Re: [libvirt PATCH v2 3/3] network: wire up support for IPv6 NAT rules

On 6/9/20 12:17 PM, Daniel P. Berrangé wrote: > Now that we have support for IPv6 in the iptables helpers, and a new > option in the XML schema, we can wire up support for it in the network > driver. > > Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; > --- >   src/network/bridge_driver_linux.c             |  23 +- >   .../nat-ipv6-masquerade-linux.args            | 228 ++++++++++++++++++ >   .../nat-ipv6-masquerade.xml                   |  17 ++ >   tests/networkxml2firewalltest.c               |   1 + >   4 files changed, 262 insertions(+), 7 deletions(-) >   create mode 100644 > tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.args >   create mode 100644 > tests/networkxml2firewalldata/nat-ipv6-masquerade.xml > > diff --git a/src/network/bridge_driver_linux.c > b/src/network/bridge_driver_linux.c > index b0bd207250..fcb3803965 100644 > --- a/src/network/bridge_driver_linux.c > +++ b/src/network/bridge_driver_linux.c > @@ -307,7 +307,8 @@ int networkCheckRouteCollision(virNetworkDefPtr def) >       return ret; >   } >   -static const char networkLocalMulticast[] = "224.0.0.0/24"; > +static const char networkLocalMulticastIPv4[] = "224.0.0.0/24"; > +static const char networkLocalMulticastIPv6[] = "ffx2::/16"; Once I got everything built and tried starting a network with ipv6 nat, I got this error message: virsh net-start ipv6 error: Failed to start network ipv6 error: COMMAND_FAILED: '/usr/sbin/ip6tables -w10 -w --table nat --insert LIBVIRT_PRT --source 2001:4978:2ac:5::/80 --destination ffx2::/16 --jump RETURN' failed: ip6tables v1.8.3 (legacy): host/network `ffx2::' not found Try `ip6tables -h' or 'ip6tables --help' for more information. Do we need to do something different for multicast traffic in the case of IPv6? Other than that it all looks good, so Reviewed-by: Laine Stump <laine(a)redhat.com&gt; once the problem with multicast ffx2::/16 as the destination of a rule is resolved.