[rh8] ve/net: allow IPPROTO_ICMPV6 protocol inside a Container

Submitted by Konstantin Khorenko on June 1, 2020, 8:05 a.m.

Details

Message ID 20200601080501.26645-1-khorenko@virtuozzo.com
State New
Series "ve/net: allow IPPROTO_ICMPV6 protocol inside a Container"
Headers show

Commit Message

Konstantin Khorenko June 1, 2020, 8:05 a.m.
This patch allows "ping6" utility to work via ICMP socket
without necessity to failback to RAW socket for ipv6.

We do allow this for ipv4, let's allow ICMP socket for ipv6 as well.

Note: by default ping6 will still use RAW socket because of default
settings in "net.ipv4.ping_group_range", but this is another side of the
problem.

https://jira.sw.ru/browse/PSBM-104225

Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 kernel/ve/ve.c | 1 +
 1 file changed, 1 insertion(+)

Patch hide | download patch | download mbox

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index a94d9cf342f3..0f07c4ecf849 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1049,6 +1049,7 @@  int vz_security_protocol_check(struct net *net, int protocol)
 	switch (protocol) {
 	case  IPPROTO_IP:
 	case  IPPROTO_ICMP:
+	case  IPPROTO_ICMPV6:
 	case  IPPROTO_TCP:
 	case  IPPROTO_UDP:
 	case  IPPROTO_RAW: