* [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes
@ 2026-05-21 11:19 Stefan Hanreich
2026-05-21 11:32 ` applied: " Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Stefan Hanreich @ 2026-05-21 11:19 UTC (permalink / raw)
To: pve-devel
Strip the port of all endpoints of internal nodes again, since they're
derived from the internal nodes' endpoints as well as the referenced
interface of the internal node in the respective peer definition. Only
replace ports if IPv6 endpoints are given with brackets, or if the
string before a potential port suffix is a valid IPv4 address,
otherwise leave the string unchanged (e.g. fe80::1:51820 would stay
the same).
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Network/SDN/Fabrics.pm | 49 +++++++++++++++-------------------
1 file changed, 21 insertions(+), 28 deletions(-)
diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
index b828d3d6..9a23f210 100644
--- a/src/PVE/Network/SDN/Fabrics.pm
+++ b/src/PVE/Network/SDN/Fabrics.pm
@@ -3,7 +3,7 @@ package PVE::Network::SDN::Fabrics;
use strict;
use warnings;
-use Socket qw(inet_pton AF_INET6);
+use Socket qw(inet_pton AF_INET AF_INET6);
use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file cfs_write_file);
use PVE::JSONSchema qw(get_standard_option);
@@ -124,31 +124,32 @@ sub write_fabrics_config {
# FIXME: remove with PVE 10
#
# WireGuard fabrics from libpve-network-perl 1.5.0 stored a port-less endpoint
-# and derived the port from the interface's listen_port; the endpoint is now a
-# full host:port. On read, append the node's listen port to such legacy
-# node-level endpoints (a bare IPv6 is bracketed). A port-less per-peer
-# endpoint override cannot be expressed anymore and its target port is not
-# available here, so it is dropped - the peer then falls back to the
-# referenced node's (migrated) endpoint. Values already carrying a port, and
-# external nodes (no interface, no port), are left for the strict parser.
+# and derived the port from the interface's listen_port; This has shortly been
+# changed to full host:port in 1.6.3. Revert this change by removing the port
+# from endpoints with either valid IPv6 bracket notation or an IPv4 adresses
+# succeeded by a port definition.
sub migrate_legacy_wireguard_endpoints {
my ($raw) = @_;
return $raw if !length($raw // '');
return $raw if $raw !~ /^wireguard_node:/m;
- # a port-less endpoint is a colon-free bare IPv4/hostname or a bare IPv6
- my $is_portless = sub { $_[0] !~ /:/ || defined(inet_pton(AF_INET6, $_[0])) };
-
my @lines = split(/\n/, $raw, -1);
- my ($endpoint_idx, $host, $listen_port, $in_wg_node);
+ my ($endpoint_idx, $endpoint, $role, $in_wg_node);
+
my $flush = sub {
- if (defined($endpoint_idx) && defined($listen_port)) {
- $host = "[$host]" if defined(inet_pton(AF_INET6, $host));
- $lines[$endpoint_idx] =~ s/\S+$/$host:$listen_port/;
+ if (defined($endpoint_idx) && defined($role) && $role eq 'internal') {
+ if ($endpoint =~ /^\[(\S+)\]:\d+$/) {
+ $endpoint = $1 if defined(inet_pton(AF_INET6, $1));
+ } elsif ($endpoint =~ /^(\S+):\d+$/) {
+ $endpoint = $1 if defined(inet_pton(AF_INET, $1));
+ }
+
+ $lines[$endpoint_idx] =~ s/\S+$/$endpoint/;
}
- ($endpoint_idx, $host, $listen_port) = (undef, undef, undef);
+
+ ($endpoint_idx, $endpoint, $role, $in_wg_node) = (undef, undef, undef);
};
for my $i (0 .. $#lines) {
@@ -157,19 +158,11 @@ sub migrate_legacy_wireguard_endpoints {
$in_wg_node = $lines[$i] =~ /^wireguard_node:/;
} elsif (!$in_wg_node) {
next;
+ } elsif ($lines[$i] =~ /^\s+role\s+(\S+)$/) {
+ $role = $1;
} elsif ($lines[$i] =~ /^\s+endpoint\s+(\S+)$/) {
- my $value = $1;
- ($endpoint_idx, $host) = ($i, $value) if $is_portless->($value);
- } elsif ($lines[$i] =~ /^(\s+peers\s+)(\S.*)$/) {
- my ($prefix, $props) = ($1, $2);
- if (my ($value) = $props =~ /(?:^|,)endpoint=([^,]+)/) {
- $props = join(',', grep { $_ ne "endpoint=$value" } split(/,/, $props))
- if $is_portless->($value);
- $lines[$i] = "$prefix$props";
- }
- } elsif ($lines[$i] =~ /^\s+interfaces\s+\S/) {
- my ($port) = $lines[$i] =~ /(?:^|,)listen_port=(\d+)/;
- $listen_port //= $port;
+ $endpoint_idx = $i;
+ $endpoint = $1;
}
}
$flush->();
--
2.47.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* applied: [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes
2026-05-21 11:19 [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes Stefan Hanreich
@ 2026-05-21 11:32 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2026-05-21 11:32 UTC (permalink / raw)
To: pve-devel, Stefan Hanreich
On Thu, 21 May 2026 13:19:15 +0200, Stefan Hanreich wrote:
> Strip the port of all endpoints of internal nodes again, since they're
> derived from the internal nodes' endpoints as well as the referenced
> interface of the internal node in the respective peer definition. Only
> replace ports if IPv6 endpoints are given with brackets, or if the
> string before a potential port suffix is a valid IPv4 address,
> otherwise leave the string unchanged (e.g. fe80::1:51820 would stay
> the same).
>
> [...]
Applied, thanks!
[1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes
commit: 187e4e82abe298286a316da5b61187db162499f3
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-05-21 11:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-21 11:19 [PATCH pve-network 1/1] sdn: fabrics: wireguard: re-migrate endpoints of internal nodes Stefan Hanreich
2026-05-21 11:32 ` applied: " Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox