From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 5A2A31FF141 for ; Fri, 13 Feb 2026 11:13:23 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 3BFB3352D9; Fri, 13 Feb 2026 11:14:10 +0100 (CET) Message-ID: <56f3ac05-8215-46d8-9eb9-3c0fd475668e@proxmox.com> Date: Fri, 13 Feb 2026 11:14:06 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Stefan Hanreich Subject: Re: [pve-devel] [PATCH proxmox{, -ve-rs} 00/11] sdn: add wireguard fabric configuration support To: Proxmox VE development discussion , Christoph Heiss References: <20260116153317.1146323-1-c.heiss@proxmox.com> Content-Language: en-US In-Reply-To: <20260116153317.1146323-1-c.heiss@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.720 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: SYHQD6CPEBIWSCCHR56M4WXEO6XOEES6 X-Message-ID-Hash: SYHQD6CPEBIWSCCHR56M4WXEO6XOEES6 X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: I've based my Wireguard Fabrics series on the ve-rs patches included here, but they make some heavy modifications. Maybe it's better for me to include them in my patch series and drop them from this one for now? I've used the proxmox-wireguard crate in my series already, and it worked quite well, bar some minor issues. I've included patches for most of them in my series - or written a note in the review of this series. Consider the proxmox parts: Reviewed-by: Stefan Hanreich Tested-by: Stefan Hanreich On 1/16/26 4:33 PM, Christoph Heiss wrote: > This series lays the groundwork with initial primitives and configuration > support for adding WireGuard as a new SDN fabric to our stack in the > future. > > Nothing of this code is actively used anywhere in the stack yet. I'm > sending it early to a) make it more reviewable as a smaller series and > b) potentially get in some prepratory work early. > > Stefan already has a working prototype for adding WireGuard as a new > SDN fabric type, built on top of this. > > One of the bigger topics next up will be wiring up actual section config > support for the fabric, which involves some challenges around proper > key handling. > > Diffstat > ======== > > proxmox: > > Christoph Heiss (6): > serde: implement ini serializer > serde: add base64 module for byte arrays > network-types: add ServiceEndpoint type as host/port tuple abstraction > schema: provide integer schema for node ports > schema: api-types: add ed25519 base64 encoded key schema > wireguard: init configuration support crate > > Stefan Hanreich (2): > wireguard: implement api for PublicKey > wireguard: make per-peer preshared key optional > > Cargo.toml | 2 + > proxmox-network-types/src/endpoint.rs | 154 +++++ > proxmox-network-types/src/lib.rs | 3 +- > proxmox-schema/src/api_types.rs | 19 +- > proxmox-serde/Cargo.toml | 2 + > proxmox-serde/debian/control | 4 + > proxmox-serde/src/ini.rs | 901 +++++++++++++++++++++++++ > proxmox-serde/src/lib.rs | 94 +++ > proxmox-wireguard/Cargo.toml | 27 + > proxmox-wireguard/debian/changelog | 5 + > proxmox-wireguard/debian/control | 67 ++ > proxmox-wireguard/debian/copyright | 18 + > proxmox-wireguard/debian/debcargo.toml | 7 + > proxmox-wireguard/src/lib.rs | 337 +++++++++ > 14 files changed, 1638 insertions(+), 2 deletions(-) > create mode 100644 proxmox-network-types/src/endpoint.rs > create mode 100644 proxmox-serde/src/ini.rs > create mode 100644 proxmox-wireguard/Cargo.toml > create mode 100644 proxmox-wireguard/debian/changelog > create mode 100644 proxmox-wireguard/debian/control > create mode 100644 proxmox-wireguard/debian/copyright > create mode 100644 proxmox-wireguard/debian/debcargo.toml > create mode 100644 proxmox-wireguard/src/lib.rs > > proxmox-ve-rs: > > Christoph Heiss (3): > sdn-types: add wireguard-specific PersistentKeepalive api type > ve-config: fabric: refactor fabric config entry impl using macro > ve-config: sdn: fabrics: add wireguard section config types > > Cargo.toml | 1 + > proxmox-sdn-types/src/lib.rs | 1 + > proxmox-sdn-types/src/wireguard.rs | 43 ++++ > proxmox-ve-config/Cargo.toml | 2 + > proxmox-ve-config/debian/control | 18 +- > proxmox-ve-config/src/sdn/fabric/frr.rs | 1 + > proxmox-ve-config/src/sdn/fabric/mod.rs | 199 +++++++++++++----- > .../src/sdn/fabric/section_config/fabric.rs | 23 ++ > .../src/sdn/fabric/section_config/mod.rs | 19 ++ > .../src/sdn/fabric/section_config/node.rs | 33 ++- > .../sdn/fabric/section_config/protocol/mod.rs | 1 + > .../section_config/protocol/wireguard.rs | 162 ++++++++++++++ > 12 files changed, 442 insertions(+), 61 deletions(-) > create mode 100644 proxmox-sdn-types/src/wireguard.rs > create mode 100644 proxmox-ve-config/src/sdn/fabric/section_config/protocol/wireguard.rs >