Bug#789069: 717215 reoccurs in jessie with virtual eth interfaces and lxc

Wed, 17 Jun 2015 07:15:47 -0700 

Package: isc-dhcp-server
Version: 4.3.1-6
Severity: important

DHCPD being broken on virtual interfaces aka bug 717215 
reoccurs in jessie, used to work in wheezy. I cannot reopen it as
it is archived.

1. The fact that qemu/kvm has a fugly workaround to compute as 
an exeption DHCP packets is not a solution - it is an excuse.
It should go anyway as it is a performance penalty (checking each
packet if it is a DHCP one to do checksum).

2. The real solution is to make dhcp not do checksums on bridge, tap,
virtual ethernet, l2tp and EoGRE tunnels, etc by configuration. As 
this is quite cumbersome, supplied is a workaround which will work
for most users - it prevents dhcpd from computing checksum on
"locally significant" MACs (bit 1 of ethernet address == 1).

This will make dhcp work on all kinds of virtual interfaces.


-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages isc-dhcp-server depends on:
ii  debconf [debconf-2.0]  1.5.56
ii  debianutils            4.4+b1
ii  isc-dhcp-common        4.3.1-6
ii  libc6                  2.19-18
ii  libdns-export100       1:9.9.5.dfsg-9
ii  libirs-export91        1:9.9.5.dfsg-9
ii  libisc-export95        1:9.9.5.dfsg-9
ii  lsb-base               4.1+Debian13+nmu1

isc-dhcp-server recommends no packages.

Versions of packages isc-dhcp-server suggests:
pn  isc-dhcp-server-ldap  <none>

-- Configuration Files:
/etc/dhcp/dhcpd.conf changed [not included]

-- debconf information excluded

*** common/packet.c.old	2015-06-17 13:48:05.997565428 +0100
--- common/packet.c	2015-06-17 14:00:12.277678086 +0100
***************
*** 341,346 ****
--- 341,356 ----
      usum = 0;
    }
  
+   /* virtual interfaces (locally significant macs should not csumed 
+    * either 
+    * bit 1 in address signifies broadcast/multicast
+    * bit 2 in address 10 binary == 2 signifies local address
+    */
+ 
+   if ((interface -> hw_address.hbuf [1] & 2) > 0) {
+     usum = 0;
+   }
+ 
    udp_packets_seen++;
    if (usum && usum != sum) {
  	  udp_packets_bad_checksum++;

Reply via email to