From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 6E4BB1FF15E for ; Mon, 19 Jan 2026 09:37:39 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 84C3217E91; Mon, 19 Jan 2026 09:37:44 +0100 (CET) Date: Mon, 19 Jan 2026 09:37:05 +0100 To: pve-devel@lists.proxmox.com References: <20260109121049.70740-1-klein@aetherus.de> <20260109121049.70740-2-klein@aetherus.de> In-Reply-To: <20260109121049.70740-2-klein@aetherus.de> MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: Maurice Klein via pve-devel Precedence: list Cc: Maurice Klein X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: Re: [pve-devel] [PATCH container 1/1] Signed-off-by: Maurice Klein Content-Type: multipart/mixed; boundary="===============6289600185768917860==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============6289600185768917860== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DD8ACDEA56 for ; Mon, 19 Jan 2026 09:37:42 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id AC1ED17E07 for ; Mon, 19 Jan 2026 09:37:12 +0100 (CET) Received: from plesk01.aetherus.io (plesk01.aetherus.io [195.5.114.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Mon, 19 Jan 2026 09:37:11 +0100 (CET) Received: from [10.97.254.1] (unknown [195.5.114.21]) by plesk01.aetherus.io (Postfix) with ESMTPSA id 63D69300F78 for ; Mon, 19 Jan 2026 09:37:05 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aetherus.de; s=default; t=1768811825; bh=Quw6swNhk+ThDP90Wrbg4CpzlwPMq3AnyvYez9/Axj8=; h=From:Subject:To; b=UCaNLN3Tu5U9AGdZGuoCrG/jXlluU9DlaLGmcn5JEzONYdJ2PD1NeG2pUvSwF0Daq X33om/m059pbFalnQbTp5w3tPQP3+95QhQa++KbSmLVw+mApiuQp7hVYi9jIGDl+Vh Qau4gvXwbiD3rWFAQCqa/hbl1AN+QtDpwNoAUGXiWL6Px6iCfzJ+C54H60+uIjutDP 9Aia2MDJjLi99N/AgqjZeRmpRvLOoMUnlD8wMRSC+247SSkAtesQavNxJxAUnqi9NW XEekjsXrWynTPl5j349AuFUFBR/dKmisXVdNNBpbO5O3wPttwcKrn+a926A4/wwroO 3JNEeVGfvc/GQ== Authentication-Results: plesk01; spf=pass (sender IP is 195.5.114.21) smtp.mailfrom=klein@aetherus.de smtp.helo=[10.97.254.1] Received-SPF: pass (plesk01: connection is authenticated) Message-ID: Date: Mon, 19 Jan 2026 09:37:05 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Maurice Klein Subject: Re: [PATCH container 1/1] Signed-off-by: Maurice Klein To: pve-devel@lists.proxmox.com References: <20260109121049.70740-1-klein@aetherus.de> <20260109121049.70740-2-klein@aetherus.de> Content-Language: en-US In-Reply-To: <20260109121049.70740-2-klein@aetherus.de> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-PPP-Message-ID: <176881182554.152390.4229268990455720747@plesk01.aetherus.io> X-PPP-Vhost: aetherus.de X-SPAM-LEVEL: Spam detection results: 0 AWL -0.001 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Hi, just a gentle ping on this series. Happy to rework or adjust anything if I missed something or did something the wrong way. Thanks, Maurice Am 09.01.26 um 13:10 schrieb Maurice Klein: > qemu-server: add routed tap and helper scripts > --- > src/PVE/QemuServer.pm | 9 +++++- > src/PVE/QemuServer/Network.pm | 19 +++++++++++ > src/usr/pve-tap | 59 +++++++++++++++++++++++++++++++++++ > src/usr/pve-tap-hotplug | 3 ++ > src/usr/pve-tapdown | 16 ++++++++++ > 5 files changed, 105 insertions(+), 1 deletion(-) > create mode 100755 src/usr/pve-tap > create mode 100755 src/usr/pve-tap-hotplug > create mode 100755 src/usr/pve-tapdown > > diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm > index 69991843..2c0b784e 100644 > --- a/src/PVE/QemuServer.pm > +++ b/src/PVE/QemuServer.pm > @@ -1443,8 +1443,15 @@ sub print_netdev_full { > my $netdev = ""; > my $script = $hotplug ? "pve-bridge-hotplug" : "pve-bridge"; > + if ($net->{taprouted}) { > + $script = $hotplug ? "pve-tap" : "pve-tap-hotplug"; > + } > + > - if ($net->{bridge}) { > + if ($net->{taprouted}) { > + $netdev= > "type=tap,id=$netid,ifname=${ifname},script=/usr/libexec/qemu-server/$script" > + . ",downscript=/usr/libexec/qemu-server/pve-tapdown$vhostparam"; > + } elsif ($net->{bridge}) { > $netdev = > "type=tap,id=$netid,ifname=${ifname},script=/usr/libexec/qemu-server/$script" > . ",downscript=/usr/libexec/qemu-server/pve-bridgedown$vhostparam"; > } else { > diff --git a/src/PVE/QemuServer/Network.pm b/src/PVE/QemuServer/Network.pm > index eb8222e8..c11f002c 100644 > --- a/src/PVE/QemuServer/Network.pm > +++ b/src/PVE/QemuServer/Network.pm > @@ -116,6 +116,25 @@ my $net_fmt = { > "Force MTU of network device (VirtIO only). Setting to '1' or empty > will use the bridge MTU", > optional => 1, > }, > + taprouted => { > + type => 'boolean', > + description => "routed network, just make tap interface and execute > routing script", > + optional => 1, > + }, > + hostip => { > + type => 'string', > + format => 'ipv4', > + format_description => 'IPv4Format', > + description => 'IPv4 address for the host.', > + optional => 1, > + }, > + guestip => { > + type => 'string', > + format => 'ipv4', > + format_description => 'GuestIPv4', > + description => 'IPv4 address for the guest.', > + optional => 1, > + }, > }; > our $netdesc = { > diff --git a/src/usr/pve-tap b/src/usr/pve-tap > new file mode 100755 > index 00000000..10623c17 > --- /dev/null > +++ b/src/usr/pve-tap > @@ -0,0 +1,59 @@ > +#!/usr/bin/perl > + > +use strict; > +use warnings; > + > +use PVE::Tools qw(run_command); > +use PVE::Firewall; > + > +use PVE::QemuServer::Network; > + > +my $iface = shift; > + > +my $hotplug = 0; > +if ($iface eq '--hotplug') { > + $hotplug = 1; > + $iface = shift; > +} > + > +die "no interface specified\n" if !$iface; > + > +die "got strange interface name '$iface'\n" > + if $iface !~ m/^tap(\d+)i(\d+)$/; > + > +my $vmid = $1; > +my $netid = "net$2"; > + > +my $migratedfrom = $hotplug ? undef : $ENV{PVE_MIGRATED_FROM}; > + > +my $conf = PVE::QemuConfig->load_config($vmid, $migratedfrom); > + > +my $netconf = $conf->{$netid}; > + > +$netconf = $conf->{pending}->{$netid} if !$migratedfrom && > defined($conf->{pending}->{$netid}); > + > +die "unable to get network config '$netid'\n" > + if !defined($netconf); > + > +my $net = PVE::QemuServer::Network::parse_net($netconf); > +die "unable to parse network config '$netid'\n" if !$net; > + > + > +# Bring up the tap interface > +run_command(['ip', 'link', 'set', $iface, 'up']); > +#set host ip if specified > +if (defined($net->{hostip})) { > + run_command(['ip', 'addr', 'add', $net->{hostip}, 'dev', $iface]); > +} > + > +#set route to guest if specified > +if (defined($net->{guestip})) { > +run_command(['ip', 'route', 'add', $net->{guestip}, 'dev', $iface]); > +} > + > + > + > + > + > + > +exit 0; > diff --git a/src/usr/pve-tap-hotplug b/src/usr/pve-tap-hotplug > new file mode 100755 > index 00000000..6fcdcd2a > --- /dev/null > +++ b/src/usr/pve-tap-hotplug > @@ -0,0 +1,3 @@ > +#!/bin/sh > + > +exec /usr/libexec/qemu-server/pve-tap --hotplug "$@" > diff --git a/src/usr/pve-tapdown b/src/usr/pve-tapdown > new file mode 100755 > index 00000000..e867b640 > --- /dev/null > +++ b/src/usr/pve-tapdown > @@ -0,0 +1,16 @@ > +#!/usr/bin/perl > + > +use strict; > +use warnings; > +use PVE::Network; > + > +my $iface = shift; > + > +die "no interface specified\n" if !$iface; > + > +die "got strange interface name '$iface'\n" > + if $iface !~ m/^tap(\d+)i(\d+)$/; > + > +PVE::Network::tap_unplug($iface); > + > +exit 0; --===============6289600185768917860== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============6289600185768917860==--