Aug 28 10:51:38 gentoo libvirtd: 10:51:38.542: error : virRunWithHook:857 : internal error '/sbin/iptables --table mangle --insert POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.9.1: unknown option `--checksum-fill' Reproducible: Always
Aug 28 10:58:23 gentoo libvirtd: 10:58:23.557: warning : networkAddIptablesRules:851 : May need to update iptables package & kernel to support CHECKSUM rule.
*** Bug 334923 has been marked as a duplicate of this bug. ***
I see you're already running the latest iptables in the tree, which still doesn't have the option libvirt expects.
This is the offending commit. http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=fd5b15ff1a2ec37e75609c091522ae1e2c74c811 Shortest term solution: patch this /out/ of effected source code (all versions gentoo currently retains if I'm not mistaken). Alternate: iptables patch with CHECKSUM support Longer term solutions: A) Fix the patch to always treat iptables errors as warnings. B) iptables release with CHECKSUM support Sep 17 21:57:32 localhost libvirtd: 21:57:32.992: error : virRunWithHook:857 : internal error '/sbin/iptables --table mangle --insert POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.9.1: unknown option `--checksum-fill' Sep 17 21:57:32 localhost libvirtd: 21:57:32.992: warning : networkAddIptablesRules:873 : Could not add rule to fixup DHCP response checksums on network 'default'. Sep 17 21:57:32 localhost libvirtd: 21:57:32.992: warning : networkAddIptablesRules:874 : May need to update iptables package & kernel to support CHECKSUM rule. Sep 17 21:57:33 localhost libvirtd: 21:57:33.003: error : virRunWithHook:857 : internal error '/usr/sbin/dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/default.pid --conf-file= --listen-address 192.168.122.1 --except-interface lo --dhcp-range 192.168.122.2,192.168.122.254 --dhcp-lease-max=253 --dhcp-no-override' exited with non-zero status 2 and signal 0: Sep 17 21:57:33 localhost libvirtd: 21:57:33.015: error : virRunWithHook:857 : internal error '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.9.1: unknown option `--checksum-fill' Sep 17 21:57:33 localhost libvirtd: 21:57:33.114: error : virRunWithHook:857 : internal error '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule (does a matching rule exist in that chain?). Sep 17 21:57:33 localhost libvirtd: 21:57:33.867: warning : qemudStartup:1848 : Unable to create cgroup for driver: No such device or address
I ran in to an additional error-case which is unrelated to this bug, except for incidentally providing a possible workaround if my proposed resolution is realized. https://bugzilla.redhat.com/show_bug.cgi?id=635211
Fixed in all libvirt's in the tree.
