[pkg-dhcp-devel] Bug#717215: Bug#717215: dhcpd: 5 bad udp checksums in 5 packets

Axel Beckert abe at debian.org
Tue Mar 3 16:25:25 UTC 2015


Hi Simon,

Simon Boulet wrote:
> Yes, there are workarounds. The workaround need to be applied on the
> host/dom0 (no matter the host distribution) for any *Debian* virtual
> machine to obtain configuration through DHCP.
>
> This bug prevents *Debian* instances using DHCP from working in any
> virtualized environments (being KVM, Xen or LXC) without the
> workaround.

Hmm, not sure what we're doing differently but I'm using Xen at work
with Debian on Dom0 and DomUs for many years now (IIRC since Lenny),
my DomUs all do DHCP and I've never run into any issues of that kind
so far.

I also remember once having had a test setup with multiple DomUs on
the same Dom0 where one DomU was an ISC DHCP server and two others
were clients.

Maybe it additionally depends on the network setup of the Dom0? Routed
vs bridged vs PCI-pass-through or so? We're mostly using bridged
setups.

> Every other major distributions (Red Hat in 2011, Ubuntu in 2013) now have
> fixed their DHCP client.

(I wonder why ISC didn't fix it then...)

> Also LXC added the iptables workaround to 1.0.0 in 2014.

Yep, saw that in the Ubuntu bug report.

> This bug has been initially reported to Debian more than 3 years ago in
> #652739 (but BTS won't let me merge it).

Probably because #652739 is a bug report against isc-dhcp-client and
#717215/#717217 are against isc-dhcp-server.

> I didn't meant the bug to be "release-critical".

Ah, ok. Since we're currently in the freeze for the next stable
release, bugs with release-critical severities (i.e. "serious",
"grave" or "critical") get attention from many more eyes than usual...

> Perhaps "important" would be a more suitable severity, then.

I'd be fine with that severity.

But given that both bugs reports already have quite some discussion,
I've never run into any DHCP issues with Xen so far, and nobody else
raised the severity yet, I'm personally hestitating to raise the
severity without feedback from Debian's ISC DHCP maintainers. (I'm on
their mailing list because I maintain other DHCP related packages, but
I'm none of the isc-dhcp packages maintainers.)

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE



More information about the pkg-dhcp-devel mailing list