From 5caa663f3ebf00c3ab7e3135761d1bb17ae23227 Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Sun, 17 Sep 2023 15:44:44 +0200
Subject: [PATCH] ship default link config to disable systemd link mac-policy

since debian 11, systemd is changing behaviour of MAC address of
bridge, but also bond, where the mac is generated randomly instead
inherit from the first slave.

We tried to fix that with ifupdown2, but that seems to produce some
regressions and independent of that there was still another problem.
Namely, if a bridge don't have any slaves, systemd is keeping bridge
offline.

https://www.justinsteven.com/posts/2023/03/26/virtualbox-bridge-ports-none-no-carrier-debian-11/

That mean that a dhcp daemon like kea can't bind on a standalone
bridge (used for s-nat for example), until a tap interface is started.

So, set up a systemd link config to disable the systemd mac policy by
default (this don't break already fixed ifupdown2 mac).

Funnily CentOS && Fedora also disable it already:
https://fedoraproject.org/wiki/Changes/MAC_Address_Policy_none
https://gitlab.com/redhat/centos-stream/rpms/systemd/-/blob/c8953519504bf2e694bfbc2b02a456c1056f252e/0028-udev-net-setup-link-change-the-default-MACAddressPol.patch#L43

Before this patch:
```
~ ip a sh dev vmbr1
vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 10
```

After this patch:
```
~ ip a sh dev vmbr1
vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
```

Signed-off-by: Alexandre Derumier <alexandre.derumier@groupe-cyllene.com>
 [ TL: move to /usr/lib/.. where distro files belong and add comment ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 configs/Makefile                |  1 +
 configs/proxmox-ve-default.link | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 configs/proxmox-ve-default.link

diff --git a/configs/Makefile b/configs/Makefile
index fd446b5b..8cdb11e3 100644
--- a/configs/Makefile
+++ b/configs/Makefile
@@ -13,6 +13,7 @@ install: country.dat vzdump.conf pve-sources.list pve-initramfs.conf pve-blackli
 	install -D -m 0644 vzdump.conf $(DESTDIR)/etc/vzdump.conf
 	install -D -m 0644 pve-initramfs.conf $(DESTDIR)/etc/initramfs-tools/conf.d/pve-initramfs.conf
 	install -D -m 0644 country.dat $(DESTDIR)/usr/share/$(PACKAGE)/country.dat
+	install -D -m 0644 proxmox-ve-default.link $(DESTDIR)/usr/lib/systemd/network/98-proxmox-ve-default.link
 
 clean:
 	rm -f country.dat
diff --git a/configs/proxmox-ve-default.link b/configs/proxmox-ve-default.link
new file mode 100644
index 00000000..63953020
--- /dev/null
+++ b/configs/proxmox-ve-default.link
@@ -0,0 +1,11 @@
+[Match]
+OriginalName=*
+
+[Link]
+# Fixes two issues for Proxmox VE systems:
+# 1. inheriting MAC from the first slave, instead of using a random one, avoids
+#    that locked down network environments (e.g., at most hosting providers)
+#    will block traffic due to a unexpected MAC in the outgoing network packets
+# 2. Avoids that systemd keeps bridge offline if there are no slaves connected,
+#    failing, e.g., setting up s-NAT if no guest is (yet) started.
+MACAddressPolicy=none
-- 
2.39.2