ACK: [SRU][J/K][PATCH 0/1] Fix conntrack mark not being advertised via netlink
Roxana Nicolescu
roxana.nicolescu at canonical.com
Thu May 11 09:19:51 UTC 2023
On 10/05/2023 13:22, Luke Nowakowski-Krijger wrote:
> BugLink: https://bugs.launchpad.net/bugs/2016269
>
> [Impact]
> There was a commit 95fcb42e5f20
> ("netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark")
> that introduces a regression where the "mark" variable is no longer
> dumped in netlink netfilter conntrack messages, which userspace tools use
> to mark and track connections.
>
> [Fix]
> Introduce the upstream fix 9f7dd42f0db1
> ("netfilter: ctnetlink: revert to dumping mark regardless of event type")
> that always dumps the 'mark' variable for conntrack entries.
> This fix has also landed in 5.15 upstream stable.
>
> [Test]
> Run 'conntrack -E' and check the output of connection entries.
>
> The 'mark' variable should now be present in connection entries after
> the fix.
>
> before fix:
>> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] use=1
> after fix:
>> tcp 6 2 ESTABLISHED src=10.100.0.1 dst=10.200.0.1 sport=6789 dport=12345 src=10.200.0.1 dst=10.100.0.1 sport=12345 dport=6789 [ASSURED] mark=0 use=1
> [Where problems could occur]
> The fixes are pretty straight forward so regression potential should be
> minimal.
>
>
> Ivan Delalande (1):
> netfilter: ctnetlink: revert to dumping mark regardless of event type
>
> net/netfilter/nf_conntrack_netlink.c | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
LGTM.
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list