<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Apr 26, 2018 at 8:09 AM, Christian Ehrhardt <span dir="ltr"><<a href="mailto:christian.ehrhardt@canonical.com" target="_blank">christian.ehrhardt@canonical.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><div class="gmail-h5">On Wed, Apr 25, 2018 at 11:25 PM, Laine Stump <span dir="ltr"><<a href="mailto:laine@laine.org" target="_blank">laine@laine.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">When an nwfilter rule sets the parameter CTRL_IP_LEARNING to "dhcp",<br>
this turns on the "dhcpsnoop" thread, which uses libpcap to monitor<br>
traffic on the domain's tap device and extract the IP address from the<br>
DHCP response.<br>
<br>
If libpcap on the host is built with TPACKET_V3 defined, the dhcpsnoop<br>
code's initialization of the libpcap socket fails with the following<br>
error:<br>
<br>
  virNWFilterSnoopDHCPOpen:1134 : internal error: pcap_setfilter: can't remove kernel filter: Bad file descriptor<br>
<br>
It turns out that this was because libpcap with TPACKET_V3 defined<br>
requires a larger buffer size than libvirt was setting (we were<br>
setting it to 128k). Changing the buffer size to 256k eliminates the<br>
error, and the dhcpsnoop thread once again works properly.<br>
<br>
Thanks to Christian Ehrhardt <<a href="mailto:paelzer@gmail.com" target="_blank">paelzer@gmail.com</a>> for discovering that<br>
buffer size was the problem.<br>
<br>
Resolves: <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1547237" rel="noreferrer" target="_blank">https://bugzilla.redhat.com/sh<wbr>ow_bug.cgi?id=1547237</a><br>
Signed-off-by: Laine Stump <<a href="mailto:laine@laine.org" target="_blank">laine@laine.org</a>><br>
---<br>
 src/nwfilter/nwfilter_dhcpsno<wbr>op.c | 2 +-<br>
 1 file changed, 1 insertion(+), 1 deletion(-)<br>
<br>
diff --git a/src/nwfilter/nwfilter_dhcpsn<wbr>oop.c b/src/nwfilter/nwfilter_dhcpsn<wbr>oop.c<br>
index 6069e70460..62eb617515 100644<br>
--- a/src/nwfilter/nwfilter_dhcpsn<wbr>oop.c<br>
+++ b/src/nwfilter/nwfilter_dhcpsn<wbr>oop.c<br>
@@ -259,7 +259,7 @@ struct _virNWFilterDHCPDecodeJob {<br>
  * libpcap 1.5 requires a 128kb buffer<br>
  * 128 kb is bigger than (DHCP_PKT_BURST * PCAP_PBUFSIZE / 2)<br>
  */</blockquote></div></div></div></div></blockquote><div><br></div><div>Tests completed and ok for my small testing scope of these cases:</div><div class="gmail_quote">  Tested-by: Christian Ehrhardt <<a href="mailto:christian.ehrhardt@canonical.com">christian.ehrhardt@canonical.com</a>></div></div><div class="gmail_quote"><br></div><div class="gmail_quote">Once you updated the comment as outlined before feel free to also add</div><div class="gmail_quote">  Reviewed-by: Christian Ehrhardt <<a href="mailto:christian.ehrhardt@canonical.com">christian.ehrhardt@canonical.com</a>></div><div class="gmail_quote"><br></div><div class="gmail_quote">Could you when rewriting also add this line (not required, just if you amend anyway):</div><div class="gmail_quote">  Fixes: <a href="https://bugs.launchpad.net/libvirt/+bug/1758037">https://bugs.launchpad.net/libvirt/+bug/1758037</a><br></div><div class="gmail_quote"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">I recently see more and more Resolves: instead of "Fixes:" did we change the recommended format for some tools and I missed it?</span><br></div>
</div></div>