From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 5B2561FF15F
	for <inbox@lore.proxmox.com>; Mon, 18 Nov 2024 21:55:57 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 008A118552;
	Mon, 18 Nov 2024 21:56:00 +0100 (CET)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 18 Nov 2024 21:55:37 +0100
Message-Id: <20241118205537.3136251-3-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20241118205537.3136251-1-s.ivanov@proxmox.com>
References: <20241118205537.3136251-1-s.ivanov@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.070 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [pve-network 1/1] ipam: move mac-cache.db to
 unprivileged sdn/ subdirectory
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

follows commit:
0f48bc6 ("ipam: move state file of PVE plugin over to common sdn directory")
as far as reasoning goes, and also closely code-wise (if only to make
the clean-up with PVE 9.0 a bit more straight-forward):
files in priv/ are sensitive in the sense that access there can be
used to hijack (external systems) - the mac-cache can be kept next to
the remaining sdn-config.

minimally tested on my machine.
depends on the pve-cluster commit sent with this.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PVE/Network/SDN/Ipams.pm | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Network/SDN/Ipams.pm b/src/PVE/Network/SDN/Ipams.pm
index 926df90..c689b8f 100644
--- a/src/PVE/Network/SDN/Ipams.pm
+++ b/src/PVE/Network/SDN/Ipams.pm
@@ -20,9 +20,34 @@ PVE::Network::SDN::Ipams::NetboxPlugin->register();
 PVE::Network::SDN::Ipams::PhpIpamPlugin->register();
 PVE::Network::SDN::Ipams::Plugin->init();
 
-my $macdb_filename = 'priv/macs.db';
+my $macdb_filename = "sdn/mac-cache.json";
+my $macdb_filename_legacy = 'priv/macs.db';
+
+cfs_register_file(
+    $macdb_filename,
+    sub {
+	my ($filename , $data) = @_;
+	if (defined($data)) {
+	    return json_reader($filename, $data);
+	} else {
+	    # TODO: remove legacy cache file handling with PVE 9+ after ensuring all call sites got
+	    # switched over.
+	    return cfs_read_file($macdb_filename_legacy);
+	}
+    },
+    sub {
+	my ($filename , $data) = @_;
+	# TODO: remove below with PVE 9+, add a pve8to9 check to allow doing so.
+	if (-e $macdb_filename_legacy && -e $macdb_filename) {
+	    # only clean-up if we succeeded to write the new path at least once
+	    unlink $macdb_filename_legacy or $!{ENOENT} or warn "failed to unlink legacy MAC cache - $!\n";
+	}
+	return json_writer->($filename, $data);
+    }
+);
 
-cfs_register_file($macdb_filename, \&json_reader, \&json_writer);
+# drop reading $macdb_filename_legacy with PVE 9+ - for now do not write it anymore.
+cfs_register_file($macdb_filename_legacy, \&json_reader, undef);
 
 sub json_reader {
     my ($filename, $data) = @_;
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel