IPsec tunnel mode fix inner_ipproto setting in sec_path
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
* Explain the bug(s)
current code implementation did not handle the case where IPsec is used in tunnel mode.
* Brief explanation of fixes
As in case of IPsec tunnel mode the skb->encapsulation bit is not set in case of non-encapsulated
packet (As TCP and UDP), then inner IP protocol won’t be set, change code behavior to do so also in case of IPsec Tunnel mode
* How to test
Need to make sure that the code compiles post this change, run TCP traffic when IPSec crypto offload with tunnel mode is configured
* What it could break.
NA, this function adds data to a new field introduced to struct xfrm_offload, so if not used it have no effect and it is assigned in stack and used in driver so if driver does not used it then no effect.
CVE References
Changed in linux-bluefield (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in linux-bluefield (Ubuntu): | |
status: | New → Invalid |
This bug is awaiting verification that the linux-bluefield /5.4.0- 1029.32 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!