Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets

To: Steffen Weinreich <steve@weinreich.org>
Cc: 1002706@bugs.debian.org, Pablo Neira Ayuso <pablo@netfilter.org>, Florian Westphal <fw@strlen.de>
Subject: Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 27 Jan 2022 22:21:35 +0100
Message-id: <YfMM30/cvGxtDxp5@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1002706@bugs.debian.org
In-reply-to: <[🔎] f703f413-bb1d-d925-9434-f8e76fbdb397@weinreich.org>
References: <Yc8H9sHapPLHKWXV@salvia> <c419f813-8073-2fb7-1988-ffd38867caaa@weinreich.org> <[🔎] bb54b6a3-7332-29a9-0c3f-0fac84aa9ab1@weinreich.org> <[🔎] YdR2SWh5zbGlP1vb@eldamar.lan> <[🔎] f8e22a8d-8080-1a1c-e2e0-2fc556066ed8@weinreich.org> <[🔎] YdR9UrxgCrmCY+wK@eldamar.lan> <[🔎] 0340be43-d0e7-ca49-ea8d-569c8da925c7@weinreich.org> <[🔎] f703f413-bb1d-d925-9434-f8e76fbdb397@weinreich.org> <c419f813-8073-2fb7-1988-ffd38867caaa@weinreich.org>

Hi,

On Thu, Jan 27, 2022 at 06:26:10PM +0100, Steffen Weinreich wrote:
> Hi all,
> 
> The patch made its way to mainline / latest
> 
> Any chance to get it backported to 4.19?

It would be need to have a backport sent stable@vger.kernel.org . Once
it lands in the older stable series, we can include it as well
downstream in Debian. What does Pablo say on the backport for the
older series? I see it has been applied to 5.15.17 and 5.16.3, but is
not yet queued for older series.

Let's CC Pablo and Florian.

Pablo, Florian, Steffen is asking for a fix as well back to 4.19.y to
address the issue fixed in mainline with 4e1860a38637 ("netfilter:
nft_payload: do not update layer 4 checksum when mangling fragments").
Do you know will it be picked up as well for the older stable series
affected?

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Florian Westphal <fw@strlen.de>

References:
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>
- Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
  - From: Steffen Weinreich <steve@weinreich.org>

Prev by Date: Re: systemd bogus(?) remounts since upgrade to 249.5-1
Next by Date: Processed: Re: systemd bogus(?) remounts since upgrade to 249.5-1
Previous by thread: Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
Next by thread: Bug#1002706: Fwd: nftables stateless NAT in raw table mangles fragmented UDP packets
Index(es):
- Date
- Thread