Debian Bug report logs - #592177
libvirt-bin: starting a network generates iptables errors after daemon restart

version graph

Package: libvirt-bin; Maintainer for libvirt-bin is Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>; Source for libvirt-bin is src:libvirt.

Reported by: Achim Schaefer <achim_schaefer@gmx.de>

Date: Sun, 8 Aug 2010 00:39:02 UTC

Severity: important

Merged with 607897, 615907, 626166

Found in versions libvirt/0.8.3-1, libvirt/0.8.2-1, libvirt/0.9.2-7

Fixed in version libvirt/0.9.4~rc1-1

Done: Guido Günther <agx@sigxcpu.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, achim_schaefer@gmx.de, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Sun, 08 Aug 2010 00:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Achim Schaefer <achim_schaefer@gmx.de>:
New Bug report received and forwarded. Copy sent to achim_schaefer@gmx.de, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Sun, 08 Aug 2010 00:39:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Achim Schaefer <achim_schaefer@gmx.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libvirt-bin: starting a network generates iptables errros
Date: Sun, 08 Aug 2010 02:37:07 +0200
Package: libvirt-bin
Version: 0.8.2-1
Severity: important

Hi,

whenever I try to start a network I get this:
virsh # net-start default
error: Failed to start network default
error: internal error '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule (does a matching rule exist in that chain?).

The xml is:
virsh # net-dumpxml default
<network>
  <name>default</name>
  <uuid>e476de92-b114-a4b5-ffa1-7b8026db4f74</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
    </dhcp>
  </ip>
</network>

virsh # 

Thanks

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (800, 'testing'), (500, 'experimental'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.34-1-686 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libvirt-bin depends on:
ii  adduser                 3.112            add and remove users and groups
ii  libavahi-client3        0.6.27-1         Avahi client library
ii  libavahi-common3        0.6.27-1         Avahi common library
ii  libblkid1               2.17.2-3.1       block device id library
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
ii  libcap-ng0              0.6.4-1          An alternate posix capabilities li
ii  libdevmapper1.02.1      2:1.02.48-2      The Linux Kernel Device Mapper use
ii  libgcrypt11             1.4.5-2          LGPL Crypto library - runtime libr
ii  libgnutls26             2.8.6-1          the GNU TLS library - runtime libr
ii  libnl1                  1.1-5            library for dealing with netlink s
ii  libparted0debian1       2.3-1            The GNU Parted disk partitioning s
ii  libpciaccess0           0.12.0-1         Generic PCI access library for X
ii  libreadline6            6.1-3            GNU readline and history libraries
ii  libsasl2-2              2.1.23.dfsg1-5.1 Cyrus SASL - authentication abstra
ii  libudev0                160-1            libudev shared library
ii  libuuid1                2.17.2-3.1       Universally Unique ID library
ii  libvirt0                0.8.2-1          library for interfacing with diffe
ii  libxenstore3.0          4.0.1~rc5-1      Xenstore communications library fo
ii  libxml2                 2.7.7.dfsg-4     GNOME XML library
ii  logrotate               3.7.8-6          Log rotation utility

Versions of packages libvirt-bin recommends:
ii  bridge-utils               1.4-5         Utilities for configuring the Linu
ii  dnsmasq-base               2.55-1        A small caching DNS proxy and DHCP
ii  iptables                   1.4.8-3       administration tools for packet fi
ii  libxml2-utils              2.7.7.dfsg-4  XML utilities
ii  netcat-openbsd             1.89-4        TCP/IP swiss army knife
ii  qemu                       0.12.5+dfsg-1 fast processor emulator
ii  qemu-kvm                   0.12.4+dfsg-1 Full virtualization on x86 hardwar

Versions of packages libvirt-bin suggests:
ii  policykit-1                   0.96-2     framework for managing administrat

-- Configuration Files:
/etc/libvirt/libvirtd.conf changed:
unix_sock_group = "libvirt"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"


-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Sun, 08 Aug 2010 12:15:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Achim Schaefer <achim_schaefer@gmx.de>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Sun, 08 Aug 2010 12:15:06 GMT) Full text and rfc822 format available.

Message #10 received at 592177@bugs.debian.org (full text, mbox):

From: Achim Schaefer <achim_schaefer@gmx.de>
To: 592177@bugs.debian.org
Subject: same issue with 0,8,3
Date: Sun, 8 Aug 2010 14:12:01 +0200
Hi,

 the same happens with 0,8,3

AChim




Information forwarded to debian-bugs-dist@lists.debian.org, achim_schaefer@gmx.de, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Sun, 08 Aug 2010 12:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Achim Schaefer <achim_schaefer@gmx.de>:
Extra info received and forwarded to list. Copy sent to achim_schaefer@gmx.de, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Sun, 08 Aug 2010 12:18:04 GMT) Full text and rfc822 format available.

Message #15 received at 592177@bugs.debian.org (full text, mbox):

From: Achim Schaefer <achim_schaefer@gmx.de>
To: Debian Bug Tracking System <592177@bugs.debian.org>
Subject: libvirt-bin: Only if dnsmasq pacakge is installed
Date: Sun, 08 Aug 2010 14:15:44 +0200
Package: libvirt-bin
Version: 0.8.3-1
Severity: normal

Hi,

I just deinstalled the dnsmask package, and :
It works again.

So it seems this message was the important part:
[ 2508.471869] virbr0: starting userspace STP failed, starting kernel STP
dnsmasq[29635]: konnte Empfangs-Socket nicht an 192.168.122.1 binden: Die Adresse wird bereits verwendet
dnsmasq[29635]: Start fehlgeschlagen
libvirtd: error : virRunWithHook:857 : internal error 'dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file=  --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253' exited with non-zero status 2 and signal 0: #012dnsmasq: konnte Empfangs-Socket nicht an 192.168.122.1 binden: Die Adresse wird bereits verwendet#012


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (800, 'unstable'), (800, 'testing'), (500, 'experimental'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.34-1-686 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libvirt-bin depends on:
ii  adduser                 3.112            add and remove users and groups
ii  libavahi-client3        0.6.27-1         Avahi client library
ii  libavahi-common3        0.6.27-1         Avahi common library
ii  libblkid1               2.17.2-3.1       block device id library
ii  libc6                   2.11.2-2         Embedded GNU C Library: Shared lib
ii  libcap-ng0              0.6.4-1          An alternate posix capabilities li
ii  libdevmapper1.02.1      2:1.02.48-2      The Linux Kernel Device Mapper use
ii  libgcrypt11             1.4.5-2          LGPL Crypto library - runtime libr
ii  libgnutls26             2.8.6-1          the GNU TLS library - runtime libr
ii  libnl1                  1.1-5            library for dealing with netlink s
ii  libparted0debian1       2.3-1            The GNU Parted disk partitioning s
ii  libpciaccess0           0.12.0-1         Generic PCI access library for X
ii  libreadline6            6.1-3            GNU readline and history libraries
ii  libsasl2-2              2.1.23.dfsg1-5.1 Cyrus SASL - authentication abstra
ii  libudev0                160-1            libudev shared library
ii  libuuid1                2.17.2-3.1       Universally Unique ID library
ii  libvirt0                0.8.3-1          library for interfacing with diffe
ii  libxenstore3.0          4.0.1~rc5-1      Xenstore communications library fo
ii  libxml2                 2.7.7.dfsg-4     GNOME XML library
ii  logrotate               3.7.8-6          Log rotation utility

Versions of packages libvirt-bin recommends:
ii  bridge-utils              1.4-5          Utilities for configuring the Linu
ii  dnsmasq-base              2.55-1         A small caching DNS proxy and DHCP
ii  gawk                      1:3.1.7.dfsg-5 GNU awk, a pattern scanning and pr
ii  iptables                  1.4.9-1        administration tools for packet fi
ii  libxml2-utils             2.7.7.dfsg-4   XML utilities
ii  netcat-openbsd            1.89-4         TCP/IP swiss army knife
ii  qemu                      0.12.5+dfsg-1  fast processor emulator
ii  qemu-kvm                  0.12.4+dfsg-1  Full virtualization on x86 hardwar

Versions of packages libvirt-bin suggests:
ii  policykit-1                   0.96-2     framework for managing administrat

-- Configuration Files:
/etc/libvirt/libvirtd.conf changed [not included]

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Tue, 24 Aug 2010 17:15:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to m-one m-one <monester@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Tue, 24 Aug 2010 17:15:08 GMT) Full text and rfc822 format available.

Message #20 received at 592177@bugs.debian.org (full text, mbox):

From: m-one m-one <monester@gmail.com>
To: 592177@bugs.debian.org
Date: Tue, 24 Aug 2010 21:14:22 +0400
[Message part 1 (text/plain, inline)]
I've the same BUG.
I resolved, that it's unable to start dnsmasq because it already running.
I've removed dnsmasq from autostart and it's begin work.
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Wed, 06 Oct 2010 17:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Wed, 06 Oct 2010 17:24:03 GMT) Full text and rfc822 format available.

Message #25 received at 592177@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Achim Schaefer <achim_schaefer@gmx.de>, 592177@bugs.debian.org
Subject: Re: Bug#592177: libvirt-bin: starting a network generates iptables errros
Date: Wed, 6 Oct 2010 19:20:58 +0200
On Sun, Aug 08, 2010 at 02:37:07AM +0200, Achim Schaefer wrote:
> Package: libvirt-bin
> Version: 0.8.2-1
> Severity: important
> 
> Hi,
> 
> whenever I try to start a network I get this:
> virsh # net-start default
> error: Failed to start network default
> error: internal error '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule (does a matching rule exist in that chain?).
> 
> The xml is:
> virsh # net-dumpxml default
> <network>
>   <name>default</name>
>   <uuid>e476de92-b114-a4b5-ffa1-7b8026db4f74</uuid>
>   <forward mode='nat'/>
>   <bridge name='virbr0' stp='on' delay='0' />
>   <ip address='192.168.122.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.122.2' end='192.168.122.254' />
>     </dhcp>
>   </ip>
> </network>
> 
> virsh # 
> 
> Thanks

I can reproduce this now. It only happens if you restart libvirt: 

virsh net-start default
/etc/init.d/libvirt-bin restart
virsh net-destroy default
virsh net-start default
# error: internal error '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule (does a matching rule exist in that chain?).
killall dnsmasq
# now works as expeced:
virsh net-start default
virsh net-destroy default
virsh net-start default

After the stop the dnsmasq processes are still around. If one kills them
manually starting and stopping networks works as expected until the next
daemon restart. Libvirt should notice the running dnsmasq process and
network setup (as it does with virtual machines).
Cheers,
 -- Guido




Changed Bug title to 'libvirt-bin: starting a network generates iptables errros after daemon restart' from 'libvirt-bin: starting a network generates iptables errros' Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Wed, 06 Oct 2010 17:30:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Wed, 06 Oct 2010 21:30:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Swierczek <mike.swierczek@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Wed, 06 Oct 2010 21:30:09 GMT) Full text and rfc822 format available.

Message #32 received at 592177@bugs.debian.org (full text, mbox):

From: Michael Swierczek <mike.swierczek@gmail.com>
To: 592177@bugs.debian.org
Subject: reproduce without dnsmasq
Date: Wed, 6 Oct 2010 17:27:37 -0400
I still get the same error message, and I never had dnsmasq installed.
  amd64, libvirt-bin 0.8.3-2

virsh net-start default
error: Failed to start network default
error: internal error '/sbin/iptables --table filter --delete INPUT
--in-interface virbr0 --protocol udp --destination-port 69 --jump
ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule
(does a matching rule exist in that chain?).

I installed dnsmasq, ran
killall dnsmasq
And then
virsh net-start default
virsh net-destroy default
virsh net-start default

All three commands worked properly.  Is that expected?   If I am
supplying known or useless information, I apologize for wasting your
time.
Thanks for being a Debian package maintainer.

-Mike




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>:
Bug#592177; Package libvirt-bin. (Thu, 07 Oct 2010 06:54:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Guido Günther <agx@sigxcpu.org>:
Extra info received and forwarded to list. Copy sent to Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>. (Thu, 07 Oct 2010 06:54:07 GMT) Full text and rfc822 format available.

Message #37 received at 592177@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: Michael Swierczek <mike.swierczek@gmail.com>, 592177@bugs.debian.org
Subject: Re: [Pkg-libvirt-maintainers] Bug#592177: reproduce without dnsmasq
Date: Thu, 7 Oct 2010 08:52:10 +0200
On Wed, Oct 06, 2010 at 05:27:37PM -0400, Michael Swierczek wrote:
> I still get the same error message, and I never had dnsmasq installed.
>   amd64, libvirt-bin 0.8.3-2
> 
> virsh net-start default
> error: Failed to start network default
> error: internal error '/sbin/iptables --table filter --delete INPUT
> --in-interface virbr0 --protocol udp --destination-port 69 --jump
> ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule
> (does a matching rule exist in that chain?).
> 
> I installed dnsmasq, ran
> killall dnsmasq
> And then
> virsh net-start default
> virsh net-destroy default
> virsh net-start default
> 
> All three commands worked properly.  Is that expected?   If I am
Yes. You do need dnsmasq-base installed. That's why it's recommended by
the libvirt-bin package. Without that one NAT networking won't work
properly (but all the rest does, that's why it's not a hard dependency).
Cheers,
 -- Guido

> supplying known or useless information, I apologize for wasting your
> time.






Forcibly Merged 592177 607897. Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Fri, 24 Dec 2010 09:00:09 GMT) Full text and rfc822 format available.

Message sent on to Achim Schaefer <achim_schaefer@gmx.de>:
Bug#592177. (Tue, 26 Jul 2011 14:45:08 GMT) Full text and rfc822 format available.

Message #42 received at 592177-submitter@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 592177-submitter@bugs.debian.org
Subject: Fixed with 0.9.4~rc1
Date: Tue, 26 Jul 2011 16:42:49 +0200
Hi,
this should be fixed with 0.9.4~rc1 in experimental. Would be great if
you could confirm this.
Cheers,
 -- Guido




Forcibly Merged 592177 607897 615907 626166. Request was from Guido Günther <agx@sigxcpu.org> to control@bugs.debian.org. (Sun, 07 Aug 2011 16:24:10 GMT) Full text and rfc822 format available.

Changed Bug title to 'libvirt-bin: starting a network generates iptables errors after daemon restart' from 'libvirt-bin: starting a network generates iptables errros after daemon restart' Request was from Olivier Berger <obergix@debian.org> to control@bugs.debian.org. (Thu, 25 Aug 2011 08:22:29 GMT) Full text and rfc822 format available.

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Thu, 10 Nov 2011 17:51:06 GMT) Full text and rfc822 format available.

Notification sent to Achim Schaefer <achim_schaefer@gmx.de>:
Bug acknowledged by developer. (Thu, 10 Nov 2011 17:51:06 GMT) Full text and rfc822 format available.

Message #51 received at 592177-done@bugs.debian.org (full text, mbox):

From: Guido Günther <agx@sigxcpu.org>
To: 592177-done@bugs.debian.org
Subject: Fixed in recent versions
Date: Thu, 10 Nov 2011 18:47:18 +0100
Version: 592177

Hi,
This is fixed in recent versions.
Cheers,
 -- Guido




Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Thu, 10 Nov 2011 17:51:07 GMT) Full text and rfc822 format available.

Notification sent to Daniel Kauffman <daniel.kauffman@rocksolidsolutions.org>:
Bug acknowledged by developer. (Thu, 10 Nov 2011 17:51:07 GMT) Full text and rfc822 format available.

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Thu, 10 Nov 2011 17:51:07 GMT) Full text and rfc822 format available.

Notification sent to Michael Goetze <mgoetze@mgoetze.net>:
Bug acknowledged by developer. (Thu, 10 Nov 2011 17:51:07 GMT) Full text and rfc822 format available.

Reply sent to Guido Günther <agx@sigxcpu.org>:
You have taken responsibility. (Thu, 10 Nov 2011 17:51:08 GMT) Full text and rfc822 format available.

Notification sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
Bug acknowledged by developer. (Thu, 10 Nov 2011 17:51:08 GMT) Full text and rfc822 format available.

No longer marked as fixed in versions 592177. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Fri, 12 Jul 2013 13:21:04 GMT) Full text and rfc822 format available.

Marked as fixed in versions libvirt/0.9.4~rc1-1. Request was from Laurent Bigonville <bigon@debian.org> to control@bugs.debian.org. (Fri, 12 Jul 2013 13:21:07 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 10 Aug 2013 07:25:51 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 19:07:22 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.