Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove iptables rule for SCTP checksum fixup #47952

Open
robmry opened this issue Jun 11, 2024 · 1 comment
Open

Remove iptables rule for SCTP checksum fixup #47952

robmry opened this issue Jun 11, 2024 · 1 comment
Assignees
@robmry
Labels
area/networking/d/bridge area/networking kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. status/0-triage

Comments

@robmry
Copy link
Contributor

robmry commented Jun 11, 2024
edited by thaJeztah
Loading

Description

@akerouanton noted in #47871 (comment) that this code for SCTP checksum fixup can now be removed ...

moby/libnetwork/drivers/bridge/port_mapping_linux.go

Lines 542 to 560 in 8c2e4ca

if b.Proto == types.SCTP {
// Linux kernel v4.9 and below enables NETIF_F_SCTP_CRC for veth by
// the following commit.
// This introduces a problem when combined with a physical NIC without
// NETIF_F_SCTP_CRC. As for a workaround, here we add an iptables entry
// to fill the checksum.
//
// https://github.com/torvalds/linux/commit/c80fafbbb59ef9924962f83aac85531039395b18
args = []string{
"-p", b.Proto.String(),
"--sport", strconv.Itoa(int(b.Port)),
"-j", "CHECKSUM",
"--checksum-fill",
}
rule := iptRule{ipv: ipv, table: iptables.Mangle, chain: "POSTROUTING", args: args}
if err := programChainRule(rule, "MASQUERADE", enable); err != nil {
return err
}
}

@robmry robmry added status/0-triage kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. area/networking area/networking/d/bridge labels Jun 11, 2024
@robmry robmry self-assigned this Jun 11, 2024
@robmry robmry mentioned this issue Jun 11, 2024
Merged
@Hoernchen
Copy link

It's quite the coincidence that I ended up finding this ticket, because my Issue is that this specific rule basically prevents using the same sctp port for local (docker nw) and remote (->reachable via physical nw if) clients at the same time, the sctp conn for local clients basically times out after INIT/INIT_ACK

This specifically breaks having both remote and local "sw only/zmq" enbs at the same time with the https://github.com/herlesupreeth/docker_open5gs setup.

@Hoernchen Hoernchen mentioned this issue Jun 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robmry robmry

Labels
area/networking/d/bridge area/networking kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. status/0-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hoernchen @robmry