yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #82647
[Bug 1878719] [NEW] DHCP Agent's iptables CHECKSUM rule causes skb_warn_bad_offload kernel
Public bug reported:
We are hitting this kernel issue due to a DHCP agent CHECKSUM rule that
is probably obsolete/not needed:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840619
Upgrading the kernel is one workaround, but more disruptive, especially
since still using CentOS7, and kernel fix only made it into 4.19. We
should just remove this rule altogether. As per the kernel issue:
"The changes are limited only to users which have CHECKSUM rules enabled
in their iptables configs. Openstack commonly configures such rules on
deployment, even though they are not necessary, as almost all packets
have their checksum calculated by NICs these days, and CHECKSUM is only
around to service old dhcp clients which would discard UDP packets with
empty checksums.
This commit was selected for upstream -stable 4.18.13, and has made its
way into bionic 4.15.0-58.64 by LP #1836426. There have been no reported
problems and those kernels would have had sufficient testing with
Openstack and its configured iptables rules.
If any users are affected by regression, then they can simply delete any
CHECKSUM entries in their iptables configs."
I can see the metadata agent's CHECKSUM rule was alreayd removed last year: https://github.com/openstack/neutron/commit/04e995be9898ceaa009344509dc16ca7f589d814
Is there any reason the DHCP agent's was not? Is it safe to just remove
this function and where it is invoked from altogether?
https://github.com/openstack/neutron/blob/master/neutron/agent/linux/dhcp.py#L1739
https://github.com/openstack/neutron/blob/cb55643a0695ebc5b41f50f6edb1546bcc676b71/neutron/agent/linux/dhcp.py#L1691
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1878719
Title:
DHCP Agent's iptables CHECKSUM rule causes skb_warn_bad_offload
kernel
Status in neutron:
New
Bug description:
We are hitting this kernel issue due to a DHCP agent CHECKSUM rule
that is probably obsolete/not needed:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840619
Upgrading the kernel is one workaround, but more disruptive,
especially since still using CentOS7, and kernel fix only made it into
4.19. We should just remove this rule altogether. As per the kernel
issue:
"The changes are limited only to users which have CHECKSUM rules
enabled in their iptables configs. Openstack commonly configures such
rules on deployment, even though they are not necessary, as almost all
packets have their checksum calculated by NICs these days, and
CHECKSUM is only around to service old dhcp clients which would
discard UDP packets with empty checksums.
This commit was selected for upstream -stable 4.18.13, and has made
its way into bionic 4.15.0-58.64 by LP #1836426. There have been no
reported problems and those kernels would have had sufficient testing
with Openstack and its configured iptables rules.
If any users are affected by regression, then they can simply delete
any CHECKSUM entries in their iptables configs."
I can see the metadata agent's CHECKSUM rule was alreayd removed last year: https://github.com/openstack/neutron/commit/04e995be9898ceaa009344509dc16ca7f589d814
Is there any reason the DHCP agent's was not? Is it safe to just
remove this function and where it is invoked from altogether?
https://github.com/openstack/neutron/blob/master/neutron/agent/linux/dhcp.py#L1739
https://github.com/openstack/neutron/blob/cb55643a0695ebc5b41f50f6edb1546bcc676b71/neutron/agent/linux/dhcp.py#L1691
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1878719/+subscriptions
Follow ups