From patchwork Fri Mar 21 15:21:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 40559 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id E010E27BBEA; Fri, 21 Mar 2025 15:23:22 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 587A827BBE2 for ; Fri, 21 Mar 2025 15:23:22 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tveDI-00021f-ON; Fri, 21 Mar 2025 11:23:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tveDA-00021D-Nv for guix-patches@gnu.org; Fri, 21 Mar 2025 11:23:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tveDA-0000av-3q; Fri, 21 Mar 2025 11:23:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=nV8EAmsvs4fNpjIV3hI0wSY82iKhayOlcxpQdbWvBPU=; b=ChTx5ZKPR65hFGkoZMkDOEDf7Fa6i2a0Bb6Ww+jkZmK4yRVYlxaack1SJHAtT+PMg8mRH3tDM1JemPiFrYkiuiJhyzSpmIOWySQfX12Q+bdj9pTElKViqi4B7RCveTmhaHECUdWLRdFneH/FWl3fgfiQBUkAeLgruuiCuIGnYXM1iAqiBlfbHAVAwYYUux1dnXpj8+Y1KzGsFF6L29uN7/QsS/uiqoNOjEzyrD2ObL6ptWkTlBx/JTxbvXaainbXz2puW+Pg2HsHEoS88ld2zwhZuTP2L3Cevfd9uZPEaCVxhgdWaEATL0s5FSQS8vVgvHxU2MKrndzKdHZ+GCfbcg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tveD9-00045D-Qq; Fri, 21 Mar 2025 11:23:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77153] [PATCH 1/3] doc: cookbook: Fix terminology for libvirt virtual network switches. References: In-Reply-To: Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Fri, 21 Mar 2025 15:23:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77153 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77153@debbugs.gnu.org Cc: 45mg <45mg.writes@gmail.com>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77153-submit@debbugs.gnu.org id=B77153.174257054815329 (code B ref 77153); Fri, 21 Mar 2025 15:23:03 +0000 Received: (at 77153) by debbugs.gnu.org; 21 Mar 2025 15:22:28 +0000 Received: from localhost ([127.0.0.1]:38799 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tveCZ-0003z8-Jk for submit@debbugs.gnu.org; Fri, 21 Mar 2025 11:22:28 -0400 Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:57749) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tveCX-0003xb-Fu for 77153@debbugs.gnu.org; Fri, 21 Mar 2025 11:22:26 -0400 Received: by mail-pl1-x642.google.com with SMTP id d9443c01a7336-22398e09e39so44746965ad.3 for <77153@debbugs.gnu.org>; Fri, 21 Mar 2025 08:22:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742570539; x=1743175339; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=nV8EAmsvs4fNpjIV3hI0wSY82iKhayOlcxpQdbWvBPU=; b=fjImKKlghlW4hrOuV8a7IjV4NwLf2/bwq5Qs4OxvScj/YDu4gDFf6175Z2fpAfRVxK bb6PWO4eUpArAGaMV8lcQ5lDyjg0vojgsOT+Yy+bgIrG+wN87Ua7DEsCEyk1UX3B2XdW qS3/6AsPLA+S1Vk8ityUZRmtSowCoicnIgv4J/GBFc3zzm6GkBYhikGzuSojbVaQRuLs tlTsqLM2daD3JqPxIpyX16VpLwc0BunPLiGx+GGaqIFXBUrD/2a+TcFikwHilyaAXJkF LxaNArcNHSIrc+uThFhaMmmDA8yO7Ta1q2q0z4I/vm1KRJPdZSFPjV4MbuclgQvGM4Zg DtfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742570539; x=1743175339; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nV8EAmsvs4fNpjIV3hI0wSY82iKhayOlcxpQdbWvBPU=; b=SgPLNFHAwzD6SsbvonrpfwuIlH8AuVgNXZdjTua+StNoloBuIWl4uY0BOub/M5OkES batdn5i7IUfY1An3qfL5PBkdCVWm32EYydsF0NiICR7SDTP88EBca1EBqiTMUhNOlKph sJA5nZLp+9nrwEC6/rfRS/VYIKbKeNvv4FBpve6twpVtHGHTwHOp3zMqvj/brmJ8F+yN 3Xz9GP2P5X3jxs0B1Dv9DoBQKpjOqBCu1A09g55/bmspduH5fiJ8DmKvo/QKnRKty8+W Uv48DkJ1yEtsfLqF5Bpc2zaOqiFNPis87Hj7BlxiZl6wcw3LfHHnA6bXph30vqIfAlBG 8mnw== X-Gm-Message-State: AOJu0YxkS1FwMQUaoUPPa0ENj2uHZXfattw7/JZNLxXKS2vq0hpdVhQL 2g72vtiDvKWBcWh6bjr0m3z7YJ0tW1FKCqQZW5Myv2Z+4hYGqImu21docJqu X-Gm-Gg: ASbGnctoNNvlH4U66AGxMHfLWji5qwg9RuRKwVkYCD7n8lWORcXCNS01jvHzuCMwNS8 L1ZqSmABCAUMa2lnYk3SKPuXtkF9BFdJaxfJFI416JDtjRHsuINlOUDgegVqPQlVVAWF4FHxW00 XLZnIhAlir+714NnivJ5ufSnaHEM8cyNDIh/kXTV6fRYCn7e8lrrfQyVtOhkCHFWOPyzCSaeDuj vnapnTnGDzOz1RTtwxKze7A8s2bwDF41ZpfvAQ0WageTE7x8WKzPLMCI+QsnfXRQwMx9NeXFOZK TvtI/Rp2gcLqE2ef0h4/pMQQbWCPOrKvvZtBr5kEKg03PPVc/COz1GSUN/CyuzyP6/1g8RD6SeG HYw== X-Google-Smtp-Source: AGHT+IH/dWICxW0Ff/OWb0gHYXCQcj4ThZH2sX38hr+bQmMuarkuUylMH9G2WtvLxMwT4BiFZ7f2Iw== X-Received: by 2002:a17:902:ebc6:b0:223:39ae:a98 with SMTP id d9443c01a7336-22780d825c4mr72016305ad.22.1742570538689; Fri, 21 Mar 2025 08:22:18 -0700 (PDT) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22780f3b493sm18118885ad.34.2025.03.21.08.22.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Mar 2025 08:22:18 -0700 (PDT) From: 45mg <45mg.writes@gmail.com> Date: Fri, 21 Mar 2025 20:51:58 +0530 Message-ID: X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix-cookbook.texi (Virtual Machines): [Routed network for libvirt]: Replace the term 'virtual bridge' with 'virtual network switch'. This is the term used by the libvirt Wiki to refer to the combined setup of a 'virtual bridge' network interface, dnsmasq instance bound to it, and firewall rules associated with it. Change-Id: Ibd10fe76321eb61e9ca23d8124634d1108d4faad --- doc/guix-cookbook.texi | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) base-commit: 9eddd250b773043fcac5e7eaa4939e5a2d9940bd diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index d9b98a2ab3..8bfc859a90 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -3879,29 +3879,29 @@ Routed network for libvirt @section Routed network for libvirt @cindex Virtual network bridge interface @cindex networking, virtual bridge -@cindex libvirt, virtual network bridge +@cindex libvirt, virtual network switch If the machine hosting your virtual machines is connected wirelessly to the network, you won't be able to use a true network bridge as explained in the preceding section (@pxref{Network bridge for QEMU}). In this -case, the next best option is to use a @emph{virtual} bridge with static -routing and to configure a libvirt-powered virtual machine to use it -(via the @command{virt-manager} GUI for example). This is similar to -the default mode of operation of QEMU/libvirt, except that instead of -using @abbr{NAT, Network Address Translation}, it relies on static -routes to join the @abbr{VM, virtual machine} IP address to the +case, the next best option is to use a @emph{virtual network switch} +with static routing and to configure a libvirt-powered virtual machine +to use it (via the @command{virt-manager} GUI for example). This is +similar to the default mode of operation of QEMU/libvirt, except that +instead of using @abbr{NAT, Network Address Translation}, it relies on +static routes to join the @abbr{VM, virtual machine} IP address to the @abbr{LAN, local area network}. This provides two-way connectivity to and from the virtual machine, which is needed for exposing services hosted on the virtual machine. -@subsection Creating a virtual network bridge +@subsection Creating a virtual network switch -A virtual network bridge consists of a few components/configurations, +A virtual network switch consists of a few components/configurations, such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq) and firewall rules (iptables). The @command{virsh} command, provided by the @code{libvirt} package, makes it very easy to create a virtual -bridge. You first need to choose a network subnet for your virtual -bridge; if your home LAN is in the @samp{192.168.1.0/24} network, you +switch. You first need to choose a network subnet for your virtual +switch; if your home LAN is in the @samp{192.168.1.0/24} network, you could opt to use e.g.@: @samp{192.168.2.0/24}. Define an XML file, e.g.@: @file{/tmp/virbr0.xml}, containing the following: From patchwork Fri Mar 21 15:21:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 40561 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 29BEF27BBEA; Fri, 21 Mar 2025 15:24:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7EF1127BBE2 for ; Fri, 21 Mar 2025 15:24:09 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tveDQ-00023E-Ly; Fri, 21 Mar 2025 11:23:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tveDC-00021S-A2 for guix-patches@gnu.org; Fri, 21 Mar 2025 11:23:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tveDB-0000bC-SP; Fri, 21 Mar 2025 11:23:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=2rgsGzAVAF8mdP8nHdVMHX8W+Vh3pVCnHwdMkGJY8V4=; b=msA7gg6uODEOQ11DNp4+dFEUYyFcpblkhuys4EKZB+DXTlMdLtHgEJg9omJkKJdd/RJv/NuMLSdbq7AitJLuTPdp3bkMrXh1w11u4heNCcdruCMS2vNNrLB4WCxsapYEVufOQVE/2JK7VnuLMNA1y9I/iT4387SAEMPkXHJqyfeNp3zEKMkN3i757nKK0jiMY7tY/fmRxhN0XEiFJGywdCpX5PRqABaQCwDuEjo1xd/CEQPuUjz7WhdC7kbu5s0G8SzlzALp4vL8uGSc0Y5kvh8to0+722fG4jgnmotT5WL9MtwtoAiHdNJNqa28uhw23Kl1IEiukIKyaSCVqaweuA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tveDB-00045f-IJ; Fri, 21 Mar 2025 11:23:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77153] [PATCH 2/3] doc: cookbook: Clarify virtual network switches. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Fri, 21 Mar 2025 15:23:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77153 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77153@debbugs.gnu.org Cc: 45mg <45mg.writes@gmail.com>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77153-submit@debbugs.gnu.org id=B77153.174257055715411 (code B ref 77153); Fri, 21 Mar 2025 15:23:05 +0000 Received: (at 77153) by debbugs.gnu.org; 21 Mar 2025 15:22:37 +0000 Received: from localhost ([127.0.0.1]:38802 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tveCh-00040I-DY for submit@debbugs.gnu.org; Fri, 21 Mar 2025 11:22:36 -0400 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:61612) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tveCd-0003yj-8G for 77153@debbugs.gnu.org; Fri, 21 Mar 2025 11:22:32 -0400 Received: by mail-pl1-x643.google.com with SMTP id d9443c01a7336-22580c9ee0aso44184365ad.2 for <77153@debbugs.gnu.org>; Fri, 21 Mar 2025 08:22:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742570545; x=1743175345; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2rgsGzAVAF8mdP8nHdVMHX8W+Vh3pVCnHwdMkGJY8V4=; b=Xf7OgwkobQf6Y4vQV4OSc40CNWMP9V7RaUz2i4+bpXK5jSphzKblD7UVfWkdj52ohH q028K3Gdx/KShlz16r02/h18+1fF52VhbeyTuR7NVwk0/m/gU7gmlj3OHY2QJ008W4Tj 0YaaRIfRssXxRs8D5X0wJxSDwny9AYKgfrpNmrKbD24jVuNrRSCMY8Rb8ps3YGNECS66 Em2vqw4Q+7/YHOQ/AxXCrCBeyvoBNlZj03V8DzmJq/lXCSkJW4tlwOSGc+98kZgEuqqY CclXzFo+DTa4ZDHqHj/jwtf0eP8HHHiPC1xWDnINKytmzIirf6LDPBxYcJ2GDbheV0tv u2lQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742570545; x=1743175345; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2rgsGzAVAF8mdP8nHdVMHX8W+Vh3pVCnHwdMkGJY8V4=; b=YSRZCn5+ODy/QV2jGv6xErp19eEeXEKBLjXIoi2uH3JTs0s9zm/9lm5HDid0o3hVVN zIPsasY9K6dBmRhcANToyjw0ndaq3IOh3DJ5J5v1Q9x9itwFzVuPfFzD0uo3BgGx80SS HZnIAWR2pIB/HnYS+61/sNsafP+tjglvunGwN4nH5pXMlArvUXIunwv1lQohxLDuM2sA ySP2bisdfWUwxCBGqTPQl526et7HjV0Dw4iKoAOupERtbWyyErv5kKZVtBKtJ2vwvZ5e 1s9OUGZV9iEgWz5K3BNM0jMCXQCtI56tYZX164+OnB0b8g9wPREjoP7Es/mMi//qavOT jFGQ== X-Gm-Message-State: AOJu0Yzmil5J1zbQYAJ+LWcOUp4JUs6ziTTlxObygPkkFc/tFhCEH7W4 cbV8l2ZAL8UqNBm9j5+U4A3NNy6UeAbrzswLESUHpkmy0TnerFsjNs5BsXDi X-Gm-Gg: ASbGnctynmsGBOP7S/x/MA4QfE6hC+XhNGKEIwrLxglkDn6YfVNEH7S7xB8WAFJd6fT 1uqG+toYvvkNDn+cBVKIBYEXQV5q9f7SpIixl8qagyVVA3nr7L1JuSWbVMSj+37jjbPrurKQ53R V8+tA2lkc0SO8DnxQ0/CoQyYWZaheNwgbBXYtnCR0S7nEZWZlCQaOzmIxKy0rktKi6LBaf1VDhK J1rJe43QTlZRh+r7zWiSRH/G23dpB7mUStzMtdFHjx0kA829+5HSc+VrSM23d9hSJMkX8JJxLsi 4wfCWtiURqGrajYZM9uZUL40I6MjMpDqe3eUeISVzChKeqEAh7IX4X7QrgM03sZW3eqgWkG3NQY jdg== X-Google-Smtp-Source: AGHT+IH/bug/34k2xexLSqdGYTX1XPYxqbhFoNPH3mbNSk6eOTl/+FmH31T6sloX1LZKjJYD5xS8WQ== X-Received: by 2002:a17:903:188:b0:220:e338:8d2 with SMTP id d9443c01a7336-22780d83b25mr59977635ad.21.1742570544875; Fri, 21 Mar 2025 08:22:24 -0700 (PDT) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22780f3b493sm18118885ad.34.2025.03.21.08.22.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Mar 2025 08:22:24 -0700 (PDT) From: 45mg <45mg.writes@gmail.com> Date: Fri, 21 Mar 2025 20:51:59 +0530 Message-ID: X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix-cookbook.texi (Virtual Machines): [Routed network for libvirt] {Creating a virtual network switch}: Remove unnecessarily noncommital language ("a few components/configurations, such as..."). Correct 'TUN interface', as bridges are currently used. Add a link to the libvirt Wiki for more information. Change-Id: I6ffdeca8e4d32155c8cce547d4930bf1b0cb471b --- doc/guix-cookbook.texi | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 8bfc859a90..325b1d9c2a 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -3896,14 +3896,19 @@ Routed network for libvirt @subsection Creating a virtual network switch -A virtual network switch consists of a few components/configurations, -such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq) -and firewall rules (iptables). The @command{virsh} command, provided by -the @code{libvirt} package, makes it very easy to create a virtual -switch. You first need to choose a network subnet for your virtual -switch; if your home LAN is in the @samp{192.168.1.0/24} network, you -could opt to use e.g.@: @samp{192.168.2.0/24}. Define an XML file, -e.g.@: @file{/tmp/virbr0.xml}, containing the following: +A virtual network switch consists of a virtual network device called a +`virtual bridge', DHCP server (dnsmasq) and firewall rules +(iptables). See the +@url{https://wiki.libvirt.org/VirtualNetworking.html, libvirt Wiki +article on Virtual Networking} for more details on the modes of +operation, management and implementation of virtual network switches. + +The @command{virsh} command, provided by the @code{libvirt} +package, makes it very easy to create a virtual switch. You first need +to choose a network subnet for your virtual switch; if your home LAN is +in the @samp{192.168.1.0/24} network, you could opt to use e.g.@: +@samp{192.168.2.0/24}. Define an XML file, e.g.@: +@file{/tmp/virbr0.xml}, containing the following: @example From patchwork Fri Mar 21 15:22:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 40560 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id CD54A27BBE9; Fri, 21 Mar 2025 15:24:04 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id BB74227BBE2 for ; Fri, 21 Mar 2025 15:24:02 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tveDV-000260-Rx; Fri, 21 Mar 2025 11:23:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tveDE-00021j-34 for guix-patches@gnu.org; Fri, 21 Mar 2025 11:23:10 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tveDD-0000bd-Nr; Fri, 21 Mar 2025 11:23:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=m86vPvKnmWaIcsldyiBl9NGBpHbOJ/SoiUpwe4xD6A4=; b=N5KfFsxSOjGeyWuR+tEXO6vXFlznS2vtrfQPxxTJUNXIvS8XqTQAPjSHR5Me6Iigpt67ckxi+5R/FQ8eWecoinKtp+XEJqggwCOERbj1Xa9w3ASPxal6/Q6abeU9O60DWjm1O2SThm8bf+gEcCidoTDWzpNJhBeQ1jBGOjCxBv/ByK2aGfdkdbkhLuOcgNIoq4Gx/fKL5Lg6aoadQ2/e3qKrufJiGStFDrjxEjSB6GQZsVOjvTCm5CSRwAHQO7AunxHdpjUl7lPw5hyADxMVfKNGYPMCZ21keWv1Tiqno3N0t/iVXU9QFl6xCu+f/fvYECDQCbpQxDI+4i2U2YFsAw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tveDD-000464-Fg; Fri, 21 Mar 2025 11:23:07 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77153] [PATCH 3/3] doc: cookbook: Document manual libvirt networking. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Fri, 21 Mar 2025 15:23:07 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77153 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77153@debbugs.gnu.org Cc: 45mg <45mg.writes@gmail.com>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77153-submit@debbugs.gnu.org id=B77153.174257057515602 (code B ref 77153); Fri, 21 Mar 2025 15:23:07 +0000 Received: (at 77153) by debbugs.gnu.org; 21 Mar 2025 15:22:55 +0000 Received: from localhost ([127.0.0.1]:38805 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tveCy-00043J-SY for submit@debbugs.gnu.org; Fri, 21 Mar 2025 11:22:55 -0400 Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:45084) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tveCs-00041M-CP for 77153@debbugs.gnu.org; Fri, 21 Mar 2025 11:22:49 -0400 Received: by mail-pl1-x643.google.com with SMTP id d9443c01a7336-22423adf751so43352565ad.2 for <77153@debbugs.gnu.org>; Fri, 21 Mar 2025 08:22:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742570560; x=1743175360; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=m86vPvKnmWaIcsldyiBl9NGBpHbOJ/SoiUpwe4xD6A4=; b=dq07BABXkBR4uAgANEFVU63eDC6xQjBh3Y01txhewoazmUiNOEb9jdsReyp46RdKDl xR9Bqpc1SSzPXPnTHHGF1Z1x/v05Q50pfVYXTf+5hynXM0jGuUGMRvg1R5KjCEL5ZJxy WSJ0JTKdXqqfGD36tt8b0YULUhlWXVL5V4tYty8pXA4cqELV/8bewZxwQzTjsZKkEs5i qvXeKb64obvxV35NDQ5UuG9SUvefT7ij0kDyb9b5dalShSXvzf6XgKOsx5zzM52SSCag ClR6lrHrFGrnb3/sInDGO06jRxkfwBPXdt83SwwNI9FNj2vJZ+1nzea4c/3+IrkaXUL0 Ojdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742570560; x=1743175360; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m86vPvKnmWaIcsldyiBl9NGBpHbOJ/SoiUpwe4xD6A4=; b=FEqsXbGjTMCbbogmmIzuXi+GfuwmsK78uuhlmzJ4GyChPbubo3ls0QrdkAAs60Zlrw 0+pQX684DCM+3RiXsbFj7BTEL7GzbJDImmEp5wlm7Swgu3HunI+zBjLzWSzgARLxnnWO AU8LukkHBIcoZi/FpJgOqn7+/67KNB4GFJix220ld5J0bEY1Ik1ODcCqAqSdmC1bAjqL MKfdmM4TGYtyAciUgbLyBlsdPSwl836zHw4TU8S7BSdV/Ni4mg3Ar71F7tBJDSyLVHSp ik5Cnu6Rl4CVcNiYUX8S1Rw7F5vVXBAEO+ZtE7cukddXVv7ChgvgEXTJvKx5p1uQV0mJ C8sA== X-Gm-Message-State: AOJu0YxGOeYI8HyLvuxMH08hFy05SQ2z0et3IafpXg2gZnXDm0db5UuR Oft9y1E9s12AdvpEGkowh5vEpB5iIHj1zchHxFor587XmAmOt/iN1C1Y6DCs X-Gm-Gg: ASbGnctzaetFJzumbauH2s/ZK+1k+fgSpPOSSE1mMKb8xFZh3TwhRWoPp+XlUjsIDdq zgu/eVhQeJ7lwgflOepph6P5O/QPlfYmO7EwXClDJEchnmwJryTJWgr4jYgHauDvh8ic+8LPHEA ++mEcl0UxPUD3QpRGVZcsaS+Dk8RMG9dUhUBMCNygMub57dzKycC+9Q7uYEYwQxyZVY3zgDCyzw 9LaBFLCPOekc8qZixkl7x3El71JR5NXbwn5YK9xERL1oSxnAXv/XWoLeOPdPB53F/DMQ9F7mn41 f5X8po3PDILu05rzJqujDN7r8YdNShBsaBkNQumUf4lmGTqANhPOhZkKNKRfRXW6Qdc= X-Google-Smtp-Source: AGHT+IGuY8N+UMPtyu+IeO9ZbxuoL6oiqi2uVrhd+sWBSEocQooO8ZAKW0wDHFbKc5i7bByVB3RJ2Q== X-Received: by 2002:a17:902:ef49:b0:224:24d3:60f4 with SMTP id d9443c01a7336-22780c786c8mr63649885ad.15.1742570559941; Fri, 21 Mar 2025 08:22:39 -0700 (PDT) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22780f3b493sm18118885ad.34.2025.03.21.08.22.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 21 Mar 2025 08:22:39 -0700 (PDT) From: 45mg <45mg.writes@gmail.com> Date: Fri, 21 Mar 2025 20:52:00 +0530 Message-ID: <60249f55cf80b1dbf41654728939cbc6e6bbcd4e.1742570314.git.45mg.writes@gmail.com> X-Mailer: git-send-email 2.48.1 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix-cookbook.texi (Virtual Machines): [Manual libvirt networking]: New section. Change-Id: Ice79c5dc8183ec694ac8b846a5ec88cb98cac9ff --- doc/guix-cookbook.texi | 120 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 325b1d9c2a..338dba25be 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -3750,6 +3750,7 @@ Virtual Machines @menu * Network bridge for QEMU:: * Routed network for libvirt:: +* Manual libvirt networking:: @end menu @node Network bridge for QEMU @@ -3974,6 +3975,125 @@ Routed network for libvirt should work from within your VM; you can e.g.@: run @samp{ping gnu.org} to verify that it functions correctly. +@node Manual libvirt networking +@section Manual libvirt networking + +As mentioned in the preceding section (@pxref{Routed network for libvirt}), +libvirt allows virtual networks to be defined via XML files and managed +by the @command{virsh} command. The details of the creation and removal +of virtual network switches are handled by libvirt, so the user does not +have to deal with them. + +However, libvirt's handling of virtual network switches can sometimes +clash with more complex networking setups. In particular, the iptables +rules inserted by libvirt for switches operating in the NAT mode can +clash with existing iptables/nftables rules, leading to insecure or +broken packet filtering. + +In such cases, the only solution is to manually set up a virtual network +switch. This section will provide instructions on how to do so using +Guix System services. + +This section is based on +@url{https://jamielinux.com/docs/libvirt-networking-handbook/custom-nat-based-network.html, +the corresponding section from the (unofficial) libvirt Networking +Handbook}. It should be noted that at the time of writing (March 2025), +this resource had not been updated since 2015, and is therefore somewhat +outdated. In particular, the creation of a `dummy interface' is no +longer necessary. + +@subsection Creating the virtual network bridge + +The @code{static-networking-service-type} can be used to create a +virtual network bridge and assign an IP address to it: + +@example lisp +(service static-networking-service-type + (list (static-networking + ;; The default provision is 'networking; if you're using any + ;; other service with this provision, such as + ;; `network-manager-service-type`, then you need to change the + ;; default + (provision '(static-networking)) + (links + (list (network-link + (name "virbr0") + (type 'bridge) + (arguments '((stp_state . 1)))))) + (addresses + (list (network-address + (device "virbr0") + (value "192.168.10.1/24"))))))) +@end example + +@subsection Running dnsmasq for the virtual network bridge + +The @code{dnsmasq-service-type} can be used to provide DNS and DHCP for +guests connected to this virtual network switch: + +@example lisp +(service dnsmasq-service-type + (dnsmasq-configuration + ;; You can have multiple instances of `dnsmasq-service-type` as long + ;; as each one has a different provision + (provision '(dnsmasq-virbr0)) + (extra-options (list + ;; Only bind to the virtual bridge. This + ;; avoids conflicts with other running + ;; dnsmasq instances. + "--except-interface=lo" + "--interface=virbr0" + "--bind-dynamic" + ;; IPv4 addresses to offer to VMs. This + ;; should match the chosen subnet. + "--dhcp-range=192.168.10.2,192.168.10.254")))) +@end example + +@subsection Configuring NAT for the virtual network switch + +If you intend to use the virtual network switch in NAT mode, you will +need to use nftables (or iptables) rules to set up IP masquerading. The +following example shows how to use @code{nftables-service-type} to do +this: + +@example lisp +(service nftables-service-type + (nftables-configuration + (ruleset + (plain-file "nftables.conf" + "\ +table inet filter @{ + + chain input @{ + type filter hook input priority filter; policy drop; + # Add your existing packet filtering rules here.... + iifname "virbr0" udp dport 67 counter accept comment "allow dhcp on virbr0" + iifname "virbr0" meta l4proto @{tcp, udp@} th dport 53 accept comment "allow dns on virbr0" + @} + + chain forward @{ + type filter hook forward priority filter; policy drop; + # Add your existing forwarding rules here.... + iifname "virbr0" accept comment "allow outbound traffic from virbr0" + oifname "virbr0" ct state @{established, related @} accept comment "allow established traffic to virbr0" + @} + +@} + +table inet nat @{ + chain postrouting @{ + type nat hook postrouting priority srcnat; policy accept; + # Add your existing nat rules here... + iifname "virbr0" ip daddr @{ 224.0.0.0/24, 255.255.255.255/32 @} return comment "don't masquerade to reserved address blocks" + iifname "virbr0" oifname != "virbr0" masquerade comment "masquerade all outgoing traffic from VMs" + @} +@} +")))) +@end example + +Ensure that you have IPv4 forwarding enabled (you can use +@code{sysctl-service-type} for this). + @c ********************************************************************* @node Advanced package management @chapter Advanced package management