From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 1BB3E1FF16F
	for <inbox@lore.proxmox.com>; Fri, 15 Nov 2024 13:09:43 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 9F1DB1204F;
	Fri, 15 Nov 2024 13:09:42 +0100 (CET)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Fri, 15 Nov 2024 13:09:32 +0100
Message-Id: <20241115120937.169342-5-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20241115120937.169342-1-s.hanreich@proxmox.com>
References: <20241115120937.169342-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.243 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [firewall.pm]
Subject: [pve-devel] [PATCH pve-firewall v4 4/9] add support for loading sdn
 firewall configuration
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

VGhpcyBhbHNvIGluY2x1ZGVzIHN1cHBvcnQgZm9yIHBhcnNpbmcgcnVsZXMgcmVmZXJlbmNpbmcg
SVBTZXRzIGluIHRoZQpuZXcgU0ROIHNjb3BlIGFuZCBnZW5lcmF0aW5nIHRob3NlIElQU2V0cyBp
biB0aGUgZmlyZXdhbGwuCgpMb2FkaW5nIFNETiBjb25maWd1cmF0aW9uIGlzIG9wdGlvbmFsLCBz
aW5jZSBsb2FkaW5nIGl0IHJlcXVpcmVzIHJvb3QKcHJpdmlsZWdlcyB3aGljaCB3ZSBkbyBub3Qg
aGF2ZSBpbiBhbGwgY2FsbCBzaXRlcy4gQWRkaW5nIHRoZSBmbGFnCmFsbG93cyB1cyB0byBzZWxl
Y3RpdmVseSBsb2FkIHRoZSBTRE4gY29uZmlndXJhdGlvbiBvbmx5IHdoZXJlCnJlcXVpcmVkIGFu
ZCBhdCB0aGUgc2FtZSB0aW1lIGFsbG93cyB1cyB0byBvbmx5IGVsZXZhdGUgcHJpdmlsZWdlcyBp
bgp0aGUgQVBJIHdoZXJlIGFic29sdXRlbHkgbmVlZGVkLgoKU2lnbmVkLW9mZi1ieTogU3RlZmFu
IEhhbnJlaWNoIDxzLmhhbnJlaWNoQHByb3htb3guY29tPgpSZXZpZXdlZC1ieTogV29sZmdhbmcg
QnVtaWxsZXIgPHcuYnVtaWxsZXJAcHJveG1veC5jb20+ClRlc3RlZC1CeTogR2FicmllbCBHb2xs
ZXIgPGcuZ29sbGVyQHByb3htb3guY29tPgpUZXN0ZWQtQnk6IEhhbm5lcyBEw7xyciA8aC5kdWVy
ckBwcm94bW94LmNvbT4KLS0tCiBzcmMvUFZFL0ZpcmV3YWxsLnBtICAgICAgICAgICAgIHwgNjIg
KysrKysrKysrKysrKysrKysrKysrKysrKysrKystLS0tCiBzcmMvUFZFL1NlcnZpY2UvcHZlX2Zp
cmV3YWxsLnBtIHwgIDQgKy0tCiAyIGZpbGVzIGNoYW5nZWQsIDU3IGluc2VydGlvbnMoKyksIDkg
ZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvc3JjL1BWRS9GaXJld2FsbC5wbSBiL3NyYy9QVkUv
RmlyZXdhbGwucG0KaW5kZXggMDk1NDRiYS4uNzY0MmJmNiAxMDA2NDQKLS0tIGEvc3JjL1BWRS9G
aXJld2FsbC5wbQorKysgYi9zcmMvUFZFL0ZpcmV3YWxsLnBtCkBAIC0yNSw2ICsyNSw3IEBAIHVz
ZSBQVkU6OlRvb2xzIHF3KCRJUFY0UkUgJElQVjZSRSk7CiB1c2UgUFZFOjpUb29scyBxdyhydW5f
Y29tbWFuZCBsb2NrX2ZpbGUgZGlyX2dsb2JfZm9yZWFjaCk7CiAKIHVzZSBQVkU6OkZpcmV3YWxs
OjpIZWxwZXJzOwordXNlIFBWRTo6UlM6OkZpcmV3YWxsOjpTRE47CiAKIG15ICRwdmVmd19jb25m
X2RpciA9ICIvZXRjL3B2ZS9maXJld2FsbCI7CiBteSAkY2x1c3RlcmZ3X2NvbmZfZmlsZW5hbWUg
PSAiJHB2ZWZ3X2NvbmZfZGlyL2NsdXN0ZXIuZnciOwpAQCAtMTY4OSw5ICsxNjkwLDEyIEBAIHN1
YiB2ZXJpZnlfcnVsZSB7CiAKIAlpZiAobXkgJHZhbHVlID0gJHJ1bGUtPnskbmFtZX0pIHsKIAkg
ICAgaWYgKCR2YWx1ZSA9fiBtL15cKy8pIHsKLQkJaWYgKCR2YWx1ZSA9fiBtQF5cKyhndWVzdC98
ZGMvKT8oJHtpcHNldF9uYW1lX3BhdHRlcm59KSRAKSB7CisJCWlmICgkdmFsdWUgPX4gbUBeXCso
Z3Vlc3QvfGRjL3xzZG4vKT8oJHtpcHNldF9uYW1lX3BhdHRlcm59KSRAKSB7CiAJCSAgICAmJGFk
ZF9lcnJvcigkbmFtZSwgIm5vIHN1Y2ggaXBzZXQgJyQyJyIpCi0JCQlpZiAhKCRjbHVzdGVyX2Nv
bmYtPntpcHNldH0tPnskMn0gfHwgKCRmd19jb25mICYmICRmd19jb25mLT57aXBzZXR9LT57JDJ9
KSk7CisJCQlpZiAhKCRjbHVzdGVyX2NvbmYtPntpcHNldH0tPnskMn0KKwkJCSAgICB8fCAoJGZ3
X2NvbmYgJiYgJGZ3X2NvbmYtPntpcHNldH0tPnskMn0pCisJCQkgICAgfHwgKCRjbHVzdGVyX2Nv
bmYtPntzZG59ICYmICRjbHVzdGVyX2NvbmYtPntzZG59LT57aXBzZXR9LT57JDJ9KQorCQkJICAg
IHx8ICgkZndfY29uZi0+e3Nkbn0gJiYgJGZ3X2NvbmYtPntzZG59LT57aXBzZXR9LT57JDJ9KSk7
CiAKIAkJfSBlbHNlIHsKIAkJICAgICYkYWRkX2Vycm9yKCRuYW1lLCAiaW52YWxpZCBpcHNldCBu
YW1lICckdmFsdWUnIik7CkBAIC0yMTA4LDEzICsyMTEyLDE1IEBAIHN1YiBpcHRfZ2VuX3NyY19v
cl9kc3RfbWF0Y2ggewogCiAgICAgbXkgJG1hdGNoOwogICAgIGlmICgkYWRyID1+IG0vXlwrLykg
ewotCWlmICgkYWRyID1+IG1AXlwrKGd1ZXN0L3xkYy8pPygke2lwc2V0X25hbWVfcGF0dGVybn0p
JEApIHsKKwlpZiAoJGFkciA9fiBtQF5cKyhndWVzdC98ZGMvfHNkbi8pPygke2lwc2V0X25hbWVf
cGF0dGVybn0pJEApIHsKIAkgICAgbXkgJHNjb3BlID0gJDEgLy8gIiI7CiAJICAgIG15ICRuYW1l
ID0gJDI7CiAJICAgIG15ICRpcHNldF9jaGFpbjsKLQkgICAgaWYgKCRzY29wZSBuZSAnZGMvJyAm
JiAkZndfY29uZiAmJiAkZndfY29uZi0+e2lwc2V0fS0+eyRuYW1lfSkgeworCSAgICBpZiAoKCEk
c2NvcGUgfHwgJHNjb3BlIGVxICdndWVzdC8nKSAmJiAkZndfY29uZiAmJiAkZndfY29uZi0+e2lw
c2V0fS0+eyRuYW1lfSkgewogCQkkaXBzZXRfY2hhaW4gPSBjb21wdXRlX2lwc2V0X2NoYWluX25h
bWUoJGZ3X2NvbmYtPnt2bWlkfSwgJG5hbWUsICRpcHZlcnNpb24pOwotCSAgICB9IGVsc2lmICgk
c2NvcGUgbmUgJ2d1ZXN0LycgJiYgJGNsdXN0ZXJfY29uZiAmJiAkY2x1c3Rlcl9jb25mLT57aXBz
ZXR9LT57JG5hbWV9KSB7CisJICAgIH0gZWxzaWYgKCghJHNjb3BlIHx8ICRzY29wZSBlcSAnZGMv
JykgJiYgJGNsdXN0ZXJfY29uZiAmJiAkY2x1c3Rlcl9jb25mLT57aXBzZXR9LT57JG5hbWV9KSB7
CisJCSRpcHNldF9jaGFpbiA9IGNvbXB1dGVfaXBzZXRfY2hhaW5fbmFtZSgwLCAkbmFtZSwgJGlw
dmVyc2lvbik7CisJICAgIH0gZWxzaWYgKCghJHNjb3BlIHx8ICRzY29wZSBlcSAnc2RuLycpICYm
ICRjbHVzdGVyX2NvbmYtPntzZG59ICYmICRjbHVzdGVyX2NvbmYtPntzZG59LT57aXBzZXR9LT57
JG5hbWV9KSB7CiAJCSRpcHNldF9jaGFpbiA9IGNvbXB1dGVfaXBzZXRfY2hhaW5fbmFtZSgwLCAk
bmFtZSwgJGlwdmVyc2lvbik7CiAJICAgIH0gZWxzZSB7CiAJCWRpZSAibm8gc3VjaCBpcHNldCAn
JG5hbWUnXG4iOwpAQCAtMzY0NCw3ICszNjUwLDggQEAgc3ViIGxvY2tfY2x1c3RlcmZ3X2NvbmYg
ewogfQogCiBzdWIgbG9hZF9jbHVzdGVyZndfY29uZiB7Ci0gICAgbXkgKCRmaWxlbmFtZSkgPSBA
XzsKKyAgICBteSAoJGZpbGVuYW1lLCAkb3B0aW9ucykgPSBAXzsKKwogCiAgICAgJGZpbGVuYW1l
ID0gJGNsdXN0ZXJmd19jb25mX2ZpbGVuYW1lIGlmICFkZWZpbmVkKCRmaWxlbmFtZSk7CiAgICAg
bXkgJGVtcHR5X2NvbmYgPSB7CkBAIC0zNjU1LDYgKzM2NjIsNyBAQCBzdWIgbG9hZF9jbHVzdGVy
ZndfY29uZiB7CiAJZ3JvdXBfY29tbWVudHMgPT4ge30sCiAJaXBzZXQgPT4ge30gLAogCWlwc2V0
X2NvbW1lbnRzID0+IHt9LAorCXNkbiA9PiBsb2FkX3Nkbl9jb25mKCksCiAgICAgfTsKIAogICAg
IG15ICRjbHVzdGVyX2NvbmYgPSBnZW5lcmljX2Z3X2NvbmZpZ19wYXJzZXIoJGZpbGVuYW1lLCAk
ZW1wdHlfY29uZiwgJGVtcHR5X2NvbmYsICdjbHVzdGVyJyk7CkBAIC0zNjYzLDYgKzM2NzEsNDUg
QEAgc3ViIGxvYWRfY2x1c3RlcmZ3X2NvbmYgewogICAgIHJldHVybiAkY2x1c3Rlcl9jb25mOwog
fQogCitzdWIgbG9hZF9zZG5fY29uZiB7CisgICAgbXkgJHJwY2VudiA9IGV2YWwgeyBQVkU6OlJQ
Q0Vudmlyb25tZW50OjpnZXQoKTsgfTsKKworICAgIGlmICgkQCkgeworCXdhcm4gImNvdWxkIG5v
dCBsb2FkIFNETiBjb25maWd1cmF0aW9uIGJlY2F1c2UgUlBDRW52aXJvbm1lbnQgaXMgbm90IGlu
aXRpYWxpemVkLiI7CisJcmV0dXJuIHt9OworICAgIH0KKworICAgIG15ICRhdXRodXNlciA9ICRy
cGNlbnYtPmdldF91c2VyKCk7CisKKyAgICBteSAkZ3Vlc3RzID0gUFZFOjpDbHVzdGVyOjpnZXRf
dm1saXN0KCk7CisgICAgbXkgJGFsbG93ZWRfdm1zID0gW107CisgICAgZm9yZWFjaCBteSAkdm1p
ZCAoc29ydCBrZXlzICV7JGd1ZXN0cy0+e2lkc319KSB7CisJbmV4dCBpZiAhJHJwY2Vudi0+Y2hl
Y2soJGF1dGh1c2VyLCAiL3Ztcy8kdm1pZCIsIFsgJ1ZNLkF1ZGl0JyBdLCAxKTsKKwlwdXNoIEAk
YWxsb3dlZF92bXMsICR2bWlkOworICAgIH0KKworICAgIG15ICR2bmV0cyA9IFBWRTo6TmV0d29y
azo6U0ROOjpWbmV0czo6Y29uZmlnKDEpOworICAgIG15ICRwcml2cyA9IFsgJ1NETi5BdWRpdCcs
ICdTRE4uQWxsb2NhdGUnIF07CisgICAgbXkgJGFsbG93ZWRfdm5ldHMgPSBbXTsKKyAgICBmb3Jl
YWNoIG15ICR2bmV0IChzb3J0IGtleXMgJXskdm5ldHMtPntpZHN9fSkgeworCW15ICR6b25lID0g
JHZuZXRzLT57aWRzfS0+eyR2bmV0fS0+e3pvbmV9OworCW5leHQgaWYgISRycGNlbnYtPmNoZWNr
X2FueSgkYXV0aHVzZXIsICIvc2RuL3pvbmVzLyR6b25lLyR2bmV0IiwgJHByaXZzLCAxKTsKKwlw
dXNoIEAkYWxsb3dlZF92bmV0cywgJHZuZXQ7CisgICAgfQorCisgICAgbXkgJHNkbl9jb25maWcg
PSB7CisJaXBzZXQgPT4ge30gLAorCWlwc2V0X2NvbW1lbnRzID0+IHt9LAorICAgIH07CisKKyAg
ICBldmFsIHsKKwkkc2RuX2NvbmZpZyA9IFBWRTo6UlM6OkZpcmV3YWxsOjpTRE46OmNvbmZpZygk
YWxsb3dlZF92bmV0cywgJGFsbG93ZWRfdm1zKTsKKyAgICB9OworICAgIHdhcm4gJEAgaWYgJEA7
CisKKyAgICByZXR1cm4gJHNkbl9jb25maWc7Cit9CisKIHN1YiBzYXZlX2NsdXN0ZXJmd19jb25m
IHsKICAgICBteSAoJGNsdXN0ZXJfY29uZikgPSBAXzsKIApAQCAtMzc2OCw3ICszODE1LDcgQEAg
c3ViIGNvbXBpbGUgewogCiAJJHZtZndfY29uZmlncyA9IHJlYWRfdm1fZmlyZXdhbGxfY29uZmln
cygkY2x1c3Rlcl9jb25mLCAkdm1kYXRhLCAkdGVzdGRpcik7CiAgICAgfSBlbHNlIHsgIyBub3Jt
YWwgb3BlcmF0aW9uCi0JJGNsdXN0ZXJfY29uZiA9IGxvYWRfY2x1c3RlcmZ3X2NvbmYodW5kZWYp
IGlmICEkY2x1c3Rlcl9jb25mOworCSRjbHVzdGVyX2NvbmYgPSBsb2FkX2NsdXN0ZXJmd19jb25m
KCkgaWYgISRjbHVzdGVyX2NvbmY7CiAKIAkkaG9zdGZ3X2NvbmYgPSBsb2FkX2hvc3Rmd19jb25m
KCRjbHVzdGVyX2NvbmYsIHVuZGVmKSBpZiAhJGhvc3Rmd19jb25mOwogCkBAIC00MDQzLDYgKzQw
OTAsNyBAQCBzdWIgY29tcGlsZV9pcHNldHMgewogICAgIH0KIAogICAgIGdlbmVyYXRlX2lwc2V0
X2NoYWlucygkaXBzZXRfcnVsZXNldCwgdW5kZWYsICRjbHVzdGVyX2NvbmYsIHVuZGVmLCAkY2x1
c3Rlcl9jb25mLT57aXBzZXR9KTsKKyAgICBnZW5lcmF0ZV9pcHNldF9jaGFpbnMoJGlwc2V0X3J1
bGVzZXQsIHVuZGVmLCAkY2x1c3Rlcl9jb25mLCB1bmRlZiwgJGNsdXN0ZXJfY29uZi0+e3Nkbn0t
PntpcHNldH0pOwogCiAgICAgcmV0dXJuICRpcHNldF9ydWxlc2V0OwogfQpkaWZmIC0tZ2l0IGEv
c3JjL1BWRS9TZXJ2aWNlL3B2ZV9maXJld2FsbC5wbSBiL3NyYy9QVkUvU2VydmljZS9wdmVfZmly
ZXdhbGwucG0KaW5kZXggNjVjYjJiOC4uMDJiNTA3YSAxMDA3NTUKLS0tIGEvc3JjL1BWRS9TZXJ2
aWNlL3B2ZV9maXJld2FsbC5wbQorKysgYi9zcmMvUFZFL1NlcnZpY2UvcHZlX2ZpcmV3YWxsLnBt
CkBAIC0xNTgsNyArMTU4LDcgQEAgX19QQUNLQUdFX18tPnJlZ2lzdGVyX21ldGhvZCAoewogCiAJ
ICAgIFBWRTo6RmlyZXdhbGw6OnNldF92ZXJib3NlKDEpOyAjIHNob3cgc3ludGF4IGVycm9ycwog
Ci0JICAgIG15ICRjbHVzdGVyX2NvbmYgPSBQVkU6OkZpcmV3YWxsOjpsb2FkX2NsdXN0ZXJmd19j
b25mKHVuZGVmKTsKKwkgICAgbXkgJGNsdXN0ZXJfY29uZiA9IFBWRTo6RmlyZXdhbGw6OmxvYWRf
Y2x1c3RlcmZ3X2NvbmYoKTsKIAkgICAgJHJlcy0+e2VuYWJsZX0gPSAkY2x1c3Rlcl9jb25mLT57
b3B0aW9uc30tPntlbmFibGV9ID8gMSA6IDA7CiAKIAkgICAgaWYgKCRzdGF0dXMgZXEgJ3J1bm5p
bmcnKSB7CkBAIC0yMDIsNyArMjAyLDcgQEAgX19QQUNLQUdFX18tPnJlZ2lzdGVyX21ldGhvZCAo
ewogCiAJICAgIFBWRTo6RmlyZXdhbGw6OnNldF92ZXJib3NlKDEpOwogCi0JICAgIG15ICRjbHVz
dGVyX2NvbmYgPSBQVkU6OkZpcmV3YWxsOjpsb2FkX2NsdXN0ZXJmd19jb25mKHVuZGVmKTsKKwkg
ICAgbXkgJGNsdXN0ZXJfY29uZiA9IFBWRTo6RmlyZXdhbGw6OmxvYWRfY2x1c3RlcmZ3X2NvbmYo
KTsKIAkgICAgbXkgKCRydWxlc2V0LCAkaXBzZXRfcnVsZXNldCwgJHJ1bGVzZXR2NiwgJGVidGFi
bGVzX3J1bGVzZXQpID0gUFZFOjpGaXJld2FsbDo6Y29tcGlsZSgkY2x1c3Rlcl9jb25mLCB1bmRl
ZiwgdW5kZWYpOwogCiAJICAgIHByaW50ICJpcHNldCBjbWRsaXN0OlxuIjsKLS0gCjIuMzkuNQoK
Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCnB2ZS1kZXZl
bCBtYWlsaW5nIGxpc3QKcHZlLWRldmVsQGxpc3RzLnByb3htb3guY29tCmh0dHBzOi8vbGlzdHMu
cHJveG1veC5jb20vY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL3B2ZS1kZXZlbAo=