From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id F00F91FF16F for ; Fri, 15 Nov 2024 13:12:03 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3FA5D12863; Fri, 15 Nov 2024 13:11:47 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Fri, 15 Nov 2024 13:10:57 +0100 Message-Id: <20241115121109.170200-7-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241115121109.170200-1-s.hanreich@proxmox.com> References: <20241115121109.170200-1-s.hanreich@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.235 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH proxmox-firewall v4 06/18] sdn: add support for loading vnet-level firewall config X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Cc: Wolfgang Bumiller Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" U2lnbmVkLW9mZi1ieTogU3RlZmFuIEhhbnJlaWNoIDxzLmhhbnJlaWNoQHByb3htb3guY29tPgpS ZXZpZXdlZC1ieTogV29sZmdhbmcgQnVtaWxsZXIgPHcuYnVtaWxsZXJAcHJveG1veC5jb20+ClRl c3RlZC1ieTogSGFubmVzIETDvHJyIDxoLmR1ZXJyQHByb3htb3guY29tPgotLS0KIHByb3htb3gt ZmlyZXdhbGwvc3JjL2NvbmZpZy5ycyAgICAgICAgICAgICAgfCA4OCArKysrKysrKysrKysrKysr KysrKy0KIHByb3htb3gtZmlyZXdhbGwvdGVzdHMvaW50ZWdyYXRpb25fdGVzdHMucnMgfCAxMiAr KysKIDIgZmlsZXMgY2hhbmdlZCwgOTggaW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRp ZmYgLS1naXQgYS9wcm94bW94LWZpcmV3YWxsL3NyYy9jb25maWcucnMgYi9wcm94bW94LWZpcmV3 YWxsL3NyYy9jb25maWcucnMKaW5kZXggYzI3YWFjNi4uYWM2MGUxNSAxMDA2NDQKLS0tIGEvcHJv eG1veC1maXJld2FsbC9zcmMvY29uZmlnLnJzCisrKyBiL3Byb3htb3gtZmlyZXdhbGwvc3JjL2Nv bmZpZy5ycwpAQCAtMSwxMCArMSwxMSBAQAogdXNlIHN0ZDo6Y29sbGVjdGlvbnM6OkJUcmVlTWFw OwogdXNlIHN0ZDo6ZGVmYXVsdDo6RGVmYXVsdDsKLXVzZSBzdGQ6OmZzOjpGaWxlOwordXNlIHN0 ZDo6ZnM6OntzZWxmLCBEaXJFbnRyeSwgRmlsZSwgUmVhZERpcn07CiB1c2Ugc3RkOjppbzo6e3Nl bGYsIEJ1ZlJlYWRlcn07CiAKLXVzZSBhbnlob3c6Ontmb3JtYXRfZXJyLCBDb250ZXh0LCBFcnJv cn07Cit1c2UgYW55aG93Ojp7YmFpbCwgZm9ybWF0X2VyciwgQ29udGV4dCwgRXJyb3J9OwogCit1 c2UgcHJveG1veF92ZV9jb25maWc6OmZpcmV3YWxsOjpicmlkZ2U6OkNvbmZpZyBhcyBCcmlkZ2VD b25maWc7CiB1c2UgcHJveG1veF92ZV9jb25maWc6OmZpcmV3YWxsOjpjbHVzdGVyOjpDb25maWcg YXMgQ2x1c3RlckNvbmZpZzsKIHVzZSBwcm94bW94X3ZlX2NvbmZpZzo6ZmlyZXdhbGw6Omd1ZXN0 OjpDb25maWcgYXMgR3Vlc3RDb25maWc7CiB1c2UgcHJveG1veF92ZV9jb25maWc6OmZpcmV3YWxs Ojpob3N0OjpDb25maWcgYXMgSG9zdENvbmZpZzsKQEAgLTEyLDYgKzEzLDcgQEAgdXNlIHByb3ht b3hfdmVfY29uZmlnOjpmaXJld2FsbDo6dHlwZXM6OmFsaWFzOjp7QWxpYXMsIEFsaWFzTmFtZSwg QWxpYXNTY29wZX07CiAKIHVzZSBwcm94bW94X3ZlX2NvbmZpZzo6Z3Vlc3Q6OnR5cGVzOjpWbWlk OwogdXNlIHByb3htb3hfdmVfY29uZmlnOjpndWVzdDo6e0d1ZXN0RW50cnksIEd1ZXN0TWFwfTsK K3VzZSBwcm94bW94X3ZlX2NvbmZpZzo6aG9zdDo6dHlwZXM6OkJyaWRnZU5hbWU7CiAKIHVzZSBw cm94bW94X25mdGFibGVzOjpjb21tYW5kOjp7Q29tbWFuZE91dHB1dCwgQ29tbWFuZHMsIExpc3Qs IExpc3RPdXRwdXR9OwogdXNlIHByb3htb3hfbmZ0YWJsZXM6OnR5cGVzOjpMaXN0Q2hhaW47CkBA IC0zMyw2ICszNSwxMSBAQCBwdWIgdHJhaXQgRmlyZXdhbGxDb25maWdMb2FkZXIgewogICAgIGZu IGd1ZXN0X2ZpcmV3YWxsX2NvbmZpZygmc2VsZiwgdm1pZDogJlZtaWQpIC0+IFJlc3VsdDxPcHRp b248Qm94PGR5biBpbzo6QnVmUmVhZD4+LCBFcnJvcj47CiAgICAgZm4gc2RuX3J1bm5pbmdfY29u ZmlnKCZzZWxmKSAtPiBSZXN1bHQ8T3B0aW9uPEJveDxkeW4gaW86OkJ1ZlJlYWQ+PiwgRXJyb3I+ OwogICAgIGZuIGlwYW0oJnNlbGYpIC0+IFJlc3VsdDxPcHRpb248Qm94PGR5biBpbzo6QnVmUmVh ZD4+LCBFcnJvcj47CisgICAgZm4gYnJpZGdlX2xpc3QoJnNlbGYpIC0+IFJlc3VsdDxWZWM8QnJp ZGdlTmFtZT4sIEVycm9yPjsKKyAgICBmbiBicmlkZ2VfZmlyZXdhbGxfY29uZmlnKAorICAgICAg ICAmc2VsZiwKKyAgICAgICAgYnJpZGdlX25hbWU6ICZCcmlkZ2VOYW1lLAorICAgICkgLT4gUmVz dWx0PE9wdGlvbjxCb3g8ZHluIGlvOjpCdWZSZWFkPj4sIEVycm9yPjsKIH0KIAogI1tkZXJpdmUo RGVmYXVsdCldCkBAIC02MSw4ICs2OCwzMSBAQCBmbiBvcGVuX2NvbmZpZ19maWxlKHBhdGg6ICZz dHIpIC0+IFJlc3VsdDxPcHRpb248RmlsZT4sIEVycm9yPiB7CiAgICAgfQogfQogCitmbiBvcGVu X2NvbmZpZ19mb2xkZXIocGF0aDogJnN0cikgLT4gUmVzdWx0PE9wdGlvbjxSZWFkRGlyPiwgRXJy b3I+IHsKKyAgICBtYXRjaCBmczo6cmVhZF9kaXIocGF0aCkgeworICAgICAgICBPayhwYXRocykg PT4gT2soU29tZShwYXRocykpLAorICAgICAgICBFcnIoZXJyKSBpZiBlcnIua2luZCgpID09IGlv OjpFcnJvcktpbmQ6Ok5vdEZvdW5kID0+IHsKKyAgICAgICAgICAgIGxvZzo6aW5mbyEoIlNETiBj b25maWcgZm9sZGVyIHtwYXRofSBkb2VzIG5vdCBleGlzdCIpOworICAgICAgICAgICAgT2soTm9u ZSkKKyAgICAgICAgfQorICAgICAgICBFcnIoZXJyKSA9PiB7CisgICAgICAgICAgICBsZXQgY29u dGV4dCA9IGZvcm1hdCEoInVuYWJsZSB0byBvcGVuIGNvbmZpZ3VyYXRpb24gZm9sZGVyIGF0IHtC UklER0VfQ09ORklHX1BBVEh9Iik7CisgICAgICAgICAgICBFcnIoYW55aG93OjpFcnJvcjo6bmV3 KGVycikuY29udGV4dChjb250ZXh0KSkKKyAgICAgICAgfQorICAgIH0KK30KKworZm4gZndfbmFt ZShkaXJfZW50cnk6IERpckVudHJ5KSAtPiBPcHRpb248U3RyaW5nPiB7CisgICAgZGlyX2VudHJ5 CisgICAgICAgIC5maWxlX25hbWUoKQorICAgICAgICAudG9fc3RyKCk/CisgICAgICAgIC5zdHJp cF9zdWZmaXgoIi5mdyIpCisgICAgICAgIC5tYXAoc3RyOjp0b19zdHJpbmcpCit9CisKIGNvbnN0 IENMVVNURVJfQ09ORklHX1BBVEg6ICZzdHIgPSAiL2V0Yy9wdmUvZmlyZXdhbGwvY2x1c3Rlci5m dyI7CiBjb25zdCBIT1NUX0NPTkZJR19QQVRIOiAmc3RyID0gIi9ldGMvcHZlL2xvY2FsL2hvc3Qu ZnciOworY29uc3QgQlJJREdFX0NPTkZJR19QQVRIOiAmc3RyID0gIi9ldGMvcHZlL3Nkbi9maXJl d2FsbCI7CiAKIGNvbnN0IFNETl9SVU5OSU5HX0NPTkZJR19QQVRIOiAmc3RyID0gIi9ldGMvcHZl L3Nkbi8ucnVubmluZy1jb25maWciOwogY29uc3QgU0ROX0lQQU1fUEFUSDogJnN0ciA9ICIvZXRj L3B2ZS9wcml2L2lwYW0uZGIiOwpAQCAtMTU0LDYgKzE4NCwzOCBAQCBpbXBsIEZpcmV3YWxsQ29u ZmlnTG9hZGVyIGZvciBQdmVGaXJld2FsbENvbmZpZ0xvYWRlciB7CiAKICAgICAgICAgT2soTm9u ZSkKICAgICB9CisKKyAgICBmbiBicmlkZ2VfbGlzdCgmc2VsZikgLT4gUmVzdWx0PFZlYzxCcmlk Z2VOYW1lPiwgRXJyb3I+IHsKKyAgICAgICAgbGV0IG11dCBicmlkZ2VzID0gVmVjOjpuZXcoKTsK KworICAgICAgICBpZiBsZXQgU29tZShmaWxlcykgPSBvcGVuX2NvbmZpZ19mb2xkZXIoQlJJREdF X0NPTkZJR19QQVRIKT8geworICAgICAgICAgICAgZm9yIGZpbGUgaW4gZmlsZXMgeworICAgICAg ICAgICAgICAgIGxldCBicmlkZ2VfbmFtZSA9IGZ3X25hbWUoZmlsZT8pLm1hcChCcmlkZ2VOYW1l OjpuZXcpLnRyYW5zcG9zZSgpPzsKKworICAgICAgICAgICAgICAgIGlmIGxldCBTb21lKGJyaWRn ZV9uYW1lKSA9IGJyaWRnZV9uYW1lIHsKKyAgICAgICAgICAgICAgICAgICAgYnJpZGdlcy5wdXNo KGJyaWRnZV9uYW1lKTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICB9CisgICAgICAg IH0KKworICAgICAgICBPayhicmlkZ2VzKQorICAgIH0KKworICAgIGZuIGJyaWRnZV9maXJld2Fs bF9jb25maWcoCisgICAgICAgICZzZWxmLAorICAgICAgICBicmlkZ2VfbmFtZTogJkJyaWRnZU5h bWUsCisgICAgKSAtPiBSZXN1bHQ8T3B0aW9uPEJveDxkeW4gaW86OkJ1ZlJlYWQ+PiwgRXJyb3I+ IHsKKyAgICAgICAgbG9nOjppbmZvISgibG9hZGluZyBmaXJld2FsbCBjb25maWcgZm9yIGJyaWRn ZSB7YnJpZGdlX25hbWV9Iik7CisKKyAgICAgICAgbGV0IGZkID0gb3Blbl9jb25maWdfZmlsZSgm Zm9ybWF0ISgiL2V0Yy9wdmUvc2RuL2ZpcmV3YWxsL3ticmlkZ2VfbmFtZX0uZnciKSk/OworCisg ICAgICAgIGlmIGxldCBTb21lKGZpbGUpID0gZmQgeworICAgICAgICAgICAgbGV0IGJ1Zl9yZWFk ZXIgPSBCb3g6Om5ldyhCdWZSZWFkZXI6Om5ldyhmaWxlKSkgYXMgQm94PGR5biBpbzo6QnVmUmVh ZD47CisgICAgICAgICAgICByZXR1cm4gT2soU29tZShidWZfcmVhZGVyKSk7CisgICAgICAgIH0K KworICAgICAgICBPayhOb25lKQorICAgIH0KIH0KIAogcHViIHRyYWl0IE5mdENvbmZpZ0xvYWRl ciB7CkBAIC0xODQsNiArMjQ2LDcgQEAgcHViIHN0cnVjdCBGaXJld2FsbENvbmZpZyB7CiAgICAg Y2x1c3Rlcl9jb25maWc6IENsdXN0ZXJDb25maWcsCiAgICAgaG9zdF9jb25maWc6IEhvc3RDb25m aWcsCiAgICAgZ3Vlc3RfY29uZmlnOiBCVHJlZU1hcDxWbWlkLCBHdWVzdENvbmZpZz4sCisgICAg YnJpZGdlX2NvbmZpZzogQlRyZWVNYXA8QnJpZGdlTmFtZSwgQnJpZGdlQ29uZmlnPiwKICAgICBu ZnRfY29uZmlnOiBCVHJlZU1hcDxTdHJpbmcsIExpc3RDaGFpbj4sCiAgICAgc2RuX2NvbmZpZzog T3B0aW9uPFNkbkNvbmZpZz4sCiAgICAgaXBhbV9jb25maWc6IE9wdGlvbjxJcGFtPiwKQEAgLTI4 NCw2ICszNDcsMjIgQEAgaW1wbCBGaXJld2FsbENvbmZpZyB7CiAgICAgICAgIE9rKGNoYWlucykK ICAgICB9CiAKKyAgICBwdWIgZm4gcGFyc2VfYnJpZGdlcygKKyAgICAgICAgZmlyZXdhbGxfbG9h ZGVyOiAmZHluIEZpcmV3YWxsQ29uZmlnTG9hZGVyLAorICAgICkgLT4gUmVzdWx0PEJUcmVlTWFw PEJyaWRnZU5hbWUsIEJyaWRnZUNvbmZpZz4sIEVycm9yPiB7CisgICAgICAgIGxldCBtdXQgYnJp ZGdlX2NvbmZpZyA9IEJUcmVlTWFwOjpuZXcoKTsKKworICAgICAgICBmb3IgYnJpZGdlX25hbWUg aW4gZmlyZXdhbGxfbG9hZGVyLmJyaWRnZV9saXN0KCk/IHsKKyAgICAgICAgICAgIGlmIGxldCBT b21lKGNvbmZpZykgPSBmaXJld2FsbF9sb2FkZXIuYnJpZGdlX2ZpcmV3YWxsX2NvbmZpZygmYnJp ZGdlX25hbWUpPyB7CisgICAgICAgICAgICAgICAgYnJpZGdlX2NvbmZpZy5pbnNlcnQoYnJpZGdl X25hbWUsIEJyaWRnZUNvbmZpZzo6cGFyc2UoY29uZmlnKT8pOworICAgICAgICAgICAgfSBlbHNl IHsKKyAgICAgICAgICAgICAgICBiYWlsISgiQ291bGQgbm90IHJlYWQgY29uZmlnIGZvciB7YnJp ZGdlX25hbWV9IikKKyAgICAgICAgICAgIH0KKyAgICAgICAgfQorCisgICAgICAgIE9rKGJyaWRn ZV9jb25maWcpCisgICAgfQorCiAgICAgcHViIGZuIG5ldygKICAgICAgICAgZmlyZXdhbGxfbG9h ZGVyOiAmZHluIEZpcmV3YWxsQ29uZmlnTG9hZGVyLAogICAgICAgICBuZnRfbG9hZGVyOiAmZHlu IE5mdENvbmZpZ0xvYWRlciwKQEAgLTI5Miw2ICszNzEsNyBAQCBpbXBsIEZpcmV3YWxsQ29uZmln IHsKICAgICAgICAgICAgIGNsdXN0ZXJfY29uZmlnOiBTZWxmOjpwYXJzZV9jbHVzdGVyKGZpcmV3 YWxsX2xvYWRlcik/LAogICAgICAgICAgICAgaG9zdF9jb25maWc6IFNlbGY6OnBhcnNlX2hvc3Qo ZmlyZXdhbGxfbG9hZGVyKT8sCiAgICAgICAgICAgICBndWVzdF9jb25maWc6IFNlbGY6OnBhcnNl X2d1ZXN0cyhmaXJld2FsbF9sb2FkZXIpPywKKyAgICAgICAgICAgIGJyaWRnZV9jb25maWc6IFNl bGY6OnBhcnNlX2JyaWRnZXMoZmlyZXdhbGxfbG9hZGVyKT8sCiAgICAgICAgICAgICBzZG5fY29u ZmlnOiBTZWxmOjpwYXJzZV9zZG4oZmlyZXdhbGxfbG9hZGVyKT8sCiAgICAgICAgICAgICBpcGFt X2NvbmZpZzogU2VsZjo6cGFyc2VfaXBhbShmaXJld2FsbF9sb2FkZXIpPywKICAgICAgICAgICAg IG5mdF9jb25maWc6IFNlbGY6OnBhcnNlX25mdChuZnRfbG9hZGVyKT8sCkBAIC0zMTAsNiArMzkw LDEwIEBAIGltcGwgRmlyZXdhbGxDb25maWcgewogICAgICAgICAmc2VsZi5ndWVzdF9jb25maWcK ICAgICB9CiAKKyAgICBwdWIgZm4gYnJpZGdlcygmc2VsZikgLT4gJkJUcmVlTWFwPEJyaWRnZU5h bWUsIEJyaWRnZUNvbmZpZz4geworICAgICAgICAmc2VsZi5icmlkZ2VfY29uZmlnCisgICAgfQor CiAgICAgcHViIGZuIG5mdF9jaGFpbnMoJnNlbGYpIC0+ICZCVHJlZU1hcDxTdHJpbmcsIExpc3RD aGFpbj4gewogICAgICAgICAmc2VsZi5uZnRfY29uZmlnCiAgICAgfQpkaWZmIC0tZ2l0IGEvcHJv eG1veC1maXJld2FsbC90ZXN0cy9pbnRlZ3JhdGlvbl90ZXN0cy5ycyBiL3Byb3htb3gtZmlyZXdh bGwvdGVzdHMvaW50ZWdyYXRpb25fdGVzdHMucnMKaW5kZXggNWRlMWE0ZS4uNjFhODA2MiAxMDA2 NDQKLS0tIGEvcHJveG1veC1maXJld2FsbC90ZXN0cy9pbnRlZ3JhdGlvbl90ZXN0cy5ycworKysg Yi9wcm94bW94LWZpcmV3YWxsL3Rlc3RzL2ludGVncmF0aW9uX3Rlc3RzLnJzCkBAIC03LDYgKzcs NyBAQCB1c2UgcHJveG1veF9uZnRhYmxlczo6Y29tbWFuZDo6Q29tbWFuZE91dHB1dDsKIHVzZSBw cm94bW94X3N5czo6bm9kZW5hbWU7CiB1c2UgcHJveG1veF92ZV9jb25maWc6Omd1ZXN0Ojp0eXBl czo6Vm1pZDsKIHVzZSBwcm94bW94X3ZlX2NvbmZpZzo6Z3Vlc3Q6OntHdWVzdEVudHJ5LCBHdWVz dE1hcCwgR3Vlc3RUeXBlfTsKK3VzZSBwcm94bW94X3ZlX2NvbmZpZzo6aG9zdDo6dHlwZXM6OkJy aWRnZU5hbWU7CiAKIHN0cnVjdCBNb2NrRmlyZXdhbGxDb25maWdMb2FkZXIge30KIApAQCAtNzks NiArODAsMTcgQEAgaW1wbCBGaXJld2FsbENvbmZpZ0xvYWRlciBmb3IgTW9ja0ZpcmV3YWxsQ29u ZmlnTG9hZGVyIHsKICAgICBmbiBpcGFtKCZzZWxmKSAtPiBSZXN1bHQ8T3B0aW9uPEJveDxkeW4g c3RkOjppbzo6QnVmUmVhZD4+LCBFcnJvcj4gewogICAgICAgICBPayhTb21lKEJveDo6bmV3KGlu Y2x1ZGVfc3RyISgiaW5wdXQvaXBhbS5kYiIpLmFzX2J5dGVzKCkpKSkKICAgICB9CisKKyAgICBm biBicmlkZ2VfbGlzdCgmc2VsZikgLT4gUmVzdWx0PFZlYzxCcmlkZ2VOYW1lPiwgRXJyb3I+IHsK KyAgICAgICAgT2soVmVjOjpuZXcoKSkKKyAgICB9CisKKyAgICBmbiBicmlkZ2VfZmlyZXdhbGxf Y29uZmlnKAorICAgICAgICAmc2VsZiwKKyAgICAgICAgYnJpZGdlX25hbWU6ICZCcmlkZ2VOYW1l LAorICAgICkgLT4gUmVzdWx0PE9wdGlvbjxCb3g8ZHluIHN0ZDo6aW86OkJ1ZlJlYWQ+PiwgRXJy b3I+IHsKKyAgICAgICAgT2soTm9uZSkKKyAgICB9CiB9CiAKIHN0cnVjdCBNb2NrTmZ0Q29uZmln TG9hZGVyIHt9Ci0tIAoyLjM5LjUKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXwpwdmUtZGV2ZWwgbWFpbGluZyBsaXN0CnB2ZS1kZXZlbEBsaXN0cy5wcm94 bW94LmNvbQpodHRwczovL2xpc3RzLnByb3htb3guY29tL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5m by9wdmUtZGV2ZWwK