From: Alexandre Derumier <aderumier@odiso.com>
Date: Tue, 2 Jun 2020 09:20:21 +0000 (+0200)
Subject: add vnet vlan-aware option
X-Git-Url: https://git.proxmox.com/?p=pve-network.git;a=commitdiff_plain;h=912fb4435d9dd37cc9d9d32ad28453b5987d3471

add vnet vlan-aware option

Some users would like to be able to defined vlans at
vm level, or allow trunks,  on top of already
tagged vnet. (including vlan on top of vxlan tunnel)

Allow it on all layer2 plugins, and add a warn
for evpn layer3 plugin.

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---

diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm
index 179bfa4..2433013 100644
--- a/PVE/Network/SDN/VnetPlugin.pm
+++ b/PVE/Network/SDN/VnetPlugin.pm
@@ -58,6 +58,10 @@ sub properties {
             type => 'integer',
             description => "vlan or vxlan id",
 	},
+	vlanaware => {
+	    type => 'boolean',
+	    description => 'Allow vm VLANs to pass through this vnet.',
+	},
         alias => {
             type => 'string',
             description => "alias name of the vnet",
@@ -89,6 +93,7 @@ sub options {
         ipv4 => { optional => 1 },
         ipv6 => { optional => 1 },
         mac => { optional => 1 },
+        vlanaware => { optional => 1 },
     };
 }
 
diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm
index 436b103..b8dc54c 100644
--- a/PVE/Network/SDN/Zones.pm
+++ b/PVE/Network/SDN/Zones.pm
@@ -214,18 +214,6 @@ sub status {
     return($zone_status, $vnet_status);
 }
 
-sub get_bridge_vlan {
-    my ($vnetid) = @_;
-
-    my $vnet = PVE::Network::SDN::Vnets::get_vnet($vnetid);
-
-    return ($vnetid, undef) if !$vnet; # fallback for classic bridge
-
-    my $plugin_config = get_plugin_config($vnet);
-    my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
-    return $plugin->get_bridge_vlan($plugin_config, $vnetid, $vnet->{tag});
-}
-
 sub tap_create {
     my ($iface, $bridge) = @_;
 
@@ -270,7 +258,7 @@ sub tap_plug {
 	if $plugin_config->{nodes} && !defined($plugin_config->{nodes}->{$nodename});
 
     my $plugin = PVE::Network::SDN::Zones::Plugin->lookup($plugin_config->{type});
-    $plugin->tap_plug($plugin_config, $vnet, $iface, $bridge, $firewall, $rate);
+    $plugin->tap_plug($plugin_config, $vnet, $tag, $iface, $bridge, $firewall, $trunks, $rate);
 }
 
 1;
diff --git a/PVE/Network/SDN/Zones/EvpnPlugin.pm b/PVE/Network/SDN/Zones/EvpnPlugin.pm
index 973e8e0..95fbb64 100644
--- a/PVE/Network/SDN/Zones/EvpnPlugin.pm
+++ b/PVE/Network/SDN/Zones/EvpnPlugin.pm
@@ -50,6 +50,7 @@ sub generate_sdn_config {
     my $vrfvxlan = $plugin_config->{'vrf-vxlan'};
 
     die "missing vxlan tag" if !$tag;
+    warn "vlan-aware vnet can't be enabled with evpn plugin" if $vnet->{vlanaware};
 
     my @peers = split(',', $controller->{'peers'});
     my ($ifaceip, $iface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers);
diff --git a/PVE/Network/SDN/Zones/Plugin.pm b/PVE/Network/SDN/Zones/Plugin.pm
index 9ea7a50..0633b78 100644
--- a/PVE/Network/SDN/Zones/Plugin.pm
+++ b/PVE/Network/SDN/Zones/Plugin.pm
@@ -205,44 +205,23 @@ sub status {
 }
 
 
-sub get_bridge_vlan {
-    my ($class, $plugin_config, $vnetid, $tag) = @_;
-
-    my $bridge = $vnetid;
-    $tag = undef;
-
-    die "bridge $bridge is missing" if !-d "/sys/class/net/$bridge/";
-
-    return ($bridge, $tag);
-}
-
 sub tap_create {
     my ($class, $plugin_config, $vnet, $iface, $vnetid) = @_;
 
-    my $tag = $vnet->{tag};
-    my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
-    die "unable to get bridge setting\n" if !$bridge;
-
-    PVE::Network::tap_create($iface, $bridge);
+    PVE::Network::tap_create($iface, $vnetid);
 }
 
 sub veth_create {
     my ($class, $plugin_config, $vnet, $veth, $vethpeer, $vnetid, $hwaddr) = @_;
 
-    my $tag = $vnet->{tag};
-    my ($bridge, undef) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
-    die "unable to get bridge setting\n" if !$bridge;
-
-    PVE::Network::veth_create($veth, $vethpeer, $bridge, $hwaddr);
+    PVE::Network::veth_create($veth, $vethpeer, $vnetid, $hwaddr);
 }
 
 sub tap_plug {
-    my ($class, $plugin_config, $vnet, $iface, $vnetid, $firewall, $rate) = @_;
-
-    my $tag = $vnet->{tag};
+    my ($class, $plugin_config, $vnet, $tag, $iface, $vnetid, $firewall, $trunks, $rate) = @_;
 
-    ($vnetid, $tag) = $class->get_bridge_vlan($plugin_config, $vnetid, $tag);
-    my $trunks = undef;
+    my $vlan_aware = PVE::Tools::file_read_firstline("/sys/class/net/$vnetid/bridge/vlan_filtering");
+    die "vm vlans are not allowed on vnet $vnetid" if !$vlan_aware && ($tag || $trunks);
 
     PVE::Network::tap_plug($iface, $vnetid, $tag, $firewall, $trunks, $rate);
 }
diff --git a/PVE/Network/SDN/Zones/QinQPlugin.pm b/PVE/Network/SDN/Zones/QinQPlugin.pm
index 8a8d55b..dcec6b4 100644
--- a/PVE/Network/SDN/Zones/QinQPlugin.pm
+++ b/PVE/Network/SDN/Zones/QinQPlugin.pm
@@ -149,6 +149,10 @@ sub generate_sdn_config {
     push @iface_config, "bridge_ports $vnet_bridge_ports";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
+    if($vnet->{vlanaware}) {
+	push @iface_config, "bridge-vlan-aware yes";
+	push @iface_config, "bridge-vids 2-4094";
+    }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
diff --git a/PVE/Network/SDN/Zones/VlanPlugin.pm b/PVE/Network/SDN/Zones/VlanPlugin.pm
index 9d459cd..8364451 100644
--- a/PVE/Network/SDN/Zones/VlanPlugin.pm
+++ b/PVE/Network/SDN/Zones/VlanPlugin.pm
@@ -112,6 +112,10 @@ sub generate_sdn_config {
     push @iface_config, "bridge_ports $vnet_uplink";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
+    if($vnet->{vlanaware}) {
+        push @iface_config, "bridge-vlan-aware yes";
+        push @iface_config, "bridge-vids 2-4094";
+    }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};
diff --git a/PVE/Network/SDN/Zones/VxlanPlugin.pm b/PVE/Network/SDN/Zones/VxlanPlugin.pm
index b3ed05f..bc585c6 100644
--- a/PVE/Network/SDN/Zones/VxlanPlugin.pm
+++ b/PVE/Network/SDN/Zones/VxlanPlugin.pm
@@ -82,6 +82,10 @@ sub generate_sdn_config {
     push @iface_config, "bridge_ports $vxlan_iface";
     push @iface_config, "bridge_stp off";
     push @iface_config, "bridge_fd 0";
+    if($vnet->{vlanaware}) {
+        push @iface_config, "bridge-vlan-aware yes";
+        push @iface_config, "bridge-vids 2-4094";
+    }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
     push(@{$config->{$vnetid}}, @iface_config) if !$config->{$vnetid};