ACK: [SRU][N/O][PATCH 0/1] Backport "netkit: Add option for scrubbing meta data"
Magali Lemes
magali.lemes at canonical.com
Fri Jan 10 15:56:14 UTC 2025
On 08/01/2025 18:35, Tim Whisonant wrote:
> BugLink: https://bugs.launchpad.net/bugs/2091184
>
> SRU Justification:
>
> [Impact]
>
> * When running Cilium with netkit in per-endpoint-routes mode,
> network policy misclassifies traffic. In this direct routing
> mode of Cilium, which is used in case of GKE/EKS/AKS, the Pod's
> BPF program to enforce policy sits on the netkit primary device's
> egress side.
>
> [Fix]
>
> * This has been fixed upstream via commit:
> 83134ef4609388f6b9ca31a384f531155196c2a7 : netkit: Add option for
> scrubbing skb meta data
>
> [Test Plan]
>
> * Boot-tested the changes in GCP environment on amd64 hardware.
>
> [Where problems could occur]
>
> * There could be a difference in cache behavior with the struct
> netkit with the added enum in the 4-byte hole between policy
> and bundle.
>
> [Other Info]
>
> * Changes are limited to the NetKit driver. Risk is considered low as
> the changes are limited and apply cleanly from upstream.
> * SF #00402561
>
> Daniel Borkmann (1):
> netkit: Add option for scrubbing skb meta data
>
> drivers/net/netkit.c | 68 +++++++++++++++++++++++++++++-------
> include/uapi/linux/if_link.h | 15 ++++++++
> 2 files changed, 70 insertions(+), 13 deletions(-)
>
Acked-by: Magali Lemes <magali.lemes at canonical.com>
More information about the kernel-team
mailing list