This patch prevent forwarding of ICMPv6 in bridges,
so containers/VMs with virtual eth adapters connected in local bridge cannot
ping each other via ipv6 (but can do it via ipv4)
Could you please clarify, is it expected behavior?
Do we need to enable multicast routing or multicast_snooping on all local ports
on such bridges to enable just ICMPv6?
I believe ICMPv6 is an exception and should not be filtered by multicast
spoofing.
Thank you,
Vasily Averin
On 04.09.2013 04:13, Linus L?ssing wrote:> Hi,
>
> Here are two, small feature changes I would like to submit to increase
> the usefulness of the multicast snooping of the bridge code.
>
> The first patch is an unaltered one I had submitted before, but since it
> got no feedback I'm resubmitting it here for net-next. With the
recently
> added patch to disable snooping if there is no querier (b00589af +
248ba8ec05
> + 8d50af4fb), it should be a safe choice now (without these, patch 1/2
would
> have introduced another potential for lost IPv6 multicast packets).
>
> Both conceptually and also with some testing and fuzzing, I couldn't
spot
> any more causes for potential packet loss. And since the multicast snooping
> code has now been tried by various people, I think it should be a safe
> choice to apply the multicast snooping not only for IPv6 multicast packets
> with a scope greater than link-local, but also for packets of exactly this
> scope. The IPv6 standard mandates MLD reports for link-local multicast,
too,
> so we can safely snoop them as well (in contrast to IPv4 link-local).
>
> Cheers, Linus
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe
linux-kernel" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
>
>