[SRU][J/K][PATCH 0/1] Fix conntrack mark not being advertised via netlink
Luke Nowakowski-Krijger
luke.nowakowskikrijger at canonical.com
Wed May 10 11:22:54 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2016269
[Impact]
There was a commit 95fcb42e5f20
("netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark")
that introduces a regression where the "mark" variable is no longer
dumped in netlink netfilter conntrack messages, which userspace tools use
to mark and track connections.
[Fix]
Introduce the upstream fix 9f7dd42f0db1
("netfilter: ctnetlink: revert to dumping mark regardless of event type")
that always dumps the 'mark' variable for conntrack entries.
This fix has also landed in 5.15 upstream stable.
[Test]
Run 'conntrack -E' and check the output of connection entries.
The 'mark' variable should now be present in connection entries after
the fix.
before fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
after fix:
> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
[Where problems could occur]
The fixes are pretty straight forward so regression potential should be
minimal.
Ivan Delalande (1):
netfilter: ctnetlink: revert to dumping mark regardless of event type
net/netfilter/nf_conntrack_netlink.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list