Re: [pve-devel] [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks

From: Friedrich Weber <f.weber@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks
Date: Thu, 23 Feb 2023 14:54:18 +0100	[thread overview]
Message-ID: <3701e1b9-703b-a687-caf7-d71521cba2e0@proxmox.com> (raw)
In-Reply-To: <20230222124903.326612-1-c.heiss@proxmox.com>

As I also missed that feature, I applied the patches to my PVE instance 
with pre-existing containers -- all interfaces stayed up as expected, 
and disconnecting/reconnecting interfaces for running and stopped 
containers via the Web UI worked nicely.

Tested-by: Friedrich Weber <f.weber@proxmox.com>

On 22/02/2023 13:49, Christoph Heiss wrote:
> Add a `Disconnect` option for network interfaces on LXC containers, much
> like it already exists for VMs. This has been requested in #3413 [0] and
> seems useful, especially considering we already support the same thing
> for VMs.
> 
> One thing to note is that LXC does not seem to support the notion of
> setting an interface down. The `flags` property would suggest that this
> possible [1], but AFAICS it does not work. I tried setting the value as
> empty and to something else than "up" (since that is really the only
> supported option [2][3]), which both had absolutely no effect.
> 
> Thus force the host-side link of the container network down and avoid
> adding it to the designated bridge if the new option is set, effectively
> disconnecting the container network.
> 
> The first patch is cleanup only and does not change anything regarding
> functionality.
> 
> Testing
> -------
> Testing was done by starting a LXC container (w/ and w/o `link_down`
> set), checking if the interface has (or not) LOWERLAYERDOWN set inside
> the container (`ip address eth0`) and if packet transit works (or not)
> using a simple `ping`. Same thing after toggeling the option on the
> interface. Further, the interface(s) should (or should not) be listed
> in `brctl show`. Same thing was done for hotplugged interfaces to a
> running container.
> 
> Also tested with `ifreload -a` (thanks Wolfgang!) thrown in, which did
> nothing unexpected: If `link_down` was set, interfaces stayed in
> LOWERLAYERDOWN and unplugged from the bridge, and stayed UP and plugged
> into the bridge when `link_down` was unset.
> 
> [0] https://bugzilla.proxmox.com/show_bug.cgi?id=3413
> [1] https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbAO
> [2] https://github.com/lxc/lxc/blob/08f0e769/src/lxc/confile.c#L453-L467
> [3] https://github.com/lxc/lxc/blob/08f0e769/src/lxc/confile.c#L5933-L5952
> 
> v1: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055762.html
> v2: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055795.html
> v3: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055839.html
> 
> pve-container:
> 
> Christoph Heiss (2):
>        net: Pass network config directly to net_tap_plug()
>        net: Add `link_down` config to allow setting interfaces as disconnected
> 
>   src/PVE/LXC.pm        | 37 +++++++++++++++++++++++--------------
>   src/PVE/LXC/Config.pm |  6 ++++++
>   src/lxcnetaddbr       |  9 +--------
>   3 files changed, 30 insertions(+), 22 deletions(-)
> 
> pve-manager:
> 
> Christoph Heiss (1):
>        lxc: Add `Disconnect` option for network interfaces
> 
>   www/manager6/Parser.js      |  3 +++
>   www/manager6/lxc/Network.js | 13 +++++++++++++
>   2 files changed, 16 insertions(+)
> 
> --
> 2.39.1
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 