From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Michael S. Tsirkin" Subject: Re: [PATCHv2] vhost-net: add dhclient work-around from userspace Date: Sun, 26 Sep 2010 20:01:30 +0200 Message-ID: <20100926180130.GB24196@redhat.com> References: <20100628100807.GA30685@redhat.com> <20100629.003647.214219303.davem@davemloft.net> <20100629130439.GD3603@redhat.com> <4C2BC04B.3000100@codemonkey.ws> <20100630223157.GA25537@redhat.com> <4C2BD235.5080506@codemonkey.ws> <20100920205935.GB1128@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: kvm@vger.kernel.org To: xming Return-path: Received: from mx1.redhat.com ([209.132.183.28]:38004 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752075Ab0IZSHZ (ORCPT ); Sun, 26 Sep 2010 14:07:25 -0400 Content-Disposition: inline In-Reply-To: Sender: kvm-owner@vger.kernel.org List-ID: On Tue, Sep 21, 2010 at 10:27:45AM +0200, xming wrote: > > Newer versions of dhclient should also be OK: they detect > > that checksum is missing in the packet. Try it e.g. with > > a recent fedora guest as a client. > > I don't have fedora, but with the latest release (4.1.1-P1) on isc.org > it still behaves the same (see output at the bottom). > > > To solve the problem for old clients, recent kernels and iptables have > > support for CHECKSUM target. > > > > You can use this target to compute and fill in the checksum in > > a packet that lacks a checksum. > > > > Typical expected use: > > iptables -A POSTROUTING -t mangle -p udp --dport bootpc \ > > -j CHECKSUM --checksum-fill > > Nice trick :D Does it help? > > libvirt will program these for you if it sets up the server, > > maybe there needs a flag to tell it that server is local. > > I don't use libvirt. Does it help if you program the rule above? > My point is, there doesn't seem to be much working client and the only > working client is a ver very old one (pump), newer client do not work, > as opposite to what you have explained. Sorry if I misled you. dhclient in Fedora is ok and has been for a long while but the bugfix does not appear to be present in released clients from isc.org, or so it seems from examining the source. I don't know why and whether is was ever sent their way: it might be a good idea to talk to them on why they don't use the PACKET_AUXDATA checksum API linux has had since 2007. Meanwhile, you can try adding the patch from fedora. > To repeat myself, here is the situation: > > - DHCP server with vhost_net, all client w/o vhost_net work, clients > with vhost_net do not work except pump > - DHCP server w/o vhost_net, all clients work Hmm are you sure? I expect vhost net client to still not work. At least, the hack in qemu (that vhost-net disables) is for dhcp response packets, I do not see how it will help the server ... > - physical DHCP server, client with vhost *do* work. > Yes, qemu has a hack that catches typical use and will attach a checksum on receive. Unfortunately keeping that around made it all too easy for vendors to keep shipping buggy clients (and I presume server has a similar issue). So the only quick solution I have is to work around this in kernel: in this case by programming the iptables rule. -- MST