From nobody Wed Feb 11 02:57:34 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1745653485244449.1894241821418; Sat, 26 Apr 2025 00:44:45 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 8C6E0B09; Sat, 26 Apr 2025 03:44:44 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id DCBF1B3A; Sat, 26 Apr 2025 03:43:36 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2CAD19BB; Sat, 26 Apr 2025 03:43:32 -0400 (EDT) Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 56D87A13 for ; Sat, 26 Apr 2025 03:43:31 -0400 (EDT) Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-5e5bc066283so5237907a12.0 for ; Sat, 26 Apr 2025 00:43:31 -0700 (PDT) Received: from tulp.dynamic.ziggo.nl (80-115-115-199.cable.dynamic.v4.ziggo.nl. [80.115.115.199]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ace6ed70606sm248728566b.160.2025.04.26.00.43.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 26 Apr 2025 00:43:28 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1745653410; x=1746258210; darn=lists.libvirt.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CVD+E75I9n7Y2JfhVL5wKTdKSwmZ9tYnFXjcd0SJARU=; b=GeQv5SEFxeVUGZNN2PCV1HEI9vPVUTDkMGlfzpQrhEOp7MOCG8GjCvm3cwZRSwAsXV Id9Hc4difSXAchKE2+OGlIIpKDkAyFChqyMod4Km44cw1krNx8GPeo2PgNcTaz7Sld4J Uc4xEqUnGcrmUsfwIbCFHYJzZebkBY0PJf0PXgQJIOy5PebVREmLoUCSlo+RHbzpLXxO mpFul89n5ElCbc4xD5K6gJtL9jzFg2HywBI1s+9Si8ClKRuDEH6nJCy6IeprZmLX3WHf hUKueWqL3yM17lak+Xy5HLm2iIaWYN+U9eOzin/odk0tNHEmRK9WhsJZtfereHakYD9L y+ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745653410; x=1746258210; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CVD+E75I9n7Y2JfhVL5wKTdKSwmZ9tYnFXjcd0SJARU=; b=OUJEktRHfJ7JKGKFxwbuUBzSMiL89RGTwWxln/PwJorl1pzWJ+Wa+sranzjnJwyJCi je98R5l1Nn8iZpBElxXwW2V2BRZoYXspL3PbOcL6eC6XuyDgGn4eIkGpGiYHRyRReL46 2a/AObE4Tt+y5WSW8gSDJhmAl0bWj8zJv10NiHtWuUj9cW7eTaIvPxoq85Wp1h+5qokg JZS+q9BW0QORQXb6zdA3IluaQRnXQgxP/OT2kpsawdE0BCDHEuQLaWLKRIuP6h0YOIsn sh5+sq2XP0mhoDLo4esUhuYOp+ubC80PMi905FWk9I0ZxUAL2v3Sb3L2u295doQaRUAp WcnQ== X-Gm-Message-State: AOJu0Yx+qkUk55PzwZ5aPg1qKQ0QcWotXPWOYFNNAs8gvdgHVJA7oE2W w1yiiIg/qV8mwNO0aVvfvwwqoKygAj5bzfXPQmdP5+Xfth7fRtH4acN02lc9ySA= X-Gm-Gg: ASbGncvBUjKVyQdntfiCL+fI/JgDUUz9Adx+g+dbCH3vnxwmBz0UENN5eIBVn2Fz6fo /ahLX+lTkvjZZpFNtMQlQDwH1Xz06WP9mJz36WMVgJSum+fAMY+Cm8ip3FyYb6DAjohy3hE8axW 7624TeXzex3x+SJW+n2v/gjnZN8nnUk2vsU4xQjQYc+sOg3atb0l6sGkof0wdpzFMnS52l7p6Vv nKMI6Y5iBY9cEzLHHMaWnaCrRYENI7ts2vVHL7KSXTCO6tEAnspBar5VHN2zyYWW4LuhV+pXxNC GJtUKHtlKV/umuOs3rLgSf61IHzUGTPiCu3NrldNsaq4wTZvmZp+idS63wsckv+bqOhvVVz4/8R QePqsqyyzvIPZv3X5iUdP9Ak= X-Google-Smtp-Source: AGHT+IFDps8J9ylZSnFiBWyYxbnSD01xsTfle+CHgFUf1yqd35LBMwluj6OzBlMX90ZM/s4ZIOf9BA== X-Received: by 2002:a17:907:9719:b0:ace:6bfb:4a11 with SMTP id a640c23a62f3a-ace710951aemr373511266b.24.1745653409318; Sat, 26 Apr 2025 00:43:29 -0700 (PDT) From: Roman Bogorodskiy To: devel@lists.libvirt.org Subject: [PATCH 1/2] network: bridge_driver: add BSD implementation Date: Sat, 26 Apr 2025 09:42:35 +0200 Message-ID: <20250426074251.20557-2-bogorodskiy@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250426074251.20557-1-bogorodskiy@gmail.com> References: <20250426074251.20557-1-bogorodskiy@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 45ZRLGTCVBH7VUUCF4FG5SJHHSSKBQNP X-Message-ID-Hash: 45ZRLGTCVBH7VUUCF4FG5SJHHSSKBQNP X-MailFrom: bogorodskiy@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Roman Bogorodskiy X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1745653487408019000 Content-Type: text/plain; charset="utf-8" Add BSD-specific platform flavor of the bridge driver which will be used as a base for Packet Filter (pf) based NAT networking implementation. Signed-off-by: Roman Bogorodskiy --- po/POTFILES | 1 + src/network/bridge_driver_bsd.c | 101 +++++++++++++++++++++++++++ src/network/bridge_driver_platform.c | 2 + 3 files changed, 104 insertions(+) create mode 100644 src/network/bridge_driver_bsd.c diff --git a/po/POTFILES b/po/POTFILES index 9747c38951..90664fe6e7 100644 --- a/po/POTFILES +++ b/po/POTFILES @@ -145,6 +145,7 @@ src/lxc/lxc_hostdev.c src/lxc/lxc_native.c src/lxc/lxc_process.c src/network/bridge_driver.c +src/network/bridge_driver_bsd.c src/network/bridge_driver_conf.c src/network/bridge_driver_linux.c src/network/bridge_driver_nop.c diff --git a/src/network/bridge_driver_bsd.c b/src/network/bridge_driver_bs= d.c new file mode 100644 index 0000000000..93312fe6db --- /dev/null +++ b/src/network/bridge_driver_bsd.c @@ -0,0 +1,101 @@ +/* + * Copyright (C) 2025 FreeBSD Foundation + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library. If not, see + * . + */ + +#include + +#include "virlog.h" + +#define VIR_FROM_THIS VIR_FROM_NONE + +VIR_LOG_INIT("network.bridge_driver_bsd"); + +static virErrorPtr errInitV4; +static virErrorPtr errInitV6; + +void networkPreReloadFirewallRules(virNetworkDriverState *driver G_GNUC_UN= USED, + bool startup G_GNUC_UNUSED, + bool force G_GNUC_UNUSED) +{ +} + + +void networkPostReloadFirewallRules(bool startup G_GNUC_UNUSED) +{ +} + + +int networkCheckRouteCollision(virNetworkDef *def G_GNUC_UNUSED) +{ + return 0; +} + +int networkAddFirewallRules(virNetworkDef *def G_GNUC_UNUSED, + virFirewallBackend firewallBackend, + virFirewall **fwRemoval G_GNUC_UNUSED) +{ + if (def->forward.type =3D=3D VIR_NETWORK_FORWARD_OPEN) { + VIR_DEBUG("No firewall rules to add for mode=3D'open' network '%s'= ", def->name); + } else { + VIR_DEBUG("Adding firewall rules for mode=3D'%s' network '%s' usin= g %s", + virNetworkForwardTypeToString(def->forward.type), + def->name, + virFirewallBackendTypeToString(firewallBackend)); + + if (errInitV4 && + (virNetworkDefGetIPByIndex(def, AF_INET, 0) || + virNetworkDefGetRouteByIndex(def, AF_INET, 0))) { + virSetError(errInitV4); + return -1; + } + + if (errInitV6 && + (virNetworkDefGetIPByIndex(def, AF_INET6, 0) || + virNetworkDefGetRouteByIndex(def, AF_INET6, 0) || + def->ipv6nogw)) { + virSetError(errInitV6); + return -1; + } + + /* now actually add the rules */ + switch (firewallBackend) { + case VIR_FIREWALL_BACKEND_NONE: + virReportError(VIR_ERR_NO_SUPPORT, "%s", + _("No firewall backend is available")); + return -1; + + case VIR_FIREWALL_BACKEND_IPTABLES: + case VIR_FIREWALL_BACKEND_NFTABLES: + case VIR_FIREWALL_BACKEND_LAST: + virReportEnumRangeError(virFirewallBackend, firewallBackend); + return -1; + } + } + return 0; +} + +void +networkRemoveFirewallRules(virNetworkObj *obj, + bool unsetZone G_GNUC_UNUSED) +{ + virNetworkDef *def =3D virNetworkObjGetDef(obj); + if (def->forward.type =3D=3D VIR_NETWORK_FORWARD_OPEN) { + VIR_DEBUG("No firewall rules to remove for mode=3D'open' network '= %s'", + def->name); + return; + } +} diff --git a/src/network/bridge_driver_platform.c b/src/network/bridge_driv= er_platform.c index 9ddcb71063..42fbcdbc0b 100644 --- a/src/network/bridge_driver_platform.c +++ b/src/network/bridge_driver_platform.c @@ -25,6 +25,8 @@ =20 #if defined(__linux__) # include "bridge_driver_linux.c" +#elif defined(__FreeBSD__) +# include "bridge_driver_bsd.c" #else # include "bridge_driver_nop.c" #endif --=20 2.49.0