zones: simple: fix ip-forward && ipv6 snat

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

diff --git a/PVE/Network/SDN/Zones/SimplePlugin.pm b/PVE/Network/SDN/Zones/SimplePlugin.pm
index 9f74f3e735ac45c0c692b2dc8cb8de52cb71f25b..caea5a810cee65fa5461116e026e7128293a7164 100644 (file)
--- a/PVE/Network/SDN/Zones/SimplePlugin.pm
+++ b/PVE/Network/SDN/Zones/SimplePlugin.pm
@@ -47,8 +47,6 @@ sub generate_sdn_config {
 
     return $config if$config->{$vnetid}; # nothing to do
 
-    my $ipv4 = $vnet->{ipv4};
-    my $ipv6 = $vnet->{ipv6};
     my $mac = $vnet->{mac};
     my $alias = $vnet->{alias};
     my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu};
@@ -59,6 +57,9 @@ sub generate_sdn_config {
     my $address = {};
     my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
 
+    my $ipv4 = undef;
+    my $ipv6 = undef;
+
     foreach my $subnetid (sort keys %{$subnets}) {
        my $subnet = $subnets->{$subnetid};
        my $cidr = $subnet->{cidr};
@@ -69,18 +70,33 @@ sub generate_sdn_config {
            push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
            $address->{$gateway} = 1;
        }
+
+       my $iptables = undef;
+       my $checkrouteip = undef;
+       my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
+
+       if ( $ipversion == 6) {
+           $ipv6 = 1;
+           $iptables = "ip6tables";
+           $checkrouteip = '2001:4860:4860::8888';
+       } else {
+           $ipv4 = 1;
+           $iptables = "iptables";
+           $checkrouteip = '8.8.8.8';
+       }
+
        #add route for /32 pointtopoint
-       push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32;
+       push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
        if ($subnet->{snat}) {
            #find outgoing interface
-           my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip('8.8.8.8');
+           my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
            if ($outip && $outiface) {
                #use snat, faster than masquerade
-               push @iface_config, "post-up iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
-               push @iface_config, "post-down iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+               push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+               push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
                #add conntrack zone once on outgoing interface
-               push @iface_config, "post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
-               push @iface_config, "post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
+               push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
+               push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
            }
        }
     }
@@ -95,6 +111,8 @@ sub generate_sdn_config {
     }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
+    push @iface_config, "ip-forward on" if $ipv4;
+    push @iface_config, "ip6-forward on" if $ipv6;
 
     push @{$config->{$vnetid}}, @iface_config;
 

diff --git a/test/zones/simple/hetzner/expected_sdn_interfaces b/test/zones/simple/hetzner/expected_sdn_interfaces
new file mode 100644 (file)
index 0000000..f47ac53
--- /dev/null
+++ b/test/zones/simple/hetzner/expected_sdn_interfaces
@@ -0,0 +1,19 @@
+#version:1
+
+auto myvnet
+iface myvnet
+       address 144.76.100.65/29
+       bridge_ports none
+       bridge_stp off
+       bridge_fd 0
+       ip-forward on
+
+auto myvnet2
+iface myvnet2
+       address 144.76.0.1/32
+       up ip route add 144.76.200.65/32 dev myvnet2
+       up ip route add 144.76.200.66/32 dev myvnet2
+       bridge_ports none
+       bridge_stp off
+       bridge_fd 0
+       ip-forward on

diff --git a/test/zones/simple/hetzner/interfaces b/test/zones/simple/hetzner/interfaces
new file mode 100644 (file)
index 0000000..5ab9635
--- /dev/null
+++ b/test/zones/simple/hetzner/interfaces
@@ -0,0 +1,6 @@
+auto eth0
+iface eth0 inet static
+  address 144.76.0.1
+  netmask 255.255.255.255
+  pointopoint 172.31.1.1
+  gateway 172.31.1.1
\ No newline at end of file

diff --git a/test/zones/simple/hetzner/sdn_config b/test/zones/simple/hetzner/sdn_config
new file mode 100644 (file)
index 0000000..30773ca
--- /dev/null
+++ b/test/zones/simple/hetzner/sdn_config
@@ -0,0 +1,34 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone" },
+                        myvnet2 => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "simple" } },
+             },
+
+  subnets => {
+                ids => {
+                        'myzone-144.76.100.64-29' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet',
+                                                        'gateway' => '144.76.100.65',
+                                                },
+                        'myzone-144.76.200.65-32' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet2',
+                                                        'gateway' => '144.76.0.1',
+                                                },
+                        'myzone-144.76.200.66-32' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet2',
+                                                        'gateway' => '144.76.0.1',
+                                                },
+                }
+             }
+}
+
+

diff --git a/test/zones/simple/ipv4/expected_sdn_interfaces b/test/zones/simple/ipv4/expected_sdn_interfaces
index d84075dee33fd232d7c14a523481c1320af3580d..06e43adda143847e48be0fb60188bd91e5bc31c7 100644 (file)
--- a/test/zones/simple/ipv4/expected_sdn_interfaces
+++ b/test/zones/simple/ipv4/expected_sdn_interfaces
@@ -6,3 +6,4 @@ iface myvnet
        bridge_ports none
        bridge_stp off
        bridge_fd 0
+       ip-forward on

diff --git a/test/zones/simple/ipv4snat/expected_sdn_interfaces b/test/zones/simple/ipv4snat/expected_sdn_interfaces
index c822af11f7e79777656af5bfb699fa018484e1a7..69d7986aaa99f434691cb64155f5b13038ab5257 100644 (file)
--- a/test/zones/simple/ipv4snat/expected_sdn_interfaces
+++ b/test/zones/simple/ipv4snat/expected_sdn_interfaces
@@ -10,3 +10,4 @@ iface myvnet
        bridge_ports none
        bridge_stp off
        bridge_fd 0
+       ip-forward on

diff --git a/test/zones/simple/ipv4v6/expected_sdn_interfaces b/test/zones/simple/ipv4v6/expected_sdn_interfaces
new file mode 100644 (file)
index 0000000..34ed5db
--- /dev/null
+++ b/test/zones/simple/ipv4v6/expected_sdn_interfaces
@@ -0,0 +1,11 @@
+#version:1
+
+auto myvnet
+iface myvnet
+       address 192.168.0.1/24
+       address 2a08:2142:302:3::1/64
+       bridge_ports none
+       bridge_stp off
+       bridge_fd 0
+       ip-forward on
+       ip6-forward on

diff --git a/test/zones/simple/ipv4v6/interfaces b/test/zones/simple/ipv4v6/interfaces
new file mode 100644 (file)
index 0000000..68b6a88
--- /dev/null
+++ b/test/zones/simple/ipv4v6/interfaces
@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0

diff --git a/test/zones/simple/ipv4v6/sdn_config b/test/zones/simple/ipv4v6/sdn_config
new file mode 100644 (file)
index 0000000..b8ed848
--- /dev/null
+++ b/test/zones/simple/ipv4v6/sdn_config
@@ -0,0 +1,27 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "simple" } },
+             },
+  subnets => {
+               ids => {
+                       'myzone-192.168.0.0-24' => {
+                                                       'type' => 'subnet',
+                                                       'vnet' => 'myvnet',
+                                                       'gateway' => '192.168.0.1',
+                                               },
+                       'myzone-2a08:2142:302:3::-64' => {
+                                                       'type' => 'subnet',
+                                                       'vnet' => 'myvnet',
+                                                       'gateway' => '2a08:2142:302:3::1',
+                                                       }
+               }
+             }
+}
+
+

diff --git a/test/zones/simple/ipv6snat/expected_sdn_interfaces b/test/zones/simple/ipv6snat/expected_sdn_interfaces
new file mode 100644 (file)
index 0000000..d3adc24
--- /dev/null
+++ b/test/zones/simple/ipv6snat/expected_sdn_interfaces
@@ -0,0 +1,13 @@
+#version:1
+
+auto myvnet
+iface myvnet
+       address 2a08:2142:302:3::1/64
+       post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+       post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+       post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
+       post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
+       bridge_ports none
+       bridge_stp off
+       bridge_fd 0
+       ip6-forward on

diff --git a/test/zones/simple/ipv6snat/interfaces b/test/zones/simple/ipv6snat/interfaces
new file mode 100644 (file)
index 0000000..66bb826
--- /dev/null
+++ b/test/zones/simple/ipv6snat/interfaces
@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+       address 192.168.0.1/24
+       gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0

diff --git a/test/zones/simple/ipv6snat/sdn_config b/test/zones/simple/ipv6snat/sdn_config
new file mode 100644 (file)
index 0000000..bc38527
--- /dev/null
+++ b/test/zones/simple/ipv6snat/sdn_config
@@ -0,0 +1,24 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "simple" } },
+             },
+
+  subnets => {
+                ids => {
+                        'myzone-2a08:2142:302:3::-64' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet',
+                                                        'gateway' => '2a08:2142:302:3::1',
+                                                       'snat'  => 1
+                                                        }
+                }
+             }
+}
+
+