FreeBSD dhcp failing with UDP checksum errors
by Richard W.M. Jones
I recently reinstalled Fedora (host) and I'm trying to import a
previously working FreeBSD 13 guest. It boots fine, but fails to get
an address from DHCP. In the FreeBSD boot output it prints:
Starting dhclient.
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 10
DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 17
5 bad udp checksums in 5 packets
Indeed, tcpdumping the network on the host side shows that checksums
are wrong (note "bad udp cksum" in the reply message):
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 52:54:00:d4:07:ab (oui Unknown), length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000)
Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Discover
Requested-IP (50), length 4: freebsd.home.annexia.org
Client-ID (61), length 7: ether 52:54:00:d4:07:ab
Hostname (12), length 7: "freebsd"
Parameter-Request (55), length 10:
Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121)
Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12)
Unknown (119), MTU (26)
END (255), length 0
PAD (0), length 0, occurs 20
13:07:37.304083 IP (tos 0xc0, ttl 64, id 20207, offset 0, flags [none], proto UDP (17), length 328)
cash.bootps > 192.168.122.203.bootpc: [bad udp cksum 0x7763 -> 0x88a0!] BOOTP/DHCP, Reply, length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000)
Your-IP 192.168.122.203
Server-IP cash
Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message (53), length 1: Offer
Server-ID (54), length 4: cash
Lease-Time (51), length 4: 3600
RN (58), length 4: 1800
RB (59), length 4: 3150
Subnet-Mask (1), length 4: 255.255.255.0
BR (28), length 4: 192.168.122.255
Default-Gateway (3), length 4: cash
Domain-Name-Server (6), length 4: cash
END (255), length 0
PAD (0), length 0, occurs 8
I guess this is something to do with checksum offloading. I can only
find ancient bugs related to this. How to fix? The host is:
libvirt-daemon-10.6.0-1.fc41.x86_64
dnsmasq-2.90-3.fc41.x86_64
Linux cash 6.11.0-0.rc5.20240830git20371ba12063.47.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 15:36:28 UTC 2024 x86_64 GNU/Linux
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
nbdkit - Flexible, fast NBD server with plugins
https://gitlab.com/nbdkit/nbdkit
3 days, 11 hours
AMD SEV-SNP encryption at rest
by me+libvirt@gsora.xyz
Hello folks,
I’m exploring the capabilities of the AMD SEV-SNP platform for a TEE implementation that will handle and store secret data.
This data should be tied to a single guest, that is no other guest that boots with the same kernel/initrd/cmdline - in the form of a UKI - should be able to decrypt it.
I have a prototype that encrypts the boot disk with a key derived from the VCEK, but a different guest is able to derive the same key provided it boots either the same UKI.
The key has been derived with the snpguest tool developed by the virtee project.
Does anybody have experience with encryption at rest with the AMD SEV SNP platform?
I understand that it’s possible to inject secrets into a SEV VM at creation time, but documentation is scarce on that front.
Thank you
3 days, 18 hours
New application (library)
by Erik Huelsmann
Hi!
On https://libvirt.org/apps.html it says to send a mail to this mailinglist
to get your app listed on apps/libraries the list.
Over the past months, I've been writing a set of Perl libraries,
culminating in Sys::Async::Virt (https://metacpan.org/pod/Sys::Async::Virt),
which is a library for developing LibVirt client applications supporting
the asynchronous paradigm introduced by Future::AsyncAwait (
https://metacpan.org/pod/Future::AsyncAwait).
The library binds to the network protocol and instantiates Perl objects for
manipulating server-side resources. The API tries to stay close to the
Sys::Virt API, although I've been looking closely at the C API as well. At
the time of writing, the local and ssh transports are supported, but work
is on-going for more.
Not all protocol messages are supported at the moment; 47 out of 448
messages are remaining. Effort to implement them is on-going here too. The
list of unimplemented messages is published at the bottom of the
documentation page on MetaCPAN referenced above.
Let me know your feedback, or submit your bugs and ideas at
https://github.com/ehuelsmann/perl-sys-async-virt.
Thanks in advance for listing the library!
--
Bye,
Erik.
http://efficito.com -- Hosted accounting and ERP.
Robust and Flexible. No vendor lock-in.
1 week, 6 days
How to use UEFI_VARS.fd using virt-manager on Ubuntu 24.04...
by Mario Marietto
Hello.
On FreeBSD I've installed Windows 11 on the first partition of a 200 GB
disk and Android X86 on the second partition of a 200 GB image file called
"Android.img". This is how I boot Android :
/usr/sbin/./bhyve-win -S -c sockets=4,cores=2,threads=1 -m 8G -w -H -A \
-s 0,hostbridge \
-s 1,ahci-hd,/mnt/zroot-133/bhyve/img/Android/Android.img,bootindex=1 \
-s 13,virtio-net,tap13 \
-s 29,fbuf,tcp=0.0.0.0:5913,w=1600,h=950,wait \
-s 30,xhci,tablet \
-s 31,lpc \
-l
bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI_CODE.fd,/usr/local/share/uefi-firmware/BHYVE_UEFI_VARS.fd
\
as you can see to boot Android correctly,I SHOULD use
"/usr/local/share/uefi-firmware/BHYVE_UEFI_VARS.fd"
Now I'm using Ubuntu 24.04 and I want to boot Android from the same img
file. But,what I don't know is how to add the parameter
"/usr/local/share/uefi-firmware/BHYVE_UEFI_VARS.fd" to virt-manager.
Without it Android will not boot,but only Windows is able to boot ONLY from
the first partition....
--
Mario.
2 weeks, 2 days