From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2A956BBAE2 for ; Tue, 19 Dec 2023 09:32:56 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 03D5933B82 for ; Tue, 19 Dec 2023 09:32:26 +0100 (CET) Received: from bastionodiso.odiso.net (bastionodiso.odiso.net [IPv6:2a0a:1580:2000::2d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 19 Dec 2023 09:32:24 +0100 (CET) Received: from kvmformation3.odiso.net (formationkvm3.odiso.net [10.3.94.12]) by bastionodiso.odiso.net (Postfix) with ESMTP id 2A8078109; Tue, 19 Dec 2023 09:32:17 +0100 (CET) Received: by kvmformation3.odiso.net (Postfix, from userid 0) id 29519DE5F2; Tue, 19 Dec 2023 09:32:17 +0100 (CET) From: Alexandre Derumier To: pve-devel@lists.proxmox.com Date: Tue, 19 Dec 2023 09:32:15 +0100 Message-Id: <20231219083216.2551645-7-aderumier@odiso.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20231219083216.2551645-1-aderumier@odiso.com> References: <20231219083216.2551645-1-aderumier@odiso.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.023 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH pve-network 6/7] zones: qinq: add dhcp support X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Dec 2023 08:32:56 -0000 add gateway ip to vnet and force /32 for ipv4 to avoid arp problem, and disable forwarding by security Signed-off-by: Alexandre Derumier --- src/PVE/Network/SDN/Zones/QinQPlugin.pm | 32 +++++++++++++++++ .../zones/qinq/dhcp/expected_sdn_interfaces | 34 +++++++++++++++++++ src/test/zones/qinq/dhcp/interfaces | 5 +++ src/test/zones/qinq/dhcp/sdn_config | 26 ++++++++++++++ .../zones/qinq/nodhcp/expected_sdn_interfaces | 30 ++++++++++++++++ src/test/zones/qinq/nodhcp/interfaces | 5 +++ src/test/zones/qinq/nodhcp/sdn_config | 26 ++++++++++++++ 7 files changed, 158 insertions(+) create mode 100644 src/test/zones/qinq/dhcp/expected_sdn_interfaces create mode 100644 src/test/zones/qinq/dhcp/interfaces create mode 100644 src/test/zones/qinq/dhcp/sdn_config create mode 100644 src/test/zones/qinq/nodhcp/expected_sdn_interfaces create mode 100644 src/test/zones/qinq/nodhcp/interfaces create mode 100644 src/test/zones/qinq/nodhcp/sdn_config diff --git a/src/PVE/Network/SDN/Zones/QinQPlugin.pm b/src/PVE/Network/SDN/Zones/QinQPlugin.pm index 4c4be64..57655b4 100644 --- a/src/PVE/Network/SDN/Zones/QinQPlugin.pm +++ b/src/PVE/Network/SDN/Zones/QinQPlugin.pm @@ -46,6 +46,7 @@ sub options { reversedns => { optional => 1 }, dnszone => { optional => 1 }, ipam => { optional => 1 }, + dhcp => { optional => 1 }, }; } @@ -55,6 +56,7 @@ sub generate_sdn_config { my ($bridge, $mtu, $stag) = $plugin_config->@{'bridge', 'mtu', 'tag'}; my $vlanprotocol = $plugin_config->{'vlan-protocol'}; + my $dhcp = $plugin_config->{'dhcp'}; PVE::Network::SDN::Zones::Plugin::find_bridge($bridge); @@ -154,6 +156,34 @@ sub generate_sdn_config { # vnet bridge @iface_config = (); + + my $disable_forward_v4 = undef; + my $disable_forward_v6 = undef; + + if ($dhcp) { + my $address = {}; + my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1); + + foreach my $subnetid (sort keys %{$subnets}) { + my $subnet = $subnets->{$subnetid}; + my $gateway = $subnet->{gateway}; + + if ($gateway) { + + my $mask = $subnet->{mask}; + if (Net::IP::ip_is_ipv6($gateway)) { + $disable_forward_v6 = 1; + } else { + $mask = '32'; + $disable_forward_v4 = 1; + } + + push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway}); + $address->{$gateway} = 1; + } + } + } + push @iface_config, "bridge_ports $vnet_bridge_ports"; push @iface_config, "bridge_stp off"; push @iface_config, "bridge_fd 0"; @@ -163,6 +193,8 @@ sub generate_sdn_config { } push @iface_config, "mtu $mtu" if $mtu; push @iface_config, "alias $vnet->{alias}" if $vnet->{alias}; + push @iface_config, "ip-forward off" if $disable_forward_v4; + push @iface_config, "ip6-forward off" if $disable_forward_v6; push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid}; } diff --git a/src/test/zones/qinq/dhcp/expected_sdn_interfaces b/src/test/zones/qinq/dhcp/expected_sdn_interfaces new file mode 100644 index 0000000..d73f043 --- /dev/null +++ b/src/test/zones/qinq/dhcp/expected_sdn_interfaces @@ -0,0 +1,34 @@ +#version:1 + +auto ln_myzone +iface ln_myzone + link-type veth + veth-peer-name pr_myzone + +auto myvnet +iface myvnet + address 192.168.0.1/32 + address 2a08:2142:302:3::1/64 + bridge_ports z_myzone.100 + bridge_stp off + bridge_fd 0 + ip-forward off + ip6-forward off + +auto pr_myzone +iface pr_myzone + link-type veth + veth-peer-name ln_myzone + +auto sv_myzone +iface sv_myzone + vlan-raw-device eth0 + vlan-id 10 + +auto z_myzone +iface z_myzone + bridge-stp off + bridge-ports sv_myzone ln_myzone + bridge-fd 0 + bridge-vlan-aware yes + bridge-vids 2-4094 diff --git a/src/test/zones/qinq/dhcp/interfaces b/src/test/zones/qinq/dhcp/interfaces new file mode 100644 index 0000000..68b6a88 --- /dev/null +++ b/src/test/zones/qinq/dhcp/interfaces @@ -0,0 +1,5 @@ +auto vmbr0 +iface vmbr0 inet manual + bridge-ports eth0 + bridge-stp off + bridge-fd 0 diff --git a/src/test/zones/qinq/dhcp/sdn_config b/src/test/zones/qinq/dhcp/sdn_config new file mode 100644 index 0000000..bb21385 --- /dev/null +++ b/src/test/zones/qinq/dhcp/sdn_config @@ -0,0 +1,26 @@ +{ + version => 1, + vnets => { + ids => { + myvnet => { tag => 100, type => "vnet", zone => "myzone" }, + }, + }, + zones => { + ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq", dhcp => "dnsmasq" } }, + }, + + subnets => { + ids => { + 'myzone-192.168.0.0-24' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + 'gateway' => '192.168.0.1', + }, + 'myzone-2a08:2142:302:3::-64' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + 'gateway' => '2a08:2142:302:3::1', + } + } + } +} diff --git a/src/test/zones/qinq/nodhcp/expected_sdn_interfaces b/src/test/zones/qinq/nodhcp/expected_sdn_interfaces new file mode 100644 index 0000000..4ac9f99 --- /dev/null +++ b/src/test/zones/qinq/nodhcp/expected_sdn_interfaces @@ -0,0 +1,30 @@ +#version:1 + +auto ln_myzone +iface ln_myzone + link-type veth + veth-peer-name pr_myzone + +auto myvnet +iface myvnet + bridge_ports z_myzone.100 + bridge_stp off + bridge_fd 0 + +auto pr_myzone +iface pr_myzone + link-type veth + veth-peer-name ln_myzone + +auto sv_myzone +iface sv_myzone + vlan-raw-device eth0 + vlan-id 10 + +auto z_myzone +iface z_myzone + bridge-stp off + bridge-ports sv_myzone ln_myzone + bridge-fd 0 + bridge-vlan-aware yes + bridge-vids 2-4094 diff --git a/src/test/zones/qinq/nodhcp/interfaces b/src/test/zones/qinq/nodhcp/interfaces new file mode 100644 index 0000000..68b6a88 --- /dev/null +++ b/src/test/zones/qinq/nodhcp/interfaces @@ -0,0 +1,5 @@ +auto vmbr0 +iface vmbr0 inet manual + bridge-ports eth0 + bridge-stp off + bridge-fd 0 diff --git a/src/test/zones/qinq/nodhcp/sdn_config b/src/test/zones/qinq/nodhcp/sdn_config new file mode 100644 index 0000000..ddfe11c --- /dev/null +++ b/src/test/zones/qinq/nodhcp/sdn_config @@ -0,0 +1,26 @@ +{ + version => 1, + vnets => { + ids => { + myvnet => { tag => 100, type => "vnet", zone => "myzone" }, + }, + }, + zones => { + ids => { myzone => { bridge => "vmbr0", tag => 10, ipam => "pve", type => "qinq" } }, + }, + + subnets => { + ids => { + 'myzone-192.168.0.0-24' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + 'gateway' => '192.168.0.1', + }, + 'myzone-2a08:2142:302:3::-64' => { + 'type' => 'subnet', + 'vnet' => 'myvnet', + 'gateway' => '2a08:2142:302:3::1', + } + } + } +} -- 2.39.2