The "quantum" attribute of HTB is documented as:
Number of bytes to serve from this class before the scheduler
moves to the next class.
Since v1.3.2-rc1~225 we compute what we think is the appropriate
value and pass it on the TC command line. But kernel and
subsequently TC use uint32_t to sto
Run all the networkxml2firewall tests twice - once with iptables
backend, and once with the nftables backend.
The results files for the existing iptables tests were previously
named *.args. That has been changed to *.iptables, and the results
files for the new nftables tests are named *.nftables.
Support using nftables to setup the firewall for each virtual network,
rather than iptables. The initial implementation of the nftables
backend creates (almost) exactly the same ruleset as the iptables
backend, determined by running the following commands on a host that
has an active virtual networ
It still can have only one useful value ("iptables"), but once a 2nd
value is supported, it will be selectable by setting
"firewall_backend=nftables" in /etc/libvirt/network.conf.
If firewall_backend isn't set in network.conf, then libvirt will check
to see if the iptables binary is present on the
When destroying a network, the network driver has always assumed that
it knew what firewall rules had been added as the network was
started. This was usually correct - I only recall one time in the past
that the firewall rules added by libvirt were changed. But if the
exact rules used for a network
This was the only reason we required the iptables and ebtables
packages at build time, and many other external commands already have
their binaries found at runtime by looking through $PATH (virCommand
automatically does this), so we may as well do it for these commands
as well.
Since we no longer
The patch that added the nftables backend for virtual networks left
iptables as the default backend when both nftables and iptables are
installed.
The only functional difference between the two backends is that the
nftables backend doesn't add any rules to fix up the checksum of DHCP
packets, whic
This makes it possible to uninstall iptables, as long as nftables is
installed.
Signed-off-by: Laine Stump
---
Change from V2:
* Require one or the other instead of recommending both.
libvirt.spec.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libvirt.spec.in b/libvirt.s
In the case that a new version of libvirt is started that uses
different rules to build the network firewall, we need to re-save the
status so that when the network is destroyed (or the *next* time
libvirt is restarted and wants to remove/re-add the firewall), it will
have the proper information to
Signed-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
src/network/network_iptables.c | 51 +++---
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
index 697ad5d8d6..ac3e60b79f 1006
If the VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK flag is set, each time
an iptables command is executed that is adding a rule or chain, a
corresponding command that will *delete* the same rule/chain is
constructed and added to the list of rollback commands. If we later
want to undo the entire firewall
These functions convert a virFirewall object to/from XML so that it
can be serialized to disk (in a virNetworkObj's status file) and
restored later (e.g. after libvirtd/virtnetworkd is restarted).
Signed-off-by: Laine Stump
---
Change from V2:
* report nargs == 0 as an error rather than ignoring
This virFirewall object will store the list of actions required to
remove the firewall that was added for the currently active instance
of the network, so it has been named "fwRemoval" (and when parsed into
XML, the element will have the name "fwRemoval").
There are no uses of the fwRemoval objec
This will be used to label (via "name='blah'") a firewall when it is
formatted to XML and written to the network status.
Signed-off-by: Laine Stump
---
This is new in V3.
src/libvirt_private.syms | 2 ++
src/util/virfirewall.c | 20 +++-
src/util/virfirewall.h | 2 ++
3 fi
Modify networkSetupPrivateChains() in the network driver to accept a
firewallBackend argument so it will know which backend to call. (right
now it always calls the iptables version of the lower level function,
but in the future it could instead call the nftables version based on
configuration).
Bu
This file is generated from network.conf.in because it will soon have
an item that must be modified according to meson buildtime config.
Signed-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
libvirt.spec.in | 3 ++
src/network/libvirtd_network.aug | 36
In normal practice a virFirewallCmd should never have 0 args by the
time it gets to the Apply stage, but at some time while debugging one
of the other patches in this series, exactly that happened (due to a
bug that was since squashed), and having a check for it helped
debugging, so let's permanent
In the past virFirewall required all rollback commands for a group
(those commands necessary to "undo" any rules that had been added in
that group in case of a later failure) to be manually added by
switching into the virFirewall object into "rollback mode" and then
re-calling the inverse of the ex
virFirewallNewFromRollback() creates a new virFirewall object that
contains a copy of the "rollback" commands from an existing
virFirewall object, but in reverse order. The intent is that this
virFirewall be saved and used later to remove the firewall rules that
were added for a network.
Signed-of
(This paragraph is for historical reference only, described only to
avoid confusion of past use of the name with its new use) In a past
life, virFirewallBackend had been a private static in virfirewall.c
that was set at daemon init time, and used to globally (i.e. for all
drivers in the daemon) det
So far this will only affect what happens if there is some failure
while applying the firewall rules; the rollback rules aren't yet
persistent beyond that time. More work is needed to remember the
rollback rules while the network is active, and use those rules to
remove the firewall for the network
We know at the time a virFirewallCmd is created (with
virFirewallAddCmd*()) whether or not we will later want to ignore
errors encountered when attempting to apply that command - if
ignoreErrors is set in the AddCmd or if the group has already had
VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS set, then we
We will already need a separate function for virFirewallApplyCmd for
iptables vs. nftables, but the only reason for needing a separate
function for virFirewallAddCmd* is that iptables/ebtables need to have
an extra arg added for locking (to prevent multiple iptables commands
from running at the sam
I had originally named these as VIR_NETFILTER_* because I assumed the
same enum would eventually be used by our nftables backend as well as
iptables. But it turns out that in most cases it's not possible to
delete an nftables rule, so we just never used the enum anyway, so
this patch is renaming th
Although initially we will add exactly the same rules for the nftables
backend, the two may (hopefully) soon diverge as we take advantage of
nftables features that weren't available in iptables. When we do that,
there will need to be a different version of these functions (currently in
bridge_drive
V2:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/5RTZ6PC3N3CO6X353QUHLVOL43SWQ4JD/
This patch series enables libvirt to use nftables rules rather than
iptables *when setting up virtual networks* (it does *not* add
nftables support to the nwfilter driver).
I've added the
Now that the toplevel iptables functions have been moved out of the
linux bridge driver into network_iptables.c, all of the utility
functions are used only within that same file, so simplify it.
Signed-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
src/network/network_iptables.c | 52
These functions are only ever used by the network driver, and are so
specific to the network driver's usage of iptables that they likely
won't ever be used elsewhere. The files are renamed to
network_iptables.[ch] to be more in line with driver-specific file
naming conventions.
Signed-off-by: Lain
On 4/24/24 07:14, Philippe Mathieu-Daudé wrote:
The following changes since commit 1a6f53953df65f31e922f8a1763dac9f10adc81b:
Open 9.1 development tree (2024-04-23 17:33:36 -0700)
are available in the Git repository at:
https://github.com/philmd/qemu.git tags/housekeeping-20240424
for
Signed-off-by: Kristina Hanicova
---
src/qemu/qemu_validate.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index b33618b494..c8bee6f23d 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -69,6 +69,7 @
Resolves: https://issues.redhat.com/browse/RHEL-7489
Signed-off-by: Kristina Hanicova
---
src/qemu/qemu_command.c | 5 +++
.../aarch64-features-ras.aarch64-latest.args | 31 +++
.../aarch64-features-ras.aarch64-latest.xml | 1 +
.../qemuxmlconfdata/aarch
*** BLURB HERE ***
Kristina Hanicova (4):
Introduce QEMU_CAPS_MACHINE_VIRT_RAS capability
conf: parse and format machine virt ras feature
qemu: validate machine virt ras feature
qemu: format machine virt ras feature and test it
docs/formatdomain.rst | 5 +++
src/
The capability can be used to detect if the qemu binary already
supports 'ras' feature for 'virt' machine type.
Signed-off-by: Kristina Hanicova
---
src/qemu/qemu_capabilities.c | 2 ++
src/qemu/qemu_capabilities.h | 1 +
tests/qemucapabilitiesda
Signed-off-by: Kristina Hanicova
---
docs/formatdomain.rst | 5 +
src/conf/domain_conf.c| 6 +-
src/conf/domain_conf.h| 1 +
src/conf/schemas/domaincommon.rng | 5 +
src/qemu/qemu_validate.c | 1 +
5 files changed, 17 insertions(+), 1 delet
GlusterFS+RDMA has been deprecated 8 years ago in commit
0552ff2465 ("block/gluster: deprecate rdma support"):
gluster volfile server fetch happens through unix and/or tcp,
it doesn't support volfile fetch over rdma. The rdma code may
actually mislead, so to make sure things do not break, fo
The ALTERA_TIMER was only used by Nios II machines,
which have been removed. Since it has no direct user,
remove it.
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Message-Id: <20240327144806.11319-4-phi...@linaro.org>
---
hw/timer/altera_timer.c | 244
From: Sriram Yagnaraman
Due to company policies, I have changed my mail address. Updating
MAINTAINERS and .mailmap to show my latest mail address.
Signed-off-by: Sriram Yagnaraman
Message-ID: <20240228080625.2412372-1-sriram.yagnara...@ericsson.com>
Signed-off-by: Philippe Mathieu-Daudé
---
M
The following changes since commit 1a6f53953df65f31e922f8a1763dac9f10adc81b:
Open 9.1 development tree (2024-04-23 17:33:36 -0700)
are available in the Git repository at:
https://github.com/philmd/qemu.git tags/housekeeping-20240424
for you to fetch changes up to
On 4/19/24 15:05, Peter Krempa wrote:
> Shorten the function name as there isn't any vshCommandOptString.
>
> Signed-off-by: Peter Krempa
> ---
> tools/virsh-backup.c | 4 +-
> tools/virsh-checkpoint.c | 8 +-
> tools/virsh-completer-domain.c | 2 +-
> tools/virsh-completer
On 4/19/24 15:05, Peter Krempa wrote:
> This series refactors the commandline parser in order to use easier to
> understand/maintain logic.
>
>
> Peter Krempa (13):
> meson: tests: Add 'virsh' as dependency of 'virshtest'
> tools: Rename vshCommandOptStringReq to vshCommandOptString
> vsh:
Cole, thanks for fixing the problem in test_driver caused by my changes.
Reviewed-by: Boris Fiuczynski
On 4/23/24 15:44, Cole Robinson wrote:
Commit v10.0.0-265-ge67bca23e4 added a `active_config` and
`defined_config` to nodedev mdev internal XML handling.
`defined_config` can be filled at XML
Reviewed-by: Boris Fiuczynski
On 4/23/24 15:44, Cole Robinson wrote:
- Error if INACTIVE requested for transient object
- Force dumping INACTIVE XML when object is inactive
Signed-off-by: Cole Robinson
---
src/test/test_driver.c | 17 -
1 file changed, 16 insertions(+), 1 d
Reviewed-by: Boris Fiuczynski
On 4/23/24 15:44, Cole Robinson wrote:
This was the implied default before nodedevs gained a notion of
being inactive and transient. It also matches the implied default
when parsing other object types
Signed-off-by: Cole Robinson
---
src/test/test_driver.c | 2
On Wed, Apr 24, 2024 at 14:31:10 +0530, Shaleen Bathla via Devel wrote:
> multiple parallel timedout vcpu hotunplug requests coming from qemu handled
> asynchronously by libvirt can cause data corruption as they modify
> vcpu data during refresh by libvirt.
Could you please elaborate? which two co
multiple parallel timedout vcpu hotunplug requests coming from qemu handled
asynchronously by libvirt can cause data corruption as they modify
vcpu data during refresh by libvirt.
Lock each vcpu before modification and then release the lock
Signed-off-by: Shaleen Bathla
---
src/qemu/qemu_domain
On Wed, Apr 24, 2024 at 10:27:22AM +0200, Peter Krempa wrote:
> Peter Krempa (2):
> tests: qemucapsprobe: Fix construction of path to
> libqemucapsprobemock.so
> qemucapabilitiestest: Update qemu capability dump for qemu-9.0 release
>
> .../caps_9.0.0_x86_64.replies | 50 +
On Fri, Apr 19, 2024 at 16:29:47 +0200, Peter Krempa wrote:
> While QEMU accepts and interprets an empty string in the tls-hostname
> field in migration parametes as if it's unset, the same does not apply
> for the 'tls-hostname' field when 'blockdev-add'-ing a NBD backend for
> non-shared storage
Hi Marek,
On 18/4/24 14:04, Marek Vasut wrote:
On 4/18/24 1:10 PM, Philippe Mathieu-Daudé wrote:
On 27/3/24 15:48, Philippe Mathieu-Daudé wrote:
The Nios II target is deprecated since v8.2 in commit 9997771bc1
("target/nios2: Deprecate the Nios II architecture").
Remove:
- Buildsys / CI infra
Reviewed-by: Boris Fiuczynski
On 4/23/24 20:09, Marc Hartmayer wrote:
Signed-off-by: Marc Hartmayer
---
src/node_device/node_device_udev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/node_device/node_device_udev.c
b/src/node_device/node_device_udev.c
index 14d44
qemu-9.0 was released so update the capability dump to the final
version.
Notable changes:
- the 'vdpa' simulator support was reverted for now
Signed-off-by: Peter Krempa
---
.../caps_9.0.0_x86_64.replies | 50 ++-
.../caps_9.0.0_x86_64.xml |
Prior to commit eac646ea490e66 VIR_TEST_MOCK included the path to the
build directory, but the code was not fixed after VIR_TEST_MOCK was
changed resulting in the following failure when attempting to probe
capaibilities:
$ ./tests/qemucapsprobe /path/to/qemu/qemu-system-x86_64 > out
libqemucapsp
Peter Krempa (2):
tests: qemucapsprobe: Fix construction of path to
libqemucapsprobemock.so
qemucapabilitiestest: Update qemu capability dump for qemu-9.0 release
.../caps_9.0.0_x86_64.replies | 50 ++-
.../caps_9.0.0_x86_64.xml | 4 +-
On Wed, Apr 24, 2024 at 08:43:00AM +0200, Jiri Denemark wrote:
> Hi,
>
> Does anyone feel strongly against dropping the "micro" part from
> libvirt(-python) versions? I think the original idea was to use this
> number for maintenance releases in -maint branches, but we stopped doing
> those a long
53 matches
Mail list logo
