Public bug reported:
* Explain the bug(s)
There is possible deadlock during reload mlxsw into initial netns made possible
by commit:
328fbe747ad4 ("net: Close race between {un, }register_netdevice_notifier() and
setup_net()/cleanup_net()").
* Brief explanation of fixes
Introduce dev_net varian
** Changed in: linux-bluefield (Ubuntu Focal)
Status: Fix Committed => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1995004
Title:
Increase stability with co
** Changed in: linux-bluefield (Ubuntu Focal)
Status: Confirmed => Fix Committed
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in U
Public bug reported:
SRU Justification:
[Impact]
* 5.4 kernel can't work with bond for 200G/400G NIC
[Fix]
* cherry pick the commits to support 200G/400G
[Test Plan]
* Test on 200G/400G bond
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You receiv
Public bug reported:
* Explain the bug
When using OVS with tc to offload connection tracking flows, if user matches on
ct_state other then trk and est, such as ct_state +rpl, it will be silently
ignored by TC/HW and might result in wrong actions being executed.
* How to test
Create OVS bri
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1946393
Title:
Fix byte count on fragmented pac
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1946266
Title:
Add psample tunnel support and a
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1944390
Title:
Fix ignoring ct state match of O
Public bug reported:
* Explain the bug(s)
current code implementation did not handle the case where IPsec is used in
tunnel mode.
* Brief explanation of fixes
As in case of IPsec tunnel mode the skb->encapsulation bit is not set in case
of non-encapsulated
packet (As TCP and UDP), then inner I
Public bug reported:
* Explain the bug(s)
The inner_ipproto saves the inner IP protocol of the plain
text packet. This allows vendor's IPsec feature making offload
decision at skb's features_check and configuring hardware at
ndo_start_xmit.
For example, ConnectX6-DX IPsec device needs the plainte
Public bug reported:
* Explain the feature
Currently, drivers register to a ct zone that can be shared by multiple
devices. This can be inefficient for the driver to offload, as it
needs to handle all the cases where the tuple can come from,
instead of where it's most likely will
Public bug reported:
* Explain the bug
When a packet of a new flow arrives in openvswitch kernel module, it
dissects
the packet and passes the extracted flow key to ovs-vswtichd daemon. If hw-
offload configuration is enabled, the daemon creates a new TC flower entry
to
bypass op
Public bug reported:
* Explain the feature
This patch addresses three possible problems:
1. ct gc may race to undo the timeout adjustment of the packet path, leaving
the conntrack entry in place with the internal offload timeout (one day).
2. ct gc removes the ct because the IPS_OFFLOAD_BIT
Public bug reported:
* Explain the feature
These two sysctls were added because the hardcoded defaults (2 minutes, tcp, 30
seconds, udp) turned out to be too low for some setups.
They appeared in 5.14-rc1 so it should be fine to remove it again.
Note: they patch was introduced before the Linux k
Need to revert this patch as it introduces a new issue for IPSec.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1974096
Title:
cls_flower: Fix inability to match GRE/IPIP pack
Public bug reported:
* Explain the bug
Netfilter conntrack maintains NAT flags per connection indicating
whether NAT was configured for the connection. Openvswitch maintains
NAT flags on the per packet flow key ct_state field, indicating
whether NAT was actually executed on the packet.
When a
Public bug reported:
SRU Justification
To do cusparse performance testing, need to mount huge test files with cifs.
With cifs-utils installed on BF system, cifs mount still could not be
processed, as CIFS module is not enabled from kernel.
** Affects: linux-bluefield (Ubuntu)
Importance:
Public bug reported:
* Explain the bug
After the CT ifindex extension feature, flow table entries are
populated with ifindex information which was intended to only be used
for HW offload. This tuple ifindex is hashed in the flow table key, so
it must be filled for lookup to be successful. But tup
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1967892
Title:
Fix flow table lookup failure wi
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1960575
Title:
Pass originating device to drive
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1961819
Title:
CT: Offload only ASSURED connect
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1963948
Title:
Fix flow table lookup after ct c
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1962490
Title:
Support VF groups rate limit
St
Public bug reported:
* Explain the feature
A pull request was submitted for March SRU at:
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-
bluefield/+git/version-seeds/+merge/416211
However, CONFIG_NET_DEVLINK was mistakenly removed when merging. This
breaks all switchdev
Public bug reported:
* Explain the feature
Assured connections are those connections which deemed of "higher quality" and
less
like to expire than non-assured connections, as they passed some stricter rule
(e.g
in udp reply + connection lasting more than 2 seconds). This feature
offloads only
Public bug reported:
* Explain the feature
Managing TX rate of VFs becomes non-trivial task when a big number of VFs are
used. This issue can be handled with some grouping mechanism.
Currently driver provide two ways to limit TX rate of the VF: TC police
action and NDO API callback. Implementa
Public bug reported:
* Explain the bug
Flow table lookup is skipped if packet either went through ct clear action
(which set the IP_CT_UNTRACKED flag on the packet),
or while switching zones and there is already a connection associated with the
packet. This will result in no SW offload of the
Public bug reported:
* Explain the bug(s)
Misses on multi chain tc egress rules that are offloaded from ovs datapath
rules (ct rules on ovs' internal port devices)
will restart from recirc_id(0) again in OvS dp, instead of recirc_id that
matches where we left off
in tc (ovs recirc_id should be
Public bug reported:
* Explain the bug
RCU_SOFTIRQ used to be special in that it could be raised on purpose
within the idle path to prevent from stopping the tick. Some code still
prevents from unnecessary warnings related to this specific behaviour
while entering in dynticks-idle
Public bug reported:
* Explain the bug(s)
Add CT accounting stats per flow for TC CT rules. This is only available when
nf_conn_acct
is enabled so it won’t affect performance when not enabled.
* Brief explanation of fixes
Cherry-pick. No adaptation. First commit for SW, second commit of HW
Public bug reported:
* Explain the bug(s)
CT state not reset when packet redirected to different port, thus
making it possible to match rules with wrong ct state on the other port.
* brief explanation of fixes
Reset ct state when redirecting to a different port.
The sauce fix being reverted a
Public bug reported:
* Explain the bug(s)
When using OVS with tc to offload connection tracking flows, sending udp/icmp
fragmented traffic will cause call trace with NULL dereference.
[ 7229.433005] Modules linked in: act_tunnel_key act_csum act_pedit xt_nat
netconsole rpcsec_gss_krb5 act_ct
Public bug reported:
SRU Justification:
Add device ID for BlueField-3
* Explain the bug(s)
Not a bug
* How to test
System should recognize BlueField-3 from lspci
* What it could break.
Nothing will break
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
Public bug reported:
Export policy lookup function so drivers could lookup a policy that
match specific criteria.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subs
Public bug reported:
* Explain the bug(s)
TCP and UDP connections may be offloaded from nf conntrack to nf flow table.
Offloaded connections are aged after 30 seconds of inactivity.
Once aged, ownership is returned to conntrack with a hard coded tcp/udp pickup
time of 120/30 seconds, after whi
** Changed in: linux-bluefield (Ubuntu)
Assignee: (unassigned) => Bodong Wang (bodong-wang)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934499
Title:
New BPF help
** Description changed:
Ticket for the patch series that adds new BPF helpers to query conntrack
and to generate SYN cookies for forwarded connections.
* Explain the bug(s)
This patch series aims to accelerate iptables synproxy module with XDP.
The stage that generates and checks S
** Changed in: linux-bluefield (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934499
Title:
New BPF helpers to query conntrack and t
** Description changed:
- Export policy lookup function so drivers could lookup a policy that
- match specific criteria.
+ * Explain the bug(s)
+ The Xfrm stack holds the SPD for both offloaded and non offloaded IPsec
flows, for offloaded flows the driver might need to access this SPD.
+
+ * Bri
Public bug reported:
* Explain the bug(s)
Conntrack confirm operation wasn't checked, this could result in
accepting packet which should be dropped.
* brief explanation of fixes
Match behavior of ovs and netfilter. Drop the packets which are not
accepted.
* How to test
First observe packets
** Changed in: linux-bluefield (Ubuntu)
Status: New => In Progress
** Changed in: linux-bluefield (Ubuntu)
Assignee: (unassigned) => Bodong Wang (bodong-wang)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefi
break.
Nothing breaks, memory leak is fixed.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Assignee: Bodong Wang (bodong-wang)
Status: In Progress
** Changed in: linux-bluefield (Ubuntu)
Status: New => In Progress
** Changed in: linux-bluefield (Ubu
** Merge proposal linked:
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/version-seeds/+merge/405285
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net
** Merge proposal linked:
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/version-seeds/+merge/405286
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net
could break.
Traffic not working in some cases using internal ports and CT.
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Assignee: Bodong Wang (bodong-wang)
Status: In Progress
** Changed in: linux-bluefield (Ubuntu)
Assignee: (unassigned) => Bodong W
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934822
Title:
Possible memory leak of flow_blo
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934499
Title:
New BPF helpers to query conntra
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934819
Title:
Fix err check for nf_conntrack_c
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1934401
Title:
Control netfilter flow table tim
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1935584
Title:
Fix host to pod traffic with ovn
Public bug reported:
* Explain the bug(s)
It’s a missing feature in current kernel.
* brief explanation of fixes
Cherry-pick and backport the related patches from upstream kernel.
* How to test
Add tc filter rule with police action, and check it is offloaded.
For example:
tc filter add
** Changed in: linux-bluefield (Ubuntu)
Assignee: (unassigned) => Bodong Wang (bodong-wang)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/1938818
Title:
Add support
Feature is not available yet. Need to verify after
https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/2008136
** Tags removed: verification-needed-focal
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu
Public bug reported:
* Explain the bug
Running DDOS test on tcp port 22 will trigger kernel crash.
* Brief explanation of fixes
Do not update stateful expressions if lookup is inverted
* How to test
Configuration nftables with config file below:
flush ruleset
table inet filter {
chain inpu
This bug is not presenting on 5.15 kernel.
** Changed in: linux-bluefield (Ubuntu Jammy)
Status: Fix Committed => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/19
Public bug reported:
SRU Justifications:
The bpf helper bpf_ct_lookup_tcp is defined under #if
IS_BUILTIN(CONFIG_NF_CONNTRACK). To work with BPF, this is needed.
How to test:
Test XDP BPF
What could be break:
N/A
** Affects: linux-bluefield (Ubuntu)
Importance: Undecided
Status
Any update on this issue? Do we have ETA to have it addressed?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs/2025396
Title:
kdump/kexec does not work when UEFI secureboot and
** Merge proposal linked:
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/jammy/+merge/450916
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs
** Merge proposal linked:
https://code.launchpad.net/~bodong-wang/ubuntu/+source/linux-bluefield/+git/jammy/+merge/450970
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-bluefield in Ubuntu.
https://bugs.launchpad.net/bugs
Public bug reported:
SRU Justification:
net: Fix return value of qdisc ingress handling on success
* Explain the bug(s)
Currently qdisc ingress handling (sch_handle_ingress()) doesn't
set a return value and it is left to the old return value of
the caller (__netif_receive_skb_core()) which is
** Summary changed:
- Fix return value of qdisc ingress handling on success
+ Increase stability with connection tracking offload
** Description changed:
- SRU Justification:
+ * Explain the bug(s)
- net: Fix return value of qdisc ingress handling on success
-
- * Explain the bug(s)
-
C
Public bug reported:
* Explain the bug(s)
Fix psample compilation issue and add tunnel support
* brief explanation of fixes
Enhance psample
* How to test
Add tc rule with tunnel and sample actions and run traffic. Verify sample
traffic on the sample interface.
* What it could break.
psample co
Public bug reported:
* Explain the bug
First fragmented packets (frag offset = 0) byte len is zeroed
when stolen by ip_defrag(). And since act_ct update the stats
only afterwards (at end of execute), bytes aren't correctly
accounted for such packets.
* How to test
Create OVS bridge with 2
Public bug reported:
* Explain the bug(s)
commit a3ca11eec78 introduced a flags validity check for XFRM , the check
excluded flag XFRM_OFFLOAD_FULL from the check hence the flag is being blocked
from getting to the kernel space.
The above is preventing IPsec states from being added with the fu
64 matches
Mail list logo
