Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Benjamin Cama f5650a37f7 network: fix dnsmasq/radvd binding to IPv6 on recent kernels
I hit this problem recently when trying to create a bridge with an IPv6
address on a 3.2 kernel: dnsmasq (and, further, radvd) would not bind to
the given address, waiting 20s and then giving up with -EADDRNOTAVAIL
(resp. exiting immediately with "error parsing or activating the config
file", without libvirt noticing it, BTW). This can be reproduced with (I
think) any kernel >= 2.6.39 and the following XML (to be used with
"virsh net-create"):

        <network>
          <name>test-bridge</name>
          <bridge name='testbr0' />
          <ip family='ipv6' address='fd00::1' prefix='64'>
          </ip>
        </network>

(it happens even when you have an IPv4, too)

The problem is that since commit [1] (which, ironically, was made to
“help IPv6 autoconfiguration”) the linux bridge code makes bridges
behave like “real” devices regarding carrier detection. This makes the
bridges created by libvirt, which are started without any up devices,
stay with the NO-CARRIER flag set, and thus prevents DAD (Duplicate
address detection) from happening, thus letting the IPv6 address flagged
as “tentative”. Such addresses cannot be bound to (see RFC 2462), so
dnsmasq fails binding to it (for radvd, it detects that "interface XXX
is not RUNNING", thus that "interface XXX does not exist, ignoring the
interface" (sic)). It seems that this behavior was enhanced somehow with
commit [2] by avoiding setting NO-CARRIER on empty bridges, but I
couldn't reproduce this behavior on my kernel. Anyway, with the “dummy
tap to set MAC address” trick, this wouldn't work.

To fix this, the idea is to get the bridge's attached device to be up so
that DAD can happen (deactivating DAD altogether is not a good idea, I
think). Currently, libvirt creates a dummy TAP device to set the MAC
address of the bridge, keeping it down. But even if we set this device
up, it is not RUNNING as soon as the tap file descriptor attached to it
is closed, thus still preventing DAD. So, we must modify the API a bit,
so that we can get the fd, keep the tap device persistent, run the
daemons, and close it after DAD has taken place. After that, the bridge
will be flagged NO-CARRIER again, but the daemons will be running, even
if not happy about the device's state (but we don't really care about
the bridge's daemons doing anything when no up interface is connected to
it).

Other solutions that I envisioned were:
      * Keeping the *-nic interface up: this would waste an fd for each
        bridge during all its life. May be acceptable, I don't really
        know.
      * Stop using the dummy tap trick, and set the MAC address directly
        on the bridge: it is possible since quite some time it seems,
        even if then there is the problem of the bridge not being
        RUNNING when empty, contrary to what [2] says, so this will need
        fixing (and this fix only happened in 3.1, so it wouldn't work
        for 2.6.39)
      * Using the --interface option of dnsmasq, but I saw somewhere
        that it's not used by libvirt for backward compatibility. I am
        not sure this would solve this problem, though, as I don't know
        how dnsmasq binds itself to it with this option.

This is why this patch does what's described earlier.

This patch also makes radvd start even if the interface is
“missing” (i.e. it is not RUNNING), as it daemonizes before binding to
it, and thus sometimes does it after the interface has been brought down
by us (by closing the tap fd), and then originally stops. This also
makes it stop yelling about it in the logs when the interface is down at
a later time.

[1]
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=1faa4356a3bd89ea11fb92752d897cff3a20ec0e
[2]
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b64b73d7d0c480f75684519c6134e79d50c1b341
(cherry picked from commit db488c7917)
2012-10-23 18:00:14 -04:00
.gnulib@440a1dbe52 build: improved handling of <execinfo.h>, BSD <net/if.h> 2012-09-06 10:08:47 -06:00
build-aux maint: fix up copyright notice inconsistencies 2012-09-20 16:30:55 -06:00
daemon Move virProcess{Kill,Abort,TranslateStatus} into virprocess.{c,h} 2012-10-17 16:41:06 -04:00
docs Correct name of domain/pm/suspend-to-mem in docs 2012-10-18 13:16:54 -04:00
examples maint: fix up copyright notice inconsistencies 2012-09-20 16:30:55 -06:00
gnulib build: fix fresh checkout on RHEL5 2012-04-19 17:11:43 -06:00
include maint: fix up copyright notice inconsistencies 2012-09-20 16:30:55 -06:00
m4 build: avoid -Wno-format on new-enough gcc 2012-10-18 13:11:29 -04:00
po Move virProcess{Kill,Abort,TranslateStatus} into virprocess.{c,h} 2012-10-17 16:41:06 -04:00
python Properly parse (unsigned) long long 2012-10-18 13:19:51 -04:00
src network: fix dnsmasq/radvd binding to IPv6 on recent kernels 2012-10-23 18:00:14 -04:00
tests fix kvm_pv_eoi with kvmclock 2012-10-18 13:14:36 -04:00
tools Add note about numeric domain names to manpage 2012-10-18 13:09:55 -04:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore Add a ./run script for running programs from the local directory. 2012-09-18 10:59:16 +01:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap network: fix dnsmasq/radvd binding to IPv6 on recent kernels 2012-10-23 18:00:14 -04:00
AUTHORS ARMHF: implement /proc/cpuinfo parsing 2012-10-18 13:00:00 -04:00
autobuild.sh Switch automated builds to use Mingw64 toolchain instead of Mingw32 2012-06-25 10:41:10 +01:00
autogen.sh Ensure autogen.sh exists if bootstrap fails 2012-09-20 15:58:29 +01:00
bootstrap maint: regenerate bootstrap 2012-07-27 09:34:04 -06:00
bootstrap.conf maint: fix up copyright notice inconsistencies 2012-09-20 16:30:55 -06:00
cfg.mk syntax-check: fix run.in 2012-09-18 13:59:53 +02:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac Call curl_global_init from virInitialize to avoid thread-safety issues 2012-10-18 13:15:00 -04:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
HACKING Update how to compile with -Werror 2012-10-17 16:18:22 -04:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in spec: Add runtime requirement for libssh2 2012-10-18 13:32:10 -04:00
Makefile.am Add a ./run script for running programs from the local directory. 2012-09-18 10:59:16 +01:00
Makefile.nonreentrant Ban use of all inet_* functions 2010-10-22 11:59:23 +01:00
mingw-libvirt.spec.in parallels: add driver skeleton 2012-08-01 11:44:26 +08:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in syntax-check: fix run.in 2012-09-18 13:59:53 +02:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>