[Kernel-packages] [Bug 1935040] Re: dev_forward_skb: do not scrub skb mark within the same name space

Mon, 23 Aug 2021 10:50:52 -0700 

** Tags removed: verification-needed-focal
** Tags added: verification-done-focal

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1935040

Title:
  dev_forward_skb: do not scrub skb mark within the same name space

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Hirsute:
  Fix Committed
Status in linux source package in Impish:
  In Progress

Bug description:
  [Impact]

  The ebpf function 'bpf_redirect' reset the mark when used with the flag 
BPF_F_INGRESS.
  There are two main problems with that:
   - it's not consistent between legacy tunnels and ebpf;
   - it's not consistent between ingress and egress.

  In fact, the eBPF program can easily reset the mark, but it cannot
  preserve it.

  This kind of patch was already done in the past, see commit
  963a88b31ddb ("tunnels: harmonize cleanup done on skb on xmit path"),
  commit ea23192e8e57 ("tunnels: harmonize cleanup done on skb on rx
  path") and commit 213dd74aee76 ("skbuff: Do not scrub skb mark within
  the same name space").

  This is fixed upstream with commit ff70202b2d1a ("dev_forward_skb: do
  not scrub skb mark within the same name space").

  
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff70202b2d1a

  [Test Case]

  Mark a packet in the POSTROUTING hook, redirect it to another
  interface and display it with a netfilter log rule to check the mark.

  [Regression Potential]

  A user could expect that the mark is reset after a call to
  bpf_redirect(BPF_F_INGRESS), but he could easily reset it in the eBPF
  program himself.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1935040/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to