/genprotocol.pl | 5 ++---
2 files changed, 3 insertions(+), 14 deletions(-)
Reviewed-by: Laine Stump
although I had to apply the patches manually (git am -3 failed).
___
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-le
of the shell the test is run from, and 2) doesn't
match the contents of ~/.CFUserTextEncoding.
It is true, though, that filtering out this environment setting from
the test results permits commandtest to pass on MacOS 14.
Signed-off-by: Laine Stump
---
[*] There may be a better way to sup
On 11/3/23 6:11 AM, Andrea Bolognani wrote:
On Fri, Nov 03, 2023 at 12:00:30AM -0400, Laine Stump wrote:
[*] There may be a better way to suppress this environment setting
(maybe something done to prevent it from ever being added to the
environment in the first place?), and that would
On 11/3/23 8:41 AM, Andrea Bolognani wrote:
On Fri, Nov 03, 2023 at 11:17:03AM +, Daniel P. Berrangé wrote:
On Fri, Nov 03, 2023 at 04:13:12AM -0700, Andrea Bolognani wrote:
On Fri, Nov 03, 2023 at 10:47:11AM +, Daniel P. Berrangé wrote:
On Fri, Nov 03, 2023 at 10:41:51AM +, Daniel
d also has an option,
-no_warn_duplicate_libraries, that supresses this harmless/pointless
warning, meson has a simple way to check if that option is supported,
and libvirt's meson.build files already have examples of adding an
option to the ld commandline if it's available.
Signed
quot;is" and "is not")
Fixes: commit v9.9.0-24-g8ec79e5e14
Fixes: commit v9.9.0-22-gca3f025011
Fixes: commit v9.9.0-21-g031efb691f
Fixes: commit v9.9.0-20-g8c8b97685b
Signed-off-by: Laine Stump
---
scripts/rpcgen/rpcgen/ast.py | 4 +-
scripts/rpcgen/rpcgen/generator.py | 26
ether a couple of the patches, and fixed some things that caused
CI jobs to fail (I'd forgotten to push the branch to gitlab and
trigger CI).
Laine Stump (15):
util: properly deal with module vs. driver when binding device to
driver
schema: consolidate RNG for all hostdev element
t; will become "driver.type".
This will allow easily adding other items for new attributes in the
element / C struct, which will be useful once we are using
this new struct in multiple places.
Signed-off-by: Laine Stump
---
src/conf/device_conf.h
cified; as a part of making the two different
choices each a complete element (rather than each being a
collection of attributes and subelements) these extra
attributes/subelements that were irrelevant to the hostdev-type
were made to be valid only for an emulated interface's
.
Signed-of
This is done so that we can re-use the same parser/formatter for
and
Signed-off-by: Laine Stump
---
src/conf/device_conf.c | 41 +
src/conf/device_conf.h | 7 +++
src/conf/domain_conf.c | 28 +---
3 files changed, 53
Now if a new attribute is added to , we only need to update
the formatting/parsing in one place.
Signed-off-by: Laine Stump
---
src/conf/network_conf.c | 24
src/conf/virnetworkportdef.c | 21 ++---
2 files changed, 10 insertions(+), 35 deletions
er to see that the
upcoming patch that converges all four to use a common
parser/formatter is a functional NOP.
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 28
src/conf/network_conf.c | 26 --
src/conf/network_conf.h
y linked in the kernel. The entire
design of variant driver auto-detection is based on doing a lookup
in modules.alias, and that only lists *loadable modules* (not
drivers), so unless I'm missing something, it would be impossible
to auto-detect a VFIO variant driver that was statically
Add a surprisingly missing simple function to the arsenal.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/util/virstring.c | 17 +
src/util/virstring.h | 1 +
3 files changed, 19 insertions(+)
diff --git a/src/libvirt_private.syms b/src
run on non-Linux anyway).
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 2 ++
src/util/virpci.c| 4 ++--
src/util/virpci.h| 3 +++
tests/qemuhotplugmock.c | 15 +++
4 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/src/libvirt_private.syms
hypervisor as well, so I just removed the copy in hypervisor.)
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 13 ++---
src/conf/domain_conf.h | 4 ++--
src/hypervisor/virhostdev.c | 8
src/hypervisor/virhostdev.h | 2 --
src/libvirt_private.syms| 5
ather than
searching modules.alias; this makes it possible to force binding of
vfio-pci if there is an issue with the auto-selected variant driver.
Signed-off-by: Laine Stump
---
src/util/virpci.c | 242 ++
1 file changed, 242 insertions(+)
diff --git a
its old usage (all the other
parts still apply, at least functionally, to the new usage). The name
change (which includes enum values) does cause a lot of churn, but
it's all mechanical.
Signed-off-by: Laine Stump
---
src/conf/device_conf.c | 9 +
src/conf/device_c
#x27;" was changed to "type='vfio'" were in in status
XML or only the *output* XML for a test (except the case of the
virnetworkportxml2xmltest, which doesn't have a separate directory for
the XML result; fortunately the converged parsing of between
domain/network/networkp
for a slightly different (but related) use.
Signed-off-by: Laine Stump
---
tests/qemuxml2argvdata/hostdev-pci-address-unassigned.xml | 4
tests/qemuxml2argvdata/hostdev-pci-multifunction.xml | 7 ---
tests/qemuxml2argvdata/hostdev-vfio-multidomain.xml | 1 -
.../hostdev-v
otten out of sync over time) and replaces its
uses with a virDeviceHostdevPCIDriverInfo (which is a struct that
contains a virDeviceHostdevPCIDriverType).
Signed-off-by: Laine Stump
---
src/conf/domain_conf.c | 48 +++-
src/conf/network_conf.c
sults, so the unit test data is
modified accordingly.
Signed-off-by: Laine Stump
---
src/libxl/libxl_domain.c | 65 +++
src/libxl/libxl_driver.c | 25 ---
tests/libxlxml2domconfigdata/moredevs-hvm.xml | 1 -
tests/xlconfigdata/t
On 10/23/23 9:39 AM, Jason Gunthorpe wrote:
On Mon, Oct 23, 2023 at 12:54:37AM -0400, Laine Stump wrote:
When we recently gained the ability to manually specify a driver to
bind to with virsh nodedev-detach, the fragility of this system became
apparent - if a user gives the driver name as
On 11/6/23 7:16 AM, Daniel P. Berrangé wrote:
On Mon, Nov 06, 2023 at 12:45:22PM +0100, Michal Prívozník wrote:
On 11/6/23 11:54, Andrea Bolognani wrote:
On Mon, Nov 06, 2023 at 10:26:36AM +, Daniel P. Berrangé wrote:
On Mon, Nov 06, 2023 at 02:21:16AM -0800, Andrea Bolognani wrote:
So do
ping
On 11/6/23 2:38 AM, Laine Stump wrote:
(Thisis "V2 of Part 2". "V1 of Part 2" is here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/5GF4N5D2HR37HIST3QZ6GXZ6CLIEWOVN/#5GF4N5D2HR37HIST3QZ6GXZ6CLIEWOVN
)
Part 1 (which simply made it possible
Re-ping :-)
On 11/6/23 2:38 AM, Laine Stump wrote:
(Thisis "V2 of Part 2". "V1 of Part 2" is here:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/5GF4N5D2HR37HIST3QZ6GXZ6CLIEWOVN/#5GF4N5D2HR37HIST3QZ6GXZ6CLIEWOVN
)
Part 1 (which simply made it p
,
since people have had issues with the patch twice now).
On a Monday in 2023, Laine Stump wrote:
Historically libvirt has treated the concept of "loadable kernel
module" and "device driver" as being effectively the same (at least in
the case of the vfio-pci driver
On 11/27/23 9:41 AM, Peter Krempa wrote:
On Mon, Nov 06, 2023 at 02:38:48 -0500, Laine Stump wrote:
Currently this enum is defined in domain_conf.h and named
virDomainHostdevSubsysPCIDriverType. I want to use it in parts of the
network and networkport config, so am moving its definition to
On 11/27/23 9:53 AM, Peter Krempa wrote:
@@ -29973,14 +29973,10 @@ virDomainNetDefActualToNetworkPort(virDomainDef *dom,
break;
case VIR_DEVICE_HOSTDEV_PCI_DRIVER_TYPE_XEN:
-virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("Une
On 11/27/23 10:03 AM, Peter Krempa wrote:
On Mon, Nov 06, 2023 at 02:38:54 -0500, Laine Stump wrote:
The long-deprecated use of in domain xml
for devices was only ever necessary during the period when
libvirt (and the Linux kernel) supported both VFIO and "legacy KVM"
styles of host
On 11/27/23 10:12 AM, Peter Krempa wrote:
On Mon, Nov 06, 2023 at 02:38:55 -0500, Laine Stump wrote:
Xen only supports a single type of PCI hostdev assignment, so it is
superfluous to have peppered throughout the
config. It *is* necessary to have the driver type explicitly set in
the hosdev
On 11/28/23 9:58 AM, Peter Krempa wrote:
On Mon, Nov 06, 2023 at 02:38:57 -0500, Laine Stump wrote:
This patch makes it possible to manually specify which VFIO variant
driver to use for PCI hostdev device assignment, so that, e.g. you
could force use of the generic vfio-pci driver with
On 11/28/23 10:39 AM, Peter Krempa wrote:
On Mon, Nov 06, 2023 at 02:39:00 -0500, Laine Stump wrote:
Rather than always binding to the vfio-pci driver, use the new
function virPCIDeviceFindBestVFIOVariant() to see if the running
kernel has a VFIO variant driver available that is a better match
le needs to be loaded, look at the link in
/sys/module/$modulename/driver/pci:$drivername to determine the
name of the driver we need to bind to the device(rather than just
assuming the driver has the same name as the module
Signed-off-by: Laine Stump
---
Change from V1: I tried to simpl
This is done so that we can re-use the same parser/formatter for
and
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
src/conf/device_conf.c | 40
src/conf/device_conf.h | 7 +++
src/conf/domain_conf.c | 27 +--
3
the corresponding XML attribute
("driver name"). The name change (which includes enum values) does cause a
lot of churn, but it's all mechanical.
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
Change from V2: the name of the enum and its values has changed
(due to my
Now if a new attribute is added to , we only need to update
the formatting/parsing in one place.
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
src/conf/network_conf.c | 23 ---
src/conf/virnetworkportdef.c | 20 ++--
2 files changed, 10
er to see that the
upcoming patch that converges all four to use a common
parser/formatter is a functional NOP.
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
src/conf/domain_conf.c | 28
src/conf/network_conf.c | 26 --
src
otten out of sync over time) and replaces its
uses with a virDeviceHostdevPCIDriverInfo (which is a struct that
contains a virDeviceHostdevPCIDriverName).
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
src/conf/domain_conf.c | 43 ++--
src
hypervisor as well, so I just removed the copy in hypervisor.)
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
src/conf/domain_conf.c | 13 ++---
src/conf/domain_conf.h | 4 ++--
src/hypervisor/virhostdev.c | 8
src/hypervisor/virhostdev.h | 2 --
src
t; will become "driver.name".
This will allow easily adding other items for new attributes in the
element / C struct, which will be useful once we are using
this new struct in multiple places.
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
Change from V2: names
course results in slightly
different xml2xml parse-format results, so the unit test data is
modified accordingly.
Signed-off-by: Laine Stump
---
Change from V2: add note in source code that the default value set
internally for driver name during libxlPrepareDevices should never
change unless t
".
Patches 2-9 and 11 were already ACKed by Peter in V2 (several of them
conditionally based on some minor fixes that I have made). This leaves
only patches 1, 10, 12, and 13 that require an ACK (V2 had 15 patches,
but I removed two of them).
Laine Stump (13):
util: properly deal with VFI
, that will still be used rather than searching
modules.alias; this makes it possible to force binding of vfio-pci if
there is an issue with the auto-selected variant driver.
Signed-off-by: Laine Stump
---
Changes from V2:
* fail if device modalias file isn't found.
* use unsigned int inst
e normally (after applying a subsequent patch)
found a "better match" for a device in the active kernel's
modules.alias file. (The main potential use of this manual override
would probably be to work around a bug in a new VFIO variant driver by
temporarily not using that driver).
S
cified; as a part of making the two different
choices each a complete element (rather than each being a
collection of attributes and subelements) these extra
attributes/subelements that were irrelevant to the hostdev-type
were made to be valid only for an emulated interface's
.
Signed-off-by
river name attribute).
Signed-off-by: Laine Stump
Reviewed-by: Peter Krempa
---
Change from V2: eliminated more occurences in
test XML, made possible by moving the "replace virHostdevisVFIODevice
..." patch in front of this one.
docs/formatdomain.rst
On 1/5/24 8:46 AM, Peter Krempa wrote:
On Fri, Jan 05, 2024 at 03:20:16 -0500, Laine Stump wrote:
Rather than always binding to the vfio-pci driver, use the new
function virPCIDeviceFindBestVFIOVariant() to see if the running
kernel has a VFIO variant driver available that is a better match for
On 1/5/24 7:36 AM, Peter Krempa wrote:
On Fri, Jan 05, 2024 at 03:20:15 -0500, Laine Stump wrote:
This patch makes it possible to manually specify which VFIO variant
driver to use for PCI hostdev device assignment, so that, e.g. you
could force use of a VFIO "variant" driver, with e.g
On 1/5/24 9:22 AM, Peter Krempa wrote:
On Fri, Jan 05, 2024 at 03:20:04 -0500, Laine Stump wrote:
Historically libvirt hasn't differentiated between the name of a
loadable kernel module, and the name of the device driver that module
implements, but these two names can be (and usually ar
On 1/5/24 10:30 AM, Peter Krempa wrote:
On Fri, Jan 05, 2024 at 10:06:13 -0500, Laine Stump wrote:
On 1/5/24 8:46 AM, Peter Krempa wrote:
On Fri, Jan 05, 2024 at 03:20:16 -0500, Laine Stump wrote:
Rather than always binding to the vfio-pci driver, use the new
function
On 1/5/24 3:03 PM, Peter Krempa wrote:
On Fri, Jan 05, 2024 at 03:20:04 -0500, Laine Stump wrote:
Historically libvirt hasn't differentiated between the name of a
loadable kernel module, and the name of the device driver that module
implements, but these two names can be (and usually ar
Signed-off-by: Laine Stump
---
NEWS.rst | 9 +
1 file changed, 9 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index af3c4906df..fed50aae86 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -37,6 +37,15 @@ v10.0.0 (unreleased)
``virDomainBlockResize`` allows resizing a block-device backed
On 1/15/24 3:33 AM, Michal Prívozník wrote:
On 1/15/24 00:01, Laine Stump wrote:
Signed-off-by: Laine Stump
---
NEWS.rst | 9 +
1 file changed, 9 insertions(+)
Reviewed-by: Michal Privoznik
and merged in case you didn't wake up in time before Jirka makes new
release.
T
virPCIDeviceBindToStub() as the driver that it binds the device to.
Fixes: 8b93d78c8325f1fba5db98848350f3db43f5e7d5
Signed-off-by: Laine Stump
---
src/hypervisor/virhostdev.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/hypervisor/virhostdev.c b/src/hypervisor/virhostdev.c
index 40f8a4bc2c
sily readable
by a human (there is a separate element for each option of each
commandline), so I haven't decided if it's worthwhile. (Alternately,
if I leave it as is, maybe I should change the element name to
? Does anyone have an opinion?)
Laine Stump (27):
util/network: move virip
ned-off-by: Laine Stump
---
po/POTFILES | 2 +-
src/libvirt_private.syms | 31 ---
src/network/bridge_driver_linux.c | 2 +-
src/network/meson.build | 1 +
.../network_
x27;s permanently check for it.
Signed-off-by: Laine Stump
---
src/util/virfirewall.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index 902cb8e445..1897a66070 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -538,6 +5
same time). We can just as well add in the
-w/--concurrent during virFirewallApplyCmd, so move the arg-add to
ApplyCmd to keep AddCmd simple.
Signed-off-by: Laine Stump
---
src/util/virfirewall.c | 27 +--
1 file changed, 13 insertions(+), 14 deletions(-)
diff --git a/src
Now that the toplevel iptables functions have been moved out of the
linux bridge driver into network_iptables.c, all of the utility
functions are used only within that same file, so simplify it.
Signed-off-by: Laine Stump
---
src/network/network_iptables.c | 52 ++---
src/network
() rather than cluttering up the argument list on the
entire call chain.
Signed-off-by: Laine Stump
---
src/util/virfirewall.c | 28 +---
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index a57a79d4ce..5
aming the values to IPTABLES_ACTION_*, and taking
advantage of the newly defined (via VIR_ENUM_DECL/IMPL)
iptablesActionTypeToString() to replace all the ternary operators used
to translate the enum into a string for the iptables commandline with
iptablesActionTypeToString().
Signed-off-by: Laine
Signed-off-by: Laine Stump
---
libvirt.spec.in | 3 ++
src/network/libvirtd_network.aug | 36
src/network/meson.build | 11
src/network/network.conf | 3 ++
src/network
Signed-off-by: Laine Stump
---
src/network/network_iptables.c | 51 +++---
1 file changed, 29 insertions(+), 22 deletions(-)
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
index 8d32d30980..45907dd2da 100644
--- a/src/network
the necessary argument to specify backend).
(If it turns out to be significant, we could optimize this by checking
for chainInitDone outside the lock guard, returning immediately if
it's already set, and then moving the setting of chainInitDone up to
the top of the guarded section.)
Signed-off-by:
r the network when it is destroyed.
Signed-off-by: Laine Stump
---
src/network/network_iptables.c | 15 +++
tests/networkxml2firewalltest.c | 9 -
2 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
is in the code).
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 3 +++
src/network/network_iptables.c| 6 +++---
src/nwfilter/nwfilter_ebiptables_driver.c | 16
src/util/virebtables.c| 4 ++--
src/util/virfirewall.c
These functions convert a virFirewall object to/from XML so that it
can be serialized to disk (in a virNetworkObj's status file) and
restored later (e.g. after libvirtd/virtnetworkd is restarted).
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 2 +
src/util/virfirewall.c
bles binary is present on the system and set
firewallBackend to iptables; if not, it will be left as "unset", which
(once multiple backends are available) will trigger an appropriate
error message the first time we attempt to add a rule.
Signed-off-by: Laine Stump
---
src/networ
ff-by: Laine Stump
---
src/network/bridge_driver_linux.c | 556 +
src/network/network_iptables.c| 562 +-
src/network/network_iptables.h| 7 +-
3 files changed, 574 insertions(+), 551 deletions(-)
diff --git a/src/ne
: 6aa2fa38b04b802f137e51ebbeb4ca9b67487575
Signed-off-by: Laine Stump
---
meson.build | 3 ---
src/network/bridge_driver_conf.c | 2 ++
src/util/virfirewall.h | 5 +
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/meson.build b/meson.build
index
to perform the firewall removal.
Signed-off-by: Laine Stump
---
src/conf/virnetworkobj.c| 1 +
src/network/bridge_driver.c | 8 +++-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/conf/virnetworkobj.c b/src/conf/virnetworkobj.c
index 3501c8cab7..0012aaa0a2 100644
--- a
it to the XML when formatted, parse
it from the XML when reading network status, and free the virFirewall
object when the virNetworkObj is freed.
Signed-off-by: Laine Stump
---
src/conf/virnetworkobj.c | 39 +++
src/conf/virnetworkobj.h | 11 ++
ables support right by making it the default.
In the extremely unlikely case that this causes a problem for anyone,
they can work around the failure by adding " to
the guest element.
Signed-off-by: Laine Stump
---
src/network/bridge_driver_conf.c | 6 +++---
src/network/ne
arted libvirtd/virtnetworkd will remove all the
rules that had been previously added (based on the network status),
and then add new rules (saving the new removal commands back into the
network status)
Signed-off-by: Laine Stump
==
NB: the current implementation saves only the commands necessa
sactionGetFlags() API),
and 2) add a new command to the current group's rollback command list (with
the new virFirewallAddRollbackCmd()).
We will actually use this capability in an upcoming patch.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/util/virfirewall.c | 55 +
k.
Signed-off-by: Laine Stump
---
src/libvirt_private.syms | 1 +
src/util/virfirewall.c | 59
src/util/virfirewall.h | 1 +
3 files changed, 61 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 1a9e996879..e3dcb35
The only reason for requiring these was so that meson could search for
the binary location, and the previous patch eliminated that, so we no
longer need them at build time.
Signed-off-by: Laine Stump
---
libvirt.spec.in | 2 --
1 file changed, 2 deletions(-)
diff --git a/libvirt.spec.in b
firewall, we can just run those commands.
This isn't yet used anywhere, since
VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK isn't being set.
Signed-off-by: Laine Stump
---
src/util/virfirewall.c | 55 --
1 file changed, 48 insertions(+), 7 deletions(-)
diff -
ackage is a bit
premature, since it currently will always require iptables and
ebtables to function properly, but changing those to Recommends leads
to a much smaller list of dependent packages removed by "dnf rm
iptables/ebtables").
Signed-off-by: Laine Stump
---
libvirt.spec.in | 7 +
.
Signed-off-by: Laine Stump
---
.../{base.args => base.iptables} | 0
tests/networkxml2firewalldata/base.nftables | 256 ++
...-linux.args => nat-default-linux.iptables} | 0
.../nat-default-linux.nftables| 248 +
...pv6-linux.args =>
change in behavior
between the iptables and nftables backends is that noted in item (2)
above, we could instead decide to make nftables the default backend
rather than iptables - it all depends on how important it is to work
properly on 15 year old guest OSes using DHCP with virtio-net
interfaces)
e modified commandline, I rebooted the machine and the
pre-existing "stale" interfaces were still there, but the one I had just
created with transient=true was gone.
Reviewed-by: Laine Stump
___
Devel mailing list -- devel@lists.libvirt.org
To unsubscribe send an email to devel-le...@lists.libvirt.org
On 4/23/24 6:10 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:18PM -0400, Laine Stump wrote:
(This paragraph is for historical reference only, described only to
avoid confusion of past use of the name with its new use) In a past
life, virFirewallBackend had been a private static
On 4/23/24 6:17 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:20PM -0400, Laine Stump wrote:
It still can have only one useful value ("iptables"), but once a 2nd
value is supported, it will be selectable by setting
"firewall_backend=nftables" in /etc/libvi
On 4/23/24 6:21 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:21PM -0400, Laine Stump wrote:
>> [...]
+static int
+networkFirewallSetupPrivateChains(virFirewallBackend backend,
+ virFirewallLayer layer)
+{
+switch (backend) {
+
On 4/23/24 6:40 AM, Daniel P. Berrangé wrote:
I wonder if we shouldn't make the default firewall backend be
a meson_options.txt parameter.
Good idea!
If a distro rebases libvirt in their existing release, they
probably don't want the firewall backend silently changing
as a side effect. A me
On 4/23/24 6:46 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:35PM -0400, Laine Stump wrote:
We really shouldn't be requiring ebtables and iptables any more, since
they don't always need to be used. Likewise, we probably should at
least Recommend nftables, even though i
On 4/23/24 5:52 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:09PM -0400, Laine Stump wrote:
These functions are only ever used by the network driver, and are so
specific to the network driver's usage of iptables that they likely
won't ever be used elsewhere. The files a
On 4/23/24 6:53 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:24PM -0400, Laine Stump wrote:
diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c
index 3a9f409e2a..e61787daec 100644
--- a/tests/networkxml2firewalltest.c
+++ b/tests
On 4/23/24 6:59 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:26PM -0400, Laine Stump wrote:
+ */
+int
+virFirewallParseXML(virFirewall **firewall,
+xmlNodePtr node,
+xmlXPathContextPtr ctxt)
+{
[...]
+nargs = virXPathNodeSet
On 4/23/24 7:15 AM, Daniel P. Berrangé wrote:
On Sun, Apr 21, 2024 at 10:53:32PM -0400, Laine Stump wrote:
Support using nftables to setup the firewall for each virtual network,
rather than iptables. The initial implementation of the nftables
backend creates (almost) exactly the same ruleset as
On 4/23/24 1:42 PM, Daniel P. Berrangé wrote:
On Tue, Apr 23, 2024 at 01:27:05PM -0400, Laine Stump wrote:
[...]
On 4/23/24 7:15 AM, Daniel P. Berrangé wrote:
What are the uniqueness guarantees of handle numbers.
Each table has a monotonically increasing counter (I'd assume at lea
ned-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
Change from V2:
* remove unneded #include "virenum.h"
po/POTFILES | 2 +-
src/libvirt_private.syms | 31 ---
src/network/bridge_driver_linux.c
Now that the toplevel iptables functions have been moved out of the
linux bridge driver into network_iptables.c, all of the utility
functions are used only within that same file, so simplify it.
Signed-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
src/network/network_iptables.c | 52
for any firewall backend now
results in an error log and termination of the daemon.
Laine Stump (27):
util/network: move viriptables.[ch] from util to network directory
network: move all functions manipulating iptables rules into
network_iptables.c
network: make all iptables function
ff-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
src/network/bridge_driver_linux.c | 556 +
src/network/network_iptables.c| 562 +-
src/network/network_iptables.h| 7 +-
3 files changed, 574 insertions(+), 551 deletions(-)
aming the values to IPTABLES_ACTION_*, and taking
advantage of the newly defined (via VIR_ENUM_DECL/IMPL)
iptablesActionTypeToString() to replace all the ternary operators used
to translate the enum into a string for the iptables commandline with
iptablesActionTypeToString().
Signed-off-by: Laine
same time). We can just as well add in the
-w/--concurrent during virFirewallApplyCmd, so move the arg-add to
ApplyCmd to keep AddCmd simple.
Signed-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
src/util/virfirewall.c | 27 +--
1 file changed, 13 insertions(+), 14
() rather than cluttering up the argument list on the
entire call chain.
Signed-off-by: Laine Stump
Reviewed-by: Daniel P. Berrangé
---
src/util/virfirewall.c | 28 +---
1 file changed, 13 insertions(+), 15 deletions(-)
diff --git a/src/util/virfirewall.c b/src/util/virf
1 - 100 of 434 matches
Mail list logo
