このコンテンツは選択した言語では利用できません。
Chapter 8. Networking
Both iptables
and ip6tables
services now recognize the security table in the set_policy() function
Previously, when the security table was used, the
iptables
or ip6tables
services failed to clear correctly the firewall ruleset during the shutdown. As a consequence, an error message was displayed when stopping these services. With this update, both iptables
and ip6tables
init scripts recognize but ignore the security table when clearing the firewall ruleset. As a result, the error message is no longer displayed in the described scenario. (BZ#1210563)
Unusual skbs
no longer cause the kernel to crash
Under a rare network condition, the TCP stack created and tried to transmit unusual
socket buffers (skbs)
. Previously, certain core kernel functions did not support such unusual skbs
. As a consequence, the BUG()
kernel message was displayed, and the kernel terminated unexpectedly. With this update, the relevant function is extended to support such kind of skbs
, and the kernel no longer crashes. (BZ#1274139)
The dmesg
log no longer displays 'hw csum failure' with inbound IPv6 traffic
Previously, when IPv6 fragments were received, the cxgb4 Network Interface Card (NIC) calculated wrong internet checksum. As a consequence, the kernel reported the 'hw csum failure' error message in the
dmesg
system log when receiving a fragmented IPv6 packet. With this update, the hardware checksum calculation happens only when IPv4 fragments are received. If IPv6 fragments are received, the checksum calculation happens in software. As a result, when IPv6 fragments are received, dmesg
no longer displays the error message in the described scenario. (BZ#1427036)
SCTP now selects the right source address
Previously, when using a secondary IPv6 address, Stream Control Transmission Protocol (SCTP) selected the source address based on the best prefix matching with the destination address. As a consequence, in some cases, a packet was sent through an interface with the wrong IPv6 address. With this update, SCTP uses the address that already exists in the routing table for this specific route. As a result, SCTP uses the expected IPv6 address as the source address when secondary addresses are used on a host. (BZ#1445919)
Improved performance of SCTP
Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the
receiver_window (rwnd)
values incorrectly when recovering from a zero-window situation
. As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd
could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd
pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd
reflects better the real state of the receive buffer. (BZ#1492220)
The virtio interface now transmits the Ethernet packets correctly
Previously, when a virtio Network Interface Card (NIC) received a short frame from the guest, the virtio interface stop transmitting any Ethernet packets. As a consequence, packets transmitted by the guest never appeared on the hypervisor virtual network (vnet) device. With this update, the kernel drops truncated packets, and the virtio interface transmits the packets correctly. (BZ#1535024)