From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 firewall 6/6] simulator: use new bridge naming scheme
Date: Fri, 23 Feb 2024 15:36:51 +0100 [thread overview]
Message-ID: <20240223143651.418065-7-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20240223143651.418065-1-s.hanreich@proxmox.com>
We now allow bridges without the vmbr prefix, so we need to allow them
here in the simulator as well.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/FirewallSimulator.pm | 20 ++++++++++----------
src/PVE/Service/pve_firewall.pm | 4 ++--
2 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm
index 140c46e..bd297d5 100644
--- a/src/PVE/FirewallSimulator.pm
+++ b/src/PVE/FirewallSimulator.pm
@@ -397,7 +397,7 @@ sub route_packet {
$pkg->{physdev_in} = $target->{fwln} || die 'internal error';
$pkg->{physdev_out} = $target->{tapdev} || die 'internal error';
- } elsif ($route_state =~ m/^vmbr\d+$/) {
+ } elsif ($route_state =~ m/^[a-zA-Z][a-zA-Z0-9]{0,14}$/) {
die "missing physdev_in - internal error?" if !$physdev_in;
$pkg->{physdev_in} = $physdev_in;
@@ -531,11 +531,6 @@ sub simulate_firewall {
$from_info->{type} = 'host';
$start_state = 'host';
$pkg->{source} = $host_ip if !defined($pkg->{source});
- } elsif ($from =~ m|^(vmbr\d+)/(\S+)$|) {
- $from_info->{type} = 'bport';
- $from_info->{bridge} = $1;
- $from_info->{iface} = $2;
- $start_state = 'from-bport';
} elsif ($from eq 'outside') {
$from_info->{type} = 'bport';
$from_info->{bridge} = 'vmbr0';
@@ -559,6 +554,11 @@ sub simulate_firewall {
$from_info = extract_vm_info($vmdata, $vmid, $netnum);
$start_state = 'fwbr-out';
$pkg->{mac_source} = $from_info->{macaddr};
+ } elsif ($from =~ m|^([a-zA-Z][a-zA-Z0-9]{0,14})/(\S+)$|) {
+ $from_info->{type} = 'bport';
+ $from_info->{bridge} = $1;
+ $from_info->{iface} = $2;
+ $start_state = 'from-bport';
} else {
die "unable to parse \"from => '$from'\"\n";
}
@@ -569,10 +569,6 @@ sub simulate_firewall {
$target->{type} = 'host';
$target->{iface} = 'host';
$pkg->{dest} = $host_ip if !defined($pkg->{dest});
- } elsif ($to =~ m|^(vmbr\d+)/(\S+)$|) {
- $target->{type} = 'bport';
- $target->{bridge} = $1;
- $target->{iface} = $2;
} elsif ($to eq 'outside') {
$target->{type} = 'bport';
$target->{bridge} = 'vmbr0';
@@ -591,6 +587,10 @@ sub simulate_firewall {
my $vmid = $1;
$target = extract_vm_info($vmdata, $vmid, 0);
$target->{iface} = $target->{tapdev};
+ } elsif ($to =~ m|^([a-zA-Z][a-zA-Z0-9]{0,14})/(\S+)$|) {
+ $target->{type} = 'bport';
+ $target->{bridge} = $1;
+ $target->{iface} = $2;
} else {
die "unable to parse \"to => '$to'\"\n";
}
diff --git a/src/PVE/Service/pve_firewall.pm b/src/PVE/Service/pve_firewall.pm
index 30d14d9..20fbc31 100755
--- a/src/PVE/Service/pve_firewall.pm
+++ b/src/PVE/Service/pve_firewall.pm
@@ -312,14 +312,14 @@ __PACKAGE__->register_method ({
from => {
description => "Source zone.",
type => 'string',
- pattern => '(host|outside|vm\d+|ct\d+|vmbr\d+/\S+)',
+ pattern => '(host|outside|vm\d+|ct\d+|([a-zA-Z][a-zA-Z0-9]{0,14})/(\S+))',
optional => 1,
default => 'outside',
},
to => {
description => "Destination zone.",
type => 'string',
- pattern => '(host|outside|vm\d+|ct\d+|vmbr\d+/\S+)',
+ pattern => '(host|outside|vm\d+|ct\d+|([a-zA-Z][a-zA-Z0-9]{0,14})/(\S+))',
optional => 1,
default => 'host',
},
--
2.39.2
next prev parent reply other threads:[~2024-02-23 14:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-23 14:36 [pve-devel] [PATCH v2 common/docs/widget-toolkit/manager/firewall 0/6] drop vmbr prefix for bridges Stefan Hanreich
2024-02-23 14:36 ` [pve-devel] [PATCH v2 common 1/6] interfaces: allow arbitrary bridge names in network config Stefan Hanreich
2024-02-23 14:36 ` [pve-devel] [PATCH v2 docs 2/6] network: update specification for bridge names Stefan Hanreich
2024-02-23 14:36 ` [pve-devel] [PATCH v2 widget-toolkit 3/6] network: allow bridges to have any valid interface name Stefan Hanreich
2024-02-23 14:36 ` [pve-devel] [PATCH v2 manager 4/6] sdn: qinq: vlan: properly validate bridge name Stefan Hanreich
2024-02-23 14:36 ` [pve-devel] [PATCH v2 manager 5/6] sdn: vlan: fix indentation in vlan edit dialogue Stefan Hanreich
2024-02-23 14:36 ` Stefan Hanreich [this message]
[not found] ` <mailman.235.1708944723.434.pve-devel@lists.proxmox.com>
2024-02-26 15:36 ` [pve-devel] [PATCH v2 firewall 6/6] simulator: use new bridge naming scheme Thomas Lamprecht
2024-02-27 12:35 ` Stefan Hanreich
2024-02-28 9:35 ` Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240223143651.418065-7-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.