Bug 1038888

Summary: [Doc] 3 problems in nwfilter doc
Product: Red Hat Enterprise Linux 7 Reporter: Wayne Sun <gsun>
Component: libvirtAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: medium    
Version: 7.0CC: dyuan, laine, mzhan, rbalakri, yalzhang
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-1.3.4-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 18:07:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Wayne Sun 2013-12-06 03:47:24 UTC 
Description of problem:

check the nwfilter page
/usr/share/doc/libvirt-docs-1.1.1/html/formatnwfilter.html

1. Attribute dscp should be included in ip/tcp/tcp-ipv6/icmp/igmp/igmp-ipv6 protocol groups
2. Attribute vlan-id in vlan should be vlanid
3. explain igmp-ipv6 protocol behaviour, define igmp-ipv6 protocol rule will not take effect, seems this protocol should be covered in icmpv6, so maybe we can update doc for this.

Version-Release number of selected component (if applicable):
libvirt-docs-1.1.1-13.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. as description
2.
3.

Actual results:


Expected results:
fix

Additional info:
Comment 3 Hu Jianwei 2014-08-07 04:38:02 UTC 
For the first item, candidate patch on upstream.
http://www.redhat.com/archives/libvir-list/2014-August/msg00226.html

For the second item, it has been fixed in bug 1126721.
Comment 4 Hu Jianwei 2014-08-07 04:53:48 UTC 
For the last igmp-ipv6, AFAIK, MLDv2(rfc3810) is a translation of the IGMPv3 protocol [RFC3376] for IPv6 semantics. 

And I found nwfilter does not support it in libvirt by now. Will libvirt support MLD protocol in nwfilter in the future? If no, I suggest remove igmp-ipv6 from its docs. Thanks.
Comment 7 Laine Stump 2015-05-04 14:30:21 UTC 
The patch for item (1) in the list is upstream in this commit:

commit 08567572793454d25f1290f905ac1ce6ff60a9fe
Author: Jianwei Hu <jiahu>
Date:   Thu Aug 7 12:27:32 2014 +0800

    docs: nwfilter: add missing dscp attribute

As for the question in Comment 4, are you saying that "igmp-ipv6" results in an error, or that it is silently ignored?
Comment 8 Hu Jianwei 2015-05-05 05:43:06 UTC 
The "igmp-ipv6" will be ignored silently on the latest version, but it still was listed in related doc/guide.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6

Protocol ID: igmp-ipv6, esp-ipv6, ah-ipv6, udplite-ipv6, all-ipv6
Note: The chain parameter is ignored for this type of traffic and should either be omitted or set to root. 
                                             From libvirt.org
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[root@localhost ~]# rpm -q libvirt
libvirt-1.2.14-1.el7.x86_64

[root@localhost ~]# virsh nwfilter-dumpxml clean-traffic
...
  <rule action='accept' direction='out' priority='500'>
    <igmp/>
  </rule>
  <filterref filter='no-other-l2-traffic'/>
  <filterref filter='qemu-announce-self'/>
</filter>

Change the "igmp" to "igmp-ipv6"
[root@localhost ~]# virsh nwfilter-edit clean-traffic
Network filter clean-traffic XML configuration edited.

[root@localhost ~]# virsh nwfilter-dumpxml clean-traffic
...
  <rule action='accept' direction='out' priority='500'/>
  <filterref filter='no-other-l2-traffic'/>
  <filterref filter='qemu-announce-self'/>
</filter>

For example, I checked the related codes, found no igmp-ipv6 element in below function.
VIR_ENUM_IMPL(virNWFilterRuleProtocol, VIR_NWFILTER_RULE_PROTOCOL_LAST,
              "none",
              "mac",
              "vlan",
              "stp",
              "arp",
              "rarp",
              "ip",
              "ipv6",
              "tcp",
              "icmp",
              "igmp",
              "udp",
              "udplite",
              "esp",
              "ah",
              "sctp",
              "all",
              "tcp-ipv6",
              "icmpv6",
              "udp-ipv6",
              "udplite-ipv6",
              "esp-ipv6",
              "ah-ipv6",
              "sctp-ipv6",
              "all-ipv6");
Comment 11 Laine Stump 2016-04-21 18:40:51 UTC 
Okay, I've removed the reference to "igmp-ipv6" from formatnwfilter.html:

https://www.redhat.com/archives/libvir-list/2016-April/msg01526.html
Comment 12 Laine Stump 2016-04-25 14:42:18 UTC 
Pushed upstream:

commit 81f3839f876983ac68fa65730879a21def987921
Author: Laine Stump <laine>
Date:   Thu Apr 21 14:32:51 2016 -0400

    docs: remove reference to non-existent "igmp-ipv6" protocol
Comment 14 yalzhang@redhat.com 2016-05-05 08:03:42 UTC 
verified on libvirt-docs-1.3.4-1.el7.x86_64, all the results is as expected. Change the bug to verifed.

1. Attribute dscp should be included in ip/tcp/tcp-ipv6/icmp/igmp/igmp-ipv6 protocol groups-------------> the igmp-ipv6 removed

2. Attribute vlan-id in vlan should be vlanid ----------> OK

3. explain igmp-ipv6 protocol behaviour, define igmp-ipv6 protocol rule will not take effect, seems this protocol should be covered in icmpv6, so maybe we can update doc for this. ------> the igmp-ipv6 part removed

4. removed the reference to "igmp-ipv6" from formatnwfilter.html ------> OK
Comment 16 errata-xmlrpc 2016-11-03 18:07:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html