[pve-manager.git] / PVE / API2 / Network.pm

package PVE::API2::Network;

use strict;
use warnings;

use Net::IP qw(:PROC);
use PVE::Tools qw(extract_param);
use PVE::SafeSyslog;
use PVE::INotify;
use PVE::Exception qw(raise_param_exc);
use PVE::RESTHandler;
use PVE::RPCEnvironment;
use PVE::JSONSchema qw(get_standard_option);
use PVE::AccessControl;
use IO::File;

use base qw(PVE::RESTHandler);

my $iflockfn = "/etc/network/.pve-interfaces.lock";

my $bond_mode_enum = [
    'balance-rr',
    'active-backup', # OVS and Linux
    'balance-xor',
    'broadcast',
    '802.3ad',
    'balance-tlb',
    'balance-alb',
    'balance-slb', # OVS 
    'lacp-balance-slb', # OVS
    'lacp-balance-tcp', # OVS
    ];

my $network_type_enum = ['bridge', 'bond', 'eth', 'alias', 
			 'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];

my $confdesc = {
    type => {
	description => "Network interface type",
	type => 'string',
	enum => [@$network_type_enum, 'unknown'],
    },
    comments => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    comments6 => {
	description => "Comments",
	type => 'string',
	optional => 1,
    },
    autostart => {
	description => "Automatically start interface on boot.",
	type => 'boolean',
	optional => 1,
    },
    bridge_ports => {
	description => "Specify the iterfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_ports => {
	description => "Specify the iterfaces you want to add to your bridge.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_tag => {
	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	optional => 1,
	type => 'integer',
	minimum => 1,
	maximum => 4094,
    },
    ovs_options => {
	description => "OVS interface options.",
	optional => 1,
	type => 'string',
	maxLength => 1024,
    },
    ovs_bridge => {
	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	optional => 1,
	type => 'string', format => 'pve-iface',
    },
    slaves => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    ovs_bonds => {
	description => "Specify the interfaces used by the bonding device.",
	optional => 1,
	type => 'string', format => 'pve-iface-list',
    },
    bond_mode => {
	description => "Bonding mode.",
	optional => 1,
	type => 'string', enum => $bond_mode_enum,
    },
    bond_xmit_hash_policy => {
	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	optional => 1,
	type => 'string', 
	enum => ['layer2', 'layer2+3', 'layer3+4' ],
    },
    gateway => {
	description => 'Default gateway address.',
	type => 'string', format => 'ipv4',
	optional => 1,
    },
    netmask => {
	description => 'Network mask.',
	type => 'string', format => 'ipv4mask',
	optional => 1,
	requires => 'address',
    },
    address => {
	description => 'IP address.',
	type => 'string', format => 'ipv4',
	optional => 1,
	requires => 'netmask',
    },
    gateway6 => {
	description => 'Default ipv6 gateway address.',
	type => 'string', format => 'ipv6',
	optional => 1,
    },
    netmask6 => {
	description => 'Network mask.',
	type => 'integer', minimum => 0, maximum => 128,
	optional => 1,
	requires => 'address6',
    },
    address6 => {
	description => 'IP address.',
	type => 'string', format => 'ipv6',
	optional => 1,
	requires => 'netmask6',
    }
};

sub json_config_properties {
    my $prop = shift;

    foreach my $opt (keys %$confdesc) {
	$prop->{$opt} = $confdesc->{$opt};
    }

    return $prop;
}

__PACKAGE__->register_method({
    name => 'index', 
    path => '', 
    method => 'GET',
    permissions => { user => 'all' },
    description => "List available networks",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    type => {
		description => "Only list specific interface types.",
		type => 'string',
		enum => [ @$network_type_enum, 'any_bridge' ],
		optional => 1,
	    },
	},
    },
    returns => {
	type => "array",
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{iface}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PVE::RPCEnvironment::get();

	my $tmp = PVE::INotify::read_file('interfaces', 1);
	my $config = $tmp->{data};
	my $changes = $tmp->{changes};

	$rpcenv->set_result_attrib('changes', $changes) if $changes;

	my $ifaces = $config->{ifaces};

	delete $ifaces->{lo}; # do not list the loopback device

	if ($param->{type}) {
	    foreach my $k (keys %$ifaces) {
		my $type = $ifaces->{$k}->{type};
		my $match =  ($param->{type} eq $type) || (
		    ($param->{type} eq 'any_bridge') && 
		    ($type eq 'bridge' || $type eq 'OVSBridge'));
		delete $ifaces->{$k} if !$match;
	    }
	}

	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
   }});

__PACKAGE__->register_method({
    name => 'revert_network_changes', 
    path => '', 
    method => 'DELETE',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    protected => 1,
    description => "Revert network configuration changes.",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	},
    },
    returns => { type => "null" },
    code => sub {
	my ($param) = @_;

	unlink "/etc/network/interfaces.new";

	return undef;
    }});

my $check_duplicate = sub {
    my ($config, $newiface, $key, $name) = @_;

    foreach my $iface (keys %$config) {
	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
	    if ($newiface ne $iface) && $config->{$iface}->{$key};
    }
};

my $check_duplicate_gateway = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
};

my $check_duplicate_gateway6 = sub {
    my ($config, $newiface) = @_;
    return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
};

my $check_ipv4_settings = sub {
    my ($address, $netmask) = @_;

    my $binip = Net::IP::ip_iptobin($address, 4);
    my $binmask = Net::IP::ip_iptobin($netmask, 4);
    my $broadcast = Net::IP::ip_iptobin('255.255.255.255', 4);
    my $binhost = $binip | $binmask;

    raise_param_exc({ address => "$address is not a valid host ip address." })
        if ($binhost eq $binmask) || ($binhost eq $broadcast);
};

sub ipv6_tobin {
    return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
}

my $check_ipv6_settings = sub {
    my ($address, $netmask) = @_;

    raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
	if $netmask < 0 || $netmask > 128;

    raise_param_exc({ address => "$address is not a valid host ip address." })
	if !Net::IP::ip_is_ipv6($address);

    my $binip = ipv6_tobin($address);
    my $binmask = Net::IP::ip_get_mask($netmask, 6);

    my $type = Net::IP::ip_iptypev6($binip);

    raise_param_exc({ address => "$address is not a valid host ip address." })
	if ($binip eq $binmask) ||
	   (defined($type) && $type !~ /^(?:(?:GLOBAL|(?:UNIQUE|LINK)-LOCAL)-UNICAST)$/);
};

__PACKAGE__->register_method({
    name => 'create_network', 
    path => '', 
    method => 'POST',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Create network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface')}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface already exists" })
		if $ifaces->{$iface};

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    &$check_ipv4_settings($param->{address}, $param->{netmask})
		if $param->{address};
	    &$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
		if $param->{address6};

	    my $families = $param->{families} = [];
	    push @$families, 'inet'
		if $param->{address} && !grep(/^inet$/, @$families);
	    push @$families, 'inet6'
		if $param->{address6} && !grep(/^inet6$/, @$families);
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual'; 
	    $param->{method6} = $param->{address6} ? 'static' : 'manual'; 

	    if ($param->{type} =~ m/^OVS/) {
		-x '/usr/bin/ovs-vsctl' ||
		    die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	    }

	    if ($param->{type} eq 'OVSIntPort' || $param->{type} eq 'OVSBond') {
		my $brname = $param->{ovs_bridge};
		raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
		my $br = $ifaces->{$brname};
		raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
		raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" }) 
		    if $br->{type} ne 'OVSBridge';

		my @ports = split (/\s+/, $br->{ovs_ports} || '');
		$br->{ovs_ports} = join(' ', @ports, $iface)
		    if ! grep { $_ eq $iface } @ports;
	    }

	    $ifaces->{$iface} = $param;

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'update_network', 
    path => '{iface}', 
    method => 'PUT',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Update network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => json_config_properties({
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	    delete => {
		type => 'string', format => 'pve-configid-list',
		description => "A list of settings you want to delete.",
		optional => 1,
	    }}),
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $node = extract_param($param, 'node');
	my $iface = extract_param($param, 'iface');
	my $delete = extract_param($param, 'delete');

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$iface};

	    my $families = ($param->{families} ||= []);
	    foreach my $k (PVE::Tools::split_list($delete)) {
		delete $ifaces->{$iface}->{$k};
		@$families = grep(!/^inet$/, @$families) if $k eq 'address';
		@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
	    }

	    &$check_duplicate_gateway($ifaces, $iface)
		if $param->{gateway};
	    &$check_duplicate_gateway6($ifaces, $iface)
		if $param->{gateway6};

	    if ($param->{address}) {
		&$check_ipv4_settings($param->{address}, $param->{netmask});
		push @$families, 'inet' if !grep(/^inet$/, @$families);
	    } else {
		@$families = grep(!/^inet$/, @$families);
	    }
	    if ($param->{address6}) {
		&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
		push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	    } else {
		@$families = grep(!/^inet6$/, @$families);
	    }
	    @$families = ('inet') if !scalar(@$families);

	    $param->{method} = $param->{address} ? 'static' : 'manual'; 
	    $param->{method6} = $param->{address6} ? 'static' : 'manual'; 

	    foreach my $k (keys %$param) {
		$ifaces->{$iface}->{$k} = $param->{$k};
	    }
	    
	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});

__PACKAGE__->register_method({
    name => 'network_config', 
    path => '{iface}', 
    method => 'GET',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
    },
    description => "Read network device configuration",
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => {
	type => "object",
	properties => {
	    type => { 
		type => 'string', 
	    },
	    method => {
		type => 'string', 
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $config = PVE::INotify::read_file('interfaces');
	my $ifaces = $config->{ifaces};

	raise_param_exc({ iface => "interface does not exist" })
	    if !$ifaces->{$param->{iface}};

	return $ifaces->{$param->{iface}};
   }});

__PACKAGE__->register_method({
    name => 'delete_network', 
    path => '{iface}', 
    method => 'DELETE',
    permissions => {
	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
    },
    description => "Delete network device configuration",
    protected => 1,
    proxyto => 'node',
    parameters => {
    	additionalProperties => 0,
	properties => {
	    node => get_standard_option('pve-node'),
	    iface => get_standard_option('pve-iface'),
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;

	my $code = sub {
	    my $config = PVE::INotify::read_file('interfaces');
	    my $ifaces = $config->{ifaces};

	    raise_param_exc({ iface => "interface does not exist" })
		if !$ifaces->{$param->{iface}};

	    my $d = $ifaces->{$param->{iface}};
	    if ($d->{type} eq 'OVSIntPort' || $d->{type} eq 'OVSBond') {
		if (my $brname = $d->{ovs_bridge}) {
		    if (my $br = $ifaces->{$brname}) {
			if ($br->{ovs_ports}) {
			    my @ports = split (/\s+/, $br->{ovs_ports});
			    my @new = grep { $_ ne $param->{iface} } @ports;
			    $br->{ovs_ports} = join(' ', @new);
			}
		    }
		}
	    }

	    delete $ifaces->{$param->{iface}};

	    PVE::INotify::write_file('interfaces', $config);
	};

	PVE::Tools::lock_file($iflockfn, 10, $code);
	die $@ if $@;

	return undef;
    }});
Commit	Line	Data
aff192e6 DM	1	package PVE::API2::Network;
	2
	3	use strict;
	4	use warnings;
	5
d09f6f7d	6	use Net::IP qw(:PROC);
aff192e6 DM	7	use PVE::Tools qw(extract_param);
	8	use PVE::SafeSyslog;
	9	use PVE::INotify;
	10	use PVE::Exception qw(raise_param_exc);
	11	use PVE::RESTHandler;
	12	use PVE::RPCEnvironment;
	13	use PVE::JSONSchema qw(get_standard_option);
	14	use PVE::AccessControl;
	15	use IO::File;
	16
	17	use base qw(PVE::RESTHandler);
	18
	19	my $iflockfn = "/etc/network/.pve-interfaces.lock";
	20
	21	my $bond_mode_enum = [
	22	'balance-rr',
10a9563e	23	'active-backup', # OVS and Linux
aff192e6 DM	24	'balance-xor',
	25	'broadcast',
	26	'802.3ad',
	27	'balance-tlb',
d11733f8	28	'balance-alb',
10a9563e DM	29	'balance-slb', # OVS
	30	'lacp-balance-slb', # OVS
	31	'lacp-balance-tcp', # OVS
aff192e6 DM	32	];
aff192e6 DM	33
d11733f8 DM	34	my $network_type_enum = ['bridge', 'bond', 'eth', 'alias',
	35	'OVSBridge', 'OVSBond', 'OVSPort', 'OVSIntPort'];
	36
aff192e6	37	my $confdesc = {
d11733f8 DM	38	type => {
	39	description => "Network interface type",
	40	type => 'string',
	41	enum => [@$network_type_enum, 'unknown'],
	42	},
44d353a7 DM	43	comments => {
	44	description => "Comments",
	45	type => 'string',
b5eda023	46	optional => 1,
44d353a7	47	},
3ed15e6c WB	48	comments6 => {
	49	description => "Comments",
	50	type => 'string',
	51	optional => 1,
	52	},
aff192e6 DM	53	autostart => {
	54	description => "Automatically start interface on boot.",
	55	type => 'boolean',
	56	optional => 1,
	57	},
	58	bridge_ports => {
	59	description => "Specify the iterfaces you want to add to your bridge.",
	60	optional => 1,
	61	type => 'string', format => 'pve-iface-list',
	62	},
d11733f8 DM	63	ovs_ports => {
	64	description => "Specify the iterfaces you want to add to your bridge.",
	65	optional => 1,
	66	type => 'string', format => 'pve-iface-list',
	67	},
4c917e97 DM	68	ovs_tag => {
	69	description => "Specify a VLan tag (used by OVSPort, OVSIntPort, OVSBond)",
	70	optional => 1,
	71	type => 'integer',
	72	minimum => 1,
	73	maximum => 4094,
	74	},
d11733f8 DM	75	ovs_options => {
	76	description => "OVS interface options.",
	77	optional => 1,
	78	type => 'string',
	79	maxLength => 1024,
	80	},
	81	ovs_bridge => {
	82	description => "The OVS bridge associated with a OVS port. This is required when you create an OVS port.",
	83	optional => 1,
	84	type => 'string', format => 'pve-iface',
	85	},
aff192e6 DM	86	slaves => {
	87	description => "Specify the interfaces used by the bonding device.",
	88	optional => 1,
	89	type => 'string', format => 'pve-iface-list',
	90	},
d11733f8 DM	91	ovs_bonds => {
	92	description => "Specify the interfaces used by the bonding device.",
	93	optional => 1,
	94	type => 'string', format => 'pve-iface-list',
	95	},
aff192e6 DM	96	bond_mode => {
	97	description => "Bonding mode.",
	98	optional => 1,
	99	type => 'string', enum => $bond_mode_enum,
	100	},
ffffb625 DM	101	bond_xmit_hash_policy => {
	102	description => "Selects the transmit hash policy to use for slave selection in balance-xor and 802.3ad modes.",
	103	optional => 1,
	104	type => 'string',
	105	enum => ['layer2', 'layer2+3', 'layer3+4' ],
	106	},
aff192e6 DM	107	gateway => {
	108	description => 'Default gateway address.',
	109	type => 'string', format => 'ipv4',
	110	optional => 1,
	111	},
	112	netmask => {
	113	description => 'Network mask.',
	114	type => 'string', format => 'ipv4mask',
	115	optional => 1,
1904114e	116	requires => 'address',
aff192e6 DM	117	},
	118	address => {
	119	description => 'IP address.',
	120	type => 'string', format => 'ipv4',
	121	optional => 1,
	122	requires => 'netmask',
3ed15e6c WB	123	},
	124	gateway6 => {
	125	description => 'Default ipv6 gateway address.',
	126	type => 'string', format => 'ipv6',
	127	optional => 1,
	128	},
	129	netmask6 => {
	130	description => 'Network mask.',
	131	type => 'integer', minimum => 0, maximum => 128,
	132	optional => 1,
	133	requires => 'address6',
	134	},
	135	address6 => {
	136	description => 'IP address.',
	137	type => 'string', format => 'ipv6',
	138	optional => 1,
	139	requires => 'netmask6',
aff192e6 DM	140	}
	141	};
	142
	143	sub json_config_properties {
	144	my $prop = shift;
	145
	146	foreach my $opt (keys %$confdesc) {
	147	$prop->{$opt} = $confdesc->{$opt};
	148	}
	149
	150	return $prop;
	151	}
	152
	153	__PACKAGE__->register_method({
	154	name => 'index',
	155	path => '',
	156	method => 'GET',
	157	permissions => { user => 'all' },
	158	description => "List available networks",
	159	proxyto => 'node',
	160	parameters => {
	161	additionalProperties => 0,
	162	properties => {
	163	node => get_standard_option('pve-node'),
	164	type => {
	165	description => "Only list specific interface types.",
	166	type => 'string',
4c917e97	167	enum => [ @$network_type_enum, 'any_bridge' ],
aff192e6 DM	168	optional => 1,
	169	},
	170	},
	171	},
	172	returns => {
	173	type => "array",
	174	items => {
	175	type => "object",
	176	properties => {},
	177	},
	178	links => [ { rel => 'child', href => "{iface}" } ],
	179	},
	180	code => sub {
	181	my ($param) = @_;
	182
e4d5bf72 DM	183	my $rpcenv = PVE::RPCEnvironment::get();
	184
	185	my $tmp = PVE::INotify::read_file('interfaces', 1);
	186	my $config = $tmp->{data};
	187	my $changes = $tmp->{changes};
	188
	189	$rpcenv->set_result_attrib('changes', $changes) if $changes;
aff192e6	190
3ed15e6c WB	191	my $ifaces = $config->{ifaces};
	192
	193	delete $ifaces->{lo}; # do not list the loopback device
aff192e6 DM	194
aff192e6 DM	195	if ($param->{type}) {
3ed15e6c WB	196	foreach my $k (keys %$ifaces) {
3ed15e6c WB	197	my $type = $ifaces->{$k}->{type};
4c917e97 DM	198	my $match = ($param->{type} eq $type) \|\| (
	199	($param->{type} eq 'any_bridge') &&
	200	($type eq 'bridge' \|\| $type eq 'OVSBridge'));
3ed15e6c	201	delete $ifaces->{$k} if !$match;
aff192e6 DM	202	}
	203	}
	204
3ed15e6c	205	return PVE::RESTHandler::hash_to_array($ifaces, 'iface');
aff192e6 DM	206	}});
aff192e6 DM	207
e4d5bf72 DM	208	__PACKAGE__->register_method({
	209	name => 'revert_network_changes',
	210	path => '',
	211	method => 'DELETE',
	212	permissions => {
	213	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
	214	},
	215	protected => 1,
	216	description => "Revert network configuration changes.",
	217	proxyto => 'node',
	218	parameters => {
	219	additionalProperties => 0,
	220	properties => {
	221	node => get_standard_option('pve-node'),
	222	},
	223	},
	224	returns => { type => "null" },
	225	code => sub {
	226	my ($param) = @_;
	227
	228	unlink "/etc/network/interfaces.new";
	229
	230	return undef;
	231	}});
aff192e6	232
3ed15e6c WB	233	my $check_duplicate = sub {
3ed15e6c WB	234	my ($config, $newiface, $key, $name) = @_;
aff192e6 DM	235
aff192e6 DM	236	foreach my $iface (keys %$config) {
3ed15e6c WB	237	raise_param_exc({ $key => "$name already exists on interface '$iface'." })
3ed15e6c WB	238	if ($newiface ne $iface) && $config->{$iface}->{$key};
aff192e6 DM	239	}
	240	};
	241
3ed15e6c WB	242	my $check_duplicate_gateway = sub {
	243	my ($config, $newiface) = @_;
	244	return &$check_duplicate($config, $newiface, 'gateway', 'Default gateway');
	245	};
	246
	247	my $check_duplicate_gateway6 = sub {
	248	my ($config, $newiface) = @_;
	249	return &$check_duplicate($config, $newiface, 'gateway6', 'Default ipv6 gateway');
	250	};
	251
e16a27be	252	my $check_ipv4_settings = sub {
1904114e	253	my ($address, $netmask) = @_;
e16a27be	254
1904114e DM	255	my $binip = Net::IP::ip_iptobin($address, 4);
1904114e DM	256	my $binmask = Net::IP::ip_iptobin($netmask, 4);
d09f6f7d	257	my $broadcast = Net::IP::ip_iptobin('255.255.255.255', 4);
e16a27be DP	258	my $binhost = $binip \| $binmask;
e16a27be DP	259
1904114e	260	raise_param_exc({ address => "$address is not a valid host ip address." })
e16a27be DP	261	if ($binhost eq $binmask) \|\| ($binhost eq $broadcast);
e16a27be DP	262	};
aff192e6	263
3ed15e6c WB	264	sub ipv6_tobin {
	265	return Net::IP::ip_iptobin(Net::IP::ip_expand_address(shift, 6), 6);
	266	}
	267
	268	my $check_ipv6_settings = sub {
	269	my ($address, $netmask) = @_;
	270
	271	raise_param_exc({ netmask => "$netmask is not a valid subnet length for ipv6" })
	272	if $netmask < 0 \|\| $netmask > 128;
	273
	274	raise_param_exc({ address => "$address is not a valid host ip address." })
	275	if !Net::IP::ip_is_ipv6($address);
	276
	277	my $binip = ipv6_tobin($address);
	278	my $binmask = Net::IP::ip_get_mask($netmask, 6);
	279
	280	my $type = Net::IP::ip_iptypev6($binip);
	281
	282	raise_param_exc({ address => "$address is not a valid host ip address." })
	283	if ($binip eq $binmask) \|\|
	284	(defined($type) && $type !~ /^(?:(?:GLOBAL\|(?:UNIQUE\|LINK)-LOCAL)-UNICAST)$/);
	285	};
	286
aff192e6 DM	287	__PACKAGE__->register_method({
	288	name => 'create_network',
	289	path => '',
	290	method => 'POST',
	291	permissions => {
7d020b42	292	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
aff192e6 DM	293	},
	294	description => "Create network device configuration",
	295	protected => 1,
	296	proxyto => 'node',
	297	parameters => {
	298	additionalProperties => 0,
	299	properties => json_config_properties({
	300	node => get_standard_option('pve-node'),
	301	iface => get_standard_option('pve-iface')}),
	302	},
	303	returns => { type => 'null' },
	304	code => sub {
	305	my ($param) = @_;
	306
	307	my $node = extract_param($param, 'node');
	308	my $iface = extract_param($param, 'iface');
	309
	310	my $code = sub {
	311	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	312	my $ifaces = $config->{ifaces};
aff192e6 DM	313
aff192e6 DM	314	raise_param_exc({ iface => "interface already exists" })
3ed15e6c	315	if $ifaces->{$iface};
aff192e6	316
3ed15e6c	317	&$check_duplicate_gateway($ifaces, $iface)
aff192e6	318	if $param->{gateway};
3ed15e6c WB	319	&$check_duplicate_gateway6($ifaces, $iface)
3ed15e6c WB	320	if $param->{gateway6};
aff192e6	321
1904114e DM	322	&$check_ipv4_settings($param->{address}, $param->{netmask})
1904114e DM	323	if $param->{address};
3ed15e6c WB	324	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}))
	325	if $param->{address6};
	326
	327	my $families = $param->{families} = [];
	328	push @$families, 'inet'
	329	if $param->{address} && !grep(/^inet$/, @$families);
	330	push @$families, 'inet6'
	331	if $param->{address6} && !grep(/^inet6$/, @$families);
	332	@$families = ('inet') if !scalar(@$families);
e16a27be	333
aff192e6	334	$param->{method} = $param->{address} ? 'static' : 'manual';
3ed15e6c	335	$param->{method6} = $param->{address6} ? 'static' : 'manual';
aff192e6	336
bdfa2498 DM	337	if ($param->{type} =~ m/^OVS/) {
	338	-x '/usr/bin/ovs-vsctl' \|\|
	339	die "Open VSwitch is not installed (need package 'openvswitch-switch')\n";
	340	}
	341
d11733f8 DM	342	if ($param->{type} eq 'OVSIntPort' \|\| $param->{type} eq 'OVSBond') {
	343	my $brname = $param->{ovs_bridge};
	344	raise_param_exc({ ovs_bridge => "parameter is required" }) if !$brname;
3ed15e6c	345	my $br = $ifaces->{$brname};
d11733f8 DM	346	raise_param_exc({ ovs_bridge => "bridge '$brname' does not exist" }) if !$br;
	347	raise_param_exc({ ovs_bridge => "interface '$brname' is no OVS bridge" })
	348	if $br->{type} ne 'OVSBridge';
	349
	350	my @ports = split (/\s+/, $br->{ovs_ports} \|\| '');
	351	$br->{ovs_ports} = join(' ', @ports, $iface)
	352	if ! grep { $_ eq $iface } @ports;
	353	}
	354
3ed15e6c	355	$ifaces->{$iface} = $param;
aff192e6 DM	356
	357	PVE::INotify::write_file('interfaces', $config);
	358	};
	359
	360	PVE::Tools::lock_file($iflockfn, 10, $code);
	361	die $@ if $@;
	362
	363	return undef;
	364	}});
	365
	366	__PACKAGE__->register_method({
	367	name => 'update_network',
	368	path => '{iface}',
	369	method => 'PUT',
	370	permissions => {
7d020b42	371	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
aff192e6 DM	372	},
	373	description => "Update network device configuration",
	374	protected => 1,
	375	proxyto => 'node',
	376	parameters => {
	377	additionalProperties => 0,
	378	properties => json_config_properties({
	379	node => get_standard_option('pve-node'),
	380	iface => get_standard_option('pve-iface'),
	381	delete => {
	382	type => 'string', format => 'pve-configid-list',
	383	description => "A list of settings you want to delete.",
	384	optional => 1,
	385	}}),
	386	},
	387	returns => { type => 'null' },
	388	code => sub {
	389	my ($param) = @_;
	390
	391	my $node = extract_param($param, 'node');
	392	my $iface = extract_param($param, 'iface');
	393	my $delete = extract_param($param, 'delete');
	394
	395	my $code = sub {
	396	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	397	my $ifaces = $config->{ifaces};
aff192e6 DM	398
aff192e6 DM	399	raise_param_exc({ iface => "interface does not exist" })
3ed15e6c	400	if !$ifaces->{$iface};
aff192e6	401
3ed15e6c	402	my $families = ($param->{families} \|\|= []);
aff192e6	403	foreach my $k (PVE::Tools::split_list($delete)) {
3ed15e6c WB	404	delete $ifaces->{$iface}->{$k};
	405	@$families = grep(!/^inet$/, @$families) if $k eq 'address';
	406	@$families = grep(!/^inet6$/, @$families) if $k eq 'address6';
aff192e6 DM	407	}
aff192e6 DM	408
3ed15e6c	409	&$check_duplicate_gateway($ifaces, $iface)
aff192e6	410	if $param->{gateway};
3ed15e6c WB	411	&$check_duplicate_gateway6($ifaces, $iface)
	412	if $param->{gateway6};
	413
	414	if ($param->{address}) {
	415	&$check_ipv4_settings($param->{address}, $param->{netmask});
	416	push @$families, 'inet' if !grep(/^inet$/, @$families);
	417	} else {
	418	@$families = grep(!/^inet$/, @$families);
	419	}
	420	if ($param->{address6}) {
	421	&$check_ipv6_settings($param->{address6}, int($param->{netmask6}));
	422	push @$families, 'inet6' if !grep(/^inet6$/, @$families);
	423	} else {
	424	@$families = grep(!/^inet6$/, @$families);
	425	}
	426	@$families = ('inet') if !scalar(@$families);
e16a27be	427
aff192e6	428	$param->{method} = $param->{address} ? 'static' : 'manual';
3ed15e6c	429	$param->{method6} = $param->{address6} ? 'static' : 'manual';
aff192e6 DM	430
aff192e6 DM	431	foreach my $k (keys %$param) {
3ed15e6c	432	$ifaces->{$iface}->{$k} = $param->{$k};
aff192e6 DM	433	}
	434
	435	PVE::INotify::write_file('interfaces', $config);
	436	};
	437
	438	PVE::Tools::lock_file($iflockfn, 10, $code);
	439	die $@ if $@;
	440
	441	return undef;
	442	}});
	443
	444	__PACKAGE__->register_method({
	445	name => 'network_config',
	446	path => '{iface}',
	447	method => 'GET',
	448	permissions => {
7d020b42	449	check => ['perm', '/nodes/{node}', [ 'Sys.Audit' ]],
aff192e6 DM	450	},
	451	description => "Read network device configuration",
	452	proxyto => 'node',
	453	parameters => {
	454	additionalProperties => 0,
	455	properties => {
	456	node => get_standard_option('pve-node'),
	457	iface => get_standard_option('pve-iface'),
	458	},
	459	},
	460	returns => {
	461	type => "object",
	462	properties => {
	463	type => {
	464	type => 'string',
	465	},
	466	method => {
	467	type => 'string',
	468	},
	469	},
	470	},
	471	code => sub {
	472	my ($param) = @_;
	473
	474	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	475	my $ifaces = $config->{ifaces};
aff192e6 DM	476
aff192e6 DM	477	raise_param_exc({ iface => "interface does not exist" })
3ed15e6c	478	if !$ifaces->{$param->{iface}};
aff192e6	479
3ed15e6c	480	return $ifaces->{$param->{iface}};
aff192e6 DM	481	}});
	482
	483	__PACKAGE__->register_method({
	484	name => 'delete_network',
	485	path => '{iface}',
	486	method => 'DELETE',
	487	permissions => {
7d020b42	488	check => ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
aff192e6 DM	489	},
	490	description => "Delete network device configuration",
	491	protected => 1,
	492	proxyto => 'node',
	493	parameters => {
	494	additionalProperties => 0,
	495	properties => {
	496	node => get_standard_option('pve-node'),
	497	iface => get_standard_option('pve-iface'),
	498	},
	499	},
	500	returns => { type => 'null' },
	501	code => sub {
	502	my ($param) = @_;
	503
	504	my $code = sub {
	505	my $config = PVE::INotify::read_file('interfaces');
3ed15e6c	506	my $ifaces = $config->{ifaces};
aff192e6 DM	507
aff192e6 DM	508	raise_param_exc({ iface => "interface does not exist" })
3ed15e6c	509	if !$ifaces->{$param->{iface}};
aff192e6	510
3ed15e6c	511	my $d = $ifaces->{$param->{iface}};
d11733f8 DM	512	if ($d->{type} eq 'OVSIntPort' \|\| $d->{type} eq 'OVSBond') {
d11733f8 DM	513	if (my $brname = $d->{ovs_bridge}) {
3ed15e6c	514	if (my $br = $ifaces->{$brname}) {
d11733f8 DM	515	if ($br->{ovs_ports}) {
	516	my @ports = split (/\s+/, $br->{ovs_ports});
	517	my @new = grep { $_ ne $param->{iface} } @ports;
	518	$br->{ovs_ports} = join(' ', @new);
	519	}
	520	}
	521	}
	522	}
	523
3ed15e6c	524	delete $ifaces->{$param->{iface}};
aff192e6 DM	525
	526	PVE::INotify::write_file('interfaces', $config);
	527	};
	528
	529	PVE::Tools::lock_file($iflockfn, 10, $code);
	530	die $@ if $@;
	531
	532	return undef;
	533	}});