From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 86A0A1FF179
	for <inbox@lore.proxmox.com>; Wed, 10 Dec 2025 19:42:50 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id D62A0358C;
	Wed, 10 Dec 2025 19:43:21 +0100 (CET)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Wed, 10 Dec 2025 19:42:44 +0100
Message-ID: <20251210184247.448937-3-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20251210184247.448937-1-s.hanreich@proxmox.com>
References: <20251210184247.448937-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.172 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH pve-manager 1/1] pve-sdn-commit: run for
 vlan/qinq zones on non-vlan-aware bridges
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

When using non-vlan-aware bridges for the VLAN or QinQ zones, the
generated SDN ifupdown2 configuration uses the physical NIC as port on
the generate vnet bridge, since it is not possible to create a VLAN
subinterface directly on the bridge.

This causes issues when pinning NIC names, after a VLAN or QinQ zone
has already been created on a non-vlan-aware zone. The name of the
physical interface changes after a reboot, but the generated SDN
configuration doesn't. Avoid this by detecting any VLAN / QinQ zone
that uses a non-vlan-aware bridge and regenerate the SDN configuration
in that case. This should also fix cases where the network interface
gets renamed for other reasons (e.g. not pinned network interfaces and
updates to the kernel).

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 bin/pve-sdn-commit | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/bin/pve-sdn-commit b/bin/pve-sdn-commit
index 525ba3b32..e322235f1 100644
--- a/bin/pve-sdn-commit
+++ b/bin/pve-sdn-commit
@@ -6,6 +6,7 @@ use warnings;
 use Time::HiRes qw(usleep);
 
 use PVE::Cluster;
+use PVE::Network;
 use PVE::Network::SDN;
 use PVE::Network::SDN::Zones;
 use PVE::Network::SDN::Vnets;
@@ -30,6 +31,29 @@ sub has_pending_changes {
     return 0;
 }
 
+sub ip_link_is_non_vlan_aware_bridge {
+    my ($ip_link) = @_;
+
+    return
+        defined($ip_link->{linkinfo})
+        && defined($ip_link->{linkinfo}->{info_kind})
+        && $ip_link->{linkinfo}->{info_kind} eq 'bridge'
+        && defined($ip_link->{linkinfo}->{info_data})
+        && defined($ip_link->{linkinfo}->{info_data}->{vlan_filtering})
+        && $ip_link->{linkinfo}->{info_data}->{vlan_filtering} == 0;
+}
+
+sub zone_uses_non_vlan_aware_bridge {
+    my ($zone, $ip_links) = @_;
+
+    return 0 if ($zone->{type} ne 'vlan' && $zone->{type} ne 'qinq');
+
+    my $ip_link = $ip_links->{ $zone->{bridge} };
+    return 0 if !defined($ip_link);
+
+    return ip_link_is_non_vlan_aware_bridge($ip_link);
+}
+
 sub sdn_changed {
     my $running_config = PVE::Network::SDN::running_config();
 
@@ -48,6 +72,16 @@ sub sdn_changed {
         return 1 if has_pending_changes($pending_config);
     }
 
+    my $ip_links = PVE::Network::ip_link_details();
+
+    for my $zone (values $configs->{zones}->{ids}->%*) {
+        return 1 if zone_uses_non_vlan_aware_bridge($zone, $ip_links);
+    }
+
+    for my $running_zone (values $running_config->{zones}->{ids}->%*) {
+        return 1 if zone_uses_non_vlan_aware_bridge($running_zone, $ip_links);
+    }
+
     return 0;
 }
 
-- 
2.47.3


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel