Control: reassign -1 src:libvirt Control: retitle -1 libvirt: Should use nftables for IP masquerading to work with PREEMPT_RT Control: severity -1 minor
On Mon, 2026-03-16 at 22:04 +0100, Mariusz Gronczewski wrote: > On Mon, 16 Mar 2026 at 18:37, Ben Hutchings <[email protected]> wrote: > > > > Control: tag -1 upstream wontfix > > > > On Mon, 2026-03-16 at 17:20 +0100, Mariusz Gronczewski wrote: > > > Package: linux-image-rt-amd64 > > > Version: 6.19.6-2 > > > Severity: important > > > X-Debbugs-Cc: [email protected] > > > User: [email protected] > > > Usertags: amd64 > > > > > > -rt packages seem to be missing this module > > > > > > /lib/modules/6.18.15+deb14-amd64/kernel/net/netfilter/nft_masq.ko.xz > > > /lib/modules/6.18.15+deb14-amd64/kernel/net/netfilter/xt_MASQUERADE.ko.xz > > > /lib/modules/6.18.15+deb14-rt-amd64/kernel/net/netfilter/nft_masq.ko.xz > > > /lib/modules/6.19.6+deb14+1-amd64/kernel/net/netfilter/nft_masq.ko.xz > > > /lib/modules/6.19.6+deb14+1-amd64/kernel/net/netfilter/xt_MASQUERADE.ko.xz > > > /lib/modules/6.19.6+deb14+1-rt-amd64/kernel/net/netfilter/nft_masq.ko.xz > > > > > > while it's present in non-rt builds > > > > > > That causes libvirt's default network (which uses this module and > > > iptables for > > > NATing) to not start > > [...] > > > > This is intentionally disabled upstream because xtables isn't compatible > > with PREEMPT_RT. > > Oh, I didn't know, I used it since 6.12 and just noticed that in newer > ones it's unavailable and it breaks default libvirt network > > Should I report it to libvirt package ? With current setup of both, > switching to RT without changing libvirt config will just make default > network stop working I'm reassigning this to libvirt. No need to open another report. Ben. -- Ben Hutchings Anthony's Law of Force: Don't force it, get a larger hammer.
signature.asc
Description: This is a digitally signed message part
