On Mon, Feb 25, 2019 at 04:21:14PM -0800, David Ahern wrote:
> From: David Ahern <dsahern@xxxxxxxxx>
>
> Followup to a173f066c7cf ("netfilter: bridge: Don't sabotage nf_hook
> calls from an l3mdev"). Some packets (e.g., ndisc) do not have the skb
> device flipped to the l3mdev (e.g., VRF) device. Update ip_sabotage_in
> to not drop packets for slave devices too. Currently, neighbor
> solicitation packets for 'dev -> bridge (addr) -> vrf' setups are getting
> dropped. This patch enables IPv6 communications for bridges with an
> address that are enslaved to a VRF.
Applied.
