← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #83280

[Bug 1878719] Re: DHCP Agent's iptables CHECKSUM rule causes skb_warn_bad_offload kernel

  Thread PreviousDate PreviousThread Next 
[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1878719

Title:
  DHCP Agent's iptables CHECKSUM rule causes  skb_warn_bad_offload
  kernel

Status in neutron:
  Expired

Bug description:
  We are hitting this kernel issue due to a DHCP agent CHECKSUM rule
  that is probably obsolete/not needed:
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1840619

  Upgrading the kernel is one workaround, but more disruptive,
  especially since still using CentOS7, and kernel fix only made it into
  4.19. We should just remove this rule altogether. As per the kernel
  issue:

  "The changes are limited only to users which have CHECKSUM rules
  enabled in their iptables configs. Openstack commonly configures such
  rules on deployment, even though they are not necessary, as almost all
  packets have their checksum calculated by NICs these days, and
  CHECKSUM is only around to service old dhcp clients which would
  discard UDP packets with empty checksums.

  This commit was selected for upstream -stable 4.18.13, and has made
  its way into bionic 4.15.0-58.64 by LP #1836426. There have been no
  reported problems and those kernels would have had sufficient testing
  with Openstack and its configured iptables rules.

  If any users are affected by regression, then they can simply delete
  any CHECKSUM entries in their iptables configs."

  
  I can see the metadata agent's CHECKSUM rule was alreayd removed last year: https://github.com/openstack/neutron/commit/04e995be9898ceaa009344509dc16ca7f589d814

  Is there any reason the DHCP agent's was not? Is it safe to just
  remove this function and where it is invoked from altogether?

  https://github.com/openstack/neutron/blob/master/neutron/agent/linux/dhcp.py#L1739
  https://github.com/openstack/neutron/blob/cb55643a0695ebc5b41f50f6edb1546bcc676b71/neutron/agent/linux/dhcp.py#L1691

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1878719/+subscriptions

References

  Thread PreviousDate PreviousThread Next