[PATCH 0/5] network: fix dhcp response packet checksums on virtual networks

Friday, 22 November 2024

Patch 4/4 explains the problem and how these patches fix it. Assuming
no problems are found (none so far) this should go into 10.10.0, as it
solves a regression caused by switching the network driver to the
nftables backend.

There was a prior attempt at fixing this that was accepted, pushed,
bugs were discovered, and it was reverted (see Patch 4/4 for details). This will hopefully
be the final attempt.

Please test with as many different guests as possible, both with
nftables backend and iptables backend, and using different guest
interface types, etc.

Laine Stump (5):
  util: make it optional to clear existing tc qdiscs/filters in
    virNetDevBandwidthSet()
  util: put the command that adds a tx filter qdisc into a separate
    function
  util: don't re-add the qdisc used for tx filters if it already exists
  util: add new "raw" layer for virFirewallCmd objects
  network: add tc filter rule to nftables backend to fix checksum of
    DHCP responses

 src/libvirt_private.syms                      |  1 +
 src/lxc/lxc_driver.c                          |  2 +-
 src/lxc/lxc_process.c                         |  2 +-
 src/network/bridge_driver.c                   |  4 +-
 src/network/network_nftables.c                | 69 +++++++++++++++++
 src/qemu/qemu_command.c                       |  2 +-
 src/qemu/qemu_driver.c                        |  3 +-
 src/qemu/qemu_hotplug.c                       |  4 +-
 src/util/virfirewall.c                        | 74 ++++++++++++-------
 src/util/virfirewall.h                        |  1 +
 src/util/virfirewalld.c                       |  1 +
 src/util/virnetdevbandwidth.c                 | 70 ++++++++++++++++--
 src/util/virnetdevbandwidth.h                 |  4 +
 .../forward-dev-linux.nftables                | 40 ++++++++++
 .../isolated-linux.nftables                   | 40 ++++++++++
 .../nat-default-linux.nftables                | 40 ++++++++++
 .../nat-ipv6-linux.nftables                   | 40 ++++++++++
 .../nat-ipv6-masquerade-linux.nftables        | 40 ++++++++++
 .../nat-many-ips-linux.nftables               | 40 ++++++++++
 .../nat-no-dhcp-linux.nftables                | 40 ++++++++++
 .../nat-port-range-ipv6-linux.nftables        | 40 ++++++++++
 .../nat-port-range-linux.nftables             | 40 ++++++++++
 .../nat-tftp-linux.nftables                   | 40 ++++++++++
 .../route-default-linux.nftables              | 40 ++++++++++
 tests/virnetdevbandwidthtest.c                |  5 +-
 25 files changed, 639 insertions(+), 43 deletions(-)

-- 
2.47.0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 0/5] network: fix dhcp response packet checksums on virtual networks