projects / pve-common.git / blame
| Commit | Line | Data |
|---|---|---|
| b9436cda DM |
1 | package PVE::Network; |
| 2 | ||
| 3 | use strict; | |
| c36f332e | 4 | use warnings; |
| 74d1b045 | 5 | use PVE::Tools qw(run_command); |
| b9436cda DM |
6 | use PVE::ProcFSTools; |
| 7 | use PVE::INotify; | |
| 8 | use File::Basename; | |
| b6bff92e WB |
9 | use IO::Socket::IP; |
| 10 | use POSIX qw(ECONNREFUSED); | |
| b9436cda | 11 | |
| bf52d27b WB |
12 | use Net::IP; |
| 13 | ||
| 12a235d6 WB |
14 | use Socket qw(IPPROTO_IP); |
| 15 | ||
| 16 | use constant IFF_UP => 1; | |
| 17 | use constant IFNAMSIZ => 16; | |
| f029c1d0 | 18 | use constant SIOCGIFFLAGS => 0x8913; |
| 12a235d6 | 19 | |
| b9436cda DM |
20 | # host network related utility functions |
| 21 | ||
| 61aa94e4 WB |
22 | our $ipv4_reverse_mask = [ |
| 23 | '0.0.0.0', | |
| 24 | '128.0.0.0', | |
| 25 | '192.0.0.0', | |
| 26 | '224.0.0.0', | |
| 27 | '240.0.0.0', | |
| 28 | '248.0.0.0', | |
| 29 | '252.0.0.0', | |
| 30 | '254.0.0.0', | |
| 31 | '255.0.0.0', | |
| 32 | '255.128.0.0', | |
| 33 | '255.192.0.0', | |
| 34 | '255.224.0.0', | |
| 35 | '255.240.0.0', | |
| 36 | '255.248.0.0', | |
| 37 | '255.252.0.0', | |
| 38 | '255.254.0.0', | |
| 39 | '255.255.0.0', | |
| 40 | '255.255.128.0', | |
| 41 | '255.255.192.0', | |
| 42 | '255.255.224.0', | |
| 43 | '255.255.240.0', | |
| 44 | '255.255.248.0', | |
| 45 | '255.255.252.0', | |
| 46 | '255.255.254.0', | |
| 47 | '255.255.255.0', | |
| 48 | '255.255.255.128', | |
| 49 | '255.255.255.192', | |
| 50 | '255.255.255.224', | |
| 51 | '255.255.255.240', | |
| 52 | '255.255.255.248', | |
| 53 | '255.255.255.252', | |
| 54 | '255.255.255.254', | |
| 55 | '255.255.255.255', | |
| 56 | ]; | |
| 57 | ||
| 58 | our $ipv4_mask_hash_localnet = { | |
| 59 | '255.255.0.0' => 16, | |
| 60 | '255.255.128.0' => 17, | |
| 61 | '255.255.192.0' => 18, | |
| 62 | '255.255.224.0' => 19, | |
| 63 | '255.255.240.0' => 20, | |
| 64 | '255.255.248.0' => 21, | |
| 65 | '255.255.252.0' => 22, | |
| 66 | '255.255.254.0' => 23, | |
| 67 | '255.255.255.0' => 24, | |
| 68 | '255.255.255.128' => 25, | |
| 69 | '255.255.255.192' => 26, | |
| 70 | '255.255.255.224' => 27, | |
| 71 | '255.255.255.240' => 28, | |
| 72 | '255.255.255.248' => 29, | |
| 73 | '255.255.255.252' => 30, | |
| e43faad9 WB |
74 | '255.255.255.254' => 31, |
| 75 | '255.255.255.255' => 32, | |
| 61aa94e4 WB |
76 | }; |
| 77 | ||
| 74d1b045 DM |
78 | sub setup_tc_rate_limit { |
| 79 | my ($iface, $rate, $burst, $debug) = @_; | |
| 80 | ||
| 2d6b3a90 FG |
81 | # these are allowed / expected to fail, e.g. when there is no previous rate limit to remove |
| 82 | eval { run_command("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); }; | |
| 83 | eval { run_command("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1"); }; | |
| 84 | eval { run_command("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); }; | |
| 85 | eval { run_command("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); }; | |
| 74d1b045 | 86 | |
| d6f2623b | 87 | return if !$rate; |
| 957753df | 88 | |
| 74d1b045 DM |
89 | # tbf does not work for unknown reason |
| 90 | #$TC qdisc add dev $DEV root tbf rate $RATE latency 100ms burst $BURST | |
| 91 | # so we use htb instead | |
| 92 | run_command("/sbin/tc qdisc add dev $iface root handle 1: htb default 1"); | |
| 93 | run_command("/sbin/tc class add dev $iface parent 1: classid 1:1 " . | |
| 94 | "htb rate ${rate}bps burst ${burst}b"); | |
| 95 | ||
| 5d35df41 W |
96 | run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress"); |
| 97 | run_command("/sbin/tc filter add dev $iface parent ffff: " . | |
| 1b915170 | 98 | "prio 50 basic " . |
| 5d35df41 W |
99 | "police rate ${rate}bps burst ${burst}b mtu 64kb " . |
| 100 | "drop flowid :1"); | |
| 101 | ||
| 74d1b045 DM |
102 | if ($debug) { |
| 103 | print "DEBUG tc settings\n"; | |
| 104 | system("/sbin/tc qdisc ls dev $iface"); | |
| 105 | system("/sbin/tc class ls dev $iface"); | |
| 106 | system("/sbin/tc filter ls dev $iface parent ffff:"); | |
| 107 | } | |
| 108 | } | |
| 109 | ||
| ec9ada18 AD |
110 | sub tap_rate_limit { |
| 111 | my ($iface, $rate) = @_; | |
| 112 | ||
| 113 | my $debug = 0; | |
| ad066ae2 | 114 | $rate = int($rate*1024*1024) if $rate; |
| ec9ada18 AD |
115 | my $burst = 1024*1024; |
| 116 | ||
| 117 | setup_tc_rate_limit($iface, $rate, $burst, $debug); | |
| 118 | } | |
| 74d1b045 | 119 | |
| 605bb891 DM |
120 | my $read_bridge_mtu = sub { |
| 121 | my ($bridge) = @_; | |
| 122 | ||
| 123 | my $mtu = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/mtu"); | |
| 124 | die "bridge '$bridge' does not exist\n" if !$mtu; | |
| 125 | # avoid insecure dependency; | |
| 126 | die "unable to parse mtu value" if $mtu !~ /^(\d+)$/; | |
| 127 | $mtu = int($1); | |
| 128 | ||
| 129 | return $mtu; | |
| 130 | }; | |
| 131 | ||
| 32cb7d27 | 132 | my $parse_tap_device_name = sub { |
| 6c80e6d6 | 133 | my ($iface, $noerr) = @_; |
| 605bb891 DM |
134 | |
| 135 | my ($vmid, $devid); | |
| 136 | ||
| 137 | if ($iface =~ m/^tap(\d+)i(\d+)$/) { | |
| 138 | $vmid = $1; | |
| 139 | $devid = $2; | |
| 32cb7d27 | 140 | } elsif ($iface =~ m/^veth(\d+)i(\d+)$/) { |
| 605bb891 DM |
141 | $vmid = $1; |
| 142 | $devid = $2; | |
| 143 | } else { | |
| 6c80e6d6 DM |
144 | return undef if $noerr; |
| 145 | die "can't create firewall bridge for random interface name '$iface'\n"; | |
| 605bb891 DM |
146 | } |
| 147 | ||
| 148 | return ($vmid, $devid); | |
| 149 | }; | |
| 150 | ||
| 70ab4434 | 151 | my $compute_fwbr_names = sub { |
| 605bb891 DM |
152 | my ($vmid, $devid) = @_; |
| 153 | ||
| 154 | my $fwbr = "fwbr${vmid}i${devid}"; | |
| f193aa74 | 155 | # Note: the firewall use 'fwln+' to filter traffic to VMs |
| 7d78a966 AD |
156 | my $vethfw = "fwln${vmid}i${devid}"; |
| 157 | my $vethfwpeer = "fwpr${vmid}p${devid}"; | |
| 158 | my $ovsintport = "fwln${vmid}o${devid}"; | |
| 605bb891 | 159 | |
| 70ab4434 | 160 | return ($fwbr, $vethfw, $vethfwpeer, $ovsintport); |
| 605bb891 DM |
161 | }; |
| 162 | ||
| 163 | my $cond_create_bridge = sub { | |
| 164 | my ($bridge) = @_; | |
| 165 | ||
| 166 | if (! -d "/sys/class/net/$bridge") { | |
| 167 | system("/sbin/brctl addbr $bridge") == 0 || | |
| 168 | die "can't add bridge '$bridge'\n"; | |
| 169 | } | |
| 170 | }; | |
| 171 | ||
| 172 | my $bridge_add_interface = sub { | |
| b0b34ffd | 173 | my ($bridge, $iface, $tag, $trunks) = @_; |
| 605bb891 DM |
174 | |
| 175 | system("/sbin/brctl addif $bridge $iface") == 0 || | |
| 176 | die "can't add interface 'iface' to bridge '$bridge'\n"; | |
| 4d25f4aa AD |
177 | |
| 178 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); | |
| 179 | ||
| 180 | if ($vlan_aware) { | |
| 181 | if ($tag) { | |
| 182 | system("/sbin/bridge vlan add dev $iface vid $tag pvid untagged") == 0 || | |
| 183 | die "unable to add vlan $tag to interface $iface\n"; | |
| 5d662b31 DC |
184 | |
| 185 | warn "Caution: Setting VLAN ID 1 on a VLAN aware bridge may be dangerous\n" if $tag == 1; | |
| 4d25f4aa AD |
186 | } else { |
| 187 | system("/sbin/bridge vlan add dev $iface vid 2-4094") == 0 || | |
| b0b34ffd | 188 | die "unable to add default vlan tags to interface $iface\n" if !$trunks; |
| 4d25f4aa | 189 | } |
| b0b34ffd | 190 | |
| 846337ad WB |
191 | if ($trunks) { |
| 192 | my @trunks_array = split /;/, $trunks; | |
| 193 | foreach my $trunk (@trunks_array) { | |
| 194 | system("/sbin/bridge vlan add dev $iface vid $trunk") == 0 || | |
| 195 | die "unable to add vlan $trunk to interface $iface\n"; | |
| 196 | } | |
| b0b34ffd | 197 | } |
| 4d25f4aa | 198 | } |
| 605bb891 DM |
199 | }; |
| 200 | ||
| 70ab4434 | 201 | my $ovs_bridge_add_port = sub { |
| b0b34ffd AD |
202 | my ($bridge, $iface, $tag, $internal, $trunks) = @_; |
| 203 | ||
| 204 | $trunks =~ s/;/,/g if $trunks; | |
| 70ab4434 DM |
205 | |
| 206 | my $cmd = "/usr/bin/ovs-vsctl add-port $bridge $iface"; | |
| 207 | $cmd .= " tag=$tag" if $tag; | |
| b0b34ffd AD |
208 | $cmd .= " trunks=". join(',', $trunks) if $trunks; |
| 209 | $cmd .= " vlan_mode=native-untagged" if $tag && $trunks; | |
| 210 | ||
| 70ab4434 DM |
211 | $cmd .= " -- set Interface $iface type=internal" if $internal; |
| 212 | system($cmd) == 0 || | |
| 213 | die "can't add ovs port '$iface'\n"; | |
| 214 | }; | |
| 215 | ||
| 605bb891 DM |
216 | my $activate_interface = sub { |
| 217 | my ($iface) = @_; | |
| 218 | ||
| 219 | system("/sbin/ip link set $iface up") == 0 || | |
| 220 | die "can't activate interface '$iface'\n"; | |
| 221 | }; | |
| 222 | ||
| 3aa99c70 AD |
223 | sub tap_create { |
| 224 | my ($iface, $bridge) = @_; | |
| 225 | ||
| 226 | die "unable to get bridge setting\n" if !$bridge; | |
| 227 | ||
| 605bb891 | 228 | my $bridgemtu = &$read_bridge_mtu($bridge); |
| 3aa99c70 | 229 | |
| 098795e0 DM |
230 | eval { |
| 231 | PVE::Tools::run_command("/sbin/ifconfig $iface 0.0.0.0 promisc up mtu $bridgemtu"); | |
| 232 | }; | |
| 233 | die "interface activation failed\n" if $@; | |
| 3aa99c70 AD |
234 | } |
| 235 | ||
| 35efc4eb AD |
236 | sub veth_create { |
| 237 | my ($veth, $vethpeer, $bridge, $mac) = @_; | |
| 238 | ||
| 239 | die "unable to get bridge setting\n" if !$bridge; | |
| 240 | ||
| 241 | my $bridgemtu = &$read_bridge_mtu($bridge); | |
| 242 | ||
| 243 | # create veth pair | |
| 244 | if (! -d "/sys/class/net/$veth") { | |
| 245 | my $cmd = "/sbin/ip link add name $veth type veth peer name $vethpeer mtu $bridgemtu"; | |
| 246 | $cmd .= " addr $mac" if $mac; | |
| 247 | system($cmd) == 0 || die "can't create interface $veth\n"; | |
| 248 | } | |
| 249 | ||
| 250 | # up vethpair | |
| 251 | &$activate_interface($veth); | |
| 252 | &$activate_interface($vethpeer); | |
| 253 | } | |
| 254 | ||
| f3f0bc3a AD |
255 | sub veth_delete { |
| 256 | my ($veth) = @_; | |
| 257 | ||
| 258 | if (-d "/sys/class/net/$veth") { | |
| 259 | run_command("/sbin/ip link delete dev $veth", outfunc => sub {}, errfunc => sub {}); | |
| 260 | } | |
| 261 | ||
| 262 | } | |
| 35efc4eb | 263 | |
| 605bb891 | 264 | my $create_firewall_bridge_linux = sub { |
| b0b34ffd | 265 | my ($iface, $bridge, $tag, $trunks) = @_; |
| 605bb891 | 266 | |
| 32cb7d27 | 267 | my ($vmid, $devid) = &$parse_tap_device_name($iface); |
| 70ab4434 | 268 | my ($fwbr, $vethfw, $vethfwpeer) = &$compute_fwbr_names($vmid, $devid); |
| 605bb891 | 269 | |
| 605bb891 DM |
270 | &$cond_create_bridge($fwbr); |
| 271 | &$activate_interface($fwbr); | |
| 272 | ||
| 273 | copy_bridge_config($bridge, $fwbr); | |
| 35efc4eb | 274 | veth_create($vethfw, $vethfwpeer, $bridge); |
| 605bb891 | 275 | |
| 7d78a966 | 276 | &$bridge_add_interface($fwbr, $vethfw); |
| b0b34ffd | 277 | &$bridge_add_interface($bridge, $vethfwpeer, $tag, $trunks); |
| 605bb891 | 278 | |
| 4d25f4aa | 279 | &$bridge_add_interface($fwbr, $iface); |
| 605bb891 DM |
280 | }; |
| 281 | ||
| 70ab4434 | 282 | my $create_firewall_bridge_ovs = sub { |
| b0b34ffd | 283 | my ($iface, $bridge, $tag, $trunks) = @_; |
| 70ab4434 | 284 | |
| 32cb7d27 | 285 | my ($vmid, $devid) = &$parse_tap_device_name($iface); |
| 70ab4434 DM |
286 | my ($fwbr, undef, undef, $ovsintport) = &$compute_fwbr_names($vmid, $devid); |
| 287 | ||
| 288 | my $bridgemtu = &$read_bridge_mtu($bridge); | |
| 289 | ||
| 290 | &$cond_create_bridge($fwbr); | |
| 291 | &$activate_interface($fwbr); | |
| 292 | ||
| 293 | &$bridge_add_interface($fwbr, $iface); | |
| 294 | ||
| b0b34ffd | 295 | &$ovs_bridge_add_port($bridge, $ovsintport, $tag, 1, $trunks); |
| ac3a04b8 | 296 | &$activate_interface($ovsintport); |
| 70ab4434 DM |
297 | |
| 298 | # set the same mtu for ovs int port | |
| 299 | PVE::Tools::run_command("/sbin/ifconfig $ovsintport mtu $bridgemtu"); | |
| 300 | ||
| 301 | &$bridge_add_interface($fwbr, $ovsintport); | |
| 302 | }; | |
| 303 | ||
| 304 | my $cleanup_firewall_bridge = sub { | |
| 605bb891 DM |
305 | my ($iface) = @_; |
| 306 | ||
| 32cb7d27 | 307 | my ($vmid, $devid) = &$parse_tap_device_name($iface, 1); |
| 6c80e6d6 | 308 | return if !defined($vmid); |
| 70ab4434 DM |
309 | my ($fwbr, $vethfw, $vethfwpeer, $ovsintport) = &$compute_fwbr_names($vmid, $devid); |
| 310 | ||
| 311 | # cleanup old port config from any openvswitch bridge | |
| 312 | if (-d "/sys/class/net/$ovsintport") { | |
| 313 | run_command("/usr/bin/ovs-vsctl del-port $ovsintport", outfunc => sub {}, errfunc => sub {}); | |
| 314 | } | |
| 605bb891 DM |
315 | |
| 316 | # delete old vethfw interface | |
| f3f0bc3a | 317 | veth_delete($vethfw); |
| 605bb891 DM |
318 | |
| 319 | # cleanup fwbr bridge | |
| 320 | if (-d "/sys/class/net/$fwbr") { | |
| 321 | run_command("/sbin/ip link set dev $fwbr down", outfunc => sub {}, errfunc => sub {}); | |
| 322 | run_command("/sbin/brctl delbr $fwbr", outfunc => sub {}, errfunc => sub {}); | |
| 323 | } | |
| 324 | }; | |
| 325 | ||
| f0c190ee | 326 | sub tap_plug { |
| bce2a5b3 | 327 | my ($iface, $bridge, $tag, $firewall, $trunks, $rate) = @_; |
| f0c190ee | 328 | |
| 4cbabd40 AD |
329 | #cleanup old port config from any openvswitch bridge |
| 330 | eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) }; | |
| 331 | ||
| 098795e0 | 332 | if (-d "/sys/class/net/$bridge/bridge") { |
| 70ab4434 | 333 | &$cleanup_firewall_bridge($iface); # remove stale devices |
| 605bb891 | 334 | |
| 4d25f4aa | 335 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); |
| 098795e0 | 336 | |
| 4d25f4aa | 337 | if (!$vlan_aware) { |
| b0b34ffd | 338 | die "vlan aware feature need to be enabled to use trunks" if $trunks; |
| 4d25f4aa AD |
339 | my $newbridge = activate_bridge_vlan($bridge, $tag); |
| 340 | copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; | |
| ff042056 | 341 | $bridge = $newbridge; |
| 4d25f4aa AD |
342 | $tag = undef; |
| 343 | } | |
| 344 | ||
| 345 | if ($firewall) { | |
| b0b34ffd | 346 | &$create_firewall_bridge_linux($iface, $bridge, $tag, $trunks); |
| 4d25f4aa | 347 | } else { |
| b0b34ffd | 348 | &$bridge_add_interface($bridge, $iface, $tag, $trunks); |
| 4d25f4aa | 349 | } |
| 605bb891 | 350 | |
| 098795e0 | 351 | } else { |
| 70ab4434 DM |
352 | &$cleanup_firewall_bridge($iface); # remove stale devices |
| 353 | ||
| 354 | if ($firewall) { | |
| b0b34ffd | 355 | &$create_firewall_bridge_ovs($iface, $bridge, $tag, $trunks); |
| 70ab4434 | 356 | } else { |
| b0b34ffd | 357 | &$ovs_bridge_add_port($bridge, $iface, $tag, undef, $trunks); |
| 70ab4434 | 358 | } |
| 4cbabd40 | 359 | } |
| bce2a5b3 WB |
360 | |
| 361 | tap_rate_limit($iface, $rate); | |
| f0c190ee AD |
362 | } |
| 363 | ||
| a84b65c0 | 364 | sub tap_unplug { |
| 2db1cc0d | 365 | my ($iface) = @_; |
| a84b65c0 | 366 | |
| 2db1cc0d DM |
367 | my $path= "/sys/class/net/$iface/brport/bridge"; |
| 368 | if (-l $path) { | |
| 369 | my $bridge = basename(readlink($path)); | |
| 370 | #avoid insecure dependency; | |
| 371 | ($bridge) = $bridge =~ /(\S+)/; | |
| 4cbabd40 | 372 | |
| 098795e0 | 373 | system("/sbin/brctl delif $bridge $iface") == 0 || |
| 2db1cc0d | 374 | die "can't del interface '$iface' from bridge '$bridge'\n"; |
| 605bb891 | 375 | |
| 4cbabd40 | 376 | } |
| 70ab4434 DM |
377 | |
| 378 | &$cleanup_firewall_bridge($iface); | |
| dd44486e WB |
379 | #cleanup old port config from any openvswitch bridge |
| 380 | eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) }; | |
| a84b65c0 AD |
381 | } |
| 382 | ||
| b9436cda DM |
383 | sub copy_bridge_config { |
| 384 | my ($br0, $br1) = @_; | |
| 385 | ||
| 386 | return if $br0 eq $br1; | |
| 387 | ||
| 388 | my $br_configs = [ 'ageing_time', 'stp_state', 'priority', 'forward_delay', | |
| ba4af65b | 389 | 'hello_time', 'max_age', 'multicast_snooping', 'multicast_querier']; |
| b9436cda DM |
390 | |
| 391 | foreach my $sysname (@$br_configs) { | |
| 392 | eval { | |
| 393 | my $v0 = PVE::Tools::file_read_firstline("/sys/class/net/$br0/bridge/$sysname"); | |
| 394 | my $v1 = PVE::Tools::file_read_firstline("/sys/class/net/$br1/bridge/$sysname"); | |
| 395 | if ($v0 ne $v1) { | |
| aec04803 | 396 | PVE::ProcFSTools::write_proc_entry("/sys/class/net/$br1/bridge/$sysname", $v0); |
| b9436cda DM |
397 | } |
| 398 | }; | |
| 399 | warn $@ if $@; | |
| 400 | } | |
| 401 | } | |
| 402 | ||
| 70d89745 PRG |
403 | sub activate_bridge_vlan_slave { |
| 404 | my ($bridgevlan, $iface, $tag) = @_; | |
| b9436cda | 405 | my $ifacevlan = "${iface}.$tag"; |
| 70d89745 | 406 | |
| b9436cda DM |
407 | # create vlan on $iface is not already exist |
| 408 | if (! -d "/sys/class/net/$ifacevlan") { | |
| 6fc54cb2 | 409 | system("/sbin/ip link add link $iface name ${iface}.${tag} type vlan id $tag") == 0 || |
| 02c9a6b4 | 410 | die "can't add vlan tag $tag to interface $iface\n"; |
| b9436cda DM |
411 | } |
| 412 | ||
| 413 | # be sure to have the $ifacevlan up | |
| 605bb891 | 414 | &$activate_interface($ifacevlan); |
| b9436cda DM |
415 | |
| 416 | # test if $vlaniface is already enslaved in another bridge | |
| 417 | my $path= "/sys/class/net/$ifacevlan/brport/bridge"; | |
| 418 | if (-l $path) { | |
| 419 | my $tbridge = basename(readlink($path)); | |
| 70d89745 | 420 | if ($tbridge ne $bridgevlan) { |
| b9436cda | 421 | die "interface $ifacevlan already exist in bridge $tbridge\n"; |
| eee4b32a PRG |
422 | } else { |
| 423 | # Port already attached to bridge: do nothing. | |
| 424 | return; | |
| b9436cda DM |
425 | } |
| 426 | } | |
| 427 | ||
| 70d89745 | 428 | # add $ifacevlan to the bridge |
| 605bb891 | 429 | &$bridge_add_interface($bridgevlan, $ifacevlan); |
| 70d89745 PRG |
430 | } |
| 431 | ||
| 432 | sub activate_bridge_vlan { | |
| 433 | my ($bridge, $tag_param) = @_; | |
| 434 | ||
| 435 | die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge"; | |
| 436 | ||
| 437 | return $bridge if !defined($tag_param); # no vlan, simply return | |
| 438 | ||
| 439 | my $tag = int($tag_param); | |
| 440 | ||
| 441 | die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; | |
| 442 | ||
| 443 | my $bridgevlan = "${bridge}v$tag"; | |
| 444 | ||
| c9030d97 PRG |
445 | my @ifaces = (); |
| 446 | my $dir = "/sys/class/net/$bridge/brif"; | |
| 899f8c4a | 447 | PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { |
| 5ffa7628 | 448 | push @ifaces, $_[0]; |
| c9030d97 PRG |
449 | }); |
| 450 | ||
| 5ffa7628 | 451 | die "no physical interface on bridge '$bridge'\n" if scalar(@ifaces) == 0; |
| c9030d97 | 452 | |
| b9436cda DM |
453 | # add bridgevlan if it doesn't already exist |
| 454 | if (! -d "/sys/class/net/$bridgevlan") { | |
| 9e14b1b7 | 455 | system("/sbin/brctl addbr $bridgevlan") == 0 || |
| b9436cda DM |
456 | die "can't add bridge $bridgevlan\n"; |
| 457 | } | |
| 458 | ||
| 70d89745 | 459 | # for each physical interface (eth or bridge) bind them to bridge vlan |
| c9030d97 PRG |
460 | foreach my $iface (@ifaces) { |
| 461 | activate_bridge_vlan_slave($bridgevlan, $iface, $tag); | |
| 462 | } | |
| 70d89745 | 463 | |
| b9436cda DM |
464 | #fixme: set other bridge flags |
| 465 | ||
| 466 | # be sure to have the bridge up | |
| 467 | system("/sbin/ip link set $bridgevlan up") == 0 || | |
| 468 | die "can't up bridge $bridgevlan\n"; | |
| 70d89745 | 469 | |
| b9436cda DM |
470 | return $bridgevlan; |
| 471 | } | |
| 472 | ||
| b6bff92e WB |
473 | sub tcp_ping { |
| 474 | my ($host, $port, $timeout) = @_; | |
| 475 | ||
| 476 | my $refused = 1; | |
| 477 | ||
| 478 | $timeout = 3 if !$timeout; # sane default | |
| 479 | if (!$port) { | |
| 480 | # Net::Ping defaults to the echo port | |
| 481 | $port = 7; | |
| 482 | } else { | |
| 483 | # Net::Ping's port_number() implies service_check(1) | |
| 484 | $refused = 0; | |
| 485 | } | |
| 486 | ||
| 487 | my ($sock, $result); | |
| 488 | eval { | |
| 489 | $result = PVE::Tools::run_with_timeout($timeout, sub { | |
| 490 | $sock = IO::Socket::IP->new(PeerHost => $host, PeerPort => $port, Type => SOCK_STREAM); | |
| 491 | $result = $refused if $! == ECONNREFUSED; | |
| 492 | }); | |
| 493 | }; | |
| 494 | if ($sock) { | |
| 495 | $sock->close(); | |
| 496 | $result = 1; | |
| 497 | } | |
| 498 | return $result; | |
| 499 | } | |
| 500 | ||
| bf52d27b WB |
501 | sub IP_from_cidr { |
| 502 | my ($cidr, $version) = @_; | |
| 503 | ||
| 504 | return if $cidr !~ m!^(\S+?)/(\S+)$!; | |
| 505 | my ($ip, $prefix) = ($1, $2); | |
| 506 | ||
| 507 | my $ipobj = Net::IP->new($ip, $version); | |
| 508 | return if !$ipobj; | |
| 509 | ||
| 510 | $version = $ipobj->version(); | |
| 511 | ||
| 512 | my $binmask = Net::IP::ip_get_mask($prefix, $version); | |
| 513 | return if !$binmask; | |
| 514 | ||
| 515 | my $masked_binip = $ipobj->binip() & $binmask; | |
| 516 | my $masked_ip = Net::IP::ip_bintoip($masked_binip, $version); | |
| 517 | return Net::IP->new("$masked_ip/$prefix"); | |
| 518 | } | |
| 519 | ||
| 520 | sub is_ip_in_cidr { | |
| 521 | my ($ip, $cidr, $version) = @_; | |
| 522 | ||
| 523 | my $cidr_obj = IP_from_cidr($cidr, $version); | |
| 524 | return undef if !$cidr_obj; | |
| 525 | ||
| 526 | my $ip_obj = Net::IP->new($ip, $version); | |
| 527 | return undef if !$ip_obj; | |
| 528 | ||
| 529 | return $cidr_obj->overlaps($ip_obj) == $Net::IP::IP_B_IN_A_OVERLAP; | |
| 530 | } | |
| 531 | ||
| 12a235d6 WB |
532 | # struct ifreq { // FOR SIOCGIFFLAGS: |
| 533 | # char ifrn_name[IFNAMSIZ] | |
| 534 | # short ifru_flags | |
| 535 | # }; | |
| 536 | my $STRUCT_IFREQ_SIOCGIFFLAGS = 'Z' . IFNAMSIZ . 's1'; | |
| 537 | sub get_active_interfaces { | |
| 538 | # Use the interface name list from /proc/net/dev | |
| 539 | open my $fh, '<', '/proc/net/dev' | |
| 540 | or die "failed to open /proc/net/dev: $!\n"; | |
| 541 | # And filter by IFF_UP flag fetched via a PF_INET6 socket ioctl: | |
| ab08ec79 WB |
542 | my $sock; |
| 543 | socket($sock, PF_INET6, SOCK_DGRAM, &IPPROTO_IP) | |
| 544 | or socket($sock, PF_INET, SOCK_DGRAM, &IPPROTO_IP) | |
| 545 | or return []; | |
| 12a235d6 WB |
546 | |
| 547 | my $ifaces = []; | |
| 548 | while(defined(my $line = <$fh>)) { | |
| 549 | next if $line !~ /^\s*([^:\s]+):/; | |
| 550 | my $ifname = $1; | |
| c4534006 | 551 | my $ifreq = pack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifname, 0); |
| f029c1d0 | 552 | if (!defined(ioctl($sock, SIOCGIFFLAGS, $ifreq))) { |
| 12a235d6 WB |
553 | warn "failed to get interface flags for: $ifname\n"; |
| 554 | next; | |
| 555 | } | |
| 556 | my ($name, $flags) = unpack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifreq); | |
| c4534006 | 557 | push @$ifaces, $ifname if ($flags & IFF_UP); |
| 12a235d6 WB |
558 | } |
| 559 | close $fh; | |
| 560 | close $sock; | |
| 561 | return $ifaces; | |
| 562 | } | |
| 563 | ||
| b9436cda | 564 | 1; |