all lists on lists.proxmox.com
 help / color / mirror / Atom feed
* [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes
@ 2026-05-21 11:19 Stefan Hanreich
  2026-05-21 11:32 ` applied: " Thomas Lamprecht
  0 siblings, 1 reply; 2+ messages in thread
From: Stefan Hanreich @ 2026-05-21 11:19 UTC (permalink / raw)
  To: pve-devel

Strip the port of all endpoints of internal nodes again, since they're
derived from the internal nodes' endpoints as well as the referenced
interface of the internal node in the respective peer definition. Only
replace ports if IPv6 endpoints are given with brackets, or if the
string before a potential port suffix is a valid IPv4 address,
otherwise leave the string unchanged (e.g. fe80::1:51820 would stay
the same).

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/Network/SDN/Fabrics.pm | 49 +++++++++++++++-------------------
 1 file changed, 21 insertions(+), 28 deletions(-)

diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
index b828d3d6..9a23f210 100644
--- a/src/PVE/Network/SDN/Fabrics.pm
+++ b/src/PVE/Network/SDN/Fabrics.pm
@@ -3,7 +3,7 @@ package PVE::Network::SDN::Fabrics;
 use strict;
 use warnings;
 
-use Socket qw(inet_pton AF_INET6);
+use Socket qw(inet_pton AF_INET AF_INET6);
 
 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file cfs_write_file);
 use PVE::JSONSchema qw(get_standard_option);
@@ -124,31 +124,32 @@ sub write_fabrics_config {
 # FIXME: remove with PVE 10
 #
 # WireGuard fabrics from libpve-network-perl 1.5.0 stored a port-less endpoint
-# and derived the port from the interface's listen_port; the endpoint is now a
-# full host:port. On read, append the node's listen port to such legacy
-# node-level endpoints (a bare IPv6 is bracketed). A port-less per-peer
-# endpoint override cannot be expressed anymore and its target port is not
-# available here, so it is dropped - the peer then falls back to the
-# referenced node's (migrated) endpoint. Values already carrying a port, and
-# external nodes (no interface, no port), are left for the strict parser.
+# and derived the port from the interface's listen_port; This has shortly been
+# changed to full host:port in 1.6.3. Revert this change by removing the port
+# from endpoints with either valid IPv6 bracket notation or an IPv4 adresses
+# succeeded by a port definition.
 sub migrate_legacy_wireguard_endpoints {
     my ($raw) = @_;
 
     return $raw if !length($raw // '');
     return $raw if $raw !~ /^wireguard_node:/m;
 
-    # a port-less endpoint is a colon-free bare IPv4/hostname or a bare IPv6
-    my $is_portless = sub { $_[0] !~ /:/ || defined(inet_pton(AF_INET6, $_[0])) };
-
     my @lines = split(/\n/, $raw, -1);
 
-    my ($endpoint_idx, $host, $listen_port, $in_wg_node);
+    my ($endpoint_idx, $endpoint, $role, $in_wg_node);
+
     my $flush = sub {
-        if (defined($endpoint_idx) && defined($listen_port)) {
-            $host = "[$host]" if defined(inet_pton(AF_INET6, $host));
-            $lines[$endpoint_idx] =~ s/\S+$/$host:$listen_port/;
+        if (defined($endpoint_idx) && defined($role) && $role eq 'internal') {
+            if ($endpoint =~ /^\[(\S+)\]:\d+$/) {
+                $endpoint = $1 if defined(inet_pton(AF_INET6, $1));
+            } elsif ($endpoint =~ /^(\S+):\d+$/) {
+                $endpoint = $1 if defined(inet_pton(AF_INET, $1));
+            }
+
+            $lines[$endpoint_idx] =~ s/\S+$/$endpoint/;
         }
-        ($endpoint_idx, $host, $listen_port) = (undef, undef, undef);
+
+        ($endpoint_idx, $endpoint, $role, $in_wg_node) = (undef, undef, undef);
     };
 
     for my $i (0 .. $#lines) {
@@ -157,19 +158,11 @@ sub migrate_legacy_wireguard_endpoints {
             $in_wg_node = $lines[$i] =~ /^wireguard_node:/;
         } elsif (!$in_wg_node) {
             next;
+        } elsif ($lines[$i] =~ /^\s+role\s+(\S+)$/) {
+            $role = $1;
         } elsif ($lines[$i] =~ /^\s+endpoint\s+(\S+)$/) {
-            my $value = $1;
-            ($endpoint_idx, $host) = ($i, $value) if $is_portless->($value);
-        } elsif ($lines[$i] =~ /^(\s+peers\s+)(\S.*)$/) {
-            my ($prefix, $props) = ($1, $2);
-            if (my ($value) = $props =~ /(?:^|,)endpoint=([^,]+)/) {
-                $props = join(',', grep { $_ ne "endpoint=$value" } split(/,/, $props))
-                    if $is_portless->($value);
-                $lines[$i] = "$prefix$props";
-            }
-        } elsif ($lines[$i] =~ /^\s+interfaces\s+\S/) {
-            my ($port) = $lines[$i] =~ /(?:^|,)listen_port=(\d+)/;
-            $listen_port //= $port;
+            $endpoint_idx = $i;
+            $endpoint = $1;
         }
     }
     $flush->();
-- 
2.47.3





^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-21 11:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-21 11:19 [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes Stefan Hanreich
2026-05-21 11:32 ` applied: " Thomas Lamprecht

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal