ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
New
|
Undecided
|
Unassigned | ||
Bionic |
New
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[SRU Justification]
[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET socket are dropped (no carrier).
This has been fixed in v5.5 by the following upstream commits
- 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
- f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
https:/
https:/
The bug exists since the beginning of each driver.
== Fix ==
Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
Xenial (4.4).
== Risk of Regression ==
This patch affects only the cases described above (when no dst is attached to the skb), thus the risk should be low.
CVE References
description: | updated |
Changed in linux (Ubuntu Eoan): | |
status: | New → Fix Committed |
tags: |
added: verification-done-eoan removed: verification-needed-eoan |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1860969
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.