From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes
Date: Thu, 21 May 2026 13:19:15 +0200 [thread overview]
Message-ID: <20260521111917.275330-1-s.hanreich@proxmox.com> (raw)
Strip the port of all endpoints of internal nodes again, since they're
derived from the internal nodes' endpoints as well as the referenced
interface of the internal node in the respective peer definition. Only
replace ports if IPv6 endpoints are given with brackets, or if the
string before a potential port suffix is a valid IPv4 address,
otherwise leave the string unchanged (e.g. fe80::1:51820 would stay
the same).
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Network/SDN/Fabrics.pm | 49 +++++++++++++++-------------------
1 file changed, 21 insertions(+), 28 deletions(-)
diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
index b828d3d6..9a23f210 100644
--- a/src/PVE/Network/SDN/Fabrics.pm
+++ b/src/PVE/Network/SDN/Fabrics.pm
@@ -3,7 +3,7 @@ package PVE::Network::SDN::Fabrics;
use strict;
use warnings;
-use Socket qw(inet_pton AF_INET6);
+use Socket qw(inet_pton AF_INET AF_INET6);
use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file cfs_write_file);
use PVE::JSONSchema qw(get_standard_option);
@@ -124,31 +124,32 @@ sub write_fabrics_config {
# FIXME: remove with PVE 10
#
# WireGuard fabrics from libpve-network-perl 1.5.0 stored a port-less endpoint
-# and derived the port from the interface's listen_port; the endpoint is now a
-# full host:port. On read, append the node's listen port to such legacy
-# node-level endpoints (a bare IPv6 is bracketed). A port-less per-peer
-# endpoint override cannot be expressed anymore and its target port is not
-# available here, so it is dropped - the peer then falls back to the
-# referenced node's (migrated) endpoint. Values already carrying a port, and
-# external nodes (no interface, no port), are left for the strict parser.
+# and derived the port from the interface's listen_port; This has shortly been
+# changed to full host:port in 1.6.3. Revert this change by removing the port
+# from endpoints with either valid IPv6 bracket notation or an IPv4 adresses
+# succeeded by a port definition.
sub migrate_legacy_wireguard_endpoints {
my ($raw) = @_;
return $raw if !length($raw // '');
return $raw if $raw !~ /^wireguard_node:/m;
- # a port-less endpoint is a colon-free bare IPv4/hostname or a bare IPv6
- my $is_portless = sub { $_[0] !~ /:/ || defined(inet_pton(AF_INET6, $_[0])) };
-
my @lines = split(/\n/, $raw, -1);
- my ($endpoint_idx, $host, $listen_port, $in_wg_node);
+ my ($endpoint_idx, $endpoint, $role, $in_wg_node);
+
my $flush = sub {
- if (defined($endpoint_idx) && defined($listen_port)) {
- $host = "[$host]" if defined(inet_pton(AF_INET6, $host));
- $lines[$endpoint_idx] =~ s/\S+$/$host:$listen_port/;
+ if (defined($endpoint_idx) && defined($role) && $role eq 'internal') {
+ if ($endpoint =~ /^\[(\S+)\]:\d+$/) {
+ $endpoint = $1 if defined(inet_pton(AF_INET6, $1));
+ } elsif ($endpoint =~ /^(\S+):\d+$/) {
+ $endpoint = $1 if defined(inet_pton(AF_INET, $1));
+ }
+
+ $lines[$endpoint_idx] =~ s/\S+$/$endpoint/;
}
- ($endpoint_idx, $host, $listen_port) = (undef, undef, undef);
+
+ ($endpoint_idx, $endpoint, $role, $in_wg_node) = (undef, undef, undef);
};
for my $i (0 .. $#lines) {
@@ -157,19 +158,11 @@ sub migrate_legacy_wireguard_endpoints {
$in_wg_node = $lines[$i] =~ /^wireguard_node:/;
} elsif (!$in_wg_node) {
next;
+ } elsif ($lines[$i] =~ /^\s+role\s+(\S+)$/) {
+ $role = $1;
} elsif ($lines[$i] =~ /^\s+endpoint\s+(\S+)$/) {
- my $value = $1;
- ($endpoint_idx, $host) = ($i, $value) if $is_portless->($value);
- } elsif ($lines[$i] =~ /^(\s+peers\s+)(\S.*)$/) {
- my ($prefix, $props) = ($1, $2);
- if (my ($value) = $props =~ /(?:^|,)endpoint=([^,]+)/) {
- $props = join(',', grep { $_ ne "endpoint=$value" } split(/,/, $props))
- if $is_portless->($value);
- $lines[$i] = "$prefix$props";
- }
- } elsif ($lines[$i] =~ /^\s+interfaces\s+\S/) {
- my ($port) = $lines[$i] =~ /(?:^|,)listen_port=(\d+)/;
- $listen_port //= $port;
+ $endpoint_idx = $i;
+ $endpoint = $1;
}
}
$flush->();
--
2.47.3
next reply other threads:[~2026-05-21 11:21 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 11:19 Stefan Hanreich [this message]
2026-05-21 11:32 ` applied: [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521111917.275330-1-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.