Ben Hutchings
2011-May-10 02:38 UTC
[Bridge] Bug#625914: linux-image-2.6.38-2-amd64: bridging is not interacting well with multicast in 2.6.38-4
On Fri, 2011-05-06 at 13:12 -0700, Noah Meyerhans wrote:> Package: linux-2.6 > Version: 2.6.38-3 > Severity: normal > > Hi. I've got a system that hosts several kvm virtual hosts. The VMs > access the network via tap devices bridged with a physical interface. > After upgrading to linux-image-2.6.38-2-amd64_2.6.38-4, I noticed that > the virtualhosts were not autoconfiguring their IPv6 interfaces. > Debugging revealed that no multicast was passing over the bridge. > > The bridge configuration is: > bridge name bridge id STP enabled interfaces > br0 8000.0002e3080eb5 no eth1 > tap0 > tap1 > tap2 > > If I attach tcpdump to br0, I can see multicast (e.g. IPv6 Neighbor > Solicitation) packets. However, if I attach tcpdump to eth1, I do not > see multicast packets sourced from one of the VMs. > > Downgrading to 2.6.38-3 solves the problem.This is pretty weird. Debian version 2.6.38-3 has a few bridging changes from stable 2.6.38.3 and 2.6.38.4, but they don't look like they would cause this. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 828 bytes Desc: This is a digitally signed message part Url : http://lists.linux-foundation.org/pipermail/bridge/attachments/20110510/e95bfa84/attachment.pgp
Stephen Hemminger
2011-May-10 03:15 UTC
[Bridge] Bug#625914: linux-image-2.6.38-2-amd64: bridging is not interacting well with multicast in 2.6.38-4
On Tue, 10 May 2011 03:38:44 +0100 Ben Hutchings <ben at decadent.org.uk> wrote:> On Fri, 2011-05-06 at 13:12 -0700, Noah Meyerhans wrote: > > Package: linux-2.6 > > Version: 2.6.38-3 > > Severity: normal > > > > Hi. I've got a system that hosts several kvm virtual hosts. The VMs > > access the network via tap devices bridged with a physical interface. > > After upgrading to linux-image-2.6.38-2-amd64_2.6.38-4, I noticed that > > the virtualhosts were not autoconfiguring their IPv6 interfaces. > > Debugging revealed that no multicast was passing over the bridge. > > > > The bridge configuration is: > > bridge name bridge id STP enabled interfaces > > br0 8000.0002e3080eb5 no eth1 > > tap0 > > tap1 > > tap2 > > > > If I attach tcpdump to br0, I can see multicast (e.g. IPv6 Neighbor > > Solicitation) packets. However, if I attach tcpdump to eth1, I do not > > see multicast packets sourced from one of the VMs. > > > > Downgrading to 2.6.38-3 solves the problem. > > This is pretty weird. Debian version 2.6.38-3 has a few bridging > changes from stable 2.6.38.3 and 2.6.38.4, but they don't look like they > would cause this. > > Ben.There are two possible explainations: 1. In 2.6.37 and kernels the bridge uses IGMP snooping, there were several fixes to that in the stable kernel; especially related to IPv6. 2. There was also a recent change to block link local multicast address. But that should impact what you are doing.
Noah Meyerhans
2011-May-10 04:38 UTC
[Bridge] Bug#625914: linux-image-2.6.38-2-amd64: bridging is not interacting well with multicast in 2.6.38-4
On Tue, May 10, 2011 at 03:38:44AM +0100, Ben Hutchings wrote:> This is pretty weird. Debian version 2.6.38-3 has a few bridging > changes from stable 2.6.38.3 and 2.6.38.4, but they don't look like they > would cause this.I have apparently filed the bug against the wrong version of Debian's kernel. 2.6.38-3 is not affected, and works as expected. The change was introduced in -4. That may have been clear from the report itself, but the report was filed against -3. I've fixed that in the BTS. I've also confirmed that -5 is affected, to no great surprise. I'll investigate further. noah -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.linux-foundation.org/pipermail/bridge/attachments/20110509/39d0542f/attachment.pgp
Le vendredi 13 mai 2011 ? 12:53 -0700, Stephen Hemminger a ?crit :> The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > bridge: Reset IPCB when entering IP stack on NF_FORWARD > broke forwarding of IPV6 packets in bridge because it would > call bp_parse_ip_options with an IPV6 packet. > > Reported-by: Noah Meyerhans <noahm at debian.org> > Signed-off-by: Stephen Hemminger <shemminger at vyatta.com> > > --- > Patch against net-next-2.6 but must be applied to net-2.6 > and stable as well >Well, stable is not needed, since faulty commit is not in 2.6.38 Reviewed-by: Eric Dumazet <eric.dumazet at gmail.com>
From: Eric Dumazet <eric.dumazet at gmail.com> Date: Fri, 13 May 2011 22:00:44 +0200> Le vendredi 13 mai 2011 ? 12:53 -0700, Stephen Hemminger a ?crit : >> The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e >> bridge: Reset IPCB when entering IP stack on NF_FORWARD >> broke forwarding of IPV6 packets in bridge because it would >> call bp_parse_ip_options with an IPV6 packet. >> >> Reported-by: Noah Meyerhans <noahm at debian.org> >> Signed-off-by: Stephen Hemminger <shemminger at vyatta.com> >> >> --- >> Patch against net-next-2.6 but must be applied to net-2.6 >> and stable as well >> > > Well, stable is not needed, since faulty commit is not in 2.6.38 > > Reviewed-by: Eric Dumazet <eric.dumazet at gmail.com>I do need to queue it up for -stable because the faulty commit is also queued up there :-)
From: Stephen Hemminger <shemminger at vyatta.com> Date: Fri, 13 May 2011 12:53:14 -0700> The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > bridge: Reset IPCB when entering IP stack on NF_FORWARD > broke forwarding of IPV6 packets in bridge because it would > call bp_parse_ip_options with an IPV6 packet. > > Reported-by: Noah Meyerhans <noahm at debian.org> > Signed-off-by: Stephen Hemminger <shemminger at vyatta.com> > > --- > Patch against net-next-2.6 but must be applied to net-2.6 > and stable as wellApplied and queued up for -stable, thanks!
Le vendredi 13 mai 2011 ? 16:02 -0400, David Miller a ?crit :> I do need to queue it up for -stable because the faulty commit is > also queued up there :-)okay ;)
On Fri, 13 May 2011 16:02:32 -0400 (EDT) David Miller <davem at davemloft.net> wrote:> From: Eric Dumazet <eric.dumazet at gmail.com> > Date: Fri, 13 May 2011 22:00:44 +0200 > > > Le vendredi 13 mai 2011 ? 12:53 -0700, Stephen Hemminger a ?crit : > >> The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > >> bridge: Reset IPCB when entering IP stack on NF_FORWARD > >> broke forwarding of IPV6 packets in bridge because it would > >> call bp_parse_ip_options with an IPV6 packet. > >> > >> Reported-by: Noah Meyerhans <noahm at debian.org> > >> Signed-off-by: Stephen Hemminger <shemminger at vyatta.com> > >> > >> --- > >> Patch against net-next-2.6 but must be applied to net-2.6 > >> and stable as well > >> > > > > Well, stable is not needed, since faulty commit is not in 2.6.38 > > > > Reviewed-by: Eric Dumazet <eric.dumazet at gmail.com> > > I do need to queue it up for -stable because the faulty commit is > also queued up there :-)The faulty commit was in 2.6.38.4