From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-network v3 7/9] api: nodes: zones: add bridge status
Date: Fri, 7 Nov 2025 15:31:42 +0100 [thread overview]
Message-ID: <20251107143201.689035-29-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20251107143201.689035-1-s.hanreich@proxmox.com>
This endpoint returns an overview of all ports that are currently
members of a bridge (the running state). Additionally it provides
information about the configured VLANs on VLAN-aware bridges. If the
special zone name 'localnetwork' is used, then this endpoint returns
the information for all bridges that are configured outside of SDN via
/etc/network/interfaces.
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/API2/Network/SDN/Nodes/Zone.pm | 173 +++++++++++++++++++++++++
1 file changed, 173 insertions(+)
diff --git a/src/PVE/API2/Network/SDN/Nodes/Zone.pm b/src/PVE/API2/Network/SDN/Nodes/Zone.pm
index 1e963fc..d7312df 100644
--- a/src/PVE/API2/Network/SDN/Nodes/Zone.pm
+++ b/src/PVE/API2/Network/SDN/Nodes/Zone.pm
@@ -124,4 +124,177 @@ __PACKAGE__->register_method({
},
});
+__PACKAGE__->register_method({
+ name => 'bridges',
+ path => 'bridges',
+ proxyto => 'node',
+ method => 'GET',
+ protected => 1,
+ description =>
+ "Get a list of all bridges (vnets) that are part of a zone, as well as the ports that are members of that bridge.",
+ permissions => {
+ check => ['perm', '/sdn/zones/{zone}', ['SDN.Audit']],
+ },
+ parameters => {
+ additionalProperties => 0,
+ properties => {
+ zone => {
+ type => 'string',
+ description => 'zone name or "localnetwork"',
+ },
+ node => get_standard_option('pve-node'),
+ },
+ },
+ returns => {
+ type => 'array',
+ items => {
+ description => 'List of bridges contained in the SDN zone.',
+ type => 'object',
+ properties => {
+ name => {
+ description => 'Name of the bridge.',
+ type => 'string',
+ },
+ vlan_filtering => {
+ description =>
+ 'Whether VLAN filtering is enabled for this bridge (= VLAN-aware).',
+ type => 'string',
+ },
+ ports => {
+ description => 'All ports that are members of the bridge',
+ type => 'array',
+ items => {
+ description => 'Information about bridge ports.',
+ type => 'object',
+ properties => {
+ name => {
+ description => 'The name of the bridge port.',
+ type => 'string',
+ },
+ vmid => {
+ description =>
+ 'The ID of the guest that this interface belongs to.',
+ type => 'number',
+ optional => 1,
+ },
+ index => {
+ description =>
+ 'The index of the guests network device that this interface belongs to.',
+ type => 'number',
+ optional => 1,
+ },
+ primary_vlan => {
+ description =>
+ 'The primary VLAN configured for the port of this bridge (= PVID). Only for VLAN-aware bridges.',
+ type => 'number',
+ optional => 1,
+ },
+ vlans => {
+ description =>
+ 'A list of VLANs and VLAN ranges that are allowed for this bridge port in addition to the primary VLAN. Only for VLAN-aware bridges.',
+ type => 'array',
+ items => {
+ description =>
+ 'A single VLAN (123) or a VLAN range (234-435).',
+ type => 'string',
+ },
+ optional => 1,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ code => sub {
+ my ($param) = @_;
+
+ my $zone_id = extract_param($param, 'zone');
+ my $rpcenv = PVE::RPCEnvironment::get();
+ my $authuser = $rpcenv->get_user();
+
+ my @bridges_in_zone;
+ if ($zone_id eq 'localnetwork') {
+ my $interface_config = PVE::INotify::read_file('interfaces', 1);
+ my $interfaces = $interface_config->{data}->{ifaces};
+
+ @bridges_in_zone =
+ grep { $interfaces->{$_}->{type} eq 'bridge' } keys $interfaces->%*;
+ } else {
+ my $zone = PVE::Network::SDN::Zones::get_zone($zone_id, 1);
+
+ raise_param_exc({
+ zone => "zone does not exist",
+ })
+ if !$zone;
+
+ my $vnet_cfg = PVE::Network::SDN::Vnets::config(1);
+ @bridges_in_zone =
+ grep { $vnet_cfg->{ids}->{$_}->{zone} eq $zone_id } keys $vnet_cfg->{ids}->%*;
+ }
+
+ my $ip_details = PVE::Network::ip_link_details();
+ my $vlan_information = PVE::IPRoute2::get_vlan_information();
+
+ my $result = {};
+ for my $bridge_name (@bridges_in_zone) {
+ next
+ if !$rpcenv->check_any(
+ $authuser,
+ "/sdn/zones/$zone_id/$bridge_name",
+ ['SDN.Audit', 'SDN.Allocate'],
+ 1,
+ );
+
+ my $ip_link = $ip_details->{$bridge_name};
+
+ $result->{$bridge_name} = {
+ name => $bridge_name,
+ vlan_filtering => $ip_link->{linkinfo}->{info_data}->{vlan_filtering},
+ ports => [],
+ };
+ }
+
+ for my $interface (values $ip_details->%*) {
+ if (PVE::IPRoute2::ip_link_is_bridge_member($interface)) {
+ my $master = $interface->{master};
+
+ # avoid potential TOCTOU by just skipping over the interface,
+ # if we didn't get the master from 'ip link'
+ next if !defined($result->{$master});
+
+ my $ifname = $interface->{ifname};
+
+ my $port = {
+ name => $ifname,
+ };
+
+ if ($ifname =~ m/^(?:fwpr(\d+)p(\d+)|veth(\d+)i(\d+)|tap(\d+)i(\d+))$/) {
+ $port->{vmid} = $1;
+ $port->{index} = $2;
+ }
+
+ if ($result->{$master}->{vlan_filtering} == 1) {
+ $port->{vlans} = [];
+
+ for my $vlan ($vlan_information->{$ifname}->{vlans}->@*) {
+ if (grep { $_ eq 'PVID' } $vlan->{flags}->@*) {
+ $port->{primary_vlan} = $vlan->{vlan};
+ } elsif ($vlan->{vlan} && $vlan->{vlanEnd}) {
+ push $port->{vlans}->@*, "$vlan->{vlan}-$vlan->{vlanEnd}";
+ } elsif ($vlan->{vlan}) {
+ push $port->{vlans}->@*, "$vlan->{vlan}";
+ }
+ }
+ }
+
+ push $result->{$master}->{ports}->@*, $port;
+ }
+ }
+
+ my @result = values $result->%*;
+ return \@result;
+ },
+});
+
1;
--
2.47.3
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-11-07 14:34 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 14:31 [pve-devel] [PATCH common/manager/network/proxmox{-ve-rs, -perl-rs} v3 00/39] Improve status reporting for SDN / networking Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-common v3 1/2] iproute2: add helper for detecting bridge members Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-common v3 2/2] iproute2: add helper for querying vlan information Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 1/7] frr: make room for deserialization structs Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 2/7] frr: add deserialization types for openfabric and ospf Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 3/7] ve-config: add helper function to iterate over all nodes in all fabrics Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 4/7] ve-config: add optional tag property to vnet Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 5/7] frr: fix some route deserialization types Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 6/7] frr: add deserialization types for EVPN Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-ve-rs v3 7/7] add derive PartialEq, Eq and HashMap->BTreeMap for tests Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 01/12] pve-rs: firewall: cargo: fmt Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 02/12] pve-rs: firewall: add missing documentation comments Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 03/12] pve-rs: cargo: bump proxmox-apt and proxmox-ve-config versions Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 04/12] pve-rs: fabrics: update proxmox-frr import path Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 05/12] pve-rs: fabrics: fix clippy lint warnings Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 06/12] pve-rs: fabrics: add function to get status of fabric Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 07/12] pve-rs: fabrics: add function to get l2vpn and l3vpn routes for evpn Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 08/12] pve-rs: fabrics: add function to get routes learned by a fabric Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 09/12] pve-rs: fabrics: add function to get the interfaces used for " Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 10/12] pve-rs: fabrics: add function to get the neighbors " Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 11/12] pve-rs: fabrics: add unit-tests for fabrics Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH proxmox-perl-rs v3 12/12] pve-rs: fabrics: add unit-tests for evpn l2vpn and l3vpn routes Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 1/9] refactor: rework api module structure for the /nodes/{node}/sdn subdir Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 2/9] fabrics: add fabrics status to SDN::status function Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 3/9] sdn: status: add zone type to sdn resource Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 4/9] api: nodes: fabrics: add endpoint for querying route status Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 5/9] api: nodes: fabrics: add endpoint for querying neighbor information Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 6/9] api: nodes: fabrics: add endpoint for querying interface status Stefan Hanreich
2025-11-07 14:31 ` Stefan Hanreich [this message]
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 8/9] api: nodes: zones: add ip vrf endpoint for evpn zones Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-network v3 9/9] api: nodes: vnets: add mac-vrf endpoint for evpn vnets Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 1/9] api: nodes: use new status module for sdn subdirectory Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 2/9] refactor: ui: sdn browser: parametrize zone content panel Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 3/9] pvestatd: add network resource to status reporting Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 4/9] pvestatd: sdn: adapt to changes in " Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 5/9] ui: resource tree: add network resource Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 6/9] ui: network browser: Add ip-vrf panel for evpn zones Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 7/9] ui: network browser: add mac vrf panel Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 8/9] ui: network browser: add zone bridge view Stefan Hanreich
2025-11-07 14:31 ` [pve-devel] [PATCH pve-manager v3 9/9] ui: sdn: status view: adapt to new network resource Stefan Hanreich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251107143201.689035-29-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox