From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v4 container 2/3] net: Add `link_down` config to allow setting interfaces as disconnected
Date: Wed, 22 Feb 2023 13:49:02 +0100 [thread overview]
Message-ID: <20230222124903.326612-3-c.heiss@proxmox.com> (raw)
In-Reply-To: <20230222124903.326612-1-c.heiss@proxmox.com>
If this network option is set, the host-side link will be forced down
and the interface won't be connected to the bridge.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
* Split trailing whitespace fix into separate patch
* Rename option to kebap-case
* Proper option comparison using `safe_boolean_ne`
* Copy option to new network conf like the other options
* Remove the veth interface from the bridge when disconnected
Changes v2 -> v3:
* Rename option to snake_case again
* Move option hotplug-handling before LXC attach again
Changes v3 -> v4:
* Rebase
* Shorten and remove some comments as appropriate
* Update `link_down` schema comment
* Move `link_down` logic to net_tap_plug()
A note regarding the last change:
The interface is now always set UP if `link_down` is unset. This saves
us from passing the old network configuration to net_tap_plug() and
should not have any effect as setting an interface UP/DOWN is
(hopefully?) idempotent anyway - if it already is UP it does nothing and
if it is currently DOWN we want it UP anyway at that point.
src/PVE/LXC.pm | 17 ++++++++++++++---
src/PVE/LXC/Config.pm | 6 ++++++
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 54afd97..c4d53e8 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -920,6 +920,14 @@ sub vm_stop_cleanup {
sub net_tap_plug : prototype($$) {
my ($iface, $net) = @_;
+
+ if (defined($net->{link_down})) {
+ PVE::Tools::run_command(['/sbin/ip', 'link', 'set', 'dev', $iface, 'down']);
+ # Don't add disconnected interfaces to the bridge, otherwise e.g. applying any network
+ # change (e.g. `ifreload -a`) could (re-)activate it unintentionally.
+ return;
+ }
+
my ($bridge, $tag, $firewall, $trunks, $rate, $hwaddr) =
$net->@{'bridge', 'tag', 'firewall', 'trunks', 'rate', 'hwaddr'};
@@ -929,6 +937,8 @@ sub net_tap_plug : prototype($$) {
} else {
PVE::Network::tap_plug($iface, $bridge, $tag, $firewall, $trunks, $rate, { mac => $hwaddr });
}
+
+ PVE::Tools::run_command(['/sbin/ip', 'link', 'set', 'dev', $iface, 'up']);
}
sub update_net {
@@ -957,7 +967,8 @@ sub update_net {
} else {
if (safe_string_ne($oldnet->{bridge}, $newnet->{bridge}) ||
safe_num_ne($oldnet->{tag}, $newnet->{tag}) ||
- safe_num_ne($oldnet->{firewall}, $newnet->{firewall})
+ safe_num_ne($oldnet->{firewall}, $newnet->{firewall}) ||
+ safe_boolean_ne($oldnet->{link_down}, $newnet->{link_down})
) {
if ($oldnet->{bridge}) {
@@ -972,7 +983,7 @@ sub update_net {
PVE::LXC::net_tap_plug($veth, $newnet);
# This includes the rate:
- foreach (qw(bridge tag firewall rate)) {
+ foreach (qw(bridge tag firewall rate link_down)) {
$oldnet->{$_} = $newnet->{$_} if $newnet->{$_};
}
} elsif (safe_string_ne($oldnet->{rate}, $newnet->{rate})) {
@@ -1015,7 +1026,7 @@ sub hotplug_net {
PVE::Tools::run_command($cmd);
my $done = { type => 'veth' };
- foreach (qw(bridge tag firewall hwaddr name)) {
+ foreach (qw(bridge tag firewall hwaddr name link_down)) {
$done->{$_} = $newnet->{$_} if $newnet->{$_};
}
$conf->{$opt} = PVE::LXC::Config->print_lxc_network($done);
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index af25a96..bf424f9 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -814,6 +814,12 @@ our $netconf_desc = {
description => "Apply rate limiting to the interface",
optional => 1,
},
+ # TODO: Rename this option and the qemu-server one to `link-down` for PVE 8.0
+ link_down => {
+ type => 'boolean',
+ description => 'Whether this interface should be disconnected (like pulling the plug).',
+ optional => 1,
+ },
};
PVE::JSONSchema::register_format('pve-lxc-network', $netconf_desc);
--
2.39.1
next prev parent reply other threads:[~2023-02-22 12:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-22 12:49 [pve-devel] [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks Christoph Heiss
2023-02-22 12:49 ` [pve-devel] [PATCH v4 container 1/3] net: Pass network config directly to net_tap_plug() Christoph Heiss
2023-02-22 12:49 ` Christoph Heiss [this message]
2023-02-22 12:49 ` [pve-devel] [PATCH v4 manager 3/3] lxc: Add `Disconnect` option for network interfaces Christoph Heiss
2023-03-16 15:06 ` [pve-devel] applied: " Wolfgang Bumiller
2023-02-23 13:54 ` [pve-devel] [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks Friedrich Weber
2023-03-16 11:51 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230222124903.326612-3-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.