[pkg-dhcp-devel] Bug#717215: Bug#717215: dhcpd: 5 bad udp checksums in 5 packets

Simon Boulet simon at nostalgeek.com
Tue Mar 3 18:01:00 UTC 2015

On Tue, Mar 3, 2015 at 11:25 AM, Axel Beckert <abe at debian.org> wrote:

> Hmm, not sure what we're doing differently but I'm using Xen at work
> with Debian on Dom0 and DomUs for many years now (IIRC since Lenny),
> my DomUs all do DHCP and I've never run into any issues of that kind
> so far.

My experiment has shown that there has to be a combination of two things to
trigger this bug:

1- The DHCP server needs to be running on another VM on the same host, or
on Dom0. The problem is with virtual interfaces traffic flowing through
software bridge not having valid checksums (since the packets aren't
leaving memory, checksums are not being uselessly calculated).

2- The VM virtual interface needs to have TX offloading enabled. When
enabled, ISC DHCP looks at the UDP checksum bits and find they are invalid
(because of #1). The patch to ISC DHCP implements checking the
TP_STATUS_CSUMNOTREADY to determine if checksum is to be verified.

One workaround is to instruct iptables to recalculate the checksum for all
DHCP responses. Another workaround is to use ethtool to disable TX offload
on the vif interface (which I suppose causes the checksum to be forcefully
calculated by the kernel).

Depending of the version of Xen and/or which device model you are using, TX
offload might not be supported on your virtual interface.

I ran into this bug with the DHCP server running on a Jessie Dom0, Xen 4.4.1
running a Debian Wheezy PVHVM DomU.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20150303/f6270f6a/attachment.html>

More information about the pkg-dhcp-devel mailing list