yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1915480] Re: DeviceManager's fill_dhcp_udp_checksums assumes IPv6 available

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Rodolfo Alonso <1915480@xxxxxxxxxxxxxxxxxx>
Date: Wed, 30 Nov 2022 09:40:06 -0000
Reply-to: Bug 1915480 <1915480@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1915480

Title:
  DeviceManager's fill_dhcp_udp_checksums assumes IPv6 available

Status in Ubuntu Cloud Archive:
  New
Status in Ubuntu Cloud Archive ussuri series:
  New
Status in Ubuntu Cloud Archive victoria series:
  New
Status in neutron:
  Fix Released
Status in neutron package in Ubuntu:
  Fix Released
Status in neutron source package in Focal:
  Fix Released

Bug description:
  The following code in DeviceManager's fill_dhcp_udp_checksums assumes
  IPv6 is always enabled:

  iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
                                                  namespace=namespace)

  When iptables_mgr.apply() is later called, an attempt to add the UDP
  checksum rule for DHCP is done via iptables-save/iptables-restore and
  if IPv6 has been disabled on a hypervisor (eg, by setting
  `ipv6.disable=1` on the kernel command line) then an many-line error
  occurs in the DHCP agent logfile.

  There should be a way of telling the agent that IPv6 is disabled and
  as such, it should ignore trying to set up the UDP checksum rule for
  IPv6. This can be easily achieved given that IptablesManager already
  has support for disabling it.

  We've seen this on Rocky on Ubuntu Bionic but it appears the issue
  still exists on the master branch.

  =================================
  Ubuntu SRU details:

   
  [Impact] 

  See above

  
  [Test Plan]

  Disable IPv6 on a hypervisor.
  sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
  sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
  sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1
  Deploy Openstack Ussuri or Victoria with one compute node, using the hypervisor which has IPv6 disabled as a neutron gateway.
  Create a network which has a subnetwork with DHCP enabled. Eg:
  openstack network create net1
  openstack subnet create subnet1 --network net1  --subnet-range 192.0.2.0/24  --dhcp
  Search the `/var/log/neutron/neutron-dhcp-agent.log` (with debug log enabled) and check if there are any `ip6tables-restore` commands. Eg:
  sudo grep ip6tables-restore /var/log/neutron/neutron-dhcp-agent.log 
   
  [Where problems could occur]

  Users which were relying on the setting to always be true could be
  affected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1915480/+subscriptions

References

[Bug 1915480] [NEW] DeviceManager's fill_dhcp_udp_checksums assumes IPv6 available
From: David Comay, 2021-02-12