Any news on this topic?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1774815
Title:
Add bpftool to linux-tools-common
Status in linux package in Ubuntu:
Triaged
Status in linux
** Tags removed: verification-needed-bionic verification-needed-cosmic
** Tags added: verification-done-bionic verification-done-cosmic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Any news for this patch?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1806392
Title:
tun/tap: unable to manage carrier state from userland
Status in linux package in Ubuntu:
I reported this bug on behalf of a colleague. He is off this week and
will not be able to test this patch before next week.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1812875
Title:
This issue is a kernel panic ...
We reproduce it on ubuntu-18.04 with a third party software
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1812875
Title:
ip6_gre: fix tunnel list
Public bug reported:
The upstream commit 2f3ab6221e4c ("tuntap: correctly set SOCKWQ_ASYNC_NOSPACE")
is missing.
Without this patch, userspace apps that use tuntap may be blocked.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2f3ab6221e4c
** Affects: linux
This bug is still there, valid packets may be dropped with variable
length protocols like IP tunnels for example. Any actions expected on my
side?
** Changed in: linux (Ubuntu)
Status: Expired => New
--
You received this bug notification because you are a member of Kernel
Packages, which
Can I do something to help?
** Changed in: linux (Ubuntu)
Status: Expired => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1825985
Title:
macvlan: add ndo_change_proto_down
root@ubuntu1604:~# dpkg --list | grep iproute2
ii iproute2 4.3.0-1ubuntu3.16.04.4
amd64networking and traffic control tools
root@ubuntu1604:~# apt-get install iproute2/xenial-proposed
Reading package lists... Done
Building dependency tree
Public bug reported:
There was several problems reported upstream:
1/ 56c5ee1a5823: xfrm interface: fix memory leak on creation
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=56c5ee1a5823
2/ xfrm interface: avoid corruption on changelink
Public bug reported:
The following linux upstream patches are missing to support vrrp with
frr:
- b58996795dc4 ("net: dev: add generic protodown handler")
- 2e8b4ba64676 ("macvlan: add ndo_change_proto_down support")
- 8f1af75df3a7 ("vxlan: add ndo_change_proto_down support")
Public bug reported:
With an IPv6 raw socket, packets may be dropped during the neighbour
resolution. It is fixed upstream by these patches:
9b1c1ef13b35 ipv6: constify rt6_nexthop()
2c6b55f45d53 ipv6: fix neighbour resolution with raw socket
** Changed in: linux (Ubuntu)
Status: Expired => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1830756
Title:
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
Status in linux
** Changed in: linux (Ubuntu)
Status: Expired => New
** Description changed:
After backport of linux upstream commit 9ed988cd5915 ("packet: validate
variable length ll headers") (https://kernel.ubuntu.com/git/ubuntu
/ubuntu-bionic.git/commit/?id=c6026847a0a1) the following upstream
** Description changed:
+ [SRU Justification]
+
+ == Impact ==
+
+ IPv6 packets may be dropped during the neighbor resolution when a
+ userspace program uses IPv6 raw sockets. The commit that introduces
+ this bug has not been identified, but it's here at least from Xenial (4.4).
+ This was
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1830756
Title:
tuntap: correctly set
Here are the official commits from Linus tree:
56c5ee1a5823 ("xfrm interface: fix memory leak on creation")
e9e7e85d75f3 ("xfrm interface: avoid corruption on changelink")
e0aaa332e6a9 ("xfrm interface: ifname may be wrong in logs")
c5d1030f2300 ("xfrm interface: fix list corruption for x-netns")
Tests are ok for us.
** Tags removed: verification-needed-disco
** Tags added: verification-done-disco
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1834465
Title:
ipv6: fix neighbour
The series has been included in the ipsec tree:
https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git/log/?h=22d6552f827e
It will hit linus tree soon.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Public bug reported:
The following upstream patch is missing:
- 993e4c929a07 netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=993e4c929a07
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
** Description changed:
- The following upstream patch is missing:
+ [SRU Justification]
- - 993e4c929a07 netns: fix NLM_F_ECHO mechanism for RTM_NEWNSID
+ [Impact]
+
+ The netlink flag NLM_F_ECHO has no effect with the rtnetlink command
+ RTM_NEWNSID. This has been fixed in v5.4 by the
root@dut-vm:~# ip netns add foo
root@dut-vm:~# ip netns add bar
root@dut-vm:~# ip -n foo netns set bar 0
root@dut-vm:~# ip -n foo link add xfrmi0 link-netnsid 0 type xfrm dev lo if_id
23
root@dut-vm:~# ip -n bar link ls xfrmi0
Device "xfrmi0" does not exist.
root@dut-vm:~# ip -n foo link ls
Tests are ok here.
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1834465
Title:
ipv6: fix neighbour
** Tags removed: verification-needed-eoan
** Tags added: verification-done-eoan
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1860969
Title:
ipsec interfaces: fix sending with
Public bug reported:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
-
** Description changed:
[SRU Justification]
[Impact]
Packets encapsulated into a vxlan tunnel with openvswitch don't have the
same udp source port for the first packet and the following ones of the
same TCP flow in a DOCKER scenario usecase.
In fact, when using the kernel
** Description changed:
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an
AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- - 95224166a903 ("vti[6]: fix packet tx through
Public bug reported:
[Impact]
When a user dump pdp contextes, it cannot associate them with existing
gtp interfaces. Thus, the dump is unusable.
This problem has been fixed in the upstream commit b274e47d9e3f ("gtp: add
GTPA_LINK info to msg sent to userspace"):
I don't understand which kernel should be tested on xenial. The kernel
4.15.0-112-generic does not have the bug.
** Tags removed: verification-needed-bionic verification-needed-focal
** Tags added: verification-done-bionic verification-done-focal
--
You received this bug notification because
Here is an example:
root@ubuntu1804hwe:~# uname -a
Linux ubuntu1804hwe 5.4.0-47-generic #51~18.04.1-Ubuntu SMP Sat Sep 5 14:35:50
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1804hwe:~# cat test.c
#include
#include
#ifndef __section
# define __section(NAME)
With a newer kernel, the last command succeeds (not output):
root@ubuntu1804hwe:~# uname -a
Linux ubuntu1804hwe 5.9.0-rc3-ge1b81391421b+6wind-net #1 SMP Mon Sep 21
19:31:31 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1804hwe:~# tc filter add dev dummy1 egress matchall action bpf obj
I forget to explain how to check that the tc command was accepted:
root@ubuntu1804hwe:~# tc filter show dev dummy1 egress
filter protocol all pref 49152 matchall chain 0
filter protocol all pref 49152 matchall chain 0 handle 0x1
not_in_hw
action order 1: bpf test.o:[test] id 9 tag
Public bug reported:
[Impact]
tc ebpf program that uses BPF_FUNC_skb_change_head are rejected.
This helper exists since linux v4.10, but it cannot be used until the the
upstream commit 6f3f65d80dac ("net: bpf: Allow TC programs to call
BPF_FUNC_skb_change_head"):
Public bug reported:
[Impact]
When the user tries to update the priority field of a SP, the SP is not
updated *AND* a new SP is created. This results to a broken IPsec
configuration.
This problem has been fixed in the upstream commit 4f47e8ab6ab7 ("xfrm: policy:
match with both mark and mask
Public bug reported:
[Impact]
When a netns is removed, it may corrupt x-netns xfrm interfaces that
have their link part in this netns. It will later trigger an oops when
those interfaces are removed.
This problem has been fixed in the upstream commit c95c5f58b35e ("xfrm
interface: fix oops when
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1896504
Title:
tc/ebpf: unable to use
Public bug reported:
[Impact]
The ebpf function 'bpf_redirect' reset the mark when used with the flag
BPF_F_INGRESS.
There are two main problems with that:
- it's not consistent between legacy tunnels and ebpf;
- it's not consistent between ingress and egress.
In fact, the eBPF program can
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark
** Tags removed: verification-needed-hirsute
** Tags added: verification-done-hirsute
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040
Title:
dev_forward_skb: do not scrub skb mark
Public bug reported:
[Impact]
The tc ebpf bpf_redirect() function cannot be used with ipv6 gre
interface.
This is fixed upstream with commit a3fa449ffcf5 ("net: handle
ARPHRD_IP6GRE in dev_is_mac_header_xmit()"), included in linux v5.14.
Public bug reported:
[Impact]
There are cases, where deleting a VRF device can hang waiting for the refcnt to
drop to 0, with the message:
unregister_netdevice: waiting for vrf1 to become free. Usage count = 1
This is fixed upstream with commit b87b04f5019e ("ipv4: Fix device used
for
Public bug reported:
[Impact]
When tuntap interfaces are slaves of a bonding interface, arp monitoring
is unusable.
This is fixed upstream with commit a31d27fbed5d ("tun: fix bonding
active backup with arp monitoring"). It will be included in linux v5.16.
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre
** Tags removed: verification-needed-hirsute
** Tags added: verification-done-hirsute
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6
** Tags removed: verification-needed-impish
** Tags added: verification-done-impish
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre
** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1947164
Title:
ebpf: bpf_redirect fails with ip6 gre
Public bug reported:
[Impact]
The ipv6 sysctl entry 'disable_policy' has effect for local packets only
(while the ipv4 version is for all packets coming from the specified
interface).
This is fixed upstream with commit ccd27f05ae7b ("ipv6: fix
'disable_policy' for fwd packets").
The patch has been merged in ubuntu focal:
https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=fa748ace5184
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1951606
Title:
This patch has been backported in the official linux stable 5.4:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.4.y=01a7ecd36d1e
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Public bug reported:
[Impact]
An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105. In
fact, the regression has been introduced by this backport:
https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135
It has been fixed upstream by this commit:
For the record, the patch has been backported in Lunar/Jammy/Focal:
https://lists.ubuntu.com/archives/kernel-team/2023-August/141562.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
** Description changed:
[Impact]
An xfrm interface cannot be changed any more since Ubuntu-hwe-5.4-5.4.0-105.
In fact, the regression has been introduced by this backport:
https://kernel.ubuntu.com/git/ubuntu/ubuntu-focal.git/commit/?id=13a02539b135
It has been fixed upstream by
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1968591
Title:
xfrm interface cannot be changed anymore
** Tags removed: verification-needed-impish
** Tags added: verification-done-impish
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1968591
Title:
xfrm interface cannot be changed
Public bug reported:
[Impact]
Packets sent by userland apps are rejected/dropped if the source address
is not specified and the corresponding route is using a connected
nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following
upstream commits:
-
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988584
Title:
cgroup: all controllers mounted when using 'cgroup_no_v1='
Status in linux package
Before the update:
++
root@ubuntu2004:~/linux# uname -a
Linux ubuntu2004 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022
x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu2004:~/linux# tools/testing/selftests/net/fib_nexthop_nongw.sh
TEST: nexthop: get route with nexthop
** Tags added: verification-done-focal verification-done-jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988809
Title:
ip/nexthop: fix default address selection for connected
** Summary changed:
- cgroup: all controller mounted when using 'cgroup_no_v1='
+ cgroup: all controllers mounted when using 'cgroup_no_v1='
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Public bug reported:
[Impact]
When mounting a cgroup hierarchy with disabled controller in cgroup v1,
all available controllers will be attached.
For example, boot with cgroup_no_v1=cpu or cgroup_disable=cpu, and then
mount with "mount -t cgroup -ocpu cpu /sys/fs/cgroup/cpu", then all
enabled
I cannot test this kernel.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1988809
Title:
ip/nexthop: fix default address selection for connected nexthop
Status in linux package in
** Description changed:
[Impact]
- after the last merge of the v5.15 stable (see
+ The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is
Public bug reported:
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix compilation
warning after data
Test with linux-nvidia-5.19/5.19.0-1014.14 are ok.
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Tests are ok.
** Tags removed: verification-needed-kinetic
** Tags added: verification-done-kinetic
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not
In fact, those patches are not enough, a lot more are needed:
- ba79a32acfde ("crypto: qat - replace deprecated MSI API")
- 0e64dcd7c94b ("crypto: qat - remove unmatched CPU affinity to cluster IRQ")
- 9832fdc917de ("crypto: qat - free irqs only if allocated")
- 70fead3adb4e ("crypto: qat -
Any news?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2024187
Title:
xfrm: packets sent trough a raw socket don't match ipsec policies with
proto selector
Status in linux package
Public bug reported:
[Impact]
When a userland application sends packets through an IPv4 or IPv6 raw
socket, these packets don't match ipsec policies that are configured
with a protocol selector.
The problem has been fixed in linux v6.4 with commit 3632679d9e4f
("ipv{4,6}/raw: fix output xfrm
Tests with linux-image-unsigned-5.15.0-1033-intel-iotg are ok.
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
Public bug reported:
[Target]
Jammy kernel.
[Impact]
The PCI device cannot be initialized.
This has been fixed in linux v5.18 with the below commits:
- a9dc0d966605 ("crypto: qat - add PFVF support to the GEN4 host driver")
Tests are ok.
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not
101 - 172 of 172 matches
Mail list logo
