]>
Commit | Line | Data |
---|---|---|
1 | package PVE::Network; | |
2 | ||
3 | use strict; | |
4 | use PVE::Tools qw(run_command); | |
5 | use PVE::ProcFSTools; | |
6 | use PVE::INotify; | |
7 | use File::Basename; | |
8 | ||
9 | # host network related utility functions | |
10 | ||
11 | sub setup_tc_rate_limit { | |
12 | my ($iface, $rate, $burst, $debug) = @_; | |
13 | ||
14 | system("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); | |
15 | system("/sbin/tc filter del dev $iface parent ffff: protocol ip prio 50 estimator 1sec 8sec >/dev/null 2>&1"); | |
16 | system("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); | |
17 | system("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); | |
18 | ||
19 | return if (!$rate || ($rate && $rate == 0)); | |
20 | ||
21 | run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress"); | |
22 | ||
23 | # this does not work wit virtio - don't know why (setting "mtu 64kb" does not help) | |
24 | #run_command("/sbin/tc filter add dev $iface parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${rate}bps burst ${burst}b drop flowid :1"); | |
25 | # so we use avrate instead | |
26 | run_command("/sbin/tc filter add dev $iface parent ffff: " . | |
27 | "protocol ip prio 50 estimator 1sec 8sec " . | |
28 | "u32 match ip src 0.0.0.0/0 police avrate ${rate}bps drop flowid :1"); | |
29 | ||
30 | # tbf does not work for unknown reason | |
31 | #$TC qdisc add dev $DEV root tbf rate $RATE latency 100ms burst $BURST | |
32 | # so we use htb instead | |
33 | run_command("/sbin/tc qdisc add dev $iface root handle 1: htb default 1"); | |
34 | run_command("/sbin/tc class add dev $iface parent 1: classid 1:1 " . | |
35 | "htb rate ${rate}bps burst ${burst}b"); | |
36 | ||
37 | if ($debug) { | |
38 | print "DEBUG tc settings\n"; | |
39 | system("/sbin/tc qdisc ls dev $iface"); | |
40 | system("/sbin/tc class ls dev $iface"); | |
41 | system("/sbin/tc filter ls dev $iface parent ffff:"); | |
42 | } | |
43 | } | |
44 | ||
45 | sub tap_rate_limit { | |
46 | my ($iface, $rate) = @_; | |
47 | ||
48 | my $debug = 0; | |
49 | $rate = int($rate*1024*1024); | |
50 | my $burst = 1024*1024; | |
51 | ||
52 | setup_tc_rate_limit($iface, $rate, $burst, $debug); | |
53 | } | |
54 | ||
55 | sub tap_create { | |
56 | my ($iface, $bridge) = @_; | |
57 | ||
58 | die "unable to get bridge setting\n" if !$bridge; | |
59 | ||
60 | my $bridgemtu = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/mtu"); | |
61 | die "bridge '$bridge' does not exist\n" if !$bridgemtu; | |
62 | ||
63 | eval{ PVE::Tools::run_command("/sbin/ifconfig $iface 0.0.0.0 promisc up mtu $bridgemtu");}; | |
64 | die "interface activation failed\n" if $@; | |
65 | } | |
66 | ||
67 | sub tap_plug { | |
68 | my ($iface, $bridge, $tag) = @_; | |
69 | ||
70 | my $newbridge = activate_bridge_vlan($bridge, $tag); | |
71 | copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; | |
72 | ||
73 | system ("/usr/sbin/brctl addif $newbridge $iface") == 0 || | |
74 | die "can't add interface to bridge\n"; | |
75 | } | |
76 | ||
77 | sub copy_bridge_config { | |
78 | my ($br0, $br1) = @_; | |
79 | ||
80 | return if $br0 eq $br1; | |
81 | ||
82 | my $br_configs = [ 'ageing_time', 'stp_state', 'priority', 'forward_delay', | |
83 | 'hello_time', 'max_age']; | |
84 | ||
85 | foreach my $sysname (@$br_configs) { | |
86 | eval { | |
87 | my $v0 = PVE::Tools::file_read_firstline("/sys/class/net/$br0/bridge/$sysname"); | |
88 | my $v1 = PVE::Tools::file_read_firstline("/sys/class/net/$br1/bridge/$sysname"); | |
89 | if ($v0 ne $v1) { | |
90 | system("echo \"$v0\" > /sys/class/net/$br1/bridge/$sysname") == 0 || | |
91 | warn "unable to set bridge config '$sysname'\n"; | |
92 | } | |
93 | }; | |
94 | warn $@ if $@; | |
95 | } | |
96 | } | |
97 | ||
98 | sub activate_bridge_vlan { | |
99 | my ($bridge, $tag_param) = @_; | |
100 | ||
101 | die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge"; | |
102 | ||
103 | return $bridge if !defined($tag_param); # no vlan, simply return | |
104 | ||
105 | my $tag = int($tag_param); | |
106 | ||
107 | die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094; | |
108 | ||
109 | my $bridgevlan = "${bridge}v$tag"; | |
110 | ||
111 | my $dir = "/sys/class/net/$bridge/brif"; | |
112 | ||
113 | #check if we have an only one ethX or bondX interface in the bridge | |
114 | ||
115 | my $iface; | |
116 | PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub { | |
117 | my ($slave) = @_; | |
118 | ||
119 | die "more then one physical interfaces on bridge '$bridge'\n" if $iface; | |
120 | $iface = $slave; | |
121 | ||
122 | }); | |
123 | ||
124 | die "no physical interface on bridge '$bridge'\n" if !$iface; | |
125 | ||
126 | my $ifacevlan = "${iface}.$tag"; | |
127 | ||
128 | # create vlan on $iface is not already exist | |
129 | if (! -d "/sys/class/net/$ifacevlan") { | |
130 | system("/sbin/vconfig add $iface $tag") == 0 || | |
131 | die "can't add vlan tag $tag to interface $iface\n"; | |
132 | } | |
133 | ||
134 | # be sure to have the $ifacevlan up | |
135 | system("/sbin/ip link set $ifacevlan up") == 0 || | |
136 | die "can't up interface $ifacevlan\n"; | |
137 | ||
138 | # test if $vlaniface is already enslaved in another bridge | |
139 | my $path= "/sys/class/net/$ifacevlan/brport/bridge"; | |
140 | if (-l $path) { | |
141 | my $tbridge = basename(readlink($path)); | |
142 | if ($tbridge eq $bridgevlan) { | |
143 | # already member of bridge - assume setup is already done | |
144 | return $bridgevlan; | |
145 | } else { | |
146 | die "interface $ifacevlan already exist in bridge $tbridge\n"; | |
147 | } | |
148 | } | |
149 | ||
150 | # add bridgevlan if it doesn't already exist | |
151 | if (! -d "/sys/class/net/$bridgevlan") { | |
152 | system("/usr/sbin/brctl addbr $bridgevlan") == 0 || | |
153 | die "can't add bridge $bridgevlan\n"; | |
154 | } | |
155 | ||
156 | #fixme: set other bridge flags | |
157 | ||
158 | # be sure to have the bridge up | |
159 | system("/sbin/ip link set $bridgevlan up") == 0 || | |
160 | die "can't up bridge $bridgevlan\n"; | |
161 | ||
162 | # add $ifacevlan to the bridge | |
163 | system("/usr/sbin/brctl addif $bridgevlan $ifacevlan") == 0 || | |
164 | die "can't add interface $ifacevlan to bridge $bridgevlan\n"; | |
165 | ||
166 | return $bridgevlan; | |
167 | } | |
168 | ||
169 | 1; |