Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipsec: set interface ID different from 0 #18789

Merged
merged 1 commit into from
Feb 28, 2022
Merged

ipsec: set interface ID different from 0 #18789

merged 1 commit into from
Feb 28, 2022

Conversation

tormath1
Copy link
Contributor

@tormath1 tormath1 commented Feb 11, 2022
edited
Loading

in this patch:
https://patchwork.kernel.org/project/netdevbpf/patch/20220106093606.3046771-6-steffen.klassert@secunet.com/
we see that if_id must be different from 0 for policy and
state construction.

With a 0 value, it makes the creation of the dummy interface fail with
the following error:

level=fatal msg="IPSec with tunneling requires support for xfrm state output masks (Linux 4.19 or later)." error="invalid argument" subsys=daemon

Related-To: flatcar/Flatcar#626
Signed-off-by: Mathieu Tortuyaux mtortuyaux@microsoft.com

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Feb 11, 2022
@pchaigno pchaigno added area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. kind/bug This is a bug in the Cilium logic. needs-backport/1.11 release-note/bug This PR fixes an issue in a previous release of Cilium. labels Feb 11, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Feb 11, 2022
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from master in 1.11.2 Feb 11, 2022
@tormath1 tormath1 marked this pull request as ready for review February 11, 2022 17:58
@tormath1 tormath1 requested review from a team and kkourt February 11, 2022 17:58
@tormath1
Copy link
Contributor Author

Hi, I see this test is failing: "ConformanceKind1.19 / installation-and-connectivity" is that a flaky test or something needs to be investigated ?

@tormath1
Copy link
Contributor Author

Thanks @pchaigno for the new run,it is still failing. Investigating on the cilium logs

@maintainer-s-little-helper

This comment was marked as resolved.

Sign in to view
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Feb 14, 2022
@pchaigno
Copy link
Member

The failure in privileged unit tests (runtime Jenkins job) seems related:

	 START: ipsec_linux_test.go:120: IPSecSuitePrivileged.TestUpsertIPSecEndpoint
	 START: ipsec_linux_test.go:37: IPSecSuitePrivileged.SetUpTest
	 PASS: ipsec_linux_test.go:37: IPSecSuitePrivileged.SetUpTest	0.000s
	 
	 ipsec_linux_test.go:175:
	     c.Assert(err, IsNil)
	 ... value syscall.Errno = 0x2 ("no such file or directory")
	 
	 START: ipsec_linux_test.go:42: IPSecSuitePrivileged.TearDownTest
	 PASS: ipsec_linux_test.go:42: IPSecSuitePrivileged.TearDownTest	0.000s
	 
	 FAIL: ipsec_linux_test.go:120: IPSecSuitePrivileged.TestUpsertIPSecEndpoint

@tormath1
Copy link
Contributor Author

@pchaigno I don't think it's a flaky test. I can "reproduce" the "no such file or directory" error. I think it's related to the change on the policy creation: the Ifid is now different from 0 on the policy itself to avoid a mismatch. So policies are created with Ifid = 1 which leads to a failure when the policy is trying to be Get in the test:

cilium/pkg/datapath/linux/ipsec/ipsec_linux_test.go

Lines 166 to 175 in 7350969

toProxyPolicy, err := netlink.XfrmPolicyGet(&netlink.XfrmPolicy{
Src: remote,
Dst: local,
Dir: netlink.XFRM_DIR_IN,
Mark: &netlink.XfrmMark{
Mask: linux_defaults.IPsecMarkMaskIn,
Value: linux_defaults.RouteMarkToProxy,
},
})
c.Assert(err, IsNil)

The &netlink.XfrmPolicy{...} will have an Ifid != 1 so the policy is not found and the test is failing.

@maintainer-s-little-helper

This comment was marked as resolved.

Sign in to view
@tormath1
Copy link
Contributor Author

@pchaigno not sure if I can re-trigger the test myself ?

@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Feb 21, 2022
@tormath1
Copy link
Contributor Author

@pchaigno rebased the branch on master and squashed fixup! commits. 🙂

@joestringer joestringer added this to Needs backport from master in 1.11.3 Feb 23, 2022
@joestringer joestringer removed this from Needs backport from master in 1.11.2 Feb 23, 2022
@tormath1
ipsec: set interface ID different from 0
c39ce70 
in this patch:
https://patchwork.kernel.org/project/netdevbpf/patch/20220106093606.3046771-6-steffen.klassert@secunet.com/
we see that `if_id` must be different from 0 for policy and
state construction.

With a 0 value, it makes the creation of the dummy interface fail with
the following error:
```
level=fatal msg="IPSec with tunneling requires support for xfrm state output masks (Linux 4.19 or later)." error="invalid argument" subsys=daemon
```

Related-To: flatcar/Flatcar#626
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
@pchaigno
Copy link
Member

/test

@pchaigno pchaigno added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Feb 26, 2022
rohanmclure pushed a commit to rohanmclure/linux-ci that referenced this pull request Mar 30, 2022
@pothos @rohanmclure
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
a6a3ca2 
This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
tuxedo-bot pushed a commit to tuxedocomputers/linux that referenced this pull request Mar 31, 2022
@pothos @piso77
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
20b95cf 
BugLink: https://bugs.launchpad.net/bugs/1966057

commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
raystef66 pushed a commit to raystef66/InfiniR_kernel_alioth that referenced this pull request Apr 1, 2022
@pothos @raystef66
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
b2f90cf 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
snajpa pushed a commit to vpsfreecz/linux that referenced this pull request Apr 2, 2022
@pothos @snajpa
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
819cb91 
commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
usaleem-ix pushed a commit to truenas/linux that referenced this pull request Apr 7, 2022
@pothos @usaleem-ix
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
25f42e2 
commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
DozNaka pushed a commit to DozNaka/KawaKernel-A217X that referenced this pull request Apr 11, 2022
@pothos @DozNaka
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
5655481 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
borkra pushed a commit to LairdCP/wb-kernel that referenced this pull request Apr 20, 2022
@pothos @borkra
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
e310951 
commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
it-is-a-robot pushed a commit to openeuler-mirror/kernel that referenced this pull request May 8, 2022
@pothos
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
8fca9e9 
stable inclusion
from linux-4.19.236
commit c8c9220cc0fb0dcdcce140533cc46128bd836347
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5646A
CVE: NA

--------------------------------

commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
Divyanshu-Modi pushed a commit to Atom-X-Devs/android_kernel_xiaomi_sm7325 that referenced this pull request May 11, 2022
@pothos
UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
29d9835 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Bug: 220227367
Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57e401a)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1
Git-commit: 67a0446
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
arter97 pushed a commit to arter97/caf_msm-5.4 that referenced this pull request May 15, 2022
@pothos
UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
f170a7c 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Bug: 220227367
Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57e401a)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1
Git-commit: 67a0446
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Satyanarayana Dash <quic_satydash@quicinc.com>
momojuro pushed a commit to fsociety-tribute/redbull that referenced this pull request Jun 4, 2022
@pothos @momojuro
FROMGIT: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
324e789 
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/
(cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb
 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb)
Bug: 221187056
Bug: 218597355
Test: run_net_test.sh
Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
delphix-devops-bot pushed a commit to delphix/linux-kernel-generic that referenced this pull request Jun 10, 2022
@pothos @smb49
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
ba1096c 
BugLink: https://bugs.launchpad.net/bugs/1969678

commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
it-is-a-robot pushed a commit to openeuler-mirror/kernel that referenced this pull request Jun 15, 2022
@pothos
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
eb510b6 
stable inclusion
from stable-v5.10.107
commit bdf0316982f00010d6e56f1379a51cd0568d51cd
bugzilla: https://gitee.com/openeuler/kernel/issues/I574A2

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bdf0316982f00010d6e56f1379a51cd0568d51cd

--------------------------------

commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Reviewed-by: Wei Li <liwei391@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
it-is-a-robot pushed a commit to openeuler-mirror/kernel that referenced this pull request Jun 15, 2022
@pothos
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
f1d1504 
stable inclusion
from stable-v5.10.107
commit bdf0316982f00010d6e56f1379a51cd0568d51cd
bugzilla: https://gitee.com/openeuler/kernel/issues/I574A2

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bdf0316982f00010d6e56f1379a51cd0568d51cd

--------------------------------

commit a3d9001 upstream.

This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Yu Liao <liaoyu15@huawei.com>
Reviewed-by: Wei Li <liwei391@huawei.com>
Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
hellobbn pushed a commit to hellobbn/android_kernel_sony_sm8250 that referenced this pull request Jul 21, 2022
@pothos @hellobbn
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
2fc11c1 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arter97 pushed a commit to arter97/caf_msm-5.4 that referenced this pull request Aug 3, 2022
@pothos
UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
ba7fc2d 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Bug: 220227367
Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 57e401a)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1
Git-commit: 67a0446
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Satyanarayana Dash <quic_satydash@quicinc.com>
xzeldon pushed a commit to xzeldon/IllusionX_sm8250 that referenced this pull request Sep 12, 2022
@pothos @xzeldon
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
f9b2780 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Blackmanx pushed a commit to Blackmanx/bigshot_kernel_realme_sm8250 that referenced this pull request Dec 21, 2022
@pothos @Blackmanx
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
cf79c5b 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tashar02 pushed a commit to Atom-X-Devs/scarlet_xiaomi_sdm660 that referenced this pull request Feb 20, 2023
@pothos
FROMGIT: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
9151e49 
This reverts commit 68ac0f3 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/
(cherry picked from commit a3d9001
 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb)
Bug: 221187056
Bug: 218597355
Test: run_net_test.sh
Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
bggRGjQaUbCoE pushed a commit to bggRGjQaUbCoE/android_kernel_samsung_sm8250-mohammad92 that referenced this pull request Apr 6, 2023
@pothos @bggRGjQaUbCoE
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
d4d22eb 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
t-lo pushed a commit to flatcar/scripts that referenced this pull request Apr 13, 2023
@pothos
sys-kernel: Revert change to forbid using xfrm id 0 in state
9a796ca 
The change broke userspace (e.g., Cilium is affected because it used
id 0 for the dummy state cilium/cilium#18789)
and we decided to revert it to give the affected software more time
to adapt (cf. https://marc.info/?t=164607426900002&r=1&w=2).
intersectRaven pushed a commit to intersectRaven/rk356x-kernel that referenced this pull request Sep 16, 2023
@pothos @intersectRaven
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
57747b2 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
backslashxx pushed a commit to backslashxx/android_karnol_ximi_fog that referenced this pull request Feb 14, 2024
@pothos @backslashxx
FROMGIT: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
5bfb7a7 
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/
(cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb
 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb)
Bug: 221187056
Test: run_net_test.sh
Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
backslashxx pushed a commit to backslashxx/android_karnol_ximi_fog that referenced this pull request Feb 14, 2024
@pothos @backslashxx
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
a42e443 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
backslashxx pushed a commit to backslashxx/android_karnol_ximi_fog that referenced this pull request Feb 20, 2024
@pothos @backslashxx
FROMGIT: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
a04897c 
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/
(cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb
 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb)
Bug: 221187056
Test: run_net_test.sh
Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
backslashxx pushed a commit to backslashxx/android_karnol_ximi_fog that referenced this pull request Feb 20, 2024
@pothos @backslashxx
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
b149a0e 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dheeraj3031A pushed a commit to Dheeraj3031A/kernel_oplus_RMX3461 that referenced this pull request Mar 13, 2024
@pothos @Dheeraj3031A
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
c33243d 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dheeraj3031A pushed a commit to Dheeraj3031A/kernel_oplus_RMX3461 that referenced this pull request Mar 13, 2024
@pothos @Dheeraj3031A
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
ab71890 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
nokidevz pushed a commit to nokidevz/android_kernel_xiaomi_mt6781 that referenced this pull request Jun 26, 2024
@pothos @nokidevz
FROMGIT: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
ec06975 
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/
(cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb
 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb)
Bug: 221187056
Test: run_net_test.sh
Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
nokidevz pushed a commit to nokidevz/android_kernel_xiaomi_mt6781 that referenced this pull request Jun 26, 2024
@pothos @nokidevz
Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0"
68f1e7b 
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream.

This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID
0 was meant to be used for configuring the policy/state without
matching for a specific interface (e.g., Cilium is affected, see
cilium/cilium#18789 and
cilium/cilium#19019).

Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kaworu kaworu kaworu approved these changes

@kkourt kkourt kkourt approved these changes

@pchaigno pchaigno pchaigno approved these changes

Assignees
No one assigned
Labels
area/encryption Impacts encryption support such as IPSec, WireGuard, or kTLS. kind/bug This is a bug in the Cilium logic. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@tormath1 @pchaigno @tklauser @kaworu @kkourt