All of lore.kernel.org
 help / color / mirror / Atom feed
From: Neal Cardwell <ncardwell@google.com>
To: patchwork-bot+netdevbpf@kernel.org
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	netfilter-devel@vger.kernel.org, davem@davemloft.net,
	netdev@vger.kernel.org, kuba@kernel.org,
	Yuchung Cheng <ycheng@google.com>,
	Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
Date: Fri, 12 Aug 2022 09:34:14 -0400	[thread overview]
Message-ID: <CADVnQykD5NRcjmrbP9bgNaVuhpOaSiC1dxCOF03bL5nTo2HP7g@mail.gmail.com> (raw)
In-Reply-To: <165116521266.24173.17359123747982099697.git-patchwork-notify@kernel.org>

On Thu, Apr 28, 2022 at 1:00 PM <patchwork-bot+netdevbpf@kernel.org> wrote:
>
> Hello:
>
> This series was applied to netdev/net.git (master)
> by Pablo Neira Ayuso <pablo@netfilter.org>:
>
> On Thu, 28 Apr 2022 16:21:07 +0200 you wrote:
> > From: Florian Westphal <fw@strlen.de>
> >
> > Jaco Kroon reported tcp problems that Eric Dumazet and Neal Cardwell
> > pinpointed to nf_conntrack tcp_in_window() bug.
> >
> > tcp trace shows following sequence:
> >
> > [...]
>
> Here is the summary with links:
>   - [net,1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only
>     https://git.kernel.org/netdev/net/c/c7aab4f17021
>   - [net,2/3] netfilter: conntrack: fix udp offload timeout sysctl
>     https://git.kernel.org/netdev/net/c/626873c446f7
>   - [net,3/3] netfilter: nft_socket: only do sk lookups when indev is available
>     https://git.kernel.org/netdev/net/c/743b83f15d40
>
> You are awesome, thank you!
> --
> Deet-doot-dot, I am a bot.
> https://korg.docs.kernel.org/patchwork/pwbot.html

This first commit is an important bug fix for a serious bug that causes
TCP connection hangs for users of TCP fast open and nf_conntrack:

  c7aab4f17021b netfilter: nf_conntrack_tcp: re-init for syn packets only

We are continuing to get reports about the bug that this commit fixes.

It seems this fix was only backported to v5.17 stable release, and not further,
due to a cherry-pick conflict, because this fix implicitly depends on a
slightly earlier v5.17 fix in the same spot:

  82b72cb94666 netfilter: conntrack: re-init state for retransmitted syn-ack

I manually verified that the fix c7aab4f17021b can be cleanly cherry-picked
into the oldest (v4.9.325) and newest (v5.15.60) longterm release kernels as
long as we first cherry-pick that related fix that it implicitly depends on:

82b72cb94666b3dbd7152bb9f441b068af7a921b
netfilter: conntrack: re-init state for retransmitted syn-ack

c7aab4f17021b636a0ee75bcf28e06fb7c94ab48
netfilter: nf_conntrack_tcp: re-init for syn packets only

So would it be possible to backport both of those fixes with the following
cherry-picks, to all LTS stable releases?

git cherry-pick 82b72cb94666b3dbd7152bb9f441b068af7a921b
git cherry-pick c7aab4f17021b636a0ee75bcf28e06fb7c94ab48

Thanks!

Best Regards,
neal

  reply	other threads:[~2022-08-12 13:34 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-28 14:21 [PATCH net 0/3] Netfilter fixes for net Pablo Neira Ayuso
2022-04-28 14:21 ` [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only Pablo Neira Ayuso
2022-04-28 17:00   ` patchwork-bot+netdevbpf
2022-08-12 13:34     ` Neal Cardwell [this message]
2022-08-12 19:17       ` Jakub Kicinski
2022-04-28 14:21 ` [PATCH net 2/3] netfilter: conntrack: fix udp offload timeout sysctl Pablo Neira Ayuso
2022-04-28 14:21 ` [PATCH net 3/3] netfilter: nft_socket: only do sk lookups when indev is available Pablo Neira Ayuso
2022-08-13  1:26 [PATCH net 1/3] netfilter: nf_conntrack_tcp: re-init for syn packets only Thomas Backlund
2022-09-01 12:46 ` Neal Cardwell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CADVnQykD5NRcjmrbP9bgNaVuhpOaSiC1dxCOF03bL5nTo2HP7g@mail.gmail.com \
    --to=ncardwell@google.com \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=patchwork-bot+netdevbpf@kernel.org \
    --cc=ycheng@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.