From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 89AB41FF179
	for <inbox@lore.proxmox.com>; Wed, 10 Dec 2025 19:42:07 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id DB3E830B3;
	Wed, 10 Dec 2025 19:42:40 +0100 (CET)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 10 Dec 2025 19:42:33 +0100
Message-ID: <20251210184236.448600-4-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20251210184236.448600-1-s.hanreich@proxmox.com>
References: <20251210184236.448600-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.174 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH pve-manager 1/1] pve-sdn-commit: run for
 vlan/qinq zones on non-vlan-aware bridges
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

When using non-vlan-aware bridges for the VLAN or QinQ zones, the
generated SDN ifupdown2 configuration uses the physical NIC as port on
the generated vnet bridge, since it is not possible to create a VLAN
subinterface directly on the bridge.

This causes issues when pinning NIC names, after a VLAN or QinQ zone
has already been created on a non-vlan-aware zone. The name of the
physical interface changes after a reboot, but the generated SDN
configuration doesn't. Avoid this by detecting any VLAN / QinQ zone
that uses a non-vlan-aware bridge and regenerate the SDN configuration
in that case. This should also fix cases where the network interface
gets renamed for other reasons (e.g. not pinned network interfaces and
updates to the kernel).

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 bin/pve-sdn-commit | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/bin/pve-sdn-commit b/bin/pve-sdn-commit
index 6eeba301c..aa7e9b290 100644
--- a/bin/pve-sdn-commit
+++ b/bin/pve-sdn-commit
@@ -6,6 +6,7 @@ use warnings;
 use Time::HiRes qw(usleep);
 
 use PVE::Cluster;
+use PVE::IPRoute2;
 use PVE::Network::SDN;
 use PVE::Network::SDN::Zones;
 use PVE::Network::SDN::Vnets;
@@ -53,6 +54,17 @@ sub fabrics_changed {
     return has_pending_changes($pending_fabrics) || has_pending_changes($pending_nodes);
 }
 
+sub zone_uses_non_vlan_aware_bridge {
+    my ($zone, $ip_links) = @_;
+
+    return 0 if ($zone->{type} ne 'vlan' && $zone->{type} ne 'qinq');
+
+    my $ip_link = $ip_links->{ $zone->{bridge} };
+    return 0 if !defined($ip_link);
+
+    return !PVE::IPRoute2::bridge_is_vlan_aware($ip_link);
+}
+
 sub sdn_changed {
     my $running_config = PVE::Network::SDN::running_config();
 
@@ -71,6 +83,16 @@ sub sdn_changed {
         return 1 if has_pending_changes($pending_config);
     }
 
+    my $ip_links = PVE::IPRoute2::ip_link_details();
+
+    for my $zone (values $configs->{zones}->{ids}->%*) {
+        return 1 if zone_uses_non_vlan_aware_bridge($zone, $ip_links);
+    }
+
+    for my $running_zone (values $running_config->{zones}->{ids}->%*) {
+        return 1 if zone_uses_non_vlan_aware_bridge($running_zone, $ip_links);
+    }
+
     return fabrics_changed();
 }
 
-- 
2.47.3


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel