From: Christoph Heiss <c.heiss@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v4 container 2/3] net: Add `link_down` config to allow setting interfaces as disconnected
Date: Wed, 22 Feb 2023 13:49:02 +0100 [thread overview]
Message-ID: <20230222124903.326612-3-c.heiss@proxmox.com> (raw)
In-Reply-To: <20230222124903.326612-1-c.heiss@proxmox.com>
If this network option is set, the host-side link will be forced down
and the interface won't be connected to the bridge.
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Changes v1 -> v2:
* Split trailing whitespace fix into separate patch
* Rename option to kebap-case
* Proper option comparison using `safe_boolean_ne`
* Copy option to new network conf like the other options
* Remove the veth interface from the bridge when disconnected
Changes v2 -> v3:
* Rename option to snake_case again
* Move option hotplug-handling before LXC attach again
Changes v3 -> v4:
* Rebase
* Shorten and remove some comments as appropriate
* Update `link_down` schema comment
* Move `link_down` logic to net_tap_plug()
A note regarding the last change:
The interface is now always set UP if `link_down` is unset. This saves
us from passing the old network configuration to net_tap_plug() and
should not have any effect as setting an interface UP/DOWN is
(hopefully?) idempotent anyway - if it already is UP it does nothing and
if it is currently DOWN we want it UP anyway at that point.
src/PVE/LXC.pm | 17 ++++++++++++++---
src/PVE/LXC/Config.pm | 6 ++++++
2 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 54afd97..c4d53e8 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -920,6 +920,14 @@ sub vm_stop_cleanup {
sub net_tap_plug : prototype($$) {
my ($iface, $net) = @_;
+
+ if (defined($net->{link_down})) {
+ PVE::Tools::run_command(['/sbin/ip', 'link', 'set', 'dev', $iface, 'down']);
+ # Don't add disconnected interfaces to the bridge, otherwise e.g. applying any network
+ # change (e.g. `ifreload -a`) could (re-)activate it unintentionally.
+ return;
+ }
+
my ($bridge, $tag, $firewall, $trunks, $rate, $hwaddr) =
$net->@{'bridge', 'tag', 'firewall', 'trunks', 'rate', 'hwaddr'};
@@ -929,6 +937,8 @@ sub net_tap_plug : prototype($$) {
} else {
PVE::Network::tap_plug($iface, $bridge, $tag, $firewall, $trunks, $rate, { mac => $hwaddr });
}
+
+ PVE::Tools::run_command(['/sbin/ip', 'link', 'set', 'dev', $iface, 'up']);
}
sub update_net {
@@ -957,7 +967,8 @@ sub update_net {
} else {
if (safe_string_ne($oldnet->{bridge}, $newnet->{bridge}) ||
safe_num_ne($oldnet->{tag}, $newnet->{tag}) ||
- safe_num_ne($oldnet->{firewall}, $newnet->{firewall})
+ safe_num_ne($oldnet->{firewall}, $newnet->{firewall}) ||
+ safe_boolean_ne($oldnet->{link_down}, $newnet->{link_down})
) {
if ($oldnet->{bridge}) {
@@ -972,7 +983,7 @@ sub update_net {
PVE::LXC::net_tap_plug($veth, $newnet);
# This includes the rate:
- foreach (qw(bridge tag firewall rate)) {
+ foreach (qw(bridge tag firewall rate link_down)) {
$oldnet->{$_} = $newnet->{$_} if $newnet->{$_};
}
} elsif (safe_string_ne($oldnet->{rate}, $newnet->{rate})) {
@@ -1015,7 +1026,7 @@ sub hotplug_net {
PVE::Tools::run_command($cmd);
my $done = { type => 'veth' };
- foreach (qw(bridge tag firewall hwaddr name)) {
+ foreach (qw(bridge tag firewall hwaddr name link_down)) {
$done->{$_} = $newnet->{$_} if $newnet->{$_};
}
$conf->{$opt} = PVE::LXC::Config->print_lxc_network($done);
diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
index af25a96..bf424f9 100644
--- a/src/PVE/LXC/Config.pm
+++ b/src/PVE/LXC/Config.pm
@@ -814,6 +814,12 @@ our $netconf_desc = {
description => "Apply rate limiting to the interface",
optional => 1,
},
+ # TODO: Rename this option and the qemu-server one to `link-down` for PVE 8.0
+ link_down => {
+ type => 'boolean',
+ description => 'Whether this interface should be disconnected (like pulling the plug).',
+ optional => 1,
+ },
};
PVE::JSONSchema::register_format('pve-lxc-network', $netconf_desc);
--
2.39.1
next prev parent reply other threads:[~2023-02-22 12:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-22 12:49 [pve-devel] [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks Christoph Heiss
2023-02-22 12:49 ` [pve-devel] [PATCH v4 container 1/3] net: Pass network config directly to net_tap_plug() Christoph Heiss
2023-02-22 12:49 ` Christoph Heiss [this message]
2023-02-22 12:49 ` [pve-devel] [PATCH v4 manager 3/3] lxc: Add `Disconnect` option for network interfaces Christoph Heiss
2023-03-16 15:06 ` [pve-devel] applied: " Wolfgang Bumiller
2023-02-23 13:54 ` [pve-devel] [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks Friedrich Weber
2023-03-16 11:51 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230222124903.326612-3-c.heiss@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox