RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 823765 - libvirt should raise an error when set network with special/invalid MAC address
Summary: libvirt should raise an error when set network with special/invalid MAC address
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.3
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Gunannan Ren
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-05-22 06:16 UTC by yanbing du
Modified: 2013-02-21 07:15 UTC (History)
10 users (show)

Fixed In Version: libvirt-0.10.0-0rc1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of: 817234
Environment:
Last Closed: 2013-02-21 07:15:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 0 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 21:18:26 UTC

Description yanbing du 2012-05-22 06:16:34 UTC 
+++ This bug was initially created as a clone of Bug #817234 +++

Description of Problem:
when set network with special/invalid MAC address, such as 'FF:FF:DD:DD:EE:EE', 'FF:FF:FF:FF:FF:FF' or '00:00:00:00:00'. virsh net-* command can work well, but the MAC address didn't take effect, and errors raised in libvirtd.log, so we hope libvirt can raise an error during edit/define the network, like:
error: XML error: Invalid multicast bridge mac address 'FF:FF:DD:DD:EE:EE' in network 'default'

Version-Release number of selected component:
libvirt-0.9.10-20.el6.x86_64

How reproducible:
Always

Step to Reproduce:
1. Edit the 'default' network with FF:FF:DD:DD:EE:EE mac address, then start it
# virsh net-start default
Network default started
# virsh net-dumpxml default
<network>
  <name>default</name>
  <uuid>8738a311-6441-4c1b-ac31-13f881044c7a</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='FF:FF:DD:DD:EE:EE'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
    </dhcp>
  </ip>
</network>
# ifconfig|grep HWaddr|grep virbr0
virbr0    Link encap:Ethernet  HWaddr 32:DA:C9:FF:89:85 

and check the libvirtd log, 3 errors output:
#tail -f /var/log/libvirt/libvirtd.log 
012-05-11 05:10:22.044+0000: 12555: error : virCommandWait:2308 : internal error Child process (/sbin/tc qdisc del dev virbr0 root) status unexpected: exit status 2
2012-05-11 05:10:22.047+0000: 12555: error : virCommandWait:2308 : internal error Child process (/sbin/tc qdisc del dev virbr0 ingress) status unexpected: exit status 2
2012-05-11 05:10:50.603+0000: 12551: error : virNetDevSetMAC:170 : Cannot set interface MAC on 'virbr0-nic': Cannot assign requested address


Actual Results:
no virsh-edit can work well, no error output

Expected Results:
raise an error during edit/define the network via virsh

Additional info:
Comment 4 Gunannan Ren 2012-07-14 09:13:43 UTC 
upstream already fixed it

commit 0007237301586aa90f58a7cc8d7cb29a16b00470
Author: Laine Stump <laine>
Date:   Mon Mar 19 12:49:17 2012 -0400

    conf: forbid use of multicast mac addresses
    
    A few times libvirt users manually setting mac addresses have
    complained of a networking failure that ends up being due to a multicast
    mac address being used for a guest interface. This patch prevents that
    by logging an error and failing if a multicast mac address is
    encountered in each of the three following cases:
    
    1) domain xml <interface> mac address.
    2) network xml bridge mac address.
    3) network xml dhcp/host mac address.
    
    There are several other places where a mac address can be input that
    aren't controlled in this manner because failure to do so has no
    consequences (e.g., if the address will be used to search through
    existing interfaces for a match).
    
    The RNG has been updated to add multiMacAddr and uniMacAddr along with
    the existing macAddr, and macAddr was switched to uniMacAddr where
    appropriate.
Comment 6 zhpeng 2012-07-24 06:11:38 UTC 
Test with libvirt-0.9.13-3.el6

now multicast mac addressed are forbidden. Both in domain xml/network xml

error will like:
virsh # edit ccc
error: XML error: expected unicast mac address, found multicast 'FF:FF:FF:FF:FF:FF'
Failed. Try again? [y,n,f,?]:
virsh # net-edit default
error: XML error: Invalid multicast bridge mac address 'FF:FF:DD:DD:EE:EE' in network 'default'
Failed. Try again? [y,n,f,?]:

These are expect.But i found still have problem when use mac "00:00:00:00:00:00"

# virsh net-start default
Network default started

# virsh net-list 
Name                 State      Autostart
-----------------------------------------
default              active     yes    

# virsh net-dumpxml default
<network>
...
  <mac address='00:00:00:00:00:00'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254' />
      <host mac='00:00:00:00:00:00' name='foo.example.com' ip='192.168.122.10' />
...
</network>

#tail /var/log/libvirt/libvirtd.log
2012-07-24 06:05:14.998+0000: 2553: error : virNetDevSetMAC:170 : Cannot set interface MAC on 'virbr0-nic': Cannot assign requested address
Comment 7 Gunannan Ren 2012-07-25 08:45:34 UTC 
The special address of all zeros '00:00:00:00:00:00' is reserved for nodes that currently have no configured MAC address. It is valid mac address.

I think we should permit the setting of all zero mac address in xml, but when we
activate it , libvirt should report error like

# virsh net-start zeromac-network
error: Failed to start network zeromac-network
error: Cannot set interface MAC on 'virbr1-nic': Cannot assign requested address

The reason that libvirt doesn't report error and stop like above is an error of return value, I will post a patch for it.

virNetDevTapCreateInBridgePort() should return -1 on error rather than errno.
Comment 8 Gunannan Ren 2012-07-25 08:59:26 UTC 
patch sent upstream
https://www.redhat.com/archives/libvir-list/2012-July/msg01380.html
Comment 9 zhpeng 2012-08-01 08:43:13 UTC 
According to comment6-8 change status to ASSIGNED.
Comment 10 Gunannan Ren 2012-08-02 03:14:11 UTC 
commit 72e59a3b745ed5ab493d5c11f7c54f8c62a19eb5
Author: Guannan Ren <gren>
Date:   Wed Jul 25 17:43:18 2012 +0800

    util: Fix typoes on return value and comments
    
    virNetDevTapCreateInBridgePort: Fix return value to -1
    virNetDevTapCreate: Fix comments
Comment 11 yanbing du 2012-08-23 08:01:23 UTC 
Test with libvirt-0.10.0-0rc1.el6.x86_64, and it verified.
According comment 6 and comment 7, when edit the start network and set MAC to all zeros '00:00:00:00:00:00', it will succeed. But when start it, libvirt will report an error.
# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              active     yes       
zero-mac             active     no    
# virsh net-dumpxml zero-mac
<network>
......
  <mac address='52:54:00:ED:7D:B0'/>
......
</network>
set mac address to '00:00:00:00:00:00'
#virsh net-edit zero-mac 
Network zero-mac XML configuration edited.
# virsh net-destroy zero-mac
Network zero-mac destroyed

# virsh net-dumpxml zero-mac
<network>
......
  <mac address='00:00:00:00:00:00'/>
......
  </ip>
</network>

# virsh net-start zero-mac
error: Failed to start network zero-mac
error: Cannot set interface MAC on 'virbr1-nic': Cannot assign requested address
Comment 13 Min Zhan 2012-08-24 08:14:55 UTC 
Move it to VERIFIED per Comment 11.
Comment 14 errata-xmlrpc 2013-02-21 07:15:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html
Note You need to log in before you can comment on or make changes to this bug.