From: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Christoph Heiss <c.heiss@proxmox.com>
Subject: [pve-devel] applied-series: [PATCH RFC firewall 2/2] firewall: adjust to new qemu-server module structure
Date: Thu, 3 Jul 2025 15:04:18 +0200 (CEST) [thread overview]
Message-ID: <1707650782.1264.1751547858400@webmail.proxmox.com> (raw)
In-Reply-To: <764212943.981.1751528271682@webmail.proxmox.com>
thanks!
ended up requiring a bumped versioned dependency from qemu-server to
pve-firewall for unrelated reasons, but that meant not requiring
anything else to force the upgrade/desired constraint here.
> Fabian Grünbichler <f.gruenbichler@proxmox.com> hat am 03.07.2025 09:37 CEST geschrieben:
> > Christoph Heiss <c.heiss@proxmox.com> hat am 02.07.2025 15:09 CEST geschrieben:
> >
> >
> > PVE::QemuServer::parse_net() was moved to PVE::QemuServer::Network in
> > qemu-server eac162a86 ("introduce Network module"), so adjust all
> > references here accordingly.
> >
> > Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
> > ---
> > This would require a corresponding `Depends` entry update in d/control.
> > But currently, this dependency is not recorded to due being cyclic - at
> > least according to the comment at the top of the file.
> >
> > I've thus marked this patch as RFC & left that change out for now - but
> > somehow this API break must be versioned properly. Maybe someone with
> > more insight can chime in here?
>
> we can either add a wrapper back to QemuServer.pm and carry that for the
> duration of PVE 9 or we can bump pve-firewall with this patch here included
> and do a versioned breaks..
>
> in any case, thanks for noticing!
>
> >
> > src/PVE/Firewall.pm | 6 +++---
> > src/PVE/FirewallSimulator.pm | 2 +-
> > 2 files changed, 4 insertions(+), 4 deletions(-)
> >
> > diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
> > index 13112be..41b740a 100644
> > --- a/src/PVE/Firewall.pm
> > +++ b/src/PVE/Firewall.pm
> > @@ -4363,7 +4363,7 @@ sub compile_iptables_filter {
> >
> > foreach my $netid (sort keys %$conf) {
> > next if $netid !~ m/^net(\d+)$/;
> > - my $net = PVE::QemuServer::parse_net($conf->{$netid});
> > + my $net = PVE::QemuServer::Network::parse_net($conf->{$netid});
> > next if !$net->{firewall};
> >
> > my $iface = "tap${vmid}i$1";
> > @@ -4503,7 +4503,7 @@ sub compile_ipsets {
> > my $device_ips = {};
> > foreach my $netid (keys %$conf) {
> > next if $netid !~ m/^net(\d+)$/;
> > - my $net = PVE::QemuServer::parse_net($conf->{$netid});
> > + my $net = PVE::QemuServer::Network::parse_net($conf->{$netid});
> > next if !$net->{firewall};
> >
> > if ($vmfw_conf->{options}->{ipfilter} && !$ipsets->{"ipfilter-$netid"}) {
> > @@ -4623,7 +4623,7 @@ sub compile_ebtables_filter {
> >
> > foreach my $netid (sort keys %$conf) {
> > next if $netid !~ m/^net(\d+)$/;
> > - my $net = PVE::QemuServer::parse_net($conf->{$netid});
> > + my $net = PVE::QemuServer::Network::parse_net($conf->{$netid});
> > next if !$net->{firewall};
> > my $iface = "tap${vmid}i$1";
> > my $macaddr = $net->{macaddr};
> > diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm
> > index 877e646..0a3100b 100644
> > --- a/src/PVE/FirewallSimulator.pm
> > +++ b/src/PVE/FirewallSimulator.pm
> > @@ -491,7 +491,7 @@ sub extract_vm_info {
> > my $info = { type => 'vm', vmid => $vmid };
> >
> > my $conf = $vmdata->{qemu}->{$vmid} || die "no such VM '$vmid'";
> > - my $net = PVE::QemuServer::parse_net($conf->{"net$netnum"});
> > + my $net = PVE::QemuServer::Network::parse_net($conf->{"net$netnum"});
> > $info->{macaddr} = $net->{macaddr} || die "unable to get mac address";
> > $info->{bridge} = $net->{bridge} || die "unable to get bridge";
> > $info->{fwbr} = "fwbr${vmid}i$netnum";
> > --
> > 2.49.0
> >
> >
> >
> > _______________________________________________
> > pve-devel mailing list
> > pve-devel@lists.proxmox.com
> > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2025-07-03 13:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-02 13:03 [pve-devel] [PATCH firewall 1/2] compile: report rule errors to syslog if running as daemon Christoph Heiss
2025-07-02 13:09 ` [pve-devel] [PATCH RFC firewall 2/2] firewall: adjust to new qemu-server module structure Christoph Heiss
2025-07-03 7:37 ` Fabian Grünbichler
2025-07-03 13:04 ` Fabian Grünbichler [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1707650782.1264.1751547858400@webmail.proxmox.com \
--to=f.gruenbichler@proxmox.com \
--cc=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.