Ubuntu
linux-bluefield package

net: sched: allow flower to match vxlan options

Bug #2013422 reported by Tony Duan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-bluefield (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Medium
Tony Duan

Bug Description

* Explain the bug(s)

In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have VXLAN support which will cause "ovs" project compile error because of lacking of VXALN GBP related support.

* Brief explanation of fixes

Cherry-pick. No adaptation. Add VXLAN support for flower to allow flower to match vxlan options
d8f9dfae49ce net: sched: allow flower to match vxlan options

* How to test

1) Compile "ovs" project, build succesfully.
2) VXLAN option can be used as match condition in tc. eg:
      # ip link add name vxlan0 type vxlan dstport 0 external
      # tc qdisc add dev vxlan0 ingress
      # tc filter add dev vxlan0 protocol ip parent ffff: \
          flower \
            enc_src_ip 10.0.99.192 \
            enc_dst_ip 10.0.99.193 \
            enc_key_id 11 \
            vxlan_opts 01020304/ffffffff \
            ip_proto udp \
            action mirred egress redirect dev eth0

* What it could break.

Nothing.

CVE References

Tim Gardner (timg-tpi)
Changed in linux-bluefield (Ubuntu):
status: New → Invalid
Changed in linux-bluefield (Ubuntu Focal):
assignee: nobody → Tony Duan (yifeid)
importance: Undecided → Medium
status: New → In Progress
Bartlomiej Zolnierkiewicz (bzolnier)
Changed in linux-bluefield (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-bluefield/5.4.0-1061.67 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-bluefield verification-needed-focal
Tony Duan (yifeid)
tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-bluefield - 5.4.0-1062.68

---------------
linux-bluefield (5.4.0-1062.68) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1062.68 -proposed tracker (LP: #2016751)

  * CVE-2023-1829
    - [Config] bluefield: Make sure CONFIG_NET_CLS_TCINDEX is not available

  * net/sched: cls_api: Support hardware miss to tc action (LP: #2012571)
    - Revert "net/sched: flower: fix fl_change() error recovery path"
    - Revert "net/sched: flower: Support hardware miss to tc action"
    - Revert "net/sched: flower: Move filter handle initialization earlier"
    - Revert "net/sched: cls_api: Support hardware miss to tc action"
    - Revert "UBUNTU: SAUCE: net/sched: Provide act to offload action"

  [ Ubuntu: 5.4.0-148.165 ]

  * focal/linux: 5.4.0-148.165 -proposed tracker (LP: #2016777)
  * CVE-2023-1829
    - net/sched: Retire tcindex classifier
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

 -- Bartlomiej Zolnierkiewicz <email address hidden> Thu, 27 Apr 2023 16:48:23 +0200

Changed in linux-bluefield (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.