From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 5BE171FF13F for ; Thu, 07 May 2026 14:43:47 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 45C891A133; Thu, 7 May 2026 14:41:14 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH pve-network v4 18/31] fabrics: wireguard: add schema definitions for wireguard Date: Thu, 7 May 2026 14:39:53 +0200 Message-ID: <20260507124008.417223-19-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260507124008.417223-1-s.hanreich@proxmox.com> References: <20260507124008.417223-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1778157509836 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.640 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: 4YWLYNRDH6VDSB5NU2RFQELMNN4DFYL3 X-Message-ID-Hash: 4YWLYNRDH6VDSB5NU2RFQELMNN4DFYL3 X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Add the newly introduced properties for fabrics / nodes to the existing schema definition. The existing fabric / node endpoints will then work with the new WireGuard entities, without any additional changes. To properly detect changes in the peers property, which is an array, it needs to be added to the encode_value function as well, which is used for comparing the pending configuration to the running configuration. Originally-by: Christoph Heiss Signed-off-by: Stefan Hanreich --- src/PVE/API2/Network/SDN.pm | 2 +- src/PVE/Network/SDN.pm | 2 + src/PVE/Network/SDN/Fabrics.pm | 173 +++++++++++++++++++++++++++++++-- 3 files changed, 170 insertions(+), 7 deletions(-) diff --git a/src/PVE/API2/Network/SDN.pm b/src/PVE/API2/Network/SDN.pm index 03746e8..6b73af2 100644 --- a/src/PVE/API2/Network/SDN.pm +++ b/src/PVE/API2/Network/SDN.pm @@ -125,7 +125,7 @@ my $create_reload_network_worker = sub { } }, ); - #my $upid = PVE::API2::Network->reload_network_config(node => $nodename}); + #my $upid = PVE::API2::Network->reload_network_config({ node => $nodename }); my $res = PVE::Tools::upid_decode($upid); return $res->{pid}; diff --git a/src/PVE/Network/SDN.pm b/src/PVE/Network/SDN.pm index 53a12c2..74c0edb 100644 --- a/src/PVE/Network/SDN.pm +++ b/src/PVE/Network/SDN.pm @@ -511,6 +511,8 @@ sub encode_value { || $key eq 'entries' || $key eq 'match' || $key eq 'set' + || $key eq 'peers' + || $key eq 'allowed_ips' ) { if (ref($value) eq 'HASH') { return join(',', sort keys(%$value)); diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm index bc295f0..98e9c90 100644 --- a/src/PVE/Network/SDN/Fabrics.pm +++ b/src/PVE/Network/SDN/Fabrics.pm @@ -51,7 +51,44 @@ PVE::JSONSchema::register_standard_option( { description => "Type of configuration entry in an SDN Fabric section config", type => 'string', - enum => ['openfabric', 'ospf'], + enum => ['openfabric', 'ospf', 'wireguard'], + }, +); + +PVE::JSONSchema::register_format( + 'pve-sdn-fabric-wireguard-interface', + { + name => { + type => 'string', + format => 'pve-iface', + description => 'Name of the network interface', + }, + public_key => { + type => 'string', + description => 'The public key of this interface', + optional => 1, + }, + ip => { + type => 'string', + format => 'CIDRv4', + description => 'IPv4 address for this node', + optional => 1, + }, + ip6 => { + type => 'string', + format => 'CIDRv6', + description => 'IPv6 address for this node', + optional => 1, + }, + listen_port => { + type => 'number', + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'Port to listen on for WireGuard traffic.', + optional => 1, + minimum => 1, + maximum => 65535, + }, }, ); @@ -202,18 +239,118 @@ sub node_properties { description => 'OSPF network interface', optional => 1, }, + { + type => 'array', + 'instance-types' => ['wireguard'], + items => { + description => + "Type of configuration entry in an SDN Fabric section config", + type => 'string', + format => 'pve-sdn-fabric-wireguard-interface', + }, + description => 'WireGuard network interface', + optional => 1, + }, ], }, - }; - - if ($update) { - $properties->{delete} = { + public_key => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The role of this node in the WireGuard fabric.', + type => 'string', + optional => 1, + }, + role => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The role of this node in the WireGuard fabric.', + type => 'string', + enum => ['internal', 'external'], + optional => 1, + }, + endpoint => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'The endpoint used for connecting to this node.', + optional => 1, + type => 'string', + }, + allowed_ips => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], type => 'array', + optional => 1, + description => + 'A list of IPs that are routable via this node in the WireGuard fabric.', items => { type => 'string', - enum => ['interfaces', 'ip', 'ip6'], + format => 'CIDR', }, + }, + peers => { + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], optional => 1, + type => 'array', + items => { + type => 'string', + format => { + type => { + type => 'string', + enum => ['internal', 'external'], + }, + node => { + description => + 'The name of the peer (if external) or the name of the node and interface (if internal).', + type => 'string', + }, + node_iface => { + description => + 'The interface of the other node, if it is internal', + type => 'string', + optional => 1, + }, + iface => { + description => + 'The interface of this node that uses this peer definition.', + type => 'string', + }, + endpoint => { + description => + 'Override for the endpoint settings in the node section.', + optional => 1, + type => 'string', + }, + }, + }, + }, + }; + + if ($update) { + $properties->{delete} = { + # coerce this value into an array before parsing (oneOf workaround) + type => 'array', + 'type-property' => 'protocol', + oneOf => [ + { + type => 'array', + 'instance-types' => ['openfabric', 'ospf'], + items => { + type => 'string', + enum => ['interfaces', 'ip', 'ip6'], + }, + optional => 1, + }, + { + type => 'array', + 'instance-types' => ['wireguard'], + items => { + type => 'string', + enum => ['allowed_ips', 'endpoint', 'interfaces', 'ip', 'ip6', 'peers'], + }, + optional => 1, + }, + ], }; } @@ -275,6 +412,21 @@ sub fabric_properties { 'A prefix list that should be used for filtering routes that are to be installed into the kernel routing table', optional => 1, }, + persistent_keepalive => { + type => 'number', + 'type-property' => 'protocol', + 'instance-types' => ['wireguard'], + description => 'A seconds interval, between 1 and 65535 inclusive, of how often to' + . ' send an authenticated empty packet to the peer for the purpose of keeping a' + . ' stateful firewall or NAT mapping valid persistently. For example, if the' + . ' interface very rarely sends traffic, but it might at anytime receive traffic' + . ' from another node, and it is behind NAT, the interface might benefit from' + . ' having a persistent keepalive interval of 25 seconds. If unset or set to 0, it' + . ' is turned off', + optional => 1, + minimum => 0, + maximum => 65535, + }, }; if ($update) { @@ -301,6 +453,15 @@ sub fabric_properties { }, optional => 1, }, + { + type => 'array', + 'instance-types' => ['wireguard'], + items => { + type => 'string', + enum => ['persistent_keepalive'], + }, + optional => 1, + }, ], }; } -- 2.47.3