From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id B9F601FF16F for ; Tue, 30 Sep 2025 16:10:17 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A520D9266; Tue, 30 Sep 2025 16:10:22 +0200 (CEST) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Date: Tue, 30 Sep 2025 16:09:46 +0200 Message-ID: <20250930140948.265119-1-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.182 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record Subject: [pve-devel] [PATCH ifupdown2 1/1] d/patches: allow subinterfaces on bond members X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" ifupdown2 commit c50aff4f702ea366955552865aceab5b3735513a introduced a change that disallows creating subinterfaces (e.g. VLAN) on top of interfaces that are members of a bond. This breaks a setup that is common to users utilizing storage boxes via iSCSI multipath where a bond is defined on two interfaces and used for e.g. VM traffic, but a specific VLAN is configured on the bond members themselves and used as storage network. An example ifupdown2 configuration might look like this: auto bond0 iface bond0 inet manual bond-slaves eth1 eth2 [..] auto eth1.123 iface eth1.123 inet static address 192.0.2.1/24 auto eth2.123 iface eth2.123 inet static address 192.0.2.2/24 ifupdown2 then errors out with the message: bond0 : error: bond0: sub interfaces are not allowed on bond slave: eth1.123 The kernel networking stack itself allows creating VLAN devices on top of interfaces that are bond members manually. And the setup generally works fine if certain precautions are taken when utilizing the same subnet on multiple interfaces (setting arp_ignore or utilizing VRFs). So whilst not the most optimal setup, it seems to be quite common with users of storage boxes and there's not really an escape hatch except for bypassing our tooling and configuring everything manually. To enable configuring that setup via our networking stack again, revert the respective patch. This has been reported multiple times in the forum [1], as well as in our enterprise support. [1] https://forum.proxmox.com/threads/pve9-unable-to-share-vlan-and-bridge-on-same-port-vs-pve8.170428/#post-804300 Signed-off-by: Stefan Hanreich --- ...-interface-is-detected-on-bond-slave.patch | 59 +++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 60 insertions(+) create mode 100644 debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch diff --git a/debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch b/debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch new file mode 100644 index 0000000..18a2e94 --- /dev/null +++ b/debian/patches/pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch @@ -0,0 +1,59 @@ +From 9a5516c7fdcb35c7a4911bbf2b6bbf1708e5b976 Mon Sep 17 00:00:00 2001 +From: Stefan Hanreich +Date: Tue, 30 Sep 2025 15:50:33 +0200 +Subject: [PATCH] Revert "addons: bond: warn if sub interface is detected on + bond slave" + +This reverts commit c50aff4f702ea366955552865aceab5b3735513a. + +Signed-off-by: Stefan Hanreich +--- + ifupdown2/addons/bond.py | 18 +----------------- + 1 file changed, 1 insertion(+), 17 deletions(-) + +diff --git a/ifupdown2/addons/bond.py b/ifupdown2/addons/bond.py +index f2d38de..74d2cab 100644 +--- a/ifupdown2/addons/bond.py ++++ b/ifupdown2/addons/bond.py +@@ -362,7 +362,7 @@ class bond(Addon, moduleBase): + def compare_bond_and_slave_speed(self, bond_ifaceobj, slave_ifname, slave_speed): + if self.current_bond_speed != slave_speed: + self.log_error( +- "%s: ignoring device due to device's speed (%s) mismatching bond (%s) speed (%s)" ++ "%s: ignoring device to due device's speed (%s) mismatching bond (%s) speed (%s)" + % (slave_ifname, slave_speed, bond_ifaceobj.name, self.current_bond_speed), + ifaceobj=bond_ifaceobj + ) +@@ -407,19 +407,6 @@ class bond(Addon, moduleBase): + bond_speed = slave_speed + return bond_speed + +- def get_bond_slave_upper_dev_ifaceobj(self, ifname, ifaceobj_getfunc): +- for ifaceobj in ifaceobj_getfunc(ifname): +- yield from ifaceobj.upperifaces or [] +- +- def slave_has_no_subinterface(self, bond_ifaceobj, slave, ifaceobj_getfunc): +- for upper_ifname in self.get_bond_slave_upper_dev_ifaceobj(slave, ifaceobj_getfunc): +- if upper_ifname != bond_ifaceobj.name: +- self.log_error( +- f"{bond_ifaceobj.name}: sub interfaces are not allowed on bond slave: {slave} ({upper_ifname})", +- bond_ifaceobj +- ) +- return True +- + def _add_slaves(self, ifaceobj, runningslaves, ifaceobj_getfunc=None): + # reset the current_bond_speed + self.current_bond_speed = -1 +@@ -452,9 +439,6 @@ class bond(Addon, moduleBase): + except Exception as e: + self.logger.debug("%s: bond-slave (%s) speed validation failed: %s" % (ifaceobj.name, slave, str(e))) + +- if not self.slave_has_no_subinterface(ifaceobj, slave, ifaceobj_getfunc): +- continue +- + link_up = False + if self.cache.link_is_up(slave): + self.netlink.link_down_force(slave) +-- +2.47.3 + diff --git a/debian/patches/series b/debian/patches/series index 266f57d..043e209 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -14,3 +14,4 @@ pve/0013-addons-nlcache-set-interface-alias-through-netlink-i.patch upstream/0001-add-ipv6-slaac-support-inet6-auto-and-accept_ra.patch upstream/0001-use-raw-strings-for-regex-to-fix-backslash-interpret.patch pve/0014-nlmanager-read-ipv6-devconf-disable_ipv6-attribute-t.patch +pve/0015-revert-addons-bond-warn-if-sub-interface-is-detected-on-bond-slave.patch -- 2.47.3 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel