It looks to be 'an interesting mystery' we're chasing. This system is
in production, so the results below are with the whole 'snooping engine'
off as without it the whole thing dies. As such, I don't think the
contents of the fdb and mdb tables mean much. The setups below are
unchanged, they
Harry,
I'm still working to reproduce this, without success. I have set
the .autoconf sysctl to 0 (which controls creation of local addresses in
response to received Router Advertisements), as well as setting
.addr_gen_mode to 1 (to disable SLAAC (fe80::) addresses).
In any
P.S. The reason this is a security issue is-- there is now an address on
the host that the guest also 'knows' and it sits on the bridge giving
access to all the other guests on the bridge. Most admins will not
'just know' they need rules to block fe80 traffic generated by host
interfaces--
I need to repeat: in sysctl.d put this line in a file, then reboot,
then your test setup will show the failure:
net.ipv6.conf.all.autoconf = 0
Otherwise, in your test setup the tables are populated, then you delete
the addresses, but the L3/4 code engaged by even a little time with the
fe80:...
** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1959702
Title:
Regression: ip6 ndp broken, host bridge doesn't add
Yup, those failures were to do with an old radeon chipset on an ancient
server.
On 2/1/22 17:33, Seth Arnold wrote:
> Sounds good, thanks:
>
> [0.00] Linux version 5.11.0-49-generic (buildd@lcy02-amd64-054)
> (gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0, GNU ld (GNU Binutils for Ubuntu)
>
Sounds good, thanks:
[0.00] Linux version 5.11.0-49-generic (buildd@lcy02-amd64-054)
(gcc (Ubuntu 10.3.0-1ubuntu1) 10.3.0, GNU ld (GNU Binutils for Ubuntu)
2.36.1) #55-Ubuntu SMP Wed Jan 12 17:36:34 UTC 2022 (Ubuntu
5.11.0-49.55-generic 5.11.22)
btw, there were a bunch of memory
7 matches
Mail list logo