On Sat, Oct 12, 2024 at 02:05:53PM +0100, Richard W.M. Jones wrote: > > I recently reinstalled Fedora (host) and I'm trying to import a > previously working FreeBSD 13 guest. It boots fine, but fails to get > an address from DHCP. In the FreeBSD boot output it prints: > > Starting dhclient. > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7 > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9 > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9 > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 10 > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 17 > 5 bad udp checksums in 5 packets > > Indeed, tcpdumping the network on the host side shows that checksums > are wrong (note "bad udp cksum" in the reply message): > > 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 52:54:00:d4:07:ab (oui Unknown), length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000) > Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown) > Vendor-rfc1048 Extensions > Magic Cookie 0x63825363 > DHCP-Message (53), length 1: Discover > Requested-IP (50), length 4: freebsd.home.annexia.org > Client-ID (61), length 7: ether 52:54:00:d4:07:ab > Hostname (12), length 7: "freebsd" > Parameter-Request (55), length 10: > Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) > Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12) > Unknown (119), MTU (26) > END (255), length 0 > PAD (0), length 0, occurs 20 > 13:07:37.304083 IP (tos 0xc0, ttl 64, id 20207, offset 0, flags [none], proto UDP (17), length 328) > cash.bootps > 192.168.122.203.bootpc: [bad udp cksum 0x7763 -> 0x88a0!] BOOTP/DHCP, Reply, length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000) > Your-IP 192.168.122.203 > Server-IP cash > Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown) > Vendor-rfc1048 Extensions > Magic Cookie 0x63825363 > DHCP-Message (53), length 1: Offer > Server-ID (54), length 4: cash > Lease-Time (51), length 4: 3600 > RN (58), length 4: 1800 > RB (59), length 4: 3150 > Subnet-Mask (1), length 4: 255.255.255.0 > BR (28), length 4: 192.168.122.255 > Default-Gateway (3), length 4: cash > Domain-Name-Server (6), length 4: cash > END (255), length 0 > PAD (0), length 0, occurs 8 > > I guess this is something to do with checksum offloading. I can only > find ancient bugs related to this. How to fix? The host is: > > libvirt-daemon-10.6.0-1.fc41.x86_64 > dnsmasq-2.90-3.fc41.x86_64 > Linux cash 6.11.0-0.rc5.20240830git20371ba12063.47.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 15:36:28 UTC 2024 x86_64 GNU/Linux Urgh, I wonder if this is fallout from switching to NFT instead of iptables. IIUC, the NFT kernel maintainers didn't implement for checksum fixup rules, since they believe that all modern distros would have long ago fixed their bugs wrt mangled checksums. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
