[pve-devel] [PATCH ifupdown2 0/7] bump to upstream 3.9.0 release

[pve-devel] [PATCH ifupdown2 0/7] bump to upstream 3.9.0 release

[Christoph Heiss]

Going by the changelog, there seem to be no actual breaking changes,
except one commit - which is reverted w/ patch #4, due to being broken.

Other than that, it's just bug fixes and new attributes. I also skimmed
the actual git log, nothing otherwise obvious there either.
See patch #3 for the upstream changelog - most changes are V(X)LAN
related, so testing this in particular would be very much appreciated!

Maybe interesting; ifreload now features a `--diff` flag for reloading
only changed interfaces:
https://github.com/CumulusNetworks/ifupdown2/commit/2d3f57efc

Will also fix #6130 [0].

W.r.t patch #6/#7: Inclusion of it was suggested by Stefan, since it is
a requested feature. Separated it out and marked it as RFC tho, Stefan
can probably comment on it a bit more if needed.

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=6310

Christoph Heiss (7):
  gitignore: add dpkg build artifacts
  update submodule to 3.9.0
  d/changelog: merge in upstream changelog
  d/patches: revert broken bridge-fd `validrange` clamping
  bump version to 3.9.0-1+pmx1
  d/patches: add patch for adding IPv6 vxlan-local-tunnelip
  bump version to 3.9.0-1+pmx2

 .gitignore                                    |   1 +
 debian/changelog                              |  62 ++++++
 ...y-install-line-for-non-existing-ifup.patch |  29 +++
 ...-bridge-update-bridge-fd-valid-range.patch |  55 +++++
 debian/patches/series                         |  10 +-
 ...pport-inet6-auto-and-router-adverti.patch} | 201 +++++++++++-------
 ...01-addons-ethtool-add-rx-vlan-filter.patch |  43 ----
 ...-compare-between-remote-ips-and-old_.patch |  33 ---
 ...waiting-for-stdout-eof-of-etc-networ.patch |  44 ----
 .../0001-scheduler-import-traceback.patch     |  60 ------
 .../upstream/0001-vxlan-fix-vni-filter.patch  |  27 ---
 ...upport-for-IPv6-vxlan-local-tunnelip.patch | 127 +++++++++++
 debian/rules                                  |   5 +-
 ifupdown2                                     |   2 +-
 14 files changed, 411 insertions(+), 288 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 debian/patches/pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch
 create mode 100644 debian/patches/pve/0012-Revert-addons-bridge-update-bridge-fd-valid-range.patch
 rename debian/patches/upstream/{0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch => 0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch} (81%)
 delete mode 100644 debian/patches/upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
 delete mode 100644 debian/patches/upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
 delete mode 100644 debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
 delete mode 100644 debian/patches/upstream/0001-scheduler-import-traceback.patch
 delete mode 100644 debian/patches/upstream/0001-vxlan-fix-vni-filter.patch
 create mode 100644 debian/patches/upstream/0002-vxlan-Add-support-for-IPv6-vxlan-local-tunnelip.patch

-- 
2.48.1



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH ifupdown2 1/7] gitignore: add dpkg build artifacts

[Christoph Heiss]

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..63bd013
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+ifupdown2[-_][0-9]*
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH ifupdown2 2/7] update submodule to 3.9.0

[Christoph Heiss]

Allows to drop most upstream patches, expect one for IPv6 SLAAC support
due to being stale/unmerged as of 3.9.0.

Adds a simple patch dropping a line from setup.py, as it tries to
install a non-existing file and would thus otherwise fail the install
step.

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Our ifupdown2 upstream mirror [0] must also be updated accordingly, of
course. The updated/referenced commit for the submodule points to the
`3.9.0` upstream tag.

[0] https://git.proxmox.com/?p=mirror_ifupdown2.git;a=summary

 ...y-install-line-for-non-existing-ifup.patch |  29 +++
 debian/patches/series                         |   8 +-
 ...pport-inet6-auto-and-router-adverti.patch} | 201 +++++++++++-------
 ...01-addons-ethtool-add-rx-vlan-filter.patch |  43 ----
 ...-compare-between-remote-ips-and-old_.patch |  33 ---
 ...waiting-for-stdout-eof-of-etc-networ.patch |  44 ----
 .../0001-scheduler-import-traceback.patch     |  60 ------
 .../upstream/0001-vxlan-fix-vni-filter.patch  |  27 ---
 debian/rules                                  |   5 +-
 ifupdown2                                     |   2 +-
 10 files changed, 164 insertions(+), 288 deletions(-)
 create mode 100644 debian/patches/pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch
 rename debian/patches/upstream/{0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch => 0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch} (81%)
 delete mode 100644 debian/patches/upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
 delete mode 100644 debian/patches/upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
 delete mode 100644 debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
 delete mode 100644 debian/patches/upstream/0001-scheduler-import-traceback.patch
 delete mode 100644 debian/patches/upstream/0001-vxlan-fix-vni-filter.patch

diff --git a/debian/patches/pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch b/debian/patches/pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch
new file mode 100644
index 0000000..412d1bd
--- /dev/null
+++ b/debian/patches/pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch
@@ -0,0 +1,29 @@
+From b2a05684c6dccab03aba06d9a424f9d79208d922 Mon Sep 17 00:00:00 2001
+From: Christoph Heiss <c.heiss@proxmox.com>
+Date: Fri, 11 Apr 2025 12:43:30 +0200
+Subject: [PATCH] setup: drop faulty install line for non-existing ifupdown2d
+
+This file/executable does not actually exist, seems like a bogus sync
+from internal branches.
+
+Upstream-Bug: https://github.com/CumulusNetworks/ifupdown2/issues/324
+Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
+---
+ setup.py | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index b555c7b2..97fe7003 100755
+--- a/setup.py
++++ b/setup.py
+@@ -30,7 +30,6 @@ def build_deb_package():
+ 
+ 
+ if build_deb_package():
+-    DATA_FILES.append(('/usr/share/ifupdown2/', ['ifupdown2/ifupdown2d']))
+     DATA_FILES.append(('/usr/share/ifupdown2/sbin/', ['ifupdown2/sbin/start-networking']))
+ else:
+     ENTRY_POINTS = {
+-- 
+2.48.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 7ae3f0a..23ccbe6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+upstream/0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch
 pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch
 pve/0002-add-dummy-mtu-bridgevlanport-modules.patch
 pve/0003-don-t-remove-bridge-is-tap-veth-are-still-plugged.patch
@@ -8,9 +9,4 @@ pve/0007-allow-vlan-tag-inside-vxlan-tunnel.patch
 pve/0008-lacp-bond-remove-bond-min-links-0-warning.patch
 pve/0009-gvgeb-fix-python-interpreter-shebang.patch
 pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch
-upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch
-upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
-upstream/0001-scheduler-import-traceback.patch
-upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
-upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch 
-upstream/0001-vxlan-fix-vni-filter.patch
+pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch
diff --git a/debian/patches/upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch b/debian/patches/upstream/0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch
similarity index 81%
rename from debian/patches/upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch
rename to debian/patches/upstream/0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch
index a8d6106..b8095a7 100644
--- a/debian/patches/upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch
+++ b/debian/patches/upstream/0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch
@@ -1,31 +1,72 @@
-From fd844b0557337e714a7e11ed6c39bc8164709a46 Mon Sep 17 00:00:00 2001
-From: Alexandre Derumier <aderumier@odiso.com>
-Date: Tue, 9 May 2023 17:48:14 +0200
-Subject: add ipv6 slaac support (inet6 auto && accept_ra)
+From b9657e58a6f46dbab25a045ceb52b8a22994a0e3 Mon Sep 17 00:00:00 2001
+From: Christoph Heiss <c.heiss@proxmox.com>
+Date: Fri, 11 Apr 2025 13:57:07 +0200
+Subject: [PATCH] add IPv6 SLAAC support (inet6 auto and router advertisements)
 
-This should fix a lot of users request in the forum,
-and also fix upgrade from ifupdown1 to ifupdown2 if user have "inet6 auto" in configuration.
-(default on stock debian install, this break pbs install on top of stock debian)
+This should fix a lot of users request in the forum, and also fix
+upgrade from ifupdown1 to ifupdown2 if user have "inet6 auto" in
+configuration. (default on stock debian install, this break pbs install
+on top of stock debian) The current code is buggy if an interface only
+use ipv6.
 
-upstream pull request:
-
-https://github.com/CumulusNetworks/ifupdown2/pull/259
-Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
+Upstream-Link: https://github.com/CumulusNetworks/ifupdown2/pull/325
+Authored-By: Alexandre Derumier <aderumier@odiso.com>
+Co-Authored-By: Christoph Heiss <c.heiss@proxmox.com>
+Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
 ---
+ .gitignore                              |   9 ++
+ Makefile                                |   4 +
  etc/network/ifupdown2/addons.conf       |   2 +
- ifupdown2/addons/address.py             | 108 +++++++++++++--
- ifupdown2/addons/auto.py                | 168 ++++++++++++++++++++++++
+ ifupdown2/addons/address.py             | 114 ++++++++++++++--
+ ifupdown2/addons/auto.py                | 164 ++++++++++++++++++++++++
  ifupdown2/addons/dhcp.py                |  18 +--
  ifupdown2/ifupdown/iface.py             |   4 +
  ifupdown2/ifupdown/networkinterfaces.py |   2 +-
  ifupdown2/lib/nlcache.py                |  63 ++++++++-
  ifupdown2/man/interfaces.5.rst          |   9 ++
  ifupdown2/nlmanager/nlpacket.py         |  24 +++-
- 9 files changed, 372 insertions(+), 26 deletions(-)
+ 11 files changed, 383 insertions(+), 30 deletions(-)
  create mode 100644 ifupdown2/addons/auto.py
 
+diff --git a/.gitignore b/.gitignore
+index 23bc3fa4..d72cbc39 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -26,6 +26,15 @@ wheels/
+ .installed.cfg
+ *.egg
+ MANIFEST
++.pybuild/
++man/
++
++# Debian packaging
++debian/files
++debian/.debhelper/
++debian/*.debhelper
++debian/*.substvars
++debian/ifupdown2
+ 
+ # PyInstaller
+ #  Usually these files are written by a python script from a template
+diff --git a/Makefile b/Makefile
+index e7e2bf4d..cf48426e 100644
+--- a/Makefile
++++ b/Makefile
+@@ -35,8 +35,12 @@ clean-build: ## remove build artifacts
+ 	rm -fr build/
+ 	rm -fr dist/
+ 	rm -fr .eggs/
++	rm -fr .pybuild/
++	rm -fr man/
+ 	find . -name '*.egg-info' -exec rm -fr {} +
+ 	find . -name '*.egg' -exec rm -f {} +
++	rm -fr debian/files debian/.debhelper debian/ifupdown2 debian/ifupdown2.substvars
++	find debian -name '*.debhelper' -exec rm -f {} +
+ 
+ clean-pyc: ## remove Python file artifacts
+ 	find . -name '*.pyc' -exec rm -f {} +
 diff --git a/etc/network/ifupdown2/addons.conf b/etc/network/ifupdown2/addons.conf
-index a8f2317..5a3964d 100644
+index 726d63a0..67de25fe 100644
 --- a/etc/network/ifupdown2/addons.conf
 +++ b/etc/network/ifupdown2/addons.conf
 @@ -15,6 +15,7 @@ pre-up,mstpctl
@@ -36,7 +77,7 @@ index a8f2317..5a3964d 100644
  pre-up,address
  up,dhcp
  up,address
-@@ -30,6 +31,7 @@ pre-down,usercmds
+@@ -28,6 +29,7 @@ pre-down,usercmds
  pre-down,vxrd
  pre-down,dhcp
  down,ppp
@@ -45,32 +86,33 @@ index a8f2317..5a3964d 100644
  down,address
  down,usercmds
 diff --git a/ifupdown2/addons/address.py b/ifupdown2/addons/address.py
-index e71a26f..bb5589e 100644
+index 3d961032..500fdf3b 100644
 --- a/ifupdown2/addons/address.py
 +++ b/ifupdown2/addons/address.py
-@@ -188,6 +188,19 @@ class address(AddonWithIpBlackList, moduleBase):
-                 'default': 'off',
-                 'example': ['arp-accept on']
-             },
+@@ -194,7 +194,19 @@ class address(AddonWithIpBlackList, moduleBase):
+                 "validvals": ['on', 'off', 'yes', 'no', '0', '1'],
+                 "default": "no",
+                 "aliases": ["disable-ip6"]
+-            }
++            },
 +            'accept-ra': {
-+                'help': 'accept ipv6 router advertisement',
++                'help': 'Accept IPv6 router advertisements',
 +                'validvals': ['0', '1', '2'],
 +                'default': '0',
 +                'example': ['accept-ra 1']
 +            },
 +            'autoconf': {
-+                'help': 'enable ipv6 slaac autoconfiguration',
++                'help': 'Enable IPv6 slaac autoconfiguration',
 +                'validvals': ['0', '1'],
 +                'default': '0',
 +                'example': ['autoconf 1']
 +            },
-+
          }
      }
  
-@@ -256,6 +269,16 @@ class address(AddonWithIpBlackList, moduleBase):
-             attr="check_l3_svi_ip_forwarding")
-         )
+@@ -272,6 +284,15 @@ class address(AddonWithIpBlackList, moduleBase):
+ 
+         self.mac_regex = re.compile(r"^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$")
  
 +        try:
 +            self.default_accept_ra = str(self.sysctl_get('net.ipv6.conf.all.accept_ra'))
@@ -81,11 +123,10 @@ index e71a26f..bb5589e 100644
 +            self.default_autoconf = str(self.sysctl_get('net.ipv6.conf.all.autoconf'))
 +        except Exception:
 +            self.default_autoconf = 1
-+
+ 
      def __policy_get_default_mtu(self):
          default_mtu = policymanager.policymanager_api.get_attr_default(
-             module_name=self.__class__.__name__,
-@@ -627,21 +650,31 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -682,21 +703,31 @@ class address(AddonWithIpBlackList, moduleBase):
                  if force_reapply:
                      self.__add_ip_addresses_with_attributes(ifaceobj, ifname, user_config_ip_addrs_list)
                  return
@@ -122,7 +163,15 @@ index e71a26f..bb5589e 100644
                      self.netlink.addr_del(ifname, addr)
              except Exception as e:
                  self.log_warn(str(e))
-@@ -872,7 +905,9 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -923,14 +954,15 @@ class address(AddonWithIpBlackList, moduleBase):
+                 self._propagate_mtu_to_upper_devs(ifaceobj, self.default_mtu, self.default_mtu_int, ifaceobj_getfunc)
+ 
+     def _set_bridge_forwarding(self, ifaceobj):
+-        """ set ip forwarding to 0 if bridge interface does not have a
+-        ip nor svi """
++        """ Disable IP forwarding if bridge interface does not have a IP nor SVI. """
+         ifname = ifaceobj.name
+ 
          netconf_ipv4_forwarding = self.cache.get_netconf_forwarding(socket.AF_INET, ifname)
          netconf_ipv6_forwarding = self.cache.get_netconf_forwarding(socket.AF_INET6, ifname)
  
@@ -133,7 +182,7 @@ index e71a26f..bb5589e 100644
              if netconf_ipv4_forwarding:
                  self.sysctl_write_forwarding_value_to_proc(ifname, "ipv4", 0)
              if netconf_ipv6_forwarding:
-@@ -886,6 +921,43 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -944,6 +976,41 @@ class address(AddonWithIpBlackList, moduleBase):
      def sysctl_write_forwarding_value_to_proc(self, ifname, family, value):
          self.write_file("/proc/sys/net/%s/conf/%s/forwarding" % (family, ifname), "%s\n" % value)
  
@@ -142,6 +191,8 @@ index e71a26f..bb5589e 100644
 +        if addr_method not in ["auto"]:
 +
 +            try:
++                sysctl_ifname = '/'.join(ifaceobj.name.split("."))
++
 +                running_accept_ra = self.cache.get_link_inet6_accept_ra(ifaceobj)
 +                if running_accept_ra == '':
 +                    running_accept_ra = self.default_accept_ra
@@ -150,9 +201,7 @@ index e71a26f..bb5589e 100644
 +                    accept_ra = self.default_accept_ra
 +
 +                if running_accept_ra != accept_ra:
-+                    self.sysctl_set('net.ipv6.conf.%s.accept_ra'
-+                                    %('/'.join(ifaceobj.name.split("."))),
-+                                    accept_ra)
++                    self.sysctl_set(f'net.ipv6.conf.{sysctl_ifname}.accept_ra', accept_ra)
 +                    self.cache.update_link_inet6_accept_ra(ifaceobj.name, accept_ra)
 +
 +                running_autoconf = self.cache.get_link_inet6_autoconf(ifaceobj)
@@ -163,9 +212,7 @@ index e71a26f..bb5589e 100644
 +                    autoconf = self.default_autoconf
 +
 +                if running_autoconf != autoconf:
-+                    self.sysctl_set('net.ipv6.conf.%s.autoconf'
-+                                    %('/'.join(ifaceobj.name.split("."))),
-+                                    autoconf)
++                    self.sysctl_set(f'net.ipv6.conf.{sysctl_ifname}.autoconf', autoconf)
 +                    self.cache.update_link_inet6_autoconf(ifaceobj.name, autoconf)
 +
 +            except Exception as e:
@@ -177,7 +224,16 @@ index e71a26f..bb5589e 100644
      def _sysctl_config(self, ifaceobj):
          setting_default_value = False
          mpls_enable = ifaceobj.get_attr_value_first('mpls-enable');
-@@ -979,6 +1051,8 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -970,7 +1037,7 @@ class address(AddonWithIpBlackList, moduleBase):
+ 
+         if (ifaceobj.link_kind & ifaceLinkKind.BRIDGE):
+             self._set_bridge_forwarding(ifaceobj)
+-
++            self._sysctl_slaac(ifaceobj)
+         if not self.syntax_check_sysctls(ifaceobj):
+             return
+         if not self.syntax_check_l3_svi_ip_forward(ifaceobj):
+@@ -1037,6 +1104,8 @@ class address(AddonWithIpBlackList, moduleBase):
                         ifaceobj.status = ifaceStatus.ERROR
                         self.logger.error('%s: %s' %(ifaceobj.name, str(e)))
  
@@ -186,7 +242,7 @@ index e71a26f..bb5589e 100644
      def process_mtu(self, ifaceobj, ifaceobj_getfunc):
  
          if ifaceobj.link_privflags & ifaceLinkPrivFlags.OPENVSWITCH:
-@@ -1016,7 +1090,7 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -1074,7 +1143,7 @@ class address(AddonWithIpBlackList, moduleBase):
              # no need to go further during perfmode (boot)
              return
  
@@ -195,7 +251,7 @@ index e71a26f..bb5589e 100644
              return
  
          if not user_configured_ipv6_addrgen:
-@@ -1213,7 +1287,7 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -1330,7 +1399,7 @@ class address(AddonWithIpBlackList, moduleBase):
              if not self.cache.link_exists(ifaceobj.name):
                  return
              addr_method = ifaceobj.addr_method
@@ -204,10 +260,11 @@ index e71a26f..bb5589e 100644
                  if ifaceobj.get_attr_value_first('address-purge')=='no':
                      addrlist = ifaceobj.get_attr_value('address')
                      for addr in addrlist or []:
-@@ -1326,6 +1400,22 @@ class address(AddonWithIpBlackList, moduleBase):
+@@ -1450,6 +1519,25 @@ class address(AddonWithIpBlackList, moduleBase):
              ifaceobjcurr.update_config_with_status('mpls-enable',
                                                     running_mpls_enable,
                                              mpls_enable != running_mpls_enable)
++        return
 +
 +        accept_ra = ifaceobj.get_attr_value_first('accept-ra')
 +        if accept_ra:
@@ -224,10 +281,12 @@ index e71a26f..bb5589e 100644
 +            ifaceobjcurr.update_config_with_status('autoconf',
 +                                                   running_autoconf,
 +                                            autoconf != running_autoconf)
-         return
++
++        return
  
      def query_check_ipv6_addrgen(self, ifaceobj, ifaceobjcurr):
-@@ -1380,7 +1470,7 @@ class address(AddonWithIpBlackList, moduleBase):
+         ipv6_addrgen = ifaceobj.get_attr_value_first('ipv6-addrgen')
+@@ -1517,7 +1605,7 @@ class address(AddonWithIpBlackList, moduleBase):
  
      def _query_check_address(self, ifaceobj, ifaceobjcurr, ifaceobj_getfunc):
          """ ifquery-check: attribute: "address" """
@@ -238,15 +297,13 @@ index e71a26f..bb5589e 100644
          if ifaceobj_getfunc:
 diff --git a/ifupdown2/addons/auto.py b/ifupdown2/addons/auto.py
 new file mode 100644
-index 0000000..02e6ca4
+index 00000000..b54becdb
 --- /dev/null
 +++ b/ifupdown2/addons/auto.py
-@@ -0,0 +1,168 @@
+@@ -0,0 +1,164 @@
 +#!/usr/bin/env python3
 +#
 +
-+import re
-+import time
 +import socket
 +
 +try:
@@ -274,7 +331,7 @@ index 0000000..02e6ca4
 +
 +
 +class auto(Addon, moduleBase):
-+    """ ifupdown2 addon module to configure slaac on inet6 interface """
++    """ ifupdown2 addon module to configure SLAAC on inet6 interfaces """
 +
 +    def __init__(self, *args, **kargs):
 +        Addon.__init__(self)
@@ -291,25 +348,23 @@ index 0000000..02e6ca4
 +    def _up(self, ifaceobj):
 +
 +        if ifaceobj.link_privflags & ifaceLinkPrivFlags.KEEP_LINK_DOWN:
-+            self.logger.info("%s: skipping auto configuration: link-down yes" % ifaceobj.name)
++            self.logger.info(f'{ifaceobj.name}: skipping auto configuration: link-down yes')
 +            return
 +
 +        try:
 +            if 'inet6' in ifaceobj.addr_family:
++                sysctl_ifname = '/'.join(ifaceobj.name.split("."))
++
 +                running_accept_ra = self.cache.get_link_inet6_accept_ra(ifaceobj)
 +                if running_accept_ra != '2':
 +                    accept_ra = '2'
-+                    self.sysctl_set('net.ipv6.conf.%s.accept_ra'
-+                                    %('/'.join(ifaceobj.name.split("."))),
-+                                    accept_ra)
++                    self.sysctl_set(f'net.ipv6.conf.{sysctl_ifname}.accept_ra', accept_ra)
 +                    self.cache.update_link_inet6_accept_ra(ifaceobj.name, accept_ra)
 +
 +                running_autoconf = self.cache.get_link_inet6_autoconf(ifaceobj)
 +                if running_autoconf != '1':
 +                    autoconf = '1'
-+                    self.sysctl_set('net.ipv6.conf.%s.autoconf'
-+                                    %('/'.join(ifaceobj.name.split("."))),
-+                                    autoconf)
++                    self.sysctl_set(f'net.ipv6.conf.{sysctl_ifname}.autoconf', autoconf)
 +                    self.cache.update_link_inet6_autoconf(ifaceobj.name, autoconf)
 +
 +        except Exception as e:
@@ -348,7 +403,7 @@ index 0000000..02e6ca4
 +        return list(self._run_ops.keys())
 +
 +    def run(self, ifaceobj, operation, query_ifaceobj=None, **extra_args):
-+        """ run dhcp configuration on the interface object passed as argument
++        """ Run DHCP configuration on the interface object passed as argument.
 +
 +        Args:
 +            **ifaceobj** (object): iface object
@@ -357,12 +412,12 @@ index 0000000..02e6ca4
 +                                 'query-running'
 +
 +        Kwargs:
-+            **query_ifaceobj** (object): query check ifaceobject. This is only
++            **query_ifaceobj** (object): Query check ifaceobject. This is only
 +                valid when op is 'query-checkcurr'. It is an object same as
-+                ifaceobj, but contains running attribute values and its config
-+                status. The modules can use it to return queried running state
-+                of interfaces. status is success if the running state is same
-+                as user required state in ifaceobj. error otherwise.
++                ifaceobj, but contains current attribute values and its config
++                status. The module can use it to return the queried running
++                state of interfaces. Returns 'SUCCESS' if the running state is
++                the same as user-required state in ifaceobj, 'ERROR' otherwise.
 +        """
 +        op_handler = self._run_ops.get(operation)
 +        if not op_handler:
@@ -397,7 +452,7 @@ index 0000000..02e6ca4
 +            if syslog_log_level >= logging.INFO:
 +                log_manager.set_level_syslog(logging.INFO)
 +
-+            self.logger.info("%s: enabling syslog for auto configuration" % ifaceobj.name)
++            self.logger.info(f'{ifaceobj.name}: enabling syslog for auto configuration')
 +
 +        try:
 +            if operation == 'query-checkcurr':
@@ -411,10 +466,10 @@ index 0000000..02e6ca4
 +            elif disable_syslog_on_exit is False:
 +                log_manager.set_level_syslog(syslog_log_level)
 diff --git a/ifupdown2/addons/dhcp.py b/ifupdown2/addons/dhcp.py
-index a5bf860..22bbdb4 100644
+index 9b2f5f9b..cff81b40 100644
 --- a/ifupdown2/addons/dhcp.py
 +++ b/ifupdown2/addons/dhcp.py
-@@ -193,20 +193,10 @@ class dhcp(Addon, moduleBase):
+@@ -204,20 +204,10 @@ class dhcp(Addon, moduleBase):
                      self.logger.info('dhclient6 already running on %s. '
                                       'Not restarting.' % ifaceobj.name)
                  else:
@@ -440,7 +495,7 @@ index a5bf860..22bbdb4 100644
                      #make sure the configured interface/link is up.
                      if timeout > 1:
 diff --git a/ifupdown2/ifupdown/iface.py b/ifupdown2/ifupdown/iface.py
-index 07bd067..325e6c3 100644
+index e18b8151..4900a5d3 100644
 --- a/ifupdown2/ifupdown/iface.py
 +++ b/ifupdown2/ifupdown/iface.py
 @@ -289,6 +289,8 @@ class ifaceJsonEncoder(json.JSONEncoder):
@@ -452,7 +507,7 @@ index 07bd067..325e6c3 100644
              else:
                  retifacedict['addr_method'] = o.addr_method
          if o.addr_family:
-@@ -843,6 +845,8 @@ class iface():
+@@ -851,6 +853,8 @@ class iface():
                  # both inet and inet6 addr_family
                  if addr_method and family == 'inet' and 'dhcp' in addr_method:
                      addr_method = 'dhcp'
@@ -462,10 +517,10 @@ index 07bd067..325e6c3 100644
                                    addr_method=addr_method,
                                    with_status=with_status,
 diff --git a/ifupdown2/ifupdown/networkinterfaces.py b/ifupdown2/ifupdown/networkinterfaces.py
-index 2bebe39..3803590 100644
+index c0c8ad96..37e73140 100644
 --- a/ifupdown2/ifupdown/networkinterfaces.py
 +++ b/ifupdown2/ifupdown/networkinterfaces.py
-@@ -30,7 +30,7 @@ class networkInterfaces():
+@@ -35,7 +35,7 @@ class networkInterfaces():
      """ debian ifupdown /etc/network/interfaces file parser """
  
      _addrfams = {'inet' : ['static', 'manual', 'loopback', 'dhcp', 'dhcp6', 'ppp', 'tunnel'],
@@ -475,7 +530,7 @@ index 2bebe39..3803590 100644
  
      def __init__(self, interfacesfile='/etc/network/interfaces',
 diff --git a/ifupdown2/lib/nlcache.py b/ifupdown2/lib/nlcache.py
-index 0b1c6d2..0d2f624 100644
+index e2fd5681..e0235573 100644
 --- a/ifupdown2/lib/nlcache.py
 +++ b/ifupdown2/lib/nlcache.py
 @@ -152,7 +152,7 @@ class _NetlinkCache:
@@ -563,7 +618,7 @@ index 0b1c6d2..0d2f624 100644
          try:
              with self._cache_lock:
 diff --git a/ifupdown2/man/interfaces.5.rst b/ifupdown2/man/interfaces.5.rst
-index 262d726..ca461ea 100644
+index 262d7265..ca461eae 100644
 --- a/ifupdown2/man/interfaces.5.rst
 +++ b/ifupdown2/man/interfaces.5.rst
 @@ -106,6 +106,12 @@ METHODS
@@ -590,7 +645,7 @@ index 262d726..ca461ea 100644
          source /etc/network/interfaces.d/*
  
 diff --git a/ifupdown2/nlmanager/nlpacket.py b/ifupdown2/nlmanager/nlpacket.py
-index 8972c76..0090529 100644
+index a2e2b677..65cbb9a9 100644
 --- a/ifupdown2/nlmanager/nlpacket.py
 +++ b/ifupdown2/nlmanager/nlpacket.py
 @@ -1818,6 +1818,15 @@ class AttributeIFLA_AF_SPEC(Attribute):
@@ -633,5 +688,5 @@ index 8972c76..0090529 100644
  
                              # nlmanager doesn't support multiple kernel version
 -- 
-2.39.2
+2.48.1
 
diff --git a/debian/patches/upstream/0001-addons-ethtool-add-rx-vlan-filter.patch b/debian/patches/upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
deleted file mode 100644
index aad6c24..0000000
--- a/debian/patches/upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From a087295ba496680b81ecafe72f999d4e9076e737 Mon Sep 17 00:00:00 2001
-From: Alexandre Derumier <aderumier@odiso.com>
-Date: Fri, 23 Jun 2023 09:13:39 +0200
-Subject: [PATCH] addons: ethtool: add rx-vlan-filter
-
-some nic like mellanox connectx don't work well with
-vlan aware bridge && rx-vlan-filter.
-(They are limited in number of vlans in hardware filtering,
-and break with big number of vlans like bridge-vids 2-4096)
-
-Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
----
- ifupdown2/addons/ethtool.py | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/ifupdown2/addons/ethtool.py b/ifupdown2/addons/ethtool.py
-index 2134329..8a79472 100644
---- a/ifupdown2/addons/ethtool.py
-+++ b/ifupdown2/addons/ethtool.py
-@@ -117,6 +117,12 @@ class ethtool(Addon, moduleBase):
-                 'validvals': ['on', 'off'],
-                 'default': 'varies by interface'
-             },
-+            'rx-vlan-filter': {
-+                'help': 'RX Vlan Filter',
-+                'example': ['rx-vlan-filter off'],
-+                'validvals': ['on', 'off'],
-+                'default': 'varies by interface'
-+            },
-             'ring-rx': {
-                 'help': 'Ring RX Parameter',
-                 'example': ['ring-rx 512'],
-@@ -384,6 +390,7 @@ class ethtool(Addon, moduleBase):
-         self.do_offload_settings(ifaceobj, 'ufo-offload', 'ufo')
-         self.do_offload_settings(ifaceobj, 'tx-offload', 'tx')
-         self.do_offload_settings(ifaceobj, 'rx-offload', 'rx')
-+        self.do_offload_settings(ifaceobj, 'rx-vlan-filter', 'rx-vlan-filter')
- 
-     def _pre_down(self, ifaceobj):
-         pass #self._post_up(ifaceobj,operation="_pre_down")
--- 
-2.39.2
-
diff --git a/debian/patches/upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch b/debian/patches/upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
deleted file mode 100644
index 0274279..0000000
--- a/debian/patches/upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0a856df326649e78f5e790e01ddd843ab551e5ba Mon Sep 17 00:00:00 2001
-From: Alexandre Derumier <aderumier@odiso.com>
-Date: Mon, 20 Nov 2023 12:55:11 +0100
-Subject: [PATCH] addons: vxlan: fix compare between remote-ips and
- old_remote_ips
-
-fix regression from
-https://github.com/CumulusNetworks/ifupdown2/commit/35a4278ffb588ddd9e610f9395853ff35923c069
-
-remote-ips can be None (with evpn for example) but old_remote_ips is an empty list.
-So the condition is always matching
-
-Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
----
- ifupdown2/addons/vxlan.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ifupdown2/addons/vxlan.py b/ifupdown2/addons/vxlan.py
-index 084aec9..e36d40c 100644
---- a/ifupdown2/addons/vxlan.py
-+++ b/ifupdown2/addons/vxlan.py
-@@ -1244,7 +1244,7 @@ class vxlan(Vxlan, moduleBase):
-         # purge any removed remote ip
-         old_remoteips = self.get_old_remote_ips(ifaceobj.name)
- 
--        if vxlan_purge_remotes or remoteips or (remoteips != old_remoteips):
-+        if vxlan_purge_remotes or (isinstance(remoteips,list) and remoteips != old_remoteips):
-             # figure out the diff for remotes and do the bridge fdb updates
-             # only if provisioned by user and not by an vxlan external
-             # controller.
--- 
-2.39.2
-
diff --git a/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch b/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
deleted file mode 100644
index e377e56..0000000
--- a/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 1303d9211d82326f7c55d56db13eed66bb1c6535 Mon Sep 17 00:00:00 2001
-From: Friedrich Weber <f.weber@proxmox.com>
-Date: Tue, 26 Sep 2023 13:33:36 +0200
-Subject: [PATCH] scheduler: avoid waiting for stdout eof of /etc/network/
- scripts
-
-Scripts in /etc/network/ are executed using `exec_command` which
-captures stdout by default, and thus waits for stdout end-of-file via
-`Popen.communicate()`. However, this can cause hangs if the network
-script executes a long-running command in the background. Can be
-reproduced by putting the following (executable) script in
-/etc/network/if-up.d/:
-
-	#!/bin/sh
-	sleep 5&
-
-This script will cause `ifreload -a` to wait for 5 seconds per network
-interface.
-
-To avoid waiting, do not capture stdout when executing /etc/network/
-scripts. This also improves compatibility with ifupdown, which runs
-the above script in the background.
-
-Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
----
- ifupdown2/ifupdown/scheduler.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ifupdown2/ifupdown/scheduler.py b/ifupdown2/ifupdown/scheduler.py
-index fda6ff2..e4d579f 100644
---- a/ifupdown2/ifupdown/scheduler.py
-+++ b/ifupdown2/ifupdown/scheduler.py
-@@ -142,7 +142,7 @@ class ifaceScheduler():
-             for mname in ifupdownobj.script_ops.get(op, []):
-                 ifupdownobj.logger.debug("%s: %s : running script %s" % (ifacename, op, mname))
-                 try:
--                    utils.exec_command(mname, env=command_env)
-+                    utils.exec_command(mname, env=command_env, stdout=False)
-                 except Exception as e:
-                     if "permission denied" in str(e).lower():
-                         ifupdownobj.logger.warning('%s: %s %s' % (ifacename, op, str(e)))
--- 
-2.39.2
-
diff --git a/debian/patches/upstream/0001-scheduler-import-traceback.patch b/debian/patches/upstream/0001-scheduler-import-traceback.patch
deleted file mode 100644
index 296445d..0000000
--- a/debian/patches/upstream/0001-scheduler-import-traceback.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 4b674a4c722c3e2072cf9e7d6d08195d9da7b698 Mon Sep 17 00:00:00 2001
-From: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
-Date: Mon, 26 Jun 2023 11:14:26 +0200
-Subject: [PATCH] scheduler: import traceback
-
-if a script in /etc/network/ifup.d/ is segfaulting,
-
-on config loading (ifup -a), ifupdown2 is stopping
-
-ifup -a
-"
-info: executing2 /etc/network/if-up.d/postfix
-debug: lo: up : running script /etc/network/if-up.d/resolved
-info: executing2 /etc/network/if-up.d/resolved
-error: name 'traceback' is not defined
-debug: saving state ..
-info: exit status 1
-"
-
-with this fix:
-
-debug: lo: up : running script /etc/network/if-up.d/resolved
-info: executing2 /etc/network/if-up.d/resolved
-  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 325, in run_iface_list
-    cls.run_iface_graph(ifupdownobj, ifacename, ops, parent,
-  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 315, in run_iface_graph
-    cls.run_iface_list_ops(ifupdownobj, ifaceobjs, ops)
-  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 188, in run_iface_list_ops
-    cls.run_iface_op(ifupdownobj, ifaceobj, op,
-  File "/usr/share/ifupdown2/ifupdown/scheduler.py", line 150, in run_iface_op
-    ifupdownobj.log_error('%s: %s %s' % (ifacename, op, str(e)))
-  File "/usr/share/ifupdown2/ifupdown/ifupdownmain.py", line 226, in log_error
-    raise Exception(str)
-error: lo : lo: up cmd '/etc/network/if-up.d/resolved' failed: returned -11
-debug: vmbr0: found dependents ['bond0']
-debug: bond0: found dependents ['enp65s0d1', 'enp65s0']
-info: enp65s0d1: running ops ...
-...
-...
-
-Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
----
- ifupdown2/ifupdown/scheduler.py | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ifupdown2/ifupdown/scheduler.py b/ifupdown2/ifupdown/scheduler.py
-index 154e557..fda6ff2 100644
---- a/ifupdown2/ifupdown/scheduler.py
-+++ b/ifupdown2/ifupdown/scheduler.py
-@@ -9,6 +9,7 @@
- 
- import os
- import sys
-+import traceback
- 
- from collections import OrderedDict
- 
--- 
-2.39.2
-
diff --git a/debian/patches/upstream/0001-vxlan-fix-vni-filter.patch b/debian/patches/upstream/0001-vxlan-fix-vni-filter.patch
deleted file mode 100644
index 3944dc6..0000000
--- a/debian/patches/upstream/0001-vxlan-fix-vni-filter.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 1707ffa1ceef7f8f444bdb4ad3477700d99feffb Mon Sep 17 00:00:00 2001
-From: Vincent Bernat <vincent@bernat.ch>
-Date: Mon, 4 Sep 2023 18:36:51 +0200
-Subject: [PATCH] addons: vxlan: fix VNI filter on single VXLAN device
-
-In af8d5db22b10909ff06032f1a2acc2f745d1f65b, the transformation of
-`vnis` (list) to `vnisd` (dictionary) left a reference to `vnis` which
-is now undefined. We just remove the line as the conversion from range
-to ints is done earlier in the function.
-
-Signed-off-by: Vincent Bernat <vincent@bernat.ch>
----
- ifupdown2/addons/vxlan.py | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/ifupdown2/addons/vxlan.py b/ifupdown2/addons/vxlan.py
-index 084aec98..3bde50aa 100644
---- a/ifupdown2/addons/vxlan.py
-+++ b/ifupdown2/addons/vxlan.py
-@@ -1049,7 +1049,6 @@ def single_vxlan_device_vni_filter(self, ifaceobj, vxlan_mcast_grp):
-                 self.logger.error("%s: %s (%s)" %(ifaceobj.name, vlan_vni_map, str(e)))
-                 return
- 
--        vnis_int = utils.ranges_to_ints(vnis)
-         self.iproute2.bridge_link_update_vni_filter(ifaceobj.name, vnisd)
- 
-     def check_and_raise_svd_tvd_errors(self, ifaceobj):
diff --git a/debian/rules b/debian/rules
index cb315fe..491a75c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,8 +4,11 @@
 export PYBUILD_NAME=ifupdown2
 export PYBUILD_INSTALL_ARGS=--install-lib=/usr/share/ --install-scripts=/usr/share/
 
+# tests are end-to-end and have external dependencies such as test machines
+export PYBUILD_DISABLE=test
+
 %:
-	dh $@ --with=python3 --buildsystem=pybuild
+	dh $@ --with=python3 --with-systemd --buildsystem=pybuild
 
 override_dh_installman:
 	./ifupdown2/man/genmanpages.sh ./ifupdown2/man ./man
diff --git a/ifupdown2 b/ifupdown2
index a052254..834bd6d 160000
--- a/ifupdown2
+++ b/ifupdown2
@@ -1 +1 @@
-Subproject commit a0522546b848435115a20eb647f87ade01761a33
+Subproject commit 834bd6db936eb3f55f56a8b565b93b33cda0bae3
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH ifupdown2 3/7] d/changelog: merge in upstream changelog

[Christoph Heiss]

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
 debian/changelog | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 689cc1c..ccb4558 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,48 @@
+ifupdown2 (3.9.0) unstable; urgency=medium
+
+  * New: ifreload: new --diff cli argument: only reload delta between /e/n/i
+  * New: Support for Per-VLAN Rapid Spanning Tree attributes:
+    mstpctl-pvrst-mode (on/off): Enable/disable PVRST mode
+    mstpctl-vlan-priority (range 4096-32768)
+    mstpctl-vlan-hello (range 1-10)
+    mstpctl-vlan-fdelay (range 4-30)
+    mstpctl-vlan-maxage (range 6-40)
+    mstpctl-port-vlan-path-cost (range 1-200000000)
+    mstpctl-port-vlan-priority  (range 0-240)
+  * New: Get default mac address from policy file as 'address' iface_default
+  * New: Enable per vlan snooping when config mcqv4src
+  * New: Add vxlan hopping filter
+  * New: Add support for setting mac addresses via iface_defaults policy
+  * New: Reset mac address on switch port when 'hwaddress' is removed from eni
+  * New: Policy "dhclient_no_wait_on_reload": dhclient won't wait (default off)
+  * Fix: Bring DHCP config down if link-down yes is set
+  * Fix: Various code cleanups (SonarQube)
+  * Fix: Macvlan/VRR: set accept_dad=0 before link up
+  * Fix: Flush DHCP lease on boot up
+  * Fix: Disable persistent debug log for ifquery
+  * Fix:
+  * Fix: Vxlan clear last fdb entry when remoteip is removed from user config
+  * Fix: Vxlan reset local and group ip when removed from user config
+  * Fix: Re-applying link-speed to reset link-lanes to default when removed
+  * Fix: Missing json import in networkinterfaces.py and vxlan.py
+  * Fix: Nlmanager Invalid operation on null-like value range_flag
+  * Deprecated: remove bridge-hashel default value
+
+ -- Julien Fortin <jfortin@nvidia.com>  Wed, 04 Dec 2024 23:42:00 -0800
+
+ifupdown2 (3.3.0) unstable; urgency=medium
+
+  * New: performance improvement: replace glob.glob with os.listdir
+  * New: bridge: Do not create untagged vlans on "external" vxlan ports
+  * New: Attribute: "disable-ipv6" to control ipv6 on an interface
+  * New: Policy: "default_loopback_scope" control loopback ip scope
+  * Fix: keep link down after mac change if 'link-down yes' is specified
+  * Fix: addressvirtual: stale mac detection is missing vrr without ip
+  * Fix: bond: warn if sub interface is detected on bond slave
+  * Fix: bridge: update bridge-fd valid range to 2-255
+
+ -- Julien Fortin <jfortin@nvidia.com>  Thu, 04 May 2023 23:42:42 -0700
+
 ifupdown2 (3.2.0-1+pmx11) bookworm; urgency=medium
 
   * slaac: avoid setting sysctl's for bridge twice
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH ifupdown2 4/7] d/patches: revert broken bridge-fd `validrange` clamping

[Christoph Heiss]

See the patch itself for the rationale behind it.

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
 ...-bridge-update-bridge-fd-valid-range.patch | 55 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 debian/patches/pve/0012-Revert-addons-bridge-update-bridge-fd-valid-range.patch

diff --git a/debian/patches/pve/0012-Revert-addons-bridge-update-bridge-fd-valid-range.patch b/debian/patches/pve/0012-Revert-addons-bridge-update-bridge-fd-valid-range.patch
new file mode 100644
index 0000000..dbb8bfa
--- /dev/null
+++ b/debian/patches/pve/0012-Revert-addons-bridge-update-bridge-fd-valid-range.patch
@@ -0,0 +1,55 @@
+From 691b3a80713f4afb144f058610fc0a83ceb14be9 Mon Sep 17 00:00:00 2001
+From: Christoph Heiss <c.heiss@proxmox.com>
+Date: Thu, 17 Apr 2025 11:49:52 +0200
+Subject: [PATCH] Revert "addons: bridge: update bridge-fd valid range"
+
+This reverts commit 74d286d18f89d4f54c10dac2d2284408d46b5c0e.
+
+When STP is disabled on the bridge (i.e. `bridge-stp off`), 0 is
+actually a valid value for the bridge forward delay, aka. `bridge-fd 0`.
+
+According to kernel commit
+
+  8a921265e ("Revert "bridge: Allow forward delay to be cfgd when STP enabled"")
+
+this is actually by design [0], to immediately mark the bridge as
+forwarding with STP turned off.
+
+So revert the broken upstream commit.
+
+[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8a921265e2cd31e61a0c2eda582af54c5bfef897
+
+Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
+---
+ debian/changelog           | 1 -
+ ifupdown2/addons/bridge.py | 2 +-
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/debian/changelog b/debian/changelog
+index ed0d6622..9e8f12a0 100644
+--- a/debian/changelog
++++ b/debian/changelog
+@@ -39,7 +39,6 @@ ifupdown2 (3.3.0) unstable; urgency=medium
+   * Fix: keep link down after mac change if 'link-down yes' is specified
+   * Fix: addressvirtual: stale mac detection is missing vrr without ip
+   * Fix: bond: warn if sub interface is detected on bond slave
+-  * Fix: bridge: update bridge-fd valid range to 2-255
+ 
+  -- Julien Fortin <jfortin@nvidia.com>  Thu, 04 May 2023 23:42:42 -0700
+ 
+diff --git a/ifupdown2/addons/bridge.py b/ifupdown2/addons/bridge.py
+index e70710ee..5a38d56c 100644
+--- a/ifupdown2/addons/bridge.py
++++ b/ifupdown2/addons/bridge.py
+@@ -98,7 +98,7 @@ class bridge(Bridge, moduleBase):
+             },
+             "bridge-fd": {
+                 "help": "bridge forward delay",
+-                "validrange": ["2", "255"],
++                "validrange": ["0", "255"],
+                 "example": ["bridge-fd 15"],
+                 "default": "15"
+             },
+-- 
+2.48.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 23ccbe6..eab43d8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ pve/0008-lacp-bond-remove-bond-min-links-0-warning.patch
 pve/0009-gvgeb-fix-python-interpreter-shebang.patch
 pve/0010-main-ignore-dpkg-files-when-running-hook-scripts.patch
 pve/0011-setup-drop-faulty-install-line-for-non-existing-ifup.patch
+pve/0012-Revert-addons-bridge-update-bridge-fd-valid-range.patch
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH ifupdown2 5/7] bump version to 3.9.0-1+pmx1

[Christoph Heiss]

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
 debian/changelog | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ccb4558..53c781d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+ifupdown2 (3.9.0-1+pmx1) bookworm; urgency=medium
+
+  * update to 3.9.0 upstream release
+
+  * drop old upstreamed patches
+
+  * revert upstream commit "addons: bridge: update bridge-fd valid range",
+    which changed the minimum value from 0 to 2, although 0 is a valid value
+
+ -- Proxmox Support Team <support@proxmox.com>  Wed, 22 Apr 2025 12:23:19 +0200
+
 ifupdown2 (3.9.0) unstable; urgency=medium
 
   * New: ifreload: new --diff cli argument: only reload delta between /e/n/i
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [RFC PATCH ifupdown2 6/7] d/patches: add patch for adding IPv6 vxlan-local-tunnelip

[Christoph Heiss]

This patch makes it possible to use an IPv6 address for the local VXLAN
tunnel address.

Upstream-Link: https://github.com/CumulusNetworks/ifupdown2/pull/315
Suggested-by: Stefan Hanreich <s.hanreich@proxmox.com>
Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
Stefan suggested the inclusion of this patch, as it's been a fairly
requested features.

Split it off completely from the other changes and marked it as RFC tho,
as upstream still doesn't seem to have decided if the attribute should
be renamed to `vxlan-local-tunnelip6`. Pulling it in now would mean that
we're "stuck" with that name, if we don't want to break users later on,
if the attribute is really renamed.

(Or we could support both styles in that case.)

 debian/patches/series                         |   1 +
 ...upport-for-IPv6-vxlan-local-tunnelip.patch | 127 ++++++++++++++++++
 2 files changed, 128 insertions(+)
 create mode 100644 debian/patches/upstream/0002-vxlan-Add-support-for-IPv6-vxlan-local-tunnelip.patch

diff --git a/debian/patches/series b/debian/patches/series
index eab43d8..c74322a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 upstream/0001-add-IPv6-SLAAC-support-inet6-auto-and-router-adverti.patch
+upstream/0002-vxlan-Add-support-for-IPv6-vxlan-local-tunnelip.patch
 pve/0001-don-t-remove-tap-veth-fwpr-interfaces-from-bridge-on.patch
 pve/0002-add-dummy-mtu-bridgevlanport-modules.patch
 pve/0003-don-t-remove-bridge-is-tap-veth-are-still-plugged.patch
diff --git a/debian/patches/upstream/0002-vxlan-Add-support-for-IPv6-vxlan-local-tunnelip.patch b/debian/patches/upstream/0002-vxlan-Add-support-for-IPv6-vxlan-local-tunnelip.patch
new file mode 100644
index 0000000..84bcd00
--- /dev/null
+++ b/debian/patches/upstream/0002-vxlan-Add-support-for-IPv6-vxlan-local-tunnelip.patch
@@ -0,0 +1,127 @@
+From acd3065a3c509a57be7077c38c19536c78e351f6 Mon Sep 17 00:00:00 2001
+From: Wido den Hollander <wido@widodh.nl>
+Date: Thu, 17 Apr 2025 10:44:44 +0200
+Subject: [PATCH] vxlan: Add support for IPv6 vxlan-local-tunnelip
+
+This commit adds the option to pass an IPv6 address instead of an IPv4 address to use as
+local tunnel IP address. With this change it's possible to use IPv6 as the underlay for
+a VXLAN based network without the need for IPv4.
+
+Upstream-Link: https://github.com/CumulusNetworks/ifupdown2/pull/315
+---
+ ifupdown2/addons/vxlan.py | 12 +++++++-----
+ ifupdown2/lib/iproute2.py | 23 ++++++++++++++++-------
+ 2 files changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/ifupdown2/addons/vxlan.py b/ifupdown2/addons/vxlan.py
+index 4cab0332..2f9174f8 100644
+--- a/ifupdown2/addons/vxlan.py
++++ b/ifupdown2/addons/vxlan.py
+@@ -51,7 +51,7 @@ class vxlan(Vxlan, moduleBase):
+             },
+             "vxlan-local-tunnelip": {
+                 "help": "vxlan local tunnel ip",
+-                "validvals": ["<ipv4>"],
++                "validvals": ["<ipv4>", "<ipv6>"],
+                 "example": ["vxlan-local-tunnelip 172.16.20.103"]
+             },
+             "vxlan-svcnodeip": {
+@@ -547,7 +547,7 @@ class vxlan(Vxlan, moduleBase):
+
+         if local:
+             try:
+-                local = ipnetwork.IPv4Address(local)
++                local = ipnetwork.IPAddress(local)
+
+                 if local.initialized_with_prefixlen:
+                     self.logger.warning("%s: vxlan-local-tunnelip %s: netmask ignored" % (ifname, local))
+@@ -1182,7 +1182,8 @@ class vxlan(Vxlan, moduleBase):
+                         vxlan_physdev,
+                         user_request_vxlan_info_data.get(Link.IFLA_VXLAN_PORT),
+                         vxlan_vnifilter,
+-                        vxlan_ttl
++                        vxlan_ttl,
++                        local.version
+                     )
+                 elif ifaceobj.link_privflags & ifaceLinkPrivFlags.L3VXI:
+                     self.iproute2.link_add_l3vxi(
+@@ -1192,7 +1193,8 @@ class vxlan(Vxlan, moduleBase):
+                         group.ip if group else None,
+                         vxlan_physdev,
+                         user_request_vxlan_info_data.get(Link.IFLA_VXLAN_PORT),
+-                        vxlan_ttl
++                        vxlan_ttl,
++                        local.version
+                     )
+                 else:
+                     try:
+@@ -1245,7 +1247,7 @@ class vxlan(Vxlan, moduleBase):
+         if remoteips:
+             try:
+                 for remoteip in remoteips:
+-                    ipnetwork.IPv4Address(remoteip)
++                    ipnetwork.IPAddress(remoteip)
+             except Exception as e:
+                 self.log_error('%s: vxlan-remoteip: %s' % (ifaceobj.name, str(e)))
+         else:
+diff --git a/ifupdown2/lib/iproute2.py b/ifupdown2/lib/iproute2.py
+index 5f1d6006..d40f51d9 100644
+--- a/ifupdown2/lib/iproute2.py
++++ b/ifupdown2/lib/iproute2.py
+@@ -283,7 +283,12 @@ class IPRoute2(Cache, Requirements):
+
+     ###
+
+-    def link_add_single_vxlan(self, link_exists, ifname, ip, group, physdev, port, vnifilter="off", ttl=None):
++    def link_add_single_vxlan(self, link_exists, ifname, ip, group, physdev, port, vnifilter="off", ttl=None, ipversion=4):
++        cmd = []
++
++        if ipversion == 6:
++            cmd.append("-6")
++
+         if link_exists:
+             self.logger.info("updating single vxlan device: %s" % ifname)
+
+@@ -291,11 +296,10 @@ class IPRoute2(Cache, Requirements):
+             # drop the external keyword:
+             # $ ip link set dev vxlan0 type vxlan external local 27.0.0.242 dev ipmr-lo
+             # Error: vxlan: cannot change COLLECT_METADATA flag.
+-            cmd = ["link set dev %s type vxlan" % ifname]
++            cmd.append("link set dev %s type vxlan" % ifname)
+         else:
+             self.logger.info("creating single vxlan device: %s" % ifname)
+-
+-            cmd = ["link add dev %s type vxlan external" % ifname]
++            cmd.append("link add dev %s type vxlan external" % ifname)
+
+             # when changing local ip, if we specify vnifilter we get:
+             # Error: vxlan: cannot change flag.
+@@ -321,17 +325,22 @@ class IPRoute2(Cache, Requirements):
+         self.__execute_or_batch(utils.ip_cmd, " ".join(cmd))
+         self.__update_cache_after_link_creation(ifname, "vxlan")
+
+-    def link_add_l3vxi(self, link_exists, ifname, ip, group, physdev, port, ttl=None):
++    def link_add_l3vxi(self, link_exists, ifname, ip, group, physdev, port, ttl=None, ipversion=4):
+         self.logger.info("creating l3vxi device: %s" % ifname)
+
++        cmd = []
++
++        if ipversion == 6:
++            cmd.append("-6")
++
+         if link_exists:
+             # When updating an SVD we need to use `ip link set` and we have to
+             # drop the external keyword:
+             # $ ip link set dev vxlan0 type vxlan external local 27.0.0.242 dev ipmr-lo
+             # Error: vxlan: cannot change COLLECT_METADATA flag.
+-            cmd = ["link set dev %s type vxlan" % ifname]
++            cmd.append("link set dev %s type vxlan" % ifname)
+         else:
+-            cmd = ["link add dev %s type vxlan external vnifilter" % ifname]
++            cmd.append("link add dev %s type vxlan external vnifilter" % ifname)
+             # when changing local ip, if we specify vnifilter we get:
+             # Error: vxlan: cannot change flag.
+             # So we are only setting this attribute on vxlan creation
+--
+2.48.1
+
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [RFC PATCH ifupdown2 7/7] bump version to 3.9.0-1+pmx2

[Christoph Heiss]

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>
---
 debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 53c781d..584b410 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+ifupdown2 (3.9.0-1+pmx2) bookworm; urgency=medium
+
+  * add patch for IPv6 vxlan-local-tunnelip support
+
+ -- Proxmox Support Team <support@proxmox.com>  Tue, 22 Apr 2025 12:45:30 +0200
+
 ifupdown2 (3.9.0-1+pmx1) bookworm; urgency=medium
 
   * update to 3.9.0 upstream release
-- 
2.49.0



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel