Fix egress non-IPv6 packets being dropped on proxy ports

So far the egress TC filters we installed on a proxy port accidentally blocked any non-IPv6 packet, leading to blocked ARP or IPv4 for instance. Even though we never intended to touch ARP or IPv4 etc. in the first place. We need to not only allow egress IPv6 on a proxy port, if it wasn't MLD reports, but we need to explicitly allow any packet then.
T-X · Dec 31, 2023 · 4d7fdb1 · 4d7fdb1
1 parent a1ef0e6
commit 4d7fdb1
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/brmldproxy.c b/brmldproxy.c
@@ -739,7 +739,7 @@ static int setup_proxy_port_tx(struct bridge *br, struct brport *port)
 	ret |= system_format("tc filter add dev %s parent fffe: protocol ipv6 prio 4223 u32 ht 2: match u8 143 0xff at 48 link 1:", port->name);
 	ret |= system_format("tc filter add dev %s parent fffe: protocol ipv6 prio 4222 handle %s/%s fw classid 1:1", port->name, PD_FWMARK, PD_FWMARK);
 	ret |= system_format("tc filter add dev %s parent fffe: protocol ipv6 prio 4223 u32 match ip6 protocol 0 0xff match u32 0x3a000502 0xffffffff at 40 match u32 0x00000000 0xffff0000 at 44 link 2:", port->name);
-	ret |= system_format("tc filter add dev %s parent fffe: protocol ipv6 prio 4224 matchall classid 1:1", port->name);
+	ret |= system_format("tc filter add dev %s parent fffe: prio 4224 matchall classid 1:1", port->name);
 
 	if (ret)
 		return -ENOEXEC;