From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 6725D1FF2CA
	for <inbox@lore.proxmox.com>; Tue, 23 Jul 2024 13:24:21 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id BFB4919A9;
	Tue, 23 Jul 2024 13:24:54 +0200 (CEST)
Message-ID: <f3d12383-045a-432b-88a0-162955594cd4@proxmox.com>
Date: Tue, 23 Jul 2024 13:24:21 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Aaron Lauterer <a.lauterer@proxmox.com>
References: <20240703080147.81154-1-a.lauterer@proxmox.com>
Content-Language: en-US
From: Stefan Hanreich <s.hanreich@proxmox.com>
In-Reply-To: <20240703080147.81154-1-a.lauterer@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.633 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH common, widget-toolkit,
 manager v3 0/3] fix #3893: make bridge vids configurable
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Tested the patches on my machine and everything worked as advertised.

It might make sense to note that this setting currently only applies to
the bridge_ports specified in the configuration, not the bridge
interface itself. Not sure if this is an ifupdown2 bug or intended. I
think it is actually a bug when reading the docs of the bridge-vids
parameter:

> Denotes the space separated list of VLANs to be allowed tagged
> ingress/egress on this interface.

It doesn't make a practical difference for our use case though.

It might make sense to note that this only applies to north-south
traffic (due to the bridge_ports getting the VLAN tags set), but not
east-west. One can still create two network devices on two guests with a
tag that is not specified in the bridge-vids and they can still
communicate (This is actually not a bug, but intended behavior of the
linux bridge when vlan_filtering is on!). This behavior might be
conterintuitive for users.

Consider this:
Tested-By: Stefan Hanreich <s.hanreich@proxmox.com>


On 7/3/24 10:01, Aaron Lauterer wrote:
> this version reworks a few parts since v2.
> 
> * renamed format in JSONSchema to a more generic `pve-vlan-id-or-range`
> * explicitly use spaces when writing interfaces file. This is one
>   possible approach to deal with the fact, that the generic `-list`
>   format will accept quite a few delimiters and we need spaces.
> * code style improvements such as naming the regex results.
> * add parameter verification to the web ui
> 
> With the changes to the JSONSchema we can then work on using it too for
> the guest trunk option. This hasn't been started yet though.
> 
> common: Aaron Lauterer (3):
>   tools: add check_list_empty function
>   fix #3893: network: add vlan id and range parameter definitions
>   inotify: interfaces: make sure bridge_vids use space as separator
> 
>  src/PVE/INotify.pm    |  2 +-
>  src/PVE/JSONSchema.pm | 34 ++++++++++++++++++++++++++++++++++
>  src/PVE/Tools.pm      |  8 ++++++++
>  3 files changed, 43 insertions(+), 1 deletion(-)
> 
> 
> widget-toolkit: Aaron Lauterer (1):
>   fix #3892: Network: add bridge vids field for bridge_vids
> 
>  src/node/NetworkEdit.js | 62 +++++++++++++++++++++++++++++++++++++++++
>  src/node/NetworkView.js |  5 ++++
>  2 files changed, 67 insertions(+)
> 
> 
> manager: Aaron Lauterer (2):
>   fix #3893: api: network: add bridge_vids parameter
>   fix #3893: ui: network: enable bridge_vids field
> 
>  PVE/API2/Network.pm         | 15 ++++++++++++++-
>  www/manager6/node/Config.js |  1 +
>  2 files changed, 15 insertions(+), 1 deletion(-)
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel