This bug is awaiting verification that the linux-azure/5.15.0-1043.50 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-jammy' to 'verification-done-jammy'. If the problem still exists, change the tag 'verification-needed-jammy' to 'verification-failed-jammy'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-jammy-linux-azure -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2016269 Title: conntrack mark is not advertised via netlink Status in linux package in Ubuntu: Invalid Status in linux source package in Jammy: Fix Released Status in linux source package in Kinetic: Fix Released Bug description: SRU justification sent to ML: [Impact] There was a commit 95fcb42e5f20 ("netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark") that introduces a regression where the "mark" variable is no longer dumped in netlink netfilter conntrack messages, which userspace tools use to mark and track connections. [Fix] Introduce the upstream fix 9f7dd42f0db1 ("netfilter: ctnetlink: revert to dumping mark regardless of event type") that always dumps the 'mark' variable for conntrack entries. This fix has also landed in 5.15 upstream stable. [Test] Run 'conntrack -E' and check the output of connection entries. The 'mark' variable should now be present in connection entries after the fix. before fix: > tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1 after fix: > tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1 [Where problems could occur] The fixes are pretty straight forward so regression potential should be minimal. ---------------------------------------- [Impact] The last merge of the v5.15 stable (see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2003134) has introduced a bug on netlink netfilter conntrack messages. The problematic commit is 95fcb42e5f20 ("netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark"): https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=95fcb42e5f20 This bug has been fixed in upstream commit 9f7dd42f0db1 ("netfilter: ctnetlink: revert to dumping mark regardless of event type"): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9f7dd42f0db1 which has been backported in v5.15.103: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bef8cf77e21c [Test Case] Run 'conntrack -E' and check the output. Before the problematic commit: > tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1 'mark=' is seen on connrtack event after: > tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1 => 'mark=' is not seen. [Regression Potential] The patch is quite simple. It has been backported in the official 5.15 stable. The risk of regression should be contained. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2016269/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
