On Mon, Oct 14, 2024 at 09:52:13AM +0100, Daniel P. Berrangé wrote: > On Sat, Oct 12, 2024 at 02:05:53PM +0100, Richard W.M. Jones wrote: > > > > I recently reinstalled Fedora (host) and I'm trying to import a > > previously working FreeBSD 13 guest. It boots fine, but fails to get > > an address from DHCP. In the FreeBSD boot output it prints: > > > > Starting dhclient. > > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 7 > > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9 > > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 9 > > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 10 > > DHCPDISCOVER on vtnet0 to 255.255.255.255 port 67 interval 17 > > 5 bad udp checksums in 5 packets > > > > Indeed, tcpdumping the network on the host side shows that checksums > > are wrong (note "bad udp cksum" in the reply message): > > > > 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from 52:54:00:d4:07:ab (oui Unknown), length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000) > > Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown) > > Vendor-rfc1048 Extensions > > Magic Cookie 0x63825363 > > DHCP-Message (53), length 1: Discover > > Requested-IP (50), length 4: freebsd.home.annexia.org > > Client-ID (61), length 7: ether 52:54:00:d4:07:ab > > Hostname (12), length 7: "freebsd" > > Parameter-Request (55), length 10: > > Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) > > Default-Gateway (3), Domain-Name (15), Domain-Name-Server (6), Hostname (12) > > Unknown (119), MTU (26) > > END (255), length 0 > > PAD (0), length 0, occurs 20 > > 13:07:37.304083 IP (tos 0xc0, ttl 64, id 20207, offset 0, flags [none], proto UDP (17), length 328) > > cash.bootps > 192.168.122.203.bootpc: [bad udp cksum 0x7763 -> 0x88a0!] BOOTP/DHCP, Reply, length 300, xid 0xf9ee0d34, secs 53, Flags [none] (0x0000) > > Your-IP 192.168.122.203 > > Server-IP cash > > Client-Ethernet-Address 52:54:00:d4:07:ab (oui Unknown) > > Vendor-rfc1048 Extensions > > Magic Cookie 0x63825363 > > DHCP-Message (53), length 1: Offer > > Server-ID (54), length 4: cash > > Lease-Time (51), length 4: 3600 > > RN (58), length 4: 1800 > > RB (59), length 4: 3150 > > Subnet-Mask (1), length 4: 255.255.255.0 > > BR (28), length 4: 192.168.122.255 > > Default-Gateway (3), length 4: cash > > Domain-Name-Server (6), length 4: cash > > END (255), length 0 > > PAD (0), length 0, occurs 8 > > > > I guess this is something to do with checksum offloading. I can only > > find ancient bugs related to this. How to fix? The host is: > > > > libvirt-daemon-10.6.0-1.fc41.x86_64 > > dnsmasq-2.90-3.fc41.x86_64 > > Linux cash 6.11.0-0.rc5.20240830git20371ba12063.47.fc42.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Aug 30 15:36:28 UTC 2024 x86_64 GNU/Linux > > Urgh, I wonder if this is fallout from switching to NFT instead of iptables. I can list the firewall rules if you tell me what I'm looking for ... > IIUC, the NFT kernel maintainers didn't implement for checksum fixup rules, > since they believe that all modern distros would have long ago fixed their > bugs wrt mangled checksums. If I understand the trace correctly, the bad checksum originates on the Linux host (the reply sent by dnsmasq). Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v
