ip/nexthop: fix default address selection for connected nexthop
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Luke Nowakowski-Krijger | ||
Focal |
Fix Released
|
Medium
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
Packets sent by userland apps are rejected/dropped if the source address is not specified and the corresponding route is using a connected nexthop object.
This bug exists since linux v5.3 and has been fixed in v5.19 by the following upstream commits:
- 747c14307214 ("ip: fix dflt addr selection for connected nexthop")
https:/
- cd72e61bad14 ("selftests/net: test nexthop without gw")
https:/
- eb55dc09b5dd ("ip: fix triggering of 'icmp redirect'")
https:/
The last commit (v6.0) fixes a regression introduced by the first commit.
[Test Case]
A detailed test case is explained in the first commit and a self-test is added in the second commit.
[Regression Potential]
The patch modifies some internal routing states. It has been living in the upstream trees for 2 months and the reported regression about icmp redirects has been fixed.
The risk of regression should be contained.
CVE References
Changed in linux (Ubuntu): | |
assignee: | nobody → Luke Nowakowski-Krijger (lukenow) |
status: | Incomplete → Confirmed |
Changed in linux (Ubuntu Focal): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu Jammy): | |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: | added: verification-done-focal verification-done-jammy |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1988809
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.