On 02.05.2015 13:33, Daniel Golle wrote:
r45593 includes l2tp_ip6 in the kmod-l2tp-ip package.
This is not feasible for several reasons:
- in a given setup one usually uses either l2tp_ip or
l2tp_ip6, but never both
I disagree here, if you e.g. use a hostname and resolve that before
Hi Steven,
On Sun, May 03, 2015 at 04:43:24PM +0200, Steven Barth wrote:
Hello Linus,
thanks for the patch. I have two questions here.
#1 Why should this be done for v6 but not for v4?
woops, sorry, had the IGMP part for v4 in my test setup but forgot
to add it to the patch. Going to do
Hi Steven,
On Sun, May 03, 2015 at 10:28:16AM +0200, Steven Barth wrote:
On 02.05.2015 13:33, Daniel Golle wrote:
r45593 includes l2tp_ip6 in the kmod-l2tp-ip package.
This is not feasible for several reasons:
- in a given setup one usually uses either l2tp_ip or
l2tp_ip6, but never
Also refresh one patch.
Signed-off-by: Daniel Golle dan...@makrotopia.org
---
include/kernel-version.mk| 4 ++--
.../generic/patches-4.0/773-bgmac-add-srab-switch.patch | 12 ++--
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git
Hello Linus,
thanks for the patch. I have two questions here.
#1 Why should this be done for v6 but not for v4?
#2 If the intention is to respond to MLD queries why should the firewall
allow reception of report messages?
Cheers,
Steven
___
The WAN port should at least respond to IGMP and MLD queries as
otherwise a snooping bridge/switch might drop traffic.
RFC4890 recommends to leave IGMP and MLD unfiltered as they are always
link-scoped anyways.
Signed-off-by: Linus Lüssing linus.luess...@c0d3.blue
---
v2 of [PATCH] firewall:
Anyway, I get that argument, but it could still be solved by
adding +IPV6:kmod-l2tp-ip6 as a dependency to kmod-l2tp-ip.
If it's really about the packaging overhead, it would also
be possible to only include l2tp_ip6.ko in FILES if IPV6 is set,
thus getting rid of the kmod-ipv6 dependency on