Bug 598380

Summary:	iptables: Unknown error 18446744073709551615
Product:	Red Hat Enterprise Linux 5	Reporter:	anna.fischer
Component:	iptables	Assignee:	Thomas Woerner <twoerner>
Status:	CLOSED WONTFIX	QA Contact:	qe-baseos-daemons
Severity:	medium	Docs Contact:
Priority:	low
Version:	5.5	CC:	anna.fischer, berrange, jpriddy, twoerner, virt-maint, xen-maint
Target Milestone:	rc
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2014-06-02 13:22:18 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description anna.fischer 2010-06-01 09:15:45 UTC

Description of problem:
When I try to create a new virtual machine and it needs to have a network connection configured, then virt-manager fails to create the VM because the network connection does not seem to be up and running. When it tries to activate the default network, it shows an error saying:

Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/host.py", line 262, in start_network
net.start()
File "/usr/share/virt-manager/virtManager/network.py", line 92, in start
self.net.create()
File "/usr/lib64/python2.4/site-packages/libvirt.py", line 612, in create
if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self)
libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument

I have tried to create a bridge named virbr0 manually, but then it fails saying 'virbr0' is already present on the system. I don't know why exactly it fails to create the bridge in the first place. libvirtd is configured under /etc/init.d and starts on boot. I don't know however why the networking side does not work and why the bridge does not seem to be created.

Version-Release number of selected component (if applicable):
virt-manager 0.6.1

How reproducible:
This happens every time I try to create a VM with virt-manager. This is a fresh RHEL 5.5 installation, and it has never worked.

Steps to Reproduce:
1. try create VM with virt-manager
2. configure networking of VM as 'virtual networking' and attach to default network
3. try starting up default network

Actual results:

virt-manager shows error saying

Expected results:

virt-manager should start up virtual networking and new VM.

Additional info:

Comment 1 Cole Robinson 2010-06-01 17:10:27 UTC

Can you reproduce the issue by running the following command as root:

virsh net-start default

Then provide the output of cat /var/log/messages | grep libvirt

Comment 2 Daniel Berrangé 2010-06-02 10:27:14 UTC

> libvirtError: failed to add iptables rule to allow forwarding to 'virbr0':
Invalid argument

This error message usually means that the kernel has been unable to load the iptables modules for NAT. While I'd expect this if someone had done a custom kernel build & turned off lots of config options, this should never happen with a RHEL kernel.

Comment 3 anna.fischer 2010-06-02 13:07:34 UTC

(In reply to comment #2)
> > libvirtError: failed to add iptables rule to allow forwarding to 'virbr0':
> Invalid argument
> This error message usually means that the kernel has been unable to load the
> iptables modules for NAT. While I'd expect this if someone had done a custom
> kernel build & turned off lots of config options, this should never happen with
> a RHEL kernel.    

I have to check this on the system tomorrow to be 100% sure, but if I remember correctly then the iptables parts works (I also run firewalling every now and then, so I know iptables works on the kernel side), but the problem I thought was that it says 'invalid argument' because 'virbr0' does not exist on the system when it tries to insert the rules? There definitely is no 'virbr0' on my system created ever for some reason.

I do run a vanilla RHEL 5.5 kernel, I have not built a customized kernel for this system.

Comment 4 anna.fischer 2010-06-03 06:33:53 UTC

(In reply to comment #1)
> Can you reproduce the issue by running the following command as root:
> virsh net-start default
> Then provide the output of cat /var/log/messages | grep libvirt    

[root@dhcp-172-129 af]# virsh net-start default
error: Failed to start network default
error: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument

[root@dhcp-172-129 af]# brctl show
bridge name     bridge id               STP enabled     interfaces
[root@dhcp-172-129 af]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@dhcp-172-129 af]# cat /var/log/messages | grep libvirt
Jun  1 10:03:57 dhcp-172-129 libvirtd: 10:03:57.129: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615
Jun  1 10:03:57 dhcp-172-129 libvirtd: 10:03:57.129: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument
Jun  1 10:13:31 dhcp-172-129 libvirtd: 10:13:31.652: error : Domain not found: no domain with matching name 'd'
Jun  1 10:13:32 dhcp-172-129 libvirtd: 10:13:32.432: error : Domain not found: no domain with matching name 'd'
Jun  1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.088: error : invalid storage volume pointer in no storage vol with matching path
Jun  1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.090: error : invalid storage volume pointer in no storage vol with matching path
Jun  1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.091: error : invalid storage pool pointer in no storage vol with matching name
Jun  1 18:06:16 dhcp-172-129 libvirtd: 18:06:16.587: warning : Shutting down on signal 15
Jun  3 07:30:42 dhcp-172-129 libvirtd: 07:30:42.172: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615
Jun  3 07:30:42 dhcp-172-129 libvirtd: 07:30:42.172: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument
Jun  3 07:30:49 dhcp-172-129 libvirtd: 07:30:49.047: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615
Jun  3 07:30:49 dhcp-172-129 libvirtd: 07:30:49.047: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument
[root@dhcp-172-129 af]#

Comment 5 Cole Robinson 2010-06-03 13:46:46 UTC

Does running that iptables command by hand as root also error with 'iptables: Unknown error 18446744073709551615'?

/sbin/iptables --table filter --insert FORWARD --destination
192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state
ESTABLISHED,RELATED --jump ACCEPT

Comment 6 anna.fischer 2010-06-03 13:53:42 UTC

(In reply to comment #5)
> Does running that iptables command by hand as root also error with 'iptables:
> Unknown error 18446744073709551615'?
> /sbin/iptables --table filter --insert FORWARD --destination
> 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state
> ESTABLISHED,RELATED --jump ACCEPT    

Yes.

[root@dhcp-172-129 vnet2]# /sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
iptables: Unknown error 18446744073709551615
[root@dhcp-172-129 vnet2]#

Comment 7 Cole Robinson 2010-06-03 14:10:48 UTC

Thanks, reassigning to iptables.

Comment 8 John Priddy 2010-11-22 00:33:53 UTC

(In reply to comment #6)
> (In reply to comment #5)
> > Does running that iptables command by hand as root also error with 'iptables:
> > Unknown error 18446744073709551615'?
> > /sbin/iptables --table filter --insert FORWARD --destination
> > 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state
> > ESTABLISHED,RELATED --jump ACCEPT    
> 
> Yes.
> 
> [root@dhcp-172-129 vnet2]# /sbin/iptables --table filter --insert FORWARD
> --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state
> --state ESTABLISHED,RELATED --jump ACCEPT
> iptables: Unknown error 18446744073709551615
> [root@dhcp-172-129 vnet2]#

do you have dnsmasq set to run on boot?  if so disable it (chkconfig dnsmasq off) and let libvirt call it instead.

Comment 9 John Priddy 2010-11-22 00:35:45 UTC

also, forgot to mention -- to get it working sans reboot try killing dnsmasq then restart libvirt or rerun the net-start command.

Comment 10 Thomas Woerner 2010-11-22 10:57:03 UTC

Is there a related error message in /var/log/messages or dmesg output?

Comment 11 RHEL Program Management 2014-03-07 13:54:18 UTC

This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.

Comment 12 RHEL Program Management 2014-06-02 13:22:18 UTC

Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).

Comment 13 Red Hat Bugzilla 2023-09-14 01:21:23 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days