-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipsec: set interface ID different from 0 #18789
Conversation
Hi, I see this test is failing: "ConformanceKind1.19 / installation-and-connectivity" is that a flaky test or something needs to be investigated ? |
Thanks @pchaigno for the new run,it is still failing. Investigating on the cilium logs |
This comment was marked as resolved.
This comment was marked as resolved.
The failure in privileged unit tests (runtime Jenkins job) seems related:
|
@pchaigno I don't think it's a flaky test. I can "reproduce" the cilium/pkg/datapath/linux/ipsec/ipsec_linux_test.go Lines 166 to 175 in 7350969
The |
This comment was marked as resolved.
This comment was marked as resolved.
@pchaigno not sure if I can re-trigger the test myself ? |
6d85f3b
to
3b201e4
Compare
@pchaigno rebased the branch on master and squashed |
in this patch: https://patchwork.kernel.org/project/netdevbpf/patch/20220106093606.3046771-6-steffen.klassert@secunet.com/ we see that `if_id` must be different from 0 for policy and state construction. With a 0 value, it makes the creation of the dummy interface fail with the following error: ``` level=fatal msg="IPSec with tunneling requires support for xfrm state output masks (Linux 4.19 or later)." error="invalid argument" subsys=daemon ``` Related-To: flatcar/Flatcar#626 Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
3b201e4
to
c39ce70
Compare
/test |
This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
BugLink: https://bugs.launchpad.net/bugs/1966057 commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
stable inclusion from linux-4.19.236 commit c8c9220cc0fb0dcdcce140533cc46128bd836347 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5646A CVE: NA -------------------------------- commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Bug: 220227367 Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 57e401a) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1 Git-commit: 67a0446 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Bug: 220227367 Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 57e401a) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1 Git-commit: 67a0446 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Satyanarayana Dash <quic_satydash@quicinc.com>
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/ (cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb) Bug: 221187056 Bug: 218597355 Test: run_net_test.sh Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
BugLink: https://bugs.launchpad.net/bugs/1969678 commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Kamal Mostafa <kamal@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
stable inclusion from stable-v5.10.107 commit bdf0316982f00010d6e56f1379a51cd0568d51cd bugzilla: https://gitee.com/openeuler/kernel/issues/I574A2 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bdf0316982f00010d6e56f1379a51cd0568d51cd -------------------------------- commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
stable inclusion from stable-v5.10.107 commit bdf0316982f00010d6e56f1379a51cd0568d51cd bugzilla: https://gitee.com/openeuler/kernel/issues/I574A2 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bdf0316982f00010d6e56f1379a51cd0568d51cd -------------------------------- commit a3d9001 upstream. This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Bug: 220227367 Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit 57e401a) Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0d6c17e14d562cef2a4d76b7c4299cf0dd3641d1 Git-commit: 67a0446 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Satyanarayana Dash <quic_satydash@quicinc.com>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 68ac0f3 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/ (cherry picked from commit a3d9001 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb) Bug: 221187056 Bug: 218597355 Test: run_net_test.sh Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The change broke userspace (e.g., Cilium is affected because it used id 0 for the dummy state cilium/cilium#18789) and we decided to revert it to give the affected software more time to adapt (cf. https://marc.info/?t=164607426900002&r=1&w=2).
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/ (cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb) Bug: 221187056 Test: run_net_test.sh Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/ (cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb) Bug: 221187056 Test: run_net_test.sh Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Link: https://lore.kernel.org/netdev/20220309130839.3263912-3-steffen.klassert@secunet.com/ (cherry picked from commit a3d9001b4e287fc043e5539d03d71a32ab114bcb https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=a3d9001b4e287fc043e5539d03d71a32ab114bcb) Bug: 221187056 Test: run_net_test.sh Change-Id: Iccaf42f776cad9166f808c490bfce586f850554c
commit a3d9001b4e287fc043e5539d03d71a32ab114bcb upstream. This reverts commit 68ac0f3810e76a853b5f7b90601a05c3048b8b54 because ID 0 was meant to be used for configuring the policy/state without matching for a specific interface (e.g., Cilium is affected, see cilium/cilium#18789 and cilium/cilium#19019). Signed-off-by: Kai Lueke <kailueke@linux.microsoft.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
in this patch:
https://patchwork.kernel.org/project/netdevbpf/patch/20220106093606.3046771-6-steffen.klassert@secunet.com/
we see that
if_id
must be different from 0 for policy andstate construction.
With a 0 value, it makes the creation of the dummy interface fail with
the following error:
Related-To: flatcar/Flatcar#626
Signed-off-by: Mathieu Tortuyaux mtortuyaux@microsoft.com