sub setup_tc_rate_limit {
my ($iface, $rate, $burst, $debug) = @_;
- system("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1");
- system("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1");
- system("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1");
- system("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1");
+ # these are allowed / expected to fail, e.g. when there is no previous rate limit to remove
+ eval { run_command("/sbin/tc class del dev $iface parent 1: classid 1:1 >/dev/null 2>&1"); };
+ eval { run_command("/sbin/tc filter del dev $iface parent ffff: protocol all pref 50 u32 >/dev/null 2>&1"); };
+ eval { run_command("/sbin/tc qdisc del dev $iface ingress >/dev/null 2>&1"); };
+ eval { run_command("/sbin/tc qdisc del dev $iface root >/dev/null 2>&1"); };
return if !$rate;
run_command("/sbin/tc qdisc add dev $iface handle ffff: ingress");
run_command("/sbin/tc filter add dev $iface parent ffff: " .
- "protocol all prio 50 u32 match u32 0 0 " .
+ "prio 50 basic " .
"police rate ${rate}bps burst ${burst}b mtu 64kb " .
"drop flowid :1");
if ($tag) {
system("/sbin/bridge vlan add dev $iface vid $tag pvid untagged") == 0 ||
die "unable to add vlan $tag to interface $iface\n";
+
+ warn "Caution: Setting VLAN ID 1 on a VLAN aware bridge may be dangerous\n" if $tag == 1;
} else {
system("/sbin/bridge vlan add dev $iface vid 2-4094") == 0 ||
die "unable to add default vlan tags to interface $iface\n" if !$trunks;
};
sub tap_plug {
- my ($iface, $bridge, $tag, $firewall, $trunks) = @_;
+ my ($iface, $bridge, $tag, $firewall, $trunks, $rate) = @_;
#cleanup old port config from any openvswitch bridge
eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) };
&$ovs_bridge_add_port($bridge, $iface, $tag, undef, $trunks);
}
}
+
+ tap_rate_limit($iface, $rate);
}
sub tap_unplug {
}
&$cleanup_firewall_bridge($iface);
+ #cleanup old port config from any openvswitch bridge
+ eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) };
}
sub copy_bridge_config {
my @ifaces = ();
my $dir = "/sys/class/net/$bridge/brif";
- PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+(\.\d+)?)', sub {
+ PVE::Tools::dir_glob_foreach($dir, '(((eth|bond)\d+|en[^.]+)(\.\d+)?)', sub {
push @ifaces, $_[0];
});
open my $fh, '<', '/proc/net/dev'
or die "failed to open /proc/net/dev: $!\n";
# And filter by IFF_UP flag fetched via a PF_INET6 socket ioctl:
- socket my $sock, PF_INET6, SOCK_DGRAM, &IPPROTO_IP
- or die "failed to open socket\n";
+ my $sock;
+ socket($sock, PF_INET6, SOCK_DGRAM, &IPPROTO_IP)
+ or socket($sock, PF_INET, SOCK_DGRAM, &IPPROTO_IP)
+ or return [];
my $ifaces = [];
while(defined(my $line = <$fh>)) {
next if $line !~ /^\s*([^:\s]+):/;
my $ifname = $1;
- my $ifreq = pack($STRUCT_IFREQ_SIOCGIFFLAGS, $1, 0);
+ my $ifreq = pack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifname, 0);
if (!defined(ioctl($sock, SIOCGIFFLAGS, $ifreq))) {
warn "failed to get interface flags for: $ifname\n";
next;
}
my ($name, $flags) = unpack($STRUCT_IFREQ_SIOCGIFFLAGS, $ifreq);
- push @$ifaces, $1 if ($flags & IFF_UP);
+ push @$ifaces, $ifname if ($flags & IFF_UP);
}
close $fh;
close $sock;