From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id CEFFA1FF191 for ; Tue, 4 Nov 2025 17:01:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 02FEB11716; Tue, 4 Nov 2025 17:02:30 +0100 (CET) To: pve-devel@lists.proxmox.com Date: Tue, 4 Nov 2025 12:20:26 +0000 In-Reply-To: <20251104122026.62228-1-philippos.g@me.com> References: <20251104122026.62228-1-philippos.g@me.com> X-Mailman-Approved-At: Tue, 04 Nov 2025 17:02:27 +0100 MIME-Version: 1.0 Message-ID: List-Id: Proxmox VE development discussion List-Post: From: Philippos Giavridis via pve-devel Precedence: list Cc: Philippos Giavridis X-Mailman-Version: 2.1.29 X-BeenThere: pve-devel@lists.proxmox.com List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Proxmox VE development discussion List-Help: Subject: [pve-devel] [PATCH pve-network 1/1] fix: prevent duplicate DHCP leases for identical MAC address Content-Type: multipart/mixed; boundary="===============0147377213585522869==" Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" --===============0147377213585522869== Content-Type: message/rfc822 Content-Disposition: inline Return-Path: X-Original-To: pve-devel@lists.proxmox.com Delivered-To: pve-devel@lists.proxmox.com Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id DA5B9D8B7D for ; Tue, 4 Nov 2025 13:31:12 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C1ED8BD19 for ; Tue, 4 Nov 2025 13:31:12 +0100 (CET) Received: from outbound.st.icloud.com (p-east2-cluster6-host2-snip4-9.eps.apple.com [57.103.76.190]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 4 Nov 2025 13:31:11 +0100 (CET) Received: from outbound.st.icloud.com (unknown [127.0.0.2]) by p00-icloudmta-asmtp-us-east-1a-60-percent-5 (Postfix) with ESMTPS id 5BD341800251; Tue, 4 Nov 2025 12:21:01 +0000 (UTC) Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=1a1hai; bh=TqJ2pWYQakUxpsAZmybQw+Uo3480ab0jUqOPZOwCXOc=; h=From:To:Subject:Date:Message-ID:MIME-Version:x-icloud-hme; b=oFTJO7cH775Ybdgvq7oo/5VFV+CnrktHsMsa53S34Hc0d2zB3IBJq5OdkIOfcKvZIfmlPh5tZM632VjAhC12ajTbgvkWGqSqf3E6AyE8B9hmWofKMA9pNFcTxig6FXR3PsFs80+8udVth/dH4EyJwSjmqdELiIltFYC0yAQBq4xmeZjmma46SLBzBeD5Eh1rk7LYzPQ4NNIFqNP+mU/wZo0FVMYIg+8pwUmazMDTPrvnMrIs4N/ue517MuSiMCMj0UtkWzLOybD92t4M3PYPoJ8KCq+TrdtzT8eF33TjTSp1WmKkLxOWWzaYP2d+bgoFwjh5WyQsVdp0AJpqrqoSgg== Received: from roaring-lionus.eu-west-2.compute.internal (unknown [17.42.251.67]) by p00-icloudmta-asmtp-us-east-1a-60-percent-5 (Postfix) with ESMTPSA id 08183180025D; Tue, 4 Nov 2025 12:20:59 +0000 (UTC) From: Philippos Giavridis To: pve-devel@lists.proxmox.com Cc: Philippos Giavridis Subject: [PATCH pve-network 1/1] fix: prevent duplicate DHCP leases for identical MAC address Date: Tue, 4 Nov 2025 12:20:26 +0000 Message-ID: <20251104122026.62228-2-philippos.g@me.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251104122026.62228-1-philippos.g@me.com> References: <20251104122026.62228-1-philippos.g@me.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-GUID: gMriCRB28OLNtfmwy5kmT470oHr7BkRC X-Proofpoint-ORIG-GUID: gMriCRB28OLNtfmwy5kmT470oHr7BkRC X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUxMTA0MDEwMiBTYWx0ZWRfXwGIwEfYvaBq6 rIPVFZHPcEOHnu/dburX0D6cul3RoxttbSWwsVch+CDAN1h9hAe/sTK6s90TYOHjl2OeIvgKcb8 HK0HdwCxE7RRcJBB4uAyLKKxnceMzUgvuhuMj8cd5TPba72goWpiSNkm8+g+eNjJj5VIPaj7EfV dWICuWFVuaIVG6GjKK/D2gSHCFG7mfwVyIVum7Ba4G44OzW9m02c6s9EzoRp8e7NT6P4yrxHdMr Kdml+8ZJzV1MfDvWx7GsNL9Yk6JjbCDbuPi4aObt25D0Sng7RKf0Qxi30xbOcoMFie7q32fcc= X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.9,FMLib:17.12.100.49 definitions=2025-11-04_01,2025-11-03_03,2025-10-01_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 clxscore=1015 spamscore=0 mlxscore=0 malwarescore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.22.0-2506270000 definitions=main-2511040102 X-JNJ: AAAAAAABgNcbC7ryErzajsg1w93m3YKgBt8ihnb7az6OX8gdue77NIN/hMhN+uQ30rrVPkYNpcZjYsT4a1zW0MHvzHZyONZ1i37LUV/J1l+DdmgQZkYtN6SJLqA8U8C23aaHMz+9nXD650/Z5z6wGdbQlFeT/jfrEdZLBzauEglwLD09g0RVw/e/2joBOePwDSfWEAe1gmYLlzfpYTBMRZ9pfEqFH81hW++tjgIdiEXE+wRDc0zoi0A9jP+SoDaRsw4YI/GjgmHr5Vi9ByXjJFwOga1oP5qpWu7pRJufvs3hNRsBr0PnPaAZS5WarFgaAIJ3c0kBUA69u7JQj9aUBTmecUEuaYtXN8zex/di3V2v4MY2ozVn7cXHKYBnYGn4Yu7Em/vbrMjJeY8fdSdJ1sThURUrUm5sF5+j+RBxZl/6hm9/6S9gUiPIEd6dZB0yUOcBl//bD0Bw9O+QshC/TnvrbYTzEhbqDl0iPubHOV52fqvFzBNc9lONAlBlgleWf7vve5EEdP+vQOhEVrFCBSkm5M7+Uu+ZVSQM1IWPB2ZIFdFERJLlN5adXeRlOizRCpVmTdHmeuiUUvJJMyP64M6ekiWVc7TFSP/Qw8Akitqi4YH+NC7PgUYltzgLEanK/Tax X-SPAM-LEVEL: Spam detection results: 0 AWL 0.000 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from domain DMARC_PASS -0.1 DMARC pass policy FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record X-Mailman-Approved-At: Tue, 04 Nov 2025 17:02:27 +0100 When cloning a VM with the same MAC address, the SDN IPAM module currently assigns a new IP instead of using the existing reservation. This patch adds a check for existing MAC address mappings before allocating a new IP address. If such a mapping exists, the new VM receives the defined IP instead of a new one from the DHCP pool. Signed-off-by: Philippos Giavridis --- src/PVE/Network/SDN/Subnets.pm | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/PVE/Network/SDN/Subnets.pm b/src/PVE/Network/SDN/Subnets.pm index 1f27fac..66fb721 100644 --- a/src/PVE/Network/SDN/Subnets.pm +++ b/src/PVE/Network/SDN/Subnets.pm @@ -235,6 +235,30 @@ sub add_next_free_ip { #verify dns zones before ipam verify_dns_zone($dnszone, $dns) if !$skipdns; + if ($mac && $ipamid) { + my ($zoneid) = split(/-/, $subnetid); + my ($existing_ip4, $existing_ip6) = PVE::Network::SDN::Ipams::get_ips_from_mac( + $mac, $zoneid, $zone, + ); + + my $is_ipv4 = Net::IP::ip_is_ipv4($subnet->{network}); + my $existing_ip = $is_ipv4 ? $existing_ip4 : $existing_ip6; + + if ($existing_ip) { + my $ip_obj = NetAddr::IP->new($existing_ip); + my $subnet_obj = NetAddr::IP->new($subnet->{cidr}); + + if ($subnet_obj->contains($ip_obj)) { + $ip = $existing_ip; + + eval { PVE::Network::SDN::Ipams::add_cache_mac_ip($mac, $ip); }; + warn $@ if $@; + + goto DNS_SETUP; + } + } + } + if ($ipamid) { my $ipam_cfg = PVE::Network::SDN::Ipams::config(); my $plugin_config = $ipam_cfg->{ids}->{$ipamid}; @@ -267,6 +291,7 @@ sub add_next_free_ip { warn $@ if $@; } +DNS_SETUP: eval { my $reversednszone = get_reversedns_zone($subnetid, $subnet, $reversedns, $ip); -- 2.43.0 --===============0147377213585522869== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel --===============0147377213585522869==--