RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1038888 - [Doc] 3 problems in nwfilter doc
Summary: [Doc] 3 problems in nwfilter doc
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.0
Hardware: x86_64
OS: Linux
medium
low
Target Milestone: rc
: ---
Assignee: Laine Stump
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-06 03:47 UTC by Wayne Sun
Modified: 2016-11-03 18:07 UTC (History)
5 users (show)

Fixed In Version: libvirt-1.3.4-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 18:07:19 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2577 0 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2016-11-03 12:07:06 UTC

Description Wayne Sun 2013-12-06 03:47:24 UTC 
Description of problem:

check the nwfilter page
/usr/share/doc/libvirt-docs-1.1.1/html/formatnwfilter.html

1. Attribute dscp should be included in ip/tcp/tcp-ipv6/icmp/igmp/igmp-ipv6 protocol groups
2. Attribute vlan-id in vlan should be vlanid
3. explain igmp-ipv6 protocol behaviour, define igmp-ipv6 protocol rule will not take effect, seems this protocol should be covered in icmpv6, so maybe we can update doc for this.

Version-Release number of selected component (if applicable):
libvirt-docs-1.1.1-13.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. as description
2.
3.

Actual results:


Expected results:
fix

Additional info:
Comment 3 Hu Jianwei 2014-08-07 04:38:02 UTC 
For the first item, candidate patch on upstream.
http://www.redhat.com/archives/libvir-list/2014-August/msg00226.html

For the second item, it has been fixed in bug 1126721.
Comment 4 Hu Jianwei 2014-08-07 04:53:48 UTC 
For the last igmp-ipv6, AFAIK, MLDv2(rfc3810) is a translation of the IGMPv3 protocol [RFC3376] for IPv6 semantics. 

And I found nwfilter does not support it in libvirt by now. Will libvirt support MLD protocol in nwfilter in the future? If no, I suggest remove igmp-ipv6 from its docs. Thanks.
Comment 7 Laine Stump 2015-05-04 14:30:21 UTC 
The patch for item (1) in the list is upstream in this commit:

commit 08567572793454d25f1290f905ac1ce6ff60a9fe
Author: Jianwei Hu <jiahu>
Date:   Thu Aug 7 12:27:32 2014 +0800

    docs: nwfilter: add missing dscp attribute

As for the question in Comment 4, are you saying that "igmp-ipv6" results in an error, or that it is silently ignored?
Comment 8 Hu Jianwei 2015-05-05 05:43:06 UTC 
The "igmp-ipv6" will be ignored silently on the latest version, but it still was listed in related doc/guide.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 IGMP, ESP, AH, UDPLITE, 'ALL' over IPv6

Protocol ID: igmp-ipv6, esp-ipv6, ah-ipv6, udplite-ipv6, all-ipv6
Note: The chain parameter is ignored for this type of traffic and should either be omitted or set to root. 
                                             From libvirt.org
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[root@localhost ~]# rpm -q libvirt
libvirt-1.2.14-1.el7.x86_64

[root@localhost ~]# virsh nwfilter-dumpxml clean-traffic
...
  <rule action='accept' direction='out' priority='500'>
    <igmp/>
  </rule>
  <filterref filter='no-other-l2-traffic'/>
  <filterref filter='qemu-announce-self'/>
</filter>

Change the "igmp" to "igmp-ipv6"
[root@localhost ~]# virsh nwfilter-edit clean-traffic
Network filter clean-traffic XML configuration edited.

[root@localhost ~]# virsh nwfilter-dumpxml clean-traffic
...
  <rule action='accept' direction='out' priority='500'/>
  <filterref filter='no-other-l2-traffic'/>
  <filterref filter='qemu-announce-self'/>
</filter>

For example, I checked the related codes, found no igmp-ipv6 element in below function.
VIR_ENUM_IMPL(virNWFilterRuleProtocol, VIR_NWFILTER_RULE_PROTOCOL_LAST,
              "none",
              "mac",
              "vlan",
              "stp",
              "arp",
              "rarp",
              "ip",
              "ipv6",
              "tcp",
              "icmp",
              "igmp",
              "udp",
              "udplite",
              "esp",
              "ah",
              "sctp",
              "all",
              "tcp-ipv6",
              "icmpv6",
              "udp-ipv6",
              "udplite-ipv6",
              "esp-ipv6",
              "ah-ipv6",
              "sctp-ipv6",
              "all-ipv6");
Comment 11 Laine Stump 2016-04-21 18:40:51 UTC 
Okay, I've removed the reference to "igmp-ipv6" from formatnwfilter.html:

https://www.redhat.com/archives/libvir-list/2016-April/msg01526.html
Comment 12 Laine Stump 2016-04-25 14:42:18 UTC 
Pushed upstream:

commit 81f3839f876983ac68fa65730879a21def987921
Author: Laine Stump <laine>
Date:   Thu Apr 21 14:32:51 2016 -0400

    docs: remove reference to non-existent "igmp-ipv6" protocol
Comment 14 yalzhang@redhat.com 2016-05-05 08:03:42 UTC 
verified on libvirt-docs-1.3.4-1.el7.x86_64, all the results is as expected. Change the bug to verifed.

1. Attribute dscp should be included in ip/tcp/tcp-ipv6/icmp/igmp/igmp-ipv6 protocol groups-------------> the igmp-ipv6 removed

2. Attribute vlan-id in vlan should be vlanid ----------> OK

3. explain igmp-ipv6 protocol behaviour, define igmp-ipv6 protocol rule will not take effect, seems this protocol should be covered in icmpv6, so maybe we can update doc for this. ------> the igmp-ipv6 part removed

4. removed the reference to "igmp-ipv6" from formatnwfilter.html ------> OK
Comment 16 errata-xmlrpc 2016-11-03 18:07:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html
Note You need to log in before you can comment on or make changes to this bug.