Public bug reported:
* Explain the bug(s)
CT state not reset when packet redirected to different port, thus
making it possible to match rules with wrong ct state on the other port.
* brief explanation of fixes
Reset ct state when redirecting to a different port.
The sauce fix being reverted and should apply the upstream fix to catch all
cases correctly.
* How to test
tc qdisc add dev veth0 clsact
# The same with "action mirred egress mirror dev veth1" or "action mirred
ingress redirect dev veth1"
tc filter add dev veth0 egress chain 1 protocol ip flower ct_state +trk action
mirred ingress mirror dev veth1
tc filter add dev veth0 egress chain 0 protocol ip flower ct_state -inv action
ct commit action goto chain 1
tc qdisc add dev veth1 clsact
tc filter add dev veth1 ingress chain 0 protocol ip flower ct_state +trk action
drop
ping <remove ip via veth0> &
tc -s filter show dev veth1 ingress
With command 'tc -s filter show', we can find the pkts were dropped on veth1.
* What it could break.
Wrong matching. Traffic failure when redirecting to different ports and there
are more
rules to match on the other port.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1940448
Title:
CT state not reset when packet redirected to different port
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1940448/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
