Bug 962874 - dnsmasq: failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket
dnsmasq: failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on no...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: dnsmasq (Show other bugs)
19
Unspecified Linux
unspecified Severity medium
: ---
: ---
Assigned To: Tomáš Hozza
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-14 12:27 EDT by Trever Adams
Modified: 2013-05-28 23:03 EDT (History)
14 users (show)

See Also:
Fixed In Version: dnsmasq-2.66-6.fc19
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-28 23:03:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Trever Adams 2013-05-14 12:27:48 EDT
Description of problem:
Using virt-manager, I could not start the virtual network.

virsh net-start NETWORk
error: internal error Child process (/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/TheNetwork.conf) unexpected exit status 2: 
dnsmasq: failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket

Version-Release number of selected component (if applicable):
dnsmasq-2.66-3.fc19.x86_64

How reproducible:
Always

Steps to Reproduce:
1.  In virt-manager, create vm and newtork (mine does have IPv6 addresses, so they were created manually)
2.  virsh net-start thenetwork
  
Actual results:
# net-start TheNetwork
error: Failed to start network TheNetwork
error: internal error Child process (/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/TheNetwork.conf) unexpected exit status 2: 
dnsmasq: failed to set SO_BINDTODEVICE on DHCP socket: Socket operation on non-socket


I needed to upgrade several machines to F19 to get various versions/programs/features. Things went south. I am not sure what happened other than it may be related to https://www.redhat.com/archives/enterprise-watch-list/2013-February/msg00021.html

I do not have any DHCP setup with my virtual domains. I do not even know why the thing starts dnsmasq.
Comment 1 Trever Adams 2013-05-14 12:45:06 EDT
<network>
  <name>TheNetwork</name>
  <uuid>UUID REMOVED</uuid>
  <bridge name='virbr0' stp='off' delay='0' />
  <forward mode='route'/>
  <mac address='xx:xx:00:xx:xx:xx'/>
  <ip address='10.0.1.1' netmask='255.255.255.0'>
  </ip>
  <ip family='ipv6' address='fd00:0000:0000:1::1' prefix='64'>
  </ip>
  <ip family='ipv6' address='2001:0000:0000:0::1' prefix='64'>
  </ip>
</network>

The above is one of the two virtual networks that are refusing to work completely!
Comment 3 Trever Adams 2013-05-14 13:15:53 EDT
It is IPv6 related it appears.
Comment 4 Trever Adams 2013-05-14 13:25:35 EDT
Is this a problem with starting radvd from dnsmasq?
Comment 5 Laine Stump 2013-05-14 13:36:43 EDT
I'm pretty sure that dnsmasq doesn't start radvd. Depending on the version of dnsmasq, *libvirt* may start radvd, but if you're running dnsmasq-2.66, then libvirt is using dnsmasq's own RA support rather than separately starting radvd.

It might be helpful if you attached "/var/lib/libvirt/dnsmasq/TheNetwork.conf". (I doubt that I'll understand anything extra from it, but Thomas or Simon might).
Comment 6 Trever Adams 2013-05-14 15:53:22 EDT
strict-order
domain-needed
local=//
pid-file=/var/run/libvirt/network/DMZ.pid
except-interface=lo
bind-dynamic
interface=virbr1
addn-hosts=/var/lib/libvirt/dnsmasq/DMZ.addnhosts
dhcp-range=fdac:xxxx:xxxx::1,ra-only
dhcp-range=2001:xxxx:xxxx:xxxx::1,ra-only

Sorry for not attaching.
Comment 7 Trever Adams 2013-05-14 15:58:04 EDT
As for radvd, it used to. I honestly do not know now and cannot check as this is my only setup.
Comment 8 Laine Stump 2013-05-15 12:52:10 EDT
Yes, older libvirt used to start an radvd process to handle IPv6 RA. A few releases ago it was changed to use dnsmasq instead (iff the version of dnsmasq on the host is new enough to have that capability).
Comment 9 Trever Adams 2013-05-15 15:07:38 EDT
Alright, then I guess I haven't a clue what is causing the problem. Interestingly enough, if I run dnsmasq with /var/lib/libvirt/dnsmasq/TheNetwork.conf directly, I don't get the error. So, maybe this is in libvirt?
Comment 10 Laine Stump 2013-05-16 01:28:43 EDT
Are there any AVC records in /var/log/audit/audit.log? Does it still fail after doing a "setenforce permissive"?
Comment 11 Trever Adams 2013-05-16 11:14:05 EDT
There are lots of them in audit. But, SELINUX=permissive is set on this machine in /etc/selinux/config
Comment 12 Simon Kelley 2013-05-17 06:36:31 EDT
Patch here. http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cfcad42ff1ddee8e64d120f18016a654152d0215

Enabling DHCPv6 as well as RA will workaround: ie s/ra-only/ra-stateless/ in config file.

Cheers,

Simon.
Comment 13 Trever Adams 2013-05-17 07:08:18 EDT
Thank you Simon. Any chance this patch will be pushed soon? Can you show how I might temporarily enable dhcpv6 without causing trouble in the configuration I gave? Thank you!
Comment 14 Tomáš Hozza 2013-05-17 07:21:05 EDT
(In reply to comment #12)
> Patch here.
> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;
> h=cfcad42ff1ddee8e64d120f18016a654152d0215
> 
> Enabling DHCPv6 as well as RA will workaround: ie s/ra-only/ra-stateless/ in
> config file.
> 
> Cheers,
> 
> Simon.

Thank you Simon for a quick fix. 

(In reply to comment #13)
> Thank you Simon. Any chance this patch will be pushed soon? Can you show how
> I might temporarily enable dhcpv6 without causing trouble in the
> configuration I gave? Thank you!

I will include the patch in Fedora 19 dnsmasq-2.66 ASAP.
Comment 15 Fedora Update System 2013-05-17 09:45:49 EDT
dnsmasq-2.66-6.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/dnsmasq-2.66-6.fc19
Comment 16 Trever Adams 2013-05-17 13:38:47 EDT
I am sorry. I would leave karma, but something happened and I can not login to koji anymore. I get an SSL error even though I have added an exception for the self signed cert to Firefox.

Secure Connection Failed
              
An error occurred during a connection to koji.fedoraproject.org.

SSL peer was unable to negotiate an acceptable set of security parameters.

(Error code: ssl_error_handshake_failure_alert)
Comment 17 Trever Adams 2013-05-17 13:43:17 EDT
This did fix the problem. Thank you all who were involved in the fix. I greatly appreciate this.
Comment 18 Fedora Update System 2013-05-17 18:22:51 EDT
Package dnsmasq-2.66-6.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dnsmasq-2.66-6.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-8496/dnsmasq-2.66-6.fc19
then log in and leave karma (feedback).
Comment 19 Fedora Update System 2013-05-28 23:03:11 EDT
dnsmasq-2.66-6.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.