Ubuntu
linux-bluefield package

net: sched: allow flower to match erspan options

Bug #2015515 reported by Tony Duan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux-bluefield (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Medium
Tony Duan

Bug Description

* Explain the bug(s)

In upstream, TCA_POLICE_PKTRATE64 was introduced after TCA_FLOWER_KEY_ENC_OPTS_ERSPAN. linux-bluefiled only has TCA_POLICE_PKTRATE64 related support and does not have ERSPAN support which might cause "ovs" project compile error because of lacking of ERSPAN related support if ovs supports ERSPAN.

* Brief explanation of fixes

Cherry-pick. No adaptation. Add ERSPAN support for flower to allow flower to match ERSPAN options
79b1011cb33d net: sched: allow flower to match erspan options

* How to test

The options can be described in the form:
VER:INDEX:DIR:HWID/VER:INDEX_MASK:DIR_MASK:HWID_MASK. When ver is set to 1, index will be applied while dir and hwid will be ignored, and when ver is set to 2, dir and hwid will be used while index will be ignored.
Different from geneve, only one option can be set. And also, geneve options, vxlan options or erspan options can't be set at the same time.
Here's an example:
      # ip link add name erspan1 type erspan external
      # tc qdisc add dev erspan1 ingress
      # tc filter add dev erspan1 protocol ip parent ffff: \
          flower \
            enc_src_ip 10.0.99.192 \
            enc_dst_ip 10.0.99.193 \
            enc_key_id 11 \
            erspan_opts 1:12:0:0/1:ffff:0:0 \
            ip_proto udp \
            action mirred egress redirect dev eth0

* What it could break.

Nothing.

CVE References

Tim Gardner (timg-tpi)
Changed in linux-bluefield (Ubuntu Focal):
assignee: nobody → Tony Duan (yifeid)
importance: Undecided → Medium
status: New → In Progress
Changed in linux-bluefield (Ubuntu):
status: New → Fix Released
Bartlomiej Zolnierkiewicz (bzolnier)
Changed in linux-bluefield (Ubuntu):
status: Fix Released → Invalid
Bartlomiej Zolnierkiewicz (bzolnier)
Changed in linux-bluefield (Ubuntu Focal):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the linux-bluefield/5.4.0-1061.67 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal' to 'verification-done-focal'. If the problem still exists, change the tag 'verification-needed-focal' to 'verification-failed-focal'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: kernel-spammed-focal-linux-bluefield verification-needed-focal
Tony Duan (yifeid)
tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux-bluefield - 5.4.0-1062.68

---------------
linux-bluefield (5.4.0-1062.68) focal; urgency=medium

  * focal/linux-bluefield: 5.4.0-1062.68 -proposed tracker (LP: #2016751)

  * CVE-2023-1829
    - [Config] bluefield: Make sure CONFIG_NET_CLS_TCINDEX is not available

  * net/sched: cls_api: Support hardware miss to tc action (LP: #2012571)
    - Revert "net/sched: flower: fix fl_change() error recovery path"
    - Revert "net/sched: flower: Support hardware miss to tc action"
    - Revert "net/sched: flower: Move filter handle initialization earlier"
    - Revert "net/sched: cls_api: Support hardware miss to tc action"
    - Revert "UBUNTU: SAUCE: net/sched: Provide act to offload action"

  [ Ubuntu: 5.4.0-148.165 ]

  * focal/linux: 5.4.0-148.165 -proposed tracker (LP: #2016777)
  * CVE-2023-1829
    - net/sched: Retire tcindex classifier
    - [Config]: Make sure CONFIG_NET_CLS_TCINDEX is not available

 -- Bartlomiej Zolnierkiewicz <email address hidden> Thu, 27 Apr 2023 16:48:23 +0200

Changed in linux-bluefield (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.