On Tue, Oct 29, 2024 at 11:21:44AM +0000, Daniel P. Berrangé wrote:
On Tue, Oct 29, 2024 at 06:03:26AM -0500, Andrea Bolognani wrote:
I'm using Debian GNU/Hurd, so the DHCP client is the same as regular Debian (ISC DHCP). The source can be found at
https://deb.debian.org/debian-ports/pool-hurd-i386/main/i/isc-dhcp/
The version is a bit old and there's the tiniest amount of patching compared to the Linux build, specifically:
--- isc-dhcp-4.4.3-P1-1.1/debian/patches/bind-fix 1970-01-01 01:00:00.000000000 +0100 +++ isc-dhcp-4.4.3-P1-1.1+hurd.1/debian/patches/bind-fix 2023-02-15 15:39:49.000000000 +0100 @@ -0,0 +1,26 @@ +Index: isc-dhcp-4.4.3-P1-build/bind/bind-9.11.36/lib/isc/unix/socket.c +=================================================================== +--- isc-dhcp-4.4.3-P1-build.orig/bind/bind-9.11.36/lib/isc/unix/socket.c ++++ isc-dhcp-4.4.3-P1-build/bind/bind-9.11.36/lib/isc/unix/socket.c +@@ -2633,7 +2633,7 @@ opensocket(isc__socketmgr_t *manager, is + char strbuf[ISC_STRERRORSIZE]; + const char *err = "socket"; + int tries = 0; +-#if defined(USE_CMSG) || defined(SO_BSDCOMPAT) || defined(SO_NOSIGPIPE) ++#if 1 + int on = 1; + #endif + #if defined(SO_RCVBUF)
I'm not sure whether this could be relevant to the issue at hand.
That impl has the explicit check for all-zeros checksum.
So you think it's affected by the same unexplicable behavior as NetBSD? If you tell me how to run tcpdump the right way, I can do that for you without you having to set up a GNU/Hurd guest.
To clarify, this is something that needs to be handled at the userspace level, no kernel changes required? And clearly it affects DHCP, but what about other protocols? Are we confident those will cope just fine?
It would affect *any* application which is reading raw packets and manually verifying the IP checksum. DHCP is the common case, but there could be others.
Historically our iptables rule only ever fixed up DHCP packets and we've not seen other complaints. So if something else is affected in the real world, it is sufficiently rare that the few people affected have not noticed and/or cared enough to escalate it.
That sounds reassuring :) -- Andrea Bolognani / Red Hat / Virtualization