[Bug 930962] Re: dhcp3-server reports many bad udp checksums to syslog using virtio NIC

Robie Basak 930962 at bugs.launchpad.net
Fri Oct 25 01:07:50 UTC 2013 

This issue also affects the "debian" LXC template in Ubuntu (lxc
1.0.0~alpha1-0ubuntu11). If I create a Debian jessie container on Ubuntu
Saucy, then the container cannot DHCP.

Workaround: sudo iptables -t mangle -A POSTROUTING -o lxcbr0 -p udp
--dport bootpc -j CHECKSUM --checksum-fill

It looks like the Debian bug is http://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=717217

Is there any way a workaround could be applied to lxc in Ubuntu -
perhaps something specific to the Debian template? I wonder if the
template could arrange for an iptables inside the container to mangle
the incoming DHCP packet or something.

** Also affects: lxc (Ubuntu)
   Importance: Undecided
       Status: New

** Bug watch added: Debian Bug tracker #717217
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717217

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/930962

Title:
  dhcp3-server reports many bad udp checksums to syslog using virtio NIC

Status in “dhcp3” package in Ubuntu:
  Fix Released
Status in “isc-dhcp” package in Ubuntu:
  Fix Released
Status in “lxc” package in Ubuntu:
  New
Status in “dhcp3” source package in Lucid:
  Fix Released
Status in “isc-dhcp” source package in Precise:
  Fix Released
Status in “isc-dhcp” source package in Quantal:
  Fix Released

Bug description:
  == Rationale ==
  Machines using virtio (kvm/xen) and running a dhcp server in a VM won't receive the proper udp checksums which leads to dhcpd dropping the packets.
  This patch forces the checksum to be calculated in such case.

  == Test case ==
  1) Install a dhcp server in a VM using kvm/xen
  2) Make sure you don't have iptables re-calculating the checksums for you
  3) Check that the requests go through as expected

  == Regression potential ==
  Raring has had that fix for a while, so does redhat, so it looks pretty safe to me.


  --- original bug report ---
  Tested with  dhcp3-server ver. 3.1.3-2ubuntu3.3  in Ubuntu 10.04.3 Server, x64.

  The DHCP server reports that UDP packets sent to it have bad
  checksums:

  Feb 11 06:57:18 ... dhcpd: 5 bad udp checksums in 5 packets
  Feb 11 06:58:22 ... dhcpd: last message repeated 7 times
  Feb 11 06:59:17 ... dhcpd: last message repeated 7 times

  The DHCP server host is a KVM virtual machine using a virtio-based
  virtual NIC.

  This problem has been reported for other distros using KVM and virtio:

  https://bugs.mageia.org/show_bug.cgi?id=1243

  http://www.mail-archive.com/kvm@vger.kernel.org/msg41958.html
   - suggests using iptables to write in a checksum

  http://pkgs.fedoraproject.org/gitweb/?p=dhcp.git;a=blob;f=dhcp-4.2.2-xen-checksum.patch;h=038d346d726e131f1ab2579fe015a72b49733a0d;hb=HEAD
   - Fedora patch to dhcp to avoid this

  The simplest workaround is to change the virtual NIC type from virtio
  to Intel e1000 in KVM. Apparently this driver calculates checksums.
  But virtio is the default driver type.

  Thanks,
  Tim Miller Dyck

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/930962/+subscriptions

More information about the foundations-bugs mailing list