Fix potential dataloss on snapshot deletion

Signed-off-by: Cole Robinson <crobinso@redhat.com>
libvirt-10.6.0-6.fc41
2025-03-05 11:27:07 -05:00 · 2024-12-14 13:48:38 -05:00 · 2024-12-11 15:58:43 -05:00 · 2024-09-24 05:18:59 -04:00 · 2024-09-18 15:07:58 +02:00 · 2024-09-12 08:59:02 -05:00
27 changed files with 1841 additions and 1588 deletions
@@ -1,31 +0,0 @@
-From 5629ebcb4234fde10fd9468d5fc5dd4947ed8677 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 29 Apr 2025 15:49:10 +0100
-Subject: [PATCH] Fix mocking of virQEMUCapsProbeHVF function
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/qemu/qemu_capabilities.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index ea7c14daa9..488a1a058e 100644
--- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -943,7 +943,7 @@ bool
- virQEMUCapsGetKVMSupportsSecureGuest(virQEMUCaps *qemuCaps) G_NO_INLINE;
- 
- bool
-virQEMUCapsProbeHVF(virQEMUCaps *qemuCaps) G_NO_INLINE;
-+virQEMUCapsProbeHVF(virQEMUCaps *qemuCaps) G_NO_INLINE __attribute__((noipa));
- 
- virArch virQEMUCapsArchFromString(const char *arch);
- const char *virQEMUCapsArchToString(virArch arch);
-- 
-2.49.0
-
@@ -1,85 +0,0 @@
-From 63a3d70697dc44ef2f8b40f7c8e9aa869227a7da Mon Sep 17 00:00:00 2001
-From: Jiang XueQian <jiangxueqian@gmail.com>
-Date: Sat, 18 Jan 2025 16:32:10 +0800
-Subject: [PATCH] nss: Skip empty files and avoid use of uninitialized value
-Content-type: text/plain
-
-JSON parser isn't called when reading empty files so `jerr` will be used
-uninitialized in the original code. Empty files appear when a network
-has no dhcp clients.
-
-This patch checks for such files and skip them.
-
-Fixes: a8d828c88bbdaf83ae78dc06cdd84d5667fcc424
-Signed-off-by: Jiang XueQian <jiangxueqian@gmail.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
- tools/nss/libvirt_nss_leases.c | 9 +++++++--
- tools/nss/libvirt_nss_macs.c   | 9 +++++++--
- 2 files changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/tools/nss/libvirt_nss_leases.c b/tools/nss/libvirt_nss_leases.c
-index aea81bb56e..25ea6b0ce2 100644
--- a/tools/nss/libvirt_nss_leases.c
-+++ b/tools/nss/libvirt_nss_leases.c
-@@ -263,7 +263,7 @@ findLeases(const char *file,
-     enum json_tokener_error jerr;
-     int jsonflags = JSON_TOKENER_STRICT | JSON_TOKENER_VALIDATE_UTF8;
-     char line[1024];
-    ssize_t nreadTotal = 0;
-+    size_t nreadTotal = 0;
-     int rv;
- 
-     if ((fd = open(file, O_RDONLY)) < 0) {
-@@ -290,12 +290,17 @@ findLeases(const char *file,
-         jerr = json_tokener_get_error(tok);
-     } while (jerr == json_tokener_continue);
- 
-+    if (nreadTotal == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
-+
-     if (jerr == json_tokener_continue) {
-         ERROR("Cannot parse %s: incomplete json found", file);
-         goto cleanup;
-     }
- 
-    if (nreadTotal > 0 && jerr != json_tokener_success) {
-+    if (jerr != json_tokener_success) {
-         ERROR("Cannot parse %s: %s", file, json_tokener_error_desc(jerr));
-         goto cleanup;
-     }
-diff --git a/tools/nss/libvirt_nss_macs.c b/tools/nss/libvirt_nss_macs.c
-index 23229a18f3..bac8c0e1bb 100644
--- a/tools/nss/libvirt_nss_macs.c
-+++ b/tools/nss/libvirt_nss_macs.c
-@@ -124,7 +124,7 @@ findMACs(const char *file,
-     json_tokener *tok = NULL;
-     enum json_tokener_error jerr;
-     int jsonflags = JSON_TOKENER_STRICT | JSON_TOKENER_VALIDATE_UTF8;
-    ssize_t nreadTotal = 0;
-+    size_t nreadTotal = 0;
-     int rv;
-     size_t i;
- 
-@@ -152,12 +152,17 @@ findMACs(const char *file,
-         jerr = json_tokener_get_error(tok);
-     } while (jerr == json_tokener_continue);
- 
-+    if (nreadTotal == 0) {
-+        ret = 0;
-+        goto cleanup;
-+    }
-+
-     if (jerr == json_tokener_continue) {
-         ERROR("Cannot parse %s: incomplete json found", file);
-         goto cleanup;
-     }
- 
-    if (nreadTotal > 0 && jerr != json_tokener_success) {
-+    if (jerr != json_tokener_success) {
-         ERROR("Cannot parse %s: %s", file, json_tokener_error_desc(jerr));
-         goto cleanup;
-     }
@@ -1,68 +0,0 @@
-From cd0de70e05475d5f4aa46e578fbb98033d38c06b Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 16 Jun 2025 10:28:37 +0200
-Subject: [PATCH] qemu: Be more forgiving when acquiring QUERY job when
- formatting domain XML
-Content-type: text/plain
-
-In my previous commit of v11.0.0-rc1~115 I've made QEMU driver
-implementation for virDomainGetXMLDesc() (qemuDomainGetXMLDesc())
-acquire QERY job. See its commit message for more info. But this
-unfortunately broke apps witch fetch domain XML for incoming
-migration (like virt-manager). The reason is that for incoming
-migration the VIR_ASYNC_JOB_MIGRATION_IN async job is set, but
-the mask of allowed synchronous jobs is empty (because QEMU can't
-talk on monitor really). This makes virDomainObjBeginJob() fail
-which in turn makes qemuDomainGetXMLDesc() fail too.
-
-It makes sense for qemuDomainGetXMLDesc() to acquire the job
-(e.g. so that it's coherent with another thread that might be in
-the middle of a MODIFY job). But failure to dump XML may be
-treated as broken daemon (e.g. virt-manager does so).
-
-Therefore, still try to acquire the QUERY job (if job mask
-permits it) but, do not treat failure as an error.
-
-Fixes: 6cc93bf28842526be2fd596a607ebca796b7fb2e
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2369243
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
- src/qemu/qemu_driver.c | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index d2eddbd9ae..6bdeede2e8 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -6158,6 +6158,7 @@ static char
- {
-     virQEMUDriver *driver = dom->conn->privateData;
-     virDomainObj *vm;
-+    bool hasJob = false;
-     char *ret = NULL;
- 
-     virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS | VIR_DOMAIN_XML_UPDATE_CPU,
-@@ -6169,8 +6170,10 @@ static char
-     if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0)
-         goto cleanup;
- 
-    if (virDomainObjBeginJob(vm, VIR_JOB_QUERY) < 0)
-        goto cleanup;
-+    if (virDomainNestedJobAllowed(vm->job, VIR_JOB_QUERY) &&
-+        virDomainObjBeginJob(vm, VIR_JOB_QUERY) >= 0) {
-+        hasJob = true;
-+    }
- 
-     qemuDomainUpdateCurrentMemorySize(vm);
- 
-@@ -6186,7 +6189,8 @@ static char
- 
-     ret = qemuDomainFormatXML(driver, vm, flags);
- 
-    virDomainObjEndJob(vm);
-+    if (hasJob)
-+        virDomainObjEndJob(vm);
- 
-  cleanup:
-     virDomainObjEndAPI(&vm);
@@ -1,94 +0,0 @@
-From 63e4cbd109374f44e8bd4f8d1af5e2a2c67611bc Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Apr 2025 11:42:13 +0100
-Subject: [PATCH] storage: stop hardcoding paths for mkfs, mount, umount
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-This was always undesirable but now causes problems on Fedora 42
-where at build time we detect a /sbin path but at runtime this
-will only exist on upgraded machines, not fresh installs.
-
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- meson.build                      | 13 -------------
- src/storage/storage_backend_fs.c | 17 +++--------------
- 2 files changed, 3 insertions(+), 27 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 37b1caa566..14c98b49a1 100644
--- a/meson.build
-+++ b/meson.build
-@@ -1827,23 +1827,10 @@ if conf.has('WITH_LIBVIRTD')
-       endif
-     endif
- 
-    if fs_enable
-      mount_prog = find_program('mount', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
-      umount_prog = find_program('umount', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
-      mkfs_prog = find_program('mkfs', required: get_option('storage_fs'), dirs: libvirt_sbin_path)
-
-      if not mount_prog.found() or not umount_prog.found() or not mkfs_prog.found()
-        fs_enable = false
-      endif
-    endif
-
-     if fs_enable
-       use_storage = true
- 
-       conf.set('WITH_STORAGE_FS', 1)
-      conf.set_quoted('MOUNT', mount_prog.full_path())
-      conf.set_quoted('UMOUNT', umount_prog.full_path())
-      conf.set_quoted('MKFS', mkfs_prog.full_path())
-     endif
-   endif
- 
-diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
-index fce395d60f..6ec359625a 100644
--- a/src/storage/storage_backend_fs.c
-+++ b/src/storage/storage_backend_fs.c
-@@ -304,7 +304,7 @@ virStorageBackendFileSystemMount(virStoragePoolObj *pool)
-     if (!(src = virStorageBackendFileSystemGetPoolSource(pool)))
-         return -1;
- 
-    cmd = virStorageBackendFileSystemMountCmd(MOUNT, def, src);
-+    cmd = virStorageBackendFileSystemMountCmd("mount", def, src);
- 
-     /* Mounting a shared FS might take a long time. Don't hold
-      * the pool locked meanwhile. */
-@@ -362,7 +362,7 @@ virStorageBackendFileSystemStop(virStoragePoolObj *pool)
-     if ((rc = virStorageBackendFileSystemIsMounted(pool)) != 1)
-         return rc;
- 
-    cmd = virCommandNewArgList(UMOUNT, def->target.path, NULL);
-+    cmd = virCommandNewArgList("umount", def->target.path, NULL);
-     return virCommandRun(cmd, NULL);
- }
- #endif /* WITH_STORAGE_FS */
-@@ -402,18 +402,7 @@ virStorageBackendExecuteMKFS(const char *device,
-     g_autoptr(virCommand) cmd = NULL;
-     g_autofree char *mkfs = NULL;
- 
-#if WITH_STORAGE_FS
-    mkfs = virFindFileInPath(MKFS);
-#endif /* WITH_STORAGE_FS */
-
-    if (!mkfs) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("mkfs is not available on this platform: Failed to make filesystem of type '%1$s' on device '%2$s'"),
-                       format, device);
-        return -1;
-    }
-
-    cmd = virCommandNewArgList(mkfs, "-t", format, NULL);
-+    cmd = virCommandNewArgList("mkfs", "-t", format, NULL);
- 
-     /* use the force, otherwise mkfs.xfs won't overwrite existing fs.
-      * Similarly mkfs.ext2, mkfs.ext3, and mkfs.ext4 require supplying -F
-- 
-2.49.0
-
@@ -1,43 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-To: devel@lists.libvirt.org
-Subject: [PATCH] util: avoid overflow in hextable buffer
-Date: Mon, 20 Jan 2025 10:09:24 +0000
-Message-ID: <20250120100924.3864818-1-berrange@redhat.com>
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The assigned string is 17 chars long once the trailing nul is taken
-into account. This triggers a warning with GCC 15
-
- src/util/virsystemd.c: In function â€˜virSystemdEscapeNameâ€™:
- src/util/virsystemd.c:59:38: error: initializer-string for array of â€˜charâ€™ is too long [-Werror=unterminated-string-initialization]
-    59 |     static const char hextable[16] = "0123456789abcdef";
-       |                                      ^~~~~~~~~~~~~~~~~~
-
-Switch to a dynamically sized array as used in all the other places
-we have a hextable array.
-
-See also: https://gcc.gnu.org/PR115185
-Reported-by: Yaakov Selkowitz <yselkowi@redhat.com>
-Signed-off-by: Daniel P. BerrangÃ© <berrange@redhat.com>
---
- src/util/virsystemd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c
-index 5b772e29dd..d46e5f74fc 100644
--- a/src/util/virsystemd.c
-+++ b/src/util/virsystemd.c
-@@ -56,7 +56,7 @@ struct _virSystemdActivationEntry {
- static void virSystemdEscapeName(virBuffer *buf,
-                                  const char *name)
- {
-    static const char hextable[16] = "0123456789abcdef";
-+    static const char hextable[] = "0123456789abcdef";
- 
- #define ESCAPE(c) \
-     do { \
-- 
-2.47.1
-
@@ -1,58 +0,0 @@
-From 7ab0f1c2a3fddf46d381f055e49111e3063b4829 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Apr 2025 11:47:34 +0100
-Subject: [PATCH] util: stop hardcoding numad path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-From: Daniel P. Berrangé <berrange@redhat.com>
-
-Change the meson rules to always enable numad if on a Linux host, unless
-the meson options say not to.
-
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- meson.build        | 10 +++-------
- src/util/virnuma.c |  2 +-
- 2 files changed, 4 insertions(+), 8 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index 14c98b49a1..767205f44b 100644
--- a/meson.build
-+++ b/meson.build
-@@ -2028,14 +2028,10 @@ if not get_option('nss').disabled()
-   endif
- endif
- 
-if not get_option('numad').disabled() and numactl_dep.found()
-  numad_prog = find_program('numad', required: get_option('numad'), dirs: libvirt_sbin_path)
-  if numad_prog.found()
-    conf.set('WITH_NUMAD', 1)
-    conf.set_quoted('NUMAD', numad_prog.full_path())
-  endif
-+if not get_option('numad').disabled() and numactl_dep.found() and host_machine.system() == 'linux'
-+  conf.set('WITH_NUMAD', 1)
- elif get_option('numad').enabled()
-  error('You must have numactl enabled for numad support.')
-+  error('You must have a Linux host with numactl enabled for numad support.')
- endif
- 
- # nwfilter should only be compiled for linux, and only if the
-diff --git a/src/util/virnuma.c b/src/util/virnuma.c
-index 9393c20875..67c51630c7 100644
--- a/src/util/virnuma.c
-+++ b/src/util/virnuma.c
-@@ -61,7 +61,7 @@ virNumaGetAutoPlacementAdvice(unsigned short vcpus,
-     g_autoptr(virCommand) cmd = NULL;
-     char *output = NULL;
- 
-    cmd = virCommandNewArgList(NUMAD, "-w", NULL);
-+    cmd = virCommandNewArgList("numad", "-w", NULL);
-     virCommandAddArgFormat(cmd, "%d:%llu", vcpus,
-                            VIR_DIV_UP(balloon, 1024));
- 
-- 
-2.49.0
-
@@ -0,0 +1,29 @@
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Fri, 16 Aug 2024 13:56:51 +0200
+Subject: [PATCH] virarptable: Properly calculate rtattr length
+Content-type: text/plain
+
+Use convenience macro which does almost the same thing we were doing,
+but also pads out the payload length to a multiple of NLMSG_ALIGNTO (4)
+bytes.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+---
+ src/util/virarptable.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/util/virarptable.c b/src/util/virarptable.c
+index 299dddd664..d8e41c5a86 100644
+--- a/src/util/virarptable.c
+++ b/src/util/virarptable.c
+@@ -102,8 +102,7 @@ virArpTableGet(void)
+             return table;
+ 
+         VIR_WARNINGS_NO_CAST_ALIGN
+-        parse_rtattr(tb, NDA_MAX, NDA_RTA(r),
+-                     nh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
+        parse_rtattr(tb, NDA_MAX, NDA_RTA(r), NLMSG_PAYLOAD(nh, sizeof(*r)));
+         VIR_WARNINGS_RESET
+ 
+         if (tb[NDA_DST] == NULL || tb[NDA_LLADDR] == NULL)
@@ -1,36 +0,0 @@
-From b825bb556bd3967bf5422c243b77bd4038e317e2 Mon Sep 17 00:00:00 2001
-Message-ID: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 10:34:51 +0200
-Subject: [PATCH 1/8] wireshark: Drop needless declaration of
- proto_register_libvirt() and proto_reg_handoff_libvirt()
-Content-type: text/plain
-
-Both proto_register_libvirt() and proto_reg_handoff_libvirt() are
-declared in packet-libvirt.h which is included from plugin.c.
-There's no need to provide another declaration in plugin.c.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/plugin.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/tools/wireshark/src/plugin.c b/tools/wireshark/src/plugin.c
-index 9a83f2ca07..19b25e7b1a 100644
--- a/tools/wireshark/src/plugin.c
-+++ b/tools/wireshark/src/plugin.c
-@@ -72,9 +72,6 @@ void plugin_register(void)
- 
- #else /* WIRESHARK_VERSION >= 2009000 */
- 
-void proto_register_libvirt(void);
-void proto_reg_handoff_libvirt(void);
-
- WS_DLL_PUBLIC_DEF const gchar plugin_version[] = PLUGIN_VERSION;
- WS_DLL_PUBLIC_DEF const int plugin_want_major = WIRESHARK_VERSION_MAJOR;
- WS_DLL_PUBLIC_DEF const int plugin_want_minor = WIRESHARK_VERSION_MINOR;
-- 
-2.51.0
-
@@ -0,0 +1,34 @@
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Fri, 16 Aug 2024 13:59:15 +0200
+Subject: [PATCH] virarptable: Fix check for message length
+Content-type: text/plain
+
+The previous check was all wrong since it calculated the how long would
+the netlink message be if the netlink header was the payload and then
+subtracted that from the whole message length, a variable that was not
+used later in the code.  This check can fail if there are no additional
+payloads, struct rtattr in particular, which we are parsing later,
+however the RTA_OK macro would've caught that anyway.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+---
+ src/util/virarptable.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/util/virarptable.c b/src/util/virarptable.c
+index d8e41c5a86..45ee76766f 100644
+--- a/src/util/virarptable.c
+++ b/src/util/virarptable.c
+@@ -81,10 +81,9 @@ virArpTableGet(void)
+     for (; NLMSG_OK(nh, msglen); nh = NLMSG_NEXT(nh, msglen)) {
+         VIR_WARNINGS_RESET
+         struct ndmsg *r = NLMSG_DATA(nh);
+-        int len = nh->nlmsg_len;
+         void *addr;
+ 
+-        if ((len -= NLMSG_LENGTH(sizeof(*nh))) < 0) {
+        if (nh->nlmsg_len < NLMSG_SPACE(sizeof(*r))) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("wrong nlmsg len"));
+             goto cleanup;
@@ -1,47 +0,0 @@
-From 41d3b457972bde85991fa7ed6f282370aca4b2af Mon Sep 17 00:00:00 2001
-Message-ID: <41d3b457972bde85991fa7ed6f282370aca4b2af.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 15:20:05 +0200
-Subject: [PATCH 2/8] wireshark: Switch header files to #pragma once
-Content-type: text/plain
-
-The genxdrstub.pl script generates some header files. But they
-use the old pattern to guard against multiple inclusion:
-
-  #ifndef SOMETHING_H
-  #define SOMETHING_H
-  ...
-  #endif
-
-Change the script to generate just '#pragma once' used everywhere
-else in our code.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/util/genxdrstub.pl | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/tools/wireshark/util/genxdrstub.pl b/tools/wireshark/util/genxdrstub.pl
-index 8cfda25a27..01b663a88c 100755
--- a/tools/wireshark/util/genxdrstub.pl
-+++ b/tools/wireshark/util/genxdrstub.pl
-@@ -563,11 +563,8 @@ sub add_header_file {
-     local $self->{header_contents} = [];
-     $self->print("/* *DO NOT MODIFY* this file directly.\n");
-     $self->print(" * This file was generated by $0 from libvirt version $libvirt_version */\n");
-    my $ucname = uc $name;
-    $self->print("#ifndef _$ucname\_H_\n");
-    $self->print("#define _$ucname\_H_\n");
-+    $self->print("#pragma once\n");
-     $block->();
-    $self->print("#endif /* _$ucname\_H_ */");
-     push @{ $self->{headers} }, [ $name, delete $self->{header_contents} ];
- }
- 
-- 
-2.51.0
-
@@ -0,0 +1,46 @@
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Fri, 16 Aug 2024 14:02:48 +0200
+Subject: [PATCH] virarptable: End parsing earlier in case of NLMSG_DONE
+Content-type: text/plain
+
+Check for the last multipart message right as the first thing.  The
+presumption probably was that the last message might still contain a
+payload we want to parse.  However that cannot be true since that would
+have to be a type RTM_NEWNEIGH.  This was not caught because older
+kernels were note sending NLMSG_DONE and probably relied on the fact
+that the parsing just stops after all the messages are walked through,
+which the NLMSG_OK macro successfully did.
+
+Resolves: https://issues.redhat.com/browse/RHEL-52449
+Resolves: https://bugzilla.redhat.com/2302245
+Fixes: a176d67cdfaf5b8237a7e3a80d8be0e6bdf2d8fd
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+---
+ src/util/virarptable.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/virarptable.c b/src/util/virarptable.c
+index 45ee76766f..20d11f97b0 100644
+--- a/src/util/virarptable.c
+++ b/src/util/virarptable.c
+@@ -83,6 +83,9 @@ virArpTableGet(void)
+         struct ndmsg *r = NLMSG_DATA(nh);
+         void *addr;
+ 
+        if (nh->nlmsg_type == NLMSG_DONE)
+            break;
+
+         if (nh->nlmsg_len < NLMSG_SPACE(sizeof(*r))) {
+             virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                            _("wrong nlmsg len"));
+@@ -97,9 +100,6 @@ virArpTableGet(void)
+             (!(r->ndm_state == NUD_STALE || r->ndm_state == NUD_REACHABLE)))
+             continue;
+ 
+-        if (nh->nlmsg_type == NLMSG_DONE)
+-            return table;
+-
+         VIR_WARNINGS_NO_CAST_ALIGN
+         parse_rtattr(tb, NDA_MAX, NDA_RTA(r), NLMSG_PAYLOAD(nh, sizeof(*r)));
+         VIR_WARNINGS_RESET
@@ -1,81 +0,0 @@
-From 02a0e78bf54c903da8922c56bade9b3298ade351 Mon Sep 17 00:00:00 2001
-Message-ID: <02a0e78bf54c903da8922c56bade9b3298ade351.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 09:04:17 +0200
-Subject: [PATCH 3/8] wireshark: Move WIRESHARK_VERSION macro definition
-Content-type: text/plain
-
-Soon, other parts of the wireshark code will need to
-differentiate wrt wireshark version. Therefore, move the
-WIRESHARK_VERSION macro definition among with its deps into
-packet-libvirt.h.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.h | 14 ++++++++++++++
- tools/wireshark/src/plugin.c         | 14 --------------
- 2 files changed, 14 insertions(+), 14 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.h b/tools/wireshark/src/packet-libvirt.h
-index 14e6e13696..15cfcb0534 100644
--- a/tools/wireshark/src/packet-libvirt.h
-+++ b/tools/wireshark/src/packet-libvirt.h
-@@ -19,5 +19,19 @@
- 
- #pragma once
- 
-+#ifdef WITH_WS_VERSION
-+# include <wireshark/ws_version.h>
-+#else
-+# include <wireshark/config.h>
-+# define WIRESHARK_VERSION_MAJOR VERSION_MAJOR
-+# define WIRESHARK_VERSION_MINOR VERSION_MINOR
-+# define WIRESHARK_VERSION_MICRO VERSION_MICRO
-+#endif
-+
-+#define WIRESHARK_VERSION \
-+    ((WIRESHARK_VERSION_MAJOR * 1000 * 1000) + \
-+     (WIRESHARK_VERSION_MINOR * 1000) + \
-+     (WIRESHARK_VERSION_MICRO))
-+
- void proto_register_libvirt(void);
- void proto_reg_handoff_libvirt(void);
-diff --git a/tools/wireshark/src/plugin.c b/tools/wireshark/src/plugin.c
-index 19b25e7b1a..64317b5280 100644
--- a/tools/wireshark/src/plugin.c
-+++ b/tools/wireshark/src/plugin.c
-@@ -12,15 +12,6 @@
- 
- #include <config.h>
- 
-#ifdef WITH_WS_VERSION
-# include <wireshark/ws_version.h>
-#else
-# include <wireshark/config.h>
-# define WIRESHARK_VERSION_MAJOR VERSION_MAJOR
-# define WIRESHARK_VERSION_MINOR VERSION_MINOR
-# define WIRESHARK_VERSION_MICRO VERSION_MICRO
-#endif
-
- #define HAVE_PLUGINS 1
- #include <wireshark/epan/proto.h>
- /* plugins are DLLs */
-@@ -32,11 +23,6 @@
- /* Let the plugin version be the version of libvirt */
- #define PLUGIN_VERSION VERSION
- 
-#define WIRESHARK_VERSION \
-    ((WIRESHARK_VERSION_MAJOR * 1000 * 1000) + \
-     (WIRESHARK_VERSION_MINOR * 1000) + \
-     (WIRESHARK_VERSION_MICRO))
-
- #if WIRESHARK_VERSION < 2005000
- 
- WS_DLL_PUBLIC_DEF const gchar version[] = VERSION;
-- 
-2.51.0
-
@@ -0,0 +1,315 @@
+From 807e2670f2704c41f0a1dca81a5d2f2f9336137c Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 25 Nov 2024 22:24:44 -0500
+Subject: [PATCH 4/9] util: use a single flags arg for virNetDevBandwidthSet(),
+ not multiple bools
+
+Having two bools in the arg list is on the borderline of being
+confusing to anyone trying to read the code, but we're about to add a
+3rd. This patch replaces the two bools with a single flags argument
+which will instead have one or more bits from virNetDevBandwidthFlags
+set.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/lxc/lxc_driver.c           |  8 ++++++--
+ src/lxc/lxc_process.c          |  8 ++++++--
+ src/network/bridge_driver.c    | 10 ++++++++--
+ src/qemu/qemu_command.c        | 11 ++++++++---
+ src/qemu/qemu_driver.c         | 29 ++++++++++++++-------------
+ src/qemu/qemu_hotplug.c        | 22 +++++++++++++++------
+ src/util/virnetdevbandwidth.c  | 36 ++++++++++++++++++++--------------
+ src/util/virnetdevbandwidth.h  |  9 +++++++--
+ tests/virnetdevbandwidthtest.c |  8 +++++++-
+ 9 files changed, 94 insertions(+), 47 deletions(-)
+
+diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
+index 534e257f30..b693980dbb 100644
+--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
+@@ -3570,8 +3570,12 @@ lxcDomainAttachDeviceNetLive(virLXCDriver *driver,
+     actualBandwidth = virDomainNetGetActualBandwidth(net);
+     if (actualBandwidth) {
+         if (virNetDevSupportsBandwidth(actualType)) {
+-            if (virNetDevBandwidthSet(net->ifname, actualBandwidth, false,
+-                                      !virDomainNetTypeSharesHostView(net)) < 0)
+            unsigned int flags = 0;
+
+            if (!virDomainNetTypeSharesHostView(net))
+                flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+            if (virNetDevBandwidthSet(net->ifname, actualBandwidth, flags) < 0)
+                 goto cleanup;
+         } else {
+             VIR_WARN("setting bandwidth on interfaces of "
+diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
+index f5eb5383ec..0e689fbb70 100644
+--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
+@@ -605,8 +605,12 @@ virLXCProcessSetupInterfaces(virLXCDriver *driver,
+         actualBandwidth = virDomainNetGetActualBandwidth(net);
+         if (actualBandwidth) {
+             if (virNetDevSupportsBandwidth(type)) {
+-                if (virNetDevBandwidthSet(net->ifname, actualBandwidth, false,
+-                                          !virDomainNetTypeSharesHostView(net)) < 0)
+                unsigned int flags = 0;
+
+                if (!virDomainNetTypeSharesHostView(net))
+                    flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+                if (virNetDevBandwidthSet(net->ifname, actualBandwidth, flags) < 0)
+                     goto cleanup;
+             } else {
+                 VIR_WARN("setting bandwidth on interfaces of "
+diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
+index 32572c755f..1c53636450 100644
+--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
+@@ -2058,8 +2058,11 @@ networkStartNetworkVirtual(virNetworkDriverState *driver,
+         }
+     }
+ 
+-    if (virNetDevBandwidthSet(def->bridge, def->bandwidth, true, true) < 0)
+    if (virNetDevBandwidthSet(def->bridge, def->bandwidth,
+                              VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS
+                              | VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED) < 0) {
+         goto error;
+    }
+ 
+     return 0;
+ 
+@@ -2141,8 +2144,11 @@ networkStartNetworkBridge(virNetworkObj *obj)
+      * type BRIDGE, is started. On failure, undo anything you've done,
+      * and return -1. On success return 0.
+      */
+-    if (virNetDevBandwidthSet(def->bridge, def->bandwidth, true, true) < 0)
+    if (virNetDevBandwidthSet(def->bridge, def->bandwidth,
+                              VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS
+                              | VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED) < 0) {
+         goto error;
+    }
+ 
+     if (networkStartHandleMACTableManagerMode(obj) < 0)
+         goto error;
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index f15e6bda1e..b4815e5e71 100644
+--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
+@@ -8840,9 +8840,14 @@ qemuBuildInterfaceCommandLine(virQEMUDriver *driver,
+                                                         def->uuid,
+                                                         !virDomainNetTypeSharesHostView(net)) < 0)
+                     goto cleanup;
+-            } else if (virNetDevBandwidthSet(net->ifname, actualBandwidth, false,
+-                                             !virDomainNetTypeSharesHostView(net)) < 0) {
+-                goto cleanup;
+            } else {
+                unsigned int flags = 0;
+
+                if (!virDomainNetTypeSharesHostView(net))
+                    flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+                if (virNetDevBandwidthSet(net->ifname, actualBandwidth, flags) < 0)
+                    goto cleanup;
+             }
+         } else {
+             VIR_WARN("setting bandwidth on interfaces of "
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 736602333e..14929616e5 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -9941,21 +9941,22 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
+                 virErrorRestore(&orig_err);
+                 goto endjob;
+             }
+-        } else if (virNetDevBandwidthSet(net->ifname, newBandwidth, false,
+-                                         !virDomainNetTypeSharesHostView(net)) < 0) {
+-            virErrorPtr orig_err;
+-
+-            virErrorPreserveLast(&orig_err);
+-            ignore_value(virNetDevBandwidthSet(net->ifname,
+-                                               net->bandwidth,
+-                                               false,
+-                                               !virDomainNetTypeSharesHostView(net)));
+-            if (net->bandwidth) {
+-                ignore_value(virDomainNetBandwidthUpdate(net,
+-                                                         net->bandwidth));
+        } else {
+            unsigned int bwflags = 0;
+
+            if (!virDomainNetTypeSharesHostView(net))
+                bwflags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+            if (virNetDevBandwidthSet(net->ifname, newBandwidth, bwflags) < 0) {
+                virErrorPtr orig_err;
+
+                virErrorPreserveLast(&orig_err);
+                ignore_value(virNetDevBandwidthSet(net->ifname, net->bandwidth, bwflags));
+                if (net->bandwidth)
+                    ignore_value(virDomainNetBandwidthUpdate(net, net->bandwidth));
+                virErrorRestore(&orig_err);
+                goto endjob;
+             }
+-            virErrorRestore(&orig_err);
+-            goto endjob;
+         }
+ 
+         /* If the old bandwidth was cleared out, restore qdisc. */
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index 7cb1800504..d5e7e99359 100644
+--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
+@@ -1279,9 +1279,14 @@ qemuDomainAttachNetDevice(virQEMUDriver *driver,
+                                                         vm->def->uuid,
+                                                         !virDomainNetTypeSharesHostView(net)) < 0)
+                     goto cleanup;
+-            } else if (virNetDevBandwidthSet(net->ifname, actualBandwidth, false,
+-                                             !virDomainNetTypeSharesHostView(net)) < 0) {
+-                goto cleanup;
+            } else {
+                int flags = 0;
+
+                if (!virDomainNetTypeSharesHostView(net))
+                    flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+                if (virNetDevBandwidthSet(net->ifname, actualBandwidth, flags) < 0)
+                    goto cleanup;
+             }
+         } else {
+             VIR_WARN("setting bandwidth on interfaces of "
+@@ -4082,9 +4087,14 @@ qemuDomainChangeNet(virQEMUDriver *driver,
+                                                         vm->def->uuid,
+                                                         !virDomainNetTypeSharesHostView(newdev)) < 0)
+                     goto cleanup;
+-            } else if (virNetDevBandwidthSet(newdev->ifname, newb, false,
+-                                             !virDomainNetTypeSharesHostView(newdev)) < 0) {
+-                goto cleanup;
+            } else {
+                int flags = 0;
+
+                if (!virDomainNetTypeSharesHostView(newdev))
+                    flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+                if (virNetDevBandwidthSet(newdev->ifname, newb, flags) < 0)
+                    goto cleanup;
+             }
+         } else {
+             if (virDomainInterfaceClearQoS(vm->def, olddev) < 0)
+diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
+index 2b58c58d3e..1baad849c6 100644
+--- a/src/util/virnetdevbandwidth.c
+++ b/src/util/virnetdevbandwidth.c
+@@ -173,30 +173,35 @@ virNetDevBandwidthManipulateFilter(const char *ifname,
+  * virNetDevBandwidthSet:
+  * @ifname: on which interface
+  * @bandwidth: rates to set (may be NULL)
+- * @hierarchical_class: whether to create hierarchical class
+- * @swapped: true if IN/OUT should be set contrariwise
+ * @flags: bits indicating certain optional actions
+  *
+
+  * This function enables QoS on specified interface
+  * and set given traffic limits for both, incoming
+- * and outgoing traffic. Any previous setting get
+- * overwritten. If @hierarchical_class is TRUE, create
+- * hierarchical class. It is used to guarantee minimal
+- * throughput ('floor' attribute in NIC).
+ * and outgoing traffic.
+ *
+ * @flags bits and their meanings:
+ *
+ *   VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS
+ *     whether to create a hierarchical class
+ *     A hiearchical class structure is used to implement a minimal
+ *     throughput guarantee ('floor' attribute in NIC).
+  *
+- * If @swapped is set, the IN part of @bandwidth is set on
+- * @ifname's TX, and vice versa. If it is not set, IN is set on
+- * RX and OUT on TX. This is because for some types of interfaces
+- * domain and the host live on the same side of the interface (so
+- * domain's RX/TX is host's RX/TX), and for some it's swapped
+- * (domain's RX/TX is hosts's TX/RX).
+ *   VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED
+ *     set if IN/OUT should be set backwards from what's indicated in
+ *     the bandwidth, i.e. the IN part of @bandwidth is set on
+ *     @ifname's TX, and the OUT part of @bandwidth is set on
+ *     @ifname's RX.  This is needed because for some types of
+ *     interfaces the domain and the host live on the same side of the
+ *     interface (so domain's RX/TX is host's RX/TX), and for some
+ *     it's swapped (domain's RX/TX is hosts's TX/RX).
+  *
+  * Return 0 on success, -1 otherwise.
+  */
+ int
+ virNetDevBandwidthSet(const char *ifname,
+                       const virNetDevBandwidth *bandwidth,
+-                      bool hierarchical_class,
+-                      bool swapped)
+                      unsigned int flags)
+ {
+     int ret = -1;
+     virNetDevBandwidthRate *rx = NULL; /* From domain POV */
+@@ -205,6 +210,7 @@ virNetDevBandwidthSet(const char *ifname,
+     char *average = NULL;
+     char *peak = NULL;
+     char *burst = NULL;
+    bool hierarchical_class = flags & VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS;
+ 
+     if (!bandwidth) {
+         /* nothing to be enabled */
+@@ -224,7 +230,7 @@ virNetDevBandwidthSet(const char *ifname,
+         return -1;
+     }
+ 
+-    if (swapped) {
+    if (flags & VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED) {
+         rx = bandwidth->out;
+         tx = bandwidth->in;
+     } else {
+diff --git a/src/util/virnetdevbandwidth.h b/src/util/virnetdevbandwidth.h
+index 6d268fb119..80dc654486 100644
+--- a/src/util/virnetdevbandwidth.h
+++ b/src/util/virnetdevbandwidth.h
+@@ -39,11 +39,16 @@ void virNetDevBandwidthFree(virNetDevBandwidth *def);
+ 
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virNetDevBandwidth, virNetDevBandwidthFree);
+ 
+typedef enum {
+    VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS = (1 << 0),
+    VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED = (1 << 1),
+} virNetDevBandwidthSetFlags;
+
+ int virNetDevBandwidthSet(const char *ifname,
+                           const virNetDevBandwidth *bandwidth,
+-                          bool hierarchical_class,
+-                          bool swapped)
+                          unsigned int flags)
+     G_GNUC_WARN_UNUSED_RESULT;
+
+ int virNetDevBandwidthClear(const char *ifname);
+ int virNetDevBandwidthCopy(virNetDevBandwidth **dest,
+                            const virNetDevBandwidth *src)
+diff --git a/tests/virnetdevbandwidthtest.c b/tests/virnetdevbandwidthtest.c
+index f7c38faa2e..6529ff4026 100644
+--- a/tests/virnetdevbandwidthtest.c
+++ b/tests/virnetdevbandwidthtest.c
+@@ -82,8 +82,14 @@ testVirNetDevBandwidthSet(const void *data)
+         if (virNetDevOpenvswitchInterfaceSetQos(iface, band, info->uuid, true) < 0)
+             return -1;
+     } else {
+        unsigned int flags = VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+
+        if (info->hierarchical_class)
+            flags |= VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS;
+
+         exp_cmd = info->exp_cmd_tc;
+-        if (virNetDevBandwidthSet(iface, band, info->hierarchical_class, true) < 0)
+
+        if (virNetDevBandwidthSet(iface, band, flags) < 0)
+             return -1;
+     }
+ 
+-- 
+2.47.1
+
@@ -1,133 +0,0 @@
-From 7374c4ecbd591b02f7be4b2918addc6d5852aafb Mon Sep 17 00:00:00 2001
-Message-ID: <7374c4ecbd591b02f7be4b2918addc6d5852aafb.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 13 Oct 2025 09:21:30 +0200
-Subject: [PATCH 4/8] wireshark: Fix int type of some virNetMessageHeader
- members
-Content-type: text/plain
-
-Our virNetMessageHeader is a struct that's declared as follows:
-
-  struct virNetMessageHeader {
-      unsigned prog;
-      unsigned vers;
-      int proc;
-      virNetMessageType type;
-      unsigned serial;
-      virNetMessageStatus status;
-  };
-
-Now, per RFC 4506 enums are also encoded as signed integers. This
-means, that only 'prog', 'vers' and 'serial' are really unsigned
-integers. The others ('proc', 'type' and 'status') are encoded as
-signed integers. Fix their type when dissecting.
-
-While at it, also follow latest trend in wireshark and switch
-from guint32 to uint32_t.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 34 +++++++++++++++++++---------
- 1 file changed, 23 insertions(+), 11 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index da2aabd98a..af14c6bed7 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -92,7 +92,7 @@ typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xd
- 
- typedef struct vir_dissector_index vir_dissector_index_t;
- struct vir_dissector_index {
-    guint32             proc;
-+    int32_t             proc;
-     vir_xdr_dissector_t args;
-     vir_xdr_dissector_t ret;
-     vir_xdr_dissector_t msg;
-@@ -275,8 +275,10 @@ dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
- }
- 
- static vir_xdr_dissector_t
-find_payload_dissector(guint32 proc, guint32 type,
-                       const vir_dissector_index_t *pds, gsize length)
-+find_payload_dissector(int32_t proc,
-+                       enum vir_net_message_type type,
-+                       const vir_dissector_index_t *pds,
-+                       gsize length)
- {
-     const vir_dissector_index_t *pd;
-     guint32 first, last, direction;
-@@ -309,6 +311,10 @@ find_payload_dissector(guint32 proc, guint32 type,
-         return pd->ret;
-     case VIR_NET_MESSAGE:
-         return pd->msg;
-+    case VIR_NET_STREAM:
-+    case VIR_NET_STREAM_HOLE:
-+        /* Handled elsewhere */
-+        return NULL;
-     }
-     return NULL;
- }
-@@ -397,8 +403,12 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
- #include "libvirt/protocol.h"
- 
- static void
-dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree,
-                        guint32 prog, guint32 proc, guint32 type, guint32 status)
-+dissect_libvirt_payload(tvbuff_t *tvb,
-+                        proto_tree *tree,
-+                        uint32_t prog,
-+                        int32_t proc,
-+                        int32_t type,
-+                        int32_t status)
- {
-     gssize payload_length;
- 
-@@ -430,7 +440,8 @@ dissect_libvirt_payload(tvbuff_t *tvb, proto_tree *tree,
-     return;
- 
-  unknown:
-    dbg("Cannot determine payload: Prog=%u, Proc=%u, Type=%u, Status=%u", prog, proc, type, status);
-+    dbg("Cannot determine payload: Prog=%u, Proc=%d, Type=%d, Status=%d",
-+        prog, proc, type, status);
-     proto_tree_add_item(tree, hf_libvirt_unknown, tvb, VIR_HEADER_LEN, -1, ENC_NA);
- }
- 
-@@ -439,7 +450,8 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-                         void *opaque G_GNUC_UNUSED)
- {
-     goffset offset;
-    guint32 prog, proc, type, serial, status;
-+    uint32_t prog, serial;
-+    int32_t proc, type, status;
-     const value_string *vs;
- 
-     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt");
-@@ -448,17 +460,17 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     offset = 4; /* End of length field */
-     prog   = tvb_get_ntohl(tvb, offset); offset += 4;
-     offset += 4; /* Ignore version header field */
-    proc   = tvb_get_ntohl(tvb, offset); offset += 4;
-    type   = tvb_get_ntohl(tvb, offset); offset += 4;
-+    proc   = tvb_get_ntohil(tvb, offset); offset += 4;
-+    type   = tvb_get_ntohil(tvb, offset); offset += 4;
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-    status = tvb_get_ntohl(tvb, offset); offset += 4;
-+    status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                  val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-     if (vs == NULL) {
-        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%u", proc);
-+        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%d", proc);
-     } else {
-         col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-     }
-- 
-2.51.0
-
@@ -0,0 +1,185 @@
+From 490f58382dca2a415a5f16b6133f298d853bb379 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 25 Nov 2024 22:24:45 -0500
+Subject: [PATCH 5/9] util: make it optional to clear existing tc
+ qdiscs/filters in virNetDevBandwidthSet()
+
+virNetDevBandwidthSet() always clears all existing qdiscs and their
+subordinate filters before adding all the new qdiscs/filters. This is
+normally exactly what we want, but there is one case (the network
+driver) where the Qdisc added by virNetDevBandwidthSet() may already
+be in use by the nftables backend (which will add a rule to fix the
+checksum of dhcp packets); in that case, we *don't* want
+virNetDevBandwidthSet() to clear out the qdisc that was already added
+for nftables, and none of the bandwidth filters have been added yet,
+so there already aren't any "old" filters that need to be removed
+either - it is safe to just skip virNetDevBandwidthClear() in this
+case.
+
+To allow the network driver to set bandwidth without first clearing
+it, this patch adds the flag VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL to the
+virNetDevBandwidthSetFlags enum, and recognizes it in
+virNetDevBandwidthSet() - if the flag is set, then
+virNetDevBandwidth() will call virNetDevBandwidthClear() just as it
+always has. But if the flag isn't set it *won't* call
+virNetDevBandwidthClear().
+
+As suggested above, VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL is set for all
+calls to virNetdevBandwidthSet() except for two places in the network
+driver.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/lxc/lxc_driver.c           |  2 +-
+ src/lxc/lxc_process.c          |  2 +-
+ src/qemu/qemu_command.c        |  2 +-
+ src/qemu/qemu_driver.c         |  2 +-
+ src/qemu/qemu_hotplug.c        |  4 ++--
+ src/util/virnetdevbandwidth.c  | 21 ++++++++++++++++++++-
+ src/util/virnetdevbandwidth.h  |  1 +
+ tests/virnetdevbandwidthtest.c |  3 ++-
+ 8 files changed, 29 insertions(+), 8 deletions(-)
+
+diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
+index b693980dbb..81581c74df 100644
+--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
+@@ -3570,7 +3570,7 @@ lxcDomainAttachDeviceNetLive(virLXCDriver *driver,
+     actualBandwidth = virDomainNetGetActualBandwidth(net);
+     if (actualBandwidth) {
+         if (virNetDevSupportsBandwidth(actualType)) {
+-            unsigned int flags = 0;
+            unsigned int flags = VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+             if (!virDomainNetTypeSharesHostView(net))
+                 flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
+index 0e689fbb70..081ce03a57 100644
+--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
+@@ -605,7 +605,7 @@ virLXCProcessSetupInterfaces(virLXCDriver *driver,
+         actualBandwidth = virDomainNetGetActualBandwidth(net);
+         if (actualBandwidth) {
+             if (virNetDevSupportsBandwidth(type)) {
+-                unsigned int flags = 0;
+                unsigned int flags = VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+                 if (!virDomainNetTypeSharesHostView(net))
+                     flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index b4815e5e71..ed54fd4c5b 100644
+--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
+@@ -8841,7 +8841,7 @@ qemuBuildInterfaceCommandLine(virQEMUDriver *driver,
+                                                         !virDomainNetTypeSharesHostView(net)) < 0)
+                     goto cleanup;
+             } else {
+-                unsigned int flags = 0;
+                unsigned int flags = VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+                 if (!virDomainNetTypeSharesHostView(net))
+                     flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 14929616e5..9549065b1f 100644
+--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
+@@ -9942,7 +9942,7 @@ qemuDomainSetInterfaceParameters(virDomainPtr dom,
+                 goto endjob;
+             }
+         } else {
+-            unsigned int bwflags = 0;
+            unsigned int bwflags = VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+             if (!virDomainNetTypeSharesHostView(net))
+                 bwflags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index d5e7e99359..ceda4119cd 100644
+--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
+@@ -1280,7 +1280,7 @@ qemuDomainAttachNetDevice(virQEMUDriver *driver,
+                                                         !virDomainNetTypeSharesHostView(net)) < 0)
+                     goto cleanup;
+             } else {
+-                int flags = 0;
+                int flags = VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+                 if (!virDomainNetTypeSharesHostView(net))
+                     flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+@@ -4088,7 +4088,7 @@ qemuDomainChangeNet(virQEMUDriver *driver,
+                                                         !virDomainNetTypeSharesHostView(newdev)) < 0)
+                     goto cleanup;
+             } else {
+-                int flags = 0;
+                int flags = VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+                 if (!virDomainNetTypeSharesHostView(newdev))
+                     flags |= VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
+index 1baad849c6..9c48844c5d 100644
+--- a/src/util/virnetdevbandwidth.c
+++ b/src/util/virnetdevbandwidth.c
+@@ -196,6 +196,21 @@ virNetDevBandwidthManipulateFilter(const char *ifname,
+  *     interface (so domain's RX/TX is host's RX/TX), and for some
+  *     it's swapped (domain's RX/TX is hosts's TX/RX).
+  *
+ *   VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL
+ *     If VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL is set, then the root
+ *     qdisc is deleted before adding any new qdisc/class/filter,
+ *     which causes any pre-existing filters to also be deleted. If
+ *     not set, then it's assumed that there are no existing rules (or
+ *     that those already there need to be kept). The caller should
+ *     set this flag for an existing interface that is having its
+ *     bandwidth settings modified, but can leave it unset if the
+ *     interface was newly created and this is the first time
+ *     bandwidth has been set, but someone else might have already
+ *     added the qdisc (e.g. this is the case when the network driver
+ *     is setting bandwidth for a virtual network bridge device - the
+ *     nftables backend may have already added qdisc handle 1:0 and a
+ *     filter, and we don't want to delete them)
+ *
+  * Return 0 on success, -1 otherwise.
+  */
+ int
+@@ -238,7 +253,11 @@ virNetDevBandwidthSet(const char *ifname,
+         tx = bandwidth->out;
+     }
+ 
+-    virNetDevBandwidthClear(ifname);
+    /* Only if the caller requests, clear everything including root
+     * qdisc and all filters before adding everything.
+     */
+    if (flags & VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL)
+        virNetDevBandwidthClear(ifname);
+ 
+     if (tx && tx->average) {
+         average = g_strdup_printf("%llukbps", tx->average);
+diff --git a/src/util/virnetdevbandwidth.h b/src/util/virnetdevbandwidth.h
+index 80dc654486..744aa4c826 100644
+--- a/src/util/virnetdevbandwidth.h
+++ b/src/util/virnetdevbandwidth.h
+@@ -42,6 +42,7 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virNetDevBandwidth, virNetDevBandwidthFree);
+ typedef enum {
+     VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS = (1 << 0),
+     VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED = (1 << 1),
+    VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL = (1 << 2),
+ } virNetDevBandwidthSetFlags;
+ 
+ int virNetDevBandwidthSet(const char *ifname,
+diff --git a/tests/virnetdevbandwidthtest.c b/tests/virnetdevbandwidthtest.c
+index 6529ff4026..6d5c847ad7 100644
+--- a/tests/virnetdevbandwidthtest.c
+++ b/tests/virnetdevbandwidthtest.c
+@@ -82,7 +82,8 @@ testVirNetDevBandwidthSet(const void *data)
+         if (virNetDevOpenvswitchInterfaceSetQos(iface, band, info->uuid, true) < 0)
+             return -1;
+     } else {
+-        unsigned int flags = VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED;
+        unsigned int flags = VIR_NETDEV_BANDWIDTH_SET_DIR_SWAPPED |
+                             VIR_NETDEV_BANDWIDTH_SET_CLEAR_ALL;
+ 
+         if (info->hierarchical_class)
+             flags |= VIR_NETDEV_BANDWIDTH_SET_HIERARCHICAL_CLASS;
+-- 
+2.47.1
+
@@ -1,46 +0,0 @@
-From 1086888f95a322101f8cf53b63c96600ccbeb882 Mon Sep 17 00:00:00 2001
-Message-ID: <1086888f95a322101f8cf53b63c96600ccbeb882.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 19:16:54 +0200
-Subject: [PATCH 5/8] wireshark: Don't special case retval of
- get_program_data() in dissect_libvirt_message()
-Content-type: text/plain
-
-The get_program_data() function returns a pointer (in this
-specific case to an array of procedure strings) which, if
-non-NULL is then passed val_to_str(). Well, if val_to_str() sees
-NULL it is treated gracefully, i.e. like if the numeric value
-'proc' wasn't found in the array.
-
-Therefore, there's no need to special case call to
-col_append_fstr(). Both result into the same behaviour.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index af14c6bed7..6c729801d4 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -469,11 +469,7 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-                  val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    if (vs == NULL) {
-        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%d", proc);
-    } else {
-        col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-    }
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
- 
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                     val_to_str(type, type_strings, "%d"), serial,
-- 
-2.51.0
-
@@ -0,0 +1,98 @@
+From faebbbbfa3b1bd4120852b3f416c8073ab82d5c5 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 25 Nov 2024 22:24:46 -0500
+Subject: [PATCH 6/9] util: put the command that adds a tx filter qdisc into a
+ separate function
+
+virNetDevBandwidthSet() adds a queue discipline (qdisc) for each
+interface that it will need to add tc transmit filters to, and the
+filters are then attached to the qdisc.
+
+There are other circumstances where some other function will need to
+add tc transmit filters to an interface (in particular an upcoming
+patch to the network driver nftables backend that will use a tc tx
+filter to fix the checksum of dhcp packets), so that function will
+also need a qdisc for the tx filter. To assure both always use exactly
+the same qdisc, this patch puts the command that adds the tx filter
+qdisc into a separate helper function that can (and will) be called
+from either place
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/libvirt_private.syms      |  1 +
+ src/util/virnetdevbandwidth.c | 30 +++++++++++++++++++++++++-----
+ src/util/virnetdevbandwidth.h |  3 +++
+ 3 files changed, 29 insertions(+), 5 deletions(-)
+
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index d15d6a6a9d..0211cee967 100644
+--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
+@@ -2859,6 +2859,7 @@ virNetDevVFInterfaceStats;
+ 
+ 
+ # util/virnetdevbandwidth.h
+virNetDevBandWidthAddTxFilterParentQdisc;
+ virNetDevBandwidthClear;
+ virNetDevBandwidthCopy;
+ virNetDevBandwidthEqual;
+diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
+index 9c48844c5d..90eebe6576 100644
+--- a/src/util/virnetdevbandwidth.c
+++ b/src/util/virnetdevbandwidth.c
+@@ -266,11 +266,7 @@ virNetDevBandwidthSet(const char *ifname,
+         if (tx->burst)
+             burst = g_strdup_printf("%llukb", tx->burst);
+ 
+-        cmd = virCommandNew(TC);
+-        virCommandAddArgList(cmd, "qdisc", "add", "dev", ifname, "root",
+-                             "handle", "1:", "htb", "default",
+-                             hierarchical_class ? "2" : "1", NULL);
+-        if (virCommandRun(cmd, NULL) < 0)
+        if (virNetDevBandWidthAddTxFilterParentQdisc(ifname, hierarchical_class) < 0)
+             goto cleanup;
+ 
+         /* If we are creating a hierarchical class, all non guaranteed traffic
+@@ -794,3 +790,27 @@ virNetDevBandwidthSetRootQDisc(const char *ifname,
+ 
+     return 0;
+ }
+
+/**
+ * virNetDevBandwidthAddTxFilterParentQdisc:
+ * @ifname: name of interface that needs a qdisc to attach tx filters to
+ * @hierarchical_class: true if hierarchical classes will be used on this interface
+ *
+ * Add a root Qdisc (Queueing Discipline) for attaching Tx filters to
+ * @ifname.
+ *
+ * returns 0 on success, -1 on failure
+ */
+int
+virNetDevBandWidthAddTxFilterParentQdisc(const char *ifname,
+                                         bool hierarchical_class)
+{
+    g_autoptr(virCommand) cmd = NULL;
+
+    cmd = virCommandNew(TC);
+    virCommandAddArgList(cmd, "qdisc", "add", "dev", ifname, "root",
+                         "handle", "1:", "htb", "default",
+                         hierarchical_class ? "2" : "1", NULL);
+
+    return virCommandRun(cmd, NULL);
+}
+diff --git a/src/util/virnetdevbandwidth.h b/src/util/virnetdevbandwidth.h
+index 744aa4c826..65c1500637 100644
+--- a/src/util/virnetdevbandwidth.h
+++ b/src/util/virnetdevbandwidth.h
+@@ -84,3 +84,6 @@ int virNetDevBandwidthUpdateFilter(const char *ifname,
+ int virNetDevBandwidthSetRootQDisc(const char *ifname,
+                                    const char *qdisc)
+     G_NO_INLINE;
+
+int virNetDevBandWidthAddTxFilterParentQdisc(const char *ifname,
+                                             bool hierarchical_class);
+-- 
+2.47.1
+
@@ -1,68 +0,0 @@
-From ba2c4bdd5cbccd5c0673149cf76802c98b70d2f7 Mon Sep 17 00:00:00 2001
-Message-ID: <ba2c4bdd5cbccd5c0673149cf76802c98b70d2f7.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 18:23:18 +0200
-Subject: [PATCH 6/8] wireshark: Introduce and use vir_val_to_str()
-Content-type: text/plain
-
-Wireshark offers val_to_str() function which converts numeric
-value to string by looking up value ('val') in an array ('vs') of
-<val, string> pairs. If no corresponding string is found, then
-the value is formatted using given 'fmt' string.
-
-Starting from wireshark-4.6.0 not only this function gained
-another argument but also returns a strdup()-ed string. To keep
-our code simple, let's introduce a wrapper so which can be then
-adjusted as needed.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 17 +++++++++++++----
- 1 file changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index 6c729801d4..f6ad2c4578 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -140,6 +140,15 @@ static const value_string status_strings[] = {
-     { -1, NULL }
- };
- 
-+static const char *
-+G_GNUC_PRINTF(3, 0)
-+vir_val_to_str(const uint32_t val,
-+               const value_string *vs,
-+               const char *fmt)
-+{
-+    return val_to_str(val, vs, fmt);
-+}
-+
- static gboolean
- dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 maxlen)
-@@ -466,14 +475,14 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                 val_to_str(prog, program_strings, "%x"));
-+                 vir_val_to_str(prog, program_strings, "%x"));
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", val_to_str(proc, vs, "%d"));
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", vir_val_to_str(proc, vs, "%d"));
- 
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                    val_to_str(type, type_strings, "%d"), serial,
-                    val_to_str(status, status_strings, "%d"));
-+                    vir_val_to_str(type, type_strings, "%d"), serial,
-+                    vir_val_to_str(status, status_strings, "%d"));
- 
-     if (tree) {
-         gint *hf_proc;
-- 
-2.51.0
-
@@ -0,0 +1,107 @@
+From 73c0fb19ce5b816ee81ede691252855c75391c9a Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 25 Nov 2024 22:24:47 -0500
+Subject: [PATCH 7/9] util: don't re-add the qdisc used for tx filters if it
+ already exists
+
+There will soon be two separate users of tc on virtual networks, and
+both will use the "qdisc root handle 1: htb" to add tx filters. One or the
+other could get the first chance to add the qdisc, and then if at a
+later time the other decides to use it, we need to prevent the 2nd
+user from attempting to re-add the qdisc (because that just generates
+an error).
+
+We do this by running "tc qdisc show dev $bridge handle 1:" then
+checking if the output of that command contains both "qdisc" and " 1:
+".[*] If it does then the qdisc has already been added. If not then we
+need to add it now.
+
+[*]As of this writing, the output more exactly starts with "qdisc
+htb 1: root", but our comparison is made purposefully generous to
+increase the chances that it will continue to work properly if tc
+modifies the format of its output.
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/util/virnetdevbandwidth.c  | 35 ++++++++++++++++++++++++++++------
+ tests/virnetdevbandwidthtest.c |  3 +++
+ 2 files changed, 32 insertions(+), 6 deletions(-)
+
+diff --git a/src/util/virnetdevbandwidth.c b/src/util/virnetdevbandwidth.c
+index 90eebe6576..5c6a65528c 100644
+--- a/src/util/virnetdevbandwidth.c
+++ b/src/util/virnetdevbandwidth.c
+@@ -805,12 +805,35 @@ int
+ virNetDevBandWidthAddTxFilterParentQdisc(const char *ifname,
+                                          bool hierarchical_class)
+ {
+-    g_autoptr(virCommand) cmd = NULL;
+    g_autoptr(virCommand) testCmd = NULL;
+    g_autofree char *testResult = NULL;
+ 
+-    cmd = virCommandNew(TC);
+-    virCommandAddArgList(cmd, "qdisc", "add", "dev", ifname, "root",
+-                         "handle", "1:", "htb", "default",
+-                         hierarchical_class ? "2" : "1", NULL);
+    /* first check it the qdisc with handle 1: was already added for
+     * this interface by someone else
+     */
+    testCmd = virCommandNew(TC);
+    virCommandAddArgList(testCmd, "qdisc", "show", "dev", ifname,
+                         "handle", "1:", NULL);
+    virCommandSetOutputBuffer(testCmd, &testResult);
+ 
+-    return virCommandRun(cmd, NULL);
+    if (virCommandRun(testCmd, NULL) < 0)
+        return -1;
+
+    /* output will be something like: "qdisc htb 1: root refcnt ..."
+     * if the qdisc was already added. We just search for "qdisc" and
+     * " 1: " anywhere in the output to allow for tc changing its
+     * output format.
+     */
+    if (!(testResult && strstr(testResult, "qdisc") && strstr(testResult, " 1: "))) {
+        /* didn't find qdisc in output, so we need to add one */
+        g_autoptr(virCommand) addCmd = virCommandNew(TC);
+
+        virCommandAddArgList(addCmd, "qdisc", "add", "dev", ifname, "root",
+                             "handle", "1:", "htb", "default",
+                             hierarchical_class ? "2" : "1", NULL);
+
+        return virCommandRun(addCmd, NULL);
+    }
+
+    return 0;
+ }
+diff --git a/tests/virnetdevbandwidthtest.c b/tests/virnetdevbandwidthtest.c
+index 6d5c847ad7..31aa7f469d 100644
+--- a/tests/virnetdevbandwidthtest.c
+++ b/tests/virnetdevbandwidthtest.c
+@@ -147,6 +147,7 @@ mymain(void)
+                 "</bandwidth>",
+                 TC " qdisc del dev eth0 root\n"
+                 TC " qdisc del dev eth0 ingress\n"
+                TC " qdisc show dev eth0 handle 1:\n"
+                 TC " qdisc add dev eth0 root handle 1: htb default 1\n"
+                 TC " class add dev eth0 parent 1: classid 1:1 htb rate 1024kbps quantum 87\n"
+                 TC " qdisc add dev eth0 parent 1:1 handle 2: sfq perturb 10\n"
+@@ -177,6 +178,7 @@ mymain(void)
+                 "</bandwidth>",
+                 TC " qdisc del dev eth0 root\n"
+                 TC " qdisc del dev eth0 ingress\n"
+                TC " qdisc show dev eth0 handle 1:\n"
+                 TC " qdisc add dev eth0 root handle 1: htb default 1\n"
+                 TC " class add dev eth0 parent 1: classid 1:1 htb rate 1kbps ceil 2kbps burst 4kb quantum 1\n"
+                 TC " qdisc add dev eth0 parent 1:1 handle 2: sfq perturb 10\n"
+@@ -199,6 +201,7 @@ mymain(void)
+                 "</bandwidth>",
+                 TC " qdisc del dev eth0 root\n"
+                 TC " qdisc del dev eth0 ingress\n"
+                TC " qdisc show dev eth0 handle 1:\n"
+                 TC " qdisc add dev eth0 root handle 1: htb default 1\n"
+                 TC " class add dev eth0 parent 1: classid 1:1 htb rate 4294967295kbps quantum 366503875\n"
+                 TC " qdisc add dev eth0 parent 1:1 handle 2: sfq perturb 10\n"
+-- 
+2.47.1
+
@@ -1,165 +0,0 @@
-From 002b9f559d69b92e77ab2d234df6966fecdaf0ec Mon Sep 17 00:00:00 2001
-Message-ID: <002b9f559d69b92e77ab2d234df6966fecdaf0ec.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 19:13:48 +0200
-Subject: [PATCH 7/8] wireshark: Don't leak column strings
-Content-type: text/plain
-
-One of the problems of using val_to_str() is that it may return a
-const string from given table ('vs'), OR return an allocated one.
-Since the caller has no idea which case it is, it resides to safe
-option and don't free returned string. But that might lead to a
-memleak. This behaviour is fixed with wireshark-4.6.0 and support
-for it will be introduced soon. But first, make vir_val_to_str()
-behave like fixed val_to_str() from newer wireshark: just always
-allocate the string.
-
-Now, if val_to_str() needs to allocate new memory it obtains
-allocator by calling wmem_packet_scope() which is what we may do
-too.
-
-Hand in hand with that, we need to free the memory using the
-correct allocator, hence wmem_free(). But let's put it into a
-wrapper vir_wmem_free() because just like val_to_str(), it'll
-need additional argument when adapting to new wireshark.
-
-Oh, and freeing the memory right after col_add_fstr() is safe as
-it uses vsnprintf() under the hood to format passed args.
-
-One last thing, the wmem.h file used to live under epan/wmem/ but
-then in v3.5.0~240 [1] was moved to wsutil/wmem/.
-
-1: https://gitlab.com/wireshark/wireshark/-/commit/7f9c1f5f92c131354fc8b2b88d473706786064c0
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- meson.build                          | 20 ++++++++++++++++
- tools/wireshark/src/meson.build      |  1 +
- tools/wireshark/src/packet-libvirt.c | 35 ++++++++++++++++++++++------
- 3 files changed, 49 insertions(+), 7 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index bcc18b20e5..a1e0e5ecd5 100644
--- a/meson.build
-+++ b/meson.build
-@@ -1365,6 +1365,26 @@ if wireshark_dep.found()
-   if cc.check_header('wireshark/ws_version.h')
-     conf.set('WITH_WS_VERSION', 1)
-   endif
-+
-+  # Find wmem.h
-+  # But it's not as easy as you'd think. Ubuntu 20.04 has split parts of
-+  # libwireshark.so into libwsutil.so but:
-+  # a) wireshark.pc never mentions it,
-+  # b) libwsutil-dev package doesn't install pkg-config file.
-+  # Fortunately, it's fixed in 24.04.
-+  if cc.check_header('wireshark/epan/wmem/wmem.h', dependencies: wireshark_dep)
-+    conf.set('WITH_WS_EPAN_WMEM', 1)
-+  elif cc.check_header('wireshark/wsutil/wmem/wmem.h', dependencies: wireshark_dep)
-+    conf.set('WITH_WS_WSUTIL_WMEM', 1)
-+  else
-+    error('Unable to locate wmem.h file')
-+  endif
-+
-+  # TODO: drop wsutil dep once support for Ubuntu 20.04 is dropped
-+  wsutil_dep = dependency('', required: false)
-+  if not cc.has_function('wmem_free', dependencies: wireshark_dep)
-+    wsutil_dep = cc.find_library('wsutil', required: true)
-+  endif
- endif
- 
- # generic build dependencies checks
-diff --git a/tools/wireshark/src/meson.build b/tools/wireshark/src/meson.build
-index 9b452dc5ca..ba0df913e0 100644
--- a/tools/wireshark/src/meson.build
-+++ b/tools/wireshark/src/meson.build
-@@ -9,6 +9,7 @@ shared_library(
-   ],
-   dependencies: [
-     wireshark_dep,
-+    wsutil_dep,
-     xdr_dep,
-     tools_dep,
-   ],
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f6ad2c4578..3178ac6f27 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -21,6 +21,11 @@
- #include <wireshark/epan/proto.h>
- #include <wireshark/epan/packet.h>
- #include <wireshark/epan/dissectors/packet-tcp.h>
-+#ifdef WITH_WS_EPAN_WMEM
-+# include <wireshark/epan/wmem/wmem.h>
-+#elif WITH_WS_WSUTIL_WMEM
-+# include <wireshark/wsutil/wmem/wmem.h>
-+#endif
- #include <rpc/types.h>
- #include <rpc/xdr.h>
- #include "packet-libvirt.h"
-@@ -140,13 +145,19 @@ static const value_string status_strings[] = {
-     { -1, NULL }
- };
- 
-static const char *
-+static char *
- G_GNUC_PRINTF(3, 0)
- vir_val_to_str(const uint32_t val,
-                const value_string *vs,
-                const char *fmt)
- {
-    return val_to_str(val, vs, fmt);
-+    return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt);
-+}
-+
-+static void
-+vir_wmem_free(void *ptr)
-+{
-+    wmem_free(wmem_packet_scope(), ptr);
- }
- 
- static gboolean
-@@ -462,6 +473,10 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     uint32_t prog, serial;
-     int32_t proc, type, status;
-     const value_string *vs;
-+    char *prog_str = NULL;
-+    char *proc_str = NULL;
-+    char *type_str = NULL;
-+    char *status_str = NULL;
- 
-     col_set_str(pinfo->cinfo, COL_PROTOCOL, "Libvirt");
-     col_clear(pinfo->cinfo, COL_INFO);
-@@ -474,15 +489,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-    col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s",
-                 vir_val_to_str(prog, program_strings, "%x"));
-+    prog_str = vir_val_to_str(prog, program_strings, "%x");
-+    col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", prog_str);
-+    vir_wmem_free(prog_str);
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", vir_val_to_str(proc, vs, "%d"));
-+    proc_str = vir_val_to_str(proc, vs, "%d");
-+    col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", proc_str);
-+    vir_wmem_free(proc_str);
- 
-+    type_str = vir_val_to_str(type, type_strings, "%d");
-+    status_str = vir_val_to_str(status, status_strings, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                    vir_val_to_str(type, type_strings, "%d"), serial,
-                    vir_val_to_str(status, status_strings, "%d"));
-+                    type_str, serial, status_str);
-+    vir_wmem_free(status_str);
-+    vir_wmem_free(type_str);
- 
-     if (tree) {
-         gint *hf_proc;
-- 
-2.51.0
-
@@ -0,0 +1,171 @@
+From dac9cb9030ac03d18f59884864a0a253e3c9f8f1 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 25 Nov 2024 22:24:48 -0500
+Subject: [PATCH 8/9] util: add new "tc" layer for virFirewallCmd objects
+
+If the layer of a virFirewallCmd is "tc", then the "tc" utility will
+be executed using the arguments that had been added to the
+virFirewallCmd
+
+tc layer doesn't support auto-rollback command creation (any rollback
+needs to be added manually with virFirewallAddRollbackCmd()), and also
+tc layer isn't supported by the iptables backend (it would have been
+straightforward to add, but the iptables backend doesn't need it, and
+I didn't want to take the chance of causing a regression in that
+code for no good reason).
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/network/network_nftables.c |  1 +
+ src/util/virfirewall.c         | 66 +++++++++++++++++++++-------------
+ src/util/virfirewall.h         |  1 +
+ src/util/virfirewalld.c        |  1 +
+ 4 files changed, 44 insertions(+), 25 deletions(-)
+
+diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
+index 268d1f12ca..cc184105c3 100644
+--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
+@@ -73,6 +73,7 @@ VIR_ENUM_IMPL(nftablesLayer,
+               "",
+               "ip",
+               "ip6",
+              "",
+ );
+ 
+ 
+diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
+index 811b787ecc..9389bcf541 100644
+--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
+@@ -47,6 +47,7 @@ VIR_ENUM_IMPL(virFirewallLayer,
+               "ethernet",
+               "ipv4",
+               "ipv6",
+              "tc",
+ );
+ 
+ typedef struct _virFirewallGroup virFirewallGroup;
+@@ -57,6 +58,7 @@ VIR_ENUM_IMPL(virFirewallLayerCommand,
+               EBTABLES,
+               IPTABLES,
+               IP6TABLES,
+              TC,
+ );
+ 
+ struct _virFirewallCmd {
+@@ -591,6 +593,7 @@ virFirewallCmdIptablesApply(virFirewall *firewall,
+     case VIR_FIREWALL_LAYER_IPV6:
+         virCommandAddArg(cmd, "-w");
+         break;
+    case VIR_FIREWALL_LAYER_TC:
+     case VIR_FIREWALL_LAYER_LAST:
+         break;
+     }
+@@ -672,39 +675,52 @@ virFirewallCmdNftablesApply(virFirewall *firewall G_GNUC_UNUSED,
+     size_t i;
+     int status;
+ 
+-    cmd = virCommandNew(NFT);
+    if (fwCmd->layer == VIR_FIREWALL_LAYER_TC) {
+ 
+-    if ((virFirewallTransactionGetFlags(firewall) & VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK) &&
+-        fwCmd->argsLen > 1) {
+-        /* skip any leading options to get to command verb */
+-        for (i = 0; i < fwCmd->argsLen - 1; i++) {
+-            if (fwCmd->args[i][0] != '-')
+-                break;
+-        }
+        /* for VIR_FIREWALL_LAYER_TC, we run the 'tc' (traffic control) command with
+         * the supplied args.
+         */
+        cmd = virCommandNew(TC);
+ 
+-        if (i + 1 < fwCmd->argsLen &&
+-            VIR_NFTABLES_ARG_IS_CREATE(fwCmd->args[i])) {
+        /* NB: RAW commands don't support auto-rollback command creation */
+ 
+-            cmdIdx = i;
+-            objectType = fwCmd->args[i + 1];
+    } else {
+ 
+-            /* we currently only handle auto-rollback for rules,
+-             * chains, and tables, and those all can be "rolled
+-             * back" by a delete command using the handle that is
+-             * returned when "-ae" is added to the add/insert
+-             * command.
+-             */
+-            if (STREQ_NULLABLE(objectType, "rule") ||
+-                STREQ_NULLABLE(objectType, "chain") ||
+-                STREQ_NULLABLE(objectType, "table")) {
+        cmd = virCommandNew(NFT);
+ 
+-                needRollback = true;
+-                /* this option to nft instructs it to add the
+-                 * "handle" of the created object to stdout
+        if ((virFirewallTransactionGetFlags(firewall) & VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK) &&
+            fwCmd->argsLen > 1) {
+            /* skip any leading options to get to command verb */
+            for (i = 0; i < fwCmd->argsLen - 1; i++) {
+                if (fwCmd->args[i][0] != '-')
+                    break;
+            }
+
+            if (i + 1 < fwCmd->argsLen &&
+                VIR_NFTABLES_ARG_IS_CREATE(fwCmd->args[i])) {
+
+                cmdIdx = i;
+                objectType = fwCmd->args[i + 1];
+
+                /* we currently only handle auto-rollback for rules,
+                 * chains, and tables, and those all can be "rolled
+                 * back" by a delete command using the handle that is
+                 * returned when "-ae" is added to the add/insert
+                 * command.
+                  */
+-                virCommandAddArg(cmd, "-ae");
+                if (STREQ_NULLABLE(objectType, "rule") ||
+                    STREQ_NULLABLE(objectType, "chain") ||
+                    STREQ_NULLABLE(objectType, "table")) {
+
+                    needRollback = true;
+                    /* this option to nft instructs it to add the
+                     * "handle" of the created object to stdout
+                     */
+                    virCommandAddArg(cmd, "-ae");
+                }
+             }
+         }
+
+     }
+ 
+     for (i = 0; i < fwCmd->argsLen; i++)
+diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
+index bce51259d2..d42e60884b 100644
+--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
+@@ -39,6 +39,7 @@ typedef enum {
+     VIR_FIREWALL_LAYER_ETHERNET,
+     VIR_FIREWALL_LAYER_IPV4,
+     VIR_FIREWALL_LAYER_IPV6,
+    VIR_FIREWALL_LAYER_TC,
+ 
+     VIR_FIREWALL_LAYER_LAST,
+ } virFirewallLayer;
+diff --git a/src/util/virfirewalld.c b/src/util/virfirewalld.c
+index 827e201dbb..124523c420 100644
+--- a/src/util/virfirewalld.c
+++ b/src/util/virfirewalld.c
+@@ -43,6 +43,7 @@ VIR_LOG_INIT("util.firewalld");
+ VIR_ENUM_DECL(virFirewallLayerFirewallD);
+ VIR_ENUM_IMPL(virFirewallLayerFirewallD,
+               VIR_FIREWALL_LAYER_LAST,
+              "",
+               "eb",
+               "ipv4",
+               "ipv6",
+-- 
+2.47.1
+
@@ -1,493 +0,0 @@
-From b42a12174c787b99cd6fcb29b44e4b13bd64ee58 Mon Sep 17 00:00:00 2001
-Message-ID: <b42a12174c787b99cd6fcb29b44e4b13bd64ee58.1760476767.git.crobinso@redhat.com>
-In-Reply-To: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-References: <b825bb556bd3967bf5422c243b77bd4038e317e2.1760476767.git.crobinso@redhat.com>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Fri, 10 Oct 2025 15:22:34 +0200
-Subject: [PATCH 8/8] wireshark: Adapt to wireshark-4.6.0
-Content-type: text/plain
-
-The main difference is that wmem_packet_scope() is gone [1] but
-the packet_info struct has 'pool` member which points to the
-allocator used for given packet.
-
-Unfortunately, while we were given pointer to packet_info at the
-entry level to our dissector (dissect_libvirt() ->
-tcp_dissect_pdus() -> dissect_libvirt_message()) it was never
-propagated to generated/primitive dissectors.
-
-But not all dissectors need to allocate memory, so mark the new
-argument as unused. And while our generator could be rewritten so
-that the argument is annotated as unused iff it's really unused,
-I couldn't bother rewriting it. It's generated code after all.
-Too much work for little gain.
-
-Another significant change is that val_to_str() now requires new
-argument: pointer to allocator to use because it always allocates
-new memory [2][3].
-
-1: https://gitlab.com/wireshark/wireshark/-/commit/5ca5c9ca372e06881b23ba9f4fdcb6b479886444
-2: https://gitlab.com/wireshark/wireshark/-/commit/b63599762468e4cf1783419a5556377604d344bb
-3: https://gitlab.com/wireshark/wireshark/-/commit/84799be215313e61b83a3eaf074f89d6ee349b8c
-Resolves: https://gitlab.com/libvirt/libvirt/-/issues/823
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 157 +++++++++++++++++++--------
- tools/wireshark/util/genxdrstub.pl   |  18 +--
- 2 files changed, 119 insertions(+), 56 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index 3178ac6f27..c5c8fb4756 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -63,7 +63,7 @@ static gint ett_libvirt_stream_hole = -1;
- 
- #define XDR_PRIMITIVE_DISSECTOR(xtype, ctype, ftype) \
-     static gboolean \
-    dissect_xdr_##xtype(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf) \
-+    dissect_xdr_##xtype(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf) \
-     { \
-         goffset start; \
-         ctype val; \
-@@ -93,7 +93,7 @@ XDR_PRIMITIVE_DISSECTOR(bool,    bool_t,   boolean)
- 
- VIR_WARNINGS_RESET
- 
-typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf);
-+typedef gboolean (*vir_xdr_dissector_t)(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, XDR *xdrs, int hf);
- 
- typedef struct vir_dissector_index vir_dissector_index_t;
- struct vir_dissector_index {
-@@ -146,22 +146,32 @@ static const value_string status_strings[] = {
- };
- 
- static char *
-G_GNUC_PRINTF(3, 0)
-vir_val_to_str(const uint32_t val,
-+G_GNUC_PRINTF(4, 0)
-+vir_val_to_str(packet_info *pinfo,
-+               const uint32_t val,
-                const value_string *vs,
-                const char *fmt)
- {
-    return val_to_str_wmem(wmem_packet_scope(), val, vs, fmt);
-+#if WIRESHARK_VERSION < 4006000
-+    return val_to_str_wmem(pinfo->pool, val, vs, fmt);
-+#else
-+    return val_to_str(pinfo->pool, val, vs, fmt);
-+#endif
- }
- 
- static void
-vir_wmem_free(void *ptr)
-+vir_wmem_free(packet_info *pinfo,
-+              void *ptr)
- {
-    wmem_free(wmem_packet_scope(), ptr);
-+    wmem_free(pinfo->pool, ptr);
- }
- 
- static gboolean
-dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_string(tvbuff_t *tvb,
-+                   packet_info *pinfo G_GNUC_UNUSED,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-                    guint32 maxlen)
- {
-     goffset start;
-@@ -179,7 +189,11 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_opaque(tvbuff_t *tvb,
-+                   packet_info *pinfo,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-                    guint32 size)
- {
-     goffset start;
-@@ -190,7 +204,7 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
-         gint len = xdr_getpos(xdrs) - start;
-        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+        const char *s = tvb_bytes_to_str(pinfo->pool, tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-@@ -202,7 +216,11 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_bytes(tvbuff_t *tvb,
-+                  packet_info *pinfo,
-+                  proto_tree *tree,
-+                  XDR *xdrs,
-+                  int hf,
-                   guint32 maxlen)
- {
-     goffset start;
-@@ -212,7 +230,7 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
-         gint len = xdr_getpos(xdrs) - start;
-        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+        const char *s = tvb_bytes_to_str(pinfo->pool, tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         free(val);
-@@ -224,7 +242,11 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-+dissect_xdr_pointer(tvbuff_t *tvb,
-+                    packet_info *pinfo,
-+                    proto_tree *tree,
-+                    XDR *xdrs,
-+                    int hf,
-                     vir_xdr_dissector_t dissect)
- {
-     goffset start;
-@@ -236,7 +258,7 @@ dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         return FALSE;
-     }
-     if (not_null) {
-        return dissect(tvb, tree, xdrs, hf);
-+        return dissect(tvb, pinfo, tree, xdrs, hf);
-     } else {
-         proto_item *ti;
-         ti = proto_tree_add_item(tree, hf, tvb, start, xdr_getpos(xdrs) - start, ENC_NA);
-@@ -246,15 +268,22 @@ dissect_xdr_pointer(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- }
- 
- static gboolean
-dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf,
-                     guint32 length, vir_xdr_dissector_t dissect, goffset start)
-+dissect_xdr_iterable(tvbuff_t *tvb,
-+                     packet_info *pinfo,
-+                     proto_item *ti,
-+                     XDR *xdrs,
-+                     gint ett,
-+                     int rhf,
-+                     guint32 length,
-+                     vir_xdr_dissector_t dissect,
-+                     goffset start)
- {
-     proto_tree *tree;
-     guint32 i;
- 
-     tree = proto_item_add_subtree(ti, ett);
-     for (i = 0; i < length; i++) {
-        if (!dissect(tvb, tree, xdrs, rhf))
-+        if (!dissect(tvb, pinfo, tree, xdrs, rhf))
-             return FALSE;
-     }
-     proto_item_set_len(ti, xdr_getpos(xdrs) - start);
-@@ -262,8 +291,16 @@ dissect_xdr_iterable(tvbuff_t *tvb, proto_item *ti, XDR *xdrs, gint ett, int rhf
- }
- 
- static gboolean
-dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-                   int rhf, const gchar *rtype, guint32 size, vir_xdr_dissector_t dissect)
-+dissect_xdr_vector(tvbuff_t *tvb,
-+                   packet_info *pinfo,
-+                   proto_tree *tree,
-+                   XDR *xdrs,
-+                   int hf,
-+                   gint ett,
-+                   int rhf,
-+                   const gchar *rtype,
-+                   guint32 size,
-+                   vir_xdr_dissector_t dissect)
- {
-     goffset start;
-     proto_item *ti;
-@@ -271,12 +308,20 @@ dissect_xdr_vector(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-     start = xdr_getpos(xdrs);
-     ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA);
-     proto_item_append_text(ti, " :: %s[%u]", rtype, size);
-    return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, size, dissect, start);
-+    return dissect_xdr_iterable(tvb, pinfo, ti, xdrs, ett, rhf, size, dissect, start);
- }
- 
- static gboolean
-dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
-                  int rhf, const gchar *rtype, guint32 maxlen, vir_xdr_dissector_t dissect)
-+dissect_xdr_array(tvbuff_t *tvb,
-+                  packet_info *pinfo,
-+                  proto_tree *tree,
-+                  XDR *xdrs,
-+                  int hf,
-+                  gint ett,
-+                  int rhf,
-+                  const gchar *rtype,
-+                  guint32 maxlen,
-+                  vir_xdr_dissector_t dissect)
- {
-     goffset start;
-     proto_item *ti;
-@@ -291,7 +336,7 @@ dissect_xdr_array(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf, gint ett,
- 
-     ti = proto_tree_add_item(tree, hf, tvb, start, -1, ENC_NA);
-     proto_item_append_text(ti, " :: %s<%u>", rtype, length);
-    return dissect_xdr_iterable(tvb, ti, xdrs, ett, rhf, length, dissect, start);
-+    return dissect_xdr_iterable(tvb, pinfo, ti, xdrs, ett, rhf, length, dissect, start);
- }
- 
- static vir_xdr_dissector_t
-@@ -340,7 +385,10 @@ find_payload_dissector(int32_t proc,
- }
- 
- static void
-dissect_libvirt_stream(tvbuff_t *tvb, proto_tree *tree, gint payload_length)
-+dissect_libvirt_stream(tvbuff_t *tvb,
-+                       packet_info *pinfo G_GNUC_UNUSED,
-+                       proto_tree *tree,
-+                       gint payload_length)
- {
-     proto_tree_add_item(tree, hf_libvirt_stream, tvb, VIR_HEADER_LEN,
-                         payload_length - VIR_HEADER_LEN, ENC_NA);
-@@ -357,6 +405,7 @@ dissect_libvirt_num_of_fds(tvbuff_t *tvb, proto_tree *tree)
- 
- static void
- dissect_libvirt_fds(tvbuff_t *tvb G_GNUC_UNUSED,
-+                    packet_info *pinfo G_GNUC_UNUSED,
-                     gint start G_GNUC_UNUSED,
-                     gint32 nfds G_GNUC_UNUSED)
- {
-@@ -364,8 +413,12 @@ dissect_libvirt_fds(tvbuff_t *tvb G_GNUC_UNUSED,
- }
- 
- static void
-dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_length,
-                                 gint32 status, vir_xdr_dissector_t dissect)
-+dissect_libvirt_payload_xdr_data(tvbuff_t *tvb,
-+                                 packet_info *pinfo,
-+                                 proto_tree *tree,
-+                                 gint payload_length,
-+                                 gint32 status,
-+                                 vir_xdr_dissector_t dissect)
- {
-     gint32 nfds = 0;
-     gint start = VIR_HEADER_LEN;
-@@ -384,17 +437,21 @@ dissect_libvirt_payload_xdr_data(tvbuff_t *tvb, proto_tree *tree, gint payload_l
-     payload_data = (caddr_t)tvb_memdup(NULL, payload_tvb, 0, payload_length);
-     xdrmem_create(&xdrs, payload_data, payload_length, XDR_DECODE);
- 
-    dissect(payload_tvb, tree, &xdrs, -1);
-+    dissect(payload_tvb, pinfo, tree, &xdrs, -1);
- 
-     xdr_destroy(&xdrs);
-     g_free(payload_data);
- 
-     if (nfds != 0)
-        dissect_libvirt_fds(tvb, start + payload_length, nfds);
-+        dissect_libvirt_fds(tvb, pinfo, start + payload_length, nfds);
- }
- 
- static gboolean
-dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+dissect_xdr_stream_hole(tvbuff_t *tvb,
-+                        packet_info *pinfo,
-+                        proto_tree *tree,
-+                        XDR *xdrs,
-+                        int hf)
- {
-     goffset start;
-     proto_item *ti;
-@@ -411,10 +468,10 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-     tree = proto_item_add_subtree(ti, ett_libvirt_stream_hole);
- 
-     hf = hf_libvirt_stream_hole_length;
-    if (!dissect_xdr_hyper(tvb, tree, xdrs, hf)) return FALSE;
-+    if (!dissect_xdr_hyper(tvb, pinfo, tree, xdrs, hf)) return FALSE;
- 
-     hf = hf_libvirt_stream_hole_flags;
-    if (!dissect_xdr_u_int(tvb, tree, xdrs, hf)) return FALSE;
-+    if (!dissect_xdr_u_int(tvb, pinfo, tree, xdrs, hf)) return FALSE;
- 
-     proto_item_set_len(ti, xdr_getpos(xdrs) - start);
-     return TRUE;
-@@ -424,6 +481,7 @@ dissect_xdr_stream_hole(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
- 
- static void
- dissect_libvirt_payload(tvbuff_t *tvb,
-+                        packet_info *pinfo,
-                         proto_tree *tree,
-                         uint32_t prog,
-                         int32_t proc,
-@@ -447,13 +505,13 @@ dissect_libvirt_payload(tvbuff_t *tvb,
-         xd = find_payload_dissector(proc, type, pds, *len);
-         if (xd == NULL)
-             goto unknown;
-        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, xd);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, xd);
-     } else if (status == VIR_NET_ERROR) {
-        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, dissect_xdr_remote_error);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, dissect_xdr_remote_error);
-     } else if (type == VIR_NET_STREAM) { /* implicitly, status == VIR_NET_CONTINUE */
-        dissect_libvirt_stream(tvb, tree, payload_length);
-+        dissect_libvirt_stream(tvb, pinfo, tree, payload_length);
-     } else if (type == VIR_NET_STREAM_HOLE) {
-        dissect_libvirt_payload_xdr_data(tvb, tree, payload_length, status, dissect_xdr_stream_hole);
-+        dissect_libvirt_payload_xdr_data(tvb, pinfo, tree, payload_length, status, dissect_xdr_stream_hole);
-     } else {
-         goto unknown;
-     }
-@@ -489,21 +547,21 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-     serial = tvb_get_ntohl(tvb, offset); offset += 4;
-     status = tvb_get_ntohil(tvb, offset); offset += 4;
- 
-    prog_str = vir_val_to_str(prog, program_strings, "%x");
-+    prog_str = vir_val_to_str(pinfo, prog, program_strings, "%x");
-     col_add_fstr(pinfo->cinfo, COL_INFO, "Prog=%s", prog_str);
-    vir_wmem_free(prog_str);
-+    vir_wmem_free(pinfo, prog_str);
- 
-     vs = get_program_data(prog, VIR_PROGRAM_PROCSTRINGS);
-    proc_str = vir_val_to_str(proc, vs, "%d");
-+    proc_str = vir_val_to_str(pinfo, proc, vs, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Proc=%s", proc_str);
-    vir_wmem_free(proc_str);
-+    vir_wmem_free(pinfo, proc_str);
- 
-    type_str = vir_val_to_str(type, type_strings, "%d");
-    status_str = vir_val_to_str(status, status_strings, "%d");
-+    type_str = vir_val_to_str(pinfo, type, type_strings, "%d");
-+    status_str = vir_val_to_str(pinfo, status, status_strings, "%d");
-     col_append_fstr(pinfo->cinfo, COL_INFO, " Type=%s Serial=%u Status=%s",
-                     type_str, serial, status_str);
-    vir_wmem_free(status_str);
-    vir_wmem_free(type_str);
-+    vir_wmem_free(pinfo, status_str);
-+    vir_wmem_free(pinfo, type_str);
- 
-     if (tree) {
-         gint *hf_proc;
-@@ -532,21 +590,26 @@ dissect_libvirt_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
-         proto_tree_add_item(libvirt_tree, hf_libvirt_status,  tvb, offset, 4, ENC_NA); offset += 4;
- 
-         /* Dissect payload remaining */
-        dissect_libvirt_payload(tvb, libvirt_tree, prog, proc, type, status);
-+        dissect_libvirt_payload(tvb, pinfo, libvirt_tree, prog, proc, type, status);
-     }
- 
-     return 0;
- }
- 
- static guint
-get_message_len(packet_info *pinfo G_GNUC_UNUSED, tvbuff_t *tvb, int offset, void *data G_GNUC_UNUSED)
-+get_message_len(packet_info *pinfo G_GNUC_UNUSED,
-+                tvbuff_t *tvb,
-+                int offset,
-+                void *data G_GNUC_UNUSED)
- {
-     return tvb_get_ntohl(tvb, offset);
- }
- 
- static int
-dissect_libvirt(tvbuff_t *tvb, packet_info *pinfo,
-                proto_tree *tree, void *data G_GNUC_UNUSED)
-+dissect_libvirt(tvbuff_t *tvb,
-+                packet_info *pinfo,
-+                proto_tree *tree,
-+                void *data G_GNUC_UNUSED)
- {
-     /* Another magic const - 4; simply, how much bytes
-      * is needed to tell the length of libvirt packet. */
-diff --git a/tools/wireshark/util/genxdrstub.pl b/tools/wireshark/util/genxdrstub.pl
-index 01b663a88c..f69695c091 100755
--- a/tools/wireshark/util/genxdrstub.pl
-+++ b/tools/wireshark/util/genxdrstub.pl
-@@ -250,7 +250,7 @@ sub xdr_type {
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my $name = $c->rinc( 'dissect_xdr_'.($self->idstrip || lc($self->xdr_type)) );
-    "$name(tvb, tree, xdrs, hf)";
-+    "$name(tvb, pinfo, tree, xdrs, hf)";
- }
- 
- sub ft_type {
-@@ -345,7 +345,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self) = @_;
-     my ($klass) = ref($self) =~ /([^:]+)$/;
-    sprintf '%s(tvb, tree, xdrs, hf, %s)',
-+    sprintf '%s(tvb, pinfo, tree, xdrs, hf, %s)',
-         $c->rinc('dissect_xdr_'.lc($klass)),
-         $c->rinc('dissect_xdr_'.$self->reftype->idstrip);
- }
-@@ -359,7 +359,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($klass) = ref($self) =~ /([^:]+)$/;
-    sprintf '%s(tvb, tree, xdrs, hf, %s)',
-+    sprintf '%s(tvb, pinfo, tree, xdrs, hf, %s)',
-         $c->rinc('dissect_xdr_'.lc($klass)), $self->length || '~0';
- }
- 
-@@ -447,7 +447,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($pname) = reverse split /__/, $hfid;
-    sprintf 'dissect_xdr_array(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-+    sprintf 'dissect_xdr_array(tvb, pinfo, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-         $c->rinc('ett_'.$self->idstrip),
-         $c->rinc("hf_$hfid\__$pname"),
-         $self->reftype->idstrip,
-@@ -476,7 +476,7 @@ BEGIN{::register_profile(
- sub render_caller {
-     my ($self, $hfid) = @_;
-     my ($pname) = reverse split /__/, $hfid;
-    sprintf 'dissect_xdr_vector(tvb, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-+    sprintf 'dissect_xdr_vector(tvb, pinfo, tree, xdrs, hf, %s, %s, "%s", %s, %s)',
-         $c->rinc('ett_'.$self->idstrip),
-         $c->rinc("hf_$hfid\__$pname"),
-         $self->reftype->idstrip,
-@@ -857,7 +857,7 @@ __END__<<DUMMY # Dummy heredoc to disable perl syntax highlighting
- my ($self, $ident) = @_;
- return if $self->is_primitive;
- %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     return <%= $self->dealias->render_caller($self->ident eq $ident ? undef : $ident) %>;
- }
-@@ -865,7 +865,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- <% my ($self, $ident) = @_;
-    my $hfvar = $c->rinc('hf_'.$self->idstrip);
- %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     goffset start;
-     proto_item *ti;
-@@ -890,7 +890,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- }
- @@ Sym::Type::Enum#render_dissector
- <% my ($self, $ident) = @_; %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     goffset start;
-     enum { DUMMY } es;
-@@ -914,7 +914,7 @@ static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *
- my ($self, $ident) = @_;
- my $decl_type = $self->decl->type->idstrip;
- %>
-static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf)
-+static gboolean dissect_xdr_<%= $ident %>(tvbuff_t *tvb, packet_info *pinfo G_GNUC_UNUSED, proto_tree *tree, XDR *xdrs, int hf)
- {
-     gboolean rc = TRUE;
-     goffset start;
-- 
-2.51.0
-
@@ -0,0 +1,687 @@
+From b1e2318a0d609fcdff04fcf88953ea87cdd02b95 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 25 Nov 2024 22:24:49 -0500
+Subject: [PATCH 9/9] network: add tc filter rule to nftables backend to fix
+ checksum of DHCP responses
+
+Please see the commit log for commit v10.9.0-rc1-1-g42ab0148dd for the
+history and explanation of the problem that this patch is fixing.
+
+A shorter explanation is that when a guest is connected to a libvirt
+virtual network using a virtio-net adapter with in-kernel "vhost-net"
+packet processing enabled, it will fail to acquire an IP address from
+a DHCP seever running on the host.
+
+In commit v10.9.0-rc1-1-g42ab0148dd we tried fixing this by *zeroing
+out* the checksums of these packets with an nftables rule (nftables
+can't recompute the checksum, but it can set it to 0) . This
+*appeared* to work initially, but it turned out that zeroing the
+checksum ends up breaking dhcp packets on *non* virtio/vhost-net guest
+interfaces. That attempt was reverted in commit v10.9.0-rc2.
+
+Fortunately, there is an existing way to recompute the checksum of a
+packet as it leaves an interface - the "tc" (traffic control) utility
+that libvirt already uses for bandwidth management. This patch uses a
+tc filter rule to match dhcp response packets on the bridge and
+recompute their checksum.
+
+The filter rule must be attached to a tc qdisc, which may also have a
+filter attached for bandwidth management (in the <bandwidth> element
+of the network config). Not only must we add the qdisc only once
+(which was already handled by the patch two prior to this one), but
+also the filter rule for checksum fixing and the filter rule for
+bandwidth management must be different priorities so they don't clash;
+this is solved by adding the checksum-fix filter with "priority 2",
+while the bandwidth management filter remains "priority 1" (both will
+always be evaluated anyway, it's just a matter of which is evaluated
+first).
+
+So far this method has worked with every different guest we could
+throw at it, including several that failed with the previous method.
+
+Fixes: b89c4991daa0ee9371f10937fab3b03c5ffdabc6
+Reported-by: Rich Jones <rjones@redhat.com>
+Reported-by: Andrea Bolognani <abologna@redhat.com>
+Fix-Suggested-by: Eric Garver <egarver@redhat.com>
+Fix-Suggested-by: Phil Sutter <psutter@redhat.com>
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/network/network_nftables.c                | 68 +++++++++++++++++++
+ .../forward-dev-linux.nftables                | 40 +++++++++++
+ .../isolated-linux.nftables                   | 40 +++++++++++
+ .../nat-default-linux.nftables                | 40 +++++++++++
+ .../nat-ipv6-linux.nftables                   | 40 +++++++++++
+ .../nat-ipv6-masquerade-linux.nftables        | 40 +++++++++++
+ .../nat-many-ips-linux.nftables               | 40 +++++++++++
+ .../nat-no-dhcp-linux.nftables                | 40 +++++++++++
+ .../nat-port-range-ipv6-linux.nftables        | 40 +++++++++++
+ .../nat-port-range-linux.nftables             | 40 +++++++++++
+ .../nat-tftp-linux.nftables                   | 40 +++++++++++
+ .../route-default-linux.nftables              | 40 +++++++++++
+ 12 files changed, 508 insertions(+)
+
+diff --git a/src/network/network_nftables.c b/src/network/network_nftables.c
+index cc184105c3..748edb0273 100644
+--- a/src/network/network_nftables.c
+++ b/src/network/network_nftables.c
+@@ -29,6 +29,7 @@
+ 
+ #include "internal.h"
+ #include "virfirewalld.h"
+#include "vircommand.h"
+ #include "virerror.h"
+ #include "virlog.h"
+ #include "virhash.h"
+@@ -924,6 +925,67 @@ nftablesAddIPSpecificFirewallRules(virFirewall *fw,
+ }
+ 
+ 
+/**
+ * nftablesAddUdpChecksumFixWithTC:
+ *
+ * Add a tc filter rule to @ifname (the bridge device of this network)
+ * that will recompute the checksum of udp packets output from @iface with
+ * destination port @port.
+ *
+ * Normally the checksum should be filled by some part of the basic
+ * network stack, but there are cases (e.g. DHCP response packets sent
+ * from virtualization host to a QEMU guest when the guest NIC uses
+ * vhost-net packet processing) when the host (sender) thinks that
+ * packet checksums will be computed elsewhere (and so leaves a
+ * partially computed checksum in the packet header) while the guest
+ * (receiver) thinks that the checksum has already been fully
+ * computed; in the meantime none of the code in between has actually
+ * finished computing the checksum.
+ *
+ * An example of this is DHCP response packets from host to guest. If
+ * the checksum of each of these packets isn't properly computed, then
+ * many guests (e.g. FreeBSD) will drop them with reason BAD CHECKSUM;
+ * this tc filter rule will fix the ip and udp checksums, and the
+ * FreeBSD dhcp client will happily accept the packet.
+ *
+ * (NB: if you're wondering how the tc qdisc and filter are removed
+ * when the network is destroyed, the answer is that the kernel
+ * automatically (and properly) removes them for us, so we don't need
+ * to worry about keeping track/deleting as we do with nftables rules)
+ */
+static int
+nftablesAddUdpChecksumFixWithTC(virFirewall *fw,
+                                const char *iface,
+                                int port)
+{
+    g_autofree char *portstr = g_strdup_printf("%d", port);
+
+    /* this will add the qdisc (that the filter below is attached to)
+     * unless it already exists
+     */
+    if (virNetDevBandWidthAddTxFilterParentQdisc(iface, true) < 0)
+        return -1;
+
+    /* add a filter to catch all udp packets with dst "port" and
+     * recompute their checksum
+     */
+    virFirewallAddCmd(fw, VIR_FIREWALL_LAYER_TC,
+                      "filter", "add", "dev", iface,
+                      "prio", "2", "protocol", "ip", "parent", "1:",
+                      "u32", "match", "ip", "dport", portstr, "ffff",
+                      "action", "csum", "ip", "and", "udp",
+                      NULL);
+
+    virFirewallAddRollbackCmd(fw, VIR_FIREWALL_LAYER_TC,
+                              "filter", "del", "dev", iface,
+                              "prio", "2", "protocol", "ip", "parent", "1:",
+                              "u32", "match", "ip", "dport", portstr, "ffff",
+                              "action", "csum", "ip", "and", "udp",
+                              NULL);
+    return 0;
+}
+
+
+ /* nftablesAddFirewallrules:
+  *
+  * @def - the network that needs an nftables firewall added
+@@ -944,6 +1006,12 @@ nftablesAddFirewallRules(virNetworkDef *def, virFirewall **fwRemoval)
+ 
+     virFirewallStartTransaction(fw, VIR_FIREWALL_TRANSACTION_AUTO_ROLLBACK);
+ 
+    /* add the tc filter rule needed to fixup the checksum of dhcp
+     * response packets going from host to guest.
+     */
+    if (nftablesAddUdpChecksumFixWithTC(fw, def->bridge, 68) < 0)
+        return -1;
+
+     nftablesAddGeneralFirewallRules(fw, def);
+ 
+     for (i = 0;
+diff --git a/tests/networkxml2firewalldata/forward-dev-linux.nftables b/tests/networkxml2firewalldata/forward-dev-linux.nftables
+index 8badb74beb..6772383b37 100644
+--- a/tests/networkxml2firewalldata/forward-dev-linux.nftables
+++ b/tests/networkxml2firewalldata/forward-dev-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/isolated-linux.nftables b/tests/networkxml2firewalldata/isolated-linux.nftables
+index d1b4dac178..546a18b75a 100644
+--- a/tests/networkxml2firewalldata/isolated-linux.nftables
+++ b/tests/networkxml2firewalldata/isolated-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-default-linux.nftables b/tests/networkxml2firewalldata/nat-default-linux.nftables
+index 28508292f9..08623c1381 100644
+--- a/tests/networkxml2firewalldata/nat-default-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-default-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+index d8a9ba706d..3fd6b94eef 100644
+--- a/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+index a7f09cda59..2811e098d1 100644
+--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+index b826fe6134..5409d5b552 100644
+--- a/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
+index d8a9ba706d..3fd6b94eef 100644
+--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
+index ceaed6fa40..d74417cdb3 100644
+--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.nftables b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
+index 1dc37a26ec..b55bb287a9 100644
+--- a/tests/networkxml2firewalldata/nat-port-range-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.nftables b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+index 28508292f9..08623c1381 100644
+--- a/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+diff --git a/tests/networkxml2firewalldata/route-default-linux.nftables b/tests/networkxml2firewalldata/route-default-linux.nftables
+index 282c9542a5..76d6902517 100644
+--- a/tests/networkxml2firewalldata/route-default-linux.nftables
+++ b/tests/networkxml2firewalldata/route-default-linux.nftables
+@@ -1,3 +1,43 @@
+tc \
+qdisc \
+show \
+dev \
+virbr0 \
+handle \
+1:
+tc \
+qdisc \
+add \
+dev \
+virbr0 \
+root \
+handle \
+1: \
+htb \
+default \
+2
+tc \
+filter \
+add \
+dev \
+virbr0 \
+prio \
+2 \
+protocol \
+ip \
+parent \
+1: \
+u32 \
+match \
+ip \
+dport \
+68 \
+ffff \
+action \
+csum \
+ip \
+and \
+udp
+ nft \
+ -ae insert \
+ rule \
+-- 
+2.47.1
+
@@ -0,0 +1,51 @@
+From 114c0ec656e879ab4d67919914bb24cf5993106d Mon Sep 17 00:00:00 2001
+Message-ID: <114c0ec656e879ab4d67919914bb24cf5993106d.1734201785.git.crobinso@redhat.com>
+From: Laine Stump <laine@redhat.com>
+Date: Mon, 2 Sep 2024 16:13:08 -0400
+Subject: [PATCH] network: permit <forward mode='open'/> when a network has no
+ IP address
+Content-type: text/plain
+
+The whole point of <forward mode='open'/> is to supress libvirt from
+adding any firewall rules for a network, and someone might want to
+create a network with no IP address (i.e. they don't want the guests
+to have connectivity to the host via this interface) and no firewall
+rules (they don't want any, or they want to add their own). So there's
+no reason to fail when a network has <forward mode='open'/> and also
+has no IP address.
+
+Kind-of-Resolves: https://gitlab.com/libvirt/libvirt/-/issues/588
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/conf/network_conf.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
+index 5cf419acf1..320e1b089a 100644
+--- a/src/conf/network_conf.c
+++ b/src/conf/network_conf.c
+@@ -1789,7 +1789,6 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt,
+ 
+     case VIR_NETWORK_FORWARD_ROUTE:
+     case VIR_NETWORK_FORWARD_NAT:
+-    case VIR_NETWORK_FORWARD_OPEN:
+         /* It's pointless to specify L3 forwarding without specifying
+          * the network we're on.
+          */
+@@ -1806,8 +1805,10 @@ virNetworkDefParseXML(xmlXPathContextPtr ctxt,
+                            def->name);
+             return NULL;
+         }
+        break;
+ 
+-        if (def->forward.type == VIR_NETWORK_FORWARD_OPEN && def->forward.nifs) {
+    case VIR_NETWORK_FORWARD_OPEN:
+        if (def->forward.nifs) {
+             /* an open network by definition can't place any restrictions
+              * on what traffic is allowed or where it goes, so specifying
+              * a forwarding device is nonsensical.
+-- 
+2.47.1
+
@@ -0,0 +1,64 @@
+From d51179fa82448f4720f1645f0b7100df80508cc4 Mon Sep 17 00:00:00 2001
+From: Pavel Hrdina <phrdina@redhat.com>
+Date: Thu, 9 Jan 2025 16:23:44 +0100
+Subject: [PATCH] qemu: snapshot: delete disk image only if parent snapshot is
+ external
+Content-type: text/plain
+
+When we are deleting external snapshot that is not active we only need
+to delete overlay disk image of the parent snapshot. This works
+correctly even if parent snapshot is external and active as it will have
+another overlay created when user reverted to that snapshot.
+
+In case the parent snapshot is internal there are no overlay disk images
+created as everything is stored internally within the disk image. In
+this case we would delete the actual disk image storing internal
+snapshots and most likely the original disk image as well resulting in
+data loss once the VM is shutoff.
+
+Fixes: https://gitlab.com/libvirt/libvirt/-/issues/734
+Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+---
+ src/qemu/qemu_snapshot.c | 14 ++++++++------
+ 1 file changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
+index 18b2e478f6..80cd54bf33 100644
+--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
+@@ -3144,6 +3144,8 @@ qemuSnapshotDeleteExternalPrepareData(virDomainObj *vm,
+             return -1;
+         }
+ 
+        data->parentSnap = qemuSnapshotFindParentSnapForDisk(snap, data->snapDisk);
+
+         if (data->merge) {
+             virStorageSource *snapDiskSrc = NULL;
+ 
+@@ -3185,8 +3187,6 @@ qemuSnapshotDeleteExternalPrepareData(virDomainObj *vm,
+                 qemuSnapshotGetDisksWithBackingStore(vm, snap, data);
+             }
+ 
+-            data->parentSnap = qemuSnapshotFindParentSnapForDisk(snap, data->snapDisk);
+-
+             if (data->parentSnap && !virDomainSnapshotIsExternal(data->parentSnap)) {
+                 virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                                _("deleting external snapshot that has internal snapshot as parent not supported"));
+@@ -3642,10 +3642,12 @@ qemuSnapshotDiscardExternal(virDomainObj *vm,
+             if (!data->job)
+                 goto error;
+         } else {
+-            if (virStorageSourceInit(data->parentDomDisk->src) < 0 ||
+-                virStorageSourceUnlink(data->parentDomDisk->src) < 0) {
+-                VIR_WARN("Failed to remove snapshot image '%s'",
+-                         data->snapDisk->name);
+            if (data->parentSnap && virDomainSnapshotIsExternal(data->parentSnap)) {
+                if (virStorageSourceInit(data->parentDomDisk->src) < 0 ||
+                    virStorageSourceUnlink(data->parentDomDisk->src) < 0) {
+                    VIR_WARN("Failed to remove snapshot image '%s'",
+                             data->snapDisk->name);
+                }
+             }
+         }
+     }
@@ -19,7 +19,7 @@
 %define arches_x86              %{ix86} x86_64

 %define arches_systemtap_64bit  %{arches_64bit}
-%define arches_dmidecode        %{arches_x86} aarch64 riscv64
+%define arches_dmidecode        %{arches_x86}
 %define arches_xen              %{arches_x86} aarch64
 %if 0%{?fedora}
    %define arches_xen          x86_64 aarch64
@@ -29,14 +29,12 @@
 %define arches_zfs              %{arches_x86} %{power64} %{arm}
 %define arches_numactl          %{arches_x86} %{power64} aarch64 s390x
 %define arches_numad            %{arches_x86} %{power64} aarch64
-%define arches_ch               x86_64 aarch64

 # The hypervisor drivers that run in libvirtd
 %define with_qemu          0%{!?_without_qemu:1}
 %define with_lxc           0%{!?_without_lxc:1}
 %define with_libxl         0%{!?_without_libxl:1}
 %define with_vbox          0%{!?_without_vbox:1}
-%define with_ch            0%{!?_without_ch:1}

 %ifarch %{arches_qemu_kvm}
    %define with_qemu_kvm      %{with_qemu}
@@ -125,9 +123,6 @@
 %ifnarch %{arches_ceph}
    %define with_storage_rbd 0
 %endif
-%ifnarch %{arches_ch}
-    %define with_ch 0
-%endif

 # RHEL doesn't ship many hypervisor drivers
 %if 0%{?rhel}
@@ -137,7 +132,6 @@
    %define with_libxl 0
    %define with_hyperv 0
    %define with_lxc 0
-    %define with_ch 0
 %endif

 %define with_firewalld_zone 0%{!?_without_firewalld_zone:1}
@@ -294,8 +288,8 @@

 Summary: Library providing a simple virtualization API
 Name: libvirt
-Version: 11.0.0
-Release: 5%{?dist}
+Version: 10.6.0
+Release: 7%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 URL: https://libvirt.org/

@@ -304,27 +298,24 @@ URL: https://libvirt.org/
 %endif
 Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz

-# fix build with GCC 15
-Patch: 0001-util-avoid-overflow-in-hextable-buffer.patch
+# Fix `virsh domifaddr --source=arp` on kernel 6.10 (bz #2302245)
+Patch0001: 0001-virarptable-Properly-calculate-rtattr-length.patch
+Patch0002: 0002-virarptable-Fix-check-for-message-length.patch
+Patch0003: 0003-virarptable-End-parsing-earlier-in-case-of-NLMSG_DON.patch

-Patch: 0001-storage-stop-hardcoding-paths-for-mkfs-mount-umount.patch
-Patch: 0001-util-stop-hardcoding-numad-path.patch
-Patch: 0001-Fix-mocking-of-virQEMUCapsProbeHVF-function.patch
+# Fix DHCP response checksum when using nftables firewall
+Patch0004: 0004-util-use-a-single-flags-arg-for-virNetDevBandwidthSe.patch
+Patch0005: 0005-util-make-it-optional-to-clear-existing-tc-qdiscs-fi.patch
+Patch0006: 0006-util-put-the-command-that-adds-a-tx-filter-qdisc-int.patch
+Patch0007: 0007-util-don-t-re-add-the-qdisc-used-for-tx-filters-if-i.patch
+Patch0008: 0008-util-add-new-tc-layer-for-virFirewallCmd-objects.patch
+Patch0009: 0009-network-add-tc-filter-rule-to-nftables-backend-to-fi.patch

-# Fix dumpxml failures after migration (bz 2369243)
-Patch: 0001-qemu-Be-more-forgiving-when-acquiring-QUERY-job-when.patch
-# libvirt-nss stops working after network restarts (bz #2364285)
-Patch: 0001-nss-Skip-empty-files-and-avoid-use-of-uninitialized-.patch
+# Permit forward mode=open when network has no IP (bz 2255266)
+Patch: 0010-network-permit-forward-mode-open-when-a-network-has-.patch

-# Fix build with wireshark
-Patch: 0001-wireshark-Drop-needless-declaration-of-proto_registe.patch
-Patch: 0002-wireshark-Switch-header-files-to-pragma-once.patch
-Patch: 0003-wireshark-Move-WIRESHARK_VERSION-macro-definition.patch
-Patch: 0004-wireshark-Fix-int-type-of-some-virNetMessageHeader-m.patch
-Patch: 0005-wireshark-Don-t-special-case-retval-of-get_program_d.patch
-Patch: 0006-wireshark-Introduce-and-use-vir_val_to_str.patch
-Patch: 0007-wireshark-Don-t-leak-column-strings.patch
-Patch: 0008-wireshark-Adapt-to-wireshark-4.6.0.patch
+# Fix potential dataloss on snapshot deletion
+Patch11: 0011-qemu-snapshot-delete-disk-image-only-if-parent-snaps.patch

 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -345,9 +336,6 @@ Obsoletes: libvirt-daemon-uml <= 5.0.0
 %if %{with_vbox}
 Requires: libvirt-daemon-driver-vbox = %{version}-%{release}
 %endif
-%if %{with_ch}
-Requires: libvirt-daemon-driver-ch = %{version}-%{release}
-%endif
 Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
 Requires: libvirt-daemon-driver-interface = %{version}-%{release}
 Requires: libvirt-daemon-driver-secret = %{version}-%{release}
@@ -362,7 +350,7 @@ Requires: libvirt-libs = %{version}-%{release}
 BuildRequires: python3-docutils
 BuildRequires: meson >= 0.56.0
 BuildRequires: ninja-build
-BuildRequires: git-core
+BuildRequires: git
 BuildRequires: perl-interpreter
 BuildRequires: python3
 BuildRequires: python3-pytest
@@ -392,7 +380,7 @@ BuildRequires: libblkid-devel >= 2.17
 BuildRequires: augeas
 BuildRequires: systemd-devel >= 185
 BuildRequires: libpciaccess-devel >= 0.10.9
-BuildRequires: json-c-devel
+BuildRequires: yajl-devel
    %if %{with_sanlock}
 BuildRequires: sanlock-devel >= 2.4
    %endif
@@ -460,6 +448,8 @@ BuildRequires: systemtap-sdt-devel
 BuildRequires: /usr/bin/dtrace
 # For mount/umount in FS driver
 BuildRequires: util-linux
+# For showmount in FS driver (netfs discovery)
+BuildRequires: nfs-utils
    %if %{with_numad}
 BuildRequires: numad
    %endif
@@ -698,7 +688,7 @@ an implementation of the secret key APIs.
 Summary: Storage driver plugin including base backends for the libvirtd daemon
 Requires: libvirt-daemon-common = %{version}-%{release}
 Requires: libvirt-libs = %{version}-%{release}
-Recommends: nfs-utils
+Requires: nfs-utils
 # For mkfs
 Requires: util-linux
 # For storage wiping with different algorithms
@@ -1024,6 +1014,7 @@ Requires: libvirt-daemon-driver-libxl = %{version}-%{release}
 Requires: libvirt-daemon-driver-interface = %{version}-%{release}
 Requires: libvirt-daemon-driver-network = %{version}-%{release}
 Requires: libvirt-daemon-driver-nodedev = %{version}-%{release}
+Requires: libvirt-daemon-driver-nwfilter = %{version}-%{release}
 Requires: libvirt-daemon-driver-secret = %{version}-%{release}
 Requires: libvirt-daemon-driver-storage = %{version}-%{release}
 Requires: xen
@@ -1057,20 +1048,6 @@ Server side daemon and driver required to manage the virtualization
 capabilities of VirtualBox
    %endif

-    %if %{with_ch}
-%package daemon-driver-ch
-Summary: Cloud-Hypervisor driver plugin for libvirtd daemon
-Requires: libvirt-daemon-common = %{version}-%{release}
-Requires: libvirt-daemon-log = %{version}-%{release}
-Requires: libvirt-libs = %{version}-%{release}
-
-%description daemon-driver-ch
-The ch driver plugin for the libvirtd daemon, providing
-an implementation of the hypervisor driver APIs by
-Cloud-Hypervisor
-    %endif
-
-
 %package client
 Summary: Client side utilities of the libvirt library
 Requires: libvirt-libs = %{version}-%{release}
@@ -1233,15 +1210,9 @@ exit 1
 %endif

 %if %{with_esx}
-    %define arg_esx -Ddriver_esx=enabled
+    %define arg_esx -Ddriver_esx=enabled -Dcurl=enabled
 %else
-    %define arg_esx -Ddriver_esx=disabled
-%endif
-
-%if %{with_esx} || %{with_ch}
-    %define arg_curl -Dcurl=enabled
-%else
-    %define arg_curl -Dcurl=disabled
+    %define arg_esx -Ddriver_esx=disabled -Dcurl=disabled
 %endif

 %if %{with_hyperv}
@@ -1256,12 +1227,6 @@ exit 1
    %define arg_vmware -Ddriver_vmware=disabled
 %endif

-%if %{with_ch}
-    %define arg_ch -Ddriver_ch=enabled
-%else
-    %define arg_ch -Ddriver_ch=disabled
-%endif
-
 %if %{with_storage_rbd}
    %define arg_storage_rbd -Dstorage_rbd=enabled
 %else
@@ -1392,12 +1357,11 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
           -Ddriver_remote=enabled \
           -Ddriver_test=enabled \
           %{?arg_esx} \
-           %{?arg_curl} \
           %{?arg_hyperv} \
           %{?arg_vmware} \
-           %{?arg_ch} \
           -Ddriver_vz=disabled \
           -Ddriver_bhyve=disabled \
+           -Ddriver_ch=disabled \
           %{?arg_remote_mode} \
           -Ddriver_interface=enabled \
           -Ddriver_network=enabled \
@@ -1424,7 +1388,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
           -Dapparmor_profiles=disabled \
           -Dsecdriver_apparmor=disabled \
           -Dudev=enabled \
-           -Djson_c=enabled \
+           -Dyajl=enabled \
           %{?arg_sanlock} \
           -Dlibpcap=enabled \
           %{?arg_nbdkit} \
@@ -1496,7 +1460,6 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
  -Dfuse=disabled \
  -Dglusterfs=disabled \
  -Dhost_validate=disabled \
-  -Djson_c=disabled \
  -Dlibiscsi=disabled \
  -Dnbdkit=disabled \
  -Dnbdkit_config_default=disabled \
@@ -1539,6 +1502,7 @@ export SOURCE_DATE_EPOCH=$(stat --printf='%Y' %{_specdir}/libvirt.spec)
  -Dtests=disabled \
  -Dudev=disabled \
  -Dwireshark_dissector=disabled \
+  -Dyajl=disabled \
  %{?enable_werror}
 %mingw_ninja
 %endif
@@ -1599,10 +1563,6 @@ rm -rf $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/libvirtd.libxl
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_libxl.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug
    %endif
-    %if ! %{with_ch}
-rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_ch.aug
-rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_ch.aug
-    %endif

 # Copied into libvirt-docs subpackage eventually
 mv $RPM_BUILD_ROOT%{_datadir}/doc/libvirt libvirt-docs
@@ -2002,19 +1962,6 @@ exit 0
 %libvirt_systemd_unix_preun virtxend
    %endif

-    %if %{with_ch}
-%pre daemon-driver-ch
-%libvirt_sysconfig_pre virtchd
-%libvirt_systemd_unix_pre virtchd
-
-%posttrans daemon-driver-ch
-%libvirt_sysconfig_posttrans virtchd
-%libvirt_systemd_unix_posttrans virtchd
-
-%preun daemon-driver-ch
-%libvirt_systemd_unix_preun virtchd
-    %endif
-
 %pre daemon-config-network
 %libvirt_systemd_config_pre libvirtd
 %libvirt_systemd_config_pre virtnetworkd
@@ -2102,9 +2049,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf
 %config(noreplace) %{_prefix}/lib/sysctl.d/60-libvirtd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd
-%dir %{_datadir}/augeas/lenses
 %{_datadir}/augeas/lenses/libvirtd.aug
-%dir %{_datadir}/augeas/lenses/tests
 %{_datadir}/augeas/lenses/tests/test_libvirtd.aug
 %attr(0755, root, root) %{_sbindir}/libvirtd
 %{_mandir}/man8/libvirtd.8*
@@ -2115,7 +2060,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
 %dir %{_datadir}/libvirt/
 %ghost %dir %{_rundir}/libvirt/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/common/
+%ghost %dir %{_rundir}/libvirt/common/
 %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/
@@ -2201,7 +2146,7 @@ exit 0
 %{_unitdir}/virtinterfaced-ro.socket
 %{_unitdir}/virtinterfaced-admin.socket
 %attr(0755, root, root) %{_sbindir}/virtinterfaced
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/interface/
+%ghost %dir %{_rundir}/libvirt/interface/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_interface.so
 %{_mandir}/man8/virtinterfaced.8*

@@ -2243,7 +2188,7 @@ exit 0
 %{_unitdir}/virtnodedevd-ro.socket
 %{_unitdir}/virtnodedevd-admin.socket
 %attr(0755, root, root) %{_sbindir}/virtnodedevd
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nodedev/
+%ghost %dir %{_rundir}/libvirt/nodedev/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_nodedev.so
 %{_mandir}/man8/virtnodedevd.8*

@@ -2258,8 +2203,8 @@ exit 0
 %attr(0755, root, root) %{_sbindir}/virtnwfilterd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/
 %ghost %dir %{_rundir}/libvirt/network/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nwfilter-binding/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/nwfilter/
+%ghost %dir %{_rundir}/libvirt/nwfilter-binding/
+%ghost %dir %{_rundir}/libvirt/nwfilter/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_nwfilter.so
 %{_mandir}/man8/virtnwfilterd.8*

@@ -2273,7 +2218,7 @@ exit 0
 %{_unitdir}/virtsecretd-admin.socket
 %attr(0755, root, root) %{_sbindir}/virtsecretd
 %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/secrets/
-%ghost %dir %attr(0700, root, root) %{_rundir}/libvirt/secrets/
+%ghost %dir %{_rundir}/libvirt/secrets/
 %{_libdir}/libvirt/connection-driver/libvirt_driver_secret.so
 %{_mandir}/man8/virtsecretd.8*

@@ -2352,11 +2297,11 @@ exit 0
 %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
 %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
 %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
-%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/
-%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/dbus/
-%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/passt/
-%ghost %dir %attr(0755, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/slirp/
-%ghost %dir %attr(0770, %{qemu_user}, %{qemu_group}) %{_rundir}/libvirt/qemu/swtpm/
+%ghost %dir %{_rundir}/libvirt/qemu/
+%ghost %dir %{_rundir}/libvirt/qemu/dbus/
+%ghost %dir %{_rundir}/libvirt/qemu/passt/
+%ghost %dir %{_rundir}/libvirt/qemu/slirp/
+%ghost %dir %{_rundir}/libvirt/qemu/swtpm/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/checkpoint/
 %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/dump/
@@ -2480,19 +2425,6 @@ exit 0
 %attr(0755, root, root) %{_libexecdir}/libvirt_sanlock_helper
    %endif

-    %if %{with_ch}
-%files daemon-driver-ch
-%attr(0755, root, root) %{_sbindir}/virtchd
-%config(noreplace) %{_sysconfdir}/libvirt/virtchd.conf
-%{_datadir}/augeas/lenses/virtchd.aug
-%{_datadir}/augeas/lenses/tests/test_virtchd.aug
-%{_unitdir}/virtchd-admin.socket
-%{_unitdir}/virtchd-ro.socket
-%{_unitdir}/virtchd.service
-%{_unitdir}/virtchd.socket
-%{_libdir}/libvirt/connection-driver/libvirt_driver_ch.so
-    %endif
-
 %files client
 %{_mandir}/man1/virsh.1*
 %{_mandir}/man1/virt-xml-validate.1*
@@ -2523,17 +2455,15 @@ exit 0
 %{_libdir}/libvirt-lxc.so.*
 %{_libdir}/libvirt-admin.so.*
 %dir %{_datadir}/libvirt/
-%{_datadir}/libvirt/test-screenshot.png
 %dir %{_datadir}/libvirt/schemas/
-%{_datadir}/libvirt/schemas/*.rng
-%dir %{_datadir}/systemtap/tapset/
 %{_datadir}/systemtap/tapset/libvirt_probes*.stp
 %{_datadir}/systemtap/tapset/libvirt_functions.stp
    %if %{with_qemu}
 %{_datadir}/systemtap/tapset/libvirt_qemu_probes*.stp
    %endif
-%dir %{_datadir}/libvirt/cpu_map
+%{_datadir}/libvirt/schemas/*.rng
 %{_datadir}/libvirt/cpu_map/*.xml
+%{_datadir}/libvirt/test-screenshot.png

    %if %{with_wireshark}
 %files wireshark
@@ -2711,37 +2641,21 @@ exit 0


 %changelog
-* Fri Oct 24 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-5
- Fix build with latest wireshark
+* Wed Mar 05 2025 Cole Robinson <crobinso@redhat.com> - 10.6.0-7
+- Fix potential dataloss on snapshot deletion

-* Fri Aug 08 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-4
- libvirt-nss stops working after network restarts (bz #2364285)
+* Sat Dec 14 2024 Cole Robinson <crobinso@redhat.com> - 10.6.0-6
+- Fix DHCP response checksum when using nftables firewall
+- Permit forward mode=open when network has no IP (bz 2255266)

-* Fri Jun 20 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-3
- Fix dumpxml failures after migration (bz 2369243)
+* Tue Sep 24 2024 Cole Robinson <crobinso@redhat.com> - 10.6.0-5
+- Rebuild for new wireshark

-* Tue Apr 29 2025 Daniel P. Berrangé <berrange@redhat.com> - 11.0.0-2
- Fix location of mount, umount (rhbz #2359196)
- Fix location of numad (rhbz #2359736)
- Fix tests on rebuild with latest GCC 15
+* Wed Sep 18 2024 David Abdurachmanov <davidlt@rivosinc.com> - 10.6.0-4
+- Add riscv64 to arches_qemu_kvm

-* Fri Jan 17 2025 Cole Robinson <crobinso@redhat.com> - 11.0.0-1
- Update to version 11.0.0
-
-* Fri Jan 17 2025 Fedora Release Engineering <releng@fedoraproject.org> - 10.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Mon Dec 02 2024 Cole Robinson <crobinso@redhat.com> - 10.10.0-1
- Update to version 10.10.0
-
-* Fri Nov  1 2024 Daniel P. Berrangé <berrange@redhat.com> - 10.9.0-1
- Update to version 10.9.0
-
-* Tue Oct 01 2024 Cole Robinson <crobinso@redhat.com> - 10.8.0-1
- Update to version 10.8.0
-
-* Mon Sep 02 2024 Cole Robinson <crobinso@redhat.com> - 10.7.0-1
- Update to version 10.7.0
+* Thu Sep 12 2024 Dennis Gilmore <dennis@ausil.us> - 10.6.0-3
+- rebuild for updated wireshark

 * Tue Aug 27 2024 Cole Robinson <crobinso@redhat.com> - 10.6.0-2
 - Fix `virsh domifaddr --source=arp` on kernel 6.10 (bz #2302245)
@@ -1 +1 @@
-SHA512 (libvirt-11.0.0.tar.xz) = ac5fd17d3f488c241017d967364e0441373e9ab0457dab1acfe84fd0b90353dc5d185cc7fcd2b0d7995af4137a3fa18371abb5511686456a9e720f7ec7829da9
+SHA512 (libvirt-10.6.0.tar.xz) = edec79e89669d5e9a46be35e0d6334a6ed3bbf32426679549bd998bde24cba52b0378843f41a3abb5d781ad53e2a6a54619a0bad3f168c11fb41736cc6af6568
Author	SHA1	Message	Date
Cole Robinson	5a42f1fcdc	Fix potential dataloss on snapshot deletion Signed-off-by: Cole Robinson <crobinso@redhat.com>	2025-03-05 11:27:07 -05:00
Cole Robinson	b14bf469da	libvirt-10.6.0-6.fc41 Fix DHCP response checksum when using nftables firewall Permit forward mode=open when network has no IP (bz 2255266) Signed-off-by: Cole Robinson <crobinso@redhat.com>	2024-12-14 13:48:38 -05:00
Laine Stump	f2e51513a0	Fix DHCP response checksum when using nftables firewall backend for virtual networks	2024-12-11 15:58:43 -05:00
Cole Robinson	4f3b8e6a17	libvirt-10.6.0-5 Rebuild for new wireshark	2024-09-24 05:18:59 -04:00
David Abdurachmanov	985e71cf0c	Add riscv64 to arches_qemu_kvm Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>	2024-09-18 15:07:58 +02:00
Dennis Gilmore	c1a7e5f39b	rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark rebuild for updated wireshark Signed-off-by: Dennis Gilmore <dennis@ausil.us>	2024-09-12 08:59:02 -05:00