summary refs log tree commit diff stats
path: root/results/classifier/gemma3:12b/network/2962
blob: 4b5397476dec1378c882662be06e3d277268729a (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

DHCP UDP checksum workaround code appears to be broken
Description of problem:
I am running dnsmasq DHCP server in an lxc-container.  It is using a VETH pair for the network.  The VETH device on the host is in a bridge.  I create a TAP device and place it in the bridge.  When booting the guest, I notice that the DHCP OFFER has an invalid UDP checksum all the way through the bridge and into the guest.  I am able to fix this by disabling checksum offload inside the container, or adding an nftables rule that zeros out the checksum, or by reverting commit 7987d2be5a8bc3a502f89ba8cf3ac3e09f64d1ce.
Steps to reproduce:
1. From a debian 12 host, `apt-get install lxc lxc-templates`
2. `ip link add brtest type bridge`
3. `ip link set brtest up`
4. Create a container: `lxc-create -n dhcp -t debian -- --package=dnsmasq`
5. Edit the lxc container file `/var/lib/lxc/dhcp/config` and make sure the link is properly set to `lxc.net.0.link = brtest`, the type is set to `veth`, and give it an IP `lxc.net.0.ipv4.address = 192.168.255.1/24`
6. Start the container: `lxc-start -n dhcp`
7. Attach to the container: `lxc-attach -n dhcp`
8. Stop dnsmasq and networking: `systemctl stop dnsmasq.service networking.service`
9. Run a DHCP server: `dnsmasq --dhcp-authoritative --dhcp-range=192.168.255.2,192.168.255.254,255.255.255.0,1h --dns-loop-detect`
10. Exit the container: `exit`
11. Download the linux mint 22.1 installer: https://linuxmint.com/edition.php?id=319
12. Create a TAP device and throw it in the bridge: `ip tuntap add dev taptest mode tap` .. `ip link set dev taptest up master brtest`
13. Run qemu: `qemu-system-x86_64 -enable-kvm -smp 4,sockets=1,threads=1 -machine pc-q35-9.2,accel=kvm,kernel_irqchip=on -m 4096 -device virtio-net-pci,netdev=nic91 -netdev tap,id=nic91,ifname=taptest,script=no,downscript=no -cdrom linuxmint-22.1-cinnamon-64bit.iso` .. I run it with vnc as this is on a headless server.
14. Once the guest has booted, you can run a tcpdump on the NIC and see that the guest receives the DHCP offer, but the UDP checksum is bunk.
Additional information:
I was able to test reverting the commit 7987d2be5a8bc3a502f89ba8cf3ac3e09f64d1ce and that appears to function once again.

![image](/uploads/1d649230eabee269f78031eb0b2de265/image.png){width=901 height=38}