[libvirt] how do I stop libvirt futzing with my network configuration?

Nix nix at esperi.org.uk
Sat Nov 28 22:41:58 UTC 2009

On 28 Nov 2009, Ian Woodstock verbalised:

> On Sat, Nov 28, 2009 at 5:06 PM, Nix <nix at esperi.org.uk> wrote:
>> (hm, the state UNKNOWN is sort of bizarre. It's up...)
> It's unknown because you're using the dummy device (which will just
> send all bits to a deep dark hole) and we can't do things like check
> the status of the interface/link etc.

I just tried that by removing everything from the bridge. Still state

> I suspect that's why libvirt won't let you connect to it, since
> libvirt is looking for a "shared physical device" and there's not a
> device in the bridge.

Gah. So libvirt won't let me connect a bunch of devices to a bridge
without that bridge being bridged to something already? So you
can't have a pile of bridges with VMs on them *routed* to the rest of
the net?

>> It appears in the GUI, all right: as 'host device linux-net (not bridged)',
>> greyed out and unselectable. Calling a bridge 'not bridged' is more than
>> slightly bizarre.
> Actually I think this is correct. It's not bridged to a physical
> device, it's plumbed to nothing.

I don't want it bridged to a physical device. Why should libvirt require
any such thing? It's not necessary to get packets out of it: all you
need for *that* is a routing table entry. (The bridge has an IP address
on the host and everything.)

>> There's no iptables at all on this particular box (at least not yet,
>> although it may turn up later on when I put Windows guests on here: I'm
>> not having *them* running around free).
> So it sounds like the root of your issue now is that you're using
> dummy network device.
> Is that being done temporarily now because you don't have a network
> plumbed in or is there some other use case?

It was an emergency hack when I found virt-manager not noticing bridges
that had nothing on them (it said 'not bridged'). I stuck the dummy
device on it and it started working. However, this appears to have
been transient.

... In the code, the only place where it checks if a bridge exists
is in src/network/bridge_driver.c:networkFindActiveConfigs(), and
it only bothers to check *that* if there's a config file in the
NETWORK_STATE_DIR (/var/lib/libvirt/network):

|   for (i = 0 ; i < driver->networks.count ; i++) {
|       virNetworkObjPtr obj = driver->networks.objs[i];
|       virNetworkDefPtr tmp;
|       char *config;
|       virNetworkObjLock(obj);
|       if ((config = virNetworkConfigFile(NULL,
|                                          NETWORK_STATE_DIR,
|                                          obj->def->name)) == NULL) {
|           virNetworkObjUnlock(obj);
|           continue;
|       }
|       if (access(config, R_OK) < 0) {
|           VIR_FREE(config);
|           virNetworkObjUnlock(obj);
|           continue;
|       }
|       /* Try and load the live config */
|       tmp = virNetworkDefParseFile(NULL, config);
|       VIR_FREE(config);
|       if (tmp) {
|           obj->newDef = obj->def;
|           obj->def = tmp;
|       }
|       /* If bridge exists, then mark it active */
|       if (obj->def->bridge &&
|           brHasBridge(driver->brctl, obj->def->bridge) == 0) {
|           obj->active = 1;

So, no, I don't see how this can possibly work without a config file,
and you only get a config file by creating the bridge through libvirt.

I wonder if any of the Dans can tell us what's going on? (It's not
surprising I can't figure it out. My first name is wrong. ;) )

More information about the libvir-list mailing list