Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 31. Networking
SNMP response is no longer timed out
Previously, all the Simple Network Management Protocol version 1 (SNMPv1) and SNMPv2c responses that followed an SNMPv3 message were checked against the last recorded SNMPv3
max message size
property. As a consequence, an SNMPv3 request with a small max message size
could lead to SNMPv1 and SNMPv2c bulk requests timing out. With this update, the session maximum message size is checked only for SNMPv3 requests, and the SNMPv1 and SNMPv2c response is no longer timed out. (BZ#1324306)
ICMP redirects no longer cause kernel to crash
Previously, a socket failed to be locked between user space and the process of Internet Control Message Protocol (ICMP) redirect packets, creating a race condition. As a consequence, kernel terminated unexpectedly. The bug has been fixed by skipping the process of ICMP redirect packets when the socket is locked by user space and now the described problem no longer occurs. (BZ#1387485)
The net.ipv4.ip_nonlocal_bind
kernel parameter is set in name spaces
Previously, using a floating IP address inside a network name space in some cases failed with the following error message:
bind: Cannot assign requested address.
With this update, the kernel respects setting of the
net.ipv4.ip_nonlocal_bind
parameter to 1
in name spaces, and the floating IP address is now assigned as expected. (BZ#1363661)
The netfilter REJECT
rule now works on SCTP packets
Previously, the
conntrack
tool did not check the CRC32c
value for Stream Control Transmission Protocol (SCTP) packets. As a consequence, the netfilter REJECT
rule was not applied as expected on SCTP packets. The bug has been fixed by setting CHECKSUM_UNNECESSARY
on SCTP packets which have valid CRC32c
. As a result, the netfilter REJECT
is allowed to generate an Internet Control Message Protocol (ICMP) response. (BZ#1353218)
NetworkManager
no longer duplicates a connection with already-set DHCP_HOSTNAME
Previously, after a restart of the
NetworkManager
service, a connection with an already-set DHCP_HOSTNAME
property was duplicated. Consequently, a DHCP lease was not always renewed upon its expiry. With this update, the connection is no longer duplicated, and a DHCP lease is correctly renewed in this scenario.
Note that the fix includes ignoring the already-set hostname properties in the matching process. To avoid possible problems, remove all unused connections with an incorrect
ipv4.dhcp-hostname
. For more information, see https://access.redhat.com/articles/2948041. (BZ#1393997)
Improved SCTP congestion_window
management
Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the
receiver_window
(rwnd) values incorrectly when recovering from a zero-window situation
. As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd
could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd
pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd
reflects better the real state of the receive buffer. (BZ#1084802)
Value of DCTCP alpha
now drops to 0 and cwnd
remains at values more than 137
Previously, the
alpha
value of Datacenter TCP (DCTCP) was shifted before subtraction, causing precision loss. As a consequence, the real alpha
value did not fall below 15 and uncongested flows eventually dropped to a congestion_window
(cwnd
) value of 137. This bug has been fixed by canceling the shift operation when alpha
is low. As a result, alpha
drops to 0 and cwnd
remains at values more than 137 for uncongested flows. (BZ#1370638)
ss
now displays correctly cwnd
Previously, the
ss
utility displayed Transmission Control Protocol congestion window (TCP cwnd) values from the kernel, performing a cast from unsigned to signed 32-bit integer. As a consequence, some values can overflow and be interpreted as a negative value. With this update, the ss
code has been fixed, and the utility no longer displays negative cwnd values. (BZ#1375215)
Value of cwnd
no longer increases using DCTCP
Previously, the
congestion_window
(cwnd
) increased unexpectedly after a packet loss. As a consequence, the Data Center TCP (DCTCP) congestion control module became ineffective in avoiding congestion, because repeated problems on the same flow occurred. With this update, the cwnd
value is saved on loss and the old one is restored on recovery. As a result, cwnd
remains stable. (BZ#1386923)
Negated range matches have been fixed
Previously, using a range of values in a negated match would never evaluate as true. With this update, such matches work as expected. For example:
# nft add rule ip ip_table filter_chain_input ip length != 100-200 drop
now correctly drops packets smaller than
100
bytes or larger than 200
bytes. (BZ#1418967)
The nmcli connection show
command now displays the correct output for both empty
and NULL
values
Previously, the output of the
nmcli connection show
command did not display consistently the empty
and NULL
values among different properties. As a consequence, the empty
values were displayed by --
or without a value. With this update, the output of the nmcli connection show
command displays --
for both empty
and NULL
values in normal
or pretty
modes.
Note that in
terse
mode, values are printed only in their raw form and the empty
and NULL
values are not printed at all. (BZ#1391170)
snmpd
no longer rejects large packets from AgentX subagents
Previously, the SNMP daemon (snmpd) limited the size of packets sent from AgentX subagents to 1472 bytes. This caused
snmpd
to refuse large packets from AgentX subagents. The packet size limit has been increased to 65535 bytes. As a result, snmpd
no longer rejects large packets from AgentX subagents. (BZ#1286693)
Macvlan
can now be unregistered correctly
Previously, attempts to unregister the
Macvlan
driver failed with broken sysfs
links from or to devices in another namespace. With this update, Macvlan
has been fixed, thus fixing this bug. (BZ#1412898)