]>
Commit | Line | Data |
---|---|---|
b9436cda DM |
1 | package PVE::Network; |
2 | ||
3 | use strict; | |
c36f332e | 4 | use warnings; |
74d1b045 | 5 | use PVE::Tools qw(run_command); |
b9436cda DM |
6 | use PVE::ProcFSTools; |
7 | use PVE::INotify; | |
8 | use File::Basename; | |
9 | ||
10 | # host network related utility functions | |
11 | ||
74d1b045 DM |
12 | sub setup_tc_rate_limit { |
13 | my ($iface, $rate, $burst, $debug) = @_; | |
14 | ||
957753df AD |
15 | system("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); |
16 | system("/sbin/tc filter del dev $iface parent ffff: protocol ip prio 50 estimator 1sec 8sec >/dev/null 2>&1"); | |
edde1d46 | 17 | system("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); |
74d1b045 DM |
18 | system("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); |
19 | ||
d6f2623b | 20 | return if !$rate; |
957753df | 21 | |
74d1b045 DM |
22 | run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress"); |
23 | ||
0aaf0ca4 DM |
24 | # this does not work wit virtio - don't know why (setting "mtu 64kb" does not help) |
25 | #run_command("/sbin/tc filter add dev $iface parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${rate}bps burst ${burst}b drop flowid :1"); | |
26 | # so we use avrate instead | |
ca402c95 | 27 | run_command("/sbin/tc filter add dev $iface parent ffff: " . |
0aaf0ca4 DM |
28 | "protocol ip prio 50 estimator 1sec 8sec " . |
29 | "u32 match ip src 0.0.0.0/0 police avrate ${rate}bps drop flowid :1"); | |
74d1b045 DM |
30 | |
31 | # tbf does not work for unknown reason | |
32 | #$TC qdisc add dev $DEV root tbf rate $RATE latency 100ms burst $BURST | |
33 | # so we use htb instead | |
34 | run_command("/sbin/tc qdisc add dev $iface root handle 1: htb default 1"); | |
35 | run_command("/sbin/tc class add dev $iface parent 1: classid 1:1 " . | |
36 | "htb rate ${rate}bps burst ${burst}b"); | |
37 | ||
38 | if ($debug) { | |
39 | print "DEBUG tc settings\n"; | |
40 | system("/sbin/tc qdisc ls dev $iface"); | |
41 | system("/sbin/tc class ls dev $iface"); | |
42 | system("/sbin/tc filter ls dev $iface parent ffff:"); | |
43 | } | |
44 | } | |
45 | ||
ec9ada18 AD |
46 | sub tap_rate_limit { |
47 | my ($iface, $rate) = @_; | |
48 | ||
49 | my $debug = 0; | |
50 | $rate = int($rate*1024*1024); | |
51 | my $burst = 1024*1024; | |
52 | ||
53 | setup_tc_rate_limit($iface, $rate, $burst, $debug); | |
54 | } | |
74d1b045 | 55 | |
3aa99c70 AD |
56 | sub tap_create { |
57 | my ($iface, $bridge) = @_; | |
58 | ||
59 | die "unable to get bridge setting\n" if !$bridge; | |
60 | ||
61 | my $bridgemtu = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/mtu"); | |
62 | die "bridge '$bridge' does not exist\n" if !$bridgemtu; | |
63 | ||
098795e0 DM |
64 | eval { |
65 | PVE::Tools::run_command("/sbin/ifconfig $iface 0.0.0.0 promisc up mtu $bridgemtu"); | |
66 | }; | |
67 | die "interface activation failed\n" if $@; | |
3aa99c70 AD |
68 | } |
69 | ||
f0c190ee AD |
70 | sub tap_plug { |
71 | my ($iface, $bridge, $tag) = @_; | |
72 | ||
4cbabd40 AD |
73 | #cleanup old port config from any openvswitch bridge |
74 | eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) }; | |
75 | ||
098795e0 DM |
76 | if (-d "/sys/class/net/$bridge/bridge") { |
77 | my $newbridge = activate_bridge_vlan($bridge, $tag); | |
78 | copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; | |
79 | ||
80 | system("/sbin/brctl addif $newbridge $iface") == 0 || | |
81 | die "can't add interface to bridge\n"; | |
82 | } else { | |
83 | my $cmd = "/usr/bin/ovs-vsctl add-port $bridge $iface"; | |
84 | $cmd .= " tag=$tag" if $tag; | |
85 | system($cmd) == 0 || | |
86 | die "can't add interface to bridge\n"; | |
4cbabd40 | 87 | } |
f0c190ee AD |
88 | } |
89 | ||
a84b65c0 | 90 | sub tap_unplug { |
2db1cc0d | 91 | my ($iface) = @_; |
a84b65c0 | 92 | |
2db1cc0d DM |
93 | my $path= "/sys/class/net/$iface/brport/bridge"; |
94 | if (-l $path) { | |
95 | my $bridge = basename(readlink($path)); | |
96 | #avoid insecure dependency; | |
97 | ($bridge) = $bridge =~ /(\S+)/; | |
4cbabd40 | 98 | |
098795e0 | 99 | system("/sbin/brctl delif $bridge $iface") == 0 || |
2db1cc0d | 100 | die "can't del interface '$iface' from bridge '$bridge'\n"; |
098795e0 DM |
101 | } else { |
102 | system ("/usr/bin/ovs-vsctl del-port $iface") == 0 || | |
2db1cc0d | 103 | die "can't del ovs port '$iface'\n"; |
4cbabd40 | 104 | } |
a84b65c0 AD |
105 | } |
106 | ||
b9436cda DM |
107 | sub copy_bridge_config { |
108 | my ($br0, $br1) = @_; | |
109 | ||
110 | return if $br0 eq $br1; | |
111 | ||
112 | my $br_configs = [ 'ageing_time', 'stp_state', 'priority', 'forward_delay', | |
ba4af65b | 113 | 'hello_time', 'max_age', 'multicast_snooping', 'multicast_querier']; |
b9436cda DM |
114 | |
115 | foreach my $sysname (@$br_configs) { | |
116 | eval { | |
117 | my $v0 = PVE::Tools::file_read_firstline("/sys/class/net/$br0/bridge/$sysname"); | |
118 | my $v1 = PVE::Tools::file_read_firstline("/sys/class/net/$br1/bridge/$sysname"); | |
119 | if ($v0 ne $v1) { | |
aec04803 | 120 | PVE::ProcFSTools::write_proc_entry("/sys/class/net/$br1/bridge/$sysname", $v0); |
b9436cda DM |
121 | } |
122 | }; | |
123 | warn $@ if $@; | |
124 | } | |
125 | } | |
126 | ||
70d89745 PRG |
127 | sub activate_bridge_vlan_slave { |
128 | my ($bridgevlan, $iface, $tag) = @_; | |
b9436cda | 129 | my $ifacevlan = "${iface}.$tag"; |
70d89745 | 130 | |
b9436cda DM |
131 | # create vlan on $iface is not already exist |
132 | if (! -d "/sys/class/net/$ifacevlan") { | |
02c9a6b4 DM |
133 | system("/sbin/vconfig add $iface $tag") == 0 || |
134 | die "can't add vlan tag $tag to interface $iface\n"; | |
b9436cda DM |
135 | } |
136 | ||
137 | # be sure to have the $ifacevlan up | |
138 | system("/sbin/ip link set $ifacevlan up") == 0 || | |
139 | die "can't up interface $ifacevlan\n"; | |
140 | ||
141 | # test if $vlaniface is already enslaved in another bridge | |
142 | my $path= "/sys/class/net/$ifacevlan/brport/bridge"; | |
143 | if (-l $path) { | |
144 | my $tbridge = basename(readlink($path)); | |
70d89745 | 145 | if ($tbridge ne $bridgevlan) { |
b9436cda | 146 | die "interface $ifacevlan already exist in bridge $tbridge\n"; |
eee4b32a PRG |
147 | } else { |
148 | # Port already attached to bridge: do nothing. | |
149 | return; | |
b9436cda DM |
150 | } |
151 | } | |
152 | ||
70d89745 PRG |
153 | # add $ifacevlan to the bridge |
154 | system("/sbin/brctl addif $bridgevlan $ifacevlan") == 0 || | |
155 | die "can't add interface $ifacevlan to bridge $bridgevlan\n"; | |
156 | } | |
157 | ||
158 | sub activate_bridge_vlan { | |
159 | my ($bridge, $tag_param) = @_; | |
160 | ||
161 | die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge"; | |
162 | ||
163 | return $bridge if !defined($tag_param); # no vlan, simply return | |
164 | ||
165 | my $tag = int($tag_param); | |
166 | ||
167 | die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; | |
168 | ||
169 | my $bridgevlan = "${bridge}v$tag"; | |
170 | ||
c9030d97 PRG |
171 | my @ifaces = (); |
172 | my $dir = "/sys/class/net/$bridge/brif"; | |
173 | PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub { | |
5ffa7628 | 174 | push @ifaces, $_[0]; |
c9030d97 PRG |
175 | }); |
176 | ||
5ffa7628 | 177 | die "no physical interface on bridge '$bridge'\n" if scalar(@ifaces) == 0; |
c9030d97 | 178 | |
b9436cda DM |
179 | # add bridgevlan if it doesn't already exist |
180 | if (! -d "/sys/class/net/$bridgevlan") { | |
9e14b1b7 | 181 | system("/sbin/brctl addbr $bridgevlan") == 0 || |
b9436cda DM |
182 | die "can't add bridge $bridgevlan\n"; |
183 | } | |
184 | ||
70d89745 | 185 | # for each physical interface (eth or bridge) bind them to bridge vlan |
c9030d97 PRG |
186 | foreach my $iface (@ifaces) { |
187 | activate_bridge_vlan_slave($bridgevlan, $iface, $tag); | |
188 | } | |
70d89745 | 189 | |
b9436cda DM |
190 | #fixme: set other bridge flags |
191 | ||
192 | # be sure to have the bridge up | |
193 | system("/sbin/ip link set $bridgevlan up") == 0 || | |
194 | die "can't up bridge $bridgevlan\n"; | |
70d89745 | 195 | |
b9436cda DM |
196 | return $bridgevlan; |
197 | } | |
198 | ||
199 | 1; |