[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150210114428.GK2489@odroid>
Date: Tue, 10 Feb 2015 12:44:28 +0100
From: Linus Lüssing <linus.luessing@...3.blue>
To: Vasily Averin <vvs@...allels.com>
Cc: netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
Stephen Hemminger <stephen@...workplumber.org>,
"David S. Miller" <davem@...emloft.net>,
linux-kernel@...r.kernel.org,
Herbert Xu <herbert@...dor.apana.org.au>,
Cong Wang <amwang@...hat.com>
Subject: Re: bride: IPv6 multicast snooping enhancements
Hi Vasily,
On Tue, Feb 10, 2015 at 11:44:29AM +0300, Vasily Averin wrote:
> This patch prevent forwarding of ICMPv6 in bridges,
> so containers/VMs with virtual eth adapters connected in local bridge cannot ping each other via ipv6 (but can do it via ipv4)
If a host wants to receive packets, then it needs to signalize
that via MLD. If your host does not do that, then it is expected
to not receive ICMPv6 echo requests to multicast addresses. An
exception is ff02::1, that should always work.
>
> Could you please clarify, is it expected behavior?
> Do we need to enable multicast routing or multicast_snooping on all local ports on such bridges to enable just ICMPv6?
Nope, you shouldn't. You'd need multicast listeners. You shouldn't
need to play with the bridge settings to fix protocols.
> I believe ICMPv6 is an exception and should not be filtered by multicast spoofing.
Signaling multicast joins is mandatory by the IPv6 standard. If
your protocol/application does not do that, then it seems to me
that the application might be broken.
By the way, which kernel version(s) are you using?
Cheers, Linus
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists