** Changed in: linux (Ubuntu Jammy)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Kinetic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2016269
Title:
conntrack mark is not advertised via netlink
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Jammy:
Fix Committed
Status in linux source package in Kinetic:
Fix Committed
Bug description:
SRU justification sent to ML:
[Impact]
There was a commit 95fcb42e5f20
("netfilter: ctnetlink: fix compilation warning after data race fixes in ct
mark")
that introduces a regression where the "mark" variable is no longer
dumped in netlink netfilter conntrack messages, which userspace tools use
to mark and track connections.
[Fix]
Introduce the upstream fix 9f7dd42f0db1
("netfilter: ctnetlink: revert to dumping mark regardless of event type")
that always dumps the 'mark' variable for conntrack entries.
This fix has also landed in 5.15 upstream stable.
[Test]
Run 'conntrack -E' and check the output of connection entries.
The 'mark' variable should now be present in connection entries after
the fix.
before fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
after fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345
src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
[Where problems could occur]
The fixes are pretty straight forward so regression potential should be
minimal.
----------------------------------------
[Impact]
The last merge of the v5.15 stable (see
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has
introduced a bug on netlink netfilter conntrack messages.
The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix
compilation warning after data race fixes in ct mark"):
https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20
This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter:
ctnetlink: revert to dumping mark regardless of event type"):
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1
which has been backported in v5.15.103:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c
[Test Case]
Run 'conntrack -E' and check the output.
Before the problematic commit:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED]
mark=0 use=1
'mark=' is seen on connrtack event
after:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789
dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
=> 'mark=' is not seen.
[Regression Potential]
The patch is quite simple. It has been backported in the official 5.15
stable. The risk of regression should be contained.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
