Re: [PATCH v2] network: add rule to nftables backend that zeroes checksum of DHCP responses

On Fri, Oct 25, 2024 at 04:44:16PM +0100, Daniel P. Berrangé wrote: I did some testing of my own and I can confirm that FreeBSD and OpenBSD are fine with this change, as are various Linux flavors (Alpine, CirrOS, Debian, Fedora, openSUSE, Ubuntu). However, a few other operating systems aren't: namely GNU/Hurd, Haiku and NetBSD break with this change. Interestingly, these were all fine with the nftables backend before it. Now, one could argue that GNU/Hurd and Haiku are toy/research operating systems with fairly small audiences, and it would be hard to disagree :) but I don't think we can put NetBSD in the same bucket. I'm also concerned about old versions of the operating systems that we've listed as working above being unhappy with the change. It's true that, to an extent, we can just tell people to upgrade their guests, but sometimes running old operating systems is the whole point of using virtualization in the first place... In conclusion, even with this latest fix the nftables backend still represents a step backwards compared to the iptables one. Considering that we've made it the default one, we should try to close the gap as much as possible. -- Andrea Bolognani / Red Hat / Virtualization