[Devel] [PATCH rh8] test! ve/net: allow IPPROTO_ICMPV6 protocol inside a Container
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Jun 1 12:56:23 MSK 2020
This patch allows "ping6" utility to work via ICMP socket
without necessity to failback to RAW socket for ipv6.
We do allow this for ipv4, let's allow ICMP socket for ipv6 as well.
Note: by default ping6 will still use RAW socket because of default
settings in "net.ipv4.ping_group_range", but this is another side of the
problem.
https://jira.sw.ru/browse/PSBM-104225
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
kernel/ve/ve.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index a94d9cf342f3..0f07c4ecf849 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1049,6 +1049,7 @@ int vz_security_protocol_check(struct net *net, int protocol)
switch (protocol) {
case IPPROTO_IP:
case IPPROTO_ICMP:
+ case IPPROTO_ICMPV6:
case IPPROTO_TCP:
case IPPROTO_UDP:
case IPPROTO_RAW:
--
2.18.2
More information about the Devel
mailing list