[Pkg-libvirt-maintainers] Bug#636712: Bug#636712: Bug#636712: libvirt-bin: cannot create rule since iptables tool is missing with custom nwfilters

Guido Günther agx at sigxcpu.org
Tue Aug 9 17:06:22 UTC 2011 

On Tue, Aug 09, 2011 at 12:16:02PM +0200, Luca Capello wrote:
[..snip..]
> After some debugging, I think the problem is the missing gawk, given
> that in libvirt-0.9.3/src/nwfilter/nwfilter_ebiptables_driver.c we have:
> 
> --8<---------------cut here---------------start------------->8---
>   3070      /* ip(6)tables support needs gawk & grep, ebtables doesn't */
>   3071      if ((iptables_cmd_path != NULL || ip6tables_cmd_path != NULL) &&
>   3072          (!grep_cmd_path || !gawk_cmd_path)) {
>   3073          virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s",
>   3074                                 _("essential tools to support ip(6)tables "
>   3075                                   "firewalls could not be located"));
>   3076          VIR_FREE(iptables_cmd_path);
>   3077          VIR_FREE(ip6tables_cmd_path);
>   3078      }
> --8<---------------cut here---------------end--------------->8---
> 
> Obviously, the error above is useless, given that there is no indication
> of *which* tool is missing.
> 
> FWIW, gawk is used in iptablesLinkIPTablesBaseChain() only (line 418 in
> the above file).  However, no reason is available why GNU awk (and not
> any awk like the Debian default mawk) is needed, not even in the commit:
> 
>   <http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=1130085cf075c044e4ad6cd811aa066549edcc2e>
> 
> I will try to check if with mawk everything works OK, but this means
> that I need to find out the full gawk invocation and then also recompile
> libvirt-bin for squeeze, not now ;-)

I couldn't find any indication that mawk wouldn't do the trick since the
awk expression is quite simple. 9.4.0 (in experimental) uses awk which
should fix your issues. Since grep and awk are available the error
message now correctly points to iptables so I closed the report, o.k.?
Thanks for investigating!
 -- Guido

> 
> >> The first error is #592177 (with its clones #615907 and #626166), the
> >> other errors about essential or iptables tools missing are still
> >> puzzling my brain for an explication :-|
> >
> > #592177 should be fixed with 0.9.4~rc1. 0.9.4 is about to be uploaed to
> > unstable pending a LFS fix.
> 
> Thank you, also for the squeeze-backports: I will move to them, thus
> 0.9.x, as soon as this bug will be solved.
> 
> Thx, bye,
> Gismo / Luca
> 





> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers

More information about the Pkg-libvirt-maintainers mailing list