all lists on lists.proxmox.com
 help / color / mirror / Atom feed
From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-network 5/7] zones: vlan: add dhcp support
Date: Tue, 19 Dec 2023 09:32:14 +0100	[thread overview]
Message-ID: <20231219083216.2551645-6-aderumier@odiso.com> (raw)
In-Reply-To: <20231219083216.2551645-1-aderumier@odiso.com>

add gateway ip to vnet and force /32 for ipv4 to avoid
arp problem, and disable forwarding by security

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Zones/VlanPlugin.pm       | 33 +++++++++++++++++++
 .../zones/vlan/dhcp/expected_sdn_interfaces   | 27 +++++++++++++++
 src/test/zones/vlan/dhcp/interfaces           |  5 +++
 src/test/zones/vlan/dhcp/sdn_config           | 27 +++++++++++++++
 .../zones/vlan/nodhcp/expected_sdn_interfaces | 23 +++++++++++++
 src/test/zones/vlan/nodhcp/interfaces         |  5 +++
 src/test/zones/vlan/nodhcp/sdn_config         | 27 +++++++++++++++
 7 files changed, 147 insertions(+)
 create mode 100644 src/test/zones/vlan/dhcp/expected_sdn_interfaces
 create mode 100644 src/test/zones/vlan/dhcp/interfaces
 create mode 100644 src/test/zones/vlan/dhcp/sdn_config
 create mode 100644 src/test/zones/vlan/nodhcp/expected_sdn_interfaces
 create mode 100644 src/test/zones/vlan/nodhcp/interfaces
 create mode 100644 src/test/zones/vlan/nodhcp/sdn_config

diff --git a/src/PVE/Network/SDN/Zones/VlanPlugin.pm b/src/PVE/Network/SDN/Zones/VlanPlugin.pm
index 6a68e8d..2fa0480 100644
--- a/src/PVE/Network/SDN/Zones/VlanPlugin.pm
+++ b/src/PVE/Network/SDN/Zones/VlanPlugin.pm
@@ -43,6 +43,7 @@ sub options {
 	reversedns => { optional => 1 },
 	dnszone => { optional => 1 },
 	ipam => { optional => 1 },
+	dhcp => { optional => 1 },
     };
 }
 
@@ -51,6 +52,8 @@ sub generate_sdn_config {
     my ($class, $plugin_config, $zoneid, $vnetid, $vnet, $controller, $controller_cfg, $subnet_cfg, $interfaces_config, $config) = @_;
 
     my $bridge = $plugin_config->{bridge};
+    my $dhcp = $plugin_config->{dhcp};
+
     PVE::Network::SDN::Zones::Plugin::find_bridge($bridge);
 
     my $vlan_aware = PVE::Network::SDN::Zones::Plugin::is_vlanaware($bridge);
@@ -120,8 +123,36 @@ sub generate_sdn_config {
 	push(@{$config->{$bridgevlan}}, @iface_config) if !$config->{$bridgevlan};
     }
 
+
     #vnet bridge
     @iface_config = ();
+
+    my $disable_forward_v4 = undef;
+    my $disable_forward_v6 = undef;
+
+    if ($dhcp) {
+	my $address = {};
+	my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
+
+	foreach my $subnetid (sort keys %{$subnets}) {
+	    my $subnet = $subnets->{$subnetid};
+	    my $gateway = $subnet->{gateway};
+	    if ($gateway) {
+
+		my $mask = $subnet->{mask};
+		if (Net::IP::ip_is_ipv6($gateway)) {
+		    $disable_forward_v6 = 1;
+		} else {
+		    $mask = '32';
+		    $disable_forward_v4 = 1;
+		}
+
+		push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
+		$address->{$gateway} = 1;
+	    }
+	}
+    }
+
     push @iface_config, "bridge_ports $vnet_uplink";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
@@ -131,6 +162,8 @@ sub generate_sdn_config {
     }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
+    push @iface_config, "ip-forward off" if $disable_forward_v4;
+    push @iface_config, "ip6-forward off" if $disable_forward_v6;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
 
     return $config;
diff --git a/src/test/zones/vlan/dhcp/expected_sdn_interfaces b/src/test/zones/vlan/dhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..89e0d4a
--- /dev/null
+++ b/src/test/zones/vlan/dhcp/expected_sdn_interfaces
@@ -0,0 +1,27 @@
+#version:1
+
+auto ln_myvnet
+iface ln_myvnet
+	link-type veth
+	veth-peer-name pr_myvnet
+
+auto myvnet
+iface myvnet
+	address 192.168.0.1/32
+	address 2a08:2142:302:3::1/64
+	bridge_ports ln_myvnet
+	bridge_stp off
+	bridge_fd 0
+	ip-forward off
+	ip6-forward off
+
+auto pr_myvnet
+iface pr_myvnet
+	link-type veth
+	veth-peer-name ln_myvnet
+
+auto vmbr0v100
+iface vmbr0v100
+	bridge_ports  eth0.100 pr_myvnet
+	bridge_stp off
+	bridge_fd 0
diff --git a/src/test/zones/vlan/dhcp/interfaces b/src/test/zones/vlan/dhcp/interfaces
new file mode 100644
index 0000000..9eaf6ff
--- /dev/null
+++ b/src/test/zones/vlan/dhcp/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
\ No newline at end of file
diff --git a/src/test/zones/vlan/dhcp/sdn_config b/src/test/zones/vlan/dhcp/sdn_config
new file mode 100644
index 0000000..024ffa9
--- /dev/null
+++ b/src/test/zones/vlan/dhcp/sdn_config
@@ -0,0 +1,27 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone", tag => 100 },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { bridge => "vmbr0", ipam => "pve", type => "vlan", dhcp => "dnsmasq" } },
+             },
+  subnets => {
+		ids => {
+			'myzone-192.168.0.0-24' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '192.168.0.1',
+						},
+			'myzone-2a08:2142:302:3::-64' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '2a08:2142:302:3::1',
+							}
+		}
+             }
+}
+
+
diff --git a/src/test/zones/vlan/nodhcp/expected_sdn_interfaces b/src/test/zones/vlan/nodhcp/expected_sdn_interfaces
new file mode 100644
index 0000000..f9e96d1
--- /dev/null
+++ b/src/test/zones/vlan/nodhcp/expected_sdn_interfaces
@@ -0,0 +1,23 @@
+#version:1
+
+auto ln_myvnet
+iface ln_myvnet
+	link-type veth
+	veth-peer-name pr_myvnet
+
+auto myvnet
+iface myvnet
+	bridge_ports ln_myvnet
+	bridge_stp off
+	bridge_fd 0
+
+auto pr_myvnet
+iface pr_myvnet
+	link-type veth
+	veth-peer-name ln_myvnet
+
+auto vmbr0v100
+iface vmbr0v100
+	bridge_ports  eth0.100 pr_myvnet
+	bridge_stp off
+	bridge_fd 0
diff --git a/src/test/zones/vlan/nodhcp/interfaces b/src/test/zones/vlan/nodhcp/interfaces
new file mode 100644
index 0000000..9eaf6ff
--- /dev/null
+++ b/src/test/zones/vlan/nodhcp/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
\ No newline at end of file
diff --git a/src/test/zones/vlan/nodhcp/sdn_config b/src/test/zones/vlan/nodhcp/sdn_config
new file mode 100644
index 0000000..e47eac8
--- /dev/null
+++ b/src/test/zones/vlan/nodhcp/sdn_config
@@ -0,0 +1,27 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone", tag => 100 },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { bridge => "vmbr0", ipam => "pve", type => "vlan" } },
+             },
+  subnets => {
+		ids => {
+			'myzone-192.168.0.0-24' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '192.168.0.1',
+						},
+			'myzone-2a08:2142:302:3::-64' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '2a08:2142:302:3::1',
+							}
+		}
+             }
+}
+
+
-- 
2.39.2




  parent reply	other threads:[~2023-12-19  8:32 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-12-19  8:32 [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Alexandre Derumier
2023-12-19  8:32 ` [pve-devel] [PATCH pve-network 1/7] dhcp: add vrf support Alexandre Derumier
2023-12-19  8:32 ` [pve-devel] [PATCH pve-network 2/7] dhcp: enable-ra on layer3 zones only Alexandre Derumier
2023-12-19  8:32 ` [pve-devel] [PATCH pve-network 3/7] dnsmasq service: run service in vrf Alexandre Derumier
2023-12-19  8:32 ` [pve-devel] [PATCH pve-network 4/7] zones: evpn: add dhcp support Alexandre Derumier
2023-12-19  8:32 ` Alexandre Derumier [this message]
2023-12-19  8:32 ` [pve-devel] [PATCH pve-network 6/7] zones: qinq: " Alexandre Derumier
2023-12-19  8:32 ` [pve-devel] [PATCH pve-network 7/7] zones: vxlan: " Alexandre Derumier
2023-12-22 14:01 ` [pve-devel] [PATCH pve-network 0/7] add dhcp support for all zones Stefan Hanreich
2023-12-22 21:27   ` DERUMIER, Alexandre
2024-02-22 10:13     ` Stefan Hanreich
     [not found]       ` <6c7a0c383c6aee77689433815775e27f5259da91.camel@groupe-cyllene.com>
2024-02-22 10:52         ` Stefan Hanreich
2024-11-13  9:48 ` Stefan Hanreich
2024-11-13 19:09 ` Stefan Hanreich
2024-11-14 10:29   ` Aaron Lauterer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231219083216.2551645-6-aderumier@odiso.com \
    --to=aderumier@odiso.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal