Hide Forgot
Description of problem: Discovered when testing/debugging the issue reported in bug 674356, if the dnsmasq server fails to start it happens with an incorrect failure message. Version-Release number of selected component (if applicable): 0.8.4 How reproducible: 100% Steps to Reproduce: See steps in bug 674356 Actual results: In virt-manager one gets the following error: Error creating virtual network: internal error '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr2 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.4: unknown option `--checksum-fill' Try `iptables -h' or 'iptables --help' for more information. Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/createnet.py", line 349, in finish self.conn.create_network(xml) File "/usr/share/virt-manager/virtManager/connection.py", line 755, in create_network net.create() File "/usr/lib/python2.6/dist-packages/libvirt.py", line 866, in create if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self) libvirtError: internal error '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr2 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.4: unknown option `--checksum-fill' Try `iptables -h' or 'iptables --help' for more information. Expected results: Should see a failure message logged by libvirtd reflecting the failure to start dnsmasq. The reported error is of course a red herring in that it's a non-fatal error. What is fatal though is the failure to start dnsmasq and that goes completely unreported.
Not sure how I previously hadn't seen this old bug, but it's really a non-bug now, since any modern Linux system will have an iptables new enough to support the --checksum-fill option, and even if not a WARN level message in the log will urge upgrading to a newer iptables that does support --checksum-fill. As for this error obscuring a different error relating to failure to start dnsmasq, I can't see how that would have happened, even back at 0.8.4, since a failure of this iptables command does not prevent an attempt to start dnsmasq, and an earlier error can never overwrite a later error (only vice-versa); apparently that was handled in a separate BZ that is long since closed.