Re: FreeBSD dhcp failing with UDP checksum errors
On Sat, Oct 12, 2024 at 02:05:53PM +0100, Richard W.M. Jones wrote:
I recently reinstalled Fedora (host) and I'm trying to import a
previously working FreeBSD 13 guest. It boots fine, but fails to get
an address from DHCP. In the FreeBSD boot output it prints:
Starting dhclient.
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 10
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 17
5 bad udp checksums in 5 packets
Indeed, tcpdumping the network on the host side shows that checksums
are wrong (note "bad udp cksum" in the reply message):
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from
52:54:00:d4:07:ab (oui Unknown), length 300, xid 0xf9ee0d34, secs 53, Flags [none]
(0x0000)
Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Requested-IP (50), length 4: freebsd.home.annexia.org
Client-ID (61), length 7: ether 52:54:00:d4:07:ab
Hostname (12), length 7: "freebsd"
Parameter-Request (55), length 10:
Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
Unknown (119), MTU (26)
END (255), length 0
PAD (0), length 0, occurs 20
13:07:37.304083 IP (tos 0xc0, ttl 64, id 20207, offset 0, flags [none], proto UDP (17),
length 328)
cash.bootps > 192.168.122.203.bootpc: [bad udp cksum 0x7763 -> 0x88a0!]
BOOTP/DHCP, Reply, length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000)
Your-IP 192.168.122.203
Server-IP cash
Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Offer
Server-ID (54), length 4: cash
Lease-Time (51), length 4: 3600
RN (58), length 4: 1800
RB (59), length 4: 3150
Subnet-Mask (1), length 4: 255.255.255.0
BR (28), length 4: 192.168.122.255
Default-Gateway (3), length 4: cash
Domain-Name-Server (6), length 4: cash
END (255), length 0
PAD (0), length 0, occurs 8
I guess this is something to do with checksum offloading. I can only
find ancient bugs related to this. How to fix? The host is:
libvirt-daemon-10.6.0-1.fc41.x86_64
dnsmasq-2.90-3.fc41.x86_64
Linux cash 6.11.0-0.rc5.20240830git20371ba12063.47.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC
Fri Aug 30 15:36:28 UTC 2024 x86_64 GNU/Linux
Urgh, I wonder if this is fallout from switching to NFT instead of iptables.
IIUC, the NFT kernel maintainers didn't implement for checksum fixup rules,
since they believe that all modern distros would have long ago fixed their
bugs wrt mangled checksums.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|