<div dir="ltr"><div>The fix should work fine. It is technically a workaround for the way checksums work in virtualised systems, and the unfortunate fact that some DHCP clients check checksums on packets where the hardware has checksum offload enabled. (This doesn't work due to an optimisation in the way QEMU treats packet checksums. You'll see the problem if your machine is running the VM on the same host as its DHCP server and the VM has a vulnerable client.)<br><br>I haven't tried it myself but I have confidence in it and would recommend a backport.<br>-- <br></div>Ian.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On 1 June 2015 at 21:32, Kevin Benton <span dir="ltr"><<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I would propose a back-port of it and then continue the discussion on the patch. I don't see any major blockers for back-porting it.</div><div class="gmail_extra"><div><div class="h5"><br><div class="gmail_quote">On Mon, Jun 1, 2015 at 7:01 PM, Tidwell, Ryan <span dir="ltr"><<a href="mailto:ryan.tidwell@hp.com" target="_blank">ryan.tidwell@hp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Not seeing this on Kilo, we're seeing this on Juno builds (that's expected). I'm interested in a Juno backport, but mainly wanted to be see if others had confidence in the fix. The discussion in the bug report also seemed to indicate there were other alternative solutions others might be looking into that didn't involve an iptables rule.<br>
<span><font color="#888888"><br>
-Ryan<br>
</font></span><div><div><br>
-----Original Message-----<br>
From: Mark McClain [mailto:<a href="mailto:mark@mcclain.xyz" target="_blank">mark@mcclain.xyz</a>]<br>
Sent: Monday, June 01, 2015 6:47 PM<br>
To: OpenStack Development Mailing List (not for usage questions)<br>
Subject: Re: [openstack-dev] [Neutron] virtual machine can not get DHCP lease due packet has no checksum<br>
<br>
<br>
> On Jun 1, 2015, at 7:26 PM, Tidwell, Ryan <<a href="mailto:ryan.tidwell@hp.com" target="_blank">ryan.tidwell@hp.com</a>> wrote:<br>
><br>
> I see a fix for <a href="https://bugs.launchpad.net/neutron/+bug/1244589" target="_blank">https://bugs.launchpad.net/neutron/+bug/1244589</a> merged during Kilo. I'm wondering if we think we have identified a root cause and have merged an appropriate long-term fix, or if <a href="https://review.openstack.org/148718" target="_blank">https://review.openstack.org/148718</a> was merged just so there's at least a fix available while we investigate other alternatives. Does anyone have an update to provide?<br>
><br>
> -Ryan<br>
<br>
The fix works in environments we’ve tested in. Are you still seeing problems?<br>
<br>
mark<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span class="HOEnZb"><font color="#888888">-- <br><div><div>Kevin Benton</div></div>
</font></span></div>
<br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>