From: Alexandre Derumier <aderumier@odiso.com>
Date: Fri, 3 May 2019 09:00:20 +0000 (+0200)
Subject: vxlanmultuicast: on_update_hook: check vnet tag in allowed vxlan
X-Git-Url: https://git.proxmox.com/?p=pve-network.git;a=commitdiff_plain;h=c723980ee759908e1c813b970c1063a2be4603eb

vxlanmultuicast: on_update_hook: check vnet tag in allowed vxlan

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---

diff --git a/PVE/Network/Network/VxlanMulticastPlugin.pm b/PVE/Network/Network/VxlanMulticastPlugin.pm
index 48e7d68..d6cc4f6 100644
--- a/PVE/Network/Network/VxlanMulticastPlugin.pm
+++ b/PVE/Network/Network/VxlanMulticastPlugin.pm
@@ -90,12 +90,30 @@ sub on_delete_hook {
 }
 
 sub on_update_hook {
-    my ($class, $networkid, $scfg) = @_;
+    my ($class, $transportid, $network_cfg) = @_;
+
+    my $transport = $network_cfg->{ids}->{$transportid};
 
     # verify that vxlan-allowed don't conflict with another vxlan-allowed transport
 
     # verify that vxlan-allowed is matching currently vnet tag in this transport  
-
+    my $vxlanallowed = $transport->{'vxlan-allowed'};
+    if ($vxlanallowed) {
+	foreach my $id (keys %{$network_cfg->{ids}}) {
+	    my $network = $network_cfg->{ids}->{$id};
+	    if ($network->{type} eq 'vnet' && defined($network->{tag})) {
+		if(defined($network->{transportzone}) && $network->{transportzone} eq $transportid) {
+		    my $tag = $network->{tag};
+		    eval {
+			PVE::Network::Network::Plugin::parse_tag_number_or_range($vxlanallowed, '16777216', $tag);
+		    };
+		    if($@) {
+			die "vnet $id - vlan $tag is not allowed in transport $transportid";
+		    }
+		}
+	    }
+	}
+    }
 }
 
 1;