Package: xen-utils-common
Version: 4.11.3+24-g14b62ab3e5-1
Severity: normal
Tags: patch
Hello,
I was having issues with starting domains with vif-nat:
♭ xl cr -c mydom
Parsing config from mydom
libxl: error: libxl_exec.c:117:libxl_report_child_exitstatus:
/etc/xen/scripts/vif-nat online [27191] exited with error status 1
libxl: error: libxl_device.c:1286:device_hotplug_child_death_cb: script:
/etc/xen/scripts/vif-nat failed; error detected.
libxl: error: libxl_create.c:1519:domcreate_attach_devices: Domain 25:unable to
add vif devices
libxl: error: libxl_domain.c:1034:libxl__destroy_domid: Domain 25:Non-existant
domain
libxl: error: libxl_domain.c:993:domain_destroy_callback: Domain 25:Unable to
destroy guest
libxl: error: libxl_domain.c:920:domain_destroy_cb: Domain 25:Destruction of
domain failed
It happens that it seems that's merely because handle_iptable() does not
pass a return value, and I guess the return value is thus that of the
latest command, which may not be true, and that makes vif-nat fail. The
attached patch fixes that.
Samuel
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500,
'proposed-updates'), (500, 'oldstable-proposed-updates-debug'), (500,
'oldstable-proposed-updates'), (500, 'oldoldstable'), (500, 'buildd-unstable'),
(500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1,
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.6.0 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages xen-utils-common depends on:
ii libc6 2.30-2
ii libxenstore3.0 4.11.3+24-g14b62ab3e5-1
ii lsb-base 11.1.0
ii python 2.7.17-2
ii ucf 3.0038+nmu1
ii udev 244.3-1
ii xenstore-utils 4.11.3+24-g14b62ab3e5-1
xen-utils-common recommends no packages.
Versions of packages xen-utils-common suggests:
pn xen-doc <none>
-- Configuration Files:
/etc/xen/scripts/vif-nat changed:
dir=$(dirname "$0")
. "$dir/vif-common.sh"
if [ -f /etc/dhcpd.conf ]
then
dhcp=${dhcp:-yes}
else
dhcp=${dhcp:-no}
fi
if [ "$dhcp" != 'no' ]
then
dhcpd_conf_file=$(find_dhcpd_conf_file)
dhcpd_init_file=$(find_dhcpd_init_file)
dhcpd_arg_file=$(find_dhcpd_arg_file)
if [ -z "$dhcpd_conf_file" ] || [ -z "$dhcpd_init_file" ] || [ -z
"$dhcpd_arg_file" ]
then
echo 'Failed to find dhcpd configuration or init or args file.' >&2
exit 1
fi
fi
domid=$(xenstore_read "$XENBUS_PATH/frontend-id")
vifid=$(xenstore_read "$XENBUS_PATH/handle")
vifid=$(( $vifid + 1 ))
ip_from_dom()
{
local domid1=$(( $domid / 256 ))
local domid2=$(( $domid % 256 ))
echo "10.$domid1.$domid2.$vifid/16"
}
routing_ip()
{
echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}')
}
dotted_quad()
{
echo\
$(( ($1 & 0xFF000000) >> 24))\
.$(( ($1 & 0x00FF0000) >> 16))\
.$(( ($1 & 0x0000FF00) >> 8 ))\
.$(( $1 & 0x000000FF ))
}
if [ "$ip" = "" ]
then
ip=$(ip_from_dom)
fi
router_ip=$(routing_ip "$ip")
vif_ip=`echo ${ip} | awk -F/ '{print $1}'`
hostname=$(xenstore_read "$XENBUS_PATH/domain" | tr -- '_.:/+' '-----')
if [ "$vifid" != "1" ]
then
hostname="$hostname-$vifid"
fi
dhcparg_remove_entry()
{
local tmpfile=$(mktemp)
sed -e "s/${dev} //" "$dhcpd_arg_file" >"$tmpfile"
if diff "$tmpfile" "$dhcpd_arg_file" >/dev/null
then
rm "$tmpfile"
else
mv "$tmpfile" "$dhcpd_arg_file"
fi
}
dhcparg_add_entry()
{
dhcparg_remove_entry
local tmpfile=$(mktemp)
# handle Red Hat, SUSE, and Debian styles, with or without quotes
sed -e 's/^DHCPDARGS="*\([^"]*\)"*/DHCPDARGS="\1'"${dev} "'"/' \
"$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
sed -e 's/^DHCPD_INTERFACE="*\([^"]*\)"*/DHCPD_INTERFACE="\1'"${dev} "'"/' \
"$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
sed -e 's/^INTERFACES="*\([^"]*\)"*/INTERFACES="\1'"${dev} "'"/' \
"$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
rm -f "$tmpfile"
}
dhcp_remove_entry()
{
local tmpfile=$(mktemp)
grep -v "host $hostname" "$dhcpd_conf_file" >"$tmpfile"
if diff "$tmpfile" "$dhcpd_conf_file" >/dev/null
then
rm "$tmpfile"
else
mv "$tmpfile" "$dhcpd_conf_file"
fi
dhcparg_remove_entry
}
dhcp_up()
{
claim_lock "vif-nat-dhcp"
dhcp_remove_entry
mac=$(xenstore_read "$XENBUS_PATH/mac")
echo >>"$dhcpd_conf_file" \
"host $hostname { hardware ethernet $mac; fixed-address $vif_ip; option routers
$router_ip; option host-name \"$hostname\"; }"
dhcparg_add_entry
release_lock "vif-nat-dhcp"
"$dhcpd_init_file" restart || true
}
dhcp_down()
{
claim_lock "vif-nat-dhcp"
dhcp_remove_entry
release_lock "vif-nat-dhcp"
"$dhcpd_init_file" restart || true # We need to ignore failure because
# ISC dhcpd 3 borks if there is nothing
# for it to do, which is the case if
# the outgoing interface is not
# configured to offer leases and there
# are no vifs.
}
case "$command" in
online)
if ip route | grep -q "dev ${dev}"
then
log debug "${dev} already up"
exit 0
fi
do_or_die ip link set dev "${dev}" up arp on
do_or_die ip addr add "$router_ip" dev "${dev}"
do_or_die ip route add "$vif_ip" dev "${dev}" src "$router_ip"
echo 1 >/proc/sys/net/ipv4/conf/${dev}/proxy_arp
[ "$dhcp" != 'no' ] && dhcp_up
;;
offline)
[ "$dhcp" != 'no' ] && dhcp_down
do_without_error ifconfig "${dev}" down
;;
esac
handle_iptable
call_hooks vif post
log debug "Successful vif-nat $command for ${dev}."
if [ "$command" = "online" ]
then
success
fi
/etc/xen/xl.conf changed:
vif.default.script="vif-nat"
-- no debconf information
--
Samuel
<Y> C'ETAIT PAS UN BUG !
<y> :ppp
<y> c ce qu'on dit ;)
<Y> (j'ai appuye sur ON, ca peut arriver, non ?)
-+- #hp debuggue IRCprime -+-
--- a/tools/hotplug/Linux/vif-common.sh
+++ b/tools/hotplug/Linux/vif-common.sh
@@ -183,7 +183,7 @@ frob_iptable()
handle_iptable()
{
# This function is disabled in Debian packaging. See Debian bug #894013.
- return
+ return 0
# Check for a working iptables installation. Checking for the iptables
# binary is not sufficient, because the user may not have the appropriate
@@ -191,7 +191,7 @@ handle_iptable()
# anything with it, so we can just return.
if ! iptables_w -L -n >&/dev/null
then
- return
+ return 0
fi
claim_lock "iptables"
