]>
Commit | Line | Data |
---|---|---|
b9436cda DM |
1 | package PVE::Network; |
2 | ||
3 | use strict; | |
c36f332e | 4 | use warnings; |
74d1b045 | 5 | use PVE::Tools qw(run_command); |
b9436cda DM |
6 | use PVE::ProcFSTools; |
7 | use PVE::INotify; | |
8 | use File::Basename; | |
b6bff92e WB |
9 | use IO::Socket::IP; |
10 | use POSIX qw(ECONNREFUSED); | |
b9436cda | 11 | |
bf52d27b WB |
12 | use Net::IP; |
13 | ||
12a235d6 WB |
14 | use Socket qw(IPPROTO_IP); |
15 | ||
16 | use constant IFF_UP => 1; | |
17 | use constant IFNAMSIZ => 16; | |
f029c1d0 | 18 | use constant SIOCGIFFLAGS => 0x8913; |
12a235d6 | 19 | |
b9436cda DM |
20 | # host network related utility functions |
21 | ||
61aa94e4 WB |
22 | our $ipv4_reverse_mask = [ |
23 | '0.0.0.0', | |
24 | '128.0.0.0', | |
25 | '192.0.0.0', | |
26 | '224.0.0.0', | |
27 | '240.0.0.0', | |
28 | '248.0.0.0', | |
29 | '252.0.0.0', | |
30 | '254.0.0.0', | |
31 | '255.0.0.0', | |
32 | '255.128.0.0', | |
33 | '255.192.0.0', | |
34 | '255.224.0.0', | |
35 | '255.240.0.0', | |
36 | '255.248.0.0', | |
37 | '255.252.0.0', | |
38 | '255.254.0.0', | |
39 | '255.255.0.0', | |
40 | '255.255.128.0', | |
41 | '255.255.192.0', | |
42 | '255.255.224.0', | |
43 | '255.255.240.0', | |
44 | '255.255.248.0', | |
45 | '255.255.252.0', | |
46 | '255.255.254.0', | |
47 | '255.255.255.0', | |
48 | '255.255.255.128', | |
49 | '255.255.255.192', | |
50 | '255.255.255.224', | |
51 | '255.255.255.240', | |
52 | '255.255.255.248', | |
53 | '255.255.255.252', | |
54 | '255.255.255.254', | |
55 | '255.255.255.255', | |
56 | ]; | |
57 | ||
58 | our $ipv4_mask_hash_localnet = { | |
59 | '255.255.0.0' => 16, | |
60 | '255.255.128.0' => 17, | |
61 | '255.255.192.0' => 18, | |
62 | '255.255.224.0' => 19, | |
63 | '255.255.240.0' => 20, | |
64 | '255.255.248.0' => 21, | |
65 | '255.255.252.0' => 22, | |
66 | '255.255.254.0' => 23, | |
67 | '255.255.255.0' => 24, | |
68 | '255.255.255.128' => 25, | |
69 | '255.255.255.192' => 26, | |
70 | '255.255.255.224' => 27, | |
71 | '255.255.255.240' => 28, | |
72 | '255.255.255.248' => 29, | |
73 | '255.255.255.252' => 30, | |
e43faad9 WB |
74 | '255.255.255.254' => 31, |
75 | '255.255.255.255' => 32, | |
61aa94e4 WB |
76 | }; |
77 | ||
74d1b045 DM |
78 | sub setup_tc_rate_limit { |
79 | my ($iface, $rate, $burst, $debug) = @_; | |
80 | ||
2d6b3a90 FG |
81 | # these are allowed / expected to fail, e.g. when there is no previous rate limit to remove |
82 | eval { run_command("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); }; | |
83 | eval { run_command("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1"); }; | |
84 | eval { run_command("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); }; | |
85 | eval { run_command("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); }; | |
74d1b045 | 86 | |
d6f2623b | 87 | return if !$rate; |
957753df | 88 | |
74d1b045 DM |
89 | # tbf does not work for unknown reason |
90 | #$TC qdisc add dev $DEV root tbf rate $RATE latency 100ms burst $BURST | |
91 | # so we use htb instead | |
92 | run_command("/sbin/tc qdisc add dev $iface root handle 1: htb default 1"); | |
93 | run_command("/sbin/tc class add dev $iface parent 1: classid 1:1 " . | |
94 | "htb rate ${rate}bps burst ${burst}b"); | |
95 | ||
5d35df41 W |
96 | run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress"); |
97 | run_command("/sbin/tc filter add dev $iface parent ffff: " . | |
1b915170 | 98 | "prio 50 basic " . |
5d35df41 W |
99 | "police rate ${rate}bps burst ${burst}b mtu 64kb " . |
100 | "drop flowid :1"); | |
101 | ||
74d1b045 DM |
102 | if ($debug) { |
103 | print "DEBUG tc settings\n"; | |
104 | system("/sbin/tc qdisc ls dev $iface"); | |
105 | system("/sbin/tc class ls dev $iface"); | |
106 | system("/sbin/tc filter ls dev $iface parent ffff:"); | |
107 | } | |
108 | } | |
109 | ||
ec9ada18 AD |
110 | sub tap_rate_limit { |
111 | my ($iface, $rate) = @_; | |
112 | ||
113 | my $debug = 0; | |
ad066ae2 | 114 | $rate = int($rate*1024*1024) if $rate; |
ec9ada18 AD |
115 | my $burst = 1024*1024; |
116 | ||
117 | setup_tc_rate_limit($iface, $rate, $burst, $debug); | |
118 | } | |
74d1b045 | 119 | |
605bb891 DM |
120 | my $read_bridge_mtu = sub { |
121 | my ($bridge) = @_; | |
122 | ||
123 | my $mtu = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/mtu"); | |
124 | die "bridge '$bridge' does not exist\n" if !$mtu; | |
125 | # avoid insecure dependency; | |
126 | die "unable to parse mtu value" if $mtu !~ /^(\d+)$/; | |
127 | $mtu = int($1); | |
128 | ||
129 | return $mtu; | |
130 | }; | |
131 | ||
32cb7d27 | 132 | my $parse_tap_device_name = sub { |
6c80e6d6 | 133 | my ($iface, $noerr) = @_; |
605bb891 DM |
134 | |
135 | my ($vmid, $devid); | |
136 | ||
137 | if ($iface =~ m/^tap(\d+)i(\d+)$/) { | |
138 | $vmid = $1; | |
139 | $devid = $2; | |
32cb7d27 | 140 | } elsif ($iface =~ m/^veth(\d+)i(\d+)$/) { |
605bb891 DM |
141 | $vmid = $1; |
142 | $devid = $2; | |
143 | } else { | |
6c80e6d6 DM |
144 | return undef if $noerr; |
145 | die "can't create firewall bridge for random interface name '$iface'\n"; | |
605bb891 DM |
146 | } |
147 | ||
148 | return ($vmid, $devid); | |
149 | }; | |
150 | ||
70ab4434 | 151 | my $compute_fwbr_names = sub { |
605bb891 DM |
152 | my ($vmid, $devid) = @_; |
153 | ||
154 | my $fwbr = "fwbr${vmid}i${devid}"; | |
f193aa74 | 155 | # Note: the firewall use 'fwln+' to filter traffic to VMs |
7d78a966 AD |
156 | my $vethfw = "fwln${vmid}i${devid}"; |
157 | my $vethfwpeer = "fwpr${vmid}p${devid}"; | |
158 | my $ovsintport = "fwln${vmid}o${devid}"; | |
605bb891 | 159 | |
70ab4434 | 160 | return ($fwbr, $vethfw, $vethfwpeer, $ovsintport); |
605bb891 DM |
161 | }; |
162 | ||
163 | my $cond_create_bridge = sub { | |
164 | my ($bridge) = @_; | |
165 | ||
166 | if (! -d "/sys/class/net/$bridge") { | |
167 | system("/sbin/brctl addbr $bridge") == 0 || | |
168 | die "can't add bridge '$bridge'\n"; | |
169 | } | |
170 | }; | |
171 | ||
172 | my $bridge_add_interface = sub { | |
b0b34ffd | 173 | my ($bridge, $iface, $tag, $trunks) = @_; |
605bb891 DM |
174 | |
175 | system("/sbin/brctl addif $bridge $iface") == 0 || | |
176 | die "can't add interface 'iface' to bridge '$bridge'\n"; | |
4d25f4aa AD |
177 | |
178 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); | |
179 | ||
180 | if ($vlan_aware) { | |
181 | if ($tag) { | |
182 | system("/sbin/bridge vlan add dev $iface vid $tag pvid untagged") == 0 || | |
183 | die "unable to add vlan $tag to interface $iface\n"; | |
5d662b31 DC |
184 | |
185 | warn "Caution: Setting VLAN ID 1 on a VLAN aware bridge may be dangerous\n" if $tag == 1; | |
4d25f4aa AD |
186 | } else { |
187 | system("/sbin/bridge vlan add dev $iface vid 2-4094") == 0 || | |
b0b34ffd | 188 | die "unable to add default vlan tags to interface $iface\n" if !$trunks; |
4d25f4aa | 189 | } |
b0b34ffd | 190 | |
846337ad WB |
191 | if ($trunks) { |
192 | my @trunks_array = split /;/, $trunks; | |
193 | foreach my $trunk (@trunks_array) { | |
194 | system("/sbin/bridge vlan add dev $iface vid $trunk") == 0 || | |
195 | die "unable to add vlan $trunk to interface $iface\n"; | |
196 | } | |
b0b34ffd | 197 | } |
4d25f4aa | 198 | } |
605bb891 DM |
199 | }; |
200 | ||
70ab4434 | 201 | my $ovs_bridge_add_port = sub { |
b0b34ffd AD |
202 | my ($bridge, $iface, $tag, $internal, $trunks) = @_; |
203 | ||
204 | $trunks =~ s/;/,/g if $trunks; | |
70ab4434 DM |
205 | |
206 | my $cmd = "/usr/bin/ovs-vsctl add-port $bridge $iface"; | |
207 | $cmd .= " tag=$tag" if $tag; | |
b0b34ffd AD |
208 | $cmd .= " trunks=". join(',', $trunks) if $trunks; |
209 | $cmd .= " vlan_mode=native-untagged" if $tag && $trunks; | |
210 | ||
70ab4434 DM |
211 | $cmd .= " -- set Interface $iface type=internal" if $internal; |
212 | system($cmd) == 0 || | |
213 | die "can't add ovs port '$iface'\n"; | |
214 | }; | |
215 | ||
605bb891 DM |
216 | my $activate_interface = sub { |
217 | my ($iface) = @_; | |
218 | ||
219 | system("/sbin/ip link set $iface up") == 0 || | |
220 | die "can't activate interface '$iface'\n"; | |
221 | }; | |
222 | ||
3aa99c70 AD |
223 | sub tap_create { |
224 | my ($iface, $bridge) = @_; | |
225 | ||
226 | die "unable to get bridge setting\n" if !$bridge; | |
227 | ||
605bb891 | 228 | my $bridgemtu = &$read_bridge_mtu($bridge); |
3aa99c70 | 229 | |
098795e0 DM |
230 | eval { |
231 | PVE::Tools::run_command("/sbin/ifconfig $iface 0.0.0.0 promisc up mtu $bridgemtu"); | |
232 | }; | |
233 | die "interface activation failed\n" if $@; | |
3aa99c70 AD |
234 | } |
235 | ||
35efc4eb AD |
236 | sub veth_create { |
237 | my ($veth, $vethpeer, $bridge, $mac) = @_; | |
238 | ||
239 | die "unable to get bridge setting\n" if !$bridge; | |
240 | ||
241 | my $bridgemtu = &$read_bridge_mtu($bridge); | |
242 | ||
243 | # create veth pair | |
244 | if (! -d "/sys/class/net/$veth") { | |
245 | my $cmd = "/sbin/ip link add name $veth type veth peer name $vethpeer mtu $bridgemtu"; | |
246 | $cmd .= " addr $mac" if $mac; | |
247 | system($cmd) == 0 || die "can't create interface $veth\n"; | |
248 | } | |
249 | ||
250 | # up vethpair | |
251 | &$activate_interface($veth); | |
252 | &$activate_interface($vethpeer); | |
253 | } | |
254 | ||
f3f0bc3a AD |
255 | sub veth_delete { |
256 | my ($veth) = @_; | |
257 | ||
258 | if (-d "/sys/class/net/$veth") { | |
259 | run_command("/sbin/ip link delete dev $veth", outfunc => sub {}, errfunc => sub {}); | |
260 | } | |
261 | ||
262 | } | |
35efc4eb | 263 | |
605bb891 | 264 | my $create_firewall_bridge_linux = sub { |
b0b34ffd | 265 | my ($iface, $bridge, $tag, $trunks) = @_; |
605bb891 | 266 | |
32cb7d27 | 267 | my ($vmid, $devid) = &$parse_tap_device_name($iface); |
70ab4434 | 268 | my ($fwbr, $vethfw, $vethfwpeer) = &$compute_fwbr_names($vmid, $devid); |
605bb891 | 269 | |
605bb891 DM |
270 | &$cond_create_bridge($fwbr); |
271 | &$activate_interface($fwbr); | |
272 | ||
273 | copy_bridge_config($bridge, $fwbr); | |
35efc4eb | 274 | veth_create($vethfw, $vethfwpeer, $bridge); |
605bb891 | 275 | |
7d78a966 | 276 | &$bridge_add_interface($fwbr, $vethfw); |
b0b34ffd | 277 | &$bridge_add_interface($bridge, $vethfwpeer, $tag, $trunks); |
605bb891 | 278 | |
4d25f4aa | 279 | &$bridge_add_interface($fwbr, $iface); |
605bb891 DM |
280 | }; |
281 | ||
70ab4434 | 282 | my $create_firewall_bridge_ovs = sub { |
b0b34ffd | 283 | my ($iface, $bridge, $tag, $trunks) = @_; |
70ab4434 | 284 | |
32cb7d27 | 285 | my ($vmid, $devid) = &$parse_tap_device_name($iface); |
70ab4434 DM |
286 | my ($fwbr, undef, undef, $ovsintport) = &$compute_fwbr_names($vmid, $devid); |
287 | ||
288 | my $bridgemtu = &$read_bridge_mtu($bridge); | |
289 | ||
290 | &$cond_create_bridge($fwbr); | |
291 | &$activate_interface($fwbr); | |
292 | ||
293 | &$bridge_add_interface($fwbr, $iface); | |
294 | ||
b0b34ffd | 295 | &$ovs_bridge_add_port($bridge, $ovsintport, $tag, 1, $trunks); |
ac3a04b8 | 296 | &$activate_interface($ovsintport); |
70ab4434 DM |
297 | |
298 | # set the same mtu for ovs int port | |
299 | PVE::Tools::run_command("/sbin/ifconfig $ovsintport mtu $bridgemtu"); | |
300 | ||
301 | &$bridge_add_interface($fwbr, $ovsintport); | |
302 | }; | |
303 | ||
304 | my $cleanup_firewall_bridge = sub { | |
605bb891 DM |
305 | my ($iface) = @_; |
306 | ||
32cb7d27 | 307 | my ($vmid, $devid) = &$parse_tap_device_name($iface, 1); |
6c80e6d6 | 308 | return if !defined($vmid); |
70ab4434 DM |
309 | my ($fwbr, $vethfw, $vethfwpeer, $ovsintport) = &$compute_fwbr_names($vmid, $devid); |
310 | ||
311 | # cleanup old port config from any openvswitch bridge | |
312 | if (-d "/sys/class/net/$ovsintport") { | |
313 | run_command("/usr/bin/ovs-vsctl del-port $ovsintport", outfunc => sub {}, errfunc => sub {}); | |
314 | } | |
605bb891 DM |
315 | |
316 | # delete old vethfw interface | |
f3f0bc3a | 317 | veth_delete($vethfw); |
605bb891 DM |
318 | |
319 | # cleanup fwbr bridge | |
320 | if (-d "/sys/class/net/$fwbr") { | |
321 | run_command("/sbin/ip link set dev $fwbr down", outfunc => sub {}, errfunc => sub {}); | |
322 | run_command("/sbin/brctl delbr $fwbr", outfunc => sub {}, errfunc => sub {}); | |
323 | } | |
324 | }; | |
325 | ||
f0c190ee | 326 | sub tap_plug { |
bce2a5b3 | 327 | my ($iface, $bridge, $tag, $firewall, $trunks, $rate) = @_; |
f0c190ee | 328 | |
4cbabd40 AD |
329 | #cleanup old port config from any openvswitch bridge |
330 | eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) }; | |
331 | ||
098795e0 | 332 | if (-d "/sys/class/net/$bridge/bridge") { |
70ab4434 | 333 | &$cleanup_firewall_bridge($iface); # remove stale devices |
605bb891 | 334 | |
4d25f4aa | 335 | my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/bridge/vlan_filtering"); |
098795e0 | 336 | |
4d25f4aa | 337 | if (!$vlan_aware) { |
b0b34ffd | 338 | die "vlan aware feature need to be enabled to use trunks" if $trunks; |
4d25f4aa AD |
339 | my $newbridge = activate_bridge_vlan($bridge, $tag); |
340 | copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; | |
ff042056 | 341 | $bridge = $newbridge; |
4d25f4aa AD |
342 | $tag = undef; |
343 | } | |
344 | ||
345 | if ($firewall) { | |
b0b34ffd | 346 | &$create_firewall_bridge_linux($iface, $bridge, $tag, $trunks); |
4d25f4aa | 347 | } else { |
b0b34ffd | 348 | &$bridge_add_interface($bridge, $iface, $tag, $trunks); |
4d25f4aa | 349 | } |
605bb891 | 350 | |
098795e0 | 351 | } else { |
70ab4434 DM |
352 | &$cleanup_firewall_bridge($iface); # remove stale devices |
353 | ||
354 | if ($firewall) { | |
b0b34ffd | 355 | &$create_firewall_bridge_ovs($iface, $bridge, $tag, $trunks); |
70ab4434 | 356 | } else { |
b0b34ffd | 357 | &$ovs_bridge_add_port($bridge, $iface, $tag, undef, $trunks); |
70ab4434 | 358 | } |
4cbabd40 | 359 | } |
bce2a5b3 WB |
360 | |
361 | tap_rate_limit($iface, $rate); | |
f0c190ee AD |
362 | } |
363 | ||
a84b65c0 | 364 | sub tap_unplug { |
2db1cc0d | 365 | my ($iface) = @_; |
a84b65c0 | 366 | |
2db1cc0d DM |
367 | my $path= "/sys/class/net/$iface/brport/bridge"; |
368 | if (-l $path) { | |
369 | my $bridge = basename(readlink($path)); | |
370 | #avoid insecure dependency; | |
371 | ($bridge) = $bridge =~ /(\S+)/; | |
4cbabd40 | 372 | |
098795e0 | 373 | system("/sbin/brctl delif $bridge $iface") == 0 || |
2db1cc0d | 374 | die "can't del interface '$iface' from bridge '$bridge'\n"; |
605bb891 | 375 | |
4cbabd40 | 376 | } |
70ab4434 DM |
377 | |
378 | &$cleanup_firewall_bridge($iface); | |
dd44486e WB |
379 | #cleanup old port config from any openvswitch bridge |
380 | eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) }; | |
a84b65c0 AD |
381 | } |
382 | ||
b9436cda DM |
383 | sub copy_bridge_config { |
384 | my ($br0, $br1) = @_; | |
385 | ||
386 | return if $br0 eq $br1; | |
387 | ||
388 | my $br_configs = [ 'ageing_time', 'stp_state', 'priority', 'forward_delay', | |
ba4af65b | 389 | 'hello_time', 'max_age', 'multicast_snooping', 'multicast_querier']; |
b9436cda DM |
390 | |
391 | foreach my $sysname (@$br_configs) { | |
392 | eval { | |
393 | my $v0 = PVE::Tools::file_read_firstline("/sys/class/net/$br0/bridge/$sysname"); | |
394 | my $v1 = PVE::Tools::file_read_firstline("/sys/class/net/$br1/bridge/$sysname"); | |
395 | if ($v0 ne $v1) { | |
aec04803 | 396 | PVE::ProcFSTools::write_proc_entry("/sys/class/net/$br1/bridge/$sysname", $v0); |
b9436cda DM |
397 | } |
398 | }; | |
399 | warn $@ if $@; | |
400 | } | |
401 | } | |
402 | ||
70d89745 PRG |
403 | sub activate_bridge_vlan_slave { |
404 | my ($bridgevlan, $iface, $tag) = @_; | |
b9436cda | 405 | my $ifacevlan = "${iface}.$tag"; |
70d89745 | 406 | |
b9436cda DM |
407 | # create vlan on $iface is not already exist |
408 | if (! -d "/sys/class/net/$ifacevlan") { | |
6fc54cb2 | 409 | system("/sbin/ip link add link $iface name ${iface}.${tag} type vlan id $tag") == 0 || |
02c9a6b4 | 410 | die "can't add vlan tag $tag to interface $iface\n"; |
b9436cda DM |
411 | } |
412 | ||
413 | # be sure to have the $ifacevlan up | |
605bb891 | 414 | &$activate_interface($ifacevlan); |
b9436cda DM |
415 | |
416 | # test if $vlaniface is already enslaved in another bridge | |
417 | my $path= "/sys/class/net/$ifacevlan/brport/bridge"; | |
418 | if (-l $path) { | |
419 | my $tbridge = basename(readlink($path)); | |
70d89745 | 420 | if ($tbridge ne $bridgevlan) { |
b9436cda | 421 | die "interface $ifacevlan already exist in bridge $tbridge\n"; |
eee4b32a PRG |
422 | } else { |
423 | # Port already attached to bridge: do nothing. | |
424 | return; | |
b9436cda DM |
425 | } |
426 | } | |
427 | ||
70d89745 | 428 | # add $ifacevlan to the bridge |
605bb891 | 429 | &$bridge_add_interface($bridgevlan, $ifacevlan); |
70d89745 PRG |
430 | } |
431 | ||
432 | sub activate_bridge_vlan { | |
433 | my ($bridge, $tag_param) = @_; | |
434 | ||
435 | die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge"; | |
436 | ||
437 | return $bridge if !defined($tag_param); # no vlan, simply return | |
438 | ||
439 | my $tag = int($tag_param); | |
440 | ||
441 | die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; | |
442 | ||
443 | my $bridgevlan = "${bridge}v$tag"; | |
444 | ||
c9030d97 PRG |
445 | my @ifaces = (); |
446 | my $dir = "/sys/class/net/$bridge/brif"; | |
899f8c4a | 447 | PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub { |
5ffa7628 | 448 | push @ifaces, $_[0]; |
c9030d97 PRG |
449 | }); |
450 | ||
5ffa7628 | 451 | die "no physical interface on bridge '$bridge'\n" if scalar(@ifaces) == 0; |
c9030d97 | 452 | |
b9436cda DM |
453 | # add bridgevlan if it doesn't already exist |
454 | if (! -d "/sys/class/net/$bridgevlan") { | |
9e14b1b7 | 455 | system("/sbin/brctl addbr $bridgevlan") == 0 || |
b9436cda DM |
456 | die "can't add bridge $bridgevlan\n"; |
457 | } | |
458 | ||
70d89745 | 459 | # for each physical interface (eth or bridge) bind them to bridge vlan |
c9030d97 PRG |
460 | foreach my $iface (@ifaces) { |
461 | activate_bridge_vlan_slave($bridgevlan, $iface, $tag); | |
462 | } | |
70d89745 | 463 | |
b9436cda DM |
464 | #fixme: set other bridge flags |
465 | ||
466 | # be sure to have the bridge up | |
467 | system("/sbin/ip link set $bridgevlan up") == 0 || | |
468 | die "can't up bridge $bridgevlan\n"; | |
70d89745 | 469 | |
b9436cda DM |
470 | return $bridgevlan; |
471 | } | |
472 | ||
b6bff92e WB |
473 | sub tcp_ping { |
474 | my ($host, $port, $timeout) = @_; | |
475 | ||
476 | my $refused = 1; | |
477 | ||
478 | $timeout = 3 if !$timeout; # sane default | |
479 | if (!$port) { | |
480 | # Net::Ping defaults to the echo port | |
481 | $port = 7; | |
482 | } else { | |
483 | # Net::Ping's port_number() implies service_check(1) | |
484 | $refused = 0; | |
485 | } | |
486 | ||
487 | my ($sock, $result); | |
488 | eval { | |
489 | $result = PVE::Tools::run_with_timeout($timeout, sub { | |
490 | $sock = IO::Socket::IP->new(PeerHost => $host, PeerPort => $port, Type => SOCK_STREAM); | |
491 | $result = $refused if $! == ECONNREFUSED; | |
492 | }); | |
493 | }; | |
494 | if ($sock) { | |
495 | $sock->close(); | |
496 | $result = 1; | |
497 | } | |
498 | return $result; | |
499 | } | |
500 | ||
bf52d27b WB |
501 | sub IP_from_cidr { |
502 | my ($cidr, $version) = @_; | |
503 | ||
504 | return if $cidr !~ m!^(\S+?)/(\S+)$!; | |
505 | my ($ip, $prefix) = ($1, $2); | |
506 | ||
507 | my $ipobj = Net::IP->new($ip, $version); | |
508 | return if !$ipobj; | |
509 | ||
510 | $version = $ipobj->version(); | |
511 | ||
512 | my $binmask = Net::IP::ip_get_mask($prefix, $version); | |
513 | return if !$binmask; | |
514 | ||
515 | my $masked_binip = $ipobj->binip() & $binmask; | |
516 | my $masked_ip = Net::IP::ip_bintoip($masked_binip, $version); | |
517 | return Net::IP->new("$masked_ip/$prefix"); | |
518 | } | |
519 | ||
520 | sub is_ip_in_cidr { | |
521 | my ($ip, $cidr, $version) = @_; | |
522 | ||
523 | my $cidr_obj = IP_from_cidr($cidr, $version); | |
524 | return undef if !$cidr_obj; | |
525 | ||
526 | my $ip_obj = Net::IP->new($ip, $version); | |
527 | return undef if !$ip_obj; | |
528 | ||
529 | return $cidr_obj->overlaps($ip_obj) == $Net::IP::IP_B_IN_A_OVERLAP; | |
530 | } | |
531 | ||
12a235d6 WB |
532 | # struct ifreq { // FOR SIOCGIFFLAGS: |
533 | # char ifrn_name[IFNAMSIZ] | |
534 | # short ifru_flags | |
535 | # }; | |
536 | my $STRUCT_IFREQ_SIOCGIFFLAGS = 'Z' . IFNAMSIZ . 's1'; | |
537 | sub get_active_interfaces { | |
538 | # Use the interface name list from /proc/net/dev | |
539 | open my $fh, '<', '/proc/net/dev' | |
540 | or die "failed to open /proc/net/dev: $!\n"; | |
541 | # And filter by IFF_UP flag fetched via a PF_INET6 socket ioctl: | |
ab08ec79 WB |
542 | my $sock; |
543 | socket($sock, PF_INET6, SOCK_DGRAM, &IPPROTO_IP) | |
544 | or socket($sock, PF_INET, SOCK_DGRAM, &IPPROTO_IP) | |
545 | or return []; | |
12a235d6 WB |
546 | |
547 | my $ifaces = []; | |
548 | while(defined(my $line = <$fh>)) { | |
549 | next if $line !~ /^\s*([^:\s]+):/; | |
550 | my $ifname = $1; | |
c4534006 | 551 | my $ifreq = pack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifname, 0); |
f029c1d0 | 552 | if (!defined(ioctl($sock, SIOCGIFFLAGS, $ifreq))) { |
12a235d6 WB |
553 | warn "failed to get interface flags for: $ifname\n"; |
554 | next; | |
555 | } | |
556 | my ($name, $flags) = unpack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifreq); | |
c4534006 | 557 | push @$ifaces, $ifname if ($flags & IFF_UP); |
12a235d6 WB |
558 | } |
559 | close $fh; | |
560 | close $sock; | |
561 | return $ifaces; | |
562 | } | |
563 | ||
b9436cda | 564 | 1; |