use Net::IP;
-use Socket qw(IPPROTO_IP);
-
-use constant IFF_UP => 1;
-use constant IFNAMSIZ => 16;
-use constant SIOCGIFFLAGS => 0x8913;
-
# host network related utility functions
our $ipv4_reverse_mask = [
];
our $ipv4_mask_hash_localnet = {
+ '255.0.0.0' => 8,
+ '255.128.0.0' => 9,
+ '255.192.0.0' => 10,
+ '255.224.0.0' => 11,
+ '255.240.0.0' => 12,
+ '255.248.0.0' => 13,
+ '255.252.0.0' => 14,
+ '255.254.0.0' => 15,
'255.255.0.0' => 16,
'255.255.128.0' => 17,
'255.255.192.0' => 18,
'255.255.255.240' => 28,
'255.255.255.248' => 29,
'255.255.255.252' => 30,
+ '255.255.255.254' => 31,
+ '255.255.255.255' => 32,
};
sub setup_tc_rate_limit {
my ($iface, $rate, $burst, $debug) = @_;
- system("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1");
- system("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1");
- system("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1");
- system("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1");
+ # these are allowed / expected to fail, e.g. when there is no previous rate limit to remove
+ eval { run_command("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); };
+ eval { run_command("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1"); };
+ eval { run_command("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); };
+ eval { run_command("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); };
return if !$rate;
run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress");
run_command("/sbin/tc filter add dev $iface parent ffff: " .
- "protocol all prio 50 u32 match u32 0 0 " .
+ "prio 50 basic " .
"police rate ${rate}bps burst ${burst}b mtu 64kb " .
"drop flowid :1");
if ($vlan_aware) {
if ($tag) {
- system("/sbin/bridge vlan add dev $iface vid $tag pvid untagged") == 0 ||
- die "unable to add vlan $tag to interface $iface\n";
+ system({'/sbin/bridge'} 'bridge', 'vlan', 'del', 'dev', $iface, 'vid', '1-4094') == 0
+ or die "failed to remove default vlan tags of $iface\n";
+ system({'/sbin/bridge'} 'bridge', 'vlan', 'add', 'dev', $iface, 'vid', $tag, 'pvid', 'untagged') == 0
+ or die "unable to add vlan $tag to interface $iface\n";
+
+ warn "Caution: Setting VLAN ID 1 on a VLAN aware bridge may be dangerous\n" if $tag == 1;
} else {
system("/sbin/bridge vlan add dev $iface vid 2-4094") == 0 ||
die "unable to add default vlan tags to interface $iface\n" if !$trunks;
}
&$cleanup_firewall_bridge($iface);
+ #cleanup old port config from any openvswitch bridge
+ eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) };
}
sub copy_bridge_config {
my @ifaces = ();
my $dir = "/sys/class/net/$bridge/brif";
- PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+(\.\d+)?)', sub {
+ PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub {
push @ifaces, $_[0];
});
return $cidr_obj->overlaps($ip_obj) == $Net::IP::IP_B_IN_A_OVERLAP;
}
-# struct ifreq { // FOR SIOCGIFFLAGS:
-# char ifrn_name[IFNAMSIZ]
-# short ifru_flags
-# };
-my $STRUCT_IFREQ_SIOCGIFFLAGS = 'Z' . IFNAMSIZ . 's1';
-sub get_active_interfaces {
- # Use the interface name list from /proc/net/dev
- open my $fh, '<', '/proc/net/dev'
- or die "failed to open /proc/net/dev: $!\n";
- # And filter by IFF_UP flag fetched via a PF_INET6 socket ioctl:
- socket my $sock, PF_INET6, SOCK_DGRAM, &IPPROTO_IP
- or die "failed to open socket\n";
-
- my $ifaces = [];
- while(defined(my $line = <$fh>)) {
- next if $line !~ /^\s*([^:\s]+):/;
- my $ifname = $1;
- my $ifreq = pack($STRUCT_IFREQ_SIOCGIFFLAGS, $1, 0);
- if (!defined(ioctl($sock, SIOCGIFFLAGS, $ifreq))) {
- warn "failed to get interface flags for: $ifname\n";
- next;
- }
- my ($name, $flags) = unpack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifreq);
- push @$ifaces, $1 if ($flags & IFF_UP);
- }
- close $fh;
- close $sock;
- return $ifaces;
-}
-
1;