Bug 1184736

Summary: libvirt should verify proper address family of <host> when updating network
Product: Red Hat Enterprise Linux 7 Reporter: Hu Jianwei <jiahu>
Component: libvirtAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dyuan, honzhang, laine, mzhan, rbalakri, shyu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: libvirt-1.2.17-5.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-19 06:08:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Hu Jianwei 2015-01-22 07:36:48 UTC
Description of problem:
libvirt should verify proper address family of <host> when updating network

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
[root@ibm-x3850x5-06 ~]# cat ip-dhcp-host.xml 
<host mac='52:54:00:cb:17:00' name='jiahu.example.com' ip=''/>

[root@ibm-x3850x5-06 ~]# cat ipv6-dhcp-host.xml
<host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e' name="redhatipv6.redhat.com" ip='2001:db8:ca2:2::119'/>

[root@ibm-x3850x5-06 ~]# virsh net-update default add-first ip-dhcp-host ipv6-dhcp-host.xml --parent-index 0
Updated network default live state
[root@ibm-x3850x5-06 ~]# virsh net-dumpxml default
  <forward mode='nat'>
      <port start='1024' end='65535'/>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:42:e5:99'/>
  <domain name='example.com'/>
    <forwarder addr=''/>
    <forwarder addr=''/>
    <txt name='hjw' value='redhat jiahu'/>
  <ip address='' netmask=''>
      <range start='' end=''/>
      <host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e' name='redhatipv6.redhat.com' ip='2001:db8:ca2:2::119'/>
  <ip family='ipv6' address='2001:db8:ca2:2::1' prefix='64'>
      <range start='2001:db8:ca2:2::100' end='2001:db8:ca2:2::1ff'/>

Actual results:
As shown above steps.

Expected results:
Should prevent such behavior.

Additional info:
[root@ibm-x3850x5-06 ~]# virsh net-update default delete ip-dhcp-host ip-dhcp-host.xml --parent-index 1
error: Failed to update network default
error: XML error: Invalid to specify MAC address '52:54:00:cb:17:00' in network 'default' IPv6 static host definition

Laine has sent a candidate patch to upstream.

Comment 3 Laine Stump 2015-08-10 06:40:26 UTC
This patch was pushed upstream:

commit 6a21bc119e37bafcbe5cfd13e57080d651296b43
Author: Laine Stump <laine>
Date:   Mon Jan 19 17:04:01 2015 -0500

    network: verify proper address family in updates to <host> and <range>

Comment 6 Shanzhi Yu 2015-09-06 10:06:49 UTC
Verify this bug with libvirt-1.2.17-7.el7.x86_64 

1. Prepare a network 
# virsh net-dumpxml default6 
  <forward mode='nat'>
      <port start='1024' end='65535'/>
  <bridge name='virbr1' stp='on' delay='0'/>
  <mac address='52:54:00:2d:3a:21'/>
  <ip address='' netmask=''>
      <range start='' end=''/>
  <ip family='ipv6' address='2001:db8:ca2:2::1' prefix='64'>
      <range start='2001:db8:ca2:2:1::10' end='2001:db8:ca2:2:1::ff'/>

2. Prepare a xml file 
# cat ipv6-host.xml 
<host id='00:04:58:fd:e4:15:1b:09:4c:0e:09:af:e4:d3:8c:b8:ca:1e' name="redhatipv6.redhat.com" ip='2001:db8:ca2:2::119'/>

3. Update network 

#virsh net-update default6  add-first ip-dhcp-host  ipv6-host.xml --parent-index 0 
error: Failed to update network default6
error: Requested operation is not valid: the address family of a host entry IP must match the address family of the dhcp element's parent

So this bug can be verified.

Comment 8 errata-xmlrpc 2015-11-19 06:08:34 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.