Re: [PATCH v2 0/6] network: fix dhcp response packet checksums on virtual networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/26/24 8:39 AM, Michal Prívozník wrote:
On 11/26/24 13:17, Michal Prívozník wrote:
On 11/26/24 04:24, Laine Stump wrote:
Patch 6/6 explains the problem and how these patches fix it. Assuming
no problems are found (none so far) this should go into 10.10.0, as it
solves a regression caused by switching the network driver to the
nftables backend.

There was a prior attempt at fixing this that was accepted, pushed,
bugs were discovered, and it was reverted (see Patch 6/6 for
details). This will hopefully be the final attempt.

The differences from V1 are:

* use a single "flags" argument rather than 3 bools when calling
   virNetDevBandwidthSet() (Patch 1/5 turned into 1/6 & 2/6)

* be more lenient about what constitutes a "match" when looking at the
   output of "tc qdisc show" (Patch 3/5 turned into 4/6

* call the new virFirewall layer "tc" rather than "raw", making it
   specific to "tc" (Patch 4/5 turned into 5/6)

There may still be some disagreement about putting the tc commands in
the virFirewall, but I wanted to get this sent to save time in case my
argument was convincing :-)

Laine Stump (6):
   util: use a single flags arg for virNetDevBandwidthSet(), not multiple
     bools
   util: make it optional to clear existing tc qdiscs/filters in
     virNetDevBandwidthSet()
   util: put the command that adds a tx filter qdisc into a separate
     function
   util: don't re-add the qdisc used for tx filters if it already exists
   util: add new "tc" layer for virFirewallCmd objects
   network: add tc filter rule to nftables backend to fix checksum of
     DHCP responses

  src/libvirt_private.syms                      |   1 +
  src/lxc/lxc_driver.c                          |   8 +-
  src/lxc/lxc_process.c                         |   8 +-
  src/network/bridge_driver.c                   |  10 +-
  src/network/network_nftables.c                |  69 +++++++++++
  src/qemu/qemu_command.c                       |  11 +-
  src/qemu/qemu_driver.c                        |  29 ++---
  src/qemu/qemu_hotplug.c                       |  22 +++-
  src/util/virfirewall.c                        |  66 +++++++----
  src/util/virfirewall.h                        |   1 +
  src/util/virfirewalld.c                       |   1 +
  src/util/virnetdevbandwidth.c                 | 110 ++++++++++++++----
  src/util/virnetdevbandwidth.h                 |  15 ++-
  .../forward-dev-linux.nftables                |  40 +++++++
  .../isolated-linux.nftables                   |  40 +++++++
  .../nat-default-linux.nftables                |  40 +++++++
  .../nat-ipv6-linux.nftables                   |  40 +++++++
  .../nat-ipv6-masquerade-linux.nftables        |  40 +++++++
  .../nat-many-ips-linux.nftables               |  40 +++++++
  .../nat-no-dhcp-linux.nftables                |  40 +++++++
  .../nat-port-range-ipv6-linux.nftables        |  40 +++++++
  .../nat-port-range-linux.nftables             |  40 +++++++
  .../nat-tftp-linux.nftables                   |  40 +++++++
  .../route-default-linux.nftables              |  40 +++++++
  tests/virnetdevbandwidthtest.c                |  12 +-
  25 files changed, 724 insertions(+), 79 deletions(-)


Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>

Michal

Actually, I went ahead and merged these per Jirka's (almost in person)
request as he wants to enter the freeze soon.

Okay, thanks!




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux