All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Bernhard Thaler <bernhard.thaler@wvnet.at>
Cc: kadlec@blackhole.kfki.hu, netfilter-devel@vger.kernel.org, fw@strlen.de
Subject: Re: [PATCHv7 4/4] netfilter: bridge: forward IPv6 fragmented packets
Date: Fri, 12 Jun 2015 14:26:22 +0200	[thread overview]
Message-ID: <20150612122622.GG13530@salvia> (raw)
In-Reply-To: <1432992616-4195-1-git-send-email-bernhard.thaler@wvnet.at>

On Sat, May 30, 2015 at 03:30:16PM +0200, Bernhard Thaler wrote:
> IPv6 fragmented packets are not forwarded on an ethernet bridge
> with netfilter ip6_tables loaded. e.g. steps to reproduce
> 
> 1) create a simple bridge like this
> 
>         modprobe br_netfilter
>         brctl addbr br0
>         brctl addif br0 eth0
>         brctl addif br0 eth2
>         ifconfig eth0 up
>         ifconfig eth2 up
>         ifconfig br0 up
> 
> 2) place a host with an IPv6 address on each side of the bridge
> 
>         set IPv6 address on host A:
>         ip -6 addr add fd01:2345:6789:1::1/64 dev eth0
> 
>         set IPv6 address on host B:
>         ip -6 addr add fd01:2345:6789:1::2/64 dev eth0
> 
> 3) run a simple ping command on host A with packets > MTU
> 
>         ping6 -s 4000 fd01:2345:6789:1::2
> 
> 4) wait some time and run e.g. "ip6tables -t nat -nvL" on the bridge
> 
> IPv6 fragmented packets traverse the bridge cleanly until somebody runs.
> "ip6tables -t nat -nvL". As soon as it is run (and netfilter modules are
> loaded) IPv6 fragmented packets do not traverse the bridge any more (you
> see no more responses in ping's output).
> 
> After applying this patch IPv6 fragmented packets traverse the bridge
> cleanly in above scenario.

Applied, thanks Bernhard.


      reply	other threads:[~2015-06-12 12:21 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-30 13:30 [PATCHv7 4/4] netfilter: bridge: forward IPv6 fragmented packets Bernhard Thaler
2015-06-12 12:26 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150612122622.GG13530@salvia \
    --to=pablo@netfilter.org \
    --cc=bernhard.thaler@wvnet.at \
    --cc=fw@strlen.de \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.