From patchwork Sat Mar 22 17:03:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 40634 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 3237127BBE9; Sat, 22 Mar 2025 17:04:43 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id DEB8827BBE2 for ; Sat, 22 Mar 2025 17:04:41 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tw2Gg-0007IX-IQ; Sat, 22 Mar 2025 13:04:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tw2GR-0007Dl-TJ for guix-patches@gnu.org; Sat, 22 Mar 2025 13:04:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tw2GR-0005PH-An; Sat, 22 Mar 2025 13:04:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=LqWHVxR+41MzoJB0WH3oOwDgTwiZHzY1JovzbST1/zw=; b=WImhsEr8MI+mzPrVcr3ImaEo7dtzpX+WN3JUO209TPbpTVIfx9aLsra3J/GhS/Slrq4+sz2YOA/ErSgVN9duJopNpc+FUECqt8RxE0+uLpRAIAiVn3Cbl0iWrDHsSVY2jejimILl/RuyXlPFY58z6lueHX25+6nhcobKG0mVP03eXxDrT2i0SLbO7RhWZcp9t7UknAJlb/iFiBLfxZkmmqipB0hrykd21bsTCbVaJ3KwiflpnbkUpOczPPs1FNAtS0uzZOvVNDDTj0nQ/9T8dXavx7dN3pUSEHy0/1G8Vc56qnqXDU177igOxztlvprX8RMF9/w2+HRAAkKg+q326Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tw2GR-0006mc-5O; Sat, 22 Mar 2025 13:04:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77153] [PATCH v3 1/3] doc: cookbook: Fix terminology for libvirt virtual network switches. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Sat, 22 Mar 2025 17:04:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77153 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77153@debbugs.gnu.org Cc: 45mg <45mg.writes@gmail.com>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77153-submit@debbugs.gnu.org id=B77153.174266302926027 (code B ref 77153); Sat, 22 Mar 2025 17:04:03 +0000 Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 17:03:49 +0000 Received: from localhost ([127.0.0.1]:45139 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tw2GC-0006lj-GK for submit@debbugs.gnu.org; Sat, 22 Mar 2025 13:03:49 -0400 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]:47450) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tw2GA-0006lI-Vn for 77153@debbugs.gnu.org; Sat, 22 Mar 2025 13:03:47 -0400 Received: by mail-pl1-x641.google.com with SMTP id d9443c01a7336-224341bbc1dso59000885ad.3 for <77153@debbugs.gnu.org>; Sat, 22 Mar 2025 10:03:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742663020; x=1743267820; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LqWHVxR+41MzoJB0WH3oOwDgTwiZHzY1JovzbST1/zw=; b=BszBBfEO9ZtsvVk7rxyLzTkbngopD1frmrkppzg1cZJqnKrg7mBVusFPDJaknNk+uV 4AkZ6lMQ9tj8wSsdaun0ZpGYW4bcG5909/JX6bhKpHVj9ZSEhf+ZQUKREddSV0ftLjs1 gP6ffyKkBGLgbSFhDmw1ut2aMeTNx719xfK5HJOY8FPqr1H5qyJL968ym4B+U26AGDkt fnLEk/5rdMiwCuFbWc9JW5Y52/1J8QhQGad33QxNJPjSaXUq2CiutcpkLudvvZPX7VYk iowEIgGlWR2NEkMcpzhAKzyNMJku8TvRlkPR/goBAfSdQ8OStcZALPJJ4JtS4eN9VoIj FOSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742663020; x=1743267820; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LqWHVxR+41MzoJB0WH3oOwDgTwiZHzY1JovzbST1/zw=; b=ieWqYHhUafqOlPHSWs2HQOxd/r/tek3o2+0Ia5iyPb2AM1NswIIJvb7PK7e9ai5Ioz hQryv86wGYbmrEAyPpUoHGRhnAy5RfW4oIL2cGmx/YOd8wVfMCbfoeip7ZMo800yOMQ7 ZTzgxcVAlpOXb1gIKQ7zwgcQI1zONel3DrNLT/Jo5jH8C5LWSfZzY6rRe91H3s/WWP7q BMRWr2tyiPfErVXsjhX8XjoHY5P1Y5rwkNwRQmyNFzl27YJwrBxXiTHXkdt7qImsCbKk 0vbdBEl5C+o3YObKeteIbr9fiFCnFPt/+xKKeho+mN0IoDthC99BhdCHZRk/rbxkdM2m RhUQ== X-Gm-Message-State: AOJu0YxGDz7Bw7+5xZcMK21CqWnHq5lH+jRZl9rkO5Ago7QZm54bvsU7 fFknO9JzxPew2faBac7H4aeqbEkywSOckW9ETZRwzYX7KG44OdFxafgUPHZ0 X-Gm-Gg: ASbGnctddvscdJEJegbh0R6AhRyWcc8ZRWHXYIHfYc46R8x18BQvZJh85bO4gHGQs5x SmxWIrWbnXOZaIFeR5sPHXlkecOYnJkHKQWC7m1d2PfW6Jy4FMbS0pW96d7ePOTHob3T8ZYXncI VQPfaTEbflCCW4J526CrNHe7kxrfYhcA6KD0CJ6EqazFsz1mAddFsB+jZHDBfEEo7XiGYDzS/Xt p+SAd1ZjDcrCPYip2EH+dEacX2IqWswMHrMEHsaACsZQhPfQ6gmFNTyOMrXLicmx2TT4x4ybk0V LS0TijcX5u0rrLFN9BhW8HyOmNZ8ac7EbvWa8POYEiLmxKW8zeBtT8pxhgfJfCk0L+k= X-Google-Smtp-Source: AGHT+IHv6uEXIDtobB/2N7edQHzB1OqtjrRlmLxl0yC5afm4NT8X8ojzM5210R+mH5IVIBW3mumCew== X-Received: by 2002:a17:902:e741:b0:224:2524:3047 with SMTP id d9443c01a7336-22780da250fmr102034755ad.26.1742663020293; Sat, 22 Mar 2025 10:03:40 -0700 (PDT) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-227811d805bsm37898885ad.159.2025.03.22.10.03.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Mar 2025 10:03:40 -0700 (PDT) From: 45mg <45mg.writes@gmail.com> Date: Sat, 22 Mar 2025 22:33:15 +0530 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix-cookbook.texi (Virtual Machines) [Routed network for libvirt]: Replace the term 'virtual bridge' with 'virtual network switch'. This is the term used by the libvirt Wiki to refer to the combined setup of a 'virtual bridge' network interface, dnsmasq instance bound to it, and firewall rules associated with it; 'bridge' is ambiguous because it is sometimes used with this meaning, and sometimes to refer specifically to the virtual network device called a 'bridge'. Change-Id: Ibd10fe76321eb61e9ca23d8124634d1108d4faad --- doc/guix-cookbook.texi | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index d9b98a2ab3..a0d148f469 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -25,6 +25,7 @@ Copyright @copyright{} 2023-2024 Ludovic Courtès@* Copyright @copyright{} 2023 Thomas Ieong@* Copyright @copyright{} 2024 Florian Pelz@* +Copyright @copyright{} 2025 45mg@* Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -3879,29 +3880,29 @@ Routed network for libvirt @section Routed network for libvirt @cindex Virtual network bridge interface @cindex networking, virtual bridge -@cindex libvirt, virtual network bridge +@cindex libvirt, virtual network switch If the machine hosting your virtual machines is connected wirelessly to the network, you won't be able to use a true network bridge as explained in the preceding section (@pxref{Network bridge for QEMU}). In this -case, the next best option is to use a @emph{virtual} bridge with static -routing and to configure a libvirt-powered virtual machine to use it -(via the @command{virt-manager} GUI for example). This is similar to -the default mode of operation of QEMU/libvirt, except that instead of -using @abbr{NAT, Network Address Translation}, it relies on static -routes to join the @abbr{VM, virtual machine} IP address to the +case, the next best option is to use a @emph{virtual network switch} +with static routing and to configure a libvirt-powered virtual machine +to use it (via the @command{virt-manager} GUI for example). This is +similar to the default mode of operation of QEMU/libvirt, except that +instead of using @abbr{NAT, Network Address Translation}, it relies on +static routes to join the @abbr{VM, virtual machine} IP address to the @abbr{LAN, local area network}. This provides two-way connectivity to and from the virtual machine, which is needed for exposing services hosted on the virtual machine. -@subsection Creating a virtual network bridge +@subsection Creating a virtual network switch -A virtual network bridge consists of a few components/configurations, +A virtual network switch consists of a few components/configurations, such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq) and firewall rules (iptables). The @command{virsh} command, provided by the @code{libvirt} package, makes it very easy to create a virtual -bridge. You first need to choose a network subnet for your virtual -bridge; if your home LAN is in the @samp{192.168.1.0/24} network, you +switch. You first need to choose a network subnet for your virtual +switch; if your home LAN is in the @samp{192.168.1.0/24} network, you could opt to use e.g.@: @samp{192.168.2.0/24}. Define an XML file, e.g.@: @file{/tmp/virbr0.xml}, containing the following: From patchwork Sat Mar 22 17:03:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 40633 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 4118527BBEA; Sat, 22 Mar 2025 17:04:19 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 87AD127BBE2 for ; Sat, 22 Mar 2025 17:04:18 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tw2Gf-0007Gn-O2; Sat, 22 Mar 2025 13:04:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tw2GS-0007E0-8w for guix-patches@gnu.org; Sat, 22 Mar 2025 13:04:04 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tw2GR-0005Pb-UL; Sat, 22 Mar 2025 13:04:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=wV4sg3mRqAp7DZbNF4g1B3XPRTiX1zdvoj5pYIiTKmk=; b=FGgZa/FIENQvgUXd7l25myMKNSyeAb7vExUB9XdtyrwceDOQ3r4pp1oBmv3H2fzbMIWP6ApsM9d0C6aiVJ6Vxnnp2gmMXJqjNxE+pfdK8LcA/8KUIfuzf9vnVmDJpfq/6IfeU+dtc9GsJD4HgfxfiolVykzk5ue9/7iaxE30ojeoCHm3HOcHMNNrJ/y6zHt8DdddfrbdimBO8FNPqM/WMs/oeA/oJqoVPKbY4czUFqdb7VCh9y3ueASYhDewsst1pW17vALG3YMz6N7BhyMoNBVzC5cgiJABfQJ8B3UoOPqscmnXoYt6L+HuTBeOglibPB0KkEp/llx9huJlhH11Jg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tw2GR-0006mk-Nx; Sat, 22 Mar 2025 13:04:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77153] [PATCH v3 2/3] doc: cookbook: Clarify virtual network switches. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Sat, 22 Mar 2025 17:04:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77153 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77153@debbugs.gnu.org Cc: 45mg <45mg.writes@gmail.com>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77153-submit@debbugs.gnu.org id=B77153.174266303726053 (code B ref 77153); Sat, 22 Mar 2025 17:04:03 +0000 Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 17:03:57 +0000 Received: from localhost ([127.0.0.1]:45142 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tw2GL-0006m9-4t for submit@debbugs.gnu.org; Sat, 22 Mar 2025 13:03:57 -0400 Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]:55315) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tw2GI-0006lq-Qp for 77153@debbugs.gnu.org; Sat, 22 Mar 2025 13:03:55 -0400 Received: by mail-pl1-x644.google.com with SMTP id d9443c01a7336-2240b4de12bso35433005ad.2 for <77153@debbugs.gnu.org>; Sat, 22 Mar 2025 10:03:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742663028; x=1743267828; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wV4sg3mRqAp7DZbNF4g1B3XPRTiX1zdvoj5pYIiTKmk=; b=AVLEGOX/uuVDyBar4Yc7lkzBDuZjY0IW6ZrDl+CagYSWqbZ7aihbreeqrjDBUDkC6N PdXrajL7wPLnOjd7aD5bZ2NgdnORuVKydXcn9BNE6d36F2TCuMre45repy4vLBK6PAl9 tDlQ309qAYDOhNpM1u586Kh6mMv3FXtNRIccWsniy21x9NFhB54B38zw2tezxh4Lf1IX vaDtcEIYwpPfPe3KaQ61ftl5QMUP26GkTjt6WZHuPPd+05KNBJiTjy25p5bXbbMw7J7u ZQwBj1TezAyeoAg7+89+K8NGGn2ywN9VZCdNn/crTEcnjvvaXAK3zsIe33pTj+I+Oqa2 7c0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742663028; x=1743267828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wV4sg3mRqAp7DZbNF4g1B3XPRTiX1zdvoj5pYIiTKmk=; b=WJXSoyiLL1Wst2AxHyaScMJ2Raq3qumLd/o+RtItc9M5XwOIkzqrHbDgG/sQIcvxyB qqgY37T2ip+tdx1MxTOSgtP09by/HtjbAMvJ5mfQosPil8qzX8mye61pE8kElCBcYQUz EXSPVg0M7DWCM3Bp9GPitITab4suvU4by8MzAAJ5A1oUxK1IhRxkOP5zwIwe7qERBc2W pp+w4mHVPHvx7k5J8+V1uYMzH1IYrFTmXlRrL2fwcCBhCic0El35YPySFgoJf0TDUMhV I4jOO13HL5bO9HQKxi7MjuvjHE+FpwbPJ+/T0jV6T4zpqfREvzpqQ70SoUQIFIqYO2I4 7Udg== X-Gm-Message-State: AOJu0YwEK1bRInL/Mu2ChZNDJ/a3cf9dLKFv88lxA3ubdUP+rirx2CJ2 1xVVzm2bou7G5fOcKLAuYR+9h0d8prHoZcpLaT8Wu44ks1ws0eSaosyd2M4f X-Gm-Gg: ASbGnctFGkH9wTYgNvSiwSNp5kRsPrfaRmKCZssOB7/d18bijtpJWF9mUwgoXsWSQ+h 9p0qiGl7QwJlEVwE1EuwR7MAJxZ6h+0OQz/3NJNka9eme6P+W/lK6xjEnvsiMDWO2azB9NgqmFy jIQoTrNw+HMFsoKJP9WLqMH08bRN//Z9ziBa3svd+ZhzaK+tu7qlKaLX4tNlJUGnryppEd/m+TK L6yEQqjyuzDAMpZ77etlFigaWfLJ1Kz6eLFHcOlt6NGiAEhzQIrAr9DqgzMjJqd5ooNaPKgYUBF wofNesb37H+m5ejJ2+QCiXII38xTB2mo0AY3ZGvMKcfNmItagUADzFDOYdheeDMQa8o= X-Google-Smtp-Source: AGHT+IGAzwmCNTXbl+NjFKN2SKAsU8FaD5RgiJf3DFwQaT2yHGXeAlQShATI0P8A/0hR4LKSqg8mOA== X-Received: by 2002:a17:903:320d:b0:220:bd61:a337 with SMTP id d9443c01a7336-22780d8ceb5mr124205335ad.23.1742663028371; Sat, 22 Mar 2025 10:03:48 -0700 (PDT) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-227811d805bsm37898885ad.159.2025.03.22.10.03.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Mar 2025 10:03:48 -0700 (PDT) From: 45mg <45mg.writes@gmail.com> Date: Sat, 22 Mar 2025 22:33:16 +0530 Message-ID: <5f7ac2f270ba3e07467fac40292a794207483e1f.1742661687.git.45mg.writes@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix-cookbook.texi (Virtual Machines): [Routed network for libvirt] {Creating a virtual network switch}: Remove unnecessarily noncommital language ("a few components/configurations, such as..."). Correct 'TUN interface', as bridges are currently used. Add a link to the libvirt Wiki for more information. Change-Id: I6ffdeca8e4d32155c8cce547d4930bf1b0cb471b --- doc/guix-cookbook.texi | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index a0d148f469..9c56790edc 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -3897,14 +3897,19 @@ Routed network for libvirt @subsection Creating a virtual network switch -A virtual network switch consists of a few components/configurations, -such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq) -and firewall rules (iptables). The @command{virsh} command, provided by -the @code{libvirt} package, makes it very easy to create a virtual -switch. You first need to choose a network subnet for your virtual -switch; if your home LAN is in the @samp{192.168.1.0/24} network, you -could opt to use e.g.@: @samp{192.168.2.0/24}. Define an XML file, -e.g.@: @file{/tmp/virbr0.xml}, containing the following: +A virtual network switch consists of a virtual network device called a +`virtual bridge', DHCP server (dnsmasq) and firewall rules +(iptables). See the +@url{https://wiki.libvirt.org/VirtualNetworking.html, libvirt Wiki +article on Virtual Networking} for more details on the modes of +operation, management and implementation of virtual network switches. + +The @command{virsh} command, provided by the @code{libvirt} +package, makes it very easy to create a virtual switch. You first need +to choose a network subnet for your virtual switch; if your home LAN is +in the @samp{192.168.1.0/24} network, you could opt to use e.g.@: +@samp{192.168.2.0/24}. Define an XML file, e.g.@: +@file{/tmp/virbr0.xml}, containing the following: @example From patchwork Sat Mar 22 17:03:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: 45mg <45mg.writes@gmail.com> X-Patchwork-Id: 40635 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2AC8527BBE2; Sat, 22 Mar 2025 17:05:24 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL, RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7A09E27BBE9 for ; Sat, 22 Mar 2025 17:05:23 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tw2HV-0007UL-IT; Sat, 22 Mar 2025 13:05:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tw2HR-0007Tn-FA for guix-patches@gnu.org; Sat, 22 Mar 2025 13:05:05 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tw2HO-0005Uu-Dt; Sat, 22 Mar 2025 13:05:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=+Wfhak73go9ABYVHyCeV+xU3z/qXOm364s8ylIDhZ4A=; b=Dkf954+xfB4qoScwk3hY7iOeXh4iEhGyZ+UzuWp9B3GsrLG4siACNPlgDk+LWijGd+/eV03zdUUniXZ0c+zQ6enCkrw+w9JYtRJoM+01Fgma2UaUo25+54ott36ywsl+e+Au4D1Gl7NLlZ4XHJ8FezFbplvgSXWsKEciYomB0k36tKecvcchzFhqbbL7V+TIU0ffjU1Vef37r9BYHs0XshiqZ9NN4b8xRqXeG+nVoxZEPI0qU30bsVOV+MOfm8Nq6LxA8wmoPokk9D5u4/JXb1rOfUYKq2sMis6ZoJxWMo8Euu1UnJ0z+GDD14B8WXm+5aNr2QK/tTs2D3YYYFGoQQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tw2HO-0006on-8Z; Sat, 22 Mar 2025 13:05:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77153] [PATCH v3 3/3] doc: cookbook: Custom NAT-based libvirt networks. Resent-From: 45mg <45mg.writes@gmail.com> Original-Sender: "Debbugs-submit" Resent-CC: ludo@gnu.org, maxim.cournoyer@gmail.com, guix-patches@gnu.org Resent-Date: Sat, 22 Mar 2025 17:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77153 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77153@debbugs.gnu.org Cc: 45mg <45mg.writes@gmail.com>, Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer X-Debbugs-Original-Xcc: Ludovic =?utf-8?q?Court=C3=A8s?= , Maxim Cournoyer Received: via spool by 77153-submit@debbugs.gnu.org id=B77153.174266305026119 (code B ref 77153); Sat, 22 Mar 2025 17:05:02 +0000 Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 17:04:10 +0000 Received: from localhost ([127.0.0.1]:45151 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tw2GX-0006nC-MA for submit@debbugs.gnu.org; Sat, 22 Mar 2025 13:04:10 -0400 Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]:54768) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <45mg.writes@gmail.com>) id 1tw2GU-0006mK-Ea for 77153@debbugs.gnu.org; Sat, 22 Mar 2025 13:04:07 -0400 Received: by mail-pl1-x641.google.com with SMTP id d9443c01a7336-2241053582dso30339475ad.1 for <77153@debbugs.gnu.org>; Sat, 22 Mar 2025 10:04:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1742663040; x=1743267840; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+Wfhak73go9ABYVHyCeV+xU3z/qXOm364s8ylIDhZ4A=; b=nLfw0Iud0sROT3PhgDL3raXvbjOyJ1Nfpt1VU971u50m0aZLoiXXUiJDj1yEphWVmr efI+PzJYHiswjxgxaN0Ps38WzEYLMFDWdGvxcsxeaqyZ/n3hsTZAScsZtc3Zc9lhmsh6 /nVlmI7PVG4Kw8cJcuJGR0nxeDUoMI5YSvfIbpyrc0mmAuU+5e5Kji4d2OMNo35oAI5Z c0zXMQivSbzUGjaMPIln3DFrIjSfGjyIjAgjOfS/2OUdNn7tb0NKw7pUcJMSzr/oR5Ig stKhlPLtS2FoI/oFsXYduUx1JgNDrq80yuihs/RUxPHSyvj4jG0Zq0vZ4iL7lY8/816o 84+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1742663040; x=1743267840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+Wfhak73go9ABYVHyCeV+xU3z/qXOm364s8ylIDhZ4A=; b=v/v3G3aqdvLHeozjpDd9553pTz3MYBePVYqiihb2JFIuJyzBQgDgj+8poMcIjMxbXu rHZrU/D/sTVfbCYhyrBWyIcmlp5DTj4IJ+8zOMJ5ciGGs3NWhvd+vYZTer5tY3weAIy2 b8nwIY3JYTG9JWY4JVKtq6blA/aX/0nNZKWV3kWIjYEBfoDSMvCdDcJCItOtHpztUSxM 3Y97N4Fm7cmWyK2wYgmsqH7Xyw5vS9dwzEbGfAPptxDTOjGfTaJAlKCZKR2zQky0jFPb G9DpjwmT13h6xL9I/RrrIYXEN20nWaf5ke5Z6030y0KIUiQ8t2HPMPCj/0rXWFOFI8uN mkBw== X-Gm-Message-State: AOJu0YyLulmnOzLykiahgx+td7F3sFzTmOAd8lSegm4Ze4CAHPZCMyex LBmGUW9AMlkMi3jDOqs/HHroVoh/SiJGZnNEYMKW6fRo5D5Y/BfUjMoqljhr X-Gm-Gg: ASbGncs3ppDGE65Sj8EjUk1pxfbfK4NwEgldouK4daI+j5WqC6qlGDZl4eUHCpGIqIY R4hj0uzJ/dQ8GuUcSIhOgMOpbzeZ/uDMHT798P9kqjhqs9aX2wwgMPW9twGHyXoMyJlmJa12cUt 5W9TEnsZ6Rq82+6Z0XEh/9TeH72emY2lxxdzVmfdd6O4hVwIQMUrKxRK+SH/B7ZOO2HogVMXFC9 FHyshlpwzOY4heiEbaXC5rGynowv06M+dI9pDzum9mfZ6iOvx2v4FSQrKTO95s6NbMh5LG8bkaD SXaVGNFh5i5ssYfyGiTc0bAyeNURiNQzJsk1Y27t3Go0DHKp3QLAZxRTgyHLblBJXsg= X-Google-Smtp-Source: AGHT+IHWdDYTqdsAapv2WeR/Z4SaJhUVpRYKV/9MU6y8LkeZpOUL4+DB3t0ePHfftqJ3uYwfyYOe6Q== X-Received: by 2002:a17:902:d487:b0:224:de2:7fd6 with SMTP id d9443c01a7336-22780da8656mr110203985ad.25.1742663040083; Sat, 22 Mar 2025 10:04:00 -0700 (PDT) Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-227811d805bsm37898885ad.159.2025.03.22.10.03.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 22 Mar 2025 10:03:59 -0700 (PDT) From: 45mg <45mg.writes@gmail.com> Date: Sat, 22 Mar 2025 22:33:17 +0530 Message-ID: <7368bad135cc2434f6b94ecd61832f7468afcead.1742661687.git.45mg.writes@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches * doc/guix-cookbook.texi (Virtual Machines): [Custom NAT-based network for libvirt]: New section. [References]: New section. Change-Id: Ice79c5dc8183ec694ac8b846a5ec88cb98cac9ff --- doc/guix-cookbook.texi | 128 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 128 insertions(+) diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi index 9c56790edc..2a49f4b27f 100644 --- a/doc/guix-cookbook.texi +++ b/doc/guix-cookbook.texi @@ -3751,6 +3751,8 @@ Virtual Machines @menu * Network bridge for QEMU:: * Routed network for libvirt:: +* Custom NAT-based network for libvirt:: +* References:: @end menu @node Network bridge for QEMU @@ -3975,6 +3977,132 @@ Routed network for libvirt should work from within your VM; you can e.g.@: run @samp{ping gnu.org} to verify that it functions correctly. +@node Custom NAT-based network for libvirt +@section Custom NAT-based network for libvirt + +As mentioned in the preceding section (@pxref{Routed network for libvirt}), +libvirt allows virtual networks to be defined via XML files and managed +by the @command{virsh} command. The details of the creation and removal +of virtual network switches are handled by libvirt, so the user does not +have to deal with them. + +However, libvirt's handling of virtual network switches can sometimes +clash with more complex networking setups. In particular, the iptables +rules inserted by libvirt for switches operating in the NAT mode can +clash with existing iptables/nftables rules, leading to insecure or +broken packet filtering. + +In such cases, the only solution is to manually set up a virtual network +switch. This section will provide instructions on how to do so using +Guix System services. + +@subsection Creating the virtual network bridge + +The @code{static-networking-service-type} can be used to create a +virtual network bridge and assign an IP address to it: + +@example lisp +(service static-networking-service-type + (list (static-networking + ;; The default provision is 'networking; if you're using any + ;; other service with this provision, such as + ;; `network-manager-service-type`, then you need to change the + ;; default. + (provision '(static-networking)) + (links + (list (network-link + (name "virbr0") + (type 'bridge) + (arguments '())))) + (addresses + (list (network-address + (device "virbr0") + (value "192.168.10.1/24"))))))) +@end example + +@subsection Running dnsmasq for the virtual network bridge + +The @code{dnsmasq-service-type} can be used to provide DNS and DHCP for +guests connected to this virtual network switch: + +@example lisp +(service dnsmasq-service-type + (dnsmasq-configuration + ;; You can have multiple instances of `dnsmasq-service-type` as long + ;; as each one has a different provision. + (provision '(dnsmasq-virbr0)) + (extra-options (list + ;; Only bind to the virtual bridge. This + ;; avoids conflicts with other running + ;; dnsmasq instances. + "--except-interface=lo" + "--interface=virbr0" + "--bind-dynamic" + ;; IPv4 addresses to offer to VMs. This + ;; should match the chosen subnet. + "--dhcp-range=192.168.10.2,192.168.10.254")))) +@end example + +@subsection Configuring NAT for the virtual network switch + +If you intend to use the virtual network switch in NAT mode, you will +need to use nftables (or iptables) rules to set up IP masquerading. The +following example shows how to use @code{nftables-service-type} to do +this: + +@example lisp +(service nftables-service-type + (nftables-configuration + (ruleset + (plain-file "nftables.conf" + "\ +table inet filter @{ + + chain input @{ + type filter hook input priority filter; policy drop; + # Add your existing packet filtering rules here... + iifname virbr0 udp dport 67 counter accept comment \"allow dhcp on virbr0\" + iifname virbr0 meta l4proto @{tcp, udp@} th dport 53 accept \\ + comment \"allow dns on virbr0\" + @} + + chain forward @{ + type filter hook forward priority filter; policy drop; + # Add your existing forwarding rules here... + iifname virbr0 accept comment \"allow outbound traffic from virbr0\" + oifname virbr0 ct state @{established, related @} accept \\ + comment \"allow established traffic to virbr0\" + @} + +@} + +table inet nat @{ + chain postrouting @{ + type nat hook postrouting priority srcnat; policy accept; + # Add your existing nat rules here... + iifname virbr0 ip daddr @{ 224.0.0.0/24, 255.255.255.255/32 @} return \\ + comment \"don't masquerade to reserved address blocks\" + iifname virbr0 oifname != virbr0 masquerade \\ + comment \"masquerade all outgoing traffic from VMs\" + @} +@} +")))) +@end example + +Ensure that you have IPv4 forwarding enabled (you can use +@code{sysctl-service-type} for this). + +@section References + +@itemize +@item +@uref{https://jamielinux.com/docs/libvirt-networking-handbook/index.html, +The (unofficial) libvirt Networking Handbook}@* +Note that this resource is rather outdated at the time of writing (as of +March 2025, it was last updated in 2015). Nevertheless, the authors of +this chapter have found it to be a valuable source of information. +@end itemize + @c ********************************************************************* @node Advanced package management @chapter Advanced package management