#!/usr/bin/perl

use strict;
use warnings;

use PVE::QemuServer;
use PVE::Tools qw(run_command);
use PVE::Network;
use PVE::Firewall;

my $have_sdn;
eval {
    require PVE::Network::SDN::Zones;
    require PVE::Network::SDN::Vnets;
    $have_sdn = 1;
};

my $iface = shift;

my $hotplug = 0;
if ($iface eq '--hotplug') {
    $hotplug = 1;
    $iface = shift;
}

die "no interface specified\n" if !$iface;

die "got strange interface name '$iface'\n" 
    if $iface !~ m/^tap(\d+)i(\d+)$/;

my $vmid = $1;
my $netid = "net$2";

my $migratedfrom = $hotplug ? undef : $ENV{PVE_MIGRATED_FROM};

my $conf = PVE::QemuConfig->load_config($vmid, $migratedfrom);

my $netconf = $conf->{$netid};

$netconf = $conf->{pending}->{$netid} if !$migratedfrom && defined($conf->{pending}->{$netid}); 

die "unable to get network config '$netid'\n"
    if !defined($netconf);

my $net = PVE::QemuServer::parse_net($netconf);
die "unable to parse network config '$netid'\n" if !$net;

# The nftable-based implementation from the newer proxmox-firewall does not requires FW bridges
my $create_firewall_bridges = $net->{firewall} && !PVE::Firewall::is_nftables();

if ($have_sdn) {
    PVE::Network::SDN::Vnets::add_dhcp_mapping($net->{bridge}, $net->{macaddr}, $vmid, $conf->{name});
    PVE::Network::SDN::Zones::tap_create($iface, $net->{bridge});
    PVE::Network::SDN::Zones::tap_plug($iface, $net->{bridge}, $net->{tag}, $create_firewall_bridges, $net->{trunks}, $net->{rate});
} else {
    PVE::Network::tap_create($iface, $net->{bridge});
    PVE::Network::tap_plug($iface, $net->{bridge}, $net->{tag}, $create_firewall_bridges, $net->{trunks}, $net->{rate});
}

exit 0;