OpenStack Compute (nova)

libvirt lxc needs iptables checksum added for dhcp packets

Bug #1335193 reported by Scott Moser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Unassigned
OpenStack Compute (nova) 2014.2 "juno"

Bug Description

I tested a devstack today with libvirt-lxc, and was unable to get a dhcp address in cirros 0.3.2.

The reason is that cirros's udhcpc seems to ignore the response if it doesn't have checksums.

the appropriate mangle rule would be written if /dev/vhost-net , but with newer kernels this is also happening on the lxc network devices.

It seems the sane thing to do at this point is just to drop the protection based on '/dev/vhost-net' presence.

--
Related bugs:
 * https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/930962
 * https://bugzilla.redhat.com/show_bug.cgi?id=910619#c6

Revision history for this message
Scott Moser (smoser) wrote :

https://review.openstack.org/#/c/103193/

Tracy Jones (tjones-i)
tags: added: libvirt network
Sean Dague (sdague)
Changed in nova:
importance: Undecided → Medium
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/103193
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=0ca33df5660849ce305f9e9756007d95fcbbfa2b
Submitter: Jenkins
Branch: master

commit 0ca33df5660849ce305f9e9756007d95fcbbfa2b
Author: Scott Moser <email address hidden>
Date: Fri Jun 27 12:39:28 2014 -0400

    add checksums to udp independent of /dev/vhost-net.

    In newer kernel versions, the network devices added for lxc containers
    do not get checksums added. The result is the same as previously
    occurred when vhost-net became prevalent in kvm guests.

    Software that expects the checksums on packets will ignore them. One example
    of such software is udhcpc in cirros. Without this change, cirros containers
    in 3.13 kernels (Ubuntu 14.04) will fail to acquire an address via dhcp.

    Closes-Bug: #1335193
    Change-Id: Iba305fb7f8236955ca732e467db9e424535be93d

Changed in nova:
status: New → Fix Committed
Russell Bryant (russellb)
Changed in nova:
milestone: none → juno-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: juno-2 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.