From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: David Miller <davem@davemloft.net>, mkubecek@suse.cz
Cc: yoshfuji@linux-ipv6.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
linux-kernel@vger.kernel.org, kuznet@ms2.inr.ac.ru,
jmorris@namei.org, kaber@trash.net, pablo@netfilter.org,
kadlec@blackhole.kfki.hu
Subject: Re: [PATCH net] ipv6: distinguish frag queues by device for multicast and link-local packets
Date: Tue, 24 Nov 2015 23:01:50 +0100 [thread overview]
Message-ID: <1448402510.1490470.449206321.69897BEE@webmail.messagingengine.com> (raw)
In-Reply-To: <20151124.164625.1632013093413416374.davem@davemloft.net>
On Tue, Nov 24, 2015, at 22:46, David Miller wrote:
> From: Michal Kubecek <mkubecek@suse.cz>
> Date: Tue, 24 Nov 2015 15:07:11 +0100 (CET)
>
> > If a fragmented multicast packet is received on an ethernet device which
> > has an active macvlan on top of it, each fragment is duplicated and
> > received both on the underlying device and the macvlan. If some
> > fragments for macvlan are processed before the whole packet for the
> > underlying device is reassembled, the "overlapping fragments" test in
> > ip6_frag_queue() discards the whole fragment queue.
> >
> > To resolve this, add device ifindex to the search key and require it to
> > match reassembling multicast packets and packets to link-local
> > addresses.
> >
> > Note: similar patch has been already submitted by Yoshifuji Hideaki in
> >
> > http://patchwork.ozlabs.org/patch/220979/
> >
> > but got lost and forgotten for some reason.
> >
> > Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
>
> This is definitely the right thing to do and matches how ipv4 keys
> fragments.
>
> Applied and queued up for -stable, thanks!
I reviewed it earlier and agree last time that this patch is necessary.
Unfortunately forgot to ack before. :(
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
In IPv4 as in IPv6 global addresses we have to expect packets coming
over multiple interfaces, it is only correct for local and multicast
scoped addresses. In IPv4 we don't really key the device index, only in
case of an vrf interface.
Thanks,
Hannes
prev parent reply other threads:[~2015-11-24 22:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-24 14:07 [PATCH net] ipv6: distinguish frag queues by device for multicast and link-local packets Michal Kubecek
2015-11-24 21:46 ` David Miller
2015-11-24 22:01 ` Hannes Frederic Sowa [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1448402510.1490470.449206321.69897BEE@webmail.messagingengine.com \
--to=hannes@stressinduktion.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=mkubecek@suse.cz \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).