From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1BB3E1FF16F for ; Fri, 15 Nov 2024 13:09:43 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9F1DB1204F; Fri, 15 Nov 2024 13:09:42 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Fri, 15 Nov 2024 13:09:32 +0100 Message-Id: <20241115120937.169342-5-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241115120937.169342-1-s.hanreich@proxmox.com> References: <20241115120937.169342-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.243 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [firewall.pm] Subject: [pve-devel] [PATCH pve-firewall v4 4/9] add support for loading sdn firewall configuration X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: Wolfgang Bumiller Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" VGhpcyBhbHNvIGluY2x1ZGVzIHN1cHBvcnQgZm9yIHBhcnNpbmcgcnVsZXMgcmVmZXJlbmNpbmcg SVBTZXRzIGluIHRoZQpuZXcgU0ROIHNjb3BlIGFuZCBnZW5lcmF0aW5nIHRob3NlIElQU2V0cyBp biB0aGUgZmlyZXdhbGwuCgpMb2FkaW5nIFNETiBjb25maWd1cmF0aW9uIGlzIG9wdGlvbmFsLCBz aW5jZSBsb2FkaW5nIGl0IHJlcXVpcmVzIHJvb3QKcHJpdmlsZWdlcyB3aGljaCB3ZSBkbyBub3Qg aGF2ZSBpbiBhbGwgY2FsbCBzaXRlcy4gQWRkaW5nIHRoZSBmbGFnCmFsbG93cyB1cyB0byBzZWxl Y3RpdmVseSBsb2FkIHRoZSBTRE4gY29uZmlndXJhdGlvbiBvbmx5IHdoZXJlCnJlcXVpcmVkIGFu ZCBhdCB0aGUgc2FtZSB0aW1lIGFsbG93cyB1cyB0byBvbmx5IGVsZXZhdGUgcHJpdmlsZWdlcyBp bgp0aGUgQVBJIHdoZXJlIGFic29sdXRlbHkgbmVlZGVkLgoKU2lnbmVkLW9mZi1ieTogU3RlZmFu IEhhbnJlaWNoIDxzLmhhbnJlaWNoQHByb3htb3guY29tPgpSZXZpZXdlZC1ieTogV29sZmdhbmcg QnVtaWxsZXIgPHcuYnVtaWxsZXJAcHJveG1veC5jb20+ClRlc3RlZC1CeTogR2FicmllbCBHb2xs ZXIgPGcuZ29sbGVyQHByb3htb3guY29tPgpUZXN0ZWQtQnk6IEhhbm5lcyBEw7xyciA8aC5kdWVy ckBwcm94bW94LmNvbT4KLS0tCiBzcmMvUFZFL0ZpcmV3YWxsLnBtICAgICAgICAgICAgIHwgNjIg KysrKysrKysrKysrKysrKysrKysrKysrKysrKystLS0tCiBzcmMvUFZFL1NlcnZpY2UvcHZlX2Zp cmV3YWxsLnBtIHwgIDQgKy0tCiAyIGZpbGVzIGNoYW5nZWQsIDU3IGluc2VydGlvbnMoKyksIDkg ZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL1BWRS9GaXJld2FsbC5wbSBiL3NyYy9QVkUv RmlyZXdhbGwucG0KaW5kZXggMDk1NDRiYS4uNzY0MmJmNiAxMDA2NDQKLS0tIGEvc3JjL1BWRS9G aXJld2FsbC5wbQorKysgYi9zcmMvUFZFL0ZpcmV3YWxsLnBtCkBAIC0yNSw2ICsyNSw3IEBAIHVz ZSBQVkU6OlRvb2xzIHF3KCRJUFY0UkUgJElQVjZSRSk7CiB1c2UgUFZFOjpUb29scyBxdyhydW5f Y29tbWFuZCBsb2NrX2ZpbGUgZGlyX2dsb2JfZm9yZWFjaCk7CiAKIHVzZSBQVkU6OkZpcmV3YWxs OjpIZWxwZXJzOwordXNlIFBWRTo6UlM6OkZpcmV3YWxsOjpTRE47CiAKIG15ICRwdmVmd19jb25m X2RpciA9ICIvZXRjL3B2ZS9maXJld2FsbCI7CiBteSAkY2x1c3RlcmZ3X2NvbmZfZmlsZW5hbWUg PSAiJHB2ZWZ3X2NvbmZfZGlyL2NsdXN0ZXIuZnciOwpAQCAtMTY4OSw5ICsxNjkwLDEyIEBAIHN1 YiB2ZXJpZnlfcnVsZSB7CiAKIAlpZiAobXkgJHZhbHVlID0gJHJ1bGUtPnskbmFtZX0pIHsKIAkg ICAgaWYgKCR2YWx1ZSA9fiBtL15cKy8pIHsKLQkJaWYgKCR2YWx1ZSA9fiBtQF5cKyhndWVzdC98 ZGMvKT8oJHtpcHNldF9uYW1lX3BhdHRlcm59KSRAKSB7CisJCWlmICgkdmFsdWUgPX4gbUBeXCso Z3Vlc3QvfGRjL3xzZG4vKT8oJHtpcHNldF9uYW1lX3BhdHRlcm59KSRAKSB7CiAJCSAgICAmJGFk ZF9lcnJvcigkbmFtZSwgIm5vIHN1Y2ggaXBzZXQgJyQyJyIpCi0JCQlpZiAhKCRjbHVzdGVyX2Nv bmYtPntpcHNldH0tPnskMn0gfHwgKCRmd19jb25mICYmICRmd19jb25mLT57aXBzZXR9LT57JDJ9 KSk7CisJCQlpZiAhKCRjbHVzdGVyX2NvbmYtPntpcHNldH0tPnskMn0KKwkJCSAgICB8fCAoJGZ3 X2NvbmYgJiYgJGZ3X2NvbmYtPntpcHNldH0tPnskMn0pCisJCQkgICAgfHwgKCRjbHVzdGVyX2Nv bmYtPntzZG59ICYmICRjbHVzdGVyX2NvbmYtPntzZG59LT57aXBzZXR9LT57JDJ9KQorCQkJICAg IHx8ICgkZndfY29uZi0+e3Nkbn0gJiYgJGZ3X2NvbmYtPntzZG59LT57aXBzZXR9LT57JDJ9KSk7 CiAKIAkJfSBlbHNlIHsKIAkJICAgICYkYWRkX2Vycm9yKCRuYW1lLCAiaW52YWxpZCBpcHNldCBu YW1lICckdmFsdWUnIik7CkBAIC0yMTA4LDEzICsyMTEyLDE1IEBAIHN1YiBpcHRfZ2VuX3NyY19v cl9kc3RfbWF0Y2ggewogCiAgICAgbXkgJG1hdGNoOwogICAgIGlmICgkYWRyID1+IG0vXlwrLykg ewotCWlmICgkYWRyID1+IG1AXlwrKGd1ZXN0L3xkYy8pPygke2lwc2V0X25hbWVfcGF0dGVybn0p JEApIHsKKwlpZiAoJGFkciA9fiBtQF5cKyhndWVzdC98ZGMvfHNkbi8pPygke2lwc2V0X25hbWVf cGF0dGVybn0pJEApIHsKIAkgICAgbXkgJHNjb3BlID0gJDEgLy8gIiI7CiAJICAgIG15ICRuYW1l ID0gJDI7CiAJICAgIG15ICRpcHNldF9jaGFpbjsKLQkgICAgaWYgKCRzY29wZSBuZSAnZGMvJyAm JiAkZndfY29uZiAmJiAkZndfY29uZi0+e2lwc2V0fS0+eyRuYW1lfSkgeworCSAgICBpZiAoKCEk c2NvcGUgfHwgJHNjb3BlIGVxICdndWVzdC8nKSAmJiAkZndfY29uZiAmJiAkZndfY29uZi0+e2lw c2V0fS0+eyRuYW1lfSkgewogCQkkaXBzZXRfY2hhaW4gPSBjb21wdXRlX2lwc2V0X2NoYWluX25h bWUoJGZ3X2NvbmYtPnt2bWlkfSwgJG5hbWUsICRpcHZlcnNpb24pOwotCSAgICB9IGVsc2lmICgk c2NvcGUgbmUgJ2d1ZXN0LycgJiYgJGNsdXN0ZXJfY29uZiAmJiAkY2x1c3Rlcl9jb25mLT57aXBz ZXR9LT57JG5hbWV9KSB7CisJICAgIH0gZWxzaWYgKCghJHNjb3BlIHx8ICRzY29wZSBlcSAnZGMv JykgJiYgJGNsdXN0ZXJfY29uZiAmJiAkY2x1c3Rlcl9jb25mLT57aXBzZXR9LT57JG5hbWV9KSB7 CisJCSRpcHNldF9jaGFpbiA9IGNvbXB1dGVfaXBzZXRfY2hhaW5fbmFtZSgwLCAkbmFtZSwgJGlw dmVyc2lvbik7CisJICAgIH0gZWxzaWYgKCghJHNjb3BlIHx8ICRzY29wZSBlcSAnc2RuLycpICYm ICRjbHVzdGVyX2NvbmYtPntzZG59ICYmICRjbHVzdGVyX2NvbmYtPntzZG59LT57aXBzZXR9LT57 JG5hbWV9KSB7CiAJCSRpcHNldF9jaGFpbiA9IGNvbXB1dGVfaXBzZXRfY2hhaW5fbmFtZSgwLCAk bmFtZSwgJGlwdmVyc2lvbik7CiAJICAgIH0gZWxzZSB7CiAJCWRpZSAibm8gc3VjaCBpcHNldCAn JG5hbWUnXG4iOwpAQCAtMzY0NCw3ICszNjUwLDggQEAgc3ViIGxvY2tfY2x1c3RlcmZ3X2NvbmYg ewogfQogCiBzdWIgbG9hZF9jbHVzdGVyZndfY29uZiB7Ci0gICAgbXkgKCRmaWxlbmFtZSkgPSBA XzsKKyAgICBteSAoJGZpbGVuYW1lLCAkb3B0aW9ucykgPSBAXzsKKwogCiAgICAgJGZpbGVuYW1l ID0gJGNsdXN0ZXJmd19jb25mX2ZpbGVuYW1lIGlmICFkZWZpbmVkKCRmaWxlbmFtZSk7CiAgICAg bXkgJGVtcHR5X2NvbmYgPSB7CkBAIC0zNjU1LDYgKzM2NjIsNyBAQCBzdWIgbG9hZF9jbHVzdGVy ZndfY29uZiB7CiAJZ3JvdXBfY29tbWVudHMgPT4ge30sCiAJaXBzZXQgPT4ge30gLAogCWlwc2V0 X2NvbW1lbnRzID0+IHt9LAorCXNkbiA9PiBsb2FkX3Nkbl9jb25mKCksCiAgICAgfTsKIAogICAg IG15ICRjbHVzdGVyX2NvbmYgPSBnZW5lcmljX2Z3X2NvbmZpZ19wYXJzZXIoJGZpbGVuYW1lLCAk ZW1wdHlfY29uZiwgJGVtcHR5X2NvbmYsICdjbHVzdGVyJyk7CkBAIC0zNjYzLDYgKzM2NzEsNDUg QEAgc3ViIGxvYWRfY2x1c3RlcmZ3X2NvbmYgewogICAgIHJldHVybiAkY2x1c3Rlcl9jb25mOwog fQogCitzdWIgbG9hZF9zZG5fY29uZiB7CisgICAgbXkgJHJwY2VudiA9IGV2YWwgeyBQVkU6OlJQ Q0Vudmlyb25tZW50OjpnZXQoKTsgfTsKKworICAgIGlmICgkQCkgeworCXdhcm4gImNvdWxkIG5v dCBsb2FkIFNETiBjb25maWd1cmF0aW9uIGJlY2F1c2UgUlBDRW52aXJvbm1lbnQgaXMgbm90IGlu aXRpYWxpemVkLiI7CisJcmV0dXJuIHt9OworICAgIH0KKworICAgIG15ICRhdXRodXNlciA9ICRy cGNlbnYtPmdldF91c2VyKCk7CisKKyAgICBteSAkZ3Vlc3RzID0gUFZFOjpDbHVzdGVyOjpnZXRf dm1saXN0KCk7CisgICAgbXkgJGFsbG93ZWRfdm1zID0gW107CisgICAgZm9yZWFjaCBteSAkdm1p ZCAoc29ydCBrZXlzICV7JGd1ZXN0cy0+e2lkc319KSB7CisJbmV4dCBpZiAhJHJwY2Vudi0+Y2hl Y2soJGF1dGh1c2VyLCAiL3Ztcy8kdm1pZCIsIFsgJ1ZNLkF1ZGl0JyBdLCAxKTsKKwlwdXNoIEAk YWxsb3dlZF92bXMsICR2bWlkOworICAgIH0KKworICAgIG15ICR2bmV0cyA9IFBWRTo6TmV0d29y azo6U0ROOjpWbmV0czo6Y29uZmlnKDEpOworICAgIG15ICRwcml2cyA9IFsgJ1NETi5BdWRpdCcs ICdTRE4uQWxsb2NhdGUnIF07CisgICAgbXkgJGFsbG93ZWRfdm5ldHMgPSBbXTsKKyAgICBmb3Jl YWNoIG15ICR2bmV0IChzb3J0IGtleXMgJXskdm5ldHMtPntpZHN9fSkgeworCW15ICR6b25lID0g JHZuZXRzLT57aWRzfS0+eyR2bmV0fS0+e3pvbmV9OworCW5leHQgaWYgISRycGNlbnYtPmNoZWNr X2FueSgkYXV0aHVzZXIsICIvc2RuL3pvbmVzLyR6b25lLyR2bmV0IiwgJHByaXZzLCAxKTsKKwlw dXNoIEAkYWxsb3dlZF92bmV0cywgJHZuZXQ7CisgICAgfQorCisgICAgbXkgJHNkbl9jb25maWcg PSB7CisJaXBzZXQgPT4ge30gLAorCWlwc2V0X2NvbW1lbnRzID0+IHt9LAorICAgIH07CisKKyAg ICBldmFsIHsKKwkkc2RuX2NvbmZpZyA9IFBWRTo6UlM6OkZpcmV3YWxsOjpTRE46OmNvbmZpZygk YWxsb3dlZF92bmV0cywgJGFsbG93ZWRfdm1zKTsKKyAgICB9OworICAgIHdhcm4gJEAgaWYgJEA7 CisKKyAgICByZXR1cm4gJHNkbl9jb25maWc7Cit9CisKIHN1YiBzYXZlX2NsdXN0ZXJmd19jb25m IHsKICAgICBteSAoJGNsdXN0ZXJfY29uZikgPSBAXzsKIApAQCAtMzc2OCw3ICszODE1LDcgQEAg c3ViIGNvbXBpbGUgewogCiAJJHZtZndfY29uZmlncyA9IHJlYWRfdm1fZmlyZXdhbGxfY29uZmln cygkY2x1c3Rlcl9jb25mLCAkdm1kYXRhLCAkdGVzdGRpcik7CiAgICAgfSBlbHNlIHsgIyBub3Jt YWwgb3BlcmF0aW9uCi0JJGNsdXN0ZXJfY29uZiA9IGxvYWRfY2x1c3RlcmZ3X2NvbmYodW5kZWYp IGlmICEkY2x1c3Rlcl9jb25mOworCSRjbHVzdGVyX2NvbmYgPSBsb2FkX2NsdXN0ZXJmd19jb25m KCkgaWYgISRjbHVzdGVyX2NvbmY7CiAKIAkkaG9zdGZ3X2NvbmYgPSBsb2FkX2hvc3Rmd19jb25m KCRjbHVzdGVyX2NvbmYsIHVuZGVmKSBpZiAhJGhvc3Rmd19jb25mOwogCkBAIC00MDQzLDYgKzQw OTAsNyBAQCBzdWIgY29tcGlsZV9pcHNldHMgewogICAgIH0KIAogICAgIGdlbmVyYXRlX2lwc2V0 X2NoYWlucygkaXBzZXRfcnVsZXNldCwgdW5kZWYsICRjbHVzdGVyX2NvbmYsIHVuZGVmLCAkY2x1 c3Rlcl9jb25mLT57aXBzZXR9KTsKKyAgICBnZW5lcmF0ZV9pcHNldF9jaGFpbnMoJGlwc2V0X3J1 bGVzZXQsIHVuZGVmLCAkY2x1c3Rlcl9jb25mLCB1bmRlZiwgJGNsdXN0ZXJfY29uZi0+e3Nkbn0t PntpcHNldH0pOwogCiAgICAgcmV0dXJuICRpcHNldF9ydWxlc2V0OwogfQpkaWZmIC0tZ2l0IGEv c3JjL1BWRS9TZXJ2aWNlL3B2ZV9maXJld2FsbC5wbSBiL3NyYy9QVkUvU2VydmljZS9wdmVfZmly ZXdhbGwucG0KaW5kZXggNjVjYjJiOC4uMDJiNTA3YSAxMDA3NTUKLS0tIGEvc3JjL1BWRS9TZXJ2 aWNlL3B2ZV9maXJld2FsbC5wbQorKysgYi9zcmMvUFZFL1NlcnZpY2UvcHZlX2ZpcmV3YWxsLnBt CkBAIC0xNTgsNyArMTU4LDcgQEAgX19QQUNLQUdFX18tPnJlZ2lzdGVyX21ldGhvZCAoewogCiAJ ICAgIFBWRTo6RmlyZXdhbGw6OnNldF92ZXJib3NlKDEpOyAjIHNob3cgc3ludGF4IGVycm9ycwog Ci0JICAgIG15ICRjbHVzdGVyX2NvbmYgPSBQVkU6OkZpcmV3YWxsOjpsb2FkX2NsdXN0ZXJmd19j b25mKHVuZGVmKTsKKwkgICAgbXkgJGNsdXN0ZXJfY29uZiA9IFBWRTo6RmlyZXdhbGw6OmxvYWRf Y2x1c3RlcmZ3X2NvbmYoKTsKIAkgICAgJHJlcy0+e2VuYWJsZX0gPSAkY2x1c3Rlcl9jb25mLT57 b3B0aW9uc30tPntlbmFibGV9ID8gMSA6IDA7CiAKIAkgICAgaWYgKCRzdGF0dXMgZXEgJ3J1bm5p bmcnKSB7CkBAIC0yMDIsNyArMjAyLDcgQEAgX19QQUNLQUdFX18tPnJlZ2lzdGVyX21ldGhvZCAo ewogCiAJICAgIFBWRTo6RmlyZXdhbGw6OnNldF92ZXJib3NlKDEpOwogCi0JICAgIG15ICRjbHVz dGVyX2NvbmYgPSBQVkU6OkZpcmV3YWxsOjpsb2FkX2NsdXN0ZXJmd19jb25mKHVuZGVmKTsKKwkg ICAgbXkgJGNsdXN0ZXJfY29uZiA9IFBWRTo6RmlyZXdhbGw6OmxvYWRfY2x1c3RlcmZ3X2NvbmYo KTsKIAkgICAgbXkgKCRydWxlc2V0LCAkaXBzZXRfcnVsZXNldCwgJHJ1bGVzZXR2NiwgJGVidGFi bGVzX3J1bGVzZXQpID0gUFZFOjpGaXJld2FsbDo6Y29tcGlsZSgkY2x1c3Rlcl9jb25mLCB1bmRl ZiwgdW5kZWYpOwogCiAJICAgIHByaW50ICJpcHNldCBjbWRsaXN0OlxuIjsKLS0gCjIuMzkuNQoK Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCnB2ZS1kZXZl bCBtYWlsaW5nIGxpc3QKcHZlLWRldmVsQGxpc3RzLnByb3htb3guY29tCmh0dHBzOi8vbGlzdHMu cHJveG1veC5jb20vY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL3B2ZS1kZXZlbAo=