Request for a backport to Linux v5.4

Request for a backport to Linux v5.4

[Gianluca Anzolin]

Hello,

I'm writing to request a backport of the following commit:

    2e34328b396a netfilter: nft_exthdr: fix endianness of tcp option cast

to the stable version of Linux v5.4.

This bugfix never landed to Linux v5.4: a later similar endianness 
bugfix (b428336676db) instead did (see commit 666d1d1a0584).

The aforementioned commit fixes an endianness bug in the mangling of the 
MSS tcp option for nftables.

This bug bites hard big-endian routers (MIPS for example) running the 
PPPoE stack and nftables.

The following rule:

     nft add rule ip filter forward tcp flags syn tcp option maxseg size 
set rt mtu

instead of changing the MSS value the one in the routing cache, ZEROES 
it, disrupting the tcp connections.

A backport would be nice because Linux v5.4 is the release used in the 
upcoming stable release of OpenWRT (21.02).

I already submitted a bug-report to OpenWRT a few weeks ago but I've got 
no answer yet maybe because they still use iptables as the default 
netfilter tool, even if they offer nftables as an alternative.

Still I think this bug should be fixed in the stable versions of the kernel.

This way it will also come to OpenWRT when they update the kernel to the 
latest minor version, even if the maintainers don't see the my bug 
report is ignored.

I'd like to thank you for the attention you paid to this message even if 
I probably didn't follow the right process for reporting the problem.

Regards,

Gianluca Anzolin

Re: Request for a backport to Linux v5.4

[Florian Westphal]

Gianluca Anzolin <gianluca@sottospazio.it> wrote:

[ CC stable ]

> I'm writing to request a backport of the following commit:
> 
>    2e34328b396a netfilter: nft_exthdr: fix endianness of tcp option cast
> to the stable version of Linux v5.4.

Hello stable maintainers, can you please pick this change
for 5.4, 4.19 and 4.14?

It applies cleanly to all of those branches.
I'll leave rest as full-quote for context.

> This bugfix never landed to Linux v5.4: a later similar endianness bugfix
> (b428336676db) instead did (see commit 666d1d1a0584).
> 
> The aforementioned commit fixes an endianness bug in the mangling of the MSS
> tcp option for nftables.
> 
> This bug bites hard big-endian routers (MIPS for example) running the PPPoE
> stack and nftables.
> 
> The following rule:
> 
>     nft add rule ip filter forward tcp flags syn tcp option maxseg size set
> rt mtu
> 
> instead of changing the MSS value the one in the routing cache, ZEROES it,
> disrupting the tcp connections.
> 
> A backport would be nice because Linux v5.4 is the release used in the
> upcoming stable release of OpenWRT (21.02).
> 
> I already submitted a bug-report to OpenWRT a few weeks ago but I've got no
> answer yet maybe because they still use iptables as the default netfilter
> tool, even if they offer nftables as an alternative.
> 
> Still I think this bug should be fixed in the stable versions of the kernel.
> 
> This way it will also come to OpenWRT when they update the kernel to the
> latest minor version, even if the maintainers don't see the my bug report is
> ignored.
> 
> I'd like to thank you for the attention you paid to this message even if I
> probably didn't follow the right process for reporting the problem.
> 
> Regards,
> 
> Gianluca Anzolin

Re: Request for a backport to Linux v5.4

[Sasha Levin]

On Tue, Aug 24, 2021 at 05:46:29PM +0200, Florian Westphal wrote:
>Gianluca Anzolin <gianluca@sottospazio.it> wrote:
>
>[ CC stable ]
>
>> I'm writing to request a backport of the following commit:
>>
>>    2e34328b396a netfilter: nft_exthdr: fix endianness of tcp option cast
>> to the stable version of Linux v5.4.
>
>Hello stable maintainers, can you please pick this change
>for 5.4, 4.19 and 4.14?
>
>It applies cleanly to all of those branches.
>I'll leave rest as full-quote for context.
>
>> This bugfix never landed to Linux v5.4: a later similar endianness bugfix
>> (b428336676db) instead did (see commit 666d1d1a0584).
>>
>> The aforementioned commit fixes an endianness bug in the mangling of the MSS
>> tcp option for nftables.
>>
>> This bug bites hard big-endian routers (MIPS for example) running the PPPoE
>> stack and nftables.
>>
>> The following rule:
>>
>>     nft add rule ip filter forward tcp flags syn tcp option maxseg size set
>> rt mtu
>>
>> instead of changing the MSS value the one in the routing cache, ZEROES it,
>> disrupting the tcp connections.
>>
>> A backport would be nice because Linux v5.4 is the release used in the
>> upcoming stable release of OpenWRT (21.02).
>>
>> I already submitted a bug-report to OpenWRT a few weeks ago but I've got no
>> answer yet maybe because they still use iptables as the default netfilter
>> tool, even if they offer nftables as an alternative.
>>
>> Still I think this bug should be fixed in the stable versions of the kernel.
>>
>> This way it will also come to OpenWRT when they update the kernel to the
>> latest minor version, even if the maintainers don't see the my bug report is
>> ignored.
>>
>> I'd like to thank you for the attention you paid to this message even if I
>> probably didn't follow the right process for reporting the problem.

I've queued it up, thanks!

-- 
Thanks,
Sasha