From nobody Sat Feb 7 08:28:26 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1605632540; cv=none; d=zohomail.com; s=zohoarc; b=Na/zrvFZiwAI79iivVxA64j8o00xnSHnRM30I6jGy14gTRnUCAJ4+vbPTyX/RDIo2Yw/O4ORKV85SwxQyMPPJ6uo0ykH+o7kn9tlL8SKuzyuFZgzEWyTcMBJn5tkJh5zAlDYRDSIQLF9j6cnjkU74v3EWRv6i2SgTJEhlBIO4C0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1605632540; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ZHYj46yA4Tr7F+Sn7l2QgG/4JwuK5LgzUHTNpXtNWMo=; b=ZvjMXBwXDCYC7nsxRlyX1/0JxSbsYLADayxlse3ru4CMXTrPohxZ442Uq4yowkhgGajrIFzVlYaBjKyYwxREMB0h8Ad8Ce01Bw4tBCudCgtbBlRgJU05hDSx56h3+m9xgY1LuQk2kkfZ8LtUTiKq8M8yY6ICdnleoLztLRB81ec= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 160563254046588.80825215391542; Tue, 17 Nov 2020 09:02:20 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-463-YK-bVcNcOyqTmswbDk5ePw-1; Tue, 17 Nov 2020 12:02:13 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EA377186DD27; Tue, 17 Nov 2020 17:02:06 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C7AF95D9EF; Tue, 17 Nov 2020 17:02:06 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8BCBB181A270; Tue, 17 Nov 2020 17:02:06 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 0AHGAjIU028032 for ; Tue, 17 Nov 2020 11:10:45 -0500 Received: by smtp.corp.redhat.com (Postfix) id 031925B4B6; Tue, 17 Nov 2020 16:10:45 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-115-10.ams2.redhat.com [10.36.115.10]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5497E5B4A2; Tue, 17 Nov 2020 16:10:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1605632539; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ZHYj46yA4Tr7F+Sn7l2QgG/4JwuK5LgzUHTNpXtNWMo=; b=OQj7OSzVg/tO5rdhe7O0fqDVEOMOjeXDxzmrNphtMkhfHMWZ80muimLSFlj5015gh3Lnmh t5biVEev5mlK9rKVxkV4Ncscdl/Uu0xjHnIbzyrY3qCuvyHSkRPss8C32TWAjK4tVzf4rq l9vR67qKi0CmGalUO635mUSu/ar+1nU= X-MC-Unique: YK-bVcNcOyqTmswbDk5ePw-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH 10/16] docs: add manpage for virtnwfilterd Date: Tue, 17 Nov 2020 16:10:21 +0000 Message-Id: <20201117161027.210543-11-berrange@redhat.com> In-Reply-To: <20201117161027.210543-1-berrange@redhat.com> References: <20201117161027.210543-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) This is an adaptation of the libvirtd manpage. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/manpages/index.rst | 1 + docs/manpages/meson.build | 1 + docs/manpages/virtnwfilterd.rst | 215 ++++++++++++++++++++++++++++++++ 3 files changed, 217 insertions(+) create mode 100644 docs/manpages/virtnwfilterd.rst diff --git a/docs/manpages/index.rst b/docs/manpages/index.rst index 5e87870f4b..e70b560a0d 100644 --- a/docs/manpages/index.rst +++ b/docs/manpages/index.rst @@ -22,6 +22,7 @@ These daemons provide functionality to a single libvirt d= river * `virtlxcd(8) `__ - libvirt LXC management daemon * `virtnetworkd(8) `__ - libvirt virtual network manage= ment daemon * `virtnodedevd(8) `__ - libvirt host device management= daemon +* `virtnwfilterd(8) `__ - libvirt network filter manag= ement daemon =20 Tools =3D=3D=3D=3D=3D diff --git a/docs/manpages/meson.build b/docs/manpages/meson.build index 85f45410a0..019accbca2 100644 --- a/docs/manpages/meson.build +++ b/docs/manpages/meson.build @@ -29,6 +29,7 @@ docs_man_files =3D [ { 'name': 'virtlxcd', 'section': '8', 'install': conf.has('WITH_LXC') }, { 'name': 'virtnetworkd', 'section': '8', 'install': conf.has('WITH_NETW= ORK') }, { 'name': 'virtnodedevd', 'section': '8', 'install': conf.has('WITH_NODE= _DEVICES') }, + { 'name': 'virtnwfilterd', 'section': '8', 'install': conf.has('WITH_NWF= ILTER') }, { 'name': 'virtproxyd', 'section': '8', 'install': conf.has('WITH_LIBVIR= TD') }, ] =20 diff --git a/docs/manpages/virtnwfilterd.rst b/docs/manpages/virtnwfilterd.= rst new file mode 100644 index 0000000000..47cca7e282 --- /dev/null +++ b/docs/manpages/virtnwfilterd.rst @@ -0,0 +1,215 @@ +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D +virtnwfilterd +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +---------------------------------------- +libvirt network filter management daemon +---------------------------------------- + +:Manual section: 8 +:Manual group: Virtualization Support + +.. contents:: + +SYNOPSIS +=3D=3D=3D=3D=3D=3D=3D=3D + +``virtnwfilterd`` [*OPTION*]... + + +DESCRIPTION +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The ``virtnwfilterd`` program is a server side daemon component of the lib= virt +virtualization management system. + +It is one of a collection of modular daemons that replace functionality +previously provided by the monolithic ``libvirtd`` daemon. + +This daemon runs on virtualization hosts to provide management for network +filters. + +The ``virtnwfilterd`` daemon only listens for requests on a local Unix dom= ain +socket. Remote off-host access and backwards compatibility with legacy +clients expecting ``libvirtd`` is provided by the ``virtproxy`` daemon. + +Restarting ``virtnwfilterd`` does not interrupt running guests. Guests con= tinue to +operate and changes in their state will generally be picked up automatical= ly +during startup. None the less it is recommended to avoid restarting with +running guests whenever practical. + + +SYSTEM SOCKET ACTIVATION +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +The ``virtnwfilterd`` daemon is capable of starting in two modes. + +In the traditional mode, it will create and listen on UNIX sockets itself. + +In socket activation mode, it will rely on systemd to create and listen +on the UNIX sockets and pass them as pre-opened file descriptors. In this +mode most of the socket related config options in +``/etc/libvirt/virtnwfilterd.conf`` will no longer have any effect. + +Socket activation mode is generally the default when running on a host +OS that uses systemd. To revert to the traditional mode, all the socket +unit files must be masked: + +:: + + $ systemctl mask virtnwfilterd.socket virtnwfilterd-ro.socket \ + virtnwfilterd-admin.socket + + +OPTIONS +=3D=3D=3D=3D=3D=3D=3D + +``-h``, ``--help`` + +Display command line help usage then exit. + +``-d``, ``--daemon`` + +Run as a daemon & write PID file. + +``-f``, ``--config *FILE*`` + +Use this configuration file, overriding the default value. + +``-p``, ``--pid-file *FILE*`` + +Use this name for the PID file, overriding the default value. + +``-t``, ``--timeout *SECONDS*`` + +Exit after timeout period (in seconds), provided there are neither any cli= ent +connections nor any running domains. + +``-v``, ``--verbose`` + +Enable output of verbose messages. + +``--version`` + +Display version information then exit. + + +SIGNALS +=3D=3D=3D=3D=3D=3D=3D + +On receipt of ``SIGHUP`` ``virtnwfilterd`` will reload its configuration. + + +FILES +=3D=3D=3D=3D=3D + +When run as *root* +------------------ + +* ``@SYSCONFDIR@/libvirt/virtnwfilterd.conf`` + +The default configuration file used by ``virtnwfilterd``, unless overridde= n on the +command line using the ``-f`` | ``--config`` option. + +* ``@RUNSTATEDIR@/libvirt/virtnwfilterd-sock`` +* ``@RUNSTATEDIR@/libvirt/virtnwfilterd-sock-ro`` +* ``@RUNSTATEDIR@/libvirt/virtnwfilterd-admin-sock`` + +The sockets ``virtnwfilterd`` will use. + +The TLS **Server** private key ``virtnwfilterd`` will use. + +* ``@RUNSTATEDIR@/virtnwfilterd.pid`` + +The PID file to use, unless overridden by the ``-p`` | ``--pid-file`` opti= on. + + +When run as *non-root* +---------------------- + +* ``$XDG_CONFIG_HOME/libvirt/virtnwfilterd.conf`` + +The default configuration file used by ``virtnwfilterd``, unless overridde= n on the +command line using the ``-f``|``--config`` option. + +* ``$XDG_RUNTIME_DIR/libvirt/virtnwfilterd-sock`` +* ``$XDG_RUNTIME_DIR/libvirt/virtnwfilterd-admin-sock`` + +The sockets ``virtnwfilterd`` will use. + +* ``$XDG_RUNTIME_DIR/libvirt/virtnwfilterd.pid`` + +The PID file to use, unless overridden by the ``-p``|``--pid-file`` option. + + +If ``$XDG_CONFIG_HOME`` is not set in your environment, ``virtnwfilterd`` = will use +``$HOME/.config`` + +If ``$XDG_RUNTIME_DIR`` is not set in your environment, ``virtnwfilterd`` = will use +``$HOME/.cache`` + + +EXAMPLES +=3D=3D=3D=3D=3D=3D=3D=3D + +To retrieve the version of ``virtnwfilterd``: + +:: + + # virtnwfilterd --version + virtnwfilterd (libvirt) @ + + +To start ``virtnwfilterd``, instructing it to daemonize and create a PID f= ile: + +:: + + # virtnwfilterd -d + # ls -la @RUNSTATEDIR@/virtnwfilterd.pid + -rw-r--r-- 1 root root 6 Jul 9 02:40 @RUNSTATEDIR@/virtnwfilterd.pid + + +BUGS +=3D=3D=3D=3D + +Please report all bugs you discover. This should be done via either: + +#. the mailing list + + `https://libvirt.org/contact.html `_ + +#. the bug tracker + + `https://libvirt.org/bugs.html `_ + +Alternatively, you may report bugs to your software distributor / vendor. + + +AUTHORS +=3D=3D=3D=3D=3D=3D=3D + +Please refer to the AUTHORS file distributed with libvirt. + + +COPYRIGHT +=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Copyright (C) 2006-2020 Red Hat, Inc., and the authors listed in the +libvirt AUTHORS file. + + +LICENSE +=3D=3D=3D=3D=3D=3D=3D + +``virtnwfilterd`` is distributed under the terms of the GNU LGPL v2.1+. +This is free software; see the source for copying conditions. There +is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE + + +SEE ALSO +=3D=3D=3D=3D=3D=3D=3D=3D + +virsh(1), libvirtd(8), +`https://www.libvirt.org/daemons.html `_, +`https://www.libvirt.org/drvnwfilter.html `_ --=20 2.28.0