Public bug reported: Since kernel v6.7, GRO offloading of UDP-encapsulated ESP packets is supported. This is enabled for individual UDP sockets via the UDP_ENCAP_ESPINUDP and UDP_GRO options.
Unfortunately, the original implementation caused issues in some cases. In particular, if the esp4_offload/esp6_offload modules are not loaded (the default). This could prevent IKE or UDP-encapsulated ESP packets from getting received on such a socket. As this happens in the kernel's GRO layer, there is no indication to the user that a packet was received and dropped (e.g. in tcpdump/Wireshark or Netfilter). So it's difficult to debug. A fix for this issue was included in v6.15 and backported to the two affected stable/longterm trees (6.14 and 6.12): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e3fd0577768584ece824c8b661c40fb3d912812a But because the kernels in Ubuntu 22.04 LTS (HWE) and 24.04 LTS (HWE) are 6.8 and 6.11, which are both affected but no official longterm kernels, the fix might not get backported automatically. So I'd like to request a backport explicitly because we intend to enable the UDP_GRO option in the next strongSwan release, which some users are likely going to run on Ubuntu LTS. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Summary changed: - Backport request for IPsec UDP GRO option issue + Backport request for fix for IPsec UDP GRO option issue -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2113868 Title: Backport request for fix for IPsec UDP GRO option issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2113868/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
