From da07e2b119d1bf660eaa926377a86b4b4a316370 Mon Sep 17 00:00:00 2001
From: Alexandre Derumier <aderumier@odiso.com>
Date: Fri, 3 May 2019 11:00:19 +0200
Subject: [PATCH] vlan: on_update_hook: check vnet tag in allowed vlan

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
---
 PVE/Network/Network/VlanPlugin.pm | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/PVE/Network/Network/VlanPlugin.pm b/PVE/Network/Network/VlanPlugin.pm
index 8b399c8..4f553ab 100644
--- a/PVE/Network/Network/VlanPlugin.pm
+++ b/PVE/Network/Network/VlanPlugin.pm
@@ -105,11 +105,30 @@ sub on_delete_hook {
 }
 
 sub on_update_hook {
-    my ($class, $networkid, $scfg) = @_;
+    my ($class, $transportid, $network_cfg) = @_;
+
+    my $transport = $network_cfg->{ids}->{$transportid};
 
     # verify that vlan-allowed don't conflict with another vlan-allowed transport
 
     # verify that vlan-allowed is matching currently vnet tag in this transport
+    my $vlanallowed = $transport->{'vlan-allowed'};
+    if ($vlanallowed) {
+	foreach my $id (keys %{$network_cfg->{ids}}) {
+	    my $network = $network_cfg->{ids}->{$id};
+	    if ($network->{type} eq 'vnet' && defined($network->{tag})) {
+		if(defined($network->{transportzone}) && $network->{transportzone} eq $transportid) {
+		    my $tag = $network->{tag};
+		    eval {
+			PVE::Network::Network::Plugin::parse_tag_number_or_range($vlanallowed, '4096', $tag);
+		    };
+		    if($@) {
+			die "vlan $tag is not allowed in transport $transportid";
+		    }
+		}
+	    }
+	}
+    }
 }
 
 1;
-- 
2.39.2