Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754013AbbBJJGB (ORCPT ); Tue, 10 Feb 2015 04:06:01 -0500 Received: from mailhub.sw.ru ([195.214.232.25]:5517 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753037AbbBJJF6 (ORCPT ); Tue, 10 Feb 2015 04:05:58 -0500 X-Greylist: delayed 1149 seconds by postgrey-1.27 at vger.kernel.org; Tue, 10 Feb 2015 04:05:57 EST Message-ID: <54D9C4ED.6040601@parallels.com> Date: Tue, 10 Feb 2015 11:44:29 +0300 From: Vasily Averin Organization: Parallels User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: =?UTF-8?B?TGludXMgTMO8c3Npbmc=?= , netdev@vger.kernel.org CC: bridge@lists.linux-foundation.org, Stephen Hemminger , "David S. Miller" , linux-kernel@vger.kernel.org, Herbert Xu , Cong Wang , Adam Baker Subject: Re: bride: IPv6 multicast snooping enhancements References: <1378253619-23918-1-git-send-email-linus.luessing@web.de> In-Reply-To: <1378253619-23918-1-git-send-email-linus.luessing@web.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2100 Lines: 46 This patch prevent forwarding of ICMPv6 in bridges, so containers/VMs with virtual eth adapters connected in local bridge cannot ping each other via ipv6 (but can do it via ipv4) Could you please clarify, is it expected behavior? Do we need to enable multicast routing or multicast_snooping on all local ports on such bridges to enable just ICMPv6? I believe ICMPv6 is an exception and should not be filtered by multicast spoofing. Thank you, Vasily Averin On 04.09.2013 04:13, Linus Lüssing wrote: > Hi, > > Here are two, small feature changes I would like to submit to increase > the usefulness of the multicast snooping of the bridge code. > > The first patch is an unaltered one I had submitted before, but since it > got no feedback I'm resubmitting it here for net-next. With the recently > added patch to disable snooping if there is no querier (b00589af + 248ba8ec05 > + 8d50af4fb), it should be a safe choice now (without these, patch 1/2 would > have introduced another potential for lost IPv6 multicast packets). > > Both conceptually and also with some testing and fuzzing, I couldn't spot > any more causes for potential packet loss. And since the multicast snooping > code has now been tried by various people, I think it should be a safe > choice to apply the multicast snooping not only for IPv6 multicast packets > with a scope greater than link-local, but also for packets of exactly this > scope. The IPv6 standard mandates MLD reports for link-local multicast, too, > so we can safely snoop them as well (in contrast to IPv4 link-local). > > Cheers, Linus > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/