Bug 823765

Summary: libvirt should raise an error when set network with special/invalid MAC address
Product: Red Hat Enterprise Linux 6 Reporter: yanbing du <ydu>
Component: libvirtAssignee: Gunannan Ren <gren>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.3CC: acathrow, ajia, dallan, dyasny, dyuan, mzhan, rwu, veillard, ydu, zhpeng
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-0.10.0-0rc1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 817234 Environment:
Last Closed: 2013-02-21 07:15:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description yanbing du 2012-05-22 06:16:34 UTC 
+++ This bug was initially created as a clone of Bug #817234 +++

Description of Problem:
when set network with special/invalid MAC address, such as 'FF:FF:DD:DD:EE:EE', 'FF:FF:FF:FF:FF:FF' or '00:00:00:00:00'. virsh net-* command can work well, but the MAC address didn't take effect, and errors raised in libvirtd.log, so we hope libvirt can raise an error during edit/define the network, like:
error: XML error: Invalid multicast bridge mac address 'FF:FF:DD:DD:EE:EE' in network 'default'

Version-Release number of selected component:
libvirt-0.9.10-20.el6.x86_64

How reproducible:
Always

Step to Reproduce:
1. Edit the 'default' network with FF:FF:DD:DD:EE:EE mac address, then start it
# virsh net-start default
Network default started
# virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>8738a311-6441-4c1b-ac31-13f881044c7a</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='FF:FF:DD:DD:EE:EE'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
    </dhcp>
  </ip>
</network>
# ifconfig|grep HWaddr|grep virbr0
virbr0    Link encap:Ethernet  HWaddr 32:DA:C9:FF:89:85 

and check the libvirtd log, 3 errors output:
#tail -f /var/log/libvirt/libvirtd.log 
012-05-11 05:10:22.044+0000: 12555: error : virCommandWait:2308 : internal error Child process (/sbin/tc qdisc del dev virbr0 root) status unexpected: exit status 2
2012-05-11 05:10:22.047+0000: 12555: error : virCommandWait:2308 : internal error Child process (/sbin/tc qdisc del dev virbr0 ingress) status unexpected: exit status 2
2012-05-11 05:10:50.603+0000: 12551: error : virNetDevSetMAC:170 : Cannot set interface MAC on 'virbr0-nic': Cannot assign requested address


Actual Results:
no virsh-edit can work well, no error output

Expected Results:
raise an error during edit/define the network via virsh

Additional info:
Comment 4 Gunannan Ren 2012-07-14 09:13:43 UTC 
upstream already fixed it

commit 0007237301586aa90f58a7cc8d7cb29a16b00470
Author: Laine Stump <laine>
Date:   Mon Mar 19 12:49:17 2012 -0400

    conf: forbid use of multicast mac addresses
    
    A few times libvirt users manually setting mac addresses have
    complained of a networking failure that ends up being due to a multicast
    mac address being used for a guest interface. This patch prevents that
    by logging an error and failing if a multicast mac address is
    encountered in each of the three following cases:
    
    1) domain xml <interface> mac address.
    2) network xml bridge mac address.
    3) network xml dhcp/host mac address.
    
    There are several other places where a mac address can be input that
    aren't controlled in this manner because failure to do so has no
    consequences (e.g., if the address will be used to search through
    existing interfaces for a match).
    
    The RNG has been updated to add multiMacAddr and uniMacAddr along with
    the existing macAddr, and macAddr was switched to uniMacAddr where
    appropriate.
Comment 6 zhpeng 2012-07-24 06:11:38 UTC 
Test with libvirt-0.9.13-3.el6

now multicast mac addressed are forbidden. Both in domain xml/network xml

error will like:
virsh # edit ccc
error: XML error: expected unicast mac address, found multicast 'FF:FF:FF:FF:FF:FF'
Failed. Try again? [y,n,f,?]:
virsh # net-edit default
error: XML error: Invalid multicast bridge mac address 'FF:FF:DD:DD:EE:EE' in network 'default'
Failed. Try again? [y,n,f,?]:

These are expect.But i found still have problem when use mac "00:00:00:00:00:00"

# virsh net-start default
Network default started

# virsh net-list 
Name                 State      Autostart
-----------------------------------------
default              active     yes    

# virsh net-dumpxml default
<network>
...
  <mac address='00:00:00:00:00:00'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
      <host mac='00:00:00:00:00:00' name='foo.example.com' ip='192.168.122.10' />
...
</network>

#tail /var/log/libvirt/libvirtd.log
2012-07-24 06:05:14.998+0000: 2553: error : virNetDevSetMAC:170 : Cannot set interface MAC on 'virbr0-nic': Cannot assign requested address
Comment 7 Gunannan Ren 2012-07-25 08:45:34 UTC 
The special address of all zeros '00:00:00:00:00:00' is reserved for nodes that currently have no configured MAC address. It is valid mac address.

I think we should permit the setting of all zero mac address in xml, but when we
activate it , libvirt should report error like

# virsh net-start zeromac-network
error: Failed to start network zeromac-network
error: Cannot set interface MAC on 'virbr1-nic': Cannot assign requested address

The reason that libvirt doesn't report error and stop like above is an error of return value, I will post a patch for it.

virNetDevTapCreateInBridgePort() should return -1 on error rather than errno.
Comment 8 Gunannan Ren 2012-07-25 08:59:26 UTC 
patch sent upstream
https://www.redhat.com/archives/libvir-list/2012-July/msg01380.html
Comment 9 zhpeng 2012-08-01 08:43:13 UTC 
According to comment6-8 change status to ASSIGNED.
Comment 10 Gunannan Ren 2012-08-02 03:14:11 UTC 
commit 72e59a3b745ed5ab493d5c11f7c54f8c62a19eb5
Author: Guannan Ren <gren>
Date:   Wed Jul 25 17:43:18 2012 +0800

    util: Fix typoes on return value and comments
    
    virNetDevTapCreateInBridgePort: Fix return value to -1
    virNetDevTapCreate: Fix comments
Comment 11 yanbing du 2012-08-23 08:01:23 UTC 
Test with libvirt-0.10.0-0rc1.el6.x86_64, and it verified.
According comment 6 and comment 7, when edit the start network and set MAC to all zeros '00:00:00:00:00:00', it will succeed. But when start it, libvirt will report an error.
# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              active     yes       
zero-mac             active     no    
# virsh net-dumpxml zero-mac
<network>
......
  <mac address='52:54:00:ED:7D:B0'/>
......
</network>
set mac address to '00:00:00:00:00:00'
#virsh net-edit zero-mac 
Network zero-mac XML configuration edited.
# virsh net-destroy zero-mac
Network zero-mac destroyed

# virsh net-dumpxml zero-mac
<network>
......
  <mac address='00:00:00:00:00:00'/>
......
  </ip>
</network>

# virsh net-start zero-mac
error: Failed to start network zero-mac
error: Cannot set interface MAC on 'virbr1-nic': Cannot assign requested address
Comment 13 Min Zhan 2012-08-24 08:14:55 UTC 
Move it to VERIFIED per Comment 11.
Comment 14 errata-xmlrpc 2013-02-21 07:15:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html