The fix should work fine. It is technically a workaround for the way checksums work in virtualised systems, and the unfortunate fact that some DHCP clients check checksums on packets where the hardware has checksum offload enabled. (This doesn't work due to an optimisation in the way QEMU treats packet checksums. You'll see the problem if your machine is running the VM on the same host as its DHCP server and the VM has a vulnerable client.)
I haven't tried it myself but I have confidence in it and would recommend a backport. -- Ian. On 1 June 2015 at 21:32, Kevin Benton <[email protected]> wrote: > I would propose a back-port of it and then continue the discussion on the > patch. I don't see any major blockers for back-porting it. > > On Mon, Jun 1, 2015 at 7:01 PM, Tidwell, Ryan <[email protected]> wrote: > >> Not seeing this on Kilo, we're seeing this on Juno builds (that's >> expected). I'm interested in a Juno backport, but mainly wanted to be see >> if others had confidence in the fix. The discussion in the bug report also >> seemed to indicate there were other alternative solutions others might be >> looking into that didn't involve an iptables rule. >> >> -Ryan >> >> -----Original Message----- >> From: Mark McClain [mailto:[email protected]] >> Sent: Monday, June 01, 2015 6:47 PM >> To: OpenStack Development Mailing List (not for usage questions) >> Subject: Re: [openstack-dev] [Neutron] virtual machine can not get DHCP >> lease due packet has no checksum >> >> >> > On Jun 1, 2015, at 7:26 PM, Tidwell, Ryan <[email protected]> wrote: >> > >> > I see a fix for https://bugs.launchpad.net/neutron/+bug/1244589 merged >> during Kilo. I'm wondering if we think we have identified a root cause and >> have merged an appropriate long-term fix, or if >> https://review.openstack.org/148718 was merged just so there's at least >> a fix available while we investigate other alternatives. Does anyone have >> an update to provide? >> > >> > -Ryan >> >> The fix works in environments we’ve tested in. Are you still seeing >> problems? >> >> mark >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > Kevin Benton > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
