[RHEL8,COMMIT] ve/net: allow IPPROTO_ICMPV6 protocol inside a Container

Submitted by Konstantin Khorenko on June 1, 2020, 8:06 a.m.

Details

Message ID 202006010806.05186qr6026713@finist-co8.sw.ru
State New
Series "ve/net: allow IPPROTO_ICMPV6 protocol inside a Container"
Headers show

Commit Message

Konstantin Khorenko June 1, 2020, 8:06 a.m.
The commit is pushed to "branch-rh8-4.18.0-80.1.2.vz8.3.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-80.1.2.vz8.3.10
------>
commit 6f99ca4d7397edfd1f80c2eddee54b0c2582334a
Author: Konstantin Khorenko <khorenko@virtuozzo.com>
Date:   Fri May 29 20:04:19 2020 +0300

    ve/net: allow IPPROTO_ICMPV6 protocol inside a Container
    
    This patch allows "ping6" utility to work via ICMP socket
    without necessity to failback to RAW socket for ipv6.
    
    We do allow this for ipv4, let's allow ICMP socket for ipv6 as well.
    
    Note: by default ping6 will still use RAW socket because of default
    settings in "net.ipv4.ping_group_range", but this is another side of the
    problem.
    
    https://jira.sw.ru/browse/PSBM-104225
    
    Signed-off-by: Konstantin Khorenko <khorenko@virtuozzo.com>
---
 kernel/ve/ve.c | 1 +
 1 file changed, 1 insertion(+)

Patch hide | download patch | download mbox

diff --git a/kernel/ve/ve.c b/kernel/ve/ve.c
index a94d9cf342f3..0f07c4ecf849 100644
--- a/kernel/ve/ve.c
+++ b/kernel/ve/ve.c
@@ -1049,6 +1049,7 @@  int vz_security_protocol_check(struct net *net, int protocol)
 	switch (protocol) {
 	case  IPPROTO_IP:
 	case  IPPROTO_ICMP:
+	case  IPPROTO_ICMPV6:
 	case  IPPROTO_TCP:
 	case  IPPROTO_UDP:
 	case  IPPROTO_RAW: