APPLIED: [SRU][N/O][PATCH 0/1] Backport "netkit: Add option for scrubbing meta data"
Mehmet Basaran
mehmet.basaran at canonical.com
Mon Jan 13 08:14:28 UTC 2025
Tim Whisonant <tim.whisonant at canonical.com> writes:
> BugLink: https://bugs.launchpad.net/bugs/2091184
>
> SRU Justification:
>
> [Impact]
>
> * When running Cilium with netkit in per-endpoint-routes mode,
> network policy misclassifies traffic. In this direct routing
> mode of Cilium, which is used in case of GKE/EKS/AKS, the Pod's
> BPF program to enforce policy sits on the netkit primary device's
> egress side.
>
> [Fix]
>
> * This has been fixed upstream via commit:
> 83134ef4609388f6b9ca31a384f531155196c2a7 : netkit: Add option for
> scrubbing skb meta data
>
> [Test Plan]
>
> * Boot-tested the changes in GCP environment on amd64 hardware.
>
> [Where problems could occur]
>
> * There could be a difference in cache behavior with the struct
> netkit with the added enum in the 4-byte hole between policy
> and bundle.
>
> [Other Info]
>
> * Changes are limited to the NetKit driver. Risk is considered low as
> the changes are limited and apply cleanly from upstream.
> * SF #00402561
>
> Daniel Borkmann (1):
> netkit: Add option for scrubbing skb meta data
>
> drivers/net/netkit.c | 68 +++++++++++++++++++++++++++++-------
> include/uapi/linux/if_link.h | 15 ++++++++
> 2 files changed, 70 insertions(+), 13 deletions(-)
>
> --
> 2.43.0
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to oracular:linux, noble:linux master-next branches. Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 873 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20250113/56f4647c/attachment.sig>
More information about the kernel-team
mailing list