Re: [Bridge] bridge is not forwaring ICMP6 neighbor solicitation to KVM guest

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jan Stancek <jstancek@redhat.com>
To: "Linus Lüssing" <linus.luessing@web.de>
Cc: netdev@vger.kernel.org, Florian Westphal <fwestpha@redhat.com>,
	bridge@lists.linux-foundation.org
Subject: Re: [Bridge] bridge is not forwaring ICMP6 neighbor solicitation to KVM guest
Date: Wed, 5 Mar 2014 09:57:52 -0500 (EST)	[thread overview]
Message-ID: <1662523546.13613467.1394031472806.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <20140305142706.GL5090@Linus-Debian>





----- Original Message -----
> From: "Linus Lüssing" <linus.luessing@web.de>
> To: "Jan Stancek" <jstancek@redhat.com>
> Cc: netdev@vger.kernel.org, "Florian Westphal" <fwestpha@redhat.com>, bridge@lists.linux-foundation.org
> Sent: Wednesday, 5 March, 2014 3:27:07 PM
> Subject: Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest

<snip>

> 
> > I hand-crafted one new packet from malformed one used in previous tests.
> > I modified source address from :: to host B link-scope address and changed
> > dst address from ff02::1 to ff02::1:ffaa:aaaa
> 
> Okay, again according to your capture the guest is receiving the
> MLD query on its interface but does not react with an MLD report.
> 
> Two things I'd like to know:
> 
> Is using the link-scope address as a source and "ff02::1" as the
> destination address for the MLD query work for you?

Yes, I could not trigger it with such query:
http://jan.stancek.eu/tmp/neigh_solicit_and_bridge_traces2/guest_mld_query_ff02_1.cap
  frame 795 -> query
  frame 1040 -> MLD report from guest
  ~20 seconds later
  frame 1507, 1508 -> neigh solicit/advert
  frame 1580, 1581 -> neigh solicit/advert

> 
> Is using the link-scope address as a source and "ff02::1:ff00:29"
> as the destination address for the MLD query "work" for you (do
> we see an MLD report from the guest and keep on seeing neighbor
> solicitations from host B then?).

Yes, this also worked (though I received 2 reports):
http://jan.stancek.eu/tmp/neigh_solicit_and_bridge_traces2/guest_mld_query_ff02_1_ff0029.cap
  frame 446 -> query
  frame 448 -> MLD report from guest
  frame 465 -> MLD report from guest
  frame 689, 690 -> neigh solicit/advert
  frame 760, 761 -> neigh solicit/advert
  ...

Both host and guest were running 3.14.0-rc5 with your sanity check patch.

Regards,
Jan

> 
> For the latter, I don't see anything in particular filtering these
> for a general MLD query wrong destination address in the IPv6
> code from igmp6_event_query() on. But I suspect that the query
> doesn't even get that far on the kernel of the guest, as it is not
> listening on ff02::1:ffaa:aaaa. Therefore the test with
> "ff02::1:ff00:29", an address the guest is listening on, would be
> interesting.
> 
> If that works, then I'm going to make a patch ignore General MLD
> Queries without ff02::1 as their destination address, too.
> 
> 
> Hm, looking at more checks in igmp6_event_query(), I'm currently
> wondering whether we should only enable the snooping behaviour in
> the bridge when receiving a General MLD Query, so one with "::" in
> the multicast field of the MLD message, instead of activating it
> upon a Multicast-Address-Specific Query, too. That'd seem more
> sane to me, I'm going to make a patch for that tomorrow.
> 
> Cheers, Linus
>

WARNING: multiple messages have this Message-ID (diff)

From: Jan Stancek <jstancek@redhat.com>
To: "Linus Lüssing" <linus.luessing@web.de>
Cc: netdev@vger.kernel.org, Florian Westphal <fwestpha@redhat.com>,
	bridge@lists.linux-foundation.org
Subject: Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest
Date: Wed, 5 Mar 2014 09:57:52 -0500 (EST)	[thread overview]
Message-ID: <1662523546.13613467.1394031472806.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <20140305142706.GL5090@Linus-Debian>





----- Original Message -----
> From: "Linus Lüssing" <linus.luessing@web.de>
> To: "Jan Stancek" <jstancek@redhat.com>
> Cc: netdev@vger.kernel.org, "Florian Westphal" <fwestpha@redhat.com>, bridge@lists.linux-foundation.org
> Sent: Wednesday, 5 March, 2014 3:27:07 PM
> Subject: Re: bridge is not forwaring ICMP6 neighbor solicitation to KVM guest

<snip>

> 
> > I hand-crafted one new packet from malformed one used in previous tests.
> > I modified source address from :: to host B link-scope address and changed
> > dst address from ff02::1 to ff02::1:ffaa:aaaa
> 
> Okay, again according to your capture the guest is receiving the
> MLD query on its interface but does not react with an MLD report.
> 
> Two things I'd like to know:
> 
> Is using the link-scope address as a source and "ff02::1" as the
> destination address for the MLD query work for you?

Yes, I could not trigger it with such query:
http://jan.stancek.eu/tmp/neigh_solicit_and_bridge_traces2/guest_mld_query_ff02_1.cap
  frame 795 -> query
  frame 1040 -> MLD report from guest
  ~20 seconds later
  frame 1507, 1508 -> neigh solicit/advert
  frame 1580, 1581 -> neigh solicit/advert

> 
> Is using the link-scope address as a source and "ff02::1:ff00:29"
> as the destination address for the MLD query "work" for you (do
> we see an MLD report from the guest and keep on seeing neighbor
> solicitations from host B then?).

Yes, this also worked (though I received 2 reports):
http://jan.stancek.eu/tmp/neigh_solicit_and_bridge_traces2/guest_mld_query_ff02_1_ff0029.cap
  frame 446 -> query
  frame 448 -> MLD report from guest
  frame 465 -> MLD report from guest
  frame 689, 690 -> neigh solicit/advert
  frame 760, 761 -> neigh solicit/advert
  ...

Both host and guest were running 3.14.0-rc5 with your sanity check patch.

Regards,
Jan

> 
> For the latter, I don't see anything in particular filtering these
> for a general MLD query wrong destination address in the IPv6
> code from igmp6_event_query() on. But I suspect that the query
> doesn't even get that far on the kernel of the guest, as it is not
> listening on ff02::1:ffaa:aaaa. Therefore the test with
> "ff02::1:ff00:29", an address the guest is listening on, would be
> interesting.
> 
> If that works, then I'm going to make a patch ignore General MLD
> Queries without ff02::1 as their destination address, too.
> 
> 
> Hm, looking at more checks in igmp6_event_query(), I'm currently
> wondering whether we should only enable the snooping behaviour in
> the bridge when receiving a General MLD Query, so one with "::" in
> the multicast field of the MLD message, instead of activating it
> upon a Multicast-Address-Specific Query, too. That'd seem more
> sane to me, I'm going to make a patch for that tomorrow.
> 
> Cheers, Linus
>

next prev parent reply	other threads:[~2014-03-05 14:57 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1566805413.12693479.1393872931017.JavaMail.zimbra@redhat.com>
2014-03-03 19:47 ` bridge is not forwaring ICMP6 neighbor solicitation to KVM guest Jan Stancek
2014-03-03 21:27   ` [Bridge] " Linus Lüssing
2014-03-03 21:27     ` Linus Lüssing
2014-03-03 21:40     ` [Bridge] " Vlad Yasevich
2014-03-03 21:40       ` Vlad Yasevich
2014-03-03 23:03       ` [Bridge] " Linus Lüssing
2014-03-03 23:03         ` Linus Lüssing
2014-03-03 22:45     ` [Bridge] " Jan Stancek
2014-03-03 22:45       ` Jan Stancek
2014-03-04  0:00       ` [Bridge] " Linus Lüssing
2014-03-04  0:00         ` Linus Lüssing
2014-03-04  8:02         ` [Bridge] " Jan Stancek
2014-03-04  8:02           ` Jan Stancek
2014-03-04 10:52           ` [Bridge] " Linus Lüssing
2014-03-04 10:52             ` Linus Lüssing
2014-03-04 11:06             ` [Bridge] " Jan Stancek
2014-03-04 11:06               ` Jan Stancek
2014-03-04 21:37               ` [Bridge] " Linus Lüssing
2014-03-04 21:37                 ` Linus Lüssing
2014-03-05 12:10                 ` [Bridge] " Jan Stancek
2014-03-05 12:10                   ` Jan Stancek
2014-03-05 14:27                   ` [Bridge] " Linus Lüssing
2014-03-05 14:27                     ` Linus Lüssing
2014-03-05 14:57                     ` Jan Stancek [this message]
2014-03-05 14:57                       ` Jan Stancek
2014-03-12  4:37                       ` [Bridge] " Linus Lüssing
2014-03-12  4:37                         ` Linus Lüssing
2014-03-12  7:45                         ` [Bridge] " Jan Stancek
2014-03-12  7:45                           ` Jan Stancek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1662523546.13613467.1394031472806.JavaMail.zimbra@redhat.com \
    --to=jstancek@redhat.com \
    --cc=bridge@lists.linux-foundation.org \
    --cc=fwestpha@redhat.com \
    --cc=linus.luessing@web.de \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.