From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id C5B2372001 for ; Wed, 6 Oct 2021 10:32:23 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C03DE8A0D for ; Wed, 6 Oct 2021 10:32:23 +0200 (CEST) Received: from kvmformation3.odiso.net (globalOdiso.M6Lille.odiso.net [89.248.211.242]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3B31E8A04 for ; Wed, 6 Oct 2021 10:32:22 +0200 (CEST) Received: by kvmformation3.odiso.net (Postfix, from userid 0) id B471812DB5E; Wed, 6 Oct 2021 10:32:21 +0200 (CEST) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Date: Wed, 6 Oct 2021 10:32:20 +0200 Message-Id: <20211006083220.1145952-1-aderumier@odiso.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.852 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% HEADER_FROM_DIFFERENT_DOMAINS 0.249 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods KHOP_HELO_FCRDNS 0.399 Relay HELO differs from its IP's reverse DNS NO_DNS_FOR_FROM 0.001 Envelope sender has no MX or A DNS records SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com] Subject: [pve-devel] [PATCH pve-cluster] sysctl: disable net.ipv4.igmp_link_local_mcast_reports X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Oct 2021 08:32:23 -0000 currently, when veth or tap interfaces are plugged to bridge, an igmp v3 report is broadcasted to the network, with the bridge mac adddress. Users have reported problems with hetzner for example, blocking the server because of the unknown mac flooding the network. https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/page-6#post-421676 some traces: ip addr: 190: fwbr109i0: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 22:5f:0b:cb:ac:42 brd ff:ff:ff:ff:ff:ff ebtable log: Oct 6 09:46:24 kvmformation3 kernel: [437256.753355] MAC-FLOOD-F IN=fwpr109p0 OUT=eno1 MAC source = 22:5f:0b:cb:ac:42 MAC dest = 01:00:5e:00:00:16 proto = 0x0800 IP SRC=0.0.0.0 IP DST=224.0.0.22, IP tos=0xC0, IP proto=2 tcpdump -e -i eno1 igmp 09:53:23.914825 22:5f:0b:cb:ac:42 (oui Unknown) > 01:00:5e:00:00:16 (oui Unknown), ethertype IPv4 (0x0800), length 54: 0.0.0.0 > igmp.mcast.net: igmp v3 report, 1 group record(s) Signed-off-by: Alexandre Derumier --- debian/sysctl.d/pve.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/sysctl.d/pve.conf b/debian/sysctl.d/pve.conf index 929698f..85b59b9 100644 --- a/debian/sysctl.d/pve.conf +++ b/debian/sysctl.d/pve.conf @@ -2,4 +2,5 @@ net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 +net.ipv4.igmp_link_local_mcast_reports = 0 fs.aio-max-nr = 1048576 -- 2.30.2