package PVE::Network;
use strict;
+use warnings;
use PVE::Tools qw(run_command);
use PVE::ProcFSTools;
use PVE::INotify;
sub setup_tc_rate_limit {
my ($iface, $rate, $burst, $debug) = @_;
- system("/sbin/tc qdisc del dev $iface ingres >/dev/null 2>&1");
+ system("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1");
+ system("/sbin/tc filter del dev $iface parent ffff: protocol ip prio 50 estimator 1sec 8sec >/dev/null 2>&1");
+ system("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1");
system("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1");
+ return if !$rate;
+
run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress");
# this does not work wit virtio - don't know why (setting "mtu 64kb" does not help)
}
}
+sub tap_rate_limit {
+ my ($iface, $rate) = @_;
+
+ my $debug = 0;
+ $rate = int($rate*1024*1024);
+ my $burst = 1024*1024;
+
+ setup_tc_rate_limit($iface, $rate, $burst, $debug);
+}
+
+sub tap_create {
+ my ($iface, $bridge) = @_;
+
+ die "unable to get bridge setting\n" if !$bridge;
+
+ my $bridgemtu = PVE::Tools::file_read_firstline("/sys/class/net/$bridge/mtu");
+ die "bridge '$bridge' does not exist\n" if !$bridgemtu;
+
+ eval {
+ PVE::Tools::run_command("/sbin/ifconfig $iface 0.0.0.0 promisc up mtu $bridgemtu");
+ };
+ die "interface activation failed\n" if $@;
+}
+
+sub tap_plug {
+ my ($iface, $bridge, $tag) = @_;
+
+ #cleanup old port config from any openvswitch bridge
+ eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) };
+
+ if (-d "/sys/class/net/$bridge/bridge") {
+ my $newbridge = activate_bridge_vlan($bridge, $tag);
+ copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge;
+
+ system("/sbin/brctl addif $newbridge $iface") == 0 ||
+ die "can't add interface to bridge\n";
+ } else {
+ my $cmd = "/usr/bin/ovs-vsctl add-port $bridge $iface";
+ $cmd .= " tag=$tag" if $tag;
+ system($cmd) == 0 ||
+ die "can't add interface to bridge\n";
+ }
+}
+
+sub tap_unplug {
+ my ($iface, $bridge, $tag) = @_;
+
+ if (-d "/sys/class/net/$bridge/bridge") {
+ $bridge .= "v$tag" if $tag;
+
+ system("/sbin/brctl delif $bridge $iface") == 0 ||
+ die "can't del interface from bridge\n";
+ } else {
+ system ("/usr/bin/ovs-vsctl del-port $iface") == 0 ||
+ die "can't del interface from bridge\n";
+ }
+}
sub copy_bridge_config {
my ($br0, $br1) = @_;
return if $br0 eq $br1;
my $br_configs = [ 'ageing_time', 'stp_state', 'priority', 'forward_delay',
- 'hello_time', 'max_age'];
+ 'hello_time', 'max_age', 'multicast_snooping', 'multicast_querier'];
foreach my $sysname (@$br_configs) {
eval {
my $v0 = PVE::Tools::file_read_firstline("/sys/class/net/$br0/bridge/$sysname");
my $v1 = PVE::Tools::file_read_firstline("/sys/class/net/$br1/bridge/$sysname");
if ($v0 ne $v1) {
- system("echo \"$v0\" > /sys/class/net/$br1/bridge/$sysname") == 0 ||
- warn "unable to set bridge config '$sysname'\n";
+ PVE::ProcFSTools::write_proc_entry("/sys/class/net/$br1/bridge/$sysname", $v0);
}
};
warn $@ if $@;
}
}
-sub activate_bridge_vlan {
- my ($bridge, $tag_param) = @_;
-
- die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge";
-
- return $bridge if !defined($tag_param); # no vlan, simply return
-
- my $tag = int($tag_param);
-
- die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094;
-
- my $bridgevlan = "${bridge}v$tag";
-
- my $dir = "/sys/class/net/$bridge/brif";
-
- #check if we have an only one ethX or bondX interface in the bridge
-
- my $iface;
- PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub {
- my ($slave) = @_;
-
- die "more then one physical interfaces on bridge '$bridge'\n" if $iface;
- $iface = $slave;
-
- });
-
- die "no physical interface on bridge '$bridge'\n" if !$iface;
-
+sub activate_bridge_vlan_slave {
+ my ($bridgevlan, $iface, $tag) = @_;
my $ifacevlan = "${iface}.$tag";
-
+
# create vlan on $iface is not already exist
if (! -d "/sys/class/net/$ifacevlan") {
system("/sbin/vconfig add $iface $tag") == 0 ||
my $path= "/sys/class/net/$ifacevlan/brport/bridge";
if (-l $path) {
my $tbridge = basename(readlink($path));
- if ($tbridge eq $bridgevlan) {
- # already member of bridge - assume setup is already done
- return $bridgevlan;
- } else {
+ if ($tbridge ne $bridgevlan) {
die "interface $ifacevlan already exist in bridge $tbridge\n";
+ } else {
+ # Port already attached to bridge: do nothing.
+ return;
}
}
+ # add $ifacevlan to the bridge
+ system("/sbin/brctl addif $bridgevlan $ifacevlan") == 0 ||
+ die "can't add interface $ifacevlan to bridge $bridgevlan\n";
+}
+
+sub activate_bridge_vlan {
+ my ($bridge, $tag_param) = @_;
+
+ die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge";
+
+ return $bridge if !defined($tag_param); # no vlan, simply return
+
+ my $tag = int($tag_param);
+
+ die "got strange vlan tag '$tag_param'\n" if $tag < 1 || $tag > 4094;
+
+ my $bridgevlan = "${bridge}v$tag";
+
+ my @ifaces = ();
+ my $dir = "/sys/class/net/$bridge/brif";
+ PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub {
+ push @ifaces, $_[0];
+ });
+
+ die "no physical interface on bridge '$bridge'\n" if scalar(@ifaces) == 0;
+
# add bridgevlan if it doesn't already exist
if (! -d "/sys/class/net/$bridgevlan") {
- system("/usr/sbin/brctl addbr $bridgevlan") == 0 ||
+ system("/sbin/brctl addbr $bridgevlan") == 0 ||
die "can't add bridge $bridgevlan\n";
}
+ # for each physical interface (eth or bridge) bind them to bridge vlan
+ foreach my $iface (@ifaces) {
+ activate_bridge_vlan_slave($bridgevlan, $iface, $tag);
+ }
+
#fixme: set other bridge flags
# be sure to have the bridge up
system("/sbin/ip link set $bridgevlan up") == 0 ||
die "can't up bridge $bridgevlan\n";
-
- # add $ifacevlan to the bridge
- system("/usr/sbin/brctl addif $bridgevlan $ifacevlan") == 0 ||
- die "can't add interface $ifacevlan to bridge $bridgevlan\n";
-
+
return $bridgevlan;
}
projects / pve-common.git / blobdiff