[libvirt] bug: network lock-out

Laine Stump laine at laine.org
Tue Oct 5 20:52:42 UTC 2010


  On 10/05/2010 03:44 PM, Jiri Denemark wrote:
>> 21:31:09.298: error : virRunWithHook:857 : internal error
>> '/usr/sbin/iptables --table mangle --insert POSTROUTING --out-interface
>> virbr0 --protocol udp --destination-port 68 --jump CHECKSUM
>> --checksum-fill' exited with non-zero status 2 and signal 0: iptables
>> v1.4.7: unknown option `--checksum-fill'
>> Try `iptables -h' or 'iptables --help' for more information.
> This is harmless and ignored by libvirt. If DHCP still works in your guests,
> you don't need worry about this feature. The warning below tries to suggest
> the error was ignored...

Correct. The reason for this is that the only way to determine whether 
or not iptables supports the new CHECKSUM target is to try the command 
and see if it fails. Since the CHECKSUM target is in upstream iptables, 
it will eventually be in all distro-specific versions, so the 
less-than-elegant warning was deemed sufficient.

This particular rule is required to support guests that use the 
vhost-net module (ie kernel-based rather than userspace-based) for 
virtio network interfaces. Whether or not that will be needed depends on 
guest config, which can't be known at the time that the virtual networks 
are started, so we must always try to add it, then fail "semi-silently" 
(we continue, but first complain a little).

>> 21:31:09.299: warning : networkAddIptablesRules:873 : Could not add rule
>> to fixup DHCP response checksums on network 'default'.
>> 21:31:09.299: warning : networkAddIptablesRules:874 : May need to update
>> iptables package&  kernel to support CHECKSUM rule.
>> 21:31:09.301: error : virRunWithHook:857 : internal error
>> '/usr/sbin/dnsmasq --strict-order --bind-interfaces
>> --pid-file=/var/run/libvirt/network/default.pid --conf-file=
>> --listen-address 10.117.9.1 --except-interface lo' exited with non-zero
>> status 1 and signal 0: libvir: error : cannot execute binary
>> /usr/sbin/dnsmasq: No such file or directory
> This is the really important error for you; /usr/sbin/dnsmasq could not be
> found.

That location comes from config.h, so it's determined at configure time. 
Apparently it found /usr/sbin/dnsmasq at configure time. Did you build 
on a different machine from where you're running (and maybe this new 
machine doesn't have dnsmasq installed? It should be in the 
prerequisites for your libvirt package to ensure that it's always 
installed when libvirt is installed).




More information about the libvir-list mailing list