On 07/29/2010 10:06 AM, Laine Stump wrote:
(The only change to this version of the patch is to make the warning message more verbose when we fail to add the CHECKSUM rule, noting that the failure would likely be solved by updating iptables and the kernel.) This patch attempts to take advantage of a newly added netfilter module to correct for a problem with some guest DHCP client implementations when used in conjunction with a DHCP server run on the host systems with packet checksum offloading enabled. The problem is that, when the guest uses a RAW socket to read the DHCP response packets, the checksum hasn't yet been fixed by the IP stack, so it is incorrect. The fix implemented here is to add a rule to the POSTROUTING chain of the mangle table in iptables that fixes up the checksum for packets on the virtual network's bridge that are destined for the bootpc port (ie "dhcpc", ie port 68) port on the guest. Only very new versions of iptables will have this support (it will be in the next upstream release), so a failure to add this rule only results in a warning message. The iptables patch is here: http://patchwork.ozlabs.org/patch/58525/ A corresponding kernel module patch is also required (the backend of the iptables patch) and that will be in the next release of the kernel. --- src/libvirt_private.syms | 2 + src/network/bridge_driver.c | 18 +++++++++++ src/util/iptables.c | 71 +++++++++++++++++++++++++++++++++++++++++++ src/util/iptables.h | 6 ++++ 4 files changed, 97 insertions(+), 0 deletions(-)
Based on DV's ACK of the previous version, the trivial difference from the previous, and approval on IRC, I pushed this V2 patch.
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list