On Tue, Oct 29, 2024 at 11:21:44AM +0000, Daniel P. Berrangé wrote: > On Tue, Oct 29, 2024 at 06:03:26AM -0500, Andrea Bolognani wrote: > > I'm using Debian GNU/Hurd, so the DHCP client is the same as regular > > Debian (ISC DHCP). The source can be found at > > > > https://deb.debian.org/debian-ports/pool-hurd-i386/main/i/isc-dhcp/ > > > > The version is a bit old and there's the tiniest amount of patching > > compared to the Linux build, specifically: > > > > --- isc-dhcp-4.4.3-P1-1.1/debian/patches/bind-fix 1970-01-01 > > 01:00:00.000000000 +0100 > > +++ isc-dhcp-4.4.3-P1-1.1+hurd.1/debian/patches/bind-fix > > 2023-02-15 15:39:49.000000000 +0100 > > @@ -0,0 +1,26 @@ > > +Index: isc-dhcp-4.4.3-P1-build/bind/bind-9.11.36/lib/isc/unix/socket.c > > +=================================================================== > > +--- isc-dhcp-4.4.3-P1-build.orig/bind/bind-9.11.36/lib/isc/unix/socket.c > > ++++ isc-dhcp-4.4.3-P1-build/bind/bind-9.11.36/lib/isc/unix/socket.c > > +@@ -2633,7 +2633,7 @@ opensocket(isc__socketmgr_t *manager, is > > + char strbuf[ISC_STRERRORSIZE]; > > + const char *err = "socket"; > > + int tries = 0; > > +-#if defined(USE_CMSG) || defined(SO_BSDCOMPAT) || defined(SO_NOSIGPIPE) > > ++#if 1 > > + int on = 1; > > + #endif > > + #if defined(SO_RCVBUF) > > > > I'm not sure whether this could be relevant to the issue at hand. > > That impl has the explicit check for all-zeros checksum. So you think it's affected by the same unexplicable behavior as NetBSD? If you tell me how to run tcpdump the right way, I can do that for you without you having to set up a GNU/Hurd guest. > > To clarify, this is something that needs to be handled at the > > userspace level, no kernel changes required? And clearly it affects > > DHCP, but what about other protocols? Are we confident those will > > cope just fine? > > It would affect *any* application which is reading raw packets > and manually verifying the IP checksum. DHCP is the common > case, but there could be others. > > Historically our iptables rule only ever fixed up DHCP packets > and we've not seen other complaints. So if something else is > affected in the real world, it is sufficiently rare that the > few people affected have not noticed and/or cared enough to > escalate it. That sounds reassuring :) -- Andrea Bolognani / Red Hat / Virtualization
