On 11/22/24 22:16, Laine Stump wrote: > Patch 4/4 explains the problem and how these patches fix it. Assuming > no problems are found (none so far) this should go into 10.10.0, as it > solves a regression caused by switching the network driver to the > nftables backend. > > There was a prior attempt at fixing this that was accepted, pushed, > bugs were discovered, and it was reverted (see Patch 4/4 for details). This will hopefully be the final attempt. > > Please test with as many different guests as possible, both with > nftables backend and iptables backend, and using different guest > interface types, etc. > > Laine Stump (5): > util: make it optional to clear existing tc qdiscs/filters in > virNetDevBandwidthSet() > util: put the command that adds a tx filter qdisc into a separate > function > util: don't re-add the qdisc used for tx filters if it already exists > util: add new "raw" layer for virFirewallCmd objects > network: add tc filter rule to nftables backend to fix checksum of > DHCP responses > > src/libvirt_private.syms | 1 + > src/lxc/lxc_driver.c | 2 +- > src/lxc/lxc_process.c | 2 +- > src/network/bridge_driver.c | 4 +- > src/network/network_nftables.c | 69 +++++++++++++++++ > src/qemu/qemu_command.c | 2 +- > src/qemu/qemu_driver.c | 3 +- > src/qemu/qemu_hotplug.c | 4 +- > src/util/virfirewall.c | 74 ++++++++++++------- > src/util/virfirewall.h | 1 + > src/util/virfirewalld.c | 1 + > src/util/virnetdevbandwidth.c | 70 ++++++++++++++++-- > src/util/virnetdevbandwidth.h | 4 + > .../forward-dev-linux.nftables | 40 ++++++++++ > .../isolated-linux.nftables | 40 ++++++++++ > .../nat-default-linux.nftables | 40 ++++++++++ > .../nat-ipv6-linux.nftables | 40 ++++++++++ > .../nat-ipv6-masquerade-linux.nftables | 40 ++++++++++ > .../nat-many-ips-linux.nftables | 40 ++++++++++ > .../nat-no-dhcp-linux.nftables | 40 ++++++++++ > .../nat-port-range-ipv6-linux.nftables | 40 ++++++++++ > .../nat-port-range-linux.nftables | 40 ++++++++++ > .../nat-tftp-linux.nftables | 40 ++++++++++ > .../route-default-linux.nftables | 40 ++++++++++ > tests/virnetdevbandwidthtest.c | 5 +- > 25 files changed, 639 insertions(+), 43 deletions(-) > I too tested this and it works. Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal