Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 93DCC200BB7 for ; Wed, 9 Nov 2016 07:54:59 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 926B7160AEE; Wed, 9 Nov 2016 06:54:59 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D970A160AFD for ; Wed, 9 Nov 2016 07:54:58 +0100 (CET) Received: (qmail 57795 invoked by uid 500); 9 Nov 2016 06:54:58 -0000 Mailing-List: contact commits-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list commits@cloudstack.apache.org Received: (qmail 57779 invoked by uid 99); 9 Nov 2016 06:54:57 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2016 06:54:57 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id B9F7FE01F4; Wed, 9 Nov 2016 06:54:57 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: bhaisaab@apache.org To: commits@cloudstack.apache.org Date: Wed, 09 Nov 2016 06:54:57 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/2] git commit: updated refs/heads/4.9 to 8b786d1 archived-at: Wed, 09 Nov 2016 06:54:59 -0000 Repository: cloudstack Updated Branches: refs/heads/4.9 c09fc2725 -> 8b786d1fb CLOUDSTACK-8326: Always fill UDP checksums in DHCP replies in VR In some cases the UDP checksums in packets from DHCP servers are incorrect. This is a problem for some DHCP clients that ignore packets with bad checksums. This patch inserts an iptables rule to ensure DHCP servers always send packets with correct checksums. Due to this bug DHCP offers are sometimes not accepted by Instances. The end-result without this fix is no connectivity for the Instance due to the lack of a IPv4 address. This is also commited in OpenStack: - https://github.com/projectcalico/felix/issues/40 - https://review.openstack.org/148718 - https://bugzilla.redhat.com/show_bug.cgi?id=910619 Signed-off-by: Wido den Hollander Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/fa56d0b3 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/fa56d0b3 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/fa56d0b3 Branch: refs/heads/4.9 Commit: fa56d0b3e6b8bf62396a820a84621c9eb8707a42 Parents: fcee71f Author: Wido den Hollander Authored: Mon Oct 31 20:43:39 2016 +0100 Committer: Wido den Hollander Committed: Tue Nov 8 18:41:37 2016 +0100 ---------------------------------------------------------------------- .../patches/debian/config/opt/cloud/bin/cs/CsAddress.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/fa56d0b3/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py ---------------------------------------------------------------------- diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py index 64ddb26..075fddb 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py @@ -359,6 +359,10 @@ class CsIP: "-m state --state RELATED,ESTABLISHED " + "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"]) + self.fw.append(["mangle", "front", + "-A POSTROUTING " + + "-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"]) + if self.get_type() in ["public"]: self.fw.append(["mangle", "front", "-A PREROUTING " + @@ -375,9 +379,6 @@ class CsIP: "-A VPN_%s -m state --state RELATED,ESTABLISHED -j ACCEPT" % self.address['public_ip']]) self.fw.append(["mangle", "", "-A VPN_%s -j RETURN" % self.address['public_ip']]) - self.fw.append(["mangle", "front", - "-A POSTROUTING " + - "-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"]) self.fw.append(["nat", "", "-A POSTROUTING -o eth2 -j SNAT --to-source %s" % self.address['public_ip']]) self.fw.append(["mangle", "", @@ -454,6 +455,8 @@ class CsIP: self.fw.append( ["filter", "", "-A INPUT -i %s -p udp -m udp --dport 67 -j ACCEPT" % self.dev]) self.fw.append( + ["mangle", "front", "-A POSTROUTING " + "-p udp -m udp --dport 68 -j CHECKSUM --checksum-fill"]) + self.fw.append( ["filter", "", "-A INPUT -i %s -p udp -m udp --dport 53 -s %s -j ACCEPT" % (self.dev, guestNetworkCidr)]) self.fw.append( ["filter", "", "-A INPUT -i %s -p tcp -m tcp --dport 53 -s %s -j ACCEPT" % (self.dev, guestNetworkCidr)])