Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


----- Original Message -----
> From: "Linus Lüssing" <linus.luessing@xxxxxx>
> To: "Jan Stancek" <jstancek@xxxxxxxxxx>
> Cc: netdev@xxxxxxxxxxxxxxx, "Florian Westphal" <fwestpha@xxxxxxxxxx>, bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx
> Sent: Tuesday, 4 March, 2014 10:37:57 PM
> Subject: Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest
> > I'm not sure if it's Linux (I'm trying to locate that system by MAC), but I
> > see
> > packets like these on my network every ~125 seconds:
> > 
> > No.     Time        Source                Destination           Protocol
> > Length Info
> >   22675 1334.751135 ::                    ff02::1               ICMPv6   86
> >   Multicast Listener Query
> 
> It's probably the bridge on this ancient kernel, you might want to
> backport the following patch:

Hi,

The example above was from box, which turned out not be running Linux.

> 
> If these patches on host B xor the sanity check I just submitted applied
> on your host A / VM host fix your issue, then they might be worth
> considering for the stable queue.

Is it necessary to apply same patch also on any (older) kernel running in VM?

I applied your sanity check patch [1] on host A only and I wasn't able to reproduce
this issue any longer when I sent this malformed packet from host B:
  Ethernet II, Src: Hewlett-_47:93:1c (00:21:5a:47:93:1c), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
  Internet Protocol Version 6, Src: 100:0:600:0:78fb:100:: (100:0:600:0:78fb:100::), Dst: ff02::1 (ff02::1)
  Internet Control Message Protocol v6


I hand-crafted one new packet from malformed one used in previous tests.
I modified source address from :: to host B link-scope address and changed
dst address from ff02::1 to ff02::1:ffaa:aaaa

Ethernet II, Src: Hewlett-_47:93:1c (00:21:5a:47:93:1c), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::221:5aff:fe47:931c (fe80::221:5aff:fe47:931c), Dst: ff02::1:ffaa:aaaa (ff02::1:ffaa:aaaa)
Internet Control Message Protocol v6
    Type: Multicast Listener Query (130)
    Code: 0
    Checksum: 0xe365 [correct]
    Maximum Response Delay [ms]: 1000
    Reserved: 0000
    Multicast Address: :: (::)

When I sent it from host B, guest on host A hit same issue - it stopped seeing
neighbor solicitation packets. host A was running 3.14.0-rc5 kernel with
patch [1] applied.

Then I updated kernel on guest to 3.14.0-rc5 + patch [1], but result was the same.
Here is trace from guest: http://jan.stancek.eu/tmp/neigh_solicit_and_bridge_traces2/
host B was sending neigh solicit every 5 seconds:
  frame 134, 135 -> OK
  frame 216, 217 -> OK
  frame 329, 330 -> OK
  frame 432, 433 -> OK
  frame 459 -> new hand-crafted packet
  after 35 second mark, guest doesn't see any longer neigh solicit packets

Regards,
Jan

[1] bridge: multicast: add sanity check for query source addresses
[Index of Archives]     [Netdev]     [AoE Tools]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux