You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
There was earlier work to block MLD listener reports from the vmac interface using nftables/iptables but it seems to only target MLDv2 listener reports (at least on nftables). MLDv1 listener reports are still sent unfiltered and might cause a brief MAC flap.
To Reproduce
Enable use_vmac and monitor what traffic is being sent. At regular (rare) intervals MLDv1 listener reports may be seen.
Expected behavior
MLDv1 listener reports would be blocked too.
Additional context
As a temporary fix I could do a nftables rule in the output chain like:
oifname vrrp1v6 icmpv6 type mld-listener-report counter drop
And see the counter incrementing and after this no MLDv1 messages are seen. Maybe the rules injected by keepalived should include mld-listener-report in addition to mld2-listener-report?
The text was updated successfully, but these errors were encountered:
Describe the bug
There was earlier work to block MLD listener reports from the vmac interface using nftables/iptables but it seems to only target MLDv2 listener reports (at least on nftables). MLDv1 listener reports are still sent unfiltered and might cause a brief MAC flap.
To Reproduce
Enable
use_vmac
and monitor what traffic is being sent. At regular (rare) intervals MLDv1 listener reports may be seen.Expected behavior
MLDv1 listener reports would be blocked too.
Keepalived version
Distro (please complete the following information):
Details of any containerisation or hosted service (e.g. AWS)
n/a
Configuration file:
Notify and track scripts
System Log entries
Did keepalived coredump?
Additional context
As a temporary fix I could do a nftables rule in the output chain like:
And see the counter incrementing and after this no MLDv1 messages are seen. Maybe the rules injected by keepalived should include
mld-listener-report
in addition tomld2-listener-report
?The text was updated successfully, but these errors were encountered: