lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 9 May 2011 20:15:28 -0700
From:	Stephen Hemminger <shemminger@...tta.com>
To:	Ben Hutchings <ben@...adent.org.uk>
Cc:	Noah Meyerhans <noahm@...ian.org>, 625914@...s.debian.org,
	netdev <netdev@...r.kernel.org>,
	bridge@...ts.linux-foundation.org
Subject: Re: Bug#625914: linux-image-2.6.38-2-amd64: bridging is not
 interacting well with multicast in 2.6.38-4

On Tue, 10 May 2011 03:38:44 +0100
Ben Hutchings <ben@...adent.org.uk> wrote:

> On Fri, 2011-05-06 at 13:12 -0700, Noah Meyerhans wrote:
> > Package: linux-2.6
> > Version: 2.6.38-3
> > Severity: normal
> > 
> > Hi. I've got a system that hosts several kvm virtual hosts.  The VMs
> > access the network via tap devices bridged with a physical interface.
> > After upgrading to linux-image-2.6.38-2-amd64_2.6.38-4, I noticed that
> > the virtualhosts were not autoconfiguring their IPv6 interfaces.
> > Debugging revealed that no multicast was passing over the bridge.
> > 
> > The bridge configuration is:
> > bridge name     bridge id               STP enabled     interfaces
> > br0             8000.0002e3080eb5       no              eth1
> >                                                         tap0
> >                                                         tap1
> >                                                         tap2
> > 
> > If I attach tcpdump to br0, I can see multicast (e.g. IPv6 Neighbor
> > Solicitation) packets.  However, if I attach tcpdump to eth1, I do not
> > see multicast packets sourced from one of the VMs.
> > 
> > Downgrading to 2.6.38-3 solves the problem.
> 
> This is pretty weird.  Debian version 2.6.38-3 has a few bridging
> changes from stable 2.6.38.3 and 2.6.38.4, but they don't look like they
> would cause this.
> 
> Ben.

There are two possible explainations:
  1. In 2.6.37 and kernels the bridge uses IGMP snooping, there were several
     fixes to that in the stable kernel; especially related to IPv6.

  2. There was also a recent change to block link local multicast
     address. But that should impact what you are doing.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ