On 11/26/24 04:24, Laine Stump wrote: > Patch 6/6 explains the problem and how these patches fix it. Assuming > no problems are found (none so far) this should go into 10.10.0, as it > solves a regression caused by switching the network driver to the > nftables backend. > > There was a prior attempt at fixing this that was accepted, pushed, > bugs were discovered, and it was reverted (see Patch 6/6 for > details). This will hopefully be the final attempt. > > The differences from V1 are: > > * use a single "flags" argument rather than 3 bools when calling > virNetDevBandwidthSet() (Patch 1/5 turned into 1/6 & 2/6) > > * be more lenient about what constitutes a "match" when looking at the > output of "tc qdisc show" (Patch 3/5 turned into 4/6 > > * call the new virFirewall layer "tc" rather than "raw", making it > specific to "tc" (Patch 4/5 turned into 5/6) > > There may still be some disagreement about putting the tc commands in > the virFirewall, but I wanted to get this sent to save time in case my > argument was convincing :-) > > Laine Stump (6): > util: use a single flags arg for virNetDevBandwidthSet(), not multiple > bools > util: make it optional to clear existing tc qdiscs/filters in > virNetDevBandwidthSet() > util: put the command that adds a tx filter qdisc into a separate > function > util: don't re-add the qdisc used for tx filters if it already exists > util: add new "tc" layer for virFirewallCmd objects > network: add tc filter rule to nftables backend to fix checksum of > DHCP responses > > src/libvirt_private.syms | 1 + > src/lxc/lxc_driver.c | 8 +- > src/lxc/lxc_process.c | 8 +- > src/network/bridge_driver.c | 10 +- > src/network/network_nftables.c | 69 +++++++++++ > src/qemu/qemu_command.c | 11 +- > src/qemu/qemu_driver.c | 29 ++--- > src/qemu/qemu_hotplug.c | 22 +++- > src/util/virfirewall.c | 66 +++++++---- > src/util/virfirewall.h | 1 + > src/util/virfirewalld.c | 1 + > src/util/virnetdevbandwidth.c | 110 ++++++++++++++---- > src/util/virnetdevbandwidth.h | 15 ++- > .../forward-dev-linux.nftables | 40 +++++++ > .../isolated-linux.nftables | 40 +++++++ > .../nat-default-linux.nftables | 40 +++++++ > .../nat-ipv6-linux.nftables | 40 +++++++ > .../nat-ipv6-masquerade-linux.nftables | 40 +++++++ > .../nat-many-ips-linux.nftables | 40 +++++++ > .../nat-no-dhcp-linux.nftables | 40 +++++++ > .../nat-port-range-ipv6-linux.nftables | 40 +++++++ > .../nat-port-range-linux.nftables | 40 +++++++ > .../nat-tftp-linux.nftables | 40 +++++++ > .../route-default-linux.nftables | 40 +++++++ > tests/virnetdevbandwidthtest.c | 12 +- > 25 files changed, 724 insertions(+), 79 deletions(-) > Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> Michal