The backport seems reasonable IMO. Is this tested in a multihost environment?.
I ask, because given the Ian explanation (which probably I got wrong), the issue is in the NET->NIC->VM path while the patch fixes the path in the network node (this is ran in the dhcp agent). dhcp->NIC->NET. Best, Miguel Ángel Ajo On Tuesday, 2 de June de 2015 at 9:32, Ian Wells wrote: > The fix should work fine. It is technically a workaround for the way > checksums work in virtualised systems, and the unfortunate fact that some > DHCP clients check checksums on packets where the hardware has checksum > offload enabled. (This doesn't work due to an optimisation in the way QEMU > treats packet checksums. You'll see the problem if your machine is running > the VM on the same host as its DHCP server and the VM has a vulnerable > client.) > > I haven't tried it myself but I have confidence in it and would recommend a > backport. > -- > Ian. > > On 1 June 2015 at 21:32, Kevin Benton <[email protected] > (mailto:[email protected])> wrote: > > I would propose a back-port of it and then continue the discussion on the > > patch. I don't see any major blockers for back-porting it. > > > > On Mon, Jun 1, 2015 at 7:01 PM, Tidwell, Ryan <[email protected] > > (mailto:[email protected])> wrote: > > > Not seeing this on Kilo, we're seeing this on Juno builds (that's > > > expected). I'm interested in a Juno backport, but mainly wanted to be > > > see if others had confidence in the fix. The discussion in the bug > > > report also seemed to indicate there were other alternative solutions > > > others might be looking into that didn't involve an iptables rule. > > > > > > -Ryan > > > > > > -----Original Message----- > > > From: Mark McClain [mailto:[email protected]] > > > Sent: Monday, June 01, 2015 6:47 PM > > > To: OpenStack Development Mailing List (not for usage questions) > > > Subject: Re: [openstack-dev] [Neutron] virtual machine can not get DHCP > > > lease due packet has no checksum > > > > > > > > > > On Jun 1, 2015, at 7:26 PM, Tidwell, Ryan <[email protected] > > > > (mailto:[email protected])> wrote: > > > > > > > > I see a fix for https://bugs.launchpad.net/neutron/+bug/1244589 merged > > > > during Kilo. I'm wondering if we think we have identified a root cause > > > > and have merged an appropriate long-term fix, or if > > > > https://review.openstack.org/148718 was merged just so there's at least > > > > a fix available while we investigate other alternatives. Does anyone > > > > have an update to provide? > > > > > > > > -Ryan > > > > > > The fix works in environments we’ve tested in. Are you still seeing > > > problems? > > > > > > mark > > > __________________________________________________________________________ > > > OpenStack Development Mailing List (not for usage questions) > > > Unsubscribe: > > > [email protected]?subject:unsubscribe > > > (http://[email protected]?subject:unsubscribe) > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > __________________________________________________________________________ > > > OpenStack Development Mailing List (not for usage questions) > > > Unsubscribe: > > > [email protected]?subject:unsubscribe > > > (http://[email protected]?subject:unsubscribe) > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > > > > -- > > Kevin Benton > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: [email protected]?subject:unsubscribe > > (http://[email protected]?subject:unsubscribe) > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > (mailto:[email protected]?subject:unsubscribe) > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
