Skip to content

ipv4: Backport upstream fixes.

Guillaume Naultrequested to merge
gnault/centos-stream-9:bz2134815 into main

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2134815 Upstream Status: linux.git, net.git

Upstream fixes for net/ipv4. Patch order is slightly modified to reflect the logical dependencies between prerequisites, fixes and follow-ups.

There are 6 logical fixes:

1- Patches 1-3 fix how IPv4 handles its options when fragmenting packets. Patches 1-2 are prerequisites to make patch 3 a clean backport from upstream.

2- Patch 4 fixes an edge case where the recent TCP source port selection algorithm improvements broke some systems which aren't able to cope with the bigger table_perturb array.

3- Patches 5-7 fix another side effect of the improved TCP source port selection algorithm, where initialising the table_perturb array incurred a latency spike due to its bigger size. Patch 5 is a trivial prerequisite for making patch 6 a clean upstream backport. Patch 6 is the real fix and patch 7 a simple follow-up (function renaming).

4- Patch 8 fixes an interaction problem between the original IPv4 multipath mechanism and the more recent nexthop infrastructure.

5- Patch 9 fixes an edge case for fragment handling in IPv6 ping sockets. This is IPv6-specific, but the affected function is called by both IPv4 and IPv6 and is defined in net/ipv4, hence the presence of this patch in the IPv4 backport series.

6- Patches 10 fixes the interaction between netfilter rpfilter/fib modules with VRFs. It fixes nft_fib_ipv[46], by copying existing code from ip{,6}t_rpfilter. There's another patch upstream that refines this mechanism for all those modules (ipt_rpfilter, ip6t_rpfilter, nft_fib_ipv4 and nft_fib_ipv6) to better integrate with the VRF infrastructure (upstream commit acc641ab95b6 ("netfilter: rpfilter/fib: Populate flowic_l3mdev field")). It's not backported in this series since centos-stream 9 currently miss upstream commit 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices"), which adds the flowic_l3mdev field to struct flowi_common.

Signed-off-by: Guillaume Nault gnault@redhat.com

Edited by Guillaume Nault

Merge request reports