Bug#540483: marked as done (openvz: IPv6 netfilter not correctly virtualized)

Wed, 10 Jul 2013 11:10:14 -0700 

Your message dated Wed, 10 Jul 2013 20:08:31 +0200
with message-id <[email protected]>
and subject line Closing OpenVZ related bugs
has caused the Debian Bug report #540483,
regarding openvz: IPv6 netfilter not correctly virtualized
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
540483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540483
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: linux-2.6
Version: 2.6.26-17lenny1
Severity: normal

This happens when I add -j LOG to the top of the INPUT and FORWARD
chains and ping the VE (2001:4b78:1:0200::1) from an external host:

Aug  8 12:28:06 web01 kernel: [70845.790963] IN=eth0 OUT=venet0 
SRC=2001:1418:0001:0700:0000:0000:0000:000a 
DST=2001:4b78:0001:0200:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=59 FLOWLBL=0 
PROTO=ICMPv6 TYPE=128 CODE=0 ID=11237 SEQ=1 

The same packet then *also* traverses the INPUT chain:

Aug  8 12:28:06 web01 kernel: [70845.790963] IN=venet0 OUT= MAC= 
SRC=2001:1418:0001:0700:0000:0000:0000:000a 
DST=2001:4b78:0001:0200:0000:0000:0000:0001 LEN=104 TC=0 HOPLIMIT=59 FLOWLBL=0 
PROTO=ICMPv6 TYPE=128 CODE=0 ID=11237 SEQ=1 

Looks like the IPv6 packets entering the VE (where I have not configured
ip6tables) are incorrectly processed by the HN instead of the VE chains.

Linux web01 2.6.26-2-openvz-686 #1 SMP Sun Jul 26 23:35:12 UTC 2009 i686 
GNU/Linux

-- 
ciao,
Marco

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Hi,
your bug has been filed against the "linux-2.6" source package and was filed for
a kernel older than the recently released Debian 7.x.

As already announced in the release notes of Debian 6, the kernel from Debian 
7.x
no longer includes support for openvz (due to the openvz changes not being part 
of
the upstream kernel).

We're closing this bug now, the Debian wiki contains some information on running
Debian 7.x with openvz: http://wiki.debian.org/OpenVz

Cheers,
        Moritz

--- End Message ---

Reply via email to