BPF socket filtering doesn't work in on Linux 5.4.0-126 (Ubuntu 20.04.5) but on Linux 5.4.0-126 (Ubuntu 20.04.6)

[Florian Scholz]

Dear kernel community,
we have some Linux driver code which applies a mac address filtering to a kernel network socket.

      /* generated with 'tcpdump ether src aa:bb:cc:11:22:33 -dd */
      struct sock_filter lsf_code[] = {
                  { 0x20, 0, 0, 0x00000008 },
                  { 0x15, 0, 3, 0xcc112233 },
                  { 0x28, 0, 0, 0x00000006 },
                  { 0x15, 0, 1, 0x0000aabb },
                  { 0x6, 0, 0, 0x0000ffff },
                  { 0x6, 0, 0, 0x00000000 },
      };
               if ((result = sock_setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, *((sockptr_t *)&lsf), sizeof(lsf))) < 0) {

                       PRINTE("open2(%d): attachment of LSF to socket failed - result %d\n",

                                       dev, result);

                       return (result);

               }


For some reason, the mac address filtering works on Kernel 5.4.0-126 for Ubuntu 20.04.6 but not for 20.04.5. Do you have any idea what causes this issue? The kernel uses the same configuration, sysctl -a has no significant differences on the networking side and the bootargs are the same. Both installation are OOTB in a virtual machine. 

Switching over to Ubuntu 20.04.6 is currently not an option for the customer.

Best regards,
Florian

M. Sc. Florian Scholz | Software Engineering  | florian.scholz at nateurope.com |  T: +49 228 965 864 55
Gesellschaft für Netzwerk- und Automatisierungs-Technologie mbH (N.A.T.), Konrad-Zuse-Platz 9, 53227 Bonn, Germany,  Registered at District Court of Siegburg: HRB 3233