From nobody Sun Feb  8 21:27:05 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1565277262; cv=none;
	d=zoho.com; s=zohoarc;
	b=N+MA4KsN20ML6Nz6JZ714fn3fD8p5rvmhUluCEksW8Rs41y+y0NkqfjFyCDnqbkq1UcKX0n8flCblKtksnlgCdEWY1F8Bij5Y8C4H46D1HeUZWLlH0uJkTQXYZcIzVbAY9shZiIpDdIkGKI+RcorYLtS4LWhGwm/SYXu2Rzp04s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1565277262;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results;
	bh=W2kiTzSQcHTSyBh01WCyaP6Ehk6Iv6z1aQ2B3/Cuvoc=;
	b=Olyd7t6JtErlJFzxgYUcshXXyIOcCJj/bF4OIVBVUOqGvF9j0z+VrvunL7WTauTRoPdEVmZ2cik1VFi4Ie7eyQ6b+ouY8WWlnNo3RFKi2ppChUXtsNfwYZ+jUIo6b403jlOQrF5GZp03vPb2NqKQjRpM+6Sjyz25gohV7HF+Zsg=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 156527726253468.57517964397243;
 Thu, 8 Aug 2019 08:14:22 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 50CAB3172D8B;
	Thu,  8 Aug 2019 15:14:21 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0E11BF6DA;
	Thu,  8 Aug 2019 15:14:21 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id A78841C8A;
	Thu,  8 Aug 2019 15:14:20 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x78FBod6027567 for <libvir-list@listman.util.phx.redhat.com>;
	Thu, 8 Aug 2019 11:11:50 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B6C911001956; Thu,  8 Aug 2019 15:11:50 +0000 (UTC)
Received: from localhost.localdomain.com (ovpn-112-28.ams2.redhat.com
	[10.36.112.28])
	by smtp.corp.redhat.com (Postfix) with ESMTP id A32911001948;
	Thu,  8 Aug 2019 15:11:49 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Thu,  8 Aug 2019 16:10:28 +0100
Message-Id: <20190808151044.11385-27-berrange@redhat.com>
In-Reply-To: <20190808151044.11385-1-berrange@redhat.com>
References: <20190808151044.11385-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Andrea Bolognani <abologna@redhat.com>
Subject: [libvirt] [PATCH v4 26/42] nwfilter: introduce virtnwfilterd daemon
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.41]);
 Thu, 08 Aug 2019 15:14:21 +0000 (UTC)

The virtnwfilterd daemon will be responsible for providing the nwfilter API
driver functionality. The nwfilter driver is still loaded by the main
libvirtd daemon at this stage, so virtnwfilterd must not be running at
the same time.

Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 .gitignore                            |  4 ++
 libvirt.spec.in                       |  8 ++++
 src/nwfilter/Makefile.inc.am          | 63 +++++++++++++++++++++++++++
 src/nwfilter/virtnwfilterd.service.in | 24 ++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 src/nwfilter/virtnwfilterd.service.in

diff --git a/.gitignore b/.gitignore
index c4f6c0ab2f..e726ecff98 100644
--- a/.gitignore
+++ b/.gitignore
@@ -163,6 +163,9 @@
 /src/node_device/test_virtnodedevd.aug
 /src/node_device/virtnodedevd.aug
 /src/node_device/virtnodedevd.conf
+/src/nwfilter/test_virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.aug
+/src/nwfilter/virtnwfilterd.conf
 /src/qemu/test_libvirtd_qemu.aug
 /src/remote/*_client_bodies.h
 /src/remote/*_protocol.[ch]
@@ -190,6 +193,7 @@
 /src/virtlogd
 /src/virtnetworkd
 /src/virtnodedevd
+/src/virtnwfilterd
 /src/virtproxyd
 /src/virtsecretd
 /src/virtstoraged
diff --git a/libvirt.spec.in b/libvirt.spec.in
index a3c01e7d21..6f94ccaf32 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1653,6 +1653,14 @@ exit 0
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so
=20
 %files daemon-driver-nwfilter
+%config(noreplace) %{_sysconfdir}/libvirt/virtnwfilterd.conf
+%{_datadir}/augeas/lenses/virtnwfilterd.aug
+%{_datadir}/augeas/lenses/tests/test_virtnwfilterd.aug
+%{_unitdir}/virtnwfilterd.service
+%{_unitdir}/virtnwfilterd.socket
+%{_unitdir}/virtnwfilterd-ro.socket
+%{_unitdir}/virtnwfilterd-admin.socket
+%attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
 %ghost %dir %{_localstatedir}/run/libvirt/network/
 %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so
diff --git a/src/nwfilter/Makefile.inc.am b/src/nwfilter/Makefile.inc.am
index 810ca54bcc..277f75a9bd 100644
--- a/src/nwfilter/Makefile.inc.am
+++ b/src/nwfilter/Makefile.inc.am
@@ -41,4 +41,67 @@ libvirt_driver_nwfilter_impl_la_LIBADD =3D \
 	../gnulib/lib/libgnu.la \
 	$(NULL)
 libvirt_driver_nwfilter_impl_la_SOURCES =3D $(NWFILTER_DRIVER_SOURCES)
+
+sbin_PROGRAMS +=3D virtnwfilterd
+
+nodist_conf_DATA +=3D nwfilter/virtnwfilterd.conf
+augeas_DATA +=3D nwfilter/virtnwfilterd.aug
+augeastest_DATA +=3D nwfilter/test_virtnwfilterd.aug
+CLEANFILES +=3D nwfilter/virtnwfilterd.aug
+
+virtnwfilterd_SOURCES =3D $(REMOTE_DAEMON_SOURCES)
+virtnwfilterd_CFLAGS =3D \
+       $(REMOTE_DAEMON_CFLAGS) \
+       -DDAEMON_NAME=3D"\"virtnwfilterd\"" \
+       -DMODULE_NAME=3D"\"nwfilter\"" \
+       $(NULL)
+virtnwfilterd_LDFLAGS =3D $(REMOTE_DAEMON_LD_FLAGS)
+virtnwfilterd_LDADD =3D $(REMOTE_DAEMON_LD_ADD)
+
+SYSTEMD_UNIT_FILES +=3D \
+	virtnwfilterd.service \
+	virtnwfilterd.socket \
+	virtnwfilterd-ro.socket \
+	virtnwfilterd-admin.socket \
+	$(NULL)
+SYSTEMD_UNIT_FILES_IN +=3D \
+	nwfilter/virtnwfilterd.service.in \
+	$(NULL)
+
+VIRTNWFILTERD_UNIT_VARS =3D \
+	$(VIRTD_UNIT_VARS) \
+	-e 's|[@]name[@]|Libvirt nwfilter|g' \
+	-e 's|[@]service[@]|virtnwfilterd|g' \
+	-e 's|[@]sockprefix[@]|virtnwfilterd|g' \
+	$(NULL)
+
+virtnwfilterd.service: nwfilter/virtnwfilterd.service.in $(top_builddir)/c=
onfig.status
+	$(AM_V_GEN)$(SED) $(VIRTNWFILTERD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+virtnwfilter%.socket: remote/libvirt%.socket.in $(top_builddir)/config.sta=
tus
+	$(AM_V_GEN)$(SED) $(VIRTNWFILTERD_UNIT_VARS) $< > $@-t && mv $@-t $@
+
+nwfilter/virtnwfilterd.conf: remote/libvirtd.conf.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+		$< > $@
+
+nwfilter/virtnwfilterd.aug: remote/libvirtd.aug.in
+	$(AM_V_GEN)$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \
+		$< > $@
+
+nwfilter/test_virtnwfilterd.aug: remote/test_libvirtd.aug.in \
+		nwfilter/virtnwfilterd.conf $(AUG_GENTEST)
+	$(AM_V_GEN)$(AUG_GENTEST) nwfilter/virtnwfilterd.conf \
+		$(srcdir)/remote/test_libvirtd.aug.in | \
+		$(SED) \
+		-e '/[@]CUT_ENABLE_IP[@]/,/[@]END[@]/d' \
+		-e 's/[@]DAEMON_NAME[@]/virtnwfilterd/' \
+		-e 's/[@]DAEMON_NAME_UC[@]/Virtnwfilterd/' \
+		> $@ || rm -f $@
+
 endif WITH_NWFILTER
diff --git a/src/nwfilter/virtnwfilterd.service.in b/src/nwfilter/virtnwfil=
terd.service.in
new file mode 100644
index 0000000000..57c2fafe43
--- /dev/null
+++ b/src/nwfilter/virtnwfilterd.service.in
@@ -0,0 +1,24 @@
+[Unit]
+Description=3DVirtualization nwfilter daemon
+Conflicts=3Dlibvirtd.service
+Requires=3Dvirtnwfilterd.socket
+Requires=3Dvirtnwfilterd-ro.socket
+Requires=3Dvirtnwfilterd-admin.socket
+After=3Dnetwork.target
+After=3Ddbus.service
+After=3Dapparmor.service
+After=3Dlocal-fs.target
+Documentation=3Dman:libvirtd(8)
+Documentation=3Dhttps://libvirt.org
+
+[Service]
+Type=3Dnotify
+ExecStart=3D@sbindir@/virtnwfilterd --timeout 120
+ExecReload=3D/bin/kill -HUP $MAINPID
+Restart=3Don-failure
+
+[Install]
+WantedBy=3Dmulti-user.target
+Also=3Dvirtnwfilterd.socket
+Also=3Dvirtnwfilterd-ro.socket
+Also=3Dvirtnwfilterd-admin.socket
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list