On Thu, 2011-02-03 at 21:04 +0000, Serge Hallyn wrote:
> (If it did in fact fail, then I'll revert the offending patch
> http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fd5b15ff1a2ec37e75609c091522ae1e2c74c811
> as per http://bugs.gentoo.org/334921.
Please take note that the fix that I supplied does nothing about
addressing this issue because it should not be an issue.
First of all, the fix I supplied only deals with error:
libvirtError: internal error '/sbin/iptables --table filter --delete
INPUT --in-interface virbr0 --protocol udp --destination-port 69 --jump
ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule
(does a matching rule exist in that chain?).
This other error that Alle is getting:
error: internal error '/sbin/iptables --table mangle --delete POSTROUTING
--out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM
--checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.4:
unknown option `--checksum-fill'
Try `iptables -h' or 'iptables --help' for more information.
is not an actual error condition in the libvrit (0.8.3-1ubuntu14) that I
am looking at. The only code that I can find that tries to add a
checksum rule for port 68 is in networkAddIptablesRules() in the file
src/network/bridge_driver.c:
if ((network->def->ipAddress || network->def->nranges) &&
(iptablesAddOutputFixUdpChecksum(driver->iptables,
network->def->bridge, 68) != 0)) {
VIR_WARN("Could not add rule to fixup DHCP response checksums "
"on network '%s'.", network->def->name);
VIR_WARN0("May need to update iptables package & kernel to support
CHECKSUM rule.");
}
Note that failure of iptablesAddOutputFixUdpChecksum() only emits
warnings.
The actual error string that Alle is seeing comes from virRunWithHook()
which is called to through the following sequence of functions:
iptablesAddOutputFixUdpChecksum
iptablesOutputFixUdpChecksum
iptablesAddRemoveRule
virRun
virRunWithHook
which propagates an error back up the stack to networkAddIptablesRules()
but per the above code snippet, the error is discarded and a couple of
warning messages have been printed.
At this point, seeing as there are two different issues in this one
ticket, I would suggest that Alle open a new ticket covering the second
issue.
I suspect that Alle's network is failing to come up for a reason other
than the message he is seeing and the message that he sees just happens
to be the last message printed. I have been fooled by libvirt's lack of
printing error messages and misunderstanding that the last message it
did print is not in fact what was causing the failure.
I would suggest that Alle runs libvirtd in the foreground with some
debug/verbosity perhaps to get to the real root of his problem.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
https://bugs.launchpad.net/bugs/668043
Title:
libvirt default network doesn't start, iptables errors, bad rules
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
