DHCP checksum fixing rule is too broad: in POSTROUTING chain, not OUTPUT
Bug #1629309 reported by
Nell Jerram
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| networking-calico |
In Progress
|
Undecided
|
Sam Yaple | ||
Bug Description
Moved here from https:/
matthewdupre commented on 1 Jul 2015
This is a split from issue https:/
We currently use a rule that looks like iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill, but this is too broad.
We should make the rule more specific - @nbartos suggests iptables -t mangle -A OUTPUT -o tap+ -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill.
The most important thing is moving from the POSTROUTING to OUTPUT chain, so we don't run the rule over forwarded packets. This will need to be upstreamed.
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Fix proposed to networking-calico (master) | #1 |
| Changed in networking-calico: | |
| assignee: | nobody → Logan V (logan2211) |
| status: | New → In Progress |
| Changed in networking-calico: | |
| assignee: | Logan V (loganv) → Sam Yaple (s8m) |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on networking-calico (master) | #2 |
To post a comment you must log in.
Fix proposed to branch: master
Review: https:/