BPF socket filtering doesn't work in on Linux 5.4.0-126 (Ubuntu 20.04.5) but on Linux 5.4.0-126 (Ubuntu 20.04.6)

Manuel Diewald manuel.diewald at canonical.com
Tue Jun 18 15:38:57 UTC 2024 

On Tue, Jun 18, 2024 at 01:28:54PM +0000, Florian Scholz wrote:
> Dear kernel community,
> we have some Linux driver code which applies a mac address filtering to a kernel network socket.
> 
>       /* generated with 'tcpdump ether src aa:bb:cc:11:22:33 -dd */
>       struct sock_filter lsf_code[] = {
>                   { 0x20, 0, 0, 0x00000008 },
>                   { 0x15, 0, 3, 0xcc112233 },
>                   { 0x28, 0, 0, 0x00000006 },
>                   { 0x15, 0, 1, 0x0000aabb },
>                   { 0x6, 0, 0, 0x0000ffff },
>                   { 0x6, 0, 0, 0x00000000 },
>       };
>                if ((result = sock_setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, *((sockptr_t *)&lsf), sizeof(lsf))) < 0) {
> 
>                        PRINTE("open2(%d): attachment of LSF to socket failed - result %d\n",
> 
>                                        dev, result);
> 
>                        return (result);
> 
>                }
> 
> 
> For some reason, the mac address filtering works on Kernel 5.4.0-126 for Ubuntu 20.04.6 but not for 20.04.5. Do you have any idea what causes this issue? The kernel uses the same configuration, sysctl -a has no significant differences on the networking side and the bootargs are the same. Both installation are OOTB in a virtual machine. 
> 
> Switching over to Ubuntu 20.04.6 is currently not an option for the customer.
> 
> Best regards,
> Florian
> 
> M. Sc. Florian Scholz | Software Engineering  | florian.scholz at nateurope.com |  T: +49 228 965 864 55
> Gesellschaft für Netzwerk- und Automatisierungs-Technologie mbH (N.A.T.), Konrad-Zuse-Platz 9, 53227 Bonn, Germany,  Registered at District Court of Siegburg: HRB 3233
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Hi Florian,

it sounds like it is both working and not working for the same kernel
version - are you sure it's a kernel issue? Have you opened a bug on
launchpad [1] regarding this problem yet? If not, please do so, since it
is easier to track the issue that way - Thank you!

[1] https://bugs.launchpad.net/ubuntu/focal/+source/linux

-- 
 Manuel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240618/14e33db1/attachment.sig>

More information about the kernel-team mailing list