From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <root@kvmformation3.odiso.net>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 09DD29C48E
 for <pve-devel@lists.proxmox.com>; Wed, 22 Nov 2023 08:58:40 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id DD94914329
 for <pve-devel@lists.proxmox.com>; Wed, 22 Nov 2023 08:58:09 +0100 (CET)
Received: from bastionodiso.odiso.net (bastionodiso.odiso.net [185.151.191.93])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Wed, 22 Nov 2023 08:58:09 +0100 (CET)
Received: from kvmformation3.odiso.net (formationkvm3.odiso.net [10.3.94.12])
 by bastionodiso.odiso.net (Postfix) with ESMTP id 66BF980C1;
 Wed, 22 Nov 2023 08:58:02 +0100 (CET)
Received: by kvmformation3.odiso.net (Postfix, from userid 0)
 id 5516219D44F; Wed, 22 Nov 2023 08:58:02 +0100 (CET)
From: Alexandre Derumier <aderumier@odiso.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 22 Nov 2023 08:58:01 +0100
Message-Id: <20231122075801.1224275-1-aderumier@odiso.com>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.032 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail
 domains are different
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [dhcp.pm, plugin.pm, dnsmasq.pm]
Subject: [pve-devel] [PATCH pve-network] fix dhcpv6 router advertisement
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2023 07:58:40 -0000

- don't listen to ip address, but use interface= instead
- generate 1 config file by vnet instead 1 by subnet
- enable-ra is global to server, enable it in default conf

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 src/PVE/Network/SDN/Dhcp.pm         | 33 +++++++++++++++++---------
 src/PVE/Network/SDN/Dhcp/Dnsmasq.pm | 36 +++++++++++++++--------------
 src/PVE/Network/SDN/Dhcp/Plugin.pm  |  9 ++++++--
 3 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/src/PVE/Network/SDN/Dhcp.pm b/src/PVE/Network/SDN/Dhcp.pm
index fc33f08..2c2d019 100644
--- a/src/PVE/Network/SDN/Dhcp.pm
+++ b/src/PVE/Network/SDN/Dhcp.pm
@@ -59,6 +59,7 @@ sub regenerate_config {
     my $cfg = PVE::Network::SDN::running_config();
 
     my $zone_cfg = $cfg->{zones};
+    my $vnet_cfg = $cfg->{vnets};
     my $subnet_cfg = $cfg->{subnets};
     return if !$zone_cfg && !$subnet_cfg;
 
@@ -84,22 +85,32 @@ sub regenerate_config {
 	eval { $dhcp_plugin->before_configure($zoneid) };
 	die "Could not run before_configure for DHCP server $zoneid $@\n" if $@;
 
+	for my $vnetid (sort keys %{$vnet_cfg->{ids}}) {
+	    my $vnet = $vnet_cfg->{ids}->{$vnetid};
+	    next if $vnet->{zone} ne $zoneid;
 
-	foreach my $subnet_id (keys %{$subnet_cfg->{ids}}) {
-	    my $subnet_config = PVE::Network::SDN::Subnets::sdn_subnets_config($subnet_cfg, $subnet_id);
-	    my $dhcp_ranges = PVE::Network::SDN::Subnets::get_dhcp_ranges($subnet_config);
+	    my $config = [];
+	    my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid);
 
-	    my ($zone, $subnet_network, $subnet_mask) = split(/-/, $subnet_id);
-	    next if $zone ne $zoneid;
-	    next if !$dhcp_ranges;
+	    foreach my $subnet_id (sort keys %{$subnets}) {
+		my $subnet_config = $subnets->{$subnet_id};
+		my $dhcp_ranges = PVE::Network::SDN::Subnets::get_dhcp_ranges($subnet_config);
 
-	    eval { $dhcp_plugin->configure_subnet($zoneid, $subnet_config) };
-	    warn "Could not configure subnet $subnet_id: $@\n" if $@;
+		my ($zone, $subnet_network, $subnet_mask) = split(/-/, $subnet_id);
+		next if $zone ne $zoneid;
+		next if !$dhcp_ranges;
 
-	    foreach my $dhcp_range (@$dhcp_ranges) {
-		eval { $dhcp_plugin->configure_range($zoneid, $subnet_config, $dhcp_range) };
-		warn "Could not configure DHCP range for $subnet_id: $@\n" if $@;
+		eval { $dhcp_plugin->configure_subnet($config, $zoneid, $vnetid, $subnet_config) };
+		warn "Could not configure subnet $subnet_id: $@\n" if $@;
+
+		foreach my $dhcp_range (@$dhcp_ranges) {
+		    eval { $dhcp_plugin->configure_range($config, $zoneid, $vnetid, $subnet_config, $dhcp_range) };
+		    warn "Could not configure DHCP range for $subnet_id: $@\n" if $@;
+		}
 	    }
+
+	    eval { $dhcp_plugin->configure_vnet($config, $zoneid, $vnetid, $vnet) };
+	    warn "Could not configure vnet $vnetid: $@\n" if $@;
 	}
 
 	eval { $dhcp_plugin->after_configure($zoneid) };
diff --git a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
index 7b54532..4c0de25 100644
--- a/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
+++ b/src/PVE/Network/SDN/Dhcp/Dnsmasq.pm
@@ -101,39 +101,29 @@ sub add_ip_mapping {
 }
 
 sub configure_subnet {
-    my ($class, $dhcpid, $subnet_config) = @_;
+    my ($class, $config, $dhcpid, $vnetid, $subnet_config) = @_;
 
     die "No gateway defined for subnet $subnet_config->{id}"
 	if !$subnet_config->{gateway};
 
     my $tag = $subnet_config->{id};
 
-    my @dnsmasq_config = (
-	"listen-address=$subnet_config->{gateway}",
-    );
-
     my $option_string;
     if (ip_is_ipv6($subnet_config->{network})) {
 	$option_string = 'option6';
-	push @dnsmasq_config, "enable-ra";
     } else {
 	$option_string = 'option';
-	push @dnsmasq_config, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
+	push @{$config}, "dhcp-option=tag:$tag,$option_string:router,$subnet_config->{gateway}";
     }
 
-    push @dnsmasq_config, "dhcp-option=tag:$tag,$option_string:dns-server,$subnet_config->{'dhcp-dns-server'}"
+    push @{$config}, "dhcp-option=tag:$tag,$option_string:dns-server,$subnet_config->{'dhcp-dns-server'}"
 	if $subnet_config->{'dhcp-dns-server'};
 
-    PVE::Tools::file_set_contents(
-	"$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$subnet_config->{id}.conf",
-	join("\n", @dnsmasq_config) . "\n"
-    );
 }
 
 sub configure_range {
-    my ($class, $dhcpid, $subnet_config, $range_config) = @_;
+    my ($class, $config, $dhcpid, $vnetid, $subnet_config, $range_config) = @_;
 
-    my $subnet_file = "$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$subnet_config->{id}.conf";
     my $tag = $subnet_config->{id};
 
     my ($zone, $network, $mask) = split(/-/, $tag);
@@ -143,9 +133,20 @@ sub configure_range {
 	$mask = join( '.', unpack( "C4", pack( "N", $mask ) ) );
     }
 
-    open(my $fh, '>>', $subnet_file) or die "Could not open file '$subnet_file' $!\n";
-    print $fh "dhcp-range=set:$tag,$network,static,$mask,infinite\n";
-    close $fh;
+    push @{$config}, "dhcp-range=set:$tag,$network,static,$mask,infinite";
+}
+
+sub configure_vnet {
+    my ($class, $config, $dhcpid, $vnetid, $vnet_config) = @_;
+
+    return if @{$config} < 1;
+
+    push @{$config}, "interface=$vnetid";
+
+    PVE::Tools::file_set_contents(
+	"$DNSMASQ_CONFIG_ROOT/$dhcpid/10-$vnetid.conf",
+	join("\n", @{$config}) . "\n"
+    );
 }
 
 sub before_configure {
@@ -192,6 +193,7 @@ CFG
 
     my $default_dnsmasq_config = <<CFG;
 except-interface=lo
+enable-ra
 bind-dynamic
 no-resolv
 no-hosts
diff --git a/src/PVE/Network/SDN/Dhcp/Plugin.pm b/src/PVE/Network/SDN/Dhcp/Plugin.pm
index d05378d..b99f598 100644
--- a/src/PVE/Network/SDN/Dhcp/Plugin.pm
+++ b/src/PVE/Network/SDN/Dhcp/Plugin.pm
@@ -28,12 +28,17 @@ sub add_ip_mapping {
 }
 
 sub configure_range {
-    my ($class, $dhcp_config, $subnet_config, $range_config) = @_;
+    my ($class, $dhcpid, $vnetid, $subnet_config, $range_config) = @_;
     die 'implement in sub class';
 }
 
 sub configure_subnet {
-    my ($class, $dhcp_config, $subnet_config) = @_;
+    my ($class, $dhcpid, $vnetid, $subnet_config) = @_;
+    die 'implement in sub class';
+}
+
+sub configure_vnet {
+    my ($class, $config, $dhcpid, $vnetid, $vnet_config) = @_;
     die 'implement in sub class';
 }
 
-- 
2.39.2