4:35 a.m.
On Mon, Oct 14, 2024 at 09:52:13AM +0100, Daniel P. Berrangé wrote:
On Sat, Oct 12, 2024 at 02:05:53PM +0100, Richard W.M. Jones wrote:
>
> I recently reinstalled Fedora (host) and I'm trying to import a
> previously working FreeBSD 13 guest. It boots fine, but fails to get
> an address from DHCP. In the FreeBSD boot output it prints:
>
> Starting dhclient.
> DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7
> DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9
> DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9
> DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 10
> DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 17
> 5 bad udp checksums in 5 packets
>
> Indeed, tcpdumping the network on the host side shows that checksums
> are wrong (note "bad udp cksum" in the reply message):
>
> 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request
from 52:54:00:d4:07:ab (oui Unknown), length 300, xid 0xf9ee0d34, secs 53, Flags [none]
(0x0000)
> Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown)
> Vendor-rfc1048 Extensions
> Magic Cookie 0x63825363
> DHCP-Message (53), length 1: Discover
> Requested-IP (50), length 4: freebsd.home.annexia.org
> Client-ID (61), length 7: ether 52:54:00:d4:07:ab
> Hostname (12), length 7: "freebsd"
> Parameter-Request (55), length 10:
> Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
> Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
> Unknown (119), MTU (26)
> END (255), length 0
> PAD (0), length 0, occurs 20
> 13:07:37.304083 IP (tos 0xc0, ttl 64, id 20207, offset 0, flags [none], proto UDP
(17), length 328)
> cash.bootps > 192.168.122.203.bootpc: [bad udp cksum 0x7763 -> 0x88a0!]
BOOTP/DHCP, Reply, length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000)
> Your-IP 192.168.122.203
> Server-IP cash
> Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown)
> Vendor-rfc1048 Extensions
> Magic Cookie 0x63825363
> DHCP-Message (53), length 1: Offer
> Server-ID (54), length 4: cash
> Lease-Time (51), length 4: 3600
> RN (58), length 4: 1800
> RB (59), length 4: 3150
> Subnet-Mask (1), length 4: 255.255.255.0
> BR (28), length 4: 192.168.122.255
> Default-Gateway (3), length 4: cash
> Domain-Name-Server (6), length 4: cash
> END (255), length 0
> PAD (0), length 0, occurs 8
>
> I guess this is something to do with checksum offloading. I can only
> find ancient bugs related to this. How to fix? The host is:
>
> libvirt-daemon-10.6.0-1.fc41.x86_64
> dnsmasq-2.90-3.fc41.x86_64
> Linux cash 6.11.0-0.rc5.20240830git20371ba12063.47.fc42.x86_64 #1 SMP
PREEMPT_DYNAMIC Fri Aug 30 15:36:28 UTC 2024 x86_64 GNU/Linux
Urgh, I wonder if this is fallout from switching to NFT instead of iptables.
I can list the firewall rules if you tell me what I'm looking for ...
IIUC, the NFT kernel maintainers didn't implement for checksum
fixup rules,
since they believe that all modern distros would have long ago fixed their
bugs wrt mangled checksums.
If I understand the trace correctly, the bad checksum originates on
the Linux host (the reply sent by dnsmasq).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v