Re: [PATCH 0/5] network: fix dhcp response packet checksums on virtual networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/22/24 22:16, Laine Stump wrote:
> Patch 4/4 explains the problem and how these patches fix it. Assuming
> no problems are found (none so far) this should go into 10.10.0, as it
> solves a regression caused by switching the network driver to the
> nftables backend.
> 
> There was a prior attempt at fixing this that was accepted, pushed,
> bugs were discovered, and it was reverted (see Patch 4/4 for details). This will hopefully be the final attempt.
> 
> Please test with as many different guests as possible, both with
> nftables backend and iptables backend, and using different guest
> interface types, etc.
> 
> Laine Stump (5):
>   util: make it optional to clear existing tc qdiscs/filters in
>     virNetDevBandwidthSet()
>   util: put the command that adds a tx filter qdisc into a separate
>     function
>   util: don't re-add the qdisc used for tx filters if it already exists
>   util: add new "raw" layer for virFirewallCmd objects
>   network: add tc filter rule to nftables backend to fix checksum of
>     DHCP responses
> 
>  src/libvirt_private.syms                      |  1 +
>  src/lxc/lxc_driver.c                          |  2 +-
>  src/lxc/lxc_process.c                         |  2 +-
>  src/network/bridge_driver.c                   |  4 +-
>  src/network/network_nftables.c                | 69 +++++++++++++++++
>  src/qemu/qemu_command.c                       |  2 +-
>  src/qemu/qemu_driver.c                        |  3 +-
>  src/qemu/qemu_hotplug.c                       |  4 +-
>  src/util/virfirewall.c                        | 74 ++++++++++++-------
>  src/util/virfirewall.h                        |  1 +
>  src/util/virfirewalld.c                       |  1 +
>  src/util/virnetdevbandwidth.c                 | 70 ++++++++++++++++--
>  src/util/virnetdevbandwidth.h                 |  4 +
>  .../forward-dev-linux.nftables                | 40 ++++++++++
>  .../isolated-linux.nftables                   | 40 ++++++++++
>  .../nat-default-linux.nftables                | 40 ++++++++++
>  .../nat-ipv6-linux.nftables                   | 40 ++++++++++
>  .../nat-ipv6-masquerade-linux.nftables        | 40 ++++++++++
>  .../nat-many-ips-linux.nftables               | 40 ++++++++++
>  .../nat-no-dhcp-linux.nftables                | 40 ++++++++++
>  .../nat-port-range-ipv6-linux.nftables        | 40 ++++++++++
>  .../nat-port-range-linux.nftables             | 40 ++++++++++
>  .../nat-tftp-linux.nftables                   | 40 ++++++++++
>  .../route-default-linux.nftables              | 40 ++++++++++
>  tests/virnetdevbandwidthtest.c                |  5 +-
>  25 files changed, 639 insertions(+), 43 deletions(-)
> 

I too tested this and it works.

Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>

Michal



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux