git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Laine Stump <laine@redhat.com>
	Tue, 13 Jul 2010 02:59:58 +0000 (22:59 -0400)
committer	Laine Stump <laine@laine.org>
	Mon, 2 Aug 2010 15:34:14 +0000 (11:34 -0400)
commit	fd5b15ff1a2ec37e75609c091522ae1e2c74c811
tree	7e7b30e8cb1758e3edb5a760566b1d9c89e56205	tree
parent	86b043ad3e1c6d15d8af6df68089d04fbec248e3	commit \| diff

Add iptables rule to fixup DHCP response checksum.

This patch attempts to take advantage of a newly added netfilter
module to correct for a problem with some guest DHCP client
implementations when used in conjunction with a DHCP server run on the
host systems with packet checksum offloading enabled.

The problem is that, when the guest uses a RAW socket to read the DHCP
response packets, the checksum hasn't yet been fixed by the IP stack,
so it is incorrect.

The fix implemented here is to add a rule to the POSTROUTING chain of
the mangle table in iptables that fixes up the checksum for packets on
the virtual network's bridge that are destined for the bootpc port (ie
"dhcpc", ie port 68) port on the guest.

Only very new versions of iptables will have this support (it will be
in the next upstream release), so a failure to add this rule only
results in a warning message. The iptables patch is here:

http://patchwork.ozlabs.org/patch/58525/

A corresponding kernel module patch is also required (the backend of
the iptables patch) and that will be in the next release of the
kernel.

src/libvirt_private.syms		diff \| blob \| blame \| history
src/network/bridge_driver.c		diff \| blob \| blame \| history
src/util/iptables.c		diff \| blob \| blame \| history
src/util/iptables.h		diff \| blob \| blame \| history