GNU bug report logs - #77153
[PATCH 0/3] doc: cookbook: Manual libvirt networking.

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 15:50:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 11:50:41 2025
Received: from localhost ([127.0.0.1]:44794 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tw17R-0008Ud-CC
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 11:50:41 -0400
Received: from mail-pl1-x634.google.com ([2607:f8b0:4864:20::634]:56569)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tw17O-0008UJ-Az
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 11:50:38 -0400
Received: by mail-pl1-x634.google.com with SMTP id
 d9443c01a7336-225477548e1so55412325ad.0
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 08:50:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742658632; x=1743263432; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=5ZAbU4ISr1eICpfZgv5/uVopRNx9QgfoommsDAXl3O4=;
 b=bXvwCiB0U0VX6Osa5afHZvix+gV4p7Hrk6Hi1IkYUBOEIGbsGleLYplMcnzKUinJow
 ilZTZvyvOOryN+bswTn0jBpDKr1XCyhhrVk5PTHwo6N9VVh5QIcHqr8j5qpRXAcLFec/
 8Uhuub3lgdBkA0WH62/0zwGvwnkdVS73hf9wGpnUrGp3AhGsXpwN//SqWDSpWxO38Crq
 0AQbbJNdbSqejM9zTHp0LHckVyzCrAJW9A2lRF0cTjElWZ4h3/zqs+9RcNDav3jOhqOr
 xdP+gGP5fioAvEgexdouDanUdSEMyNl7dVYBfrlRDi5n1BNJ9sFkJQxsBgZe0stvnj0S
 IIKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742658632; x=1743263432;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=5ZAbU4ISr1eICpfZgv5/uVopRNx9QgfoommsDAXl3O4=;
 b=ureBfNBz0EyVUn8+eUXZNDiziwIarZRE4dlALZEdG+CmEfNC288YqrpWDcppS1TXum
 9mO35CiYJfv6r3/frY7/uv/7Hw+NbvbyraugsDkNrBXSqr4sfwPsA39qF2ledIHIWJQu
 NKmw2ufinyrRqSbaNP4nnBMr5IMfLh0gZkZdNftexjMzk1AGflkqoksXwa72BYhjCQh1
 n2/BiY0qbhWl/Y6CuIl0mSiQTN5m1NGKFjKt0PWkQAKWlEqtfV7nu0OUzlwkMQz1BA1z
 RyuAWlX+0ChRtyHMD1tAlAZ/1po7btO4JkQjKpy8UrWO0uE8U6d3u6SGX3hdBlsgPfya
 OQlw==
X-Gm-Message-State: AOJu0YzBW+NLGoDPP0644EqNzFd31uR4usKv4cYTIHFisFnyeQOXL4e6
 Md+dBh+wUFECjUCCq68DXcLk+/f26KvD4HXxdMeLOrbUw0a3r5rL
X-Gm-Gg: ASbGnct/JEpXMpsV5+2/xj+Z57rW7/TWFopA7ViO58/XNG+t6abKUCTDWRtwWQR6s+b
 JMzKC10rTsjHtYifbs++KquRczLMu+N7Gg66EsH85R872hqiwQ+A1BfDzl75fOi/2FjxhrHjrjd
 VQYEGXBGpykMzODyR4hOluzregl3JadTluvcOooCks1QCv+LahH+FWFNCPpox4CJe3ExC2LFZBc
 Do58GdRJdu9x0pLdhXnxvh453CmD38yayXr5hS9EhCOZhftS/QoPM6xCG6FuWE+4riOqssDuWqb
 PRD+YVwIClz82oReGJOh9Yozxxmk//yn8ITim6ljJUm8EZgvb8E4GA==
X-Google-Smtp-Source: AGHT+IFlNNQ5GfapahwerwVIl56ZAZrlSTsKW/YjHzDGsa7fHOIZB3vytVkOr8CfDIq/h6G0swMhqQ==
X-Received: by 2002:a05:6a21:1:b0:1f5:6d6f:28e with SMTP id
 adf61e73a8af0-1fe4331ac2amr12347727637.42.1742658632080; 
 Sat, 22 Mar 2025 08:50:32 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-73905fd67c1sm4324701b3a.60.2025.03.22.08.50.30
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 08:50:31 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH v2 0/3] doc: cookbook: Custom NAT-based
 libvirt networks.
In-Reply-To: <cover.1742647810.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Sat, 22 Mar 2025 18:27:35 +0530")
References: <cover.1742569449.git.45mg.writes@HIDDEN>
 <cover.1742647810.git.45mg.writes@HIDDEN>
Date: Sun, 23 Mar 2025 00:50:17 +0900
Message-ID: <87y0wxf4jq.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

> Changes from v1:
> 1/3:
> - Added copyright.
> - Modified commit message to include the discussed rationale for this change.
> 3/3: Addressed Maxim's review [1].
> Unaddressed, pending items [2]:
> - Link to libvirt networking handbook - keep, move, or ditch?

Not sure.  If we link to it, I'd do so from the first section covering
material sourced from it.

> - What does 'stp_state' param for a bridge actually do?

Apparently it means this, per man 8 bridge:

       state STP_STATE
              The spanning tree state, see the state option of bridge
              link set for supported states.

and from the same manual:

       state STP_STATE
              the operation state of the vlan. One may enter STP state
              name (case insensitive), or one of the numbers below.
              Negative inputs are ignored, and unrecognized names return
              an error. Note that the state is set only for the vlan of
              the specified device, e.g. if it is a bridge port then the
              state will be set only for the vlan of the port.

              0 - vlan is in STP DISABLED state. Make this vlan
              completely inactive for STP. This is also called BPDU
              filter and could be used to disable STP on an untrusted
              vlan.

              1 - vlan is in STP LISTENING state. Only valid if STP is
              enabled on the bridge. In this state the vlan listens for
              STP BPDUs and drops all other traffic frames.

              2 - vlan is in STP LEARNING state. Only valid if STP is
              enabled on the bridge. In this state the vlan will accept
              traffic only for the purpose of updating MAC address
              tables.

              3 - vlan is in STP FORWARDING state. This is the default
              vlan state.

              4 - vlan is in STP BLOCKING state. Only valid if STP is
              enabled on the bridge. This state is used during the STP
              election process. In this state, the vlan will only process
              STP BPDUs.

So you could add comment mentioning that this is to configure the bridge
in the listening @acronym{STP, Spanning Tree State} or similar, or
something nicer if you have a better understanding of why that is useful.

-- 
Thanks,
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 13:00:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 09:00:49 2025
Received: from localhost ([127.0.0.1]:41491 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvyT2-00047b-3A
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:00:49 -0400
Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]:47171)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvySp-00046o-PH
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:00:36 -0400
Received: by mail-pl1-x641.google.com with SMTP id
 d9443c01a7336-22401f4d35aso62120955ad.2
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 06:00:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742648429; x=1743253229; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=zHgwMhXLpC+9StWtu4lOuaL9tNt18qu3LAU+Uu2nyR0=;
 b=nZ5IB8IVFnid9RkXf/T1N+BWFB2NdBj0iR81zTKX5Jp9zKy7YUl2/SL0iWbR5HYJS4
 bOPM+/ljrxagRF8amHjFpYbDGC+wGci8CDhRP4Qryp67QPV/TbFOux9YC9wodq0+S8NU
 5iKoXnNJjdc+fuKcQPcBxxipGXd4SqCrht5Qog5q/izXoqRoiV0d6l8HNRRCnmvVdtPA
 BTmVOUOmSx0MZS/IqtO1i/jLerEwsBVPw2VeIvOdHXqBtejIiAGjcZt7OPd9lq47BkwT
 JfukbEGAEi0OMWev9+LaH9WlgswyCjUpjVIC04PgY5x+iB0LTAZx8wknHi2sQxR0clLb
 QXFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742648429; x=1743253229;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=zHgwMhXLpC+9StWtu4lOuaL9tNt18qu3LAU+Uu2nyR0=;
 b=divMGF/fSGwLUzePo+IbPG/HEs4YWWAQVD2Wng/Lf4bS/gvWdLGQG0R9GPN1WnKfE6
 rJHs9FPXqGutaZcRK6u0fz9E30VL1j+wGPfWLf1otqqheb48i+oPU7h7xk2EbFhKGzyG
 PBVOgZNYwXhTAdpZdas5h7aFUkLVNJ/jIKsMvYztRYOci5jkM/x2VeDutFNdYskthNPb
 nngHolpXs63K9jElxBzOXF/TWAfpK49TO1DmLP09E5gdjUfMxs75LQQAUdBBQPGCeqT3
 HZXY7qIkeUHTf30BsC/XvU3sUSsI2H/rS/F9Vdq9myp/eFiCAwkXzv3gBaS+1oFvsiNz
 Hnzw==
X-Gm-Message-State: AOJu0YzbFyF3xYEvQWklOMQS/mVv4Lf2dVzM5gHQbhzy94JFi8sUJbDf
 7HQ3AL5F8L6u8ERvPYfBlcHxalox7LDUf5hVF3vYZfv/kaKKf+HeSCRq15y1
X-Gm-Gg: ASbGncvEIxVphDCtKPt3NaYBbvZXyHRF9JAORmgMLbP4m3xd0251eTPNWxOCi0CQfKx
 yEmfIkHF3WftEQZbBuFr4haSgqJqVUZciE4jB9zCooKiZl70Ws/IFRaDWlO9MOm/KXW2BO3kKxC
 20FCyXXoMXz0ZmsQEdDw9oo2PSngZmntoMLXT6Kq1oZ86ufTjgxSgbIixcaDMj7/6qrzPX4HRLI
 Y8a00d648rtj71M6RKPpndNswOgItkBVHQJVQ29IeFYs+XadBT/etZLxo++n5Rah9HhYmHnpVoE
 bUGD/IKZEiXdOJkU8YiWYhR+T9Dsm2ZievPn5rZzbB3xXaGrXAoI8VuvTyOlUf2ViMI=
X-Google-Smtp-Source: AGHT+IEh/8Unxqlis9sNjsHF87tseWpaQwp5o4WxoSAysiO8/b25rtV6k4hYz0NsWCXl1S6qrTJp0g==
X-Received: by 2002:a05:6a00:1953:b0:736:5486:781d with SMTP id
 d2e1a72fcca58-73905a27720mr10764369b3a.19.1742648429313; 
 Sat, 22 Mar 2025 06:00:29 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-73905fd5747sm4074838b3a.55.2025.03.22.06.00.27
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 06:00:29 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH v2 3/3] doc: cookbook: Custom NAT-based libvirt networks.
Date: Sat, 22 Mar 2025 18:30:13 +0530
Message-ID: <d171a66f292b8886b4d593a189449db6c1ca8437.1742647810.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1742647810.git.45mg.writes@HIDDEN>
References: <cover.1742647810.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix-cookbook.texi (Virtual Machines): [Custom NAT-based network
for libvirt]: New section.

Change-Id: Ice79c5dc8183ec694ac8b846a5ec88cb98cac9ff
---
 doc/guix-cookbook.texi | 124 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 124 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 9c56790edc..68cd05e6f2 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -3751,6 +3751,7 @@ Virtual Machines
 @menu
 * Network bridge for QEMU::
 * Routed network for libvirt::
+* Custom NAT-based network for libvirt::
 @end menu
 
 @node Network bridge for QEMU
@@ -3975,6 +3976,129 @@ Routed network for libvirt
 should work from within your VM; you can e.g.@: run @samp{ping gnu.org}
 to verify that it functions correctly.
 
+@node Custom NAT-based network for libvirt
+@section Custom NAT-based network for libvirt
+
+As mentioned in the preceding section (@pxref{Routed network for libvirt}),
+libvirt allows virtual networks to be defined via XML files and managed
+by the @command{virsh} command.  The details of the creation and removal
+of virtual network switches are handled by libvirt, so the user does not
+have to deal with them.
+
+However, libvirt's handling of virtual network switches can sometimes
+clash with more complex networking setups.  In particular, the iptables
+rules inserted by libvirt for switches operating in the NAT mode can
+clash with existing iptables/nftables rules, leading to insecure or
+broken packet filtering.
+
+In such cases, the only solution is to manually set up a virtual network
+switch.  This section will provide instructions on how to do so using
+Guix System services.
+
+This section is based on
+@url{https://jamielinux.com/docs/libvirt-networking-handbook/custom-nat-based-network.html,
+the corresponding section from the (unofficial) libvirt Networking
+Handbook}.  It should be noted that at the time of writing (March 2025),
+this resource had not been updated since 2015, and is therefore somewhat
+outdated.  In particular, the creation of a `dummy interface' is no
+longer necessary.
+
+@subsection Creating the virtual network bridge
+
+The @code{static-networking-service-type} can be used to create a
+virtual network bridge and assign an IP address to it:
+
+@example lisp
+(service static-networking-service-type
+         (list (static-networking
+                ;; The default provision is 'networking; if you're using any
+                ;; other service with this provision, such as
+                ;; `network-manager-service-type`, then you need to change the
+                ;; default.
+                (provision '(static-networking))
+                (links
+                 (list (network-link
+                        (name "virbr0")
+                        (type 'bridge)
+                        (arguments '((stp_state . 1))))))
+                (addresses
+                 (list (network-address
+                        (device "virbr0")
+                        (value "192.168.10.1/24")))))))
+@end example
+
+@subsection Running dnsmasq for the virtual network bridge
+
+The @code{dnsmasq-service-type} can be used to provide DNS and DHCP for
+guests connected to this virtual network switch:
+
+@example lisp
+(service dnsmasq-service-type
+         (dnsmasq-configuration
+          ;; You can have multiple instances of `dnsmasq-service-type` as long
+          ;; as each one has a different provision.
+          (provision '(dnsmasq-virbr0))
+          (extra-options (list
+                          ;; Only bind to the virtual bridge. This
+                          ;; avoids conflicts with other running
+                          ;; dnsmasq instances.
+                          "--except-interface=lo"
+                          "--interface=virbr0"
+                          "--bind-dynamic"
+                          ;; IPv4 addresses to offer to VMs. This
+                          ;; should match the chosen subnet.
+                          "--dhcp-range=192.168.10.2,192.168.10.254"))))
+@end example
+
+@subsection Configuring NAT for the virtual network switch
+
+If you intend to use the virtual network switch in NAT mode, you will
+need to use nftables (or iptables) rules to set up IP masquerading.  The
+following example shows how to use @code{nftables-service-type} to do
+this:
+
+@example lisp
+(service nftables-service-type
+         (nftables-configuration
+          (ruleset
+           (plain-file "nftables.conf"
+                       "\
+table inet filter @{
+
+  chain input @{
+    type filter hook input priority filter; policy drop;
+    # Add your existing packet filtering rules here...
+    iifname virbr0 udp dport 67 counter accept comment \"allow dhcp on virbr0\"
+    iifname virbr0 meta l4proto @{tcp, udp@} th dport 53 accept \\
+        comment \"allow dns on virbr0\"
+  @}
+
+  chain forward @{
+    type filter hook forward priority filter; policy drop;
+    # Add your existing forwarding rules here...
+    iifname virbr0 accept comment \"allow outbound traffic from virbr0\"
+    oifname virbr0 ct state @{established, related @} accept \\
+        comment \"allow established traffic to virbr0\"
+  @}
+
+@}
+
+table inet nat @{
+  chain postrouting @{
+    type nat hook postrouting priority srcnat; policy accept;
+    # Add your existing nat rules here...
+    iifname virbr0 ip daddr @{ 224.0.0.0/24, 255.255.255.255/32 @} return \\
+        comment \"don't masquerade to reserved address blocks\"
+    iifname virbr0 oifname != virbr0 masquerade \\
+        comment \"masquerade all outgoing traffic from VMs\"
+  @}
+@}
+"))))
+@end example
+
+Ensure that you have IPv4 forwarding enabled (you can use
+@code{sysctl-service-type} for this).
+
 @c *********************************************************************
 @node Advanced package management
 @chapter Advanced package management
-- 
2.48.1

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 13:00:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 09:00:38 2025
Received: from localhost ([127.0.0.1]:41489 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvySr-00047K-Fp
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:00:37 -0400
Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]:52610)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvySl-00046a-Qv
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:00:32 -0400
Received: by mail-pl1-x644.google.com with SMTP id
 d9443c01a7336-223fd89d036so55426505ad.1
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 06:00:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742648425; x=1743253225; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=xM44YmhufGYTRVrbq7xhndT4vieN9YH72DBqbg35Mao=;
 b=FtOio9hXjejqw+OsYpQmshXVueVp5U1KFk5R1exmv4njK3n4hcyxvE5GG1mjQQ/3Qj
 39htsZhVlpNhC8nGWur+XSQ5tOh8sdSUDc0QOmw0PTm4ANPSotWEKhqYNkr5gcD74UZ7
 JSiPTg5iK8B1r3TS7J2PCvE6gGB6BHeAsAZhoOMl9JjusKbzfDsPX96VBtbSnDDVDJc+
 6DE668HXgvE6OFkbSfkA5fIXC2TJvMjMwuyZStv4FSKmQ1t/XzFHL0B5oe540x4h69gV
 YyxnAU92jwvs8nkmuc7cfXssDZ3HCSq91K07GwzNlHGfs/9y8Y6VzG1n1VxGMJjH5qnR
 Dxxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742648425; x=1743253225;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=xM44YmhufGYTRVrbq7xhndT4vieN9YH72DBqbg35Mao=;
 b=BsiKsMQoBrHRxvnGjb18r50t1Cek+DBA86/UwAT0V6bOFzO9Ku8mY3PkMWGV1a5nw5
 /fXmsm8AY3ZGv4gonyzglrLI6gSal7zxR2kCkgz0RXTZIUK1YQOALdpOSLH8ggv5AHwo
 MRRBMJQj/elGB4OTtLxYmQoO0EeaLCCJ8N/8e7GZJBwMAOFil6A3sOI/uPpP6ge8w6FX
 2qQIkNzXQ+tLdjECCms07H+OQ8FjfPdXegE+vwoIoOtHZX5OtTl+Og7nrtDdxEzZ1yam
 9awjGsvmpIzINoeyLyXmVolYC90g1R5oxRS1cDw6PPrOGookU/S2mqS55TtlBhWwbimD
 O5zw==
X-Gm-Message-State: AOJu0Yw93/YwirjBKfGTbagjdA8O9JGOmv5SSKblpMbfH631NGEWsmDi
 Y/PzQ00uOGQVzOsclY+3ImetWP3YCoRflxSR/E/CNh1f1FqIjqUis8uzN9dt
X-Gm-Gg: ASbGncuuJ2tdwJaPeKrMDfBoaXNLXTpsgGhp8gj4ra2CtcO3TSlNeSVv7RSHFm94veA
 Kze0VOi3f8zArBZfckNgYqErB88ov08OXX9cL3d0tCc01IKDvPQ6icaaH3AhTzRe5fltAg97iY2
 tqnUByUa5I1bSosC6QTDQ7ElBITsylj7Rn5UPVxqGpJ4/VdVcys2RBoXADU838ogwldrnTlIxgt
 RT9VzbKwYSGKGErrpNLSkADWCttKJEcbMODN9AhiNUeE5A23tgqnUj1/AEnDpKddgfjiaVrznSW
 38s1eYylwgtSmUCK6t1C8q6REVle07uo0TaKXf2fAAZTVcuMKJhfwlj++tmAYqQeya0=
X-Google-Smtp-Source: AGHT+IFWNAMzlfgIbs9z2uL26DMFtMnJop2UnP28DcGu3eZ+HWlytgTuqMU18lsOrbfUmoxDbsdmbg==
X-Received: by 2002:a05:6a00:a20:b0:736:9fa2:bcbb with SMTP id
 d2e1a72fcca58-73905a27696mr13660326b3a.24.1742648425169; 
 Sat, 22 Mar 2025 06:00:25 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-73905fd5747sm4074838b3a.55.2025.03.22.06.00.23
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 06:00:24 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH v2 2/3] doc: cookbook: Clarify virtual network switches.
Date: Sat, 22 Mar 2025 18:30:12 +0530
Message-ID: <aa6bf44737145b1faeb333e089c55f9e8996b9b8.1742647810.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1742647810.git.45mg.writes@HIDDEN>
References: <cover.1742647810.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix-cookbook.texi (Virtual Machines): [Routed network for
libvirt] {Creating a virtual network switch}: Remove unnecessarily
noncommital language ("a few components/configurations, such as...").
Correct 'TUN interface', as bridges are currently used.  Add a link to
the libvirt Wiki for more information.

Change-Id: I6ffdeca8e4d32155c8cce547d4930bf1b0cb471b
---
 doc/guix-cookbook.texi | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index a0d148f469..9c56790edc 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -3897,14 +3897,19 @@ Routed network for libvirt
 
 @subsection Creating a virtual network switch
 
-A virtual network switch consists of a few components/configurations,
-such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq)
-and firewall rules (iptables).  The @command{virsh} command, provided by
-the @code{libvirt} package, makes it very easy to create a virtual
-switch.  You first need to choose a network subnet for your virtual
-switch; if your home LAN is in the @samp{192.168.1.0/24} network, you
-could opt to use e.g.@: @samp{192.168.2.0/24}.  Define an XML file,
-e.g.@: @file{/tmp/virbr0.xml}, containing the following:
+A virtual network switch consists of a virtual network device called a
+`virtual bridge', DHCP server (dnsmasq) and firewall rules
+(iptables). See the
+@url{https://wiki.libvirt.org/VirtualNetworking.html, libvirt Wiki
+article on Virtual Networking} for more details on the modes of
+operation, management and implementation of virtual network switches.
+
+The @command{virsh} command, provided by the @code{libvirt}
+package, makes it very easy to create a virtual switch.  You first need
+to choose a network subnet for your virtual switch; if your home LAN is
+in the @samp{192.168.1.0/24} network, you could opt to use e.g.@:
+@samp{192.168.2.0/24}.  Define an XML file, e.g.@:
+@file{/tmp/virbr0.xml}, containing the following:
 
 @example
 <network>
-- 
2.48.1

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 13:00:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 09:00:31 2025
Received: from localhost ([127.0.0.1]:41485 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvySk-00046s-Rc
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:00:31 -0400
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:47588)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvySi-00046J-9b
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 09:00:28 -0400
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-224341bbc1dso57236675ad.3
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 06:00:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742648422; x=1743253222; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ZgChfj3F3cEn1VpPV0MJyfH1r2JOulg3JfdvcbIm9xo=;
 b=iBCnjUyycvZcJZHqvqQuUKCuQagthzGBCaSxuw6IFDhhIQxjKXESacEc2YL95fX58W
 VTrMHDy0b9EZXaa/eT/Dy4+fApwn4h6eX6oRvY/u45+y0Ie50T5MwbklmUoFaMkhb2CL
 06iOEup6A2ONB/hA5bPsRO5rWT1BM7+afDNC2gdvfZwW4nSJo40LNOctqAY4pHKqczEl
 D3AuxKEjwFxKtCI4Mj0FdQcx8b/CLn6wpnis6vejRpOw/4GWzR0ufeVPeNfIimjWF70o
 5Sbqy9qqdFpjo2HNkI1gpBKG+AqInvsfNWY2Esp6DGjIK1jIaGD9pbW7HoVbUskH5f/m
 POtA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742648422; x=1743253222;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ZgChfj3F3cEn1VpPV0MJyfH1r2JOulg3JfdvcbIm9xo=;
 b=bzJbSaoQQBGle9wYVHIcusMvDPyRF/79fTf6mfwEzEHaZVXE3/8sT2W2SChDHglW++
 KKh6BpZrthMaGOKtWPvw1ikUgJpiIp4pol0Vp+OhqTsaLuBceBI7qyx99V2GJvlR46q4
 /Fl9ZCJEfH08dx1FNt9UkLaBjgXQYnXAYhnLTC4imfFg6d5kYe2kd3F9KbVieF2YazYZ
 KaNvNobRGJnhIsCxP/pY8F3eNs1P4GJ70IzsAoeDOj57/F2IxdGzjueOA28OsKlF3LZ2
 bMYPtXUXVbblm+nbdF+gOEQ3qiD/znLFjK1NmTFaYe/MRSgr5u2xAKPYp572xCEuKcFg
 TdNg==
X-Gm-Message-State: AOJu0YwDlP5gZAPd/H2bw6ydBy52P5SJjDQ7RKC40JwqfagtxcapSStB
 UNMCW3b3sNwubZnMoLBI/rr/OehWGXSl/8JsbRYN5YygGB1Wy3CDY00/wVna
X-Gm-Gg: ASbGnct3hYA3Q/5yu0bwsL7zSYQN1EHyvyQSr2kjaPinviAuJPh/EiPz/eEYD9/80oy
 WBwqqy1ZDRJ/a0ZRrQ2Q7b7gueZwx8LUP8kJCfNoanpnGyB8BmRg9OqJzeYSKgy0ieKKSF7Zesq
 S4X7g/7aaqwXneMoRzNl5/ZZTXGa8oGQwEL8l4nvpFQQCKRy55cKCY+myFCK8AjJ7zHcpUiq2zo
 PZBJo8LrLTzzfHdDb0K8WF3qg+ejSO1Y+pUvwZXkWwYuD7BwX384QtCJJ5VHqa3TB+y1KzR4JTc
 8frsIwgnk81xHipXP+T1NUsyXinqCw2lW6Ie6k5IZmtTVNEdLuP44ha54hD5+8oPPZY=
X-Google-Smtp-Source: AGHT+IGs3Q6Q26VSgfPCtFrK5zOhbSCR9kxusuu5GrLdzfInb2vKptms9VCWsTNumfg/ms1EzXj4mQ==
X-Received: by 2002:a05:6a00:2190:b0:736:a8db:93bb with SMTP id
 d2e1a72fcca58-7390596687bmr10339801b3a.5.1742648421758; 
 Sat, 22 Mar 2025 06:00:21 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-73905fd5747sm4074838b3a.55.2025.03.22.06.00.20
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 06:00:21 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH v2 1/3] doc: cookbook: Fix terminology for libvirt virtual
 network switches.
Date: Sat, 22 Mar 2025 18:30:11 +0530
Message-ID: <0f1ccdd705e4d3c5823ab8679ee8fa3f7b9a8d36.1742647810.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1742647810.git.45mg.writes@HIDDEN>
References: <cover.1742647810.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix-cookbook.texi (Virtual Machines) [Routed network for
libvirt]: Replace the term 'virtual bridge' with 'virtual network
switch'.  This is the term used by the libvirt Wiki to refer to the
combined setup of a 'virtual bridge' network interface, dnsmasq instance
bound to it, and firewall rules associated with it; 'bridge' is
ambiguous because it is sometimes used with this meaning, and sometimes
to refer specifically to the virtual network device called a 'bridge'.

Change-Id: Ibd10fe76321eb61e9ca23d8124634d1108d4faad
---
 doc/guix-cookbook.texi | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index d9b98a2ab3..a0d148f469 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -25,6 +25,7 @@
 Copyright @copyright{} 2023-2024 Ludovic Courtès@*
 Copyright @copyright{} 2023 Thomas Ieong@*
 Copyright @copyright{} 2024 Florian Pelz@*
+Copyright @copyright{} 2025 45mg@*
 
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License, Version 1.3 or
@@ -3879,29 +3880,29 @@ Routed network for libvirt
 @section Routed network for libvirt
 @cindex Virtual network bridge interface
 @cindex networking, virtual bridge
-@cindex libvirt, virtual network bridge
+@cindex libvirt, virtual network switch
 
 If the machine hosting your virtual machines is connected wirelessly to
 the network, you won't be able to use a true network bridge as explained
 in the preceding section (@pxref{Network bridge for QEMU}).  In this
-case, the next best option is to use a @emph{virtual} bridge with static
-routing and to configure a libvirt-powered virtual machine to use it
-(via the @command{virt-manager} GUI for example).  This is similar to
-the default mode of operation of QEMU/libvirt, except that instead of
-using @abbr{NAT, Network Address Translation}, it relies on static
-routes to join the @abbr{VM, virtual machine} IP address to the
+case, the next best option is to use a @emph{virtual network switch}
+with static routing and to configure a libvirt-powered virtual machine
+to use it (via the @command{virt-manager} GUI for example).  This is
+similar to the default mode of operation of QEMU/libvirt, except that
+instead of using @abbr{NAT, Network Address Translation}, it relies on
+static routes to join the @abbr{VM, virtual machine} IP address to the
 @abbr{LAN, local area network}.  This provides two-way connectivity to
 and from the virtual machine, which is needed for exposing services
 hosted on the virtual machine.
 
-@subsection Creating a virtual network bridge
+@subsection Creating a virtual network switch
 
-A virtual network bridge consists of a few components/configurations,
+A virtual network switch consists of a few components/configurations,
 such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq)
 and firewall rules (iptables).  The @command{virsh} command, provided by
 the @code{libvirt} package, makes it very easy to create a virtual
-bridge.  You first need to choose a network subnet for your virtual
-bridge; if your home LAN is in the @samp{192.168.1.0/24} network, you
+switch.  You first need to choose a network subnet for your virtual
+switch; if your home LAN is in the @samp{192.168.1.0/24} network, you
 could opt to use e.g.@: @samp{192.168.2.0/24}.  Define an XML file,
 e.g.@: @file{/tmp/virbr0.xml}, containing the following:
 
-- 
2.48.1

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 12:58:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 08:58:04 2025
Received: from localhost ([127.0.0.1]:41471 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvyQO-0003v0-AD
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:58:04 -0400
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:47154)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvyQJ-0003uS-3a
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:58:00 -0400
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-22401f4d35aso62098985ad.2
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 05:57:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742648272; x=1743253072; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=+ZQqCT8CMwqgcv9dDwF2+xFqpSHJNYPr4jiB7pM+u8I=;
 b=WgVa5LD01PtRy7RYJwoJhXHenHFeI/Kvtbo4HytHYjz0ONK5TZdGkrdYRwDnIiAQk+
 TErjmJYN8J+w4vr2pYXarEqUr8B3z1rt9BxWxs5zqUADdYnXi5RlyOrL6zCEvl/iJLcb
 36VsDxmdERURT/iMESTbbmwtSZ23CfUAAzFl24+XRA2bGo2Vhg2XUdgYYWLDbk3l4gBF
 BC6popJcYGlj6tfeOFMsexf//tKyqc8a0BxuKoJyFOvQjAldio8AxMPRjsQ7mT1h81zT
 18k4ZWn4KrtXANDwZUeIfYo1yduMPkwVCvVLC4yBovyzZf6bEJze/gPykkASdo7ZBZht
 q6xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742648272; x=1743253072;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=+ZQqCT8CMwqgcv9dDwF2+xFqpSHJNYPr4jiB7pM+u8I=;
 b=UmbCAYjBlaNY/HFISbK5W+Lw4eh0axzlGc3jHQPCxyM5N8y99G6c7ufs2yp4SoyXH1
 m41KdDiK1tx7z4Hh7O2uLy9QRIRiH5MwXuvJmYLjO51us96vnsfLvRQlm7IRL4o3kuBE
 VbeFd19IR44uZ/G5GtKE0yshDkGUNQwFifHosOE3iJBPuD8sjkZq9MWCotFYOgNeLGIY
 TjkhzhCC2h8d0zeVp51pzTDd7FoSCk0LYHDli2f3VwhxY7u/Zf7utXns/eF5nZtF6Y+J
 xoGgLY8SELgDyOXAGy5Sz1+ZPFUe37XX5w4txXyHtsnjJpflSLQztzcC36eg6UQLdlSV
 pfgA==
X-Gm-Message-State: AOJu0YzEyb9z6LaBecRyjDq2j2oai9OwcM15C4CWLbid+VkWLW+Zdxjh
 DtSKunB136HYqnVocieE+W6otXLNaFzzn0EbGfKF/meYeAvQq9gmvaaPqD0q
X-Gm-Gg: ASbGncsD6SQdS9M2cMfXf3dL2kcG9qI7vX7TOR8IrNxJjKeChYtqbajXVsRGi2hzi7A
 2pJnN7UjXtQO8OvhKWRtFIVLMob9qdny6mqvSs+Xl/YZi60JSwCb8i6od5knj+oaTZnObXrDr0e
 OL6vjA9p85CiyDNp3PkirIdf5BIqKTH2bjnQv4bWCYtV25bNIF61F9SV9f9gXzKq0rSyaNSq5qV
 Qj3MQ1tiMnDTZj8lmwcjVzpvLnVTKd6Tcq4CcZtCrJXwYl8FmFDX4wtPZSiwq/DWMwnBE4GAss4
 UE8L4JYS2Ax73YoLdKbtIQR/G9IqvKcJkH1+speFkFgvX/wp5i2+kvAPX0kIXfrKTzk=
X-Google-Smtp-Source: AGHT+IGhAQH6hzyv1UMMsreo6OBBrYBOd2Pzzpn4VOZLM9mZjAK7DUtnSViDpgEl4zmOMBfr1jTeqg==
X-Received: by 2002:a17:902:ccc3:b0:223:3396:15e8 with SMTP id
 d9443c01a7336-22780d9b9d4mr116226555ad.22.1742648272244; 
 Sat, 22 Mar 2025 05:57:52 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-227811da561sm34786385ad.185.2025.03.22.05.57.50
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 05:57:51 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH v2 0/3] doc: cookbook: Custom NAT-based libvirt networks.
Date: Sat, 22 Mar 2025 18:27:35 +0530
Message-ID: <cover.1742647810.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <cover.1742569449.git.45mg.writes@HIDDEN>
References: <cover.1742569449.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Changes from v1:
1/3:
- Added copyright.
- Modified commit message to include the discussed rationale for this change.
3/3: Addressed Maxim's review [1].
Unaddressed, pending items [2]:
- Link to libvirt networking handbook - keep, move, or ditch?
- What does 'stp_state' param for a bridge actually do?

[1] https://yhetil.org/guix/87y0wxia9h.fsf@HIDDEN/
[2] https://yhetil.org/guix/87frj570px.fsf@HIDDEN/

45mg (3):
  doc: cookbook: Fix terminology for libvirt virtual network switches.
  doc: cookbook: Clarify virtual network switches.
  doc: cookbook: Custom NAT-based libvirt networks.

 doc/guix-cookbook.texi | 162 +++++++++++++++++++++++++++++++++++++----
 1 file changed, 146 insertions(+), 16 deletions(-)


base-commit: 9eddd250b773043fcac5e7eaa4939e5a2d9940bd
-- 
2.48.1

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 12:21:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 08:21:00 2025
Received: from localhost ([127.0.0.1]:41382 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvxqW-0002EA-6q
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:21:00 -0400
Received: from mail-pj1-x1033.google.com ([2607:f8b0:4864:20::1033]:59760)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tvxqO-0002Dd-7b
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:20:58 -0400
Received: by mail-pj1-x1033.google.com with SMTP id
 98e67ed59e1d1-301918a4e3bso5340348a91.3
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 05:20:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742646045; x=1743250845; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=ABT5zkZg3k0r3B5nzgIH9NeN0ZQ8jFDfhJDmyu+tqzc=;
 b=aFwxQ3+0Gyb+RGdLDiQxxOdBohunbO6gYMNPCZMnOBlp88g66RxIOZIvFa+kVoEWd0
 TSbA84yGR89DKsx0b+/7bGw8UgTWR+L6tiKlzmaay7LGt2gS2WztQXLYeZ1H+MXDGGmO
 71PFtZ2EHPwiV8HuVZ5tiuvBRIfM0mdCXP8t8s/F1rAU3EBWc/IMFZlf3PL0gKUOHnc0
 Hp+MmBxgDLN+M6zaUTjYgQTKo++3W72ixPNFnN39HlCKPQG1yvRFTFUGfUA6QwH4GSTR
 74GCjJB7v3AI4jvTZXHt+uL1TP/J1jKPLoA3symC+WhZxYWLd2+rXPg/jyzX+TDky5/N
 kHHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742646045; x=1743250845;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=ABT5zkZg3k0r3B5nzgIH9NeN0ZQ8jFDfhJDmyu+tqzc=;
 b=SIjEx9RvSFkn2p7DHSsS7+KTCleRt2b+gL8X2Xu7ZghTrkV3mOQfpJRJo8ByBfMCAm
 8PoX9GlYtX464CRF+4AzLHsMFmvwi6GWT1hRVEge38xjL45CsimkPpcYgDGnts+IPpQ/
 SgFt6tfy+KGygaXtwdYgnaqQTjZUDjUMxBGrl42hDTCNY8rIkW+oC9I+2XZw75gWGMcL
 PS0m+OsczqkpJWse7k41PeIfQ9ZHz2jC5uEkZDOCzXkCGIUAjJEDmuDnxgTXtlD2ViT5
 jPRfPP3r9JIzozm9MxGU5WguhO4Erby/h4aTFGMw1nv92+PNQgFNCbovc2V+pv2St8a0
 6fnw==
X-Forwarded-Encrypted: i=1;
 AJvYcCX+TcXa7gSJ4lpTYQ2z8zEKc8frbPTIaCYQMZy0F88yn1En1DxP5idiZdwBEqzSgvJF6qgU2w==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YwXCmfPv8tEyAbHq7eVqybKBIZcSRPMCgw7HJEqNbD6mL+PWf5G
 AOVjoqk0hJrDbRWtYXHBKy8Td6FyRhYHvrCtCCVql0uTfq86Bw2usicadQ==
X-Gm-Gg: ASbGncv0KhG0FGXdlY6DdG9q67NU2wLPDu60LcwYwsEFX7DINaDkAOF3YvHmyT3FdTz
 08iqww9W3nYE8YNuxu/7u78wlGePfKflOpDNruUzt6MX2pkTnefJcsPK+AyF34EjCu+D6KGOHrt
 broSCZXny7DOUBQ7iO72CfwihsGm9O5MmZt6DLUPOnJHYfz9qglKuKuRh6u5raAhtJuc90VZPh+
 tHAX6GxHQscE/Xl8x9RIuk52WlETsQ6GKvnEzEqubJraR1QRVtTFvzKWkovEouarrD17mmFLbmc
 rUOvrTnIPJeE//Boq7+DjjPuG5K9U7OjpnusTCa3EyLUZ527S08G1Q==
X-Google-Smtp-Source: AGHT+IH2yPkdHYCicZOgdoK74Kxxz0d+9GhesYCUnl/EWZbVzVzIt/Ord/gamLPfmXtA2qGw2r7HzA==
X-Received: by 2002:a17:90b:54cf:b0:2ff:6fc3:79c3 with SMTP id
 98e67ed59e1d1-3030fe83a34mr11413178a91.9.1742646044903; 
 Sat, 22 Mar 2025 05:20:44 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-227811f4533sm34217785ad.206.2025.03.22.05.20.43
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 05:20:44 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 3/3] doc: cookbook: Document manual libvirt
 networking.
In-Reply-To: <87frj570px.fsf@HIDDEN> (45mg.writes@HIDDEN's message of
 "Sat, 22 Mar 2025 11:40:10 +0000")
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <60249f55cf80b1dbf41654728939cbc6e6bbcd4e.1742570314.git.45mg.writes@HIDDEN>
 <87y0wxia9h.fsf@HIDDEN> <87frj570px.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 21:20:30 +0900
Message-ID: <8734f5i7e9.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

[...]

> Sure, but first let's see if we can come to a consensus on the
> terminology here. See [1].

Our two people consensus has been achieved (I agree to use your 2 first
commits).  More people are welcome to weigh in, of course.

-- 
Thanks,
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 12:18:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 08:18:33 2025
Received: from localhost ([127.0.0.1]:41367 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvxo8-00024J-Ss
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:18:33 -0400
Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]:51444)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tvxo6-000245-OA
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:18:31 -0400
Received: by mail-pl1-x62e.google.com with SMTP id
 d9443c01a7336-223594b3c6dso65868455ad.2
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 05:18:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742645904; x=1743250704; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=nPDDnVyto218PEOwDcQ9gw62Z8VvHzTg4vMEiPI/iPM=;
 b=WpWUSQTzVaZisKxe0sCJxrK3pa/8Kneb2wfCUml+lcbzdBYR+e+/FaOPcZQZFM+pvK
 vAFRQgh85ZyeM2Kfk5aWmhgNFeUsni8LOLMuMZhLio/lECR7CYb1Ss7IiZpuikuMafKb
 y8aWzXIGFyduJe/NdbIP6vzq8Nr4dYdq3LVNJPpCqpY2PnXtBzeT0mIzRdsg8O4RFkFz
 cTRqg5tY/3DikFLra9C/MkRmy1Rd18npMAts0eDjEL+2wpO8SdB/mqacDo6hTgBiTUth
 lo2Jv9cJnnQocY/7iXDMDdvMORBIebHwYZ5MhWYX5LLTcRfjPWY8zvIYg9Y0FQjAva/X
 e7GQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742645904; x=1743250704;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=nPDDnVyto218PEOwDcQ9gw62Z8VvHzTg4vMEiPI/iPM=;
 b=V5V2djSX9yTZ4SQiR+PkzZD2/CmNe1VZVhIr9P//KeSnu1XSVODemJYh2GlhZINusi
 IDaWU6+IY/yRu9e1kcs9rkyTkw7qlRVX9UqWIfngLBqdGugzsyNgJJzG6ESERcwGJlm7
 atojOl/wDfocLmLNnJ3PomxUBl9ZjaNybS3USToJ42gXF6rzpY3BepEqwua9sutzgXXM
 ucPDPH/pXzNAwkIfjlADeNAUzg8tgjbkYXE/eaMwktnMcgicakRgIWEGtKhSCeZo1Z9J
 dYxL5dFEwTpiozzKpMOORRfyo+GYx7IMEXa1xfXTVC66fUneBT7ooeXuTUO6Xhuwi0pC
 1qSQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVj0d9ZBYJgKDM/d+TgpHVhavKAMGcxw8TBXQlrfKxp0JxBEZuw7m2/YY9yrMa/PzLgCsP9ZQ==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YyJ0NijE+CpR25yF+nTMhhO8PB6DX3iXTRhRq8QlDurB/YYxd3a
 DdTN8a74lQGmqgZm3PeljsSklRd3Mq+mtk3mG50CVxrFqme2xZuBTgFHbA==
X-Gm-Gg: ASbGnct4Fvp8G4hgz+03/1ByWoc9It/31abFi8zODpXhbKRts9IXhZdm4w6HcSGcu04
 WvWiBOzkvr5uRq5j2DZCrH1NTCKLHFoHFo9eG6T47nQTPpp7PWySCFFQh/cwisIMQnLZcu4cacA
 oOPfVEnIK8qywPOjZQ8N5FyItBj52aqGmbQVb8ILV33WCzfErFmwwALcgha2AaCaVDmREQd/Xaj
 Ij03VHxzzA1qk2XofBE2o1Pqngh7uQsLaltHQGHMihv6zaccuni9FgHBTaaFC13DfnntYE4D7S6
 wwBwcsRkAyktF/EyslBjA6UpILvs2Ndlh/Qp5JmgJAY=
X-Google-Smtp-Source: AGHT+IH+vRNNswiDIMew89LnAA3RSWtvhD0wPdxJd5qwONrIuRe/7jjZYTsFdG+RyfV2yYkaDFIQew==
X-Received: by 2002:a17:902:ec82:b0:21f:6fb9:9299 with SMTP id
 d9443c01a7336-22780d8bfe0mr112294345ad.27.1742645903891; 
 Sat, 22 Mar 2025 05:18:23 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22780f45e0fsm34352085ad.74.2025.03.22.05.18.22
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 05:18:23 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 2/3] doc: cookbook: Clarify virtual network
 switches.
In-Reply-To: <87iko171mn.fsf@HIDDEN> (45mg.writes@HIDDEN's message of
 "Sat, 22 Mar 2025 11:20:32 +0000")
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <c33ee214ac4d83bca43e2a51881a89dcd40a89f2.1742570314.git.45mg.writes@HIDDEN>
 <87bjttjx0r.fsf@HIDDEN> <87iko171mn.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 21:18:09 +0900
Message-ID: <877c4hi7i6.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

> Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
>
>> Hi,
>>
>> 45mg <45mg.writes@HIDDEN> writes:
>>
>>> * doc/guix-cookbook.texi (Virtual Machines): [Routed network for
>>> libvirt] {Creating a virtual network switch}: Remove unnecessarily
>>> noncommital language ("a few components/configurations, such as...").
>>> Correct 'TUN interface', as bridges are currently used.  Add a link to
>>> the libvirt Wiki for more information.
>>
>> I'm also not sure of the benefit here; we drop some words but refer the
>> user to an external wiki page instead, which seems worst to me.
>
> If you look carefully at the patch, you'll see that the dropping of
> words doesn't actually remove any information; it just makes the
> langauge a bit more definite and confident.
>
> As I mentioned in my previous message [1], the official libvirt
> documentation links to the Wiki, so it should be authoritative enough
> for our purposes. The information in that article there is especially
> relevant to the topic of this subsection, so I think it's worth having
> the link.

OK, I'm convinced.

-- 
Thanks,
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 12:16:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 08:16:42 2025
Received: from localhost ([127.0.0.1]:41363 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvxmM-00021C-10
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:16:42 -0400
Received: from mail-pl1-x629.google.com ([2607:f8b0:4864:20::629]:55417)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tvxmK-00020z-1D
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 08:16:40 -0400
Received: by mail-pl1-x629.google.com with SMTP id
 d9443c01a7336-2240b4de12bso31504675ad.2
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 05:16:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742645794; x=1743250594; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=iyNuG8Jcu/rIGYzC0ZZvMTdhlcMMGpvi3rRjada1Jfc=;
 b=HuoMm40WvpN6Q7tAvvXGc3clNXDlu3nWZbFLvuD47okzICR6W1pL4xbO4CJvikdwVE
 hcQep1T1sIZ4E4I4R0dQHlqVyKhNb56zPERZWTYfse++6k5obohvyivSWv4HisAvNoWu
 WbpSUDbVaWRJA/hV1VsaSShEwyiRkzGgWXRMIxcBIMCulcbMxElPfxfI7W63H8UYmk/9
 b4J7b0UG2V8tpV4BwDWgdTBDih8BluL32aXTSAswIJzo71RTgTRSxXLgvMiOczJotIIV
 nuQyKI/lXPpWPl4hbRinmVfbDfnL2z+N+Wha1JQxe9f8x7w0UYwxSLLNjbiyRaFIsPtx
 rv2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742645794; x=1743250594;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=iyNuG8Jcu/rIGYzC0ZZvMTdhlcMMGpvi3rRjada1Jfc=;
 b=KpZUb0HwRPILMr7nYulF/c1jBFqHTRwui2cZ01EyfSNwazmbQGX7sGkx535/ujLmMm
 rRkc62nXFg+Ix0C6Cd1dvIfErr3NHIgum5BtrAEZ0AcwjNU3HfvN0CK5eKKS3UfuSZPW
 LXydCXeAHQzRAwRHWi3/wJpCRRlifzbTqu6Os44DsveAzfb+oY8bbameTi9VrU4YIBWE
 176C7NeXrWJdaINNkFiaengO/pqT9oWW+uJwrZF35k+n3PtB76Grn8iuPT+a+wE6Glkq
 ZpeyZpC3Ma651n8CvEJW4Dav3gRIyCBmk1QKvAjwmP4otM176YS2InDVO303ETEnfT0g
 681A==
X-Gm-Message-State: AOJu0YwVb/X2un+zXEQrStOjcAFG0hB9HzE1nJjSMyCh5lwsSJ2KkOlX
 9y96Om/Xo2Q7sO1LAUb+KPSPfE5rhYbEtbrLZfb/uramZlSy9CLz
X-Gm-Gg: ASbGncuxxZCvYoRWXVJ+C/PP158IgrfmQLavMsq25blq8R9sUZJshOZx3GxB24K4f3M
 a0jIBcmdehbdzJe98QXPYSO19PmCqOYDLyiVRxU68Im3MWDxlLRDY4n8JJr+yeostu1ZrqEChzu
 uCykvuuvyzpzzCPSvM1JuCMQn208w0DLo5clt4gjeKooPQKjfU64zNZecfrgapKbGHG0noOwct8
 2dHsFpoSJaz/YIrRH/Ovoa53Nly6zEuBn7Kk1194yjlkhgZ15fOiLxk4CJbemGMU3HnuESdALOs
 NWGw0ByaGr+5km8CTARwJ+wAlEoUf4Vy7OdZ32XS0BRs6wq4UTRrKg==
X-Google-Smtp-Source: AGHT+IF3UsWit6+2ByPM5Zs6O+2QyNVd8loM3R+KDMxjRfyYZUCiIbVCP7CVzLQwUaZ3eGaEwOYJBw==
X-Received: by 2002:a17:902:f546:b0:21f:7a8b:d675 with SMTP id
 d9443c01a7336-22780c5233cmr103177155ad.4.1742645793720; 
 Sat, 22 Mar 2025 05:16:33 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-227811f43c6sm34221035ad.231.2025.03.22.05.16.32
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 05:16:33 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 1/3] doc: cookbook: Fix terminology for
 libvirt virtual network switches.
In-Reply-To: <87ldsx725q.fsf@HIDDEN> (45mg.writes@HIDDEN's message of
 "Sat, 22 Mar 2025 11:09:05 +0000")
References: <cover.1742569449.git.45mg.writes@HIDDEN>
 <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <87frj5jx89.fsf@HIDDEN> <87ldsx725q.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 21:16:19 +0900
Message-ID: <87bjtti7l8.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

> Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:
>
>> Hi,
>>
>> 45mg <45mg.writes@HIDDEN> writes:
>>
>>> * doc/guix-cookbook.texi (Virtual Machines): [Routed network for
>>> libvirt]: Replace the term 'virtual bridge' with 'virtual network
>>> switch'.  This is the term used by the libvirt Wiki to refer to the
>>> combined setup of a 'virtual bridge' network interface, dnsmasq instance
>>> bound to it, and firewall rules associated with it.
>>
>> I'm not sure 'switch' is clearer than 'bridge' in the context of
>> libvirt; and I doubt a wiki has much authority on the topic.  I find the
>> 'bridge' terminology most common on Linux, and it matches to options
>> documented in libvirt-related tools such as `man virt-install` from the
>> virt-manager package:
>>
>> --8<---------------cut here---------------start------------->8---
>>        bridge=3DBRIDGE
>>               Connect to a bridge device in the host called BRIDGE.  Use=
  this
>>               option  if the host has static networking config & the gue=
st re=E2=80=90
>>               quires full outbound and inbound connectivity to/from  the=
  LAN.
>>               Also use this if live migration will be used with this gue=
st.
>> --8<---------------cut here---------------end--------------->8---
>>
>> So I'm not convinced of the value of the proposed change.
>
> The idea is to use 'switch' to refer to "the combined setup of a
> 'virtual bridge' network interface, dnsmasq instance bound to it, and
> firewall rules associated with it", which is what libvirt creates from a
> 'virtual network' specified in an XML file.
>
> 'Bridge' is ambiguous because it is sometimes used with this meaning
> (for example, in the target of this patch), and sometimes to refer
> specifically to the virtual network device called a 'bridge' (as in your
> example). This quickly gets confusing; patch 3/3 in particular would be
> a lot more confusing if I didn't introduce a term to make the
> distinction.
>
> The Wiki should be authoritative enough for our purposes, given that the
> official documentation links to it. For example, from
> [libvirt: Network XML format](https://libvirt.org/formatnetwork.html):

OK.  I guess that now that I understand the fine distinction of using
'virtual switch' for the complete construction vs 'virtual bridge' for
the Linux-side implementation of one of its parts, that could make
sense.

I don't mind to keep it then, if you think it helps clarify the text.

--=20
Thanks,
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 11:40:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 07:40:25 2025
Received: from localhost ([127.0.0.1]:41238 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvxDE-0002jb-Hz
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:40:25 -0400
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:44427)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvxDB-0002hx-IA
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:40:22 -0400
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-223fb0f619dso59759785ad.1
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 04:40:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742643615; x=1743248415; darn=debbugs.gnu.org;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=4IboJa9WkF/yMqOloFv3C2FULrulHAYyOBmHWoABCa8=;
 b=BlqvMlLP29nAqgx89nsKHZGFMV9VcpquEidkGyyhpuPsPB+rHQM1LdD0HyAu6zPUrZ
 NeJc+n1rEm+m20yZsQnfBgZJQi8iU7FTdRgaao4xgzRy8mAEe+b8H/Cgx6CuXElhynyA
 Zwl+hiHcc7b7MFlJc4ovMPS+j2eg46xS54reei97DcyVN/L7pIq7elPtH+HFspdtwRp+
 MmmGZx0SDWz4EIXepaDlwaQVTANzdK/F3pCvYvBcuzNFGOhIa6Vipdldtdo8s4KhsmK5
 6SDEn952Fq4xfbZ1AdvaW0ifuzVu+p8uRfHdoVqUz1QR1bsBfk32Uc4JsOdYqubDqKtv
 4Y7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742643615; x=1743248415;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=4IboJa9WkF/yMqOloFv3C2FULrulHAYyOBmHWoABCa8=;
 b=QfSoMb6KU5kjzz9VgfAxrCct3MEfT8o6xWsG+zGRK1DYvjxXcAU8TXwuhNcil0hOXg
 KtWETV5KhweLDLeYHSD8ycUcMpL1g0KNg/jZSHZ4jBPeD+XhV0KBjDBGGx8DM2KKoVDz
 mGz8jljqczaMD9Fy9mUcVloAliOUlN1s7pHQYF+q4w6jGWEKLolBrFkTWAYetbq/a+lG
 3AqBueHvbIpN91FSI0sriNngwuKC2QazZ2BMj50tkj9bSO0TKowkdUCRUyV6wsio7T4B
 qSQjwP+cPe7mr+WRpUWN9RWRxlE5VtinK9cMpKR09gSDI0kykGYxvj7LVkyohuHbCaYT
 Ki2A==
X-Gm-Message-State: AOJu0Yz2ve1RolfVc4E1uf6JHL7YcqCan6tV11M6s2FD+mIvKC3Ge8zU
 IN7wKYDVomV96ze+THi2lI2X0/X6qkeC2MnZPEMWIP8rUxB2Wt/8nknzekZ0
X-Gm-Gg: ASbGnctbAKqrFfbfGMhkQGK61eQfeqQ4LaeQSvwBTd8BiFe0GIJzOjL8vqOlK2+xhno
 3pfggFN8uYzor8U8wBjPyc8P7mHaKB2jnUDOsWjUt3uj0QDIFfRr3kU63jSkfBSisz16cu+jV/i
 iCs0nVTTIW7y853X7pmmsHgsXHHuWeS33QvexhR55YZtGLD2jfQaD4EpNr29Yu3bcS1pXX/236P
 8jI2nItSywGfAD4xgLeoGT9yUwQiPL74ARa2xv60SpdRDIGSErWypZtFQJVXMAacFCCwZNKP8jg
 C0TesWiqLNJjITUmnM2KAXB4M+NHuZHgRMKOSfUfaPKq/c8gck/eA4dP
X-Google-Smtp-Source: AGHT+IHx0WYpITIf4j8V2+kT0gopJjgR2pJ6rw+mpEhoTway+hOQz2c9Zhak/iZSyFF+BUyoHCYYNA==
X-Received: by 2002:a05:6a20:7351:b0:1f5:6e00:14da with SMTP id
 adf61e73a8af0-1fe433195a3mr12921096637.40.1742643614952; 
 Sat, 22 Mar 2025 04:40:14 -0700 (PDT)
Received: from guix1 (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-73905fab1dcsm3817133b3a.4.2025.03.22.04.40.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 04:40:14 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 3/3] doc: cookbook: Document manual libvirt
 networking.
In-Reply-To: <87y0wxia9h.fsf@HIDDEN>
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <60249f55cf80b1dbf41654728939cbc6e6bbcd4e.1742570314.git.45mg.writes@HIDDEN>
 <87y0wxia9h.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 11:40:10 +0000
Message-ID: <87frj570px.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> Hi,
>
> 45mg <45mg.writes@HIDDEN> writes:
>
>> * doc/guix-cookbook.texi (Virtual Machines): [Manual libvirt
>> networking]: New section.
>
> Thanks for writing this.
>
>> Change-Id: Ice79c5dc8183ec694ac8b846a5ec88cb98cac9ff
>> ---
>>  doc/guix-cookbook.texi | 120 +++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 120 insertions(+)
>>
>> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
>> index 325b1d9c2a..338dba25be 100644
>> --- a/doc/guix-cookbook.texi
>> +++ b/doc/guix-cookbook.texi
>> @@ -3750,6 +3750,7 @@ Virtual Machines
>>  @menu
>>  * Network bridge for QEMU::
>>  * Routed network for libvirt::
>> +* Manual libvirt networking::
>>  @end menu
>>
>>  @node Network bridge for QEMU
>> @@ -3974,6 +3975,125 @@ Routed network for libvirt
>>  should work from within your VM; you can e.g.@: run @samp{ping gnu.org}
>>  to verify that it functions correctly.
>>
>> +@node Manual libvirt networking
>> +@section Manual libvirt networking
>
> Perhaps this should be named 'Custom NAT-based network', as in Jamie's
> handbook, as every other configurations also involve manual steps?

Ok, makes sense.

>> +
>> +As mentioned in the preceding section (@pxref{Routed network for libvirt}),
>> +libvirt allows virtual networks to be defined via XML files and managed
>> +by the @command{virsh} command.  The details of the creation and removal
>> +of virtual network switches are handled by libvirt, so the user does not
>> +have to deal with them.
>
> As discussed previously, I think it may be best to stick to our existing
> terminology of 'virtual bridge' instead of 'virtual switch'.

See previous message [1].

>> +However, libvirt's handling of virtual network switches can sometimes
>> +clash with more complex networking setups.  In particular, the iptables
>> +rules inserted by libvirt for switches operating in the NAT mode can
>> +clash with existing iptables/nftables rules, leading to insecure or
>> +broken packet filtering.
>> +
>> +In such cases, the only solution is to manually set up a virtual network
>> +switch.  This section will provide instructions on how to do so using
>> +Guix System services.
>> +
>> +This section is based on
>> +@url{https://jamielinux.com/docs/libvirt-networking-handbook/custom-nat-based-network.html,
>> +the corresponding section from the (unofficial) libvirt Networking
>> +Handbook}.  It should be noted that at the time of writing (March 2025),
>> +this resource had not been updated since 2015, and is therefore somewhat
>> +outdated.  In particular, the creation of a `dummy interface' is no
>> +longer necessary.
>
> I would drop this paragraph.  The other sections are also based on that
> same handbook.  It's up to us to extract the good bits and avoid the
> obsolete one and keep our own doc up to date :-).

We should probably link to it somewhere. It provides more explanation
and context for the steps listed in this and the other sections. And
just in principle, we should probably cite our sources. But it would be
irresponsible to do so without mentioning that parts of it are
outdated... hence that paragraph.

I'm open to linking it somewhere else in the Cookbook, though. Thoughts?

>> +@subsection Creating the virtual network bridge
>> +
>> +The @code{static-networking-service-type} can be used to create a
>> +virtual network bridge and assign an IP address to it:
>
> 'network bridge', hm? ;-)

Yes. We are referring specifically to a virtual network interface here.
The virtual network bridge is one component of the virtual network
switch.

>> +
>> +@example lisp
>> +(service static-networking-service-type
>> +         (list (static-networking
>> +                ;; The default provision is 'networking; if you're using any
>> +                ;; other service with this provision, such as
>> +                ;; `network-manager-service-type`, then you need to change the
>> +                ;; default
>
> Use complete sentences for line comments (i.e. add a terminating period
> above).

Ok.

>> +                (provision '(static-networking))
>> +                (links
>> +                 (list (network-link
>> +                        (name "virbr0")
>> +                        (type 'bridge)
>> +                        (arguments '((stp_state . 1))))))
>
> I've never seen this stp_state argument; is it useful?  Perhaps it
> deserves a comment.

I have no idea what it does, but I think I needed it for the bridge to
work? The handbook also includes it (`brctl stp virbr10 on`).

>> +                (addresses
>> +                 (list (network-address
>> +                        (device "virbr0")
>> +                        (value "192.168.10.1/24")))))))
>> +@end example
>> +
>> +@subsection Running dnsmasq for the virtual network bridge
>> +
>> +The @code{dnsmasq-service-type} can be used to provide DNS and DHCP for
>> +guests connected to this virtual network switch:
>> +
>> +@example lisp
>> +(service dnsmasq-service-type
>> +         (dnsmasq-configuration
>> +          ;; You can have multiple instances of `dnsmasq-service-type` as long
>> +          ;; as each one has a different provision
>
> Missing ending period.

Ok.

>> +          (provision '(dnsmasq-virbr0))
>> +          (extra-options (list
>> +                          ;; Only bind to the virtual bridge. This
>> +                          ;; avoids conflicts with other running
>> +                          ;; DNSMASQ instances.
>> +                          "--except-interface=lo"
>> +                          "--interface=virbr0"
>> +                          "--bind-dynamic"
>> +                          ;; IPv4 addresses to offer to VMs. This
>> +                          ;; should match the chosen subnet.
>> +                          "--dhcp-range=192.168.10.2,192.168.10.254"))))
>> +@end example
>> +
>> +@subsection Configuring NAT for the virtual network switch
>> +
>> +If you intend to use the virtual network switch in NAT mode, you will
>> +need to use nftables (or iptables) rules to set up IP masquerading.  The
>> +following example shows how to use @code{nftables-service-type} to do
>> +this:
>> +
>> +@example lisp
>> +(service nftables-service-type
>> +         (nftables-configuration
>> +          (ruleset
>> +           (plain-file "nftables.conf"
>> +                       "\
>> +table inet filter @{
>> +
>> +  chain input @{
>> +    type filter hook input priority filter; policy drop;
>> +    # Add your existing packet filtering rules here....
>
> s/..../.../

Ok.

>> +    iifname "virbr0" udp dport 67 counter accept comment "allow dhcp on virbr0"
>> +    iifname "virbr0" meta l4proto @{tcp, udp@} th dport 53 accept comment "allow dns on virbr0"
>> +  @}
>> +
>> +  chain forward @{
>> +    type filter hook forward priority filter; policy drop;
>> +    # Add your existing forwarding rules here....
>
> s/..../.../

Ok.

>> +    iifname "virbr0" accept comment "allow outbound traffic from virbr0"
>> +    oifname "virbr0" ct state @{established, related @} accept comment "allow established traffic to virbr0"
>> +  @}
>> +
>> +@}
>> +
>> +table inet nat @{
>> +  chain postrouting @{
>> +    type nat hook postrouting priority srcnat; policy accept;
>> +    # Add your existing nat rules here...
>
>
>> +    iifname "virbr0" ip daddr @{ 224.0.0.0/24, 255.255.255.255/32 @} return comment "don't masquerade to reserved address blocks"
>> +    iifname "virbr0" oifname != "virbr0" masquerade comment "masquerade all outgoing traffic from VMs"
>> +  @}
>> +@}
>> +"))))
>> +@end example
>
> I think the long lines (> 80 columns) may be a problem in PDF-rendered
> documentation, possible info as well.  It'd be better to break the long
> lines; perhaps possible via a backslash before the newline?
>
> Indeed, looking at 'man 8 nft', it says:
>
> --8<---------------cut here---------------start------------->8---
> INPUT FILE FORMATS
>    LEXICAL CONVENTIONS
>        Input is parsed line-wise. When the last character of a line,
>        just before the newline character, is a non-quoted backslash (\),
>        the next line is treated as a continuation. Multiple commands on
>        the same line can be separated using a semicolon (;).
> --8<---------------cut here---------------end--------------->8---

I'll look into it.

> Could you please send a v2 with the above requested changes?  I'd also
> drop the first two commits of this series and stick to 'virtual bridge'
> in this current one, for consistency and matching the vocabulaty the
> interfaces actually use.

Sure, but first let's see if we can come to a consensus on the
terminology here. See [1].

> Thanks for working on this!
>
> --
> Maxim

[1] https://yhetil.org/guix/87ldsx725q.fsf@HIDDEN/

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 11:20:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 07:20:44 2025
Received: from localhost ([127.0.0.1]:41114 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvwuB-000797-SS
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:20:44 -0400
Received: from mail-pl1-x641.google.com ([2607:f8b0:4864:20::641]:44330)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvwuA-00078v-5T
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:20:42 -0400
Received: by mail-pl1-x641.google.com with SMTP id
 d9443c01a7336-223fb0f619dso59611525ad.1
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 04:20:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742642436; x=1743247236; darn=debbugs.gnu.org;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=NQrFlGmYBNDyHXG5tY3xMNLA7LBX9AZ4LB0ZrQv32cU=;
 b=ES00uFDSq+O3lcfC2CSs9CE+oGAw7ZV6RaJIKhX710smo/J8oXM/9PZDYFTmm6/mGm
 7NWzB2Q1bcP7Ix7nKCeCewV6DNQv2XKHqsq9H13PkBaYNAXxrz+ljt8SRvyayeoR3TSm
 RCmUXSRw1CqqSfVqfEAsDNHN1JU9Ee6WvsUTpWtnmk/faoBEqq7OxZHnRsHPluZnt+oX
 wdAiUD0dsUPGiBlQVGjTg3h2d4q/15HtSv4ZNVdQQLQw/GhQibKfQXDj2BiOONVl15je
 QtS/9ZIWxtWIINmjNdLu0zdo+Zb/WlR+BTOCzbf6MSx53WNhUGevRUfiNJKSEbo4YzNM
 zbQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742642436; x=1743247236;
 h=mime-version:message-id:date:references:in-reply-to:subject:cc:to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=NQrFlGmYBNDyHXG5tY3xMNLA7LBX9AZ4LB0ZrQv32cU=;
 b=DV1IS/C8eKTAGjqh4pgItXBwkubg+wtF/uUazT3XztKjOfi+7NN9bRABNifFtsuHIg
 c1MwEExx2WzOX48O7G+ilvU8psrViEZVsH7lYs6SlyOt1oBFVn89Yg1G/tEZuJCSeR/g
 i+LuJpelzHehWL862jfx7TWEVECXePBgK3juGujjRxk60dKvp/suiEX46pLhalyioQ1O
 44Az11jYUUvNh+qT6R36JT2tfAto4vXxQSW/nanqNWjDdJYeN6lHZbg1M8+7G+ypwEf7
 G09hCYh83qPWgsiFkegiS0hgWcjlCh0+kqxJfA0v7egPV7LQwnOzP6F8fMX91kXqn9Ob
 uOog==
X-Gm-Message-State: AOJu0YwhIX37iHAwprG+GP+EZM/1Tzu91y1aUFPKHml1mycxfZtPMXQh
 3MQYakwQfs18gY85Wc9dkO2YowM3wOu/GmeVEYgtCK3UVAgr020C
X-Gm-Gg: ASbGncu55TJQWciYNSN1l9BFy8xwbl0UTHF8QRVN9dVz/+QYsIuc4fdDYkmaFWrEVFY
 VrBCVOS2Drd7Sfsf2jEC9bdex72nOlGnzgXjlDdcsj5RwF8hxZa0V8EPdYcASqaJuayIQjjqkZF
 +nSRkxv27W+FROcqykjHC/HEplHp9uI0VoYohm/sRgd4aQB1szWwjiWRDH9hug/FdqCRRYNLyQj
 xi5Meji8zZI+BVxGjjpD5luIjLqr7qOiwWT4L42fa9TZoSu7erfSC8nPU4NLo4MzHHHv25rgOLM
 kY/cdQxNQKuXaUknCqvoFVPI2z9RK6Q1NZCH/6sGOgHB7A==
X-Google-Smtp-Source: AGHT+IGgKYdzMB9SwJ/6ZRTKZTZ76D38IGfdRi+tu8MMBPV2uOy4OrwNaSq7p6iw8RjOiG7wj2GE2Q==
X-Received: by 2002:a05:6a00:99e:b0:736:a6e0:e66d with SMTP id
 d2e1a72fcca58-73905974b0emr8423756b3a.6.1742642436049; 
 Sat, 22 Mar 2025 04:20:36 -0700 (PDT)
Received: from guix1 (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-af8a2a24404sm3345960a12.51.2025.03.22.04.20.33
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 04:20:35 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 2/3] doc: cookbook: Clarify virtual network
 switches.
In-Reply-To: <87bjttjx0r.fsf@HIDDEN>
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <c33ee214ac4d83bca43e2a51881a89dcd40a89f2.1742570314.git.45mg.writes@HIDDEN>
 <87bjttjx0r.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 11:20:32 +0000
Message-ID: <87iko171mn.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> Hi,
>
> 45mg <45mg.writes@HIDDEN> writes:
>
>> * doc/guix-cookbook.texi (Virtual Machines): [Routed network for
>> libvirt] {Creating a virtual network switch}: Remove unnecessarily
>> noncommital language ("a few components/configurations, such as...").
>> Correct 'TUN interface', as bridges are currently used.  Add a link to
>> the libvirt Wiki for more information.
>
> I'm also not sure of the benefit here; we drop some words but refer the
> user to an external wiki page instead, which seems worst to me.

If you look carefully at the patch, you'll see that the dropping of
words doesn't actually remove any information; it just makes the
langauge a bit more definite and confident.

As I mentioned in my previous message [1], the official libvirt
documentation links to the Wiki, so it should be authoritative enough
for our purposes. The information in that article there is especially
relevant to the topic of this subsection, so I think it's worth having
the link.

[1] https://yhetil.org/guix/87ldsx725q.fsf@HIDDEN/

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 11:18:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 07:18:59 2025
Received: from localhost ([127.0.0.1]:41101 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvwsU-0006zr-E1
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:18:59 -0400
Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]:61529)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tvwsS-0006zc-1k
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:18:56 -0400
Received: by mail-pl1-x635.google.com with SMTP id
 d9443c01a7336-22580c9ee0aso58044995ad.2
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 04:18:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742642330; x=1743247130; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=D4EyYP/+YLaLwx5VwycT2PvJRN7dxlCO8PGhZ4pY12A=;
 b=bJSyKxamCtt+ekM5dJiPIKBiToZYl8iiXfXlFqlNcTC4fJKkfwAaz6zZUGCt9ROgTz
 wLXF3yUKpxtMfnBrPYcP1TUf2vpJA5WUwV469ruaxAOeIXNKAByKrxunfBpJR3bBaEA7
 /zbkd01K8YH4h1S6EA6GwKB7qNF6mfnnQo9Q8stXLgIQg79M/P9HDKgXPeEoPW8GaIPm
 souljeZ0K+rvc/ktfboYVzjNQaFf1PY52sI9uGQIk4hnzbetFoNeLwcKJTQt+ywgNBOS
 V5g3FjD5m9u03k3D6JZadLbEnOEUAMAw6qcIv4Kn8MetIlbRIXHJCaDMG9rGhjv2mbbO
 6cwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742642330; x=1743247130;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=D4EyYP/+YLaLwx5VwycT2PvJRN7dxlCO8PGhZ4pY12A=;
 b=Jr2zkRrQK1sNilX5LShv2dXbQck0T7uAmrJk6vawBtDEDUowN7tggWy3VhyRnK3TML
 SIZ+JKkU0CWkmM7ajNtRGZfYjZyzT95IRoX04Vsyq/WBzGxJ5Cz6mqCmY7z9YOkFvAsh
 PbsrxnhOMeV7JoWVLu5W1h2T1dnomJTMGvGgr9fNhUYPZhmmaW6DXQvyxeceZdZ8RunK
 l9zKHXswDBQrQjup0V6yQ7JZFgW619yV8IUBNQZ6ogG2iPm/MxIm1aVJm1hb0J56ahAA
 FXz8xLQ/SV63LI802ImzdPGjiR6tu99138G1+11EyfEB2MbbtZqDUgAsCIo3o3/G+tx/
 FinQ==
X-Gm-Message-State: AOJu0YxUAGzdv8b1xjsi8smBUqt95S5sRvBwjdxfEvL0VseKrykaGwdR
 ZAtDOzQ0CKiesV/HRrfNvwYFDrzGaFI/UhxOgpTqEsBh8vZWnUur
X-Gm-Gg: ASbGncurG2IcFrq1efJ9fx3e2IIod96cQtg7adDX9Gv1YhpLwIoUbRXL3gdd2fjgP4k
 1W5GdJwNHjd9FxmMDm338dzM5Fb/YsfXWi41JRJ0vAAV0D6j1cDwRWrBfeVEdeLEg2EZV4E06+T
 W4K6ZIVO2rYJAC2CBhjIRrvhEbvfX4bNSxPjVm1AknnzG+RuZyIW9dv6J0T+47jVQ2D/yFENqLg
 ijiRmdC/wxcBrt8ac0Agz6QwWX5AcJmqAqb5mg7qLStp8swRKvVuA4Zbf40qErrr2dPBXSoq1rX
 iptngoEsVZx8r+SFCljXn6K5A2XVLrS/23JdGo1u4D4=
X-Google-Smtp-Source: AGHT+IH6o4RSDNQVoT8ypuCmzzLZGOMn4fjwETh5PnAS0tqsj2HVV209q45+fXlJLYEewJINi4FtHg==
X-Received: by 2002:a05:6a20:729a:b0:1f5:7d57:8322 with SMTP id
 adf61e73a8af0-1fe4342d010mr11797482637.26.1742642329589; 
 Sat, 22 Mar 2025 04:18:49 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7390618de84sm3915571b3a.171.2025.03.22.04.18.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 04:18:49 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 3/3] doc: cookbook: Document manual libvirt
 networking.
In-Reply-To: <60249f55cf80b1dbf41654728939cbc6e6bbcd4e.1742570314.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Fri, 21 Mar 2025 20:52:00 +0530")
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <60249f55cf80b1dbf41654728939cbc6e6bbcd4e.1742570314.git.45mg.writes@HIDDEN>
Date: Sat, 22 Mar 2025 20:18:34 +0900
Message-ID: <87y0wxia9h.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

> * doc/guix-cookbook.texi (Virtual Machines): [Manual libvirt
> networking]: New section.

Thanks for writing this.

> Change-Id: Ice79c5dc8183ec694ac8b846a5ec88cb98cac9ff
> ---
>  doc/guix-cookbook.texi | 120 +++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 120 insertions(+)
>
> diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
> index 325b1d9c2a..338dba25be 100644
> --- a/doc/guix-cookbook.texi
> +++ b/doc/guix-cookbook.texi
> @@ -3750,6 +3750,7 @@ Virtual Machines
>  @menu
>  * Network bridge for QEMU::
>  * Routed network for libvirt::
> +* Manual libvirt networking::
>  @end menu
>  
>  @node Network bridge for QEMU
> @@ -3974,6 +3975,125 @@ Routed network for libvirt
>  should work from within your VM; you can e.g.@: run @samp{ping gnu.org}
>  to verify that it functions correctly.
>  
> +@node Manual libvirt networking
> +@section Manual libvirt networking

Perhaps this should be named 'Custom NAT-based network', as in Jamie's
handbook, as every other configurations also involve manual steps?

> +
> +As mentioned in the preceding section (@pxref{Routed network for libvirt}),
> +libvirt allows virtual networks to be defined via XML files and managed
> +by the @command{virsh} command.  The details of the creation and removal
> +of virtual network switches are handled by libvirt, so the user does not
> +have to deal with them.

As discussed previously, I think it may be best to stick to our existing
terminology of 'virtual bridge' instead of 'virtual switch'.

> +However, libvirt's handling of virtual network switches can sometimes
> +clash with more complex networking setups.  In particular, the iptables
> +rules inserted by libvirt for switches operating in the NAT mode can
> +clash with existing iptables/nftables rules, leading to insecure or
> +broken packet filtering.
> +
> +In such cases, the only solution is to manually set up a virtual network
> +switch.  This section will provide instructions on how to do so using
> +Guix System services.
> +
> +This section is based on
> +@url{https://jamielinux.com/docs/libvirt-networking-handbook/custom-nat-based-network.html,
> +the corresponding section from the (unofficial) libvirt Networking
> +Handbook}.  It should be noted that at the time of writing (March 2025),
> +this resource had not been updated since 2015, and is therefore somewhat
> +outdated.  In particular, the creation of a `dummy interface' is no
> +longer necessary.

I would drop this paragraph.  The other sections are also based on that
same handbook.  It's up to us to extract the good bits and avoid the
obsolete one and keep our own doc up to date :-).

> +@subsection Creating the virtual network bridge
> +
> +The @code{static-networking-service-type} can be used to create a
> +virtual network bridge and assign an IP address to it:

'network bridge', hm? ;-)

> +
> +@example lisp
> +(service static-networking-service-type
> +         (list (static-networking
> +                ;; The default provision is 'networking; if you're using any
> +                ;; other service with this provision, such as
> +                ;; `network-manager-service-type`, then you need to change the
> +                ;; default

Use complete sentences for line comments (i.e. add a terminating period
above).

> +                (provision '(static-networking))
> +                (links
> +                 (list (network-link
> +                        (name "virbr0")
> +                        (type 'bridge)
> +                        (arguments '((stp_state . 1))))))

I've never seen this stp_state argument; is it useful?  Perhaps it
deserves a comment.

> +                (addresses
> +                 (list (network-address
> +                        (device "virbr0")
> +                        (value "192.168.10.1/24")))))))
> +@end example
> +
> +@subsection Running dnsmasq for the virtual network bridge
> +
> +The @code{dnsmasq-service-type} can be used to provide DNS and DHCP for
> +guests connected to this virtual network switch:
> +
> +@example lisp
> +(service dnsmasq-service-type
> +         (dnsmasq-configuration
> +          ;; You can have multiple instances of `dnsmasq-service-type` as long
> +          ;; as each one has a different provision

Missing ending period.

> +          (provision '(dnsmasq-virbr0))
> +          (extra-options (list
> +                          ;; Only bind to the virtual bridge. This
> +                          ;; avoids conflicts with other running
> +                          ;; DNSMASQ instances.
> +                          "--except-interface=lo"
> +                          "--interface=virbr0"
> +                          "--bind-dynamic"
> +                          ;; IPv4 addresses to offer to VMs. This
> +                          ;; should match the chosen subnet.
> +                          "--dhcp-range=192.168.10.2,192.168.10.254"))))
> +@end example
> +
> +@subsection Configuring NAT for the virtual network switch
> +
> +If you intend to use the virtual network switch in NAT mode, you will
> +need to use nftables (or iptables) rules to set up IP masquerading.  The
> +following example shows how to use @code{nftables-service-type} to do
> +this:
> +
> +@example lisp
> +(service nftables-service-type
> +         (nftables-configuration
> +          (ruleset
> +           (plain-file "nftables.conf"
> +                       "\
> +table inet filter @{
> +
> +  chain input @{
> +    type filter hook input priority filter; policy drop;
> +    # Add your existing packet filtering rules here....

s/..../.../

> +    iifname "virbr0" udp dport 67 counter accept comment "allow dhcp on virbr0"
> +    iifname "virbr0" meta l4proto @{tcp, udp@} th dport 53 accept comment "allow dns on virbr0"
> +  @}
> +
> +  chain forward @{
> +    type filter hook forward priority filter; policy drop;
> +    # Add your existing forwarding rules here....

s/..../.../

> +    iifname "virbr0" accept comment "allow outbound traffic from virbr0"
> +    oifname "virbr0" ct state @{established, related @} accept comment "allow established traffic to virbr0"
> +  @}
> +
> +@}
> +
> +table inet nat @{
> +  chain postrouting @{
> +    type nat hook postrouting priority srcnat; policy accept;
> +    # Add your existing nat rules here...


> +    iifname "virbr0" ip daddr @{ 224.0.0.0/24, 255.255.255.255/32 @} return comment "don't masquerade to reserved address blocks"
> +    iifname "virbr0" oifname != "virbr0" masquerade comment "masquerade all outgoing traffic from VMs"
> +  @}
> +@}
> +"))))
> +@end example

I think the long lines (> 80 columns) may be a problem in PDF-rendered
documentation, possible info as well.  It'd be better to break the long
lines; perhaps possible via a backslash before the newline?

Indeed, looking at 'man 8 nft', it says:

--8<---------------cut here---------------start------------->8---
INPUT FILE FORMATS
   LEXICAL CONVENTIONS
       Input is parsed line-wise. When the last character of a line,
       just before the newline character, is a non-quoted backslash (\),
       the next line is treated as a continuation. Multiple commands on
       the same line can be separated using a semicolon (;).
--8<---------------cut here---------------end--------------->8---

Could you please send a v2 with the above requested changes?  I'd also
drop the first two commits of this series and stick to 'virtual bridge'
in this current one, for consistency and matching the vocabulaty the
interfaces actually use.

Thanks for working on this!

-- 
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 11:09:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 07:09:34 2025
Received: from localhost ([127.0.0.1]:41061 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvwjO-0003V9-GD
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:09:34 -0400
Received: from mail-pl1-x644.google.com ([2607:f8b0:4864:20::644]:53349)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tvwjB-0003UX-9J
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 07:09:21 -0400
Received: by mail-pl1-x644.google.com with SMTP id
 d9443c01a7336-2239c066347so65952865ad.2
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 04:09:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742641755; x=1743246555; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=7KETsv0AfSMBvR6QIroy/X6B4mr8L1EgSQt+fuSjVsQ=;
 b=Fw9VQYeNuVhxsrmHsi0cVNu+hbZUDF3EE6B24pEPqvgzV50SmXpBbLltNQaOcnEdKU
 7tN1/5eMa/BrTIR0vpCFOy/3xP5kVSDGvoX5zmDbwCEJiXSik0IYl76NqC/B2QjvBCxu
 J3kxZ/bql6EqsKCw1SXN0QolIuguOyE5tIEn8o4VkaYvc7umL8sR9sIx8V6c0vfxePPG
 2zJgGmWsX4D3rK+592ZPCizQ4Me+8xKQ+mDzz1smJ+aW2Pllb9H5FwXagPLtcYHfvOIK
 xmUKrigr0SSVvjzzeXJHI3BKtbeNU3NWA0sDjPD9yaN5fQmwPwpOBXGsXCSbLMMVFZPG
 U8Vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742641755; x=1743246555;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=7KETsv0AfSMBvR6QIroy/X6B4mr8L1EgSQt+fuSjVsQ=;
 b=U6BiIUS5ZsfPEO+XSkXYvZ6L2LAF17RxNZsh2Rw029+Lt2NsIrHg6B1EyJuJJx0JxC
 N+UVKT0It3au7/cSlXIfjiLXstksw4K/rIFsiemN8Eqnu0xTdGajln4A4TLDWNJT9B1V
 t4HLeLxdpMtGQHX2ytGD9KQjF/eCQcz/go9nAjSj1d8HJwFWbesb+RlkNF2aAS6tbQSu
 AVJjuD2kNFSZoBC5xbwDU+jNjUCV8v5A1T+QYrh8I+94j0tyAsRKcSOvVx7U6UaC1Ltr
 a5vQuISRN8sUPxqoYRbWZbNpQWSkNLFXz3SgGU/qs6tb4Ifjh5rK/edHmRBZI2LZ5L2P
 0WtQ==
X-Gm-Message-State: AOJu0YxVp3iOJ+XKzKKBpB5054O+3WHXvOcYCHaL83QNmwxjyuJJ+QAV
 FfBR6jU2BJWNyw93w7iyVsimvdJ9S53rF7HMg0q/eSakXE6j5krD
X-Gm-Gg: ASbGnctjN5ElBMX0a+ubD+2pa5/FHtL8bLXtaejSJV50yxSf6y8lpn3n7WK+rURO5cd
 XI/O7z5jsKbEeqPp+NI2rF0YUumL/WKyWlfYHGYIeZmIMTzB4ENy6pu/q4R2wIIFhtWe8NtcJFv
 aizpI9+AMM7/phAzWrOmEZiFlsf142b3mUFkYncR4bEqzCYrOAYyd37xDpABrLiAoWiE2GgvdXD
 MaIFOAdFwznjMgdHX0IWRA+ARA/VJyTzWszyUNb9zBQznsj2Xrx4pdMKPjbvTHeA+eIxyZO+vcu
 Ab51Caea5ZvQiiAoNK2X++3MdFDCwrY4Vnp5dbAmMI5YeQ==
X-Google-Smtp-Source: AGHT+IH8P5k/LDodHXAD9sHitjYxpRmYdxB1YOwjPwFCxel4dpDezAYWLYYDsrIsJrSNpgnpM12rLQ==
X-Received: by 2002:a05:6a00:2291:b0:736:2d84:74da with SMTP id
 d2e1a72fcca58-73905999f58mr10454609b3a.10.1742641754815; 
 Sat, 22 Mar 2025 04:09:14 -0700 (PDT)
Received: from guix1 (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-73905fa3f72sm3766512b3a.31.2025.03.22.04.09.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 04:09:14 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>, 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 1/3] doc: cookbook: Fix terminology for
 libvirt virtual network switches.
In-Reply-To: <87frj5jx89.fsf@HIDDEN>
References: <cover.1742569449.git.45mg.writes@HIDDEN>
 <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <87frj5jx89.fsf@HIDDEN>
Date: Sat, 22 Mar 2025 11:09:05 +0000
Message-ID: <87ldsx725q.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Maxim Cournoyer <maxim.cournoyer@HIDDEN> writes:

> Hi,
>
> 45mg <45mg.writes@HIDDEN> writes:
>
>> * doc/guix-cookbook.texi (Virtual Machines): [Routed network for
>> libvirt]: Replace the term 'virtual bridge' with 'virtual network
>> switch'.  This is the term used by the libvirt Wiki to refer to the
>> combined setup of a 'virtual bridge' network interface, dnsmasq instance
>> bound to it, and firewall rules associated with it.
>
> I'm not sure 'switch' is clearer than 'bridge' in the context of
> libvirt; and I doubt a wiki has much authority on the topic.  I find the
> 'bridge' terminology most common on Linux, and it matches to options
> documented in libvirt-related tools such as `man virt-install` from the
> virt-manager package:
>
> --8<---------------cut here---------------start------------->8---
>        bridge=3DBRIDGE
>               Connect to a bridge device in the host called BRIDGE.  Use =
 this
>               option  if the host has static networking config & the gues=
t re=E2=80=90
>               quires full outbound and inbound connectivity to/from  the =
 LAN.
>               Also use this if live migration will be used with this gues=
t.
> --8<---------------cut here---------------end--------------->8---
>
> So I'm not convinced of the value of the proposed change.

The idea is to use 'switch' to refer to "the combined setup of a
'virtual bridge' network interface, dnsmasq instance bound to it, and
firewall rules associated with it", which is what libvirt creates from a
'virtual network' specified in an XML file.

'Bridge' is ambiguous because it is sometimes used with this meaning
(for example, in the target of this patch), and sometimes to refer
specifically to the virtual network device called a 'bridge' (as in your
example). This quickly gets confusing; patch 3/3 in particular would be
a lot more confusing if I didn't introduce a term to make the
distinction.

The Wiki should be authoritative enough for our purposes, given that the
official documentation links to it. For example, from
[libvirt: Network XML format](https://libvirt.org/formatnetwork.html):
> This page provides an introduction to the network XML format. For
> background information on the concepts referred to here, consult the
> relevant wiki page.

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 08:22:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 04:22:03 2025
Received: from localhost ([127.0.0.1]:40747 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvu7H-0004N6-0n
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 04:22:03 -0400
Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]:55796)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tvu7F-0004MX-LA
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 04:22:02 -0400
Received: by mail-pl1-x633.google.com with SMTP id
 d9443c01a7336-224171d6826so26960685ad.3
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 01:22:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742631716; x=1743236516; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=GQB3wvdIdoQQ+7/2/8+VZBrLfxGbSsS1a029rHEGpI4=;
 b=a0Pu5C0vCygvAwSTwzEN77BuxHRStjxixa17a0igwfb5C7PTaNOKmjbrGgtC7omMTf
 Xmdb/kKClfkllOcn4Tngcj+bfpoFSYprSmAZcSARryzVEcZ+4rFrdkUJqMtvS17bCP4Q
 eJwmW1rMfEsaqlvWes9y2FeTL8dCqrsyQDcYUOUQb4qRUiJsYqtDq/xFtqd7CxTWeRmX
 NzKL/9Uknm6k14KtKSzdThCDybPnrClw6XnH9Bf8Yc7bbOj0zSEZm2wyIKtrZhLkRZJ8
 Aca+cU+IKt1Ht1pbYMeTn7e5jeRZvFx0xh0y0LEksaECFHRV2zbq7hkqp12Z87y3DLci
 iBEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742631716; x=1743236516;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=GQB3wvdIdoQQ+7/2/8+VZBrLfxGbSsS1a029rHEGpI4=;
 b=UzRNL4R0u1L1zMH+xnBjdjGGm2MLZMg4vB3chHK3aUmET6RFJscEMkhEOYe92MQgHX
 JNnGB86Ch4tQ7cgZAENOUA087Gy2y9dTmJckP4JuxQjsMKe3NvFQVrNIOk/SvB2fG9PE
 yHxrnugHryUrbpsHhE4NRd75tUGNQ+EXFRvtjnY5vb5u3bTrlDYrxN6TH6TlaZNPNGrq
 y7g4KozgcGPj7KMIh1CD9R0mcgEHLmMrZejx/aKCCT89ofCRmHHzrYLu3MF+oJ7vZuZf
 m6X+bMQybJcwHyLzyC2h4kp7rQMsV4IFwMOELvCLduap7vTgNjW2aU28mLOro8MHMHfj
 sJAQ==
X-Gm-Message-State: AOJu0Yzxa6/stbRk1wjGXosPgHnlX5LnDXK5Db0fiACeLGnKJjXH+bNe
 L0sKysrupy61hRiPVTi9jvhmxsGabnXzSDGEjGwg8Ygrg8YtYh5e
X-Gm-Gg: ASbGncvO5qI5HpSDh3meoaVzNtyaHJ5wvk/EYLuZjAHpMgP1trSaioO8J7vC1Dp6u1Q
 apYdgCs3rgggl0Yd5Q1IAL83amPL+VeonGmI5nHBh0ygYkLYKX1g/RTe9ngBZ7n8I81cKE0yd9y
 bCdoV7qpHavM7Z5wynpZJxaLk/FerQCFdf0ZhKrVEpTJnHd56JEt1it5a5kkt7zF++FvF+x0KLB
 6Hy1X3m5VR083biL1OcxY9Joi+TpBTv7qSTUi85KT/dhiLcAFIF/I8vQA4glH3zpECBPeFQ9dXZ
 28yZHC43mo1kTFisM5schZYXHbwyIm85Eq/NbQn2AGM=
X-Google-Smtp-Source: AGHT+IFY9zyyf2DKdDpUnC5ECTVXKHA8PhyniN89BQNm3ph4vwh+acS6MMgC8QaT08g5FTCQCMUqeQ==
X-Received: by 2002:a17:902:ef02:b0:220:be86:a421 with SMTP id
 d9443c01a7336-22780e14e9cmr114364475ad.38.1742631715626; 
 Sat, 22 Mar 2025 01:21:55 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22780f4579asm30595415ad.60.2025.03.22.01.21.53
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 01:21:54 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 2/3] doc: cookbook: Clarify virtual network
 switches.
In-Reply-To: <c33ee214ac4d83bca43e2a51881a89dcd40a89f2.1742570314.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Fri, 21 Mar 2025 20:51:59 +0530")
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 <c33ee214ac4d83bca43e2a51881a89dcd40a89f2.1742570314.git.45mg.writes@HIDDEN>
Date: Sat, 22 Mar 2025 17:21:40 +0900
Message-ID: <87bjttjx0r.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

> * doc/guix-cookbook.texi (Virtual Machines): [Routed network for
> libvirt] {Creating a virtual network switch}: Remove unnecessarily
> noncommital language ("a few components/configurations, such as...").
> Correct 'TUN interface', as bridges are currently used.  Add a link to
> the libvirt Wiki for more information.

I'm also not sure of the benefit here; we drop some words but refer the
user to an external wiki page instead, which seems worst to me.

-- 
Thanks,
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 22 Mar 2025 08:17:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 22 04:17:33 2025
Received: from localhost ([127.0.0.1]:40736 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tvu2u-00049U-Uh
	for submit <at> debbugs.gnu.org; Sat, 22 Mar 2025 04:17:33 -0400
Received: from mail-pl1-x633.google.com ([2607:f8b0:4864:20::633]:58616)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
 id 1tvu2t-00049F-Bd
 for 77153 <at> debbugs.gnu.org; Sat, 22 Mar 2025 04:17:31 -0400
Received: by mail-pl1-x633.google.com with SMTP id
 d9443c01a7336-2264aefc45dso32905245ad.0
 for <77153 <at> debbugs.gnu.org>; Sat, 22 Mar 2025 01:17:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742631445; x=1743236245; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=TieKTQ4IQJnvt8ArhyM+/fYck7EjpIBOTKVsupL7+j4=;
 b=NDvsZJUc5piHlJNBJ8BYRYHOopVXRJxg4bXOo8krwLbffv16xSP3zG03kr5uiT8DO0
 jo+qLt6V8NG8y5dKKHbwCZOdIhQ0D/45OwcVQJ6+XEOYQoFz/RKuLzyotFpn0gjh8yxw
 Kx0m4szhsS54IvkWyGu4J95VUlMUOEmfRPMB7TpdvihL+7dU06bnYd2//ufa8s7f2SBv
 9NdpoHtwvbLzVG0CPTBrZSqy6yzcIRLMrkpyTMvgiEqRne+3kBJEXXU5W+TYdIZzyg6Q
 jmnSmiA/kq6/Smo4AGtrW2d8Rfj5L9SCVfEccpAsQ4AL6R6eAE1pxRroIPGYhmUaKTVD
 dPpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742631445; x=1743236245;
 h=content-transfer-encoding:mime-version:user-agent:message-id:date
 :references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
 :to:cc:subject:date:message-id:reply-to;
 bh=TieKTQ4IQJnvt8ArhyM+/fYck7EjpIBOTKVsupL7+j4=;
 b=sm5qsS1K+QDK9u9E5tWENfIjWiQhx7iaYoUc232n5697SrmFX6PmkTk9d4mo5oqBCz
 mr/9UWF0WEEVYrQ3aT+Cb4DGksNRyxNgf3Z+S+Cbv/imziVb1BJq22UR9ipVLIFx3PMb
 9h1W+drQiPw2bzNHQzlgJcAwJ8LyX6rF52FD2HsfIfjbvd23OSwBvvekXgapVDJc/ty1
 2o9zNTnFA5ir2O2ikQlgJZIbMyB9HSVjWJ1ZS6uY/scMfSJl1hFRzONDA80JBV0YrllB
 6kSlpdwrPBkGdyvwirNYL+yv1aXMJyFe1eNfZto9r+APXgBt3JZJSVSvCRCZv9BO+D+D
 hbzw==
X-Gm-Message-State: AOJu0YzXz5kTAmv9FaYifwee8dT7UD7BmecZqQcbzK1fm8AujsIIxKxN
 0YywmwLfuDBLz14LxsEzkKqGOXVWWFwygnxgaEZTTWzls8rEfTmJ
X-Gm-Gg: ASbGncsX7mQZSxbo5rkYh79mXkdNDEtK8L83GRmbETpcSvLjabBrXmLiEu3So5Hymm0
 KBl2jyVJdtqRvk/dyDitF830jM8tMNFSYMl2XmhRpzGBAfdWAqO6I7AnqxAxmWSSaMlRprWfE7w
 F8z934+ivOWcEvyLgJf9dNMbH6o/eaPt11kEW8dUgVrx+6OnmJYE73iOBUZifx+aXq9mBP6Gwzy
 Kdkd79UiNWtA2Ra69CIq1bXalVFKgjSGPih4r5H1sWEt0mdF1m2OXR/mbQFnT7VBo1kYTGvjuBx
 DjpEyn5/3F4Td4YYJTu5ck93/Eij+McTYRY5wk0b25A=
X-Google-Smtp-Source: AGHT+IEVJVDpig09z/69vmAokRm7wRHuXqNr1DgFBvlye4k2XJj6oom9xQoHGF90NJ3zVKtOGWyQYQ==
X-Received: by 2002:a05:6a00:130f:b0:736:a8db:93b4 with SMTP id
 d2e1a72fcca58-739059566fbmr9050158b3a.2.1742631444760; 
 Sat, 22 Mar 2025 01:17:24 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
 by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-7390618abc9sm3434139b3a.165.2025.03.22.01.17.22
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 22 Mar 2025 01:17:23 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: 45mg <45mg.writes@HIDDEN>
Subject: Re: [bug#77153] [PATCH 1/3] doc: cookbook: Fix terminology for
 libvirt virtual network switches.
In-Reply-To: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
 (45mg.writes@HIDDEN's message of "Fri, 21 Mar 2025 20:51:58 +0530")
References: <cover.1742569449.git.45mg.writes@HIDDEN>
 <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
Date: Sat, 22 Mar 2025 17:17:10 +0900
Message-ID: <87frj5jx89.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 77153 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

45mg <45mg.writes@HIDDEN> writes:

> * doc/guix-cookbook.texi (Virtual Machines): [Routed network for
> libvirt]: Replace the term 'virtual bridge' with 'virtual network
> switch'.  This is the term used by the libvirt Wiki to refer to the
> combined setup of a 'virtual bridge' network interface, dnsmasq instance
> bound to it, and firewall rules associated with it.

I'm not sure 'switch' is clearer than 'bridge' in the context of
libvirt; and I doubt a wiki has much authority on the topic.  I find the
'bridge' terminology most common on Linux, and it matches to options
documented in libvirt-related tools such as `man virt-install` from the
virt-manager package:

--8<---------------cut here---------------start------------->8---
       bridge=3DBRIDGE
              Connect to a bridge device in the host called BRIDGE.  Use  t=
his
              option  if the host has static networking config & the guest =
re=E2=80=90
              quires full outbound and inbound connectivity to/from  the  L=
AN.
              Also use this if live migration will be used with this guest.
--8<---------------cut here---------------end--------------->8---

So I'm not convinced of the value of the proposed change.

--=20
Thanks,
Maxim

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 21 Mar 2025 15:22:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 21 11:22:55 2025
Received: from localhost ([127.0.0.1]:38805 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tveCy-00043J-SY
	for submit <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:22:55 -0400
Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:45084)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tveCs-00041M-CP
 for 77153 <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:22:49 -0400
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-22423adf751so43352565ad.2
 for <77153 <at> debbugs.gnu.org>; Fri, 21 Mar 2025 08:22:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742570560; x=1743175360; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=m86vPvKnmWaIcsldyiBl9NGBpHbOJ/SoiUpwe4xD6A4=;
 b=dq07BABXkBR4uAgANEFVU63eDC6xQjBh3Y01txhewoazmUiNOEb9jdsReyp46RdKDl
 xR9Bqpc1SSzPXPnTHHGF1Z1x/v05Q50pfVYXTf+5hynXM0jGuUGMRvg1R5KjCEL5ZJxy
 WSJ0JTKdXqqfGD36tt8b0YULUhlWXVL5V4tYty8pXA4cqELV/8bewZxwQzTjsZKkEs5i
 qvXeKb64obvxV35NDQ5UuG9SUvefT7ij0kDyb9b5dalShSXvzf6XgKOsx5zzM52SSCag
 ClR6lrHrFGrnb3/sInDGO06jRxkfwBPXdt83SwwNI9FNj2vJZ+1nzea4c/3+IrkaXUL0
 Ojdg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742570560; x=1743175360;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=m86vPvKnmWaIcsldyiBl9NGBpHbOJ/SoiUpwe4xD6A4=;
 b=FEqsXbGjTMCbbogmmIzuXi+GfuwmsK78uuhlmzJ4GyChPbubo3ls0QrdkAAs60Zlrw
 0+pQX684DCM+3RiXsbFj7BTEL7GzbJDImmEp5wlm7Swgu3HunI+zBjLzWSzgARLxnnWO
 AU8LukkHBIcoZi/FpJgOqn7+/67KNB4GFJix220ld5J0bEY1Ik1ODcCqAqSdmC1bAjqL
 MKfdmM4TGYtyAciUgbLyBlsdPSwl836zHw4TU8S7BSdV/Ni4mg3Ar71F7tBJDSyLVHSp
 ik5Cnu6Rl4CVcNiYUX8S1Rw7F5vVXBAEO+ZtE7cukddXVv7ChgvgEXTJvKx5p1uQV0mJ
 C8sA==
X-Gm-Message-State: AOJu0YxGOeYI8HyLvuxMH08hFy05SQ2z0et3IafpXg2gZnXDm0db5UuR
 Oft9y1E9s12AdvpEGkowh5vEpB5iIHj1zchHxFor587XmAmOt/iN1C1Y6DCs
X-Gm-Gg: ASbGnctzaetFJzumbauH2s/ZK+1k+fgSpPOSSE1mMKb8xFZh3TwhRWoPp+XlUjsIDdq
 zgu/eVhQeJ7lwgflOepph6P5O/QPlfYmO7EwXClDJEchnmwJryTJWgr4jYgHauDvh8ic+8LPHEA
 ++mEcl0UxPUD3QpRGVZcsaS+Dk8RMG9dUhUBMCNygMub57dzKycC+9Q7uYEYwQxyZVY3zgDCyzw
 9LaBFLCPOekc8qZixkl7x3El71JR5NXbwn5YK9xERL1oSxnAXv/XWoLeOPdPB53F/DMQ9F7mn41
 f5X8po3PDILu05rzJqujDN7r8YdNShBsaBkNQumUf4lmGTqANhPOhZkKNKRfRXW6Qdc=
X-Google-Smtp-Source: AGHT+IGuY8N+UMPtyu+IeO9ZbxuoL6oiqi2uVrhd+sWBSEocQooO8ZAKW0wDHFbKc5i7bByVB3RJ2Q==
X-Received: by 2002:a17:902:ef49:b0:224:24d3:60f4 with SMTP id
 d9443c01a7336-22780c786c8mr63649885ad.15.1742570559941; 
 Fri, 21 Mar 2025 08:22:39 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22780f3b493sm18118885ad.34.2025.03.21.08.22.38
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 21 Mar 2025 08:22:39 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH 3/3] doc: cookbook: Document manual libvirt networking.
Date: Fri, 21 Mar 2025 20:52:00 +0530
Message-ID: <60249f55cf80b1dbf41654728939cbc6e6bbcd4e.1742570314.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix-cookbook.texi (Virtual Machines): [Manual libvirt
networking]: New section.

Change-Id: Ice79c5dc8183ec694ac8b846a5ec88cb98cac9ff
---
 doc/guix-cookbook.texi | 120 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 120 insertions(+)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 325b1d9c2a..338dba25be 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -3750,6 +3750,7 @@ Virtual Machines
 @menu
 * Network bridge for QEMU::
 * Routed network for libvirt::
+* Manual libvirt networking::
 @end menu
 
 @node Network bridge for QEMU
@@ -3974,6 +3975,125 @@ Routed network for libvirt
 should work from within your VM; you can e.g.@: run @samp{ping gnu.org}
 to verify that it functions correctly.
 
+@node Manual libvirt networking
+@section Manual libvirt networking
+
+As mentioned in the preceding section (@pxref{Routed network for libvirt}),
+libvirt allows virtual networks to be defined via XML files and managed
+by the @command{virsh} command.  The details of the creation and removal
+of virtual network switches are handled by libvirt, so the user does not
+have to deal with them.
+
+However, libvirt's handling of virtual network switches can sometimes
+clash with more complex networking setups.  In particular, the iptables
+rules inserted by libvirt for switches operating in the NAT mode can
+clash with existing iptables/nftables rules, leading to insecure or
+broken packet filtering.
+
+In such cases, the only solution is to manually set up a virtual network
+switch.  This section will provide instructions on how to do so using
+Guix System services.
+
+This section is based on
+@url{https://jamielinux.com/docs/libvirt-networking-handbook/custom-nat-based-network.html,
+the corresponding section from the (unofficial) libvirt Networking
+Handbook}.  It should be noted that at the time of writing (March 2025),
+this resource had not been updated since 2015, and is therefore somewhat
+outdated.  In particular, the creation of a `dummy interface' is no
+longer necessary.
+
+@subsection Creating the virtual network bridge
+
+The @code{static-networking-service-type} can be used to create a
+virtual network bridge and assign an IP address to it:
+
+@example lisp
+(service static-networking-service-type
+         (list (static-networking
+                ;; The default provision is 'networking; if you're using any
+                ;; other service with this provision, such as
+                ;; `network-manager-service-type`, then you need to change the
+                ;; default
+                (provision '(static-networking))
+                (links
+                 (list (network-link
+                        (name "virbr0")
+                        (type 'bridge)
+                        (arguments '((stp_state . 1))))))
+                (addresses
+                 (list (network-address
+                        (device "virbr0")
+                        (value "192.168.10.1/24")))))))
+@end example
+
+@subsection Running dnsmasq for the virtual network bridge
+
+The @code{dnsmasq-service-type} can be used to provide DNS and DHCP for
+guests connected to this virtual network switch:
+
+@example lisp
+(service dnsmasq-service-type
+         (dnsmasq-configuration
+          ;; You can have multiple instances of `dnsmasq-service-type` as long
+          ;; as each one has a different provision
+          (provision '(dnsmasq-virbr0))
+          (extra-options (list
+                          ;; Only bind to the virtual bridge. This
+                          ;; avoids conflicts with other running
+                          ;; dnsmasq instances.
+                          "--except-interface=lo"
+                          "--interface=virbr0"
+                          "--bind-dynamic"
+                          ;; IPv4 addresses to offer to VMs. This
+                          ;; should match the chosen subnet.
+                          "--dhcp-range=192.168.10.2,192.168.10.254"))))
+@end example
+
+@subsection Configuring NAT for the virtual network switch
+
+If you intend to use the virtual network switch in NAT mode, you will
+need to use nftables (or iptables) rules to set up IP masquerading.  The
+following example shows how to use @code{nftables-service-type} to do
+this:
+
+@example lisp
+(service nftables-service-type
+         (nftables-configuration
+          (ruleset
+           (plain-file "nftables.conf"
+                       "\
+table inet filter @{
+
+  chain input @{
+    type filter hook input priority filter; policy drop;
+    # Add your existing packet filtering rules here....
+    iifname "virbr0" udp dport 67 counter accept comment "allow dhcp on virbr0"
+    iifname "virbr0" meta l4proto @{tcp, udp@} th dport 53 accept comment "allow dns on virbr0"
+  @}
+
+  chain forward @{
+    type filter hook forward priority filter; policy drop;
+    # Add your existing forwarding rules here....
+    iifname "virbr0" accept comment "allow outbound traffic from virbr0"
+    oifname "virbr0" ct state @{established, related @} accept comment "allow established traffic to virbr0"
+  @}
+
+@}
+
+table inet nat @{
+  chain postrouting @{
+    type nat hook postrouting priority srcnat; policy accept;
+    # Add your existing nat rules here...
+    iifname "virbr0" ip daddr @{ 224.0.0.0/24, 255.255.255.255/32 @} return comment "don't masquerade to reserved address blocks"
+    iifname "virbr0" oifname != "virbr0" masquerade comment "masquerade all outgoing traffic from VMs"
+  @}
+@}
+"))))
+@end example
+
+Ensure that you have IPv4 forwarding enabled (you can use
+@code{sysctl-service-type} for this).
+
 @c *********************************************************************
 @node Advanced package management
 @chapter Advanced package management
-- 
2.48.1

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 21 Mar 2025 15:22:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 21 11:22:36 2025
Received: from localhost ([127.0.0.1]:38802 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tveCh-00040I-DY
	for submit <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:22:36 -0400
Received: from mail-pl1-x643.google.com ([2607:f8b0:4864:20::643]:61612)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tveCd-0003yj-8G
 for 77153 <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:22:32 -0400
Received: by mail-pl1-x643.google.com with SMTP id
 d9443c01a7336-22580c9ee0aso44184365ad.2
 for <77153 <at> debbugs.gnu.org>; Fri, 21 Mar 2025 08:22:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742570545; x=1743175345; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=2rgsGzAVAF8mdP8nHdVMHX8W+Vh3pVCnHwdMkGJY8V4=;
 b=Xf7OgwkobQf6Y4vQV4OSc40CNWMP9V7RaUz2i4+bpXK5jSphzKblD7UVfWkdj52ohH
 q028K3Gdx/KShlz16r02/h18+1fF52VhbeyTuR7NVwk0/m/gU7gmlj3OHY2QJ008W4Tj
 0YaaRIfRssXxRs8D5X0wJxSDwny9AYKgfrpNmrKbD24jVuNrRSCMY8Rb8ps3YGNECS66
 Em2vqw4Q+7/YHOQ/AxXCrCBeyvoBNlZj03V8DzmJq/lXCSkJW4tlwOSGc+98kZgEuqqY
 CclXzFo+DTa4ZDHqHj/jwtf0eP8HHHiPC1xWDnINKytmzIirf6LDPBxYcJ2GDbheV0tv
 u2lQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742570545; x=1743175345;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=2rgsGzAVAF8mdP8nHdVMHX8W+Vh3pVCnHwdMkGJY8V4=;
 b=YSRZCn5+ODy/QV2jGv6xErp19eEeXEKBLjXIoi2uH3JTs0s9zm/9lm5HDid0o3hVVN
 zIPsasY9K6dBmRhcANToyjw0ndaq3IOh3DJ5J5v1Q9x9itwFzVuPfFzD0uo3BgGx80SS
 HZnIAWR2pIB/HnYS+61/sNsafP+tjglvunGwN4nH5pXMlArvUXIunwv1lQohxLDuM2sA
 ySP2bisdfWUwxCBGqTPQl526et7HjV0Dw4iKoAOupERtbWyyErv5kKZVtBKtJ2vwvZ5e
 1s9OUGZV9iEgWz5K3BNM0jMCXQCtI56tYZX164+OnB0b8g9wPREjoP7Es/mMi//qavOT
 jFGQ==
X-Gm-Message-State: AOJu0Yzmil5J1zbQYAJ+LWcOUp4JUs6ziTTlxObygPkkFc/tFhCEH7W4
 cbV8l2ZAL8UqNBm9j5+U4A3NNy6UeAbrzswLESUHpkmy0TnerFsjNs5BsXDi
X-Gm-Gg: ASbGnctynmsGBOP7S/x/MA4QfE6hC+XhNGKEIwrLxglkDn6YfVNEH7S7xB8WAFJd6fT
 1uqG+toYvvkNDn+cBVKIBYEXQV5q9f7SpIixl8qagyVVA3nr7L1JuSWbVMSj+37jjbPrurKQ53R
 V8+tA2lkc0SO8DnxQ0/CoQyYWZaheNwgbBXYtnCR0S7nEZWZlCQaOzmIxKy0rktKi6LBaf1VDhK
 J1rJe43QTlZRh+r7zWiSRH/G23dpB7mUStzMtdFHjx0kA829+5HSc+VrSM23d9hSJMkX8JJxLsi
 4wfCWtiURqGrajYZM9uZUL40I6MjMpDqe3eUeISVzChKeqEAh7IX4X7QrgM03sZW3eqgWkG3NQY
 jdg==
X-Google-Smtp-Source: AGHT+IH/bug/34k2xexLSqdGYTX1XPYxqbhFoNPH3mbNSk6eOTl/+FmH31T6sloX1LZKjJYD5xS8WQ==
X-Received: by 2002:a17:903:188:b0:220:e338:8d2 with SMTP id
 d9443c01a7336-22780d83b25mr59977635ad.21.1742570544875; 
 Fri, 21 Mar 2025 08:22:24 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22780f3b493sm18118885ad.34.2025.03.21.08.22.23
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 21 Mar 2025 08:22:24 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH 2/3] doc: cookbook: Clarify virtual network switches.
Date: Fri, 21 Mar 2025 20:51:59 +0530
Message-ID: <c33ee214ac4d83bca43e2a51881a89dcd40a89f2.1742570314.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
In-Reply-To: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
References: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix-cookbook.texi (Virtual Machines): [Routed network for
libvirt] {Creating a virtual network switch}: Remove unnecessarily
noncommital language ("a few components/configurations, such as...").
Correct 'TUN interface', as bridges are currently used.  Add a link to
the libvirt Wiki for more information.

Change-Id: I6ffdeca8e4d32155c8cce547d4930bf1b0cb471b
---
 doc/guix-cookbook.texi | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index 8bfc859a90..325b1d9c2a 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -3896,14 +3896,19 @@ Routed network for libvirt
 
 @subsection Creating a virtual network switch
 
-A virtual network switch consists of a few components/configurations,
-such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq)
-and firewall rules (iptables).  The @command{virsh} command, provided by
-the @code{libvirt} package, makes it very easy to create a virtual
-switch.  You first need to choose a network subnet for your virtual
-switch; if your home LAN is in the @samp{192.168.1.0/24} network, you
-could opt to use e.g.@: @samp{192.168.2.0/24}.  Define an XML file,
-e.g.@: @file{/tmp/virbr0.xml}, containing the following:
+A virtual network switch consists of a virtual network device called a
+`virtual bridge', DHCP server (dnsmasq) and firewall rules
+(iptables). See the
+@url{https://wiki.libvirt.org/VirtualNetworking.html, libvirt Wiki
+article on Virtual Networking} for more details on the modes of
+operation, management and implementation of virtual network switches.
+
+The @command{virsh} command, provided by the @code{libvirt}
+package, makes it very easy to create a virtual switch.  You first need
+to choose a network subnet for your virtual switch; if your home LAN is
+in the @samp{192.168.1.0/24} network, you could opt to use e.g.@:
+@samp{192.168.2.0/24}.  Define an XML file, e.g.@:
+@file{/tmp/virbr0.xml}, containing the following:
 
 @example
 <network>
-- 
2.48.1

Message received at 77153 <at> debbugs.gnu.org:

Received: (at 77153) by debbugs.gnu.org; 21 Mar 2025 15:22:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 21 11:22:28 2025
Received: from localhost ([127.0.0.1]:38799 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tveCZ-0003z8-Jk
	for submit <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:22:28 -0400
Received: from mail-pl1-x642.google.com ([2607:f8b0:4864:20::642]:57749)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tveCX-0003xb-Fu
 for 77153 <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:22:26 -0400
Received: by mail-pl1-x642.google.com with SMTP id
 d9443c01a7336-22398e09e39so44746965ad.3
 for <77153 <at> debbugs.gnu.org>; Fri, 21 Mar 2025 08:22:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742570539; x=1743175339; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=nV8EAmsvs4fNpjIV3hI0wSY82iKhayOlcxpQdbWvBPU=;
 b=fjImKKlghlW4hrOuV8a7IjV4NwLf2/bwq5Qs4OxvScj/YDu4gDFf6175Z2fpAfRVxK
 bb6PWO4eUpArAGaMV8lcQ5lDyjg0vojgsOT+Yy+bgIrG+wN87Ua7DEsCEyk1UX3B2XdW
 qS3/6AsPLA+S1Vk8ityUZRmtSowCoicnIgv4J/GBFc3zzm6GkBYhikGzuSojbVaQRuLs
 tlTsqLM2daD3JqPxIpyX16VpLwc0BunPLiGx+GGaqIFXBUrD/2a+TcFikwHilyaAXJkF
 LxaNArcNHSIrc+uThFhaMmmDA8yO7Ta1q2q0z4I/vm1KRJPdZSFPjV4MbuclgQvGM4Zg
 DtfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742570539; x=1743175339;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=nV8EAmsvs4fNpjIV3hI0wSY82iKhayOlcxpQdbWvBPU=;
 b=SgPLNFHAwzD6SsbvonrpfwuIlH8AuVgNXZdjTua+StNoloBuIWl4uY0BOub/M5OkES
 batdn5i7IUfY1An3qfL5PBkdCVWm32EYydsF0NiICR7SDTP88EBca1EBqiTMUhNOlKph
 sJA5nZLp+9nrwEC6/rfRS/VYIKbKeNvv4FBpve6twpVtHGHTwHOp3zMqvj/brmJ8F+yN
 3Xz9GP2P5X3jxs0B1Dv9DoBQKpjOqBCu1A09g55/bmspduH5fiJ8DmKvo/QKnRKty8+W
 Uv48DkJ1yEtsfLqF5Bpc2zaOqiFNPis87Hj7BlxiZl6wcw3LfHHnA6bXph30vqIfAlBG
 8mnw==
X-Gm-Message-State: AOJu0YxkS1FwMQUaoUPPa0ENj2uHZXfattw7/JZNLxXKS2vq0hpdVhQL
 2g72vtiDvKWBcWh6bjr0m3z7YJ0tW1FKCqQZW5Myv2Z+4hYGqImu21docJqu
X-Gm-Gg: ASbGnctoNNvlH4U66AGxMHfLWji5qwg9RuRKwVkYCD7n8lWORcXCNS01jvHzuCMwNS8
 L1ZqSmABCAUMa2lnYk3SKPuXtkF9BFdJaxfJFI416JDtjRHsuINlOUDgegVqPQlVVAWF4FHxW00
 XLZnIhAlir+714NnivJ5ufSnaHEM8cyNDIh/kXTV6fRYCn7e8lrrfQyVtOhkCHFWOPyzCSaeDuj
 vnapnTnGDzOz1RTtwxKze7A8s2bwDF41ZpfvAQ0WageTE7x8WKzPLMCI+QsnfXRQwMx9NeXFOZK
 TvtI/Rp2gcLqE2ef0h4/pMQQbWCPOrKvvZtBr5kEKg03PPVc/COz1GSUN/CyuzyP6/1g8RD6SeG
 HYw==
X-Google-Smtp-Source: AGHT+IH/dWICxW0Ff/OWb0gHYXCQcj4ThZH2sX38hr+bQmMuarkuUylMH9G2WtvLxMwT4BiFZ7f2Iw==
X-Received: by 2002:a17:902:ebc6:b0:223:39ae:a98 with SMTP id
 d9443c01a7336-22780d825c4mr72016305ad.22.1742570538689; 
 Fri, 21 Mar 2025 08:22:18 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-22780f3b493sm18118885ad.34.2025.03.21.08.22.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 21 Mar 2025 08:22:18 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: 77153 <at> debbugs.gnu.org
Subject: [PATCH 1/3] doc: cookbook: Fix terminology for libvirt virtual
 network switches.
Date: Fri, 21 Mar 2025 20:51:58 +0530
Message-ID: <b4f38d65746adf927a39a65060bc160f935692af.1742570314.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77153
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

* doc/guix-cookbook.texi (Virtual Machines): [Routed network for
libvirt]: Replace the term 'virtual bridge' with 'virtual network
switch'.  This is the term used by the libvirt Wiki to refer to the
combined setup of a 'virtual bridge' network interface, dnsmasq instance
bound to it, and firewall rules associated with it.

Change-Id: Ibd10fe76321eb61e9ca23d8124634d1108d4faad
---
 doc/guix-cookbook.texi | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/doc/guix-cookbook.texi b/doc/guix-cookbook.texi
index d9b98a2ab3..8bfc859a90 100644
--- a/doc/guix-cookbook.texi
+++ b/doc/guix-cookbook.texi
@@ -3879,29 +3879,29 @@ Routed network for libvirt
 @section Routed network for libvirt
 @cindex Virtual network bridge interface
 @cindex networking, virtual bridge
-@cindex libvirt, virtual network bridge
+@cindex libvirt, virtual network switch
 
 If the machine hosting your virtual machines is connected wirelessly to
 the network, you won't be able to use a true network bridge as explained
 in the preceding section (@pxref{Network bridge for QEMU}).  In this
-case, the next best option is to use a @emph{virtual} bridge with static
-routing and to configure a libvirt-powered virtual machine to use it
-(via the @command{virt-manager} GUI for example).  This is similar to
-the default mode of operation of QEMU/libvirt, except that instead of
-using @abbr{NAT, Network Address Translation}, it relies on static
-routes to join the @abbr{VM, virtual machine} IP address to the
+case, the next best option is to use a @emph{virtual network switch}
+with static routing and to configure a libvirt-powered virtual machine
+to use it (via the @command{virt-manager} GUI for example).  This is
+similar to the default mode of operation of QEMU/libvirt, except that
+instead of using @abbr{NAT, Network Address Translation}, it relies on
+static routes to join the @abbr{VM, virtual machine} IP address to the
 @abbr{LAN, local area network}.  This provides two-way connectivity to
 and from the virtual machine, which is needed for exposing services
 hosted on the virtual machine.
 
-@subsection Creating a virtual network bridge
+@subsection Creating a virtual network switch
 
-A virtual network bridge consists of a few components/configurations,
+A virtual network switch consists of a few components/configurations,
 such as a @abbr{TUN, network tunnel} interface, DHCP server (dnsmasq)
 and firewall rules (iptables).  The @command{virsh} command, provided by
 the @code{libvirt} package, makes it very easy to create a virtual
-bridge.  You first need to choose a network subnet for your virtual
-bridge; if your home LAN is in the @samp{192.168.1.0/24} network, you
+switch.  You first need to choose a network subnet for your virtual
+switch; if your home LAN is in the @samp{192.168.1.0/24} network, you
 could opt to use e.g.@: @samp{192.168.2.0/24}.  Define an XML file,
 e.g.@: @file{/tmp/virbr0.xml}, containing the following:
 

base-commit: 9eddd250b773043fcac5e7eaa4939e5a2d9940bd
-- 
2.48.1

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 21 Mar 2025 15:20:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 21 11:20:25 2025
Received: from localhost ([127.0.0.1]:38784 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tveAZ-0003eI-VB
	for submit <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:20:25 -0400
Received: from lists.gnu.org ([2001:470:142::17]:58530)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <45mg.writes@HIDDEN>)
 id 1tveAX-0003YN-9g
 for submit <at> debbugs.gnu.org; Fri, 21 Mar 2025 11:20:21 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <45mg.writes@HIDDEN>)
 id 1tveAA-0001Hw-3l
 for guix-patches@HIDDEN; Fri, 21 Mar 2025 11:20:00 -0400
Received: from mail-pj1-x1044.google.com ([2607:f8b0:4864:20::1044])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <45mg.writes@HIDDEN>)
 id 1tveA6-0007vq-Mc
 for guix-patches@HIDDEN; Fri, 21 Mar 2025 11:19:57 -0400
Received: by mail-pj1-x1044.google.com with SMTP id
 98e67ed59e1d1-2ff65d88103so4552898a91.2
 for <guix-patches@HIDDEN>; Fri, 21 Mar 2025 08:19:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1742570391; x=1743175191; darn=gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=+9n6lprtfwLFyVAOvEdlpEe3htA/a2cT4GiW/8qBEC8=;
 b=X3WYOSxsNyicn9t1+uM2nGgQ1a6Uru+fipdXcYq86sFyIuCn2j6Jm0qm2AbSVYuupd
 Hznn4iQf+XnPfFsjkvvK7zlyjfEbeXNlik7ndCXRJ1o+NWjBk/OJsul1O5Em4LCQ9KaM
 k5pIIn6/UMv3bbpuYScc1nG82R1yQkQ7dd2YAu7DPG0ojntK7TP+acZCn2vGUoYVLAjI
 Jqm1faaIQCgUsX7vxNbEzGBjVzXwjyFWGT7pAEsqNbTXYsX8K6CGT6H68IO/b649gV8M
 r1LrTO/EnvRBfSEykxOgXE2n6qGGX2+m1g/SRUPHjZT3mAjSJC6otwi15BdZ3+wJHQWO
 REXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1742570391; x=1743175191;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=+9n6lprtfwLFyVAOvEdlpEe3htA/a2cT4GiW/8qBEC8=;
 b=XTf/gK+uDAC6Pnu24vklqROmh8lqbSBa5LSzHkC37HQCwOoqfcuRn4CUD9S5bga7fM
 Yz8iijGBuIi3fcCqO2zTizqsQeLrWq4LYcYXU3dEKgPAxEzIiU3AutCj4LNjNSRIHcRp
 AnpHZ8aAK0t942RwhBdMHBx7ITyk7qkq+g2Z86y7RcSnc5d0EnLFY3DjXrrYy/tLSf97
 4hGdFmcXqnB+pP+3Gqd8en9U+i3BZyLTl/OLCfkhBdARNW+9Y1pm80RVCWVmtA3/O6uK
 iOBzVbHVmn/IbC5XeFRM2gfwjy0cIyMq+/zyN5UOgozSnsm8sTIBLb+1GJCvo8RrEpfO
 xUZw==
X-Gm-Message-State: AOJu0Yzx9Huy6FFI8Dn5B+DZed7XY01CAQXSlRvzf6S5HeVSYnPRZnst
 xCdfjT1cJhdoWbY5UcAV/os7GKPUCZaOC11j9tyC3Xf7dPVyHLLOmx0CpFiX
X-Gm-Gg: ASbGncs6aEJ1iur3upRQIT7EgX7V9J55nf64WEys3bzzBT36WMWCDMrlSdeqbzsy/gE
 1G6bSMEioDI0ybSgVFdqk3EwrGtRw9/4x4NWnvvb/IOvEVKsDo07FRTg03n1UhWiIX6PHXGVoRA
 7wmWIwdTSsQCGZjgt/qS68eUnT/5heYy7SE9EtFnW8TUcUlPFqbIAnese84FNt2iDXGW7yKGX0J
 3uyD3OZ7DKFw0G780/QZbsumxpNyimhyhdz94EbIp4qP9hw4SKLuO8DuOX2AG/8dXYnhKV3TFRv
 jnEN0+I9fWQ4PnFiYHrV/p+4GugscLcD2xpNFxR9AmmJp91+b5hsEkans7ibjoQfBfo=
X-Google-Smtp-Source: AGHT+IHBo5qjuFGv5VaMzC15DWCZ9kItr4aVSJmGbtn16pWwwNS9LSr13IC4F32vLGqAsL+zHfk1cA==
X-Received: by 2002:a17:90b:2cc4:b0:2ff:7b15:813b with SMTP id
 98e67ed59e1d1-3030fe95a3dmr6819601a91.17.1742570391004; 
 Fri, 21 Mar 2025 08:19:51 -0700 (PDT)
Received: from localhost.localdomain (utm3.nitt.edu. [14.139.162.2])
 by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-301a39f1073sm7239395a91.0.2025.03.21.08.19.49
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 21 Mar 2025 08:19:50 -0700 (PDT)
From: 45mg <45mg.writes@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/3] doc: cookbook: Manual libvirt networking.
Date: Fri, 21 Mar 2025 20:49:31 +0530
Message-ID: <cover.1742569449.git.45mg.writes@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::1044;
 envelope-from=45mg.writes@HIDDEN; helo=mail-pj1-x1044.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: submit
Cc: 45mg <45mg.writes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

45mg (3):
  doc: cookbook: Fix terminology for libvirt virtual network switches
  doc: cookbook: Clarify virtual network switches.
  doc: cookbook: Document manual libvirt networking.

 doc/guix-cookbook.texi | 154 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 138 insertions(+), 16 deletions(-)


base-commit: 9eddd250b773043fcac5e7eaa4939e5a2d9940bd
-- 
2.48.1