From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 9522A63FB8 for ; Mon, 5 Oct 2020 17:10:36 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E53661D176 for ; Mon, 5 Oct 2020 17:10:02 +0200 (CEST) Received: from kvmformation1.odiso.net (globalOdiso.M6Lille.odiso.net [89.248.211.242]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3C7E61C864 for ; Mon, 5 Oct 2020 17:09:15 +0200 (CEST) Received: by kvmformation1.odiso.net (Postfix, from userid 0) id 66FA1E76AE; Mon, 5 Oct 2020 17:09:14 +0200 (CEST) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Date: Mon, 5 Oct 2020 17:09:09 +0200 Message-Id: <20201005150912.463000-33-aderumier@odiso.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201005150912.463000-1-aderumier@odiso.com> References: <20201005150912.463000-1-aderumier@odiso.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 1 AWL -0.380 Adjusted score from AWL reputation of From: address HEADER_FROM_DIFFERENT_DOMAINS 0.248 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods KHOP_HELO_FCRDNS 0.398 Relay HELO differs from its IP's reverse DNS NO_DNS_FOR_FROM 0.379 Envelope sender has no MX or A DNS records SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH v10 pve-network 32/35] vnets: allow duplicate tags in differents zones X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Oct 2020 15:10:36 -0000 only vxlan need to be unique globally. Signed-off-by: Alexandre Derumier --- PVE/API2/Network/SDN/Vnets.pm | 4 ++-- PVE/Network/SDN/VnetPlugin.pm | 9 --------- PVE/Network/SDN/Zones/EvpnPlugin.pm | 20 +++++++++++++++++--- PVE/Network/SDN/Zones/Plugin.pm | 2 +- PVE/Network/SDN/Zones/QinQPlugin.pm | 14 +++++++++++++- PVE/Network/SDN/Zones/SimplePlugin.pm | 7 +++++-- PVE/Network/SDN/Zones/VlanPlugin.pm | 14 +++++++++++++- PVE/Network/SDN/Zones/VxlanPlugin.pm | 20 +++++++++++++++++--- 8 files changed, 68 insertions(+), 22 deletions(-) diff --git a/PVE/API2/Network/SDN/Vnets.pm b/PVE/API2/Network/SDN/Vnets.pm index 3f99f58..84cf433 100644 --- a/PVE/API2/Network/SDN/Vnets.pm +++ b/PVE/API2/Network/SDN/Vnets.pm @@ -194,7 +194,7 @@ __PACKAGE__->register_method ({ my $zoneid = $cfg->{ids}->{$id}->{zone}; my $plugin_config = $zone_cfg->{ids}->{$zoneid}; my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); - $plugin->vnet_update_hook($cfg->{ids}->{$id}); + $plugin->vnet_update_hook($cfg, $id, $zone_cfg); PVE::Network::SDN::VnetPlugin->on_update_hook($id, $cfg); @@ -239,7 +239,7 @@ __PACKAGE__->register_method ({ my $zoneid = $cfg->{ids}->{$id}->{zone}; my $plugin_config = $zone_cfg->{ids}->{$zoneid}; my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type}); - $plugin->vnet_update_hook($cfg->{ids}->{$id}); + $plugin->vnet_update_hook($cfg, $id, $zone_cfg); PVE::Network::SDN::VnetPlugin->on_update_hook($id, $cfg); diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 518d2dd..cac578a 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -106,15 +106,6 @@ sub on_update_hook { my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid); raise_param_exc({ vlanaware => "vlanaware vnet is not compatible with subnets"}) if $subnets; } - - # verify that tag is not already defined in another vnet - if (defined($tag)) { - foreach my $id (keys %{$vnet_cfg->{ids}}) { - next if $id eq $vnetid; - my $othervnettag = $vnet_cfg->{ids}->{$id}->{tag}; - raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $othervnettag && $tag eq $othervnettag; - } - } } 1; diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm index 62ab817..5338a1b 100644 --- a/PVE/Network/SDN/Zones/EvpnPlugin.pm +++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm @@ -181,10 +181,24 @@ sub on_update_hook { sub vnet_update_hook { - my ($class, $vnet) = @_; + my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; - raise_param_exc({ tag => "missing vxlan tag"}) if !defined($vnet->{tag}); - raise_param_exc({ tag => "vxlan tag max value is 16777216"}) if $vnet->{tag} > 16777216; + my $vnet = $vnet_cfg->{ids}->{$vnetid}; + my $tag = $vnet->{tag}; + + raise_param_exc({ tag => "missing vxlan tag"}) if !defined($tag); + raise_param_exc({ tag => "vxlan tag max value is 16777216"}) if $tag > 16777216; + + # verify that tag is not already defined globally (vxlan-id are unique) + foreach my $id (keys %{$vnet_cfg->{ids}}) { + next if $id eq $vnetid; + my $othervnet = $vnet_cfg->{ids}->{$id}; + my $other_tag = $othervnet->{tag}; + my $other_zoneid = $othervnet->{zone}; + my $other_zone = $zone_cfg->{ids}->{$other_zoneid}; + next if $other_zone->{type} ne 'vxlan' && $other_zone->{type} ne 'evpn'; + raise_param_exc({ tag => "vxlan tag $tag already exist in vnet $id in zone $other_zoneid "}) if $other_tag && $tag eq $other_tag; + } if (!defined($vnet->{mac})) { my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm index 1f24269..6fc13eb 100644 --- a/PVE/Network/SDN/Zones/Plugin.pm +++ b/PVE/Network/SDN/Zones/Plugin.pm @@ -144,7 +144,7 @@ sub on_update_hook { } sub vnet_update_hook { - my ($class, $vnet) = @_; + my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; # do nothing by default } diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm index aadfd27..5d40db8 100644 --- a/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -216,10 +216,22 @@ sub status { } sub vnet_update_hook { - my ($class, $vnet) = @_; + my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; + + my $vnet = $vnet_cfg->{ids}->{$vnetid}; + my $tag = $vnet->{tag}; raise_param_exc({ tag => "missing vlan tag"}) if !defined($vnet->{tag}); raise_param_exc({ tag => "vlan tag max value is 4096"}) if $vnet->{tag} > 4096; + + # verify that tag is not already defined in another vnet on same zone + foreach my $id (keys %{$vnet_cfg->{ids}}) { + next if $id eq $vnetid; + my $othervnet = $vnet_cfg->{ids}->{$id}; + my $other_tag = $othervnet->{tag}; + next if $vnet->{zone} ne $othervnet->{zone}; + raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $other_tag && $tag eq $other_tag; + } } 1; diff --git a/PVE/Network/SDN/Zones/SimplePlugin.pm b/PVE/Network/SDN/Zones/SimplePlugin.pm index 5294485..c4f4475 100644 --- a/PVE/Network/SDN/Zones/SimplePlugin.pm +++ b/PVE/Network/SDN/Zones/SimplePlugin.pm @@ -118,9 +118,12 @@ sub status { sub vnet_update_hook { - my ($class, $vnet) = @_; + my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; - raise_param_exc({ tag => "vlan tag is not allowed on simple bridge"}) if defined($vnet->{tag}); + my $vnet = $vnet_cfg->{ids}->{$vnetid}; + my $tag = $vnet->{tag}; + + raise_param_exc({ tag => "vlan tag is not allowed on simple zone"}) if defined($tag); if (!defined($vnet->{mac})) { my $dc = PVE::Cluster::cfs_read_file('datacenter.cfg'); diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm index e1ae75b..7af9b2c 100644 --- a/PVE/Network/SDN/Zones/VlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VlanPlugin.pm @@ -175,10 +175,22 @@ sub status { } sub vnet_update_hook { - my ($class, $vnet) = @_; + my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; + + my $vnet = $vnet_cfg->{ids}->{$vnetid}; + my $tag = $vnet->{tag}; raise_param_exc({ tag => "missing vlan tag"}) if !defined($vnet->{tag}); raise_param_exc({ tag => "vlan tag max value is 4096"}) if $vnet->{tag} > 4096; + + # verify that tag is not already defined in another vnet on same zone + foreach my $id (keys %{$vnet_cfg->{ids}}) { + next if $id eq $vnetid; + my $othervnet = $vnet_cfg->{ids}->{$id}; + my $other_tag = $othervnet->{tag}; + next if $vnet->{zone} ne $othervnet->{zone}; + raise_param_exc({ tag => "tag $tag already exist in vnet $id"}) if $other_tag && $tag eq $other_tag; + } } 1; diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm index e8870a0..1fe16b8 100644 --- a/PVE/Network/SDN/Zones/VxlanPlugin.pm +++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm @@ -94,10 +94,24 @@ sub generate_sdn_config { } sub vnet_update_hook { - my ($class, $vnet) = @_; + my ($class, $vnet_cfg, $vnetid, $zone_cfg) = @_; - raise_param_exc({ tag => "missing vxlan tag"}) if !defined($vnet->{tag}); - raise_param_exc({ tag => "vxlan tag max value is 16777216"}) if $vnet->{tag} > 16777216; + my $vnet = $vnet_cfg->{ids}->{$vnetid}; + my $tag = $vnet->{tag}; + + raise_param_exc({ tag => "missing vxlan tag"}) if !defined($tag); + raise_param_exc({ tag => "vxlan tag max value is 16777216"}) if $tag > 16777216; + + # verify that tag is not already defined globally (vxlan-id are unique) + foreach my $id (keys %{$vnet_cfg->{ids}}) { + next if $id eq $vnetid; + my $othervnet = $vnet_cfg->{ids}->{$id}; + my $other_tag = $othervnet->{tag}; + my $other_zoneid = $othervnet->{zone}; + my $other_zone = $zone_cfg->{ids}->{$other_zoneid}; + next if $other_zone->{type} ne 'vxlan' && $other_zone->{type} ne 'evpn'; + raise_param_exc({ tag => "vxlan tag $tag already exist in vnet $id in zone $other_zoneid "}) if $other_tag && $tag eq $other_tag; + } } 1; -- 2.20.1