dhcpd problem on virtual machines
Alex Zeffertt
alex.zeffertt at eu.citrix.com
Thu Apr 15 14:29:18 UTC 2010
Alex Zeffertt wrote:
> All,
>
> I've discovered an issue with running dhcpd in one virtual machine and
> dhclient in another virtual machine on the same physical host. I saw
> this problem on a Xen host with paravirtualised linux guests. The
> problem is that the REQUEST sent by the client when half the lease has
> expired is ignored by the server.
>
>
> I'll describe what happens step by step:
>
> 1. dhclient sends a DISCOVER over an AF_PACKET socket and gets an
> OFFER back
> 2. dhclient sends a REQUEST over the AF_PACKET socket and gets an ACK
> back
> 3. half the lease period passes
> 4. dhclient sends a REQUEST over an *AF_INET* socket
> 5. The sending network device advertises checksum offload so linux
> only checksums the UDP pseudo header before passing the packet to the
> driver.
> 6. The receiving network device sets the packet's ip_summed flag to
> CHECKSUM_PARTIAL. This tells linux that there is no need to verify the
> UDP checksum before passing to userspace, but that it must be completed
> by hardware or software if the packet is forwarded.
> 7. dhcpd receives the packet over an AF_PACKET socket, finds the
> checksum is invalid, and silently discards it.
>
>
> There are several possible solutions to this, and I'm keen to find out
> which of these - if any - seems the best to you:
>
> i) Always use AF_PACKET in dhclient
> ii) Use AF_INET in dhcpd for receiving packets instead of AF_PACKET (*)
> iii) Don't verify the checksum in dhcpd if the hardware supports
> checksum offload
>
I'm attaching a patch which does (i) above. I'm a dhcp-hacker n00bie so I'd be
interested to know if you think this fix would break anything, or if there is a
better way to resolve this issue.
Regards,
Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: no-fallback-on-linux.patch
Type: text/x-diff
Size: 1684 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/dhcp-hackers/attachments/20100415/f6d7f393/attachment.bin>
More information about the dhcp-hackers
mailing list