On 6/12/24 9:18 AM, Andrea Bolognani wrote:
On Wed, Jun 12, 2024 at 08:42:48AM GMT, Laine Stump wrote:
On 6/12/24 6:47 AM, Daniel P. Berrangé wrote:
On Wed, Jun 12, 2024 at 03:27:24AM -0700, Andrea Bolognani wrote:
[...] I'd be extremely surprised to learn that
guest network connectivity hasn't worked on FreeBSD all this time.
Surely that can't be right! Roman, what am I missing?
This is only the libvirt virtual network backend. I presume BSD hosted
guests could just use one of the other network backend options.
Based on the wording of Roman's initial message, I wondered if possibly
people had been using the virtual network driver with <forward mode='open'/>
- this wouldn't ever call any firewall functions, so it should succeed.
It looks like it fails before it can even get to the point where
firewall rules would be created:
# virsh net-start default
error: Failed to start network default
error: Unable to create bridge device: Invalid argument
Okay, then I guess I read too much into what Roman said:
I noticed that now I cannot use the bridge driver
on FreeBSD as it's failing to initialize both
iptables and nftables backends
I figured that meant the bridge driver (aka the network driver) had
previously been usable on FreeBSD, but if your test is typical, then
that's not the case; maybe only <interface type='bridge'> works, and
Roman just assumed that the network driver was needed in order for that
to function.
If a platform supports standard tap devices (which FreeBSD does), the
three things the network driver needs to function properly are 1) a
functioning firewall backend, 2) dnsmasq, and 3) the ability to manage a
bridge device (all the functions in virnetdevbridge.c). (1) is obviously
missing, but (2) is present on FreeBSD, and it looks like, at least for
some *BSDs, (3) is also available (there is a build-time flag
WITH_BSD_BRIDGE_MGMT that is set if certain ioctls are defined in
net/if_bridgevar.h).
Is WITH_BSD_BRIDGE_MGMT set in your FreeBSD build? Does
net/if_bridgevar.h exist?
For reference, here's what the configuration looks like:
# virsh net-dumpxml default
<network>
<name>default</name>
<uuid>2bd47e50-eab7-4988-b7a5-7da41a53f9c8</uuid>
<forward mode='open'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:f2:ce:e4'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
I'm
pretty sure none of the other network types are supported on BSD
(macvtap/direct, or pools of SRIOV VFs used via VFIO device assignment).
Maybe <interface type='bridge'> works?
I'm not even sure why the network driver is enabled on FreeBSD in the
first place. Only the QEMU driver can use it, right? And that's
compiled out by default on FreeBSD, if I'm interpreting the port[1]
correctly. So, at the very least, I would expect the network driver
to only be enabled when the QEMU driver is, i.e. not in the default
binary package.
[1] https://github.com/freebsd/freebsd-ports/blob/main/devel/libvirt/Makefile
