From nobody Sun Feb  8 16:50:12 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1563897924; cv=none;
	d=zoho.com; s=zohoarc;
	b=CZ0C2JKLgH+OOdIzJaLa3vEjuA94FqPxc19TjkepVE5n+bSC6+RKHfQm2sA3mQMkW4QRlmaVBG+KyY0E09VHMyRMXQQM0ob7ONdRt/q65jy2BBx/RJatWOkHh9o8ZqfKCnhF2Wh9lk7C+U/Bxx/iKyUlIzJzQJ5Bu6Nf6oFeRic=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1563897924;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=WiPcl951rAS7mH9QZgCNDZajx82VbEdoZlob8AL7pRU=;
	b=RpdKS6CYxkMH8oPBvZioRtymTL+aDH/zM8uE3Rh16wj4/dqk8lZGNJUEupZ+XkdTPBFYiopAq0qaScvBVz93ERbUp6oBFEfkvmU/yYXJzDbPlLq43ds+JOwKOkN0vR/eyrnKa2xYt/r/yG+ytQ6z7dMfmmiOXF4iXIo9Zpvx3X8=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1563897924814999.2143533510139;
 Tue, 23 Jul 2019 09:05:24 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 83376A3EA1;
	Tue, 23 Jul 2019 16:05:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5731A5C6CF;
	Tue, 23 Jul 2019 16:05:23 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 18B9618045CF;
	Tue, 23 Jul 2019 16:05:23 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
	[10.5.11.16])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x6NG5DH5025183 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 23 Jul 2019 12:05:13 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 946BA5C8A8; Tue, 23 Jul 2019 16:05:13 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.36.112.10])
	by smtp.corp.redhat.com (Postfix) with ESMTP id C04865C22D;
	Tue, 23 Jul 2019 16:05:12 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 23 Jul 2019 17:03:03 +0100
Message-Id: <20190723160319.18153-26-berrange@redhat.com>
In-Reply-To: <20190723160319.18153-1-berrange@redhat.com>
References: <20190723160319.18153-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH 25/41] nwfilter: introduce virtnwfilterd daemon
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]);
 Tue, 23 Jul 2019 16:05:24 +0000 (UTC)

The virtnwfilterd daemon will be responsible for providing the nwfilter API
driver functionality. The nwfilter driver is still loaded by the main
libvirtd daemon at this stage, so virtnwfilterd must not be running at
the same time.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 .gitignore                            |  4 ++
 libvirt.spec.in                       |  8 ++++
 src/nwfilter/Makefile.inc.am          | 62 +++++++++++++++++++++++++++
 src/nwfilter/virtnwfilterd.service.in | 24 +++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 src/nwfilter/virtnwfilterd.service.in

diff --git a/.gitignore b/.gitignore
index ada72fd618..b93fd1b044 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,6 +163,9 @@
 /src/node_device/test_virtnodedevd.aug
 /src/node_device/virtnodedevd.aug
 /src/node_device/virtnodedevd.conf
+/src/nwfilter/test_virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.conf
 /src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
@@ -189,6 +192,7 @@
 /src/virtlogd
 /src/virtnetworkd
 /src/virtnodedevd
+/src/virtnwfilterd
 /src/virtproxyd
 /src/virtsecretd
 /src/virtstoraged
diff --git a/libvirt.spec.in b/libvirt.spec.in
index c0b880d569..ae1a278152 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1653,6 +1653,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
=20
 %files daemon-driver-nwfilter
+%config(noreplace) %{_sysconfdir}/libvirt/virtnwfilterd.conf
+%{_datadir}/augeas/lenses/virtnwfilterd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnwfilterd.aug
+%{_unitdir}/virtnwfilterd.service
+%{_unitdir}/virtnwfilterd.socket
+%{_unitdir}/virtnwfilterd-ro.socket
+%{_unitdir}/virtnwfilterd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
 %ghost %dir %{_localstatedir}/run/libvirt/network/
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
diff --git a/src/nwfilter/Makefile.inc.am b/src/nwfilter/Makefile.inc.am
index 810ca54bcc..3142c1298b 100644
--- a/src/nwfilter/Makefile.inc.am
+++ b/src/nwfilter/Makefile.inc.am
@@ -41,4 +41,66 @@ libvirt_driver_nwfilter_impl_la_LIBADD =3D \
 	../gnulib/lib/libgnu.la \
 	$(NULL)
 libvirt_driver_nwfilter_impl_la_SOURCES =3D $(NWFILTER_DRIVER_SOURCES)
+
+sbin_PROGRAMS +=3D virtnwfilterd
+
+nodist_conf_DATA +=3D nwfilter/virtnwfilterd.conf
+augeas_DATA +=3D nwfilter/virtnwfilterd.aug
+augeastest_DATA +=3D nwfilter/test_virtnwfilterd.aug
+CLEANFILES +=3D nwfilter/virtnwfilterd.aug
+
+virtnwfilterd_SOURCES =3D $(REMOTE_DAEMON_SOURCES)
+virtnwfilterd_CFLAGS =3D \
+       $(REMOTE_DAEMON_CFLAGS) \
+       -DDAEMON_NAME=3D"\"virtnwfilterd\"" \
+       -DMODULE_NAME=3D"\"nwfilter\"" \
+       $(NULL)
+virtnwfilterd_LDFLAGS =3D $(REMOTE_DAEMON_LD_FLAGS)
+virtnwfilterd_LDADD =3D $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES +=3D \
+	virtnwfilterd.service \
+	virtnwfilterd.socket \
+	virtnwfilterd-ro.socket \
+	virtnwfilterd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN +=3D \
+	nwfilter/virtnwfilterd.service.in \
+	$(NULL)
+
+VIRTNWFILTERD_UNIT_VARS =3D \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt nwfilter|g' \
+	-e 's|[@]service[@]|virtnwfilterd|g' \
+	-e 's|[@]sockprefix[@]|virtnwfilterd|g' \
+	$(NULL)
+
+virtnwfilterd.service: nwfilter/virtnwfilterd.service.in $(top_builddir)/c=
onfig.status
+	$(AM_V_GEN)sed $(VIRTNWFILTERD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+virtnwfilter%.socket: remote/libvirt%.socket.in $(top_builddir)/config.sta=
tus
+	$(AM_V_GEN)sed $(VIRTNWFILTERD_UNIT_VARS) < $< > $@-t && mv $@-t $@
+
+nwfilter/virtnwfilterd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)sed \
+		-e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtnwfilterd/' \
+		< $^ > $@
+
+nwfilter/virtnwfilterd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtnwfilterd/' \
+		-e 's/:: DAEMON_NAME_UC ::/Virtnwfilterd/' \
+		$< > $@
+
+nwfilter/test_virtnwfilterd.aug: remote/test_libvirtd.aug.in \
+		nwfilter/virtnwfilterd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) nwfilter/virtnwfilterd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) -e '/:: CUT ENABLE_IP ::/,/:: END ::/d' \
+		-e 's/:: DAEMON_NAME ::/virtnwfilterd/' \
+		-e 's/:: DAEMON_NAME_UC ::/Virtnwfilterd/' \
+		> $@ || rm -f $@
+
 endif WITH_NWFILTER
diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfil=
terd.service.in
new file mode 100644
index 0000000000..57c2fafe43
--- /dev/null
+++ b/src/nwfilter/virtnwfilterd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=3DVirtualization nwfilter daemon
+Conflicts=3Dlibvirtd.service
+Requires=3Dvirtnwfilterd.socket
+Requires=3Dvirtnwfilterd-ro.socket
+Requires=3Dvirtnwfilterd-admin.socket
+After=3Dnetwork.target
+After=3Ddbus.service
+After=3Dapparmor.service
+After=3Dlocal-fs.target
+Documentation=3Dman:libvirtd(8)
+Documentation=3Dhttps://libvirt.org
+
+[Service]
+Type=3Dnotify
+ExecStart=3D@sbindir@/virtnwfilterd --timeout 120
+ExecReload=3D/bin/kill -HUP $MAINPID
+Restart=3Don-failure
+
+[Install]
+WantedBy=3Dmulti-user.target
+Also=3Dvirtnwfilterd.socket
+Also=3Dvirtnwfilterd-ro.socket
+Also=3Dvirtnwfilterd-admin.socket
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list