[pmg-api.git] / PMG / API2 / Network.pm

package PMG::API2::Network;

use strict;
use warnings;

use Net::IP qw(:PROC);
use PVE::Tools qw(extract_param);
use PVE::SafeSyslog;
use PVE::INotify;
use PVE::Exception qw(raise_param_exc);
use PVE::RESTHandler;
use PMG::RESTEnvironment;
use PVE::JSONSchema qw(get_standard_option);

use base qw(PVE::RESTHandler);

my $iflockfn = "/etc/network/.pve-interfaces.lock";

my $bond_mode_enum = [
    'balance-rr',
    'active-backup', # OVS and Linux
    'balance-xor',
    'broadcast',
    '802.3ad',
    'balance-tlb',
    'balance-alb',
    'balance-slb', # OVS
    'lacp-balance-slb', # OVS
    'lacp-balance-tcp', # OVS
    ];

my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
			 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];

my $confdesc = {
    type => {
	description => "Network interface type",
	type => 'string',
	enum => [@$network_type_enum, 'unknown'],
    },
    comments => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    comments6 => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    autostart => {
	description => "Automatically start interface on boot.",
	type => 'boolean',
	optional => 1,
    },
    bridge_vlan_aware => {
	description => "Enable bridge vlan support.",
	type => 'boolean',
	optional => 1,
    },
    bridge_ports => {
	description => "Specify the iterfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_ports => {
	description => "Specify the iterfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_tag => {
	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	optional => 1,
	type => 'integer',
	minimum => 1,
	maximum => 4094,
    },
    ovs_options => {
	description => "OVS interface options.",
	optional => 1,
	type => 'string',
	maxLength => 1024,
    },
    ovs_bridge => {
	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	optional => 1,
	type => 'string', format => 'pve-iface',
    },
    slaves => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_bonds => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    bond_mode => {
	description => "Bonding mode.",
	optional => 1,
	type => 'string', enum => $bond_mode_enum,
    },
    bond_xmit_hash_policy => {
	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	optional => 1,
	type => 'string',
	enum => ['layer2', 'layer2+3', 'layer3+4' ],
    },
    gateway => {
	description => 'Default gateway address.',
	type => 'string', format => 'ipv4',
	optional => 1,
    },
    netmask => {
	description => 'Network mask.',
	type => 'string', format => 'ipv4mask',
	optional => 1,
	requires => 'address',
    },
    address => {
	description => 'IP address.',
	type => 'string', format => 'ipv4',
	optional => 1,
	requires => 'netmask',
    },
    cidr => {
	description => 'IPv4 CIDR.',
	type => 'string', format => 'CIDRv4',
	optional => 1,
    },
    gateway6 => {
	description => 'Default ipv6 gateway address.',
	type => 'string', format => 'ipv6',
	optional => 1,
    },
    netmask6 => {
	description => 'Network mask.',
	type => 'integer', minimum => 0, maximum => 128,
	optional => 1,
	requires => 'address6',
    },
    address6 => {
	description => 'IP address.',
	type => 'string', format => 'ipv6',
	optional => 1,
	requires => 'netmask6',
    },
    cidr6 => {
	description => 'IPv6 CIDR.',
	type => 'string', format => 'CIDRv6',
	optional => 1,
    },
};

sub json_config_properties {
    my $prop = shift;

    foreach my $opt (keys %$confdesc) {
	$prop->{$opt} = $confdesc->{$opt};
    }

    return $prop;
}

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    description => "List available networks",
    proxyto => 'node',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    type => {
		description => "Only list specific interface types.",
		type => 'string',
		enum => [ @$network_type_enum, 'any_bridge' ],
		optional => 1,
	    },
	},
    },
    returns => {
	type => "array",
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{iface}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $restenv = PMG::RESTEnvironment->get();

	my $tmp = PVE::INotify::read_file('interfaces', 1);
	my $config = $tmp->{data};
	my $changes = $tmp->{changes};

	$restenv->set_result_attrib('changes', $changes) if $changes;

	my $ifaces = $config->{ifaces};

	delete $ifaces->{lo}; # do not list the loopback device

	if ($param->{type}) {
	    foreach my $k (keys %$ifaces) {
		my $type = $ifaces->{$k}->{type};
		my $match =  ($param->{type} eq $type) || (
		    ($param->{type} eq 'any_bridge') &&
		    ($type eq 'bridge' || $type eq 'OVSBridge'));
		delete $ifaces->{$k} if !$match;
	    }
	}

	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
   }});

__PACKAGE__->register_method({
    name => 'revert_network_changes',
    path => '',
    method => 'DELETE',
    protected => 1,
    description => "Revert network configuration changes.",
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	unlink "/etc/network/interfaces.new";

	return undef;
    }});

my $check_duplicate = sub {
    my ($config, $newiface, $key, $name) = @_;

    foreach my $iface (keys %$config) {
	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
	    if ($newiface ne $iface) && $config->{$iface}->{$key};
    }
};

my $check_duplicate_gateway = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
};

my $check_duplicate_gateway6 = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
};

sub ipv6_tobin {
    return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
}

my $check_ipv6_settings = sub {
    my ($address, $netmask) = @_;

    raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
	if $netmask < 0 || $netmask > 128;

    raise_param_exc({ address => "$address is not a valid host ip address." })
	if !Net::IP::ip_is_ipv6($address);

    my $binip = ipv6_tobin($address);
    my $binmask = Net::IP::ip_get_mask($netmask, 6);

    my $type = Net::IP::ip_iptypev6($binip);

    raise_param_exc({ address => "$address is not a valid host ip address." })
	if ($binip eq $binmask) ||
	   (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
};

my $map_cidr_to_address_netmask = sub {
    my ($param) = @_;

    if ($param->{cidr}) {
	raise_param_exc({ address => "address conflicts with cidr" })
	    if $param->{address};
	raise_param_exc({ netmask => "netmask conflicts with cidr" })
	    if $param->{netmask};

	my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
	$param->{address} = $address;
	$param->{netmask} = $netmask;
	delete $param->{cidr};
    }

    if ($param->{cidr6}) {
	raise_param_exc({ address6 => "address6 conflicts with cidr6" })
	    if $param->{address6};
	raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
	    if $param->{netmask6};

	my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
	$param->{address6} = $address;
	$param->{netmask6} = $netmask;
	delete $param->{cidr6};
    }
};

__PACKAGE__->register_method({
    name => 'create_network',
    path => '',
    method => 'POST',
    description => "Create network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface')}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface already exists" })
		if $ifaces->{$iface};

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    $map_cidr_to_address_netmask->($param);

	    &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
		if $param->{address6};

	    my $families = $param->{families} = [];
	    push @$families, 'inet'
		if $param->{address} && !grep(/^inet$/, @$families);
	    push @$families, 'inet6'
		if $param->{address6} && !grep(/^inet6$/, @$families);
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual';
	    $param->{method6} = $param->{address6} ? 'static' : 'manual';

	    if ($param->{type} =~ m/^OVS/) {
		-x '/usr/bin/ovs-vsctl' ||
		    die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	    }

	    if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
		my $brname = $param->{ovs_bridge};
		raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
		my $br = $ifaces->{$brname};
		raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
		raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
		    if $br->{type} ne 'OVSBridge';

		my @ports = split (/\s+/, $br->{ovs_ports} || '');
		$br->{ovs_ports} = join(' ', @ports, $iface)
		    if ! grep { $_ eq $iface } @ports;
	    }

	    $ifaces->{$iface} = $param;

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'update_network',
    path => '{iface}',
    method => 'PUT',
    description => "Update network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    }}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');
	my $delete = extract_param($param, 'delete');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$iface};

	    my $families = ($param->{families} ||= []);
	    foreach my $k (PVE::Tools::split_list($delete)) {
		delete $ifaces->{$iface}->{$k};
		@$families = grep(!/^inet$/, @$families) if $k eq 'address';
		@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
	    }

	    $map_cidr_to_address_netmask->($param);

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    if ($param->{address}) {
		push @$families, 'inet' if !grep(/^inet$/, @$families);
	    } else {
		@$families = grep(!/^inet$/, @$families);
	    }
	    if ($param->{address6}) {
		&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
		push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	    } else {
		@$families = grep(!/^inet6$/, @$families);
	    }
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual';
	    $param->{method6} = $param->{address6} ? 'static' : 'manual';

	    foreach my $k (keys %$param) {
		$ifaces->{$iface}->{$k} = $param->{$k};
	    }

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'network_config',
    path => '{iface}',
    method => 'GET',
    description => "Read network device configuration",
    proxyto => 'node',
    permissions => { check => [ 'admin', 'audit' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => {
	type => "object",
	properties => {
	    type => {
		type => 'string',
	    },
	    method => {
		type => 'string',
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $config = PVE::INotify::read_file('interfaces');
	my $ifaces = $config->{ifaces};

	raise_param_exc({ iface => "interface does not exist" })
	    if !$ifaces->{$param->{iface}};

	return $ifaces->{$param->{iface}};
   }});

__PACKAGE__->register_method({
    name => 'delete_network',
    path => '{iface}',
    method => 'DELETE',
    description => "Delete network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$param->{iface}};

	    my $d = $ifaces->{$param->{iface}};
	    if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
		if (my $brname = $d->{ovs_bridge}) {
		    if (my $br = $ifaces->{$brname}) {
			if ($br->{ovs_ports}) {
			    my @ports = split (/\s+/, $br->{ovs_ports});
			    my @new = grep { $_ ne $param->{iface} } @ports;
			    $br->{ovs_ports} = join(' ', @new);
			}
		    }
		}
	    }

	    delete $ifaces->{$param->{iface}};

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

1;
Commit	Line	Data
2551682a DM	1	package PMG::API2::Network;
	2
	3	use strict;
	4	use warnings;
	5
	6	use Net::IP qw(:PROC);
	7	use PVE::Tools qw(extract_param);
	8	use PVE::SafeSyslog;
	9	use PVE::INotify;
	10	use PVE::Exception qw(raise_param_exc);
	11	use PVE::RESTHandler;
9d82c6bc	12	use PMG::RESTEnvironment;
2551682a DM	13	use PVE::JSONSchema qw(get_standard_option);
	14
	15	use base qw(PVE::RESTHandler);
	16
	17	my $iflockfn = "/etc/network/.pve-interfaces.lock";
	18
	19	my $bond_mode_enum = [
	20	'balance-rr',
	21	'active-backup', # OVS and Linux
	22	'balance-xor',
	23	'broadcast',
	24	'802.3ad',
	25	'balance-tlb',
	26	'balance-alb',
	27	'balance-slb', # OVS
	28	'lacp-balance-slb', # OVS
	29	'lacp-balance-tcp', # OVS
	30	];
	31
	32	my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 'vlan',
	33	'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
	34
	35	my $confdesc = {
	36	type => {
	37	description => "Network interface type",
	38	type => 'string',
	39	enum => [@$network_type_enum, 'unknown'],
	40	},
	41	comments => {
	42	description => "Comments",
	43	type => 'string',
	44	optional => 1,
	45	},
	46	comments6 => {
	47	description => "Comments",
	48	type => 'string',
	49	optional => 1,
	50	},
	51	autostart => {
	52	description => "Automatically start interface on boot.",
	53	type => 'boolean',
	54	optional => 1,
	55	},
	56	bridge_vlan_aware => {
	57	description => "Enable bridge vlan support.",
	58	type => 'boolean',
	59	optional => 1,
	60	},
	61	bridge_ports => {
	62	description => "Specify the iterfaces you want to add to your bridge.",
	63	optional => 1,
	64	type => 'string', format => 'pve-iface-list',
	65	},
	66	ovs_ports => {
	67	description => "Specify the iterfaces you want to add to your bridge.",
	68	optional => 1,
	69	type => 'string', format => 'pve-iface-list',
	70	},
	71	ovs_tag => {
	72	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	73	optional => 1,
	74	type => 'integer',
	75	minimum => 1,
	76	maximum => 4094,
77	},
78	ovs_options => {
79	description => "OVS interface options.",
80	optional => 1,
81	type => 'string',
82	maxLength => 1024,
83	},
84	ovs_bridge => {
85	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
86	optional => 1,
87	type => 'string', format => 'pve-iface',
88	},
89	slaves => {
90	description => "Specify the interfaces used by the bonding device.",
91	optional => 1,
92	type => 'string', format => 'pve-iface-list',
93	},
94	ovs_bonds => {
95	description => "Specify the interfaces used by the bonding device.",
96	optional => 1,
97	type => 'string', format => 'pve-iface-list',
98	},
99	bond_mode => {
100	description => "Bonding mode.",
101	optional => 1,
102	type => 'string', enum => $bond_mode_enum,
103	},
104	bond_xmit_hash_policy => {
105	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
106	optional => 1,
107	type => 'string',
108	enum => ['layer2', 'layer2+3', 'layer3+4' ],
109	},
110	gateway => {
111	description => 'Default gateway address.',
112	type => 'string', format => 'ipv4',
113	optional => 1,
114	},
115	netmask => {
116	description => 'Network mask.',
117	type => 'string', format => 'ipv4mask',
118	optional => 1,
119	requires => 'address',
120	},
121	address => {
122	description => 'IP address.',
123	type => 'string', format => 'ipv4',
124	optional => 1,
125	requires => 'netmask',
126	},
1e94d062 DC	127	cidr => {
	128	description => 'IPv4 CIDR.',
	129	type => 'string', format => 'CIDRv4',
	130	optional => 1,
	131	},
2551682a DM	132	gateway6 => {
	133	description => 'Default ipv6 gateway address.',
	134	type => 'string', format => 'ipv6',
	135	optional => 1,
	136	},
	137	netmask6 => {
	138	description => 'Network mask.',
	139	type => 'integer', minimum => 0, maximum => 128,
	140	optional => 1,
	141	requires => 'address6',
	142	},
	143	address6 => {
	144	description => 'IP address.',
	145	type => 'string', format => 'ipv6',
	146	optional => 1,
	147	requires => 'netmask6',
1e94d062 DC	148	},
	149	cidr6 => {
	150	description => 'IPv6 CIDR.',
	151	type => 'string', format => 'CIDRv6',
	152	optional => 1,
	153	},
2551682a DM	154	};
	155
	156	sub json_config_properties {
	157	my $prop = shift;
	158
	159	foreach my $opt (keys %$confdesc) {
	160	$prop->{$opt} = $confdesc->{$opt};
	161	}
	162
	163	return $prop;
	164	}
	165
	166	__PACKAGE__->register_method({
	167	name => 'index',
	168	path => '',
	169	method => 'GET',
	170	description => "List available networks",
	171	proxyto => 'node',
aea3488a	172	permissions => { check => [ 'admin', 'audit' ] },
2551682a DM	173	parameters => {
	174	additionalProperties => 0,
	175	properties => {
	176	node => get_standard_option('pve-node'),
	177	type => {
	178	description => "Only list specific interface types.",
	179	type => 'string',
	180	enum => [ @$network_type_enum, 'any_bridge' ],
	181	optional => 1,
	182	},
	183	},
	184	},
	185	returns => {
	186	type => "array",
	187	items => {
	188	type => "object",
	189	properties => {},
	190	},
	191	links => [ { rel => 'child', href => "{iface}" } ],
	192	},
	193	code => sub {
	194	my ($param) = @_;
	195
f1c29260	196	my $restenv = PMG::RESTEnvironment->get();
2551682a DM	197
	198	my $tmp = PVE::INotify::read_file('interfaces', 1);
	199	my $config = $tmp->{data};
	200	my $changes = $tmp->{changes};
	201
	202	$restenv->set_result_attrib('changes', $changes) if $changes;
	203
	204	my $ifaces = $config->{ifaces};
	205
	206	delete $ifaces->{lo}; # do not list the loopback device
	207
	208	if ($param->{type}) {
	209	foreach my $k (keys %$ifaces) {
	210	my $type = $ifaces->{$k}->{type};
	211	my $match = ($param->{type} eq $type) \|\| (
	212	($param->{type} eq 'any_bridge') &&
	213	($type eq 'bridge' \|\| $type eq 'OVSBridge'));
	214	delete $ifaces->{$k} if !$match;
	215	}
	216	}
	217
	218	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
	219	}});
	220
	221	__PACKAGE__->register_method({
	222	name => 'revert_network_changes',
	223	path => '',
	224	method => 'DELETE',
	225	protected => 1,
	226	description => "Revert network configuration changes.",
	227	proxyto => 'node',
	228	parameters => {
	229	additionalProperties => 0,
	230	properties => {
	231	node => get_standard_option('pve-node'),
	232	},
	233	},
	234	returns => { type => "null" },
	235	code => sub {
	236	my ($param) = @_;
	237
	238	unlink "/etc/network/interfaces.new";
	239
	240	return undef;
	241	}});
	242
	243	my $check_duplicate = sub {
	244	my ($config, $newiface, $key, $name) = @_;
	245
	246	foreach my $iface (keys %$config) {
	247	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
	248	if ($newiface ne $iface) && $config->{$iface}->{$key};
	249	}
	250	};
	251
	252	my $check_duplicate_gateway = sub {
	253	my ($config, $newiface) = @_;
	254	return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
	255	};
	256
	257	my $check_duplicate_gateway6 = sub {
	258	my ($config, $newiface) = @_;
	259	return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
	260	};
261
262	sub ipv6_tobin {
263	return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
264	}
265
266	my $check_ipv6_settings = sub {
267	my ($address, $netmask) = @_;
268
269	raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
270	if $netmask < 0 \|\| $netmask > 128;
271
272	raise_param_exc({ address => "$address is not a valid host ip address." })
273	if !Net::IP::ip_is_ipv6($address);
274
275	my $binip = ipv6_tobin($address);
276	my $binmask = Net::IP::ip_get_mask($netmask, 6);
277
278	my $type = Net::IP::ip_iptypev6($binip);
279
280	raise_param_exc({ address => "$address is not a valid host ip address." })
281	if ($binip eq $binmask) \|\|
282	(defined($type) && $type !~ /^(?:(?:GLOBAL\|(?:UNIQUE\|LINK)-LOCAL)-UNICAST)$/);
283	};
284
1e94d062 DC	285	my $map_cidr_to_address_netmask = sub {
	286	my ($param) = @_;
	287
	288	if ($param->{cidr}) {
	289	raise_param_exc({ address => "address conflicts with cidr" })
	290	if $param->{address};
	291	raise_param_exc({ netmask => "netmask conflicts with cidr" })
	292	if $param->{netmask};
	293
	294	my ($address, $netmask) = $param->{cidr} =~ m!^(.*)/(\d+)$!;
	295	$param->{address} = $address;
	296	$param->{netmask} = $netmask;
	297	delete $param->{cidr};
	298	}
	299
	300	if ($param->{cidr6}) {
	301	raise_param_exc({ address6 => "address6 conflicts with cidr6" })
	302	if $param->{address6};
	303	raise_param_exc({ netmask6 => "netmask6 conflicts with cidr6" })
	304	if $param->{netmask6};
	305
	306	my ($address, $netmask) = $param->{cidr6} =~ m!^(.*)/(\d+)$!;
	307	$param->{address6} = $address;
	308	$param->{netmask6} = $netmask;
	309	delete $param->{cidr6};
	310	}
	311	};
	312
2551682a DM	313	__PACKAGE__->register_method({
	314	name => 'create_network',
	315	path => '',
	316	method => 'POST',
	317	description => "Create network device configuration",
	318	protected => 1,
	319	proxyto => 'node',
	320	parameters => {
	321	additionalProperties => 0,
	322	properties => json_config_properties({
	323	node => get_standard_option('pve-node'),
	324	iface => get_standard_option('pve-iface')}),
	325	},
	326	returns => { type => 'null' },
	327	code => sub {
	328	my ($param) = @_;
	329
	330	my $node = extract_param($param, 'node');
	331	my $iface = extract_param($param, 'iface');
	332
	333	my $code = sub {
	334	my $config = PVE::INotify::read_file('interfaces');
	335	my $ifaces = $config->{ifaces};
	336
	337	raise_param_exc({ iface => "interface already exists" })
	338	if $ifaces->{$iface};
	339
	340	&$check_duplicate_gateway($ifaces, $iface)
	341	if $param->{gateway};
	342	&$check_duplicate_gateway6($ifaces, $iface)
	343	if $param->{gateway6};
	344
1e94d062 DC	345	$map_cidr_to_address_netmask->($param);
1e94d062 DC	346
2551682a DM	347	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
	348	if $param->{address6};
	349
	350	my $families = $param->{families} = [];
	351	push @$families, 'inet'
	352	if $param->{address} && !grep(/^inet$/, @$families);
	353	push @$families, 'inet6'
	354	if $param->{address6} && !grep(/^inet6$/, @$families);
	355	@$families = ('inet') if !scalar(@$families);
	356
	357	$param->{method} = $param->{address} ? 'static' : 'manual';
	358	$param->{method6} = $param->{address6} ? 'static' : 'manual';
	359
	360	if ($param->{type} =~ m/^OVS/) {
	361	-x '/usr/bin/ovs-vsctl' \|\|
	362	die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	363	}
	364
	365	if ($param->{type} eq 'OVSIntPort' \|\| $param->{type} eq 'OVSBond') {
	366	my $brname = $param->{ovs_bridge};
	367	raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
	368	my $br = $ifaces->{$brname};
	369	raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
	370	raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
	371	if $br->{type} ne 'OVSBridge';
	372
	373	my @ports = split (/\s+/, $br->{ovs_ports} \|\| '');
	374	$br->{ovs_ports} = join(' ', @ports, $iface)
	375	if ! grep { $_ eq $iface } @ports;
	376	}
	377
	378	$ifaces->{$iface} = $param;
	379
	380	PVE::INotify::write_file('interfaces', $config);
	381	};
	382
	383	PVE::Tools::lock_file($iflockfn, 10, $code);
	384	die $@ if $@;
	385
	386	return undef;
	387	}});
	388
	389	__PACKAGE__->register_method({
	390	name => 'update_network',
	391	path => '{iface}',
	392	method => 'PUT',
	393	description => "Update network device configuration",
	394	protected => 1,
	395	proxyto => 'node',
	396	parameters => {
	397	additionalProperties => 0,
	398	properties => json_config_properties({
	399	node => get_standard_option('pve-node'),
	400	iface => get_standard_option('pve-iface'),
	401	delete => {
	402	type => 'string', format => 'pve-configid-list',
	403	description => "A list of settings you want to delete.",
	404	optional => 1,
	405	}}),
	406	},
	407	returns => { type => 'null' },
	408	code => sub {
	409	my ($param) = @_;
	410
411	my $node = extract_param($param, 'node');
412	my $iface = extract_param($param, 'iface');
413	my $delete = extract_param($param, 'delete');
414
415	my $code = sub {
416	my $config = PVE::INotify::read_file('interfaces');
417	my $ifaces = $config->{ifaces};
418
419	raise_param_exc({ iface => "interface does not exist" })
420	if !$ifaces->{$iface};
421
422	my $families = ($param->{families} \|\|= []);
423	foreach my $k (PVE::Tools::split_list($delete)) {
424	delete $ifaces->{$iface}->{$k};
425	@$families = grep(!/^inet$/, @$families) if $k eq 'address';
426	@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
427	}
428
1e94d062 DC	429	$map_cidr_to_address_netmask->($param);
1e94d062 DC	430
2551682a DM	431	&$check_duplicate_gateway($ifaces, $iface)
	432	if $param->{gateway};
	433	&$check_duplicate_gateway6($ifaces, $iface)
	434	if $param->{gateway6};
	435
	436	if ($param->{address}) {
	437	push @$families, 'inet' if !grep(/^inet$/, @$families);
	438	} else {
	439	@$families = grep(!/^inet$/, @$families);
	440	}
	441	if ($param->{address6}) {
	442	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
	443	push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	444	} else {
	445	@$families = grep(!/^inet6$/, @$families);
	446	}
	447	@$families = ('inet') if !scalar(@$families);
	448
	449	$param->{method} = $param->{address} ? 'static' : 'manual';
	450	$param->{method6} = $param->{address6} ? 'static' : 'manual';
	451
	452	foreach my $k (keys %$param) {
	453	$ifaces->{$iface}->{$k} = $param->{$k};
	454	}
	455
	456	PVE::INotify::write_file('interfaces', $config);
	457	};
	458
	459	PVE::Tools::lock_file($iflockfn, 10, $code);
	460	die $@ if $@;
	461
	462	return undef;
	463	}});
	464
	465	__PACKAGE__->register_method({
	466	name => 'network_config',
	467	path => '{iface}',
	468	method => 'GET',
	469	description => "Read network device configuration",
	470	proxyto => 'node',
aea3488a	471	permissions => { check => [ 'admin', 'audit' ] },
2551682a DM	472	parameters => {
	473	additionalProperties => 0,
	474	properties => {
	475	node => get_standard_option('pve-node'),
	476	iface => get_standard_option('pve-iface'),
	477	},
	478	},
	479	returns => {
	480	type => "object",
	481	properties => {
	482	type => {
	483	type => 'string',
	484	},
	485	method => {
	486	type => 'string',
	487	},
	488	},
	489	},
	490	code => sub {
	491	my ($param) = @_;
	492
	493	my $config = PVE::INotify::read_file('interfaces');
	494	my $ifaces = $config->{ifaces};
	495
	496	raise_param_exc({ iface => "interface does not exist" })
	497	if !$ifaces->{$param->{iface}};
	498
	499	return $ifaces->{$param->{iface}};
	500	}});
	501
	502	__PACKAGE__->register_method({
	503	name => 'delete_network',
	504	path => '{iface}',
	505	method => 'DELETE',
	506	description => "Delete network device configuration",
	507	protected => 1,
	508	proxyto => 'node',
	509	parameters => {
	510	additionalProperties => 0,
	511	properties => {
	512	node => get_standard_option('pve-node'),
	513	iface => get_standard_option('pve-iface'),
	514	},
	515	},
	516	returns => { type => 'null' },
	517	code => sub {
	518	my ($param) = @_;
	519
	520	my $code = sub {
	521	my $config = PVE::INotify::read_file('interfaces');
	522	my $ifaces = $config->{ifaces};
	523
	524	raise_param_exc({ iface => "interface does not exist" })
	525	if !$ifaces->{$param->{iface}};
	526
	527	my $d = $ifaces->{$param->{iface}};
	528	if ($d->{type} eq 'OVSIntPort' \|\| $d->{type} eq 'OVSBond') {
	529	if (my $brname = $d->{ovs_bridge}) {
	530	if (my $br = $ifaces->{$brname}) {
	531	if ($br->{ovs_ports}) {
	532	my @ports = split (/\s+/, $br->{ovs_ports});
	533	my @new = grep { $_ ne $param->{iface} } @ports;
	534	$br->{ovs_ports} = join(' ', @new);
	535	}
536	}
537	}
538	}
539
540	delete $ifaces->{$param->{iface}};
541
542	PVE::INotify::write_file('interfaces', $config);
543	};
544
545	PVE::Tools::lock_file($iflockfn, 10, $code);
546	die $@ if $@;
547
548	return undef;
549	}});
550
551	1;