[pkg-lxc-devel] Bug#832090: lxc: dhcp fails due to invalid UDP checksum

Lucas Nussbaum lucas at debian.org
Fri Jul 22 07:52:47 UTC 2016 

Package: lxc
Version: 1:2.0.3-1
Severity: important

Hi,

When booting containers, DHCP fails to get an IP due to invalid
UDP checksums.

I use the lxc-net-based setup as described in
https://wiki.debian.org/LXC/SimpleBridge ("using lxc-net").
This creates a lxcbr0 bridge.
When starting up, the containers' veth device is correctly attached to
the bridge.
However, it fails to get an IP using DHCP.
Using tcpdump on the host, on the veth device, I see:

9:41:14.923738 IP (tos 0xc0, ttl 64, id 42999, offset 0, flags [none], proto UDP (17), length 329)
    10.0.3.1.67 > 10.0.3.233.68: [bad udp cksum 0x1c30 -> 0x2064!] BOOTP/DHCP, Reply, length 301, xid 0xa447c322, Flags [none] (0x0000)
	  Your-IP 10.0.3.233
	  Server-IP 10.0.3.1
	  Client-Ethernet-Address 00:ff:aa:ab:cd:01
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message Option 53, length 1: ACK
	    Server-ID Option 54, length 4: 10.0.3.1
	    Lease-Time Option 51, length 4: 3600
	    RN Option 58, length 4: 1800
	    RB Option 59, length 4: 3150
	    Subnet-Mask Option 1, length 4: 255.255.255.0
	    BR Option 28, length 4: 10.0.3.255
	    Default-Gateway Option 3, length 4: 10.0.3.1
	    Domain-Name-Server Option 6, length 4: 10.0.3.1
	    Hostname Option 12, length 7: "debian8"
09:41:17.594912 IP (tos 0x0, ttl 1, id 54287, offset 0, flags [DF], proto UDP (17), length 194)
    10.0.3.1.44012 > 239.255.255.250.1900: [bad udp cksum 0xfdba -> 0x8df0!] UDP, length 166
09:41:18.596600 IP (tos 0x0, ttl 1, id 54466, offset 0, flags [DF], proto UDP (17), length 194)
    10.0.3.1.44012 > 239.255.255.250.1900: [bad udp cksum 0xfdba -> 0x8df0!] UDP, length 166
09:41:19.597758 IP (tos 0x0, ttl 1, id 54542, offset 0, flags [DF], proto UDP (17), length 194)
    10.0.3.1.44012 > 239.255.255.250.1900: [bad udp cksum 0xfdba -> 0x8df0!] UDP, length 166
09:41:19.928511 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.3.233 tell 10.0.3.1, length 28

If, on the host, I disable checksum offloading using:
sudo ethtool -K vethILRWN4 tx off

Then DHCP succeeds.

This seems to be related to the bridge setup: if I manually remove the veth
device from the bridge, set an IP on it, etc. then everything works fine.

Lucas


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (400, 'stable'), (300, 'unstable'), (150, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxc depends on:
ii  init-system-helpers  1.36
ii  libapparmor1         2.10.95-4
ii  libc6                2.23-1
ii  libcap2              1:2.25-1
ii  liblxc1              1:2.0.3-1
ii  libseccomp2          2.3.1-2
ii  libselinux1          2.5-3
ii  python3              3.5.1-4
pn  python3:any          <none>

Versions of packages lxc recommends:
ii  bridge-utils  1.5-9
ii  cgmanager     0.41-2
ii  debootstrap   1.0.81
ii  dnsmasq-base  2.76-1.1
ii  iptables      1.6.0-2
ii  libpam-cgfs   2.0.1-2
ii  lxcfs         2.0.1-2
ii  openssl       1.0.2h-1
ii  rsync         3.1.1-3
ii  uidmap        1:4.2-3.1

Versions of packages lxc suggests:
pn  apparmor     <none>
pn  btrfs-tools  <none>
pn  lua5.2       <none>
ii  lvm2         2.02.160-1

-- no debconf information

More information about the Pkg-lxc-devel mailing list