configured
with a protocol selector.
The problem has been fixed in linux v6.4 with commit 3632679d9e4f
("ipv{4,6}/raw: fix output xfrm lookup wrt protocol").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3632679d9e4f
This commit has been backported in linux 5.15.115:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=395d846c61c5
[Test Case]
Configure an ipsec policy with a protocol selector and send ip packets
that match this policy through an IP raw socket.
Example to match the proto icmp:
ip xfrm policy add src 10.100.0.0/24 dst 10.200.0.0/24 proto icmp dir out
tmpl src 10.125.0.1 dst 10.125.0.2 proto esp mode tunnel reqid 1
[Regression Potential]
The patch introduces a new API to fix this problem, thus the
regression potential is low for existing applications.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2024187/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2024187] Re: xfrm: packets sent trough a raw socket don't match ipsec policies with proto selector
Any news?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2024187
Title:
xfrm: packets sent trough a raw socket don't match ipsec policies with
proto selector
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
When a userland application sends packets through an IPv4 or IPv6 raw
socket, these packets don't match ipsec policies that are configured
with a protocol selector.
The problem has been fixed in linux v6.4 with commit 3632679d9e4f
("ipv{4,6}/raw: fix output xfrm lookup wrt protocol").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3632679d9e4f
This commit has been backported in linux 5.15.115:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=395d846c61c5
[Test Case]
Configure an ipsec policy with a protocol selector and send ip packets
that match this policy through an IP raw socket.
Example to match the proto icmp:
ip xfrm policy add src 10.100.0.0/24 dst 10.200.0.0/24 proto icmp dir out
tmpl src 10.125.0.1 dst 10.125.0.2 proto esp mode tunnel reqid 1
[Regression Potential]
The patch introduces a new API to fix this problem, thus the
regression potential is low for existing applications.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2024187/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2016269] Re: conntrack mark is not advertised via netlink
Tests with linux-image-unsigned-5.15.0-1033-intel-iotg are ok.
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Released
Status in linux source package in Kinetic:
Fix Released
Bug description:
SRU justification sent to ML:
[Impact]
There was a commit 95fcb42e5f20
("netfilter: ctnetlink: fix compilation warning after data race fixes in ct
mark")
that introduces a regression where the "mark" variable is no longer
dumped in netlink netfilter conntrack messages, which userspace tools use
to mark and track connections.
[Fix]
Introduce the upstream fix 9f7dd42f0db1
("netfilter: ctnetlink: revert to dumping mark regardless of event type")
that always dumps the 'mark' variable for conntrack entries.
This fix has also landed in 5.15 upstream stable.
[Test]
Run 'conntrack -E' and check the output of connection entries.
The 'mark' variable should now be present in connection entries after
the fix.
before fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
after fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
[Where problems could occur]
The fixes are pretty straight forward so regression potential should be
minimal.
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2024187] [NEW] xfrm: packets sent trough a raw socket don't match ipsec policies with proto selector
Public bug reported:
[Impact]
When a userland application sends packets through an IPv4 or IPv6 raw
socket, these packets don't match ipsec policies that are configured
with a protocol selector.
The problem has been fixed in linux v6.4 with commit 3632679d9e4f
("ipv{4,6}/raw: fix output xfrm lookup wrt protocol").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3632679d9e4f
This commit has been backported in linux 5.15.115:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=395d846c61c5
[Test Case]
Configure an ipsec policy with a protocol selector and send ip packets
that match this policy through an IP raw socket.
Example to match the proto icmp:
ip xfrm policy add src 10.100.0.0/24 dst 10.200.0.0/24 proto icmp dir out tmpl
src 10.125.0.1 dst 10.125.0.2 proto esp mode tunnel reqid 1
[Regression Potential]
The patch introduces a new API to fix this problem, thus the regression
potential is low for existing applications.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2024187
Title:
xfrm: packets sent trough a raw socket don't match ipsec policies with
proto selector
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
When a userland application sends packets through an IPv4 or IPv6 raw
socket, these packets don't match ipsec policies that are configured
with a protocol selector.
The problem has been fixed in linux v6.4 with commit 3632679d9e4f
("ipv{4,6}/raw: fix output xfrm lookup wrt protocol").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3632679d9e4f
This commit has been backported in linux 5.15.115:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=395d846c61c5
[Test Case]
Configure an ipsec policy with a protocol selector and send ip packets
that match this policy through an IP raw socket.
Example to match the proto icmp:
ip xfrm policy add src 10.100.0.0/24 dst 10.200.0.0/24 proto icmp dir out
tmpl src 10.125.0.1 dst 10.125.0.2 proto esp mode tunnel reqid 1
[Regression Potential]
The patch introduces a new API to fix this problem, thus the
regression potential is low for existing applications.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2024187/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2016269] Re: conntrack mark is not advertised via netlink
Test with linux-nvidia-5.19/5.19.0-1014.14 are ok.
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Committed
Status in linux source package in Kinetic:
Fix Committed
Bug description:
SRU justification sent to ML:
[Impact]
There was a commit 95fcb42e5f20
("netfilter: ctnetlink: fix compilation warning after data race fixes in ct
mark")
that introduces a regression where the "mark" variable is no longer
dumped in netlink netfilter conntrack messages, which userspace tools use
to mark and track connections.
[Fix]
Introduce the upstream fix 9f7dd42f0db1
("netfilter: ctnetlink: revert to dumping mark regardless of event type")
that always dumps the 'mark' variable for conntrack entries.
This fix has also landed in 5.15 upstream stable.
[Test]
Run 'conntrack -E' and check the output of connection entries.
The 'mark' variable should now be present in connection entries after
the fix.
before fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
after fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
[Where problems could occur]
The fixes are pretty straight forward so regression potential should be
minimal.
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2019543] Re: crypto / qat: unable to init GEN4 device
In fact, those patches are not enough, a lot more are needed:
- ba79a32acfde ("crypto: qat - replace deprecated MSI API")
- 0e64dcd7c94b ("crypto: qat - remove unmatched CPU affinity to cluster IRQ")
- 9832fdc917de ("crypto: qat - free irqs only if allocated")
- 70fead3adb4e ("crypto: qat - free irq in case of failure")
- 40da865381ad ("crypto: qat - remove unneeded packed attribute")
- ca605f97dae4 ("crypto: qat - power up 4xxx device")
- 9b768e8a3909 ("crypto: qat - detect PFVF collision after ACK")
- 18fcba469ba5 ("crypto: qat - disregard spurious PFVF interrupts")
- e17f49bb244a ("crypto: qat - remove unnecessary collision prevention step in
PFVF")
- 993161d36ab5 ("crypto: qat - fix handling of VF to PF interrupts")
- b79c7532dc33 ("crypto: qat - remove duplicated logic across GEN2 drivers")
- c3878a786be0 ("crypto: qat - use hweight for bit counting")
- 6e680f94bc31 ("crypto: qat - make pfvf send message direction agnostic")
- 21db65edb6a5 ("crypto: qat - move pfvf collision detection values")
- 71b5f2ab5e52 ("crypto: qat - rename pfvf collision constants")
- 7a73c4622aaa ("crypto: qat - add VF and PF wrappers to common send function")
- aa3c68634df8 ("crypto: qat - extract send and wait from
adf_vf2pf_request_version()")
- 32dfef6f92dd ("crypto: qat - share adf_enable_pf2vf_comms() from
adf_pf2vf_msg.c")
- 8f5c335e34b5 ("crypto: qat - simplify adf_enable_aer()")
- c79391c696da ("crypto: qat - do not handle PFVF sources for qat_4xxx")
- 5002200b4fed ("crypto: qat - fix undetected PFVF timeout in ACK loop")
- 95b4d40ed256 ("crypto: qat - refactor PF top half for PFVF")
- 08ea97f48883 ("crypto: qat - move vf2pf interrupt helpers")
- b7c13ee46ceb ("crypto: qat - move VF message handler to adf_vf2pf_msg.c")
- 720aa72a77f4 ("crypto: qat - move interrupt code out of the PFVF handler")
- 956125e21f46 ("crypto: qat - change PFVF ACK behaviour")
- 04cf47872c7e ("crypto: qat - re-enable interrupts for legacy PFVF messages")
- bd59b769ddac ("crypto: qat - split PFVF message decoding from handling")
- 1d6133123fb2 ("crypto: qat - handle retries due to collisions in
adf_iov_putmsg()")
- b85bd9457dc3 ("crypto: qat - relocate PFVF PF related logic")
- 7e00fb3f162c ("crypto: qat - relocate PFVF VF related logic")
- 6f2e28015bac ("crypto: qat - relocate PFVF disabled function")
- bc63dabe5254 ("crypto: qat - add pfvf_ops")
- 9baf2de7ee4e ("crypto: qat - differentiate between pf2vf and vf2pf offset")
- 49c43538ce05 ("crypto: qat - abstract PFVF send function")
- 1ea7c2beca5b ("crypto: qat - abstract PFVF receive logic")
- 09ce899a592f ("crypto: qat - reorganize PFVF code")
- f6aff914989e ("crypto: qat - reorganize PFVF protocol definitions")
- 1d4fde6c4e80 ("crypto: qat - use enums for PFVF protocol codes")
- 25110fd2e346 ("crypto: qat - pass the PF2VF responses back to the callers")
- c35c76c6919e ("crypto: qat - refactor pfvf version request messages")
- e669b4dedd89 ("crypto: qat - do not rely on min version")
- 1d9a915fafab ("crypto: qat - fix VF IDs in PFVF log messages")
- 8616b628ef69 ("crypto: qat - improve logging of PFVF messages")
- e0441e2be155 ("crypto: qat - get compression extended capabilities")
- 547bde7bd4ec ("crypto: qat - set CIPHER capability for QAT GEN2")
- cfe4894eccdc ("crypto: qat - set COMPRESSION capability for QAT GEN2")
- 4b44d28c715d ("crypto: qat - extend crypto capability detection for 4xxx")
- 03125541ca29 ("crypto: qat - support the reset of ring pairs on PF")
- 448588adcdf4 ("crypto: qat - add the adf_get_pmisc_base() helper function")
- 6ed942ed3c47 ("crypto: qat - make PFVF message construction direction
agnostic")
- 028042856802 ("crypto: qat - make PFVF send and receive direction agnostic")
- 0aeda694f187 ("crypto: qat - set PFVF_MSGORIGIN just before sending")
- db1c034801c4 ("crypto: qat - abstract PFVF messages with struct
pfvf_message")
- 952f4e812741 ("crypto: qat - leverage bitfield.h utils for PFVF messages")
- 1c94d8035905 ("crypto: qat - leverage read_poll_timeout in PFVF send")
- 6f87979129d1 ("crypto: qat - improve the ACK timings in PFVF send")
- 4d03135faa05 ("crypto: qat - store the PFVF protocol version of the
endpoints")
- 3a5b2a088328 ("crypto: qat - store the ring-to-service mapping")
- 673184a2a58f ("crypto: qat - introduce support for PFVF block messages")
- 851ed498dba1 ("crypto: qat - exchange device capabilities over PFVF")
- 73ef8f3382d1 ("crypto: qat - support fast ACKs in the PFVF protocol")
- e1b176af3d7e ("crypto: qat - exchange ring-to-service mappings over PFVF")
- 925b3069cf6e ("crypto: qat - config VFs based on ring-to-svc mapping")
- a9dc0d966605 ("crypto: qat - add PFVF support to the GEN4 host driver")
- 0bba03ce9739 ("crypto: qat - add PFVF support to enable the reset of ring
pairs")
- beb1e6d71f0e ("crypto: qat - allow detection of dc capabilities for 4xxx")
- 0cec19c761e5 ("crypto: qat - add support for compression for 4xxx")
- 4cab5dfd15b7 ("crypto: qat - fix
[Kernel-packages] [Bug 2016269] Re: conntrack mark is not advertised via netlink
Tests are ok.
** Tags removed: verification-needed-kinetic
** Tags added: verification-done-kinetic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Committed
Status in linux source package in Kinetic:
Fix Committed
Bug description:
SRU justification sent to ML:
[Impact]
There was a commit 95fcb42e5f20
("netfilter: ctnetlink: fix compilation warning after data race fixes in ct
mark")
that introduces a regression where the "mark" variable is no longer
dumped in netlink netfilter conntrack messages, which userspace tools use
to mark and track connections.
[Fix]
Introduce the upstream fix 9f7dd42f0db1
("netfilter: ctnetlink: revert to dumping mark regardless of event type")
that always dumps the 'mark' variable for conntrack entries.
This fix has also landed in 5.15 upstream stable.
[Test]
Run 'conntrack -E' and check the output of connection entries.
The 'mark' variable should now be present in connection entries after
the fix.
before fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
after fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
[Where problems could occur]
The fixes are pretty straight forward so regression potential should be
minimal.
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2016269] Re: conntrack mark is not advertised via netlink
Tests are ok.
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Committed
Status in linux source package in Kinetic:
Fix Committed
Bug description:
SRU justification sent to ML:
[Impact]
There was a commit 95fcb42e5f20
("netfilter: ctnetlink: fix compilation warning after data race fixes in ct
mark")
that introduces a regression where the "mark" variable is no longer
dumped in netlink netfilter conntrack messages, which userspace tools use
to mark and track connections.
[Fix]
Introduce the upstream fix 9f7dd42f0db1
("netfilter: ctnetlink: revert to dumping mark regardless of event type")
that always dumps the 'mark' variable for conntrack entries.
This fix has also landed in 5.15 upstream stable.
[Test]
Run 'conntrack -E' and check the output of connection entries.
The 'mark' variable should now be present in connection entries after
the fix.
before fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
after fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
[Where problems could occur]
The fixes are pretty straight forward so regression potential should be
minimal.
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2019543] [NEW] crypto / qat: unable to init GEN4 device
Public bug reported:
[Target]
Jammy kernel.
[Impact]
The PCI device cannot be initialized.
This has been fixed in linux v5.18 with the below commits:
- a9dc0d966605 ("crypto: qat - add PFVF support to the GEN4 host driver")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9dc0d966605
- 642a7d49c249 ("crypto: qat - fix access to PFVF interrupt registers for
GEN4")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=642a7d49c249
[Test Case]
Boot a machine with this device.
Before the patches, the following errors are logged:
> EAL: Probe PCI driver: qat (8086:4941) device: :00:08.0 (socket -1)
> qat_pf2vf_exch_msg(): ACK not received from remote
[Regression Potential]
The patches enable new code for this kind of device only.
It is living in linux for more than 1 years.
The potential regressions are low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2019543
Title:
crypto / qat: unable to init GEN4 device
Status in linux package in Ubuntu:
New
Bug description:
[Target]
Jammy kernel.
[Impact]
The PCI device cannot be initialized.
This has been fixed in linux v5.18 with the below commits:
- a9dc0d966605 ("crypto: qat - add PFVF support to the GEN4 host driver")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a9dc0d966605
- 642a7d49c249 ("crypto: qat - fix access to PFVF interrupt registers for
GEN4")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=642a7d49c249
[Test Case]
Boot a machine with this device.
Before the patches, the following errors are logged:
> EAL: Probe PCI driver: qat (8086:4941) device: :00:08.0 (socket -1)
> qat_pf2vf_exch_msg(): ACK not received from remote
[Regression Potential]
The patches enable new code for this kind of device only.
It is living in linux for more than 1 years.
The potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2019543/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2016269] Re: conntrack mark is not advertised via netlink
** Description changed:
[Impact]
- after the last merge of the v5.15 stable (see
+ The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 2016269] [NEW] conntrack mark is not advertised via netlink
Public bug reported:
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix compilation
warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter: ctnetlink:
revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
> src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
> src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988809] Re: ip/nexthop: fix default address selection for connected nexthop
I cannot test this kernel.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988809
Title:
ip/nexthop: fix default address selection for connected nexthop
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Focal:
Fix Released
Status in linux source package in Jammy:
Fix Released
Bug description:
[Impact]
Packets sent by userland apps are rejected/dropped if the source
address is not specified and the corresponding route is using a
connected nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following
upstream commits:
- 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=747c14307214
- cd72e61bad14 ("selftests/net: test nexthop without gw")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd72e61bad14
- eb55dc09b5dd ("ip: fix triggering of 'icmp redirect'")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb55dc09b5dd
The last commit (v6.0) fixes a regression introduced by the first
commit.
[Test Case]
A detailed test case is explained in the first commit and a self-test
is added in the second commit.
[Regression Potential]
The patch modifies some internal routing states. It has been living in the
upstream trees for 2 months and the reported regression about icmp redirects
has been fixed.
The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988809/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988584] Re: cgroup: all controllers mounted when using 'cgroup_no_v1='
** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1988584 Title: cgroup: all controllers mounted when using 'cgroup_no_v1=' Status in linux package in Ubuntu: Fix Released Status in linux source package in Focal: Fix Committed Bug description: [Impact] When mounting a cgroup hierarchy with disabled controller in cgroup v1, all available controllers will be attached. For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all enabled controllers will be attached except cpu. This exists since linux v5.1 and fixed in linux v5.11 with this commit: 61e960b07b63 cgroup-v1: add disabled controller check in cgroup1_parse_param() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61e960b07b637 [Test Case] root@dut-vm:~# kexec -l /boot/vmlinuz-5.4.0-122-generic --initrd=/boot/initrd.img-5.4.0-122-generic --command-line="$(cat /proc/cmdline) cgroup_no_v1=net_prio,net_cls" root@dut-vm:~# systemctl kexec root@dut-vm:~# mount | grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,perf_event,hugetlb,pids,rdma) => All controllers are associated to /sys/fs/cgroup/net_cls,net_prio. Note that several reboots may be needed to reproduce the problem (it fails only when systemd tries to mount 'net_cls,net_prio' first, but the order is random). [Regression Potential] The patch is located in cgroup1_parse_param(), the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988584/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988809] Re: ip/nexthop: fix default address selection for connected nexthop
Before the update:
++
root@ubuntu2004:~/linux# uname -a
Linux ubuntu2004 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022
x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~/linux# tools/testing/selftests/net/fib_nexthop_nongw.sh
TEST: nexthop: get route with nexthop without gw[FAIL]
TEST: nexthop: ping through nexthop without gw [FAIL]
With the new focal kernel:
++
root@ubuntu2004:~/linux# uname -a
Linux ubuntu2004 5.4.0-128-generic #144-Ubuntu SMP Tue Sep 20 11:00:04 UTC 2022
x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~/linux# tools/testing/selftests/net/fib_nexthop_nongw.sh
TEST: nexthop: get route with nexthop without gw[ OK ]
TEST: nexthop: ping through nexthop without gw [ OK ]
With the new jammy kernel:
++
root@ubuntu2004:~/linux# uname -a
Linux ubuntu2004 5.15.0-50-generic #56-Ubuntu SMP Tue Sep 20 13:23:26 UTC 2022
x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~/linux# tools/testing/selftests/net/fib_nexthop_nongw.sh
TEST: nexthop: get route with nexthop without gw[ OK ]
TEST: nexthop: ping through nexthop without gw [ OK ]
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988809
Title:
ip/nexthop: fix default address selection for connected nexthop
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Jammy:
Fix Committed
Bug description:
[Impact]
Packets sent by userland apps are rejected/dropped if the source
address is not specified and the corresponding route is using a
connected nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following
upstream commits:
- 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=747c14307214
- cd72e61bad14 ("selftests/net: test nexthop without gw")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd72e61bad14
- eb55dc09b5dd ("ip: fix triggering of 'icmp redirect'")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb55dc09b5dd
The last commit (v6.0) fixes a regression introduced by the first
commit.
[Test Case]
A detailed test case is explained in the first commit and a self-test
is added in the second commit.
[Regression Potential]
The patch modifies some internal routing states. It has been living in the
upstream trees for 2 months and the reported regression about icmp redirects
has been fixed.
The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988809/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988809] Re: ip/nexthop: fix default address selection for connected nexthop
** Tags added: verification-done-focal verification-done-jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988809
Title:
ip/nexthop: fix default address selection for connected nexthop
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Jammy:
Fix Committed
Bug description:
[Impact]
Packets sent by userland apps are rejected/dropped if the source
address is not specified and the corresponding route is using a
connected nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following
upstream commits:
- 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=747c14307214
- cd72e61bad14 ("selftests/net: test nexthop without gw")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd72e61bad14
- eb55dc09b5dd ("ip: fix triggering of 'icmp redirect'")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb55dc09b5dd
The last commit (v6.0) fixes a regression introduced by the first
commit.
[Test Case]
A detailed test case is explained in the first commit and a self-test
is added in the second commit.
[Regression Potential]
The patch modifies some internal routing states. It has been living in the
upstream trees for 2 months and the reported regression about icmp redirects
has been fixed.
The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988809/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988809] [NEW] ip/nexthop: fix default address selection for connected nexthop
Public bug reported:
[Impact]
Packets sent by userland apps are rejected/dropped if the source address
is not specified and the corresponding route is using a connected
nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following
upstream commits:
- 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=747c14307214
- cd72e61bad14 ("selftests/net: test nexthop without gw")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd72e61bad14
- eb55dc09b5dd ("ip: fix triggering of 'icmp redirect'")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb55dc09b5dd
The last commit (v6.0) fixes a regression introduced by the first
commit.
[Test Case]
A detailed test case is explained in the first commit and a self-test is
added in the second commit.
[Regression Potential]
The patch modifies some internal routing states. It has been living in the
upstream trees for 2 months and the reported regression about icmp redirects
has been fixed.
The risk of regression should be contained.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988809
Title:
ip/nexthop: fix default address selection for connected nexthop
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
Packets sent by userland apps are rejected/dropped if the source
address is not specified and the corresponding route is using a
connected nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following
upstream commits:
- 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=747c14307214
- cd72e61bad14 ("selftests/net: test nexthop without gw")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cd72e61bad14
- eb55dc09b5dd ("ip: fix triggering of 'icmp redirect'")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb55dc09b5dd
The last commit (v6.0) fixes a regression introduced by the first
commit.
[Test Case]
A detailed test case is explained in the first commit and a self-test
is added in the second commit.
[Regression Potential]
The patch modifies some internal routing states. It has been living in the
upstream trees for 2 months and the reported regression about icmp redirects
has been fixed.
The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988809/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988584] Re: cgroup: all controllers mounted when using 'cgroup_no_v1='
** Summary changed: - cgroup: all controller mounted when using 'cgroup_no_v1=' + cgroup: all controllers mounted when using 'cgroup_no_v1=' -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1988584 Title: cgroup: all controllers mounted when using 'cgroup_no_v1=' Status in linux package in Ubuntu: Incomplete Bug description: [Impact] When mounting a cgroup hierarchy with disabled controller in cgroup v1, all available controllers will be attached. For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all enabled controllers will be attached except cpu. This exists since linux v5.1 and fixed in linux v5.11 with this commit: 61e960b07b63 cgroup-v1: add disabled controller check in cgroup1_parse_param() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61e960b07b637 [Test Case] root@dut-vm:~# kexec -l /boot/vmlinuz-5.4.0-122-generic --initrd=/boot/initrd.img-5.4.0-122-generic --command-line="$(cat /proc/cmdline) cgroup_no_v1=net_prio,net_cls" root@dut-vm:~# systemctl kexec root@dut-vm:~# mount | grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,perf_event,hugetlb,pids,rdma) => All controllers are associated to /sys/fs/cgroup/net_cls,net_prio. Note that several reboots may be needed to reproduce the problem (it fails only when systemd tries to mount 'net_cls,net_prio' first, but the order is random). [Regression Potential] The patch is located in cgroup1_parse_param(), the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988584/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1988584] [NEW] cgroup: all controller mounted when using 'cgroup_no_v1='
Public bug reported: [Impact] When mounting a cgroup hierarchy with disabled controller in cgroup v1, all available controllers will be attached. For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all enabled controllers will be attached except cpu. This exists since linux v5.1 and fixed in linux v5.11 with this commit: 61e960b07b63 cgroup-v1: add disabled controller check in cgroup1_parse_param() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61e960b07b637 [Test Case] root@dut-vm:~# kexec -l /boot/vmlinuz-5.4.0-122-generic --initrd=/boot/initrd.img-5.4.0-122-generic --command-line="$(cat /proc/cmdline) cgroup_no_v1=net_prio,net_cls" root@dut-vm:~# systemctl kexec root@dut-vm:~# mount | grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,perf_event,hugetlb,pids,rdma) => All controllers are associated to /sys/fs/cgroup/net_cls,net_prio. Note that several reboots may be needed to reproduce the problem (it fails only when systemd tries to mount 'net_cls,net_prio' first, but the order is random). [Regression Potential] The patch is located in cgroup1_parse_param(), the potential regressions are low. ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1988584 Title: cgroup: all controller mounted when using 'cgroup_no_v1=' Status in linux package in Ubuntu: Incomplete Bug description: [Impact] When mounting a cgroup hierarchy with disabled controller in cgroup v1, all available controllers will be attached. For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all enabled controllers will be attached except cpu. This exists since linux v5.1 and fixed in linux v5.11 with this commit: 61e960b07b63 cgroup-v1: add disabled controller check in cgroup1_parse_param() https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=61e960b07b637 [Test Case] root@dut-vm:~# kexec -l /boot/vmlinuz-5.4.0-122-generic --initrd=/boot/initrd.img-5.4.0-122-generic --command-line="$(cat /proc/cmdline) cgroup_no_v1=net_prio,net_cls" root@dut-vm:~# systemctl kexec root@dut-vm:~# mount | grep cgroup tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,perf_event,hugetlb,pids,rdma) => All controllers are associated to /sys/fs/cgroup/net_cls,net_prio. Note that several reboots may be needed to reproduce the problem (it fails only when systemd tries to mount 'net_cls,net_prio' first, but the order is random). [Regression Potential] The patch is located in cgroup1_parse_param(), the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1988584/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1968591] Re: xfrm interface cannot be changed anymore
** Tags removed: verification-needed-impish ** Tags added: verification-done-impish -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1968591 Title: xfrm interface cannot be changed anymore Status in linux package in Ubuntu: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Impish: Fix Committed Bug description: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 It has been fixed upstream by this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo root@dut-vm:~# ip link change foo type xfrm if_id 5678 dev lo Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968591/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1968591] Re: xfrm interface cannot be changed anymore
** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1968591 Title: xfrm interface cannot be changed anymore Status in linux package in Ubuntu: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Impish: Fix Committed Bug description: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 It has been fixed upstream by this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo root@dut-vm:~# ip link change foo type xfrm if_id 5678 dev lo Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968591/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1968591] Re: xfrm interface cannot be changed anymore
** Description changed: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 It has been fixed upstream by this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo - root@dut-vm:~# ip link change foo type xfrm if_id 1234 dev ntfp1 + root@dut-vm:~# ip link change foo type xfrm if_id 5678 dev lo Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1968591 Title: xfrm interface cannot be changed anymore Status in linux package in Ubuntu: Fix Released Status in linux source package in Focal: Fix Committed Status in linux source package in Impish: Fix Committed Bug description: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 It has been fixed upstream by this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo root@dut-vm:~# ip link change foo type xfrm if_id 5678 dev lo Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968591/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1968591] [NEW] xfrm interface cannot be changed anymore
Public bug reported: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 It has been fixed upstream by this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo root@dut-vm:~# ip link change foo type xfrm if_id 1234 dev ntfp1 Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Description changed: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 + + It has been fixed upstream by this commit: + https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo root@dut-vm:~# ip link change foo type xfrm if_id 1234 dev ntfp1 Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1968591 Title: xfrm interface cannot be changed anymore Status in linux package in Ubuntu: New Bug description: [Impact] An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In fact, the regression has been introduced by this backport: https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135 It has been fixed upstream by this commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6d0d95a1c2b0 [Test Case] root@dut-vm:~# ip link add foo type xfrm if_id 1234 dev lo root@dut-vm:~# ip link change foo type xfrm if_id 1234 dev ntfp1 Error: if_id must be non zero. root@dut-vm:~# uname -a Linux dut-vm 5.4.0-107-generic #121~18.04.1-Ubuntu SMP Thu Mar 24 17:21:33 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux root@dut-vm:~# [Regression Potential] The patch is trivial, the potential regressions are low. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1968591/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1951606] Re: bonding: arp monitoring is failing with tuntap interfaces
The patch has been merged in ubuntu focal:
https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=fa748ace5184
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951606
Title:
bonding: arp monitoring is failing with tuntap interfaces
Status in linux package in Ubuntu:
Expired
Bug description:
[Impact]
When tuntap interfaces are slaves of a bonding interface, arp
monitoring is unusable.
This is fixed upstream with commit a31d27fbed5d ("tun: fix bonding
active backup with arp monitoring"). It will be included in linux
v5.16.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a31d27fbed5d
[Test Case]
Create a bonding with two tuntap interfaces and arp monitoring
configured. Before the patch, slave interfaces are flapping
continuously.
Example:
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:28 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:31 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:31 dut-vm kernel: bond0: now running without any active
interface!
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:32 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:35 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:35 dut-vm kernel: bond0: now running without any active
interface!
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:36 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:37 dut-vm kernel: bond0: (slave ntfp3): link status definitely up
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp3): making interface the new
active one
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1951606/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1951606] Re: bonding: arp monitoring is failing with tuntap interfaces
This patch has been backported in the official linux stable 5.4:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y=01a7ecd36d1e
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951606
Title:
bonding: arp monitoring is failing with tuntap interfaces
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
When tuntap interfaces are slaves of a bonding interface, arp
monitoring is unusable.
This is fixed upstream with commit a31d27fbed5d ("tun: fix bonding
active backup with arp monitoring"). It will be included in linux
v5.16.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a31d27fbed5d
[Test Case]
Create a bonding with two tuntap interfaces and arp monitoring
configured. Before the patch, slave interfaces are flapping
continuously.
Example:
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:28 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:31 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:31 dut-vm kernel: bond0: now running without any active
interface!
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:32 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:35 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:35 dut-vm kernel: bond0: now running without any active
interface!
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:36 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:37 dut-vm kernel: bond0: (slave ntfp3): link status definitely up
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp3): making interface the new
active one
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1951606/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1951606] [NEW] bonding: arp monitoring is failing with tuntap interfaces
Public bug reported:
[Impact]
When tuntap interfaces are slaves of a bonding interface, arp monitoring
is unusable.
This is fixed upstream with commit a31d27fbed5d ("tun: fix bonding
active backup with arp monitoring"). It will be included in linux v5.16.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a31d27fbed5d
[Test Case]
Create a bonding with two tuntap interfaces and arp monitoring
configured. Before the patch, slave interfaces are flapping
continuously.
Example:
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:28 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:31 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:31 dut-vm kernel: bond0: now running without any active interface!
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:32 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:35 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:35 dut-vm kernel: bond0: now running without any active interface!
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:36 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:37 dut-vm kernel: bond0: (slave ntfp3): link status definitely up
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp3): making interface the new
active one
[Regression Potential]
The patch is trivial, the potential regressions are low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
[Impact]
When tuntap interfaces are slaves of a bonding interface, arp monitoring
- is fails
+ is unusable.
This is fixed upstream with commit a31d27fbed5d ("tun: fix bonding
active backup with arp monitoring"). It will be included in linux v5.16.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a31d27fbed5d
[Test Case]
Create a bonding with two tuntap interfaces and arp monitoring
configured. Before the patch, slave interfaces are flapping
continuously.
Example:
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:28 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:31 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:31 dut-vm kernel: bond0: now running without any active
interface!
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:32 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:32 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:35 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:35 dut-vm kernel: bond0: now running without any active
interface!
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): link status definitely up
Nov 19 16:12:36 dut-vm kernel: bond0: (slave ntfp2): making interface the new
active one
Nov 19 16:12:36 dut-vm kernel: bond0: active interface up!
Nov 19 16:12:37 dut-vm kernel: bond0: (slave ntfp3): link status definitely up
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp2): link status definitely
down, disabling slave
Nov 19 16:12:39 dut-vm kernel: bond0: (slave ntfp3): making interface the new
active one
[Regression Potential]
The patch is trivial, the potential regressions are low.
** Summary changed:
- bondig: arp monitoring is failing with tuntap interfaces
+ bonding: arp monitoring is failing with tuntap interfaces
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951606
Title:
bonding: arp monitoring is failing with tuntap interfaces
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
When tuntap interfaces are slaves of a bonding interface, arp
monitoring is unusable.
This is fixed upstream with commit a31d27fbed5d ("tun: fix bonding
active backup with arp monitoring"). It will be included in linux
v5.16.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a31d27fbed5d
[Test Case]
Create a bonding with two tuntap interfaces and arp monitoring
configured. Before the patch, slave interfaces are flapping
continuously.
Example:
Nov 19 16:12:28 dut-vm kernel: bond0: (slave ntfp2): link status
[Kernel-packages] [Bug 1947164] Re: ebpf: bpf_redirect fails with ip6 gre interfaces
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre interfaces
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
Fix Committed
Bug description:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3fa449ffcf5
It would probably be good to also backport this one: 3b707c3008ca
("net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b707c3008ca
[Test Case]
Create an ebpf program that redirect packets to an ipv6 gre interface
and load it with tc.
[Regression Potential]
The patches are trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947164/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1947164] Re: ebpf: bpf_redirect fails with ip6 gre interfaces
** Tags removed: verification-needed-impish
** Tags added: verification-done-impish
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre interfaces
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
Fix Committed
Bug description:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3fa449ffcf5
It would probably be good to also backport this one: 3b707c3008ca
("net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b707c3008ca
[Test Case]
Create an ebpf program that redirect packets to an ipv6 gre interface
and load it with tc.
[Regression Potential]
The patches are trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947164/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1947164] Re: ebpf: bpf_redirect fails with ip6 gre interfaces
** Tags removed: verification-needed-hirsute
** Tags added: verification-done-hirsute
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre interfaces
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
Fix Committed
Bug description:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3fa449ffcf5
It would probably be good to also backport this one: 3b707c3008ca
("net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b707c3008ca
[Test Case]
Create an ebpf program that redirect packets to an ipv6 gre interface
and load it with tc.
[Regression Potential]
The patches are trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947164/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1947164] Re: ebpf: bpf_redirect fails with ip6 gre interfaces
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre interfaces
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
Fix Committed
Bug description:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3fa449ffcf5
It would probably be good to also backport this one: 3b707c3008ca
("net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b707c3008ca
[Test Case]
Create an ebpf program that redirect packets to an ipv6 gre interface
and load it with tc.
[Regression Potential]
The patches are trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947164/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1947164] [NEW] ebpf: bpf_redirect fails with ip6 gre interfaces
Public bug reported:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3fa449ffcf5
It would probably be good to also backport this one: 3b707c3008ca ("net:
dev_is_mac_header_xmit() true for ARPHRD_RAWIP").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b707c3008ca
[Test Case]
Create an ebpf program that redirect packets to an ipv6 gre interface
and load it with tc.
[Regression Potential]
The patches are trivial, the potential regressions are low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre interfaces
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3fa449ffcf5
It would probably be good to also backport this one: 3b707c3008ca
("net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b707c3008ca
[Test Case]
Create an ebpf program that redirect packets to an ipv6 gre interface
and load it with tc.
[Regression Potential]
The patches are trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1947164/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1945180] [NEW] vrf: fix refcnt leak with vxlan slaves
Public bug reported:
[Impact]
There are cases, where deleting a VRF device can hang waiting for the refcnt to
drop to 0, with the message:
unregister_netdevice: waiting for vrf1 to become free. Usage count = 1
This is fixed upstream with commit b87b04f5019e ("ipv4: Fix device used
for dst_alloc with local routes"), included in linux v5.13. The original
patch, which has introduced the bug, is included in linux v4.10.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b87b04f5019e
[Test Case]
The upstream patch includes a test case, which describe how to reproduce
the bug.
[Regression Potential]
The patch affects ipv4 routing. It is straightforward, it links new dst
to a vrf device instead of the loopback if needed.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "Backport of the upstream patch on
Ubuntu-hwe-5.4-5.4.0-87.98_18.04.1"
https://bugs.launchpad.net/bugs/1945180/+attachment/5528350/+files/0001-ipv4-Fix-device-used-for-dst_alloc-with-local-routes.patch
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1945180
Title:
vrf: fix refcnt leak with vxlan slaves
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
There are cases, where deleting a VRF device can hang waiting for the refcnt
to drop to 0, with the message:
unregister_netdevice: waiting for vrf1 to become free. Usage count = 1
This is fixed upstream with commit b87b04f5019e ("ipv4: Fix device
used for dst_alloc with local routes"), included in linux v5.13. The
original patch, which has introduced the bug, is included in linux
v4.10.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b87b04f5019e
[Test Case]
The upstream patch includes a test case, which describe how to
reproduce the bug.
[Regression Potential]
The patch affects ipv4 routing. It is straightforward, it links new
dst to a vrf device instead of the loopback if needed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1945180/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1935040] Re: dev_forward_skb: do not scrub skb mark within the same name space
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark within the same name space
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
In Progress
Bug description:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can easily reset the mark, but it cannot
preserve it.
This kind of patch was already done in the past, see commit
963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
the same name space").
This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
not scrub skb mark within the same name space").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a
[Test Case]
Mark a packet in the POSTROUTING hook, redirect it to another
interface and display it with a netfilter log rule to check the mark.
[Regression Potential]
A user could expect that the mark is reset after a call to
bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
program himself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1935040] Re: dev_forward_skb: do not scrub skb mark within the same name space
** Tags removed: verification-needed-hirsute
** Tags added: verification-done-hirsute
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark within the same name space
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
In Progress
Bug description:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can easily reset the mark, but it cannot
preserve it.
This kind of patch was already done in the past, see commit
963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
the same name space").
This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
not scrub skb mark within the same name space").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a
[Test Case]
Mark a packet in the POSTROUTING hook, redirect it to another
interface and display it with a netfilter log rule to check the mark.
[Regression Potential]
A user could expect that the mark is reset after a call to
bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
program himself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1935040] Re: dev_forward_skb: do not scrub skb mark within the same name space
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark within the same name space
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Hirsute:
Fix Committed
Status in linux source package in Impish:
In Progress
Bug description:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can easily reset the mark, but it cannot
preserve it.
This kind of patch was already done in the past, see commit
963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
the same name space").
This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
not scrub skb mark within the same name space").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a
[Test Case]
Mark a packet in the POSTROUTING hook, redirect it to another
interface and display it with a netfilter log rule to check the mark.
[Regression Potential]
A user could expect that the mark is reset after a call to
bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
program himself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1936475] [NEW] ipv6: fix 'disable_policy' for forwarded packets
Public bug reported:
[Impact]
The ipv6 sysctl entry 'disable_policy' has effect for local packets only
(while the ipv4 version is for all packets coming from the specified
interface).
This is fixed upstream with commit ccd27f05ae7b ("ipv6: fix
'disable_policy' for fwd packets").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd27f05ae7b
[Test Case]
Enable 'disable_policy' for an interface:
sysctl -w net.ipv6.conf.eth0.disable_policy=1
Add an ipsec policy:
ip xfrm policy add src fd00:100::/64 dst fd00:200::/64 dir out tmpl src
fd00:125::1 dst fd00:125::2 proto esp mode tunnel
Try a ping from subnet fd00:100::/64 to subnet fd00:200::/64.
[Regression Potential]
The patch is small and located in ip6_forward(), thus only this function
is affected.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1936475
Title:
ipv6: fix 'disable_policy' for forwarded packets
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
The ipv6 sysctl entry 'disable_policy' has effect for local packets
only (while the ipv4 version is for all packets coming from the
specified interface).
This is fixed upstream with commit ccd27f05ae7b ("ipv6: fix
'disable_policy' for fwd packets").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccd27f05ae7b
[Test Case]
Enable 'disable_policy' for an interface:
sysctl -w net.ipv6.conf.eth0.disable_policy=1
Add an ipsec policy:
ip xfrm policy add src fd00:100::/64 dst fd00:200::/64 dir out tmpl src
fd00:125::1 dst fd00:125::2 proto esp mode tunnel
Try a ping from subnet fd00:100::/64 to subnet fd00:200::/64.
[Regression Potential]
The patch is small and located in ip6_forward(), thus only this
function is affected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1936475/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1935040] [NEW] dev_forward_skb: do not scrub skb mark within the same name space
Public bug reported:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can easily reset the mark, but it cannot
preserve it.
This kind of patch was already done in the past, see commit 963a88b31ddb
("tunnels: harmonize cleanup done on skb on xmit path"), commit
ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx path") and
commit 213dd74aee76 ("skbuff: Do not scrub skb mark within the same name
space").
This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
not scrub skb mark within the same name space").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a
[Test Case]
Mark a packet in the POSTROUTING hook, redirect it to another interface
and display it with a netfilter log rule to check the mark.
[Regression Potential]
A user could expect that the mark is reset after a call to
bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
program himself.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark within the same name space
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can easily reset the mark, but it cannot
preserve it.
This kind of patch was already done in the past, see commit
963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
the same name space").
This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
not scrub skb mark within the same name space").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a
[Test Case]
Mark a packet in the POSTROUTING hook, redirect it to another
interface and display it with a netfilter log rule to check the mark.
[Regression Potential]
A user could expect that the mark is reset after a call to
bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
program himself.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1896504] Re: tc/ebpf: unable to use BPF_FUNC_skb_change_head
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1896504
Title:
tc/ebpf: unable to use BPF_FUNC_skb_change_head
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Focal:
Fix Committed
Status in linux source package in Groovy:
Incomplete
Bug description:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1896504/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1896504] Re: tc/ebpf: unable to use BPF_FUNC_skb_change_head
Here is an example:
root@ubuntu1804hwe:~# uname -a
Linux ubuntu1804hwe 5.4.0-47-generic #51~18.04.1-Ubuntu SMP Sat Sep 5 14:35:50
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1804hwe:~# cat test.c
#include
#include
#ifndef __section
# define __section(NAME) __attribute__((section(NAME), used))
#endif
static int (*bpf_skb_change_head)(void *ctx, int headroom, int flags) =
(void *) BPF_FUNC_skb_change_head;
__section("test")
int _test(struct __sk_buff *skb)
{
bpf_skb_change_head(skb, 14, 0);
return TC_ACT_OK;
}
char _license[] __section("license") = "GPL";
root@ubuntu1804hwe:~# clang -target bpf -I/usr/include/x86_64-linux-gnu/ -O2 -o
test.o -c test.c
root@ubuntu1804hwe:~# ip link add name dummy1 type dummy
root@ubuntu1804hwe:~# ip link set dummy1 up
root@ubuntu1804hwe:~# tc qdisc add dev dummy1 clsact
root@ubuntu1804hwe:~# tc filter add dev dummy1 egress matchall action bpf obj
./test.o sec test
Prog section 'test' rejected: Invalid argument (22)!
- Type: 4
- Instructions: 5 (0 over limit)
- License: GPL
Verifier analysis:
0: (b7) r2 = 14
1: (b7) r3 = 0
2: (85) call bpf_skb_change_head#43
unknown func bpf_skb_change_head#43
processed 3 insns (limit 100) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0
Error fetching program/map!
bad action parsing
parse_action: bad value (5:bpf)!
Illegal "action"
root@ubuntu1804hwe:~#
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1896504
Title:
tc/ebpf: unable to use BPF_FUNC_skb_change_head
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1896504/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1896504] Re: tc/ebpf: unable to use BPF_FUNC_skb_change_head
With a newer kernel, the last command succeeds (not output):
root@ubuntu1804hwe:~# uname -a
Linux ubuntu1804hwe 5.9.0-rc3-ge1b81391421b+6wind-net #1 SMP Mon Sep 21
19:31:31 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1804hwe:~# tc filter add dev dummy1 egress matchall action bpf obj
./test.o sec test
root@ubuntu1804hwe:~#
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1896504
Title:
tc/ebpf: unable to use BPF_FUNC_skb_change_head
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1896504/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1896504] Re: tc/ebpf: unable to use BPF_FUNC_skb_change_head
I forget to explain how to check that the tc command was accepted:
root@ubuntu1804hwe:~# tc filter show dev dummy1 egress
filter protocol all pref 49152 matchall chain 0
filter protocol all pref 49152 matchall chain 0 handle 0x1
not_in_hw
action order 1: bpf test.o:[test] id 9 tag 26af4b090d2d67ee jited
default-action pipe
index 1 ref 1 bind 1
root@ubuntu1804hwe:~#
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1896504
Title:
tc/ebpf: unable to use BPF_FUNC_skb_change_head
Status in linux package in Ubuntu:
Incomplete
Bug description:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1896504/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1896504] [NEW] tc/ebpf: unable to use BPF_FUNC_skb_change_head
Public bug reported:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
-
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
- This helper exists since linux v4.10, but it cannot be used until the the
upstream commit f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
+ This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1896504
Title:
tc/ebpf: unable to use BPF_FUNC_skb_change_head
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6f3f65d80dac
[Test Case]
Create a, ebpf program that uses this helper and load it with tc.
[Regression Potential]
The patch is trivial, the potential regressions are low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1896504/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1894605] [NEW] gtp: unable to associate contextes to interfaces
Public bug reported:
[Impact]
When a user dump pdp contextes, it cannot associate them with existing
gtp interfaces. Thus, the dump is unusable.
This problem has been fixed in the upstream commit b274e47d9e3f ("gtp: add
GTPA_LINK info to msg sent to userspace"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b274e47d9e3f
[Test Case]
Create several gtp interfaces and setup PDP contextes on them. Perform a
dump with the genl command GTP_CMD_GETPDP.
[Regression Potential]
The patch affects only the gtp driver and is quite trivial. Thus, the
potential regressions are limited to this area and low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1894605
Title:
gtp: unable to associate contextes to interfaces
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
When a user dump pdp contextes, it cannot associate them with existing
gtp interfaces. Thus, the dump is unusable.
This problem has been fixed in the upstream commit b274e47d9e3f ("gtp: add
GTPA_LINK info to msg sent to userspace"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b274e47d9e3f
[Test Case]
Create several gtp interfaces and setup PDP contextes on them. Perform
a dump with the genl command GTP_CMD_GETPDP.
[Regression Potential]
The patch affects only the gtp driver and is quite trivial. Thus, the
potential regressions are limited to this area and low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1894605/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1890796] Re: ipsec: policy priority management is broken
I don't understand which kernel should be tested on xenial. The kernel
4.15.0-112-generic does not have the bug.
** Tags removed: verification-needed-bionic verification-needed-focal
** Tags added: verification-done-bionic verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-oem-5.6 in Ubuntu.
https://bugs.launchpad.net/bugs/1890796
Title:
ipsec: policy priority management is broken
Status in linux package in Ubuntu:
Fix Released
Status in linux-hwe package in Ubuntu:
Invalid
Status in linux-oem-5.6 package in Ubuntu:
Invalid
Status in linux source package in Xenial:
Fix Committed
Status in linux-hwe source package in Xenial:
Invalid
Status in linux-oem-5.6 source package in Xenial:
Invalid
Status in linux source package in Bionic:
Fix Committed
Status in linux-hwe source package in Bionic:
Fix Committed
Status in linux-oem-5.6 source package in Bionic:
Invalid
Status in linux source package in Focal:
Fix Committed
Status in linux-hwe source package in Focal:
Invalid
Status in linux-oem-5.6 source package in Focal:
Confirmed
Bug description:
[Impact]
When the user tries to update the priority field of a SP, the SP is
not updated *AND* a new SP is created. This results to a broken IPsec
configuration.
This problem has been fixed in the upstream commit 4f47e8ab6ab7 ("xfrm:
policy: match with both mark and mask on user interfaces"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f47e8ab6ab7
[Test Case]
root@dut-vm:~# uname -a
Linux dut-vm 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC
2020 x86_64 x86_64 x86_64 GNU/Linux
root@dut-vm:~# ip xfrm policy flush
root@dut-vm:~# ip xfrm policy
root@dut-vm:~# ip xfrm policy add src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir
in action allow priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel
reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~# ip xfrm policy update src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~#
=> Now, there is 2 SP instead of 1.
[Regression Potential]
The patch affects the xfrm stack only. Thus, the potential regressions
are limited to this area.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890796/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1890796] [NEW] ipsec: policy priority management is broken
Public bug reported:
[Impact]
When the user tries to update the priority field of a SP, the SP is not
updated *AND* a new SP is created. This results to a broken IPsec
configuration.
This problem has been fixed in the upstream commit 4f47e8ab6ab7 ("xfrm: policy:
match with both mark and mask on user interfaces"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f47e8ab6ab7
[Test Case]
root@dut-vm:~# uname -a
Linux dut-vm 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC
2020 x86_64 x86_64 x86_64 GNU/Linux
root@dut-vm:~# ip xfrm policy flush
root@dut-vm:~# ip xfrm policy
root@dut-vm:~# ip xfrm policy add src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir
in action allow priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel
reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~# ip xfrm policy update src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~#
=> Now, there is 2 SP instead of 1.
[Regression Potential]
The patch affects the xfrm stack only. Thus, the potential regressions
are limited to this area.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1890796
Title:
ipsec: policy priority management is broken
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
When the user tries to update the priority field of a SP, the SP is
not updated *AND* a new SP is created. This results to a broken IPsec
configuration.
This problem has been fixed in the upstream commit 4f47e8ab6ab7 ("xfrm:
policy: match with both mark and mask on user interfaces"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f47e8ab6ab7
[Test Case]
root@dut-vm:~# uname -a
Linux dut-vm 5.4.0-42-generic #46~18.04.1-Ubuntu SMP Fri Jul 10 07:21:24 UTC
2020 x86_64 x86_64 x86_64 GNU/Linux
root@dut-vm:~# ip xfrm policy flush
root@dut-vm:~# ip xfrm policy
root@dut-vm:~# ip xfrm policy add src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp dir
in action allow priority 9 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel
reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~# ip xfrm policy update src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5 tmpl src 3.3.3.3 dst 4.4.4.4 proto esp mode tunnel reqid 1
root@dut-vm:~# ip xfrm policy
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 5
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
src 1.1.1.1/24 dst 2.2.2.2/24 proto tcp
dir in priority 9
tmpl src 3.3.3.3 dst 4.4.4.4
proto esp reqid 1 mode tunnel
root@dut-vm:~#
=> Now, there is 2 SP instead of 1.
[Regression Potential]
The patch affects the xfrm stack only. Thus, the potential regressions
are limited to this area.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1890796/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1881907] [NEW] xfrm interface: fix oops when deleting a x-netns interface
Public bug reported:
[Impact]
When a netns is removed, it may corrupt x-netns xfrm interfaces that
have their link part in this netns. It will later trigger an oops when
those interfaces are removed.
This problem has been fixed in the upstream commit c95c5f58b35e ("xfrm
interface: fix oops when deleting a x-netns interface"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c95c5f58b35e
[Test Case]
The steps to reproduce the oops is explained in the commit log of the
upstream patch.
[Regression Potential]
The patch affects only the xfrm interface driver, more precisely, the
deletion part. Thus, the potential regressions are limited to this area.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1881907
Title:
xfrm interface: fix oops when deleting a x-netns interface
Status in linux package in Ubuntu:
New
Bug description:
[Impact]
When a netns is removed, it may corrupt x-netns xfrm interfaces that
have their link part in this netns. It will later trigger an oops when
those interfaces are removed.
This problem has been fixed in the upstream commit c95c5f58b35e ("xfrm
interface: fix oops when deleting a x-netns interface"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c95c5f58b35e
[Test Case]
The steps to reproduce the oops is explained in the commit log of the
upstream patch.
[Regression Potential]
The patch affects only the xfrm interface driver, more precisely, the
deletion part. Thus, the potential regressions are limited to this
area.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1881907/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1860969] Re: ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
** Tags removed: verification-needed-eoan
** Tags added: verification-done-eoan
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1860969
Title:
ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
New
Status in linux source package in Bionic:
New
Status in linux source package in Eoan:
Fix Committed
Status in linux source package in Focal:
Fix Committed
Bug description:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
- f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
The bug exists since the beginning of each driver.
== Fix ==
Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch affects only the cases described above (when no dst is
attached to the skb), thus the risk should be low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860969/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1860969] Re: ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
** Description changed:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
- - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
+ - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
+ - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
The bug exists since the beginning of each driver.
-
== Fix ==
- Backport the requested patches to Focal (5.4), Disco (5.0), Bionic (4.15) and
+ Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch affects only the cases described above (when no dst is
attached to the skb), thus the risk should be low.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1860969
Title:
ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Status in linux package in Ubuntu:
Incomplete
Bug description:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
- f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
The bug exists since the beginning of each driver.
== Fix ==
Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch affects only the cases described above (when no dst is
attached to the skb), thus the risk should be low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860969/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1860986] Re: openvswitch: same tcp session encapsulated with different udp src port for ovs vxlan tunnel
** Description changed:
[SRU Justification]
[Impact]
Packets encapsulated into a vxlan tunnel with openvswitch don't have the
same udp source port for the first packet and the following ones of the
same TCP flow in a DOCKER scenario usecase.
In fact, when using the kernel datapath, the upcall don't include skb
hash info relatived. As VXLAN module uses the skb hash to select UDP src
port, the source port is different for the first packet.
More information can be found here:
https://mail.openvswitch.org/pipermail/ovs-dev/2019-October/364062.html
This has been fixed in v5.5 by the following upstream commit:
bd1903b7c4596 ("net: openvswitch: add hash info to upcall")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/openvswitch?id=bd1903b7c4596ba6f7677d0dfefd05ba5876707d
The bug exists since the beginning of vxlan support in openvswitch.
-
+
== Fix ==
-
- Backport the requested patches to Focal (5.4), Disco (5.0), Bionic (4.15) and
+ Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
-
== Risk of Regression ==
This patch only add hash information when we do upcall, thus the risk
should be low.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1860986
Title:
openvswitch: same tcp session encapsulated with different udp src port
for ovs vxlan tunnel
Status in linux package in Ubuntu:
Incomplete
Bug description:
[SRU Justification]
[Impact]
Packets encapsulated into a vxlan tunnel with openvswitch don't have
the same udp source port for the first packet and the following ones
of the same TCP flow in a DOCKER scenario usecase.
In fact, when using the kernel datapath, the upcall don't include skb
hash info relatived. As VXLAN module uses the skb hash to select UDP
src port, the source port is different for the first packet.
More information can be found here:
https://mail.openvswitch.org/pipermail/ovs-dev/2019-October/364062.html
This has been fixed in v5.5 by the following upstream commit:
bd1903b7c4596 ("net: openvswitch: add hash info to upcall")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/openvswitch?id=bd1903b7c4596ba6f7677d0dfefd05ba5876707d
The bug exists since the beginning of vxlan support in openvswitch.
== Fix ==
Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch only add hash information when we do upcall, thus the risk
should be low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860986/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1860969] [NEW] ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Public bug reported:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
- f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
The bug exists since the beginning of each driver.
== Fix ==
Backport the requested patches to Focal (5.4), Disco (5.0), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch affects only the cases described above (when no dst is
attached to the skb), thus the risk should be low.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1860969
Title:
ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Status in linux package in Ubuntu:
New
Bug description:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
- f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
The bug exists since the beginning of each driver.
== Fix ==
Backport the requested patches to Focal (5.4), Disco (5.0), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch affects only the cases described above (when no dst is
attached to the skb), thus the risk should be low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1860969/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1849085] Re: netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID
** Description changed:
- The following upstream patch is missing:
+ [SRU Justification]
- - 993e4c929a07 netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID
+ [Impact]
+
+ The netlink flag NLM_F_ECHO has no effect with the rtnetlink command
+ RTM_NEWNSID. This has been fixed in v5.4 by the upstream commit
+ 993e4c929a07 ("netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID"). The
+ bug is here since v4.0.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993e4c929a07
+
+ == Fix ==
+
+ Backport the requested patches to Disco (5.0), Bionic (4.15) and
+ Xenial (4.4).
+
+ == Risk of Regregression ==
+
+ This patch is quite trivial and limited to the code that manage
+ RTM_[NEW|GET]NSID commands. Risk should be low.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1849085
Title:
netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID
Status in linux package in Ubuntu:
Incomplete
Bug description:
[SRU Justification]
[Impact]
The netlink flag NLM_F_ECHO has no effect with the rtnetlink command
RTM_NEWNSID. This has been fixed in v5.4 by the upstream commit
993e4c929a07 ("netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID"). The
bug is here since v4.0.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993e4c929a07
== Fix ==
Backport the requested patches to Disco (5.0), Bionic (4.15) and
Xenial (4.4).
== Risk of Regregression ==
This patch is quite trivial and limited to the code that manage
RTM_[NEW|GET]NSID commands. Risk should be low.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849085/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1849085] [NEW] netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID
Public bug reported: The following upstream patch is missing: - 993e4c929a07 netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993e4c929a07 ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1849085 Title: netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID Status in linux package in Ubuntu: New Bug description: The following upstream patch is missing: - 993e4c929a07 netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993e4c929a07 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1849085/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1836261] Re: xfrm interface: several kernel panic
root@dut-vm:~# ip netns add foo root@dut-vm:~# ip netns add bar root@dut-vm:~# ip -n foo netns set bar 0 root@dut-vm:~# ip -n foo link add xfrmi0 link-netnsid 0 type xfrm dev lo if_id 23 root@dut-vm:~# ip -n bar link ls xfrmi0 Device "xfrmi0" does not exist. root@dut-vm:~# ip -n foo link ls xfrmi0 2: xfrmi0@if1: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/none 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff link-netns bar => interface is correctly created and there is no backtrace in dmesg, OK root@dut-vm:~# ip netns del foo root@dut-vm:~# ip netns del bar root@dut-vm:~# ip link add xfrm1 type xfrm dev lo if_id 1 root@dut-vm:~# ip link add xfrm2 type xfrm dev lo if_id 2 root@dut-vm:~# ip link set xfrm1 type xfrm dev lo if_id 2 RTNETLINK answers: File exists root@dut-vm:~# ip -d link list dev xfrm1 7: xfrm1@lo: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/none 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500 xfrm if_id 0x1 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 => if_id 0x1 and no backtrace in dmesg, OK root@dut-vm:~# ip link add dummy type dummy root@dut-vm:~# ip link add xfrm1 type xfrm dev dummy if_id 1 root@dut-vm:~# ip l d dummy root@dut-vm:~# ip -d l ls xfrm1 10: xfrm1@if9: mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/none 3a:90:dc:59:76:c6 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 1500 xfrm if_id 0x1 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 root@dut-vm:~# => no refcnt pb, OK Our internal tests suite is also OK. ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1836261 Title: xfrm interface: several kernel panic Status in linux package in Ubuntu: Incomplete Status in linux source package in Disco: Fix Committed Bug description: BugLink: https://bugs.launchpad.net/bugs/1836261 [Impact] Upstream has recently received a number of bug fixes that resolve kernel panics, memory leaks, and list handling for virtual xfrm interfaces that were debuted in 4.19. [Test Case] 3 of the 5 patches have test cases in their commit message for reproducing the fault they address. Another patch prevents including a stale name in the log files. And the other patch that doesn't have an explicit test case improves list handling. [Regression Potential] This patchset contains a nontrivial amount of changes. However, the heavier patches contain test cases that they resolve the regressions they were created for. They've been upstream since July and I don't see any follow up Fixes commits targeting these. The blast radius is "only" the xfrm interface but this is smoke tested and if any dependents rely on it for core functionality they might exercise it and would possibly notice any issues by now as well. Original bug description follows: There was several problems reported upstream: 1/ 56c5ee1a5823: xfrm interface: fix memory leak on creation https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=56c5ee1a5823 2/ xfrm interface: avoid corruption on changelink http://patchwork.ozlabs.org/patch/1130240/ 3/ xfrm interface: ifname may be wrong in logs http://patchwork.ozlabs.org/patch/1130241/ 4/ xfrm interface: fix list corruption for x-netns http://patchwork.ozlabs.org/patch/1130385/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836261/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1834465] Re: ipv6: fix neighbour resolution with raw socket
Tests are ok here. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834465 Title: ipv6: fix neighbour resolution with raw socket Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: [SRU Justification] == Impact == IPv6 packets may be dropped during the neighbor resolution when a userspace program uses IPv6 raw sockets. The commit that introduces this bug has not been identified, but it's here at least from Xenial (4.4). This was fixed in the requested backport (from 5.2). == Fix == Backport the requested patches to Disco (5.0), Bionic (4.15) and Xenial (4.4). == Risk of Regregression == The change slightly modifies the target IPv6 address in neighbor resolution engine. Risk should be low and limited to ipv6. --- With an IPv6 raw socket, packets may be dropped during the neighbour resolution. It is fixed upstream by these patches: 9b1c1ef13b35 ipv6: constify rt6_nexthop() 2c6b55f45d53 ipv6: fix neighbour resolution with raw socket https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=2c6b55f45d53420d8310d41310e0e2cd41fe073f The detail of the bug is explained in the second patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834465/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1830756] Re: tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1830756
Title:
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Bug description:
[SRU Justification]
== Impact ==
1bd4978a88ac2 ("tun: honor IFF_UP in tun_get_user()") which is part of
kernel v4.5 introduced an issue where userspace processes might not
get notified if a link comes up after initially being down. This was
fixed in the requested backport (from 4.17).
== Fix ==
Backport the requested patch to Bionic (4.15). Xenial (4.4) is not
affected and Disco and later already contain that fix.
== Risk of Regregression ==
The change only slightly modifies a very specific protocol function.
Risk should be low and limited to tuntap.
---
The upstream commit 2f3ab6221e4c ("tuntap: correctly set
SOCKWQ_ASYNC_NOSPACE") is missing.
Without this patch, userspace apps that use tuntap may be blocked.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f3ab6221e4c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830756/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1836261] Re: xfrm interface: several kernel panic
Here are the official commits from Linus tree:
56c5ee1a5823 ("xfrm interface: fix memory leak on creation")
e9e7e85d75f3 ("xfrm interface: avoid corruption on changelink")
e0aaa332e6a9 ("xfrm interface: ifname may be wrong in logs")
c5d1030f2300 ("xfrm interface: fix list corruption for x-netns")
22d6552f827e ("xfrm interface: fix management of phydev")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=56c5ee1a5823
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e9e7e85d75f3
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e0aaa332e6a9
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5d1030f2300
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22d6552f827e
The bugs have been introduced in v4.19 by commit f203b76d7809 ("xfrm: Add
virtual xfrm interfaces"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f203b76d7809
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1836261
Title:
xfrm interface: several kernel panic
Status in linux package in Ubuntu:
Incomplete
Bug description:
There was several problems reported upstream:
1/ 56c5ee1a5823: xfrm interface: fix memory leak on creation
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=56c5ee1a5823
2/ xfrm interface: avoid corruption on changelink
http://patchwork.ozlabs.org/patch/1130240/
3/ xfrm interface: ifname may be wrong in logs
http://patchwork.ozlabs.org/patch/1130241/
4/ xfrm interface: fix list corruption for x-netns
http://patchwork.ozlabs.org/patch/1130385/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836261/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1834465] Re: ipv6: fix neighbour resolution with raw socket
Tests are ok for us. ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834465 Title: ipv6: fix neighbour resolution with raw socket Status in linux package in Ubuntu: In Progress Status in linux source package in Disco: Fix Committed Bug description: [SRU Justification] == Impact == IPv6 packets may be dropped during the neighbor resolution when a userspace program uses IPv6 raw sockets. The commit that introduces this bug has not been identified, but it's here at least from Xenial (4.4). This was fixed in the requested backport (from 5.2). == Fix == Backport the requested patches to Disco (5.0), Bionic (4.15) and Xenial (4.4). == Risk of Regregression == The change slightly modifies the target IPv6 address in neighbor resolution engine. Risk should be low and limited to ipv6. --- With an IPv6 raw socket, packets may be dropped during the neighbour resolution. It is fixed upstream by these patches: 9b1c1ef13b35 ipv6: constify rt6_nexthop() 2c6b55f45d53 ipv6: fix neighbour resolution with raw socket https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=2c6b55f45d53420d8310d41310e0e2cd41fe073f The detail of the bug is explained in the second patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834465/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1834465] Re: ipv6: fix neighbour resolution with raw socket
** Description changed: + [SRU Justification] + + == Impact == + + IPv6 packets may be dropped during the neighbor resolution when a + userspace program uses IPv6 raw sockets. The commit that introduces + this bug has not been identified, but it's here at least from Xenial (4.4). + This was fixed in the requested backport (from 5.2). + + == Fix == + + Backport the requested patches to Disco (5.0), Bionic (4.15) and + Xenial (4.4). + + == Risk of Regregression == + + The change slightly modifies the target IPv6 address in neighbor + resolution engine. Risk should be low and limited to ipv6. + + --- + With an IPv6 raw socket, packets may be dropped during the neighbour resolution. It is fixed upstream by these patches: 9b1c1ef13b35 ipv6: constify rt6_nexthop() 2c6b55f45d53 ipv6: fix neighbour resolution with raw socket https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=2c6b55f45d53420d8310d41310e0e2cd41fe073f The detail of the bug is explained in the second patch. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834465 Title: ipv6: fix neighbour resolution with raw socket Status in linux package in Ubuntu: In Progress Status in linux source package in Disco: In Progress Bug description: [SRU Justification] == Impact == IPv6 packets may be dropped during the neighbor resolution when a userspace program uses IPv6 raw sockets. The commit that introduces this bug has not been identified, but it's here at least from Xenial (4.4). This was fixed in the requested backport (from 5.2). == Fix == Backport the requested patches to Disco (5.0), Bionic (4.15) and Xenial (4.4). == Risk of Regregression == The change slightly modifies the target IPv6 address in neighbor resolution engine. Risk should be low and limited to ipv6. --- With an IPv6 raw socket, packets may be dropped during the neighbour resolution. It is fixed upstream by these patches: 9b1c1ef13b35 ipv6: constify rt6_nexthop() 2c6b55f45d53 ipv6: fix neighbour resolution with raw socket https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=2c6b55f45d53420d8310d41310e0e2cd41fe073f The detail of the bug is explained in the second patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834465/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1823725] Re: packet: reset network header if packet shorter than ll reserved space
** Changed in: linux (Ubuntu)
Status: Expired => New
** Description changed:
After backport of linux upstream commit 9ed988cd5915 ("packet: validate
variable length ll headers") (https://kernel.ubuntu.com/git/ubuntu
/ubuntu-bionic.git/commit/?id=c6026847a0a1) the following upstream patch
is missing :
-
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ed988cd5915
+
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993675a3100b
- 9ed988cd5915 ("packet: validate variable length ll headers")
+ 993675a3100b ("packet: reset network header if packet shorter than ll
+ reserved space")
** Description changed:
- After backport of linux upstream commit 9ed988cd5915 ("packet: validate
- variable length ll headers") (https://kernel.ubuntu.com/git/ubuntu
- /ubuntu-bionic.git/commit/?id=c6026847a0a1) the following upstream patch
- is missing :
+ After backport of linux upstream commit b84bbaf7a6c8 ("packet: in
+ packet_snd start writing at link layer allocation")
+ (https://kernel.ubuntu.com/git/ubuntu/ubuntu-
+ bionic.git/commit/?id=c6026847a0a1) the following upstream patch is
+ missing :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993675a3100b
993675a3100b ("packet: reset network header if packet shorter than ll
reserved space")
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1823725
Title:
packet: reset network header if packet shorter than ll reserved space
Status in linux package in Ubuntu:
New
Bug description:
After backport of linux upstream commit b84bbaf7a6c8 ("packet: in
packet_snd start writing at link layer allocation")
(https://kernel.ubuntu.com/git/ubuntu/ubuntu-
bionic.git/commit/?id=c6026847a0a1) the following upstream patch is
missing :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993675a3100b
993675a3100b ("packet: reset network header if packet shorter than ll
reserved space")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823725/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1830756] Re: tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
** Changed in: linux (Ubuntu)
Status: Expired => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1830756
Title:
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
Status in linux package in Ubuntu:
Incomplete
Bug description:
The upstream commit 2f3ab6221e4c ("tuntap: correctly set
SOCKWQ_ASYNC_NOSPACE") is missing.
Without this patch, userspace apps that use tuntap may be blocked.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f3ab6221e4c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830756/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1836261] Re: xfrm interface: several kernel panic
The series has been included in the ipsec tree: https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git/log/?h=22d6552f827e It will hit linus tree soon. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1836261 Title: xfrm interface: several kernel panic Status in linux package in Ubuntu: Incomplete Bug description: There was several problems reported upstream: 1/ 56c5ee1a5823: xfrm interface: fix memory leak on creation https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=56c5ee1a5823 2/ xfrm interface: avoid corruption on changelink http://patchwork.ozlabs.org/patch/1130240/ 3/ xfrm interface: ifname may be wrong in logs http://patchwork.ozlabs.org/patch/1130241/ 4/ xfrm interface: fix list corruption for x-netns http://patchwork.ozlabs.org/patch/1130385/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836261/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1836261] [NEW] xfrm interface: several kernel panic
Public bug reported: There was several problems reported upstream: 1/ 56c5ee1a5823: xfrm interface: fix memory leak on creation https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=56c5ee1a5823 2/ xfrm interface: avoid corruption on changelink http://patchwork.ozlabs.org/patch/1130240/ 3/ xfrm interface: ifname may be wrong in logs http://patchwork.ozlabs.org/patch/1130241/ 4/ xfrm interface: fix list corruption for x-netns http://patchwork.ozlabs.org/patch/1130385/ ** Affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1836261 Title: xfrm interface: several kernel panic Status in linux package in Ubuntu: New Bug description: There was several problems reported upstream: 1/ 56c5ee1a5823: xfrm interface: fix memory leak on creation https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=56c5ee1a5823 2/ xfrm interface: avoid corruption on changelink http://patchwork.ozlabs.org/patch/1130240/ 3/ xfrm interface: ifname may be wrong in logs http://patchwork.ozlabs.org/patch/1130241/ 4/ xfrm interface: fix list corruption for x-netns http://patchwork.ozlabs.org/patch/1130385/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1836261/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1834465] [NEW] ipv6: fix neighbour resolution with raw socket
Public bug reported: With an IPv6 raw socket, packets may be dropped during the neighbour resolution. It is fixed upstream by these patches: 9b1c1ef13b35 ipv6: constify rt6_nexthop() 2c6b55f45d53 ipv6: fix neighbour resolution with raw socket https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=2c6b55f45d53420d8310d41310e0e2cd41fe073f The detail of the bug is explained in the second patch. ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1834465 Title: ipv6: fix neighbour resolution with raw socket Status in linux package in Ubuntu: Incomplete Bug description: With an IPv6 raw socket, packets may be dropped during the neighbour resolution. It is fixed upstream by these patches: 9b1c1ef13b35 ipv6: constify rt6_nexthop() 2c6b55f45d53 ipv6: fix neighbour resolution with raw socket https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=9b1c1ef13b35fa35051b635ca9fbda39fe6bbc70 https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=2c6b55f45d53420d8310d41310e0e2cd41fe073f The detail of the bug is explained in the second patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834465/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1825985] Re: macvlan: add ndo_change_proto_down support
Can I do something to help?
** Changed in: linux (Ubuntu)
Status: Expired => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1825985
Title:
macvlan: add ndo_change_proto_down support
Status in linux package in Ubuntu:
New
Bug description:
The following linux upstream patches are missing to support vrrp with
frr:
- b58996795dc4 ("net: dev: add generic protodown handler")
- 2e8b4ba64676 ("macvlan: add ndo_change_proto_down support")
- 8f1af75df3a7 ("vxlan: add ndo_change_proto_down support")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b58996795dc4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e8b4ba64676
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f1af75df3a7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1825985/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1823725] Re: packet: reset network header if packet shorter than ll reserved space
This bug is still there, valid packets may be dropped with variable
length protocols like IP tunnels for example. Any actions expected on my
side?
** Changed in: linux (Ubuntu)
Status: Expired => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1823725
Title:
packet: reset network header if packet shorter than ll reserved space
Status in linux package in Ubuntu:
New
Bug description:
After backport of linux upstream commit 9ed988cd5915 ("packet:
validate variable length ll headers")
(https://kernel.ubuntu.com/git/ubuntu/ubuntu-
bionic.git/commit/?id=c6026847a0a1) the following upstream patch is
missing :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ed988cd5915
9ed988cd5915 ("packet: validate variable length ll headers")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823725/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1830756] [NEW] tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
Public bug reported:
The upstream commit 2f3ab6221e4c ("tuntap: correctly set SOCKWQ_ASYNC_NOSPACE")
is missing.
Without this patch, userspace apps that use tuntap may be blocked.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f3ab6221e4c
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1830756
Title:
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
Status in linux package in Ubuntu:
Incomplete
Bug description:
The upstream commit 2f3ab6221e4c ("tuntap: correctly set
SOCKWQ_ASYNC_NOSPACE") is missing.
Without this patch, userspace apps that use tuntap may be blocked.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f3ab6221e4c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830756/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1825985] [NEW] macvlan: add ndo_change_proto_down support
Public bug reported:
The following linux upstream patches are missing to support vrrp with
frr:
- b58996795dc4 ("net: dev: add generic protodown handler")
- 2e8b4ba64676 ("macvlan: add ndo_change_proto_down support")
- 8f1af75df3a7 ("vxlan: add ndo_change_proto_down support")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b58996795dc4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e8b4ba64676
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f1af75df3a7
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1825985
Title:
macvlan: add ndo_change_proto_down support
Status in linux package in Ubuntu:
New
Bug description:
The following linux upstream patches are missing to support vrrp with
frr:
- b58996795dc4 ("net: dev: add generic protodown handler")
- 2e8b4ba64676 ("macvlan: add ndo_change_proto_down support")
- 8f1af75df3a7 ("vxlan: add ndo_change_proto_down support")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b58996795dc4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e8b4ba64676
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f1af75df3a7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1825985/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1642514] Re: sched: Match-all classifier is missing in xenial
root@ubuntu1604:~# dpkg --list | grep iproute2
ii iproute2 4.3.0-1ubuntu3.16.04.4
amd64networking and traffic control tools
root@ubuntu1604:~# apt-get install iproute2/xenial-proposed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '4.3.0-1ubuntu3.16.04.5' (Ubuntu:16.04/xenial-proposed
[amd64]) for 'iproute2'
Suggested packages:
iproute2-doc
The following packages will be upgraded:
iproute2
1 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
Need to get 523 kB of archives.
After this operation, 1,024 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu xenial-proposed/main amd64 iproute2
amd64 4.3.0-1ubuntu3.16.04.5 [523 kB]
Fetched 523 kB in 0s (6,782 kB/s)
(Reading database ... 85262 files and directories currently installed.)
Preparing to unpack .../iproute2_4.3.0-1ubuntu3.16.04.5_amd64.deb ...
Unpacking iproute2 (4.3.0-1ubuntu3.16.04.5) over (4.3.0-1ubuntu3.16.04.4) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up iproute2 (4.3.0-1ubuntu3.16.04.5) ...
root@ubuntu1604:~# dpkg --list | grep iproute2
ii iproute2 4.3.0-1ubuntu3.16.04.5
amd64networking and traffic control tools
root@ubuntu1604:~# ip link add dev dummy0 type dummy
RTNETLINK answers: File exists
root@ubuntu1604:~# ip link add dev dummy1 type dummy
root@ubuntu1604:~# ip link set dev dummy0 up
root@ubuntu1604:~# ip link set dev dummy1 up
root@ubuntu1604:~# tc qdisc add dev dummy0 handle 1: root prio
root@ubuntu1604:~# tc filter add dev dummy0 parent 1: matchall skip_hw action
mirred egress mirror dev dummy1
root@ubuntu1604:~# tc filter show dev dummy0
filter parent 1: protocol all pref 49152 matchall
filter parent 1: protocol all pref 49152 matchall handle 0x1
action order 1: mirred (Egress Mirror to device dummy1) pipe
index 1 ref 1 bind 1
root@ubuntu1604:~#
=> test is OK.
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1642514
Title:
sched: Match-all classifier is missing in xenial
Status in iproute2 package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in iproute2 source package in Xenial:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Bug description:
[SRU Justification]
== Impact ==
The Xenial 4.4 kernel already has a patch applied which implements the
matchall filter. But in order to actually use it, iproute2 needs to pick up the
user-space
side of the implementation.
== Fix ==
Backported a patch from iproute2 upstream which adds the missing support.
Tested against the standard 4.4 and the HWE kernel in 16.04 (see testcase).
== Risk of Regression ==
This adds a new filter type which has to be actively selected. This should
not impact existing uses. So low.
== Testcase ==
ip link add dev dummy0 type dummy
ip link add dev dummy1 type dummy
ip link set dev dummy0 up
ip link set dev dummy1 up
tc qdisc add dev dummy0 handle 1: root prio
tc filter add dev dummy0 parent 1: matchall skip_hw action mirred egress
mirror dev dummy1
at this point, "tc filter show dev dummy0" should spit out something
like:
filter parent 1: protocol all pref 49152 matchall
filter parent 1: protocol all pref 49152 matchall handle 0x1
action order 1: mirred (Egress Mirror to device dummy1) pipe
index 1 ref 1 bind 1
and the functionality can be tested via
tcpdump -n -i dummy1 &
ping -I dummy0 1.2.3.4
---
This is implemented in linux v4.8 by the following upstream patch:
bf3994d2ed31 ("net/sched: introduce Match-all classifier")
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf3994d2ed31
The backport is straightforward. It's useful in combination with
clsact qdisc (see bug #1642510).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1642514/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1823725] [NEW] packet: reset network header if packet shorter than ll reserved space
Public bug reported:
After backport of linux upstream commit 9ed988cd5915 ("packet: validate
variable length ll headers") (https://kernel.ubuntu.com/git/ubuntu
/ubuntu-bionic.git/commit/?id=c6026847a0a1) the following upstream patch
is missing :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ed988cd5915
9ed988cd5915 ("packet: validate variable length ll headers")
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1823725
Title:
packet: reset network header if packet shorter than ll reserved space
Status in linux package in Ubuntu:
Incomplete
Bug description:
After backport of linux upstream commit 9ed988cd5915 ("packet:
validate variable length ll headers")
(https://kernel.ubuntu.com/git/ubuntu/ubuntu-
bionic.git/commit/?id=c6026847a0a1) the following upstream patch is
missing :
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9ed988cd5915
9ed988cd5915 ("packet: validate variable length ll headers")
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823725/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1806392] Re: tun/tap: unable to manage carrier state from userland
** Tags removed: verification-needed-bionic verification-needed-cosmic
** Tags added: verification-done-bionic verification-done-cosmic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1806392
Title:
tun/tap: unable to manage carrier state from userland
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Bug description:
=== SRU Justification ===
[Impact]
Userspace cannot change tun's carrier state.
[Fix]
Add .ndo_change_carrier callback for tun.
[Test]
User confirm the backport works.
[Regression Potential]
Low. It add a new function and a new case switch for ioctl, but the new
code doesn't affect existing behavior.
=== Original Bug Report ===
This upstream patch is missing: 26d31925cd5e ("tun: implement carrier
change").
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-
next.git/commit/?id=26d31925cd5e
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1806392/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774815] Re: Add bpftool to linux-tools-common
Any news on this topic? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774815 Title: Add bpftool to linux-tools-common Status in linux package in Ubuntu: Triaged Status in linux source package in Cosmic: Triaged Bug description: bpftool is a debugging and introspection tool actively developed by the BPF kernel community. It's developed as part of the kernel source tree under tools/: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/bpf/bpftool It would be really great and appreciated if Ubuntu folks could package this as part of linux-tools-common. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774815/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1806392] Re: tun/tap: unable to manage carrier state from userland
Tests are ok on my side, thanks.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1806392
Title:
tun/tap: unable to manage carrier state from userland
Status in linux package in Ubuntu:
Triaged
Bug description:
This upstream patch is missing: 26d31925cd5e ("tun: implement carrier
change").
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-
next.git/commit/?id=26d31925cd5e
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1806392/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1806392] Re: tun/tap: unable to manage carrier state from userland
Any news for this patch?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1806392
Title:
tun/tap: unable to manage carrier state from userland
Status in linux package in Ubuntu:
Triaged
Bug description:
This upstream patch is missing: 26d31925cd5e ("tun: implement carrier
change").
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-
next.git/commit/?id=26d31925cd5e
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1806392/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812875] Re: ip6_gre: fix tunnel list corruption for x-netns
I reported this bug on behalf of a colleague. He is off this week and
will not be able to test this patch before next week.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1812875
Title:
ip6_gre: fix tunnel list corruption for x-netns
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Bug description:
== SRU Justification ==
Impact: A kernel panic is seen when using some third-party software.
Fix: Upstream commit ab5098fa25b9 ("ip6_gre: fix tunnel list
corruption for x-netns").
Test Case: Confirm that the panic no longer happens with the patch.
Regression Potential: This is a simple fix and suitable for upstream
stable, regressions are unlikely.
---
The following upstream patch is missing in ubuntu-18.04: ab5098fa25b9
("ip6_gre: fix tunnel list corruption for x-netns").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab5098fa25b9
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1812875/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812875] Re: ip6_gre: fix tunnel list corruption for x-netns
This issue is a kernel panic ...
We reproduce it on ubuntu-18.04 with a third party software
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1812875
Title:
ip6_gre: fix tunnel list corruption for x-netns
Status in linux package in Ubuntu:
Incomplete
Bug description:
The following upstream patch is missing in ubuntu-18.04: ab5098fa25b9
("ip6_gre: fix tunnel list corruption for x-netns").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab5098fa25b9
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1812875/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1812875] [NEW] ip6_gre: fix tunnel list corruption for x-netns
Public bug reported:
The following upstream patch is missing in ubuntu-18.04: ab5098fa25b9
("ip6_gre: fix tunnel list corruption for x-netns").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab5098fa25b9
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1812875
Title:
ip6_gre: fix tunnel list corruption for x-netns
Status in linux package in Ubuntu:
Incomplete
Bug description:
The following upstream patch is missing in ubuntu-18.04: ab5098fa25b9
("ip6_gre: fix tunnel list corruption for x-netns").
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ab5098fa25b9
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1812875/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1806392] [NEW] tun/tap: unable to manage carrier state from userland
Public bug reported:
This upstream patch is missing: 26d31925cd5e ("tun: implement carrier
change").
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-
next.git/commit/?id=26d31925cd5e
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1806392
Title:
tun/tap: unable to manage carrier state from userland
Status in linux package in Ubuntu:
New
Bug description:
This upstream patch is missing: 26d31925cd5e ("tun: implement carrier
change").
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-
next.git/commit/?id=26d31925cd5e
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1806392/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1642514] Re: sched: Match-all classifier is missing in xenial
> Note that the iproute2 patch will be needed to use this filter:
>
> https://git.kernel.org/cgit/linux/kernel/git/shemminger/iproute2.git/commit/?id=d5cbf3ff0561
> (embedded headers must be updated also).
This link is dead, here is another one:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=d5cbf3ff0561
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1642514
Title:
sched: Match-all classifier is missing in xenial
Status in iproute2 package in Ubuntu:
New
Status in linux package in Ubuntu:
Fix Released
Status in iproute2 source package in Xenial:
New
Status in linux source package in Xenial:
Fix Released
Bug description:
This is implemented in linux v4.8 by the following upstream patch:
bf3994d2ed31 ("net/sched: introduce Match-all classifier")
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf3994d2ed31
The backport is straightforward. It's useful in combination with
clsact qdisc (see bug #1642510).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1642514/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1771783] Re: iproute2: frr route protocols are not converted to string on xenial
It works on my side:
$ ./ip/ip r a 2.2.2.0/24 via 10.0.2.123 dev mgmt0 proto 188 metric 20
$ ./ip/ip r | grep 2.2.2
2.2.2.0/24 via 10.0.2.123 dev mgmt0 proto 188 metric 20
$ mkdir -p /etc/iproute2/rt_protos.d
$ echo "188 foo" > /etc/iproute2/rt_protos.d/bar.conf
$ ./ip/ip r | grep 2.2.2
2.2.2.0/24 via 10.0.2.123 dev mgmt0 proto foo metric 20
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1771783
Title:
iproute2: frr route protocols are not converted to string on xenial
Status in iproute2 package in Ubuntu:
New
Bug description:
FRR puts its own proto numbers when inserting a route, example:
$ ip route
[snip]
2.2.2.0/24 via 3.3.3.2 dev eth2 proto 188 metric 20
iproute2 defines some protocols, but not all:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/etc/iproute2/rt_protos
A patch has been pushed upstream so that external applications can define
their protocols numbers:
719e331ff619 ("Add support for rt_protos.d")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=719e331ff619
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1771783/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1771764] Re: iproute2: unable to add ip lwt mpls route on xenial
I tested the patch, it works.
Thank you.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1771764
Title:
iproute2: unable to add ip lwt mpls route on xenial
Status in iproute2 package in Ubuntu:
Triaged
Bug description:
The following command does not work:
$ ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev ntfp2
Error: "nexthop" or end of line is expected instead of "encap"
In fact, iproute2 version points to v4.3.0, but the xenial kernel is a 4.4.
$ ip -V
ip utility, iproute2-ss151103
=>
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=6720eceff7b4
With an iproute2 v4.4.0 (iproute2-ss160111), that command works:
$ modprobe mpls_iptunnel
$ ./ip/ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev
ntfp2
$ ./ip/ip r
[snip]
10.201.0.0/24 encap mpls 300 via 10.200.0.1 dev ntfp2
At least, this patch is missing:
1e5293056a02 ("lwtunnel: Add encapsulation support to ip route")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1e5293056a02
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1771764/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774225] Re: netns: unable to follow an interface that moves to another netns
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774225
Title:
netns: unable to follow an interface that moves to another netns
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
Fix Committed
Bug description:
== SRU Justification ==
6Wind is requesting these three patches. The patches fix a bug that prevents
a user
from following an interface that moves to another netns.
These commits are also needed in Xenial. However, they will be sent in
a separate SRU request due to additional prereq commits being needed for
Xenial.
== Fixes ==
b2d3bcfa26a7 ("net: core: Expose number of link up/down transitions")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
== Regression Potential ==
Medium due to three patches needed and the changes to core networking.
== Test Case ==
A test kernel was built with these patches and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774225/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774225] Re: netns: unable to follow an interface that moves to another netns
Well, it could be a workaround but it would be great to have it in the
4.4 if it's not too complicated for you. What do you think?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774225
Title:
netns: unable to follow an interface that moves to another netns
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Bug description:
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774225/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1779830] [NEW] vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
Public bug reported:
The following upstream patch (v4.7) is missing in xenial:
450744051d20 ("vfio/pci: Hide broken INTx support from user")
http://scm/kernels/linux-upstream/commit/?id=450744051d20
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1779830
Title:
vfio/pci: cannot assign a i40e pf device to a vm using vfio-pci
Status in linux package in Ubuntu:
New
Bug description:
The following upstream patch (v4.7) is missing in xenial:
450744051d20 ("vfio/pci: Hide broken INTx support from user")
http://scm/kernels/linux-upstream/commit/?id=450744051d20
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1779830/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774225] Re: netns: unable to follow an interface that moves to another netns
It works for me, thanks!
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774225
Title:
netns: unable to follow an interface that moves to another netns
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Bug description:
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774225/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774225] Re: netns: unable to follow an interface that moves to another netns
The test fails because the attribute IFLA_CARRIER_UP_COUNT and
IFLA_CARRIER_DOWN_COUNT are not declared in this kernel. In this kernel,
IFLA_NEW_IFINDEX has the numeric value of IFLA_CARRIER_UP_COUNT in an upstream
kernel (if I patch iproute2 to use IFLA_CARRIER_UP_COUNT instead of
IFLA_NEW_IFINDEX, I can get the new ifindex).
iproute2 (like a lot of others tools) has a local copy of linux uapi headers,
thus the numeric value of netlink attributes must be the same than upstream.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774225
Title:
netns: unable to follow an interface that moves to another netns
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Status in linux source package in Bionic:
In Progress
Bug description:
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774225/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774225] Re: netns: unable to follow an interface that moves to another netns
Hi Joseph,
we also expect to have those commits in xenial.
The test fails with the patched kernel, only IFLA_NEW_NETNSID seems
there.
With the head of the iproute2 (patches to display those attributes have
been merged this week-end):
root@ubuntu1604:~# ./iproute2/ip/ip monitor link&
[1] 859
root@ubuntu1604:~# ip netns add foo
root@ubuntu1604:~# ip l a type dummy
root@ubuntu1604:~# 3: dummy0: mtu 1500 qdisc noop state DOWN
group default
link/ether 5e:cb:ae:4a:69:f8 brd ff:ff:ff:ff:ff:ff
4: dummy1: mtu 1500 qdisc noop state DOWN group default
link/ether 06:de:2b:94:20:78 brd ff:ff:ff:ff:ff:ff
root@ubuntu1604:~# ip l s dummy1 netns foo
Deleted 4: dummy1: mtu 1500 qdisc noop state DOWN group
default
link/ether 06:de:2b:94:20:78 brd ff:ff:ff:ff:ff:ff new-nsid 0
=> only new-nsid is displayed.
With an upstream kernel, you have:
Deleted 5: dummy0: mtu 1500 qdisc noop state DOWN group
default
link/ether 72:33:30:ba:4c:eb brd ff:ff:ff:ff:ff:ff new-nsid 0 new-ifindex 5
'new-ifindex' is also displayed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774225
Title:
netns: unable to follow an interface that moves to another netns
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
In Progress
Bug description:
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774225/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774225] [NEW] netns: unable to follow an interface that moves to another netns
Public bug reported:
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774225
Title:
netns: unable to follow an interface that moves to another netns
Status in linux package in Ubuntu:
Incomplete
Bug description:
The following upstream patches are missing (v4.16):
6621dd29eb9b ("dev: advertise the new nsid when the netns iface changes")
c36ac8e23073 ("dev: always advertise the new nsid when the netns iface
changes")
38e01b30563a ("dev: advertise the new ifindex when the netns iface changes")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6621dd29eb9b
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c36ac8e23073
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=38e01b30563a
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774225/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766573] Re: linux < 4.11: unable to use netfilter logging from non-init namespaces
** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1766573 Title: linux < 4.11: unable to use netfilter logging from non-init namespaces Status in linux package in Ubuntu: Fix Released Status in linux source package in Xenial: Fix Committed Bug description: Was disabled by the following patch (linux 3.10): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69b34fb996b2 netfilter: xt_LOG: add net namespace support for xt_LOG And fixed in linux 4.11: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2851940ffee3 netfilter: allow logging from non-init namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1766573/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1642510] Re: sched: clsact qdisc is missing in xenial
Still in progress?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1642510
Title:
sched: clsact qdisc is missing in xenial
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
In Progress
Bug description:
This is implemented in linux v4.5 by the following upstream patch:
1f211a1b929c ("net, sched: add clsact qdisc")
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f211a1b929c
The backport is straightforward.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1642510/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1642514] Re: sched: Match-all classifier is missing in xenial
Any news for the iproute2 part?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1642514
Title:
sched: Match-all classifier is missing in xenial
Status in iproute2 package in Ubuntu:
New
Status in linux package in Ubuntu:
Fix Released
Status in iproute2 source package in Xenial:
New
Status in linux source package in Xenial:
Fix Released
Bug description:
This is implemented in linux v4.8 by the following upstream patch:
bf3994d2ed31 ("net/sched: introduce Match-all classifier")
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf3994d2ed31
The backport is straightforward. It's useful in combination with
clsact qdisc (see bug #1642510).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1642514/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1771764] Re: iproute2: unable to add ip lwt mpls route on xenial
** Package changed: linux (Ubuntu) => iproute2 (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to iproute2 in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1771764
Title:
iproute2: unable to add ip lwt mpls route on xenial
Status in iproute2 package in Ubuntu:
Incomplete
Bug description:
The following command does not work:
$ ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev ntfp2
Error: "nexthop" or end of line is expected instead of "encap"
In fact, iproute2 version points to v4.3.0, but the xenial kernel is a 4.4.
$ ip -V
ip utility, iproute2-ss151103
=>
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=6720eceff7b4
With an iproute2 v4.4.0 (iproute2-ss160111), that command works:
$ modprobe mpls_iptunnel
$ ./ip/ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev
ntfp2
$ ./ip/ip r
[snip]
10.201.0.0/24 encap mpls 300 via 10.200.0.1 dev ntfp2
At least, this patch is missing:
1e5293056a02 ("lwtunnel: Add encapsulation support to ip route")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1e5293056a02
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1771764/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1771783] [NEW] iproute2: frr route protocols are not converted to string on xenial
Public bug reported:
FRR puts its own proto numbers when inserting a route, example:
$ ip route
[snip]
2.2.2.0/24 via 3.3.3.2 dev eth2 proto 188 metric 20
iproute2 defines some protocols, but not all:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/etc/iproute2/rt_protos
A patch has been pushed upstream so that external applications can define their
protocols numbers:
719e331ff619 ("Add support for rt_protos.d")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=719e331ff619
** Affects: iproute2 (Ubuntu)
Importance: Undecided
Status: New
** Package changed: linux (Ubuntu) => iproute2 (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Matching subscriptions: iproute2
https://bugs.launchpad.net/bugs/1771783
Title:
iproute2: frr route protocols are not converted to string on xenial
Status in iproute2 package in Ubuntu:
New
Bug description:
FRR puts its own proto numbers when inserting a route, example:
$ ip route
[snip]
2.2.2.0/24 via 3.3.3.2 dev eth2 proto 188 metric 20
iproute2 defines some protocols, but not all:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/tree/etc/iproute2/rt_protos
A patch has been pushed upstream so that external applications can define
their protocols numbers:
719e331ff619 ("Add support for rt_protos.d")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=719e331ff619
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1771783/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1771764] [NEW] iproute2: unable to add ip lwt mpls route on xenial
Public bug reported:
The following command does not work:
$ ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev ntfp2
Error: "nexthop" or end of line is expected instead of "encap"
In fact, iproute2 version points to v4.3.0, but the xenial kernel is a 4.4.
$ ip -V
ip utility, iproute2-ss151103
=>
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=6720eceff7b4
With an iproute2 v4.4.0 (iproute2-ss160111), that command works:
$ modprobe mpls_iptunnel
$ ./ip/ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev
ntfp2
$ ./ip/ip r
[snip]
10.201.0.0/24 encap mpls 300 via 10.200.0.1 dev ntfp2
At least, this patch is missing:
1e5293056a02 ("lwtunnel: Add encapsulation support to ip route")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1e5293056a02
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1771764
Title:
iproute2: unable to add ip lwt mpls route on xenial
Status in linux package in Ubuntu:
New
Bug description:
The following command does not work:
$ ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev ntfp2
Error: "nexthop" or end of line is expected instead of "encap"
In fact, iproute2 version points to v4.3.0, but the xenial kernel is a 4.4.
$ ip -V
ip utility, iproute2-ss151103
=>
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=6720eceff7b4
With an iproute2 v4.4.0 (iproute2-ss160111), that command works:
$ modprobe mpls_iptunnel
$ ./ip/ip route add 10.201.0.0/24 nexthop encap mpls 300 via 10.200.0.1 dev
ntfp2
$ ./ip/ip r
[snip]
10.201.0.0/24 encap mpls 300 via 10.200.0.1 dev ntfp2
At least, this patch is missing:
1e5293056a02 ("lwtunnel: Add encapsulation support to ip route")
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1e5293056a02
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1771764/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766573] Re: linux < 4.11: unable to use netfilter logging from non-init namespaces
Test is ok on my side. Thank you for the quick fix! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1766573 Title: linux < 4.11: unable to use netfilter logging from non-init namespaces Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Was disabled by the following patch (linux 3.10): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69b34fb996b2 netfilter: xt_LOG: add net namespace support for xt_LOG And fixed in linux 4.11: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2851940ffee3 netfilter: allow logging from non-init namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1766573/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1766573] [NEW] linux < 4.11: unable to use netfilter logging from non-init namespaces
Public bug reported: Was disabled by the following patch (linux 3.10): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69b34fb996b2 netfilter: xt_LOG: add net namespace support for xt_LOG And fixed in linux 4.11: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2851940ffee3 netfilter: allow logging from non-init namespaces ** Affects: linux (Ubuntu) Importance: Undecided Status: Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1766573 Title: linux < 4.11: unable to use netfilter logging from non-init namespaces Status in linux package in Ubuntu: Incomplete Bug description: Was disabled by the following patch (linux 3.10): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=69b34fb996b2 netfilter: xt_LOG: add net namespace support for xt_LOG And fixed in linux 4.11: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2851940ffee3 netfilter: allow logging from non-init namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1766573/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1704102] Re: bonding: stack dump when unregistering a netdev
This bug was found on ubuntu 16.04.
I don't reproduce the bug with your Artful kernel.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1704102
Title:
bonding: stack dump when unregistering a netdev
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Artful:
In Progress
Bug description:
Here is the reproducer:
ip netns add foo
ip -n foo link add dummy1 type dummy
ip -n foo link add dummy2 type dummy
modprobe bonding
ip -n foo link add bond1 type bond
ip -n foo link set dev bond1 down
ip -n foo addr add 10.10.10.1/24 dev bond1
ip -n foo link set dev bond1 up
ip -n foo link set dummy1 master bond1
ip -n foo link set dummy2 master bond1
ip -n foo link set bond1 mtu 1540
# Move slaves to init_net
ip -n foo link set dummy1 netns 1
ip -n foo link set dummy2 netns 1
# idev are still in netns foo for dummy interfaces:
ip netns exec foo ls /proc/sys/net/ipv4/conf/
ip netns exec foo ls /proc/net/dev_snmp6/
ip netns del foo
dmesg
The bug has been fixed upstream by this patch:
f51048c3e07b ("bonding: avoid NETDEV_CHANGEMTU event when
unregistering slave")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/net/bonding?id=f51048c3e07b
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1704102/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1704102] [NEW] bonding: stack dump when unregistering a netdev
Public bug reported:
Here is the reproducer:
ip netns add foo
ip -n foo link add dummy1 type dummy
ip -n foo link add dummy2 type dummy
modprobe bonding
ip -n foo link add bond1 type bond
ip -n foo link set dev bond1 down
ip -n foo addr add 10.10.10.1/24 dev bond1
ip -n foo link set dev bond1 up
ip -n foo link set dummy1 master bond1
ip -n foo link set dummy2 master bond1
ip -n foo link set bond1 mtu 1540
# Move slaves to init_net
ip -n foo link set dummy1 netns 1
ip -n foo link set dummy2 netns 1
# idev are still in netns foo for dummy interfaces:
ip netns exec foo ls /proc/sys/net/ipv4/conf/
ip netns exec foo ls /proc/net/dev_snmp6/
ip netns del foo
dmesg
The bug has been fixed upstream by this patch:
f51048c3e07b ("bonding: avoid NETDEV_CHANGEMTU event when unregistering
slave")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/net/bonding?id=f51048c3e07b
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1704102
Title:
bonding: stack dump when unregistering a netdev
Status in linux package in Ubuntu:
Incomplete
Bug description:
Here is the reproducer:
ip netns add foo
ip -n foo link add dummy1 type dummy
ip -n foo link add dummy2 type dummy
modprobe bonding
ip -n foo link add bond1 type bond
ip -n foo link set dev bond1 down
ip -n foo addr add 10.10.10.1/24 dev bond1
ip -n foo link set dev bond1 up
ip -n foo link set dummy1 master bond1
ip -n foo link set dummy2 master bond1
ip -n foo link set bond1 mtu 1540
# Move slaves to init_net
ip -n foo link set dummy1 netns 1
ip -n foo link set dummy2 netns 1
# idev are still in netns foo for dummy interfaces:
ip netns exec foo ls /proc/sys/net/ipv4/conf/
ip netns exec foo ls /proc/net/dev_snmp6/
ip netns del foo
dmesg
The bug has been fixed upstream by this patch:
f51048c3e07b ("bonding: avoid NETDEV_CHANGEMTU event when
unregistering slave")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/net/bonding?id=f51048c3e07b
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1704102/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1690094] Re: linux <3.18: netlink notification is missing when an interface is modified
What is the plan? Those patches will be applied again when bug #1703401 will be fixed? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1690094 Title: linux <3.18: netlink notification is missing when an interface is modified Status in linux package in Ubuntu: In Progress Status in linux source package in Trusty: In Progress Bug description: The following upstream patches are missing: ba9989069f4e rtnl/do_setlink(): notify when a netdev is modified 90c325e3bfe1 rtnl/do_setlink(): last arg is now a set of flags 1889b0e7efe8 rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated 5d1180fcacc5 rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba9989069f4e https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90c325e3bfe1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1889b0e7efe8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d1180fcacc5 There is several ways to reproduce the problem. Here is an example: ip monitor link& ip link set eth1 txqueuelen 18 => no notification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1690094/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1697892] Re: linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
Thibaut confirms that the bug is resolved for 100G (xenial). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1697892 Title: linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Status in linux source package in Artful: In Progress Bug description: These upstream patches are needed to correctly handle 5G, 25G and 50G speeds in 802.3ad: 19ddde1eeca1 bonding: add 802.3ad support for 25G speeds https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19ddde1eeca1e c7c550670afd bonding: fix 802.3ad support for 5G and 50G speeds https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=c7c550670af To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1697892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1697892] Re: linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
Thibaut will test the xenial kernel next week. Is it ok? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1697892 Title: linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Status in linux source package in Artful: In Progress Bug description: These upstream patches are needed to correctly handle 5G, 25G and 50G speeds in 802.3ad: 19ddde1eeca1 bonding: add 802.3ad support for 25G speeds https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19ddde1eeca1e c7c550670afd bonding: fix 802.3ad support for 5G and 50G speeds https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=c7c550670af To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1697892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1697892] Re: linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
And you said, you had already backport it :D -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1697892 Title: linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Status in linux source package in Artful: In Progress Bug description: These upstream patches are needed to correctly handle 5G, 25G and 50G speeds in 802.3ad: 19ddde1eeca1 bonding: add 802.3ad support for 25G speeds https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19ddde1eeca1e c7c550670afd bonding: fix 802.3ad support for 5G and 50G speeds https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=c7c550670af To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1697892/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
