From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 1D17A1FF13A
	for <inbox@lore.proxmox.com>; Wed, 13 May 2026 19:51:36 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 77A7B18E9C;
	Wed, 13 May 2026 19:51:33 +0200 (CEST)
From: Hannes Laimer <h.laimer@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network] sdn: zones: support IPv6 peers in local underlay
 selection
Date: Wed, 13 May 2026 19:51:22 +0200
Message-ID: <20260513175122.447818-1-h.laimer@proxmox.com>
X-Mailer: git-send-email 2.47.3
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1778694680818
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -0.119 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	POISEN_SPAM_PILL          0.1 Meta: its spam
	POISEN_SPAM_PILL_1        0.1 random spam to be learned in bayes
	POISEN_SPAM_PILL_3        0.1 random spam to be learned in bayes
	PROLO_LEO1                0.1 Meta Catches all Leo drug variations so far
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: HBMJXGCJWE3RWDTVCON4H3GTO73AYAZR
X-Message-ID-Hash: HBMJXGCJWE3RWDTVCON4H3GTO73AYAZR
X-MailFrom: h.laimer@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

The local underlay selection only checked the IPv4 `address` key, so a
peer list of IPv6 addresses always returned undef and callers using an
IPv6 underlay could not locate the local node.

Check both address families so the selection works for IPv6 as well.

Signed-off-by: Hannes Laimer <h.laimer@proxmox.com>
---
 src/PVE/Network/SDN/Zones/Plugin.pm           | 70 +++++++++++++++++--
 .../zones/vxlan/ipv6/expected_sdn_interfaces  | 15 ++++
 src/test/zones/vxlan/ipv6/interfaces          |  7 ++
 src/test/zones/vxlan/ipv6/sdn_config          | 17 +++++
 4 files changed, 102 insertions(+), 7 deletions(-)
 create mode 100644 src/test/zones/vxlan/ipv6/expected_sdn_interfaces
 create mode 100644 src/test/zones/vxlan/ipv6/interfaces
 create mode 100644 src/test/zones/vxlan/ipv6/sdn_config

diff --git a/src/PVE/Network/SDN/Zones/Plugin.pm b/src/PVE/Network/SDN/Zones/Plugin.pm
index 5d858af..74a3384 100644
--- a/src/PVE/Network/SDN/Zones/Plugin.pm
+++ b/src/PVE/Network/SDN/Zones/Plugin.pm
@@ -4,6 +4,7 @@ use strict;
 use warnings;
 
 use PVE::Tools qw(run_command);
+use Net::IP qw(ip_get_version);
 use PVE::IPRoute2;
 use PVE::JSONSchema;
 use PVE::Cluster;
@@ -267,6 +268,43 @@ sub del_bridge_fdb {
 
 #helper
 
+sub normalize_ip {
+    my ($ip) = @_;
+
+    return undef if !defined($ip);
+    $ip =~ s!/.*$!!;
+    return $ip;
+}
+
+# Return 4 or 6 for the IP family of $address (with optional /prefix), or undef
+# if $address is not parseable. Net::IP::ip_get_version rejects strings with a
+# /prefix, so strip that first via normalize_ip.
+sub ip_family {
+    my ($address) = @_;
+
+    my $ip = normalize_ip($address);
+    return defined($ip) ? ip_get_version($ip) : undef;
+}
+
+sub get_iface_addresses {
+    my ($iface_cfg) = @_;
+
+    return () if !$iface_cfg;
+
+    my @addrs;
+    for my $key (qw(address address6)) {
+        my $val = $iface_cfg->{$key};
+        next if !defined($val);
+        if (ref($val) eq 'ARRAY') {
+            push @addrs, @$val;
+        } else {
+            push @addrs, $val;
+        }
+    }
+
+    return @addrs;
+}
+
 sub get_local_route_ip {
     my ($targetip) = @_;
 
@@ -291,21 +329,39 @@ sub get_local_route_ip {
 sub find_local_ip_interface_peers {
     my ($peers, $iface) = @_;
 
+    $peers //= [];
+
     my $network_config = PVE::INotify::read_file('interfaces');
     my $ifaces = $network_config->{ifaces};
 
     #if iface is defined, return ip if exist (if not,try to find it on other ifaces)
     if ($iface) {
-        my $ip = $ifaces->{$iface}->{address};
-        return ($ip, $iface) if $ip;
+        my @iface_addrs = get_iface_addresses($ifaces->{$iface});
+        if (!@$peers && @iface_addrs) {
+            my $ip = normalize_ip($iface_addrs[0]);
+            return ($ip, $iface) if $ip;
+        }
+        foreach my $address (@$peers) {
+            my $family = ip_family($address) // next;
+            foreach my $iface_addr (@iface_addrs) {
+                next if ip_family($iface_addr) != $family;
+                my $ip = normalize_ip($iface_addr);
+                return ($ip, $iface) if $ip;
+            }
+        }
     }
 
     #is a local ip member of peers list ?
-    foreach my $address (@{$peers}) {
-        while (my $interface = each %$ifaces) {
-            my $ip = $ifaces->{$interface}->{address};
-            if ($ip && $ip eq $address) {
-                return ($ip, $interface);
+    foreach my $address (@$peers) {
+        my $peer_ip = normalize_ip($address);
+        my $family = ip_family($peer_ip) // next;
+        foreach my $interface (keys %$ifaces) {
+            foreach my $iface_addr (get_iface_addresses($ifaces->{$interface})) {
+                next if ip_family($iface_addr) != $family;
+                my $ip = normalize_ip($iface_addr);
+                if ($ip && $ip eq $peer_ip) {
+                    return ($ip, $interface);
+                }
             }
         }
     }
diff --git a/src/test/zones/vxlan/ipv6/expected_sdn_interfaces b/src/test/zones/vxlan/ipv6/expected_sdn_interfaces
new file mode 100644
index 0000000..032ab99
--- /dev/null
+++ b/src/test/zones/vxlan/ipv6/expected_sdn_interfaces
@@ -0,0 +1,15 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	bridge_ports vxlan_myvnet
+	bridge_stp off
+	bridge_fd 0
+	mtu 1450
+
+auto vxlan_myvnet
+iface vxlan_myvnet
+	vxlan-id 100
+	vxlan_remoteip 2a08:2200:100:1::11
+	vxlan_remoteip 2a08:2200:100:1::12
+	mtu 1450
diff --git a/src/test/zones/vxlan/ipv6/interfaces b/src/test/zones/vxlan/ipv6/interfaces
new file mode 100644
index 0000000..7f9b1ad
--- /dev/null
+++ b/src/test/zones/vxlan/ipv6/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet6 static
+	address 2a08:2200:100:1::10/64
+	gateway 2a08:2200:100:1::1
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0
diff --git a/src/test/zones/vxlan/ipv6/sdn_config b/src/test/zones/vxlan/ipv6/sdn_config
new file mode 100644
index 0000000..484be23
--- /dev/null
+++ b/src/test/zones/vxlan/ipv6/sdn_config
@@ -0,0 +1,17 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { tag => 100, type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => {
+                        myzone => {
+                                    ipam => "pve",
+                                    type => "vxlan",
+                                    peers => "2a08:2200:100:1::10,2a08:2200:100:1::11,2a08:2200:100:1::12",
+                                  },
+                      },
+             },
+}
-- 
2.47.3