[libvirt] bug: network lock-out
Zdenek Styblik
stybla at turnovfree.net
Tue Oct 5 19:33:36 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/05/10 21:23, Zdenek Styblik wrote:
> Hello,
>
> I'm sorry to report this, but network should start or stop regardless
> iptables status.
>
> virsh # net-start default
> error: Failed to start network default
> error: internal error '/usr/sbin/iptables --table filter --delete INPUT
> --in-interface virbr0 --protocol udp --destination-port 69 --jump
> ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule
> (does a matching rule exist in that chain?).
>
> Ok, so I'm going to create this rule to make you happy.
>
> virsh # net-start default
> error: Failed to start network default
> error: internal error '/usr/sbin/iptables --table mangle --delete
> POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68
> --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and
> signal 0: iptables v1.4.7: unknown option `--checksum-fill'
> Try `iptables -h' or 'iptables --help' for more information.
>
> And Oops, because I don't have CHECKSUM support. And to note, it's not
> even in kernel. Rely on such features is unfriendly and bellow belt :)
>
> Once again, I'm locked by hard-coded features :( That's why I "fight"
> against these.
>
> btw it's strange to me that libvirt is deleting rules that shouldn't be
> present since I want to start network, not to stop it.
>
> Let's dump all nwfilters and hope for miracle...and nothing. Same
> errors, although nwfilter rules are gone. What the ...? :|
>
> libvirt-0.8.4
>
> Regards,
> Zdenek
>
More info:
- ---SNIP---
21:31:09.298: error : virRunWithHook:857 : internal error
'/usr/sbin/iptables --table mangle --insert POSTROUTING --out-interface
virbr0 --protocol udp --destination-port 68 --jump CHECKSUM
- --checksum-fill' exited with non-zero status 2 and signal 0: iptables
v1.4.7: unknown option `--checksum-fill'
Try `iptables -h' or 'iptables --help' for more information.
21:31:09.299: warning : networkAddIptablesRules:873 : Could not add rule
to fixup DHCP response checksums on network 'default'.
21:31:09.299: warning : networkAddIptablesRules:874 : May need to update
iptables package & kernel to support CHECKSUM rule.
21:31:09.301: error : virRunWithHook:857 : internal error
'/usr/sbin/dnsmasq --strict-order --bind-interfaces
- --pid-file=/var/run/libvirt/network/default.pid --conf-file=
- --listen-address 10.117.9.1 --except-interface lo' exited with non-zero
status 1 and signal 0: libvir: error : cannot execute binary
/usr/sbin/dnsmasq: No such file or directory
21:31:09.305: error : virRunWithHook:857 : internal error
'/usr/sbin/iptables --table mangle --delete POSTROUTING --out-interface
virbr0 --protocol udp --destination-port 68 --jump CHECKSUM
- --checksum-fill' exited with non-zero status 2 and signal 0: iptables
v1.4.7: unknown option `--checksum-fill'
Try `iptables -h' or 'iptables --help' for more information.
21:31:09.343: error : virRunWithHook:857 : internal error
'/usr/sbin/iptables --table filter --delete INPUT --in-interface virbr0
- --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero
status 1 and signal 0: iptables: Bad rule (does a matching rule exist in
that chain?).
- ---SNIP---
Yes, the networking used to work and actually, who cares about failed
iptables anyway? That's not the reason for not bringing up iface :|
Have a better evening than I'm having! :)
Zdenek
- --
Zdenek Styblik
Net/Linux admin
OS TurnovFree.net
email: stybla at turnovfree.net
jabber: stybla at jabber.turnovfree.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkyrfY8ACgkQ8MreUbSH7il/HwCg0ssizKjxjOWF2tEnO8IViIm0
RCsAnjqbHLh4Ag/1M64/Jqy3HPexOqvB
=UZnf
-----END PGP SIGNATURE-----
More information about the libvir-list
mailing list