Re: [PATCH] nwfilter: Remove 'qemu-announce-self' example

On Mon, Jul 07, 2025 at 09:03:06AM +0200, Peter Krempa via Devel wrote: > From: Peter Krempa <pkrempa(a)redhat.com&gt; > > The example allows packets sent by qemu after migration with broken > protocol ID. The proper self announce is handled via > 'qemu-announce-self-rarp'. > > The qemu bug was addressed by f8778a7785d530515b0db39 (released as > v0.13.0). As we no longer support such old qemus, and allowing broken > packets makes no sense remove the filter, and adjust the existing ones > to refer to the proper name. > > Closes: https://gitlab.com/libvirt/libvirt/-/issues/792 > Signed-off-by: Peter Krempa <pkrempa(a)redhat.com&gt; > diff --git a/src/nwfilter/xml/qemu-announce-self.xml b/src/nwfilter/xml/qemu-announce-self.xml > deleted file mode 100644 > index 352db500de..0000000000 > --- a/src/nwfilter/xml/qemu-announce-self.xml > +++ /dev/null > @@ -1,13 +0,0 @@ > -<filter name='qemu-announce-self' chain='root'> > - <!-- as of 4/26/2010 qemu sends out a bogus packet with > - wrong rarp protocol ID --> > - <!-- accept what is being sent now --> > - <rule action='accept' direction='out'> > - <mac protocolid='0x835'/> > - </rule> > - > - <!-- accept if it was changed to rarp --> > - <filterref filter='qemu-announce-self-rarp'/> > - <filterref filter='no-other-rarp-traffic'/> > - > -</filter> Deleting this filter entirely risks upgrade problems for apps if they're referencing, which is quite possible given it was one of our standard filters for decades.

Perhaps keep it, but cut down rules such that it acts exactly as an alias of qemu-announce-self-rarp.