[Devel] [PATCH RHEL8 COMMIT] ve/net: allow IPPROTO_ICMPV6 protocol inside a Container
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Jun 1 11:06:52 MSK 2020
The commit is pushed to "branch-rh8-4.18.0-80.1.2.vz8.3.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-80.1.2.vz8.3.10
------>
commit 6f99ca4d7397edfd1f80c2eddee54b0c2582334a
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date: Fri May 29 20:04:19 2020 +0300
ve/net: allow IPPROTO_ICMPV6 protocol inside a Container
This patch allows "ping6" utility to work via ICMP socket
without necessity to failback to RAW socket for ipv6.
We do allow this for ipv4, let's allow ICMP socket for ipv6 as well.
Note: by default ping6 will still use RAW socket because of default
settings in "net.ipv4.ping_group_range", but this is another side of the
problem.
https://jira.sw.ru/browse/PSBM-104225
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/ve/ve.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index a94d9cf342f3..0f07c4ecf849 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1049,6 +1049,7 @@ int vz_security_protocol_check(struct net *net, int protocol)
switch (protocol) {
case IPPROTO_IP:
case IPPROTO_ICMP:
+ case IPPROTO_ICMPV6:
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_RAW:
More information about the Devel
mailing list