File 0001-Always-fill-UDP-checksums-in-DHCP-replies.patch of Package openstack-neutron
From 2f2fdf52781386a269a47e494c29eeaeafc7ba32 Mon Sep 17 00:00:00 2001
From: Darragh O'Reilly <darragh.oreilly@hp.com>
Date: Tue, 3 Feb 2015 17:03:23 +0000
Subject: [PATCH] Always fill UDP checksums in DHCP replies
In some cases the UDP checksums in packets from DHCP servers are
incorrect. This is a problem for some DHCP clients that ignore
packets with bad checksums. This patch inserts an iptables rule
to ensure DHCP servers always send packets with correct checksums.
Change-Id: I130fe0f2389bdc42eb8c858ea35dd840abecc2e7
Closes-Bug: 1244589
(cherry picked from commit f5419d90791f0e258801b453c239c187302a3554)
---
neutron/agent/linux/dhcp.py | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/neutron/agent/linux/dhcp.py b/neutron/agent/linux/dhcp.py
index e388178..f6a0a31 100644
--- a/neutron/agent/linux/dhcp.py
+++ b/neutron/agent/linux/dhcp.py
@@ -27,6 +27,7 @@ from oslo.config import cfg
import six
from neutron.agent.linux import ip_lib
+from neutron.agent.linux import iptables_manager
from neutron.agent.linux import utils
from neutron.common import constants
from neutron.common import exceptions
@@ -1032,6 +1033,7 @@ class DeviceManager(object):
interface_name,
port.mac_address,
namespace=network.namespace)
+ self.fill_dhcp_udp_checksums(namespace=network.namespace)
ip_cidrs = []
for fixed_ip in port.fixed_ips:
subnet = fixed_ip.subnet
@@ -1068,3 +1070,14 @@ class DeviceManager(object):
self.plugin.release_dhcp_port(network.id,
self.get_device_id(network))
+
+ def fill_dhcp_udp_checksums(self, namespace):
+ """Ensure DHCP reply packets always have correct UDP checksums."""
+ iptables_mgr = iptables_manager.IptablesManager(
+ root_helper=self.root_helper,
+ use_ipv6=False,
+ namespace=namespace)
+ ipv4_rule = ('-p udp --dport %d -j CHECKSUM --checksum-fill'
+ % constants.DHCP_RESPONSE_PORT)
+ iptables_mgr.ipv4['mangle'].add_rule('POSTROUTING', ipv4_rule)
+ iptables_mgr.apply()
--
2.6.0
