Re: [PATCH v2 0/6] network: fix dhcp response packet checksums on virtual networks

On 11/26/24 13:17, Michal Prívozník wrote: > On 11/26/24 04:24, Laine Stump wrote: >> Patch 6/6 explains the problem and how these patches fix it. Assuming >> no problems are found (none so far) this should go into 10.10.0, as it >> solves a regression caused by switching the network driver to the >> nftables backend. >> >> There was a prior attempt at fixing this that was accepted, pushed, >> bugs were discovered, and it was reverted (see Patch 6/6 for >> details). This will hopefully be the final attempt. >> >> The differences from V1 are: >> >> * use a single "flags" argument rather than 3 bools when calling >> virNetDevBandwidthSet() (Patch 1/5 turned into 1/6 & 2/6) >> >> * be more lenient about what constitutes a "match" when looking at the >> output of "tc qdisc show" (Patch 3/5 turned into 4/6 >> >> * call the new virFirewall layer "tc" rather than "raw", making it >> specific to "tc" (Patch 4/5 turned into 5/6) >> >> There may still be some disagreement about putting the tc commands in >> the virFirewall, but I wanted to get this sent to save time in case my >> argument was convincing :-) >> >> Laine Stump (6): >> util: use a single flags arg for virNetDevBandwidthSet(), not multiple >> bools >> util: make it optional to clear existing tc qdiscs/filters in >> virNetDevBandwidthSet() >> util: put the command that adds a tx filter qdisc into a separate >> function >> util: don't re-add the qdisc used for tx filters if it already exists >> util: add new "tc" layer for virFirewallCmd objects >> network: add tc filter rule to nftables backend to fix checksum of >> DHCP responses >> >> src/libvirt_private.syms | 1 + >> src/lxc/lxc_driver.c | 8 +- >> src/lxc/lxc_process.c | 8 +- >> src/network/bridge_driver.c | 10 +- >> src/network/network_nftables.c | 69 +++++++++++ >> src/qemu/qemu_command.c | 11 +- >> src/qemu/qemu_driver.c | 29 ++--- >> src/qemu/qemu_hotplug.c | 22 +++- >> src/util/virfirewall.c | 66 +++++++---- >> src/util/virfirewall.h | 1 + >> src/util/virfirewalld.c | 1 + >> src/util/virnetdevbandwidth.c | 110 ++++++++++++++---- >> src/util/virnetdevbandwidth.h | 15 ++- >> .../forward-dev-linux.nftables | 40 +++++++ >> .../isolated-linux.nftables | 40 +++++++ >> .../nat-default-linux.nftables | 40 +++++++ >> .../nat-ipv6-linux.nftables | 40 +++++++ >> .../nat-ipv6-masquerade-linux.nftables | 40 +++++++ >> .../nat-many-ips-linux.nftables | 40 +++++++ >> .../nat-no-dhcp-linux.nftables | 40 +++++++ >> .../nat-port-range-ipv6-linux.nftables | 40 +++++++ >> .../nat-port-range-linux.nftables | 40 +++++++ >> .../nat-tftp-linux.nftables | 40 +++++++ >> .../route-default-linux.nftables | 40 +++++++ >> tests/virnetdevbandwidthtest.c | 12 +- >> 25 files changed, 724 insertions(+), 79 deletions(-) >> > > Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com&gt; > > Michal Actually, I went ahead and merged these per Jirka's (almost in person) request as he wants to enter the freeze soon.