NAK: [SRU][F/E/B/X][PATCH 0/2] ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Kleber Souza
kleber.souza at canonical.com
Thu Feb 13 09:32:00 UTC 2020
On 10.02.20 17:59, Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
>
> [SRU Justification]
>
> [Impact]
>
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET socket are dropped (no carrier).
>
> This has been fixed in v5.5 by the following upstream commits
> - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
> - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
>
> The bug exists since the beginning of each driver.
>
> == Fix ==
>
> Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
>
> == Risk of Regression ==
>
> This patch affects only the cases described above (when no dst is attached to the skb), thus the risk should be low.
>
> Nicolas Dichtel (2):
> vti[6]: fix packet tx through bpf_redirect()
> xfrm interface: fix packet tx through bpf_redirect()
>
> net/ipv4/ip_vti.c | 13 +++++++++++--
> net/ipv6/ip6_vti.c | 13 +++++++++++--
> net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
> 3 files changed, 47 insertions(+), 11 deletions(-)
>
A V2 of this patchset has been sent to fix issues with the cover letter,
so I'm NAK'ing this thread.
Thanks!
More information about the kernel-team
mailing list