X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2FPVE%2FNetwork.pm;h=387f19274fe42a90a11d5aff2f845ac341168c01;hb=4d25f4aafe661b8c328bdb9e4b564378e279c645;hp=a0f658be97c8c140f71623687e92cc7e100baa17;hpb=35efc4ebcc71f7c695b37b4a2c4d1a588b866c1f;p=pve-common.git

diff --git a/src/PVE/Network.pm b/src/PVE/Network.pm
index a0f658b..387f192 100644
--- a/src/PVE/Network.pm
+++ b/src/PVE/Network.pm
@@ -9,6 +9,60 @@ use File::Basename;
 
 # host network related utility functions
 
+our $ipv4_reverse_mask = [
+    '0.0.0.0',
+    '128.0.0.0',
+    '192.0.0.0',
+    '224.0.0.0',
+    '240.0.0.0',
+    '248.0.0.0',
+    '252.0.0.0',
+    '254.0.0.0',
+    '255.0.0.0',
+    '255.128.0.0',
+    '255.192.0.0',
+    '255.224.0.0',
+    '255.240.0.0',
+    '255.248.0.0',
+    '255.252.0.0',
+    '255.254.0.0',
+    '255.255.0.0',
+    '255.255.128.0',
+    '255.255.192.0',
+    '255.255.224.0',
+    '255.255.240.0',
+    '255.255.248.0',
+    '255.255.252.0',
+    '255.255.254.0',
+    '255.255.255.0',
+    '255.255.255.128',
+    '255.255.255.192',
+    '255.255.255.224',
+    '255.255.255.240',
+    '255.255.255.248',
+    '255.255.255.252',
+    '255.255.255.254',
+    '255.255.255.255',
+];
+
+our $ipv4_mask_hash_localnet = {
+    '255.255.0.0' => 16,
+    '255.255.128.0' => 17,
+    '255.255.192.0' => 18,
+    '255.255.224.0' => 19,
+    '255.255.240.0' => 20,
+    '255.255.248.0' => 21,
+    '255.255.252.0' => 22,
+    '255.255.254.0' => 23,
+    '255.255.255.0' => 24,
+    '255.255.255.128' => 25,
+    '255.255.255.192' => 26,
+    '255.255.255.224' => 27,
+    '255.255.255.240' => 28,
+    '255.255.255.248' => 29,
+    '255.255.255.252' => 30,
+};
+
 sub setup_tc_rate_limit {
     my ($iface, $rate, $burst, $debug) = @_;
 
@@ -106,10 +160,22 @@ my $cond_create_bridge = sub {
 };
 
 my $bridge_add_interface = sub {
-    my ($bridge, $iface) = @_;
+    my ($bridge, $iface, $tag) = @_;
 
     system("/sbin/brctl addif $bridge $iface") == 0 ||
 	die "can't add interface 'iface' to bridge '$bridge'\n";
+
+   my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
+
+   if ($vlan_aware) {
+	if ($tag) {
+	    system("/sbin/bridge vlan add dev $iface vid $tag pvid untagged") == 0 ||
+	    die "unable to add vlan $tag to interface $iface\n";
+	} else {
+	    system("/sbin/bridge vlan add dev $iface vid 2-4094") == 0 ||
+	    die "unable to add vlan $tag to interface $iface\n";
+	} 
+   }
 };
 
 my $ovs_bridge_add_port = sub {
@@ -161,9 +227,17 @@ sub veth_create {
     &$activate_interface($vethpeer);
 }
 
+sub veth_delete {
+    my ($veth) = @_;
+
+    if (-d "/sys/class/net/$veth") {
+	run_command("/sbin/ip link delete dev $veth", outfunc => sub {}, errfunc => sub {});
+    }
+
+}
 
 my $create_firewall_bridge_linux = sub {
-    my ($iface, $bridge) = @_;
+    my ($iface, $bridge, $tag) = @_;
 
     my ($vmid, $devid) = &$parse_tap_devive_name($iface);
     my ($fwbr, $vethfw, $vethfwpeer) = &$compute_fwbr_names($vmid, $devid);
@@ -175,9 +249,9 @@ my $create_firewall_bridge_linux = sub {
     veth_create($vethfw, $vethfwpeer, $bridge);
 
     &$bridge_add_interface($fwbr, $vethfw);
-    &$bridge_add_interface($bridge, $vethfwpeer);
+    &$bridge_add_interface($bridge, $vethfwpeer, $tag);
 
-    return $fwbr;
+    &$bridge_add_interface($fwbr, $iface);
 };
 
 my $create_firewall_bridge_ovs = sub {
@@ -215,9 +289,7 @@ my $cleanup_firewall_bridge = sub {
     }
 
     # delete old vethfw interface
-    if (-d "/sys/class/net/$vethfw") {
-	run_command("/sbin/ip link delete dev $vethfw", outfunc => sub {}, errfunc => sub {});
-    }
+    veth_delete($vethfw);
 
     # cleanup fwbr bridge
     if (-d "/sys/class/net/$fwbr") {
@@ -235,12 +307,20 @@ sub tap_plug {
     if (-d "/sys/class/net/$bridge/bridge") {
 	&$cleanup_firewall_bridge($iface); # remove stale devices
 
-	my $newbridge = activate_bridge_vlan($bridge, $tag);
-	copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge;
+	my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering");
 
-	$newbridge = &$create_firewall_bridge_linux($iface, $newbridge) if $firewall;
+	if (!$vlan_aware) {
+	    my $newbridge = activate_bridge_vlan($bridge, $tag);
+	    copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge;
+	    $tag = undef;
+	}
+
+	if ($firewall) {
+	    &$create_firewall_bridge_linux($iface, $bridge, $tag);
+	} else {
+	    &$bridge_add_interface($bridge, $iface, $tag);
+	}
 
-	&$bridge_add_interface($newbridge, $iface);
     } else {
 	&$cleanup_firewall_bridge($iface); # remove stale devices