[pve-devel] [PATCH] add vlan aware bridge ifupdown script v2

Alexandre Derumier aderumier at odiso.com
Fri Jul 24 12:08:03 CEST 2015 

This add support to enable vlan aware bridge,
and management interfaces

example: 1 bridge and 1 administration port on vlan 100

auto vmbr0
iface vmbr0 inet manual
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        bridge_vlan_aware yes
	bridge_vids 10-15

auto vmbr0.100
iface vmbr0.100 inet static
        address X.X.X.X
        netmask 255.255.255.0
        gateway X.X.X.X

bridge_vids is optional, and allow on the specified vlans.(current take 1 value or range, need to be improve with list)
If not specified, the allowed vlan are 2-4094.
vlan 1 is the default pvid. (all untagged traffic is going to this vlan).

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 Makefile         |  4 +++-
 bridgevlan       | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 debian/conffiles |  2 ++
 vmbrvlan         | 38 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 94 insertions(+), 1 deletion(-)
 create mode 100755 bridgevlan
 create mode 100755 vmbrvlan

diff --git a/Makefile b/Makefile
index a09393c..6100f05 100644
--- a/Makefile
+++ b/Makefile
@@ -80,7 +80,7 @@ aplupload:
 	scp aplinfo/aplinfo.dat aplinfo.dat.gz aplinfo/aplinfo.dat.asc download1.proxmox.com:/home/ftp/appliances/
 
 .PHONY: install
-install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu
+install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan vmbrvlan
 	install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
 	install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
 	install -d ${DESTDIR}/usr/share/${PACKAGE}
@@ -97,6 +97,8 @@ install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf p
 	install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
 	install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
 	install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
+	install -D -m 0755 bridgevlan ${DESTDIR}/etc/network/if-up.d/bridgevlan
+	install -D -m 0755 vmbrvlan ${DESTDIR}/etc/network/if-pre-up.d/vmbrvlan
 	install -m 0644 vzdump-hook-script.pl ${DOCDIR}/examples/vzdump-hook-script.pl
 	install -m 0644 spice-example-sh ${DOCDIR}/examples/spice-example-sh
 	install -m 0644 copyright ${DOCDIR}
diff --git a/bridgevlan b/bridgevlan
new file mode 100755
index 0000000..b24212b
--- /dev/null
+++ b/bridgevlan
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+if [ ! -x /sbin/bridge ] && [ ! -f /sys/class/net/$IFACE/bridge/vlan_filtering ]
+then
+  exit 0
+fi
+
+. /lib/bridge-utils/bridge-utils.sh
+
+case "$IF_BRIDGE_PORTS" in
+    "")
+	exit 0
+	;;
+    none)
+	INTERFACES=""
+	;;
+    *)
+	INTERFACES="$IF_BRIDGE_PORTS"
+	;;
+esac
+
+all_interfaces= &&
+unset all_interfaces &&
+bridge_parse_ports $INTERFACES | while read i
+do
+  for port in $i
+  do
+    if [ "$MODE" = "start" ] && [ -d /sys/class/net/$IFACE/brif/$port ]; then
+      #we allow vlan to pass through attached interface
+      if [[ $port =~ ^(eth|bond|wlan)[0-9]{1,2}$ ]]
+      then
+        if [ -n "$IF_BRIDGE_VIDS" ]
+	then
+             bridge vlan add dev $port vid $IF_BRIDGE_VIDS
+	else
+             bridge vlan add dev $port vid 2-4094
+        fi
+      fi
+    fi
+  done
+done
+
+# Enabling vlan filtering feature
+if [ "$MODE" = "start" ] ; then
+
+  if [ -n "$IF_BRIDGE_VLAN_AWARE" ]
+  then
+    echo 1 > /sys/class/net/$IFACE/bridge/vlan_filtering
+  fi
+
+fi
diff --git a/debian/conffiles b/debian/conffiles
index 895abdf..2916cac 100644
--- a/debian/conffiles
+++ b/debian/conffiles
@@ -11,3 +11,5 @@
 /etc/apt/pve-repo-ca-certificates.crt
 /etc/apt/sources.list.d/pve-enterprise.list
 /etc/network/if-up.d/mtu
+/etc/network/if-up.d/bridgevlan
+/etc/network/if-pre-up.d/vmbrvlan
diff --git a/vmbrvlan b/vmbrvlan
new file mode 100755
index 0000000..ee570f0
--- /dev/null
+++ b/vmbrvlan
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+# Most of this stuff is to enable vlans
+
+case "$IFACE" in
+  # Ignore any alias (#272891) which uses <interface>:<alabel>
+  *:*)
+    exit 0
+  ;;
+  vmbr*.*)
+    vconfig set_name_type DEV_PLUS_VID_NO_PAD
+    VLANID=`echo $IFACE|sed "s/vmbr[0-9][0-9]*\.0*//g"`
+    IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\(vmbr[0-9][0-9]*\)\..*/\1/"`
+    bridge vlan add dev $IF_VLAN_RAW_DEVICE vid $VLANID self
+  ;;
+  *)
+    exit 0
+  ;;
+esac
+
+if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
+    if [ ! -x /sbin/vconfig ]; then
+        exit 0
+    fi
+    if ! ip link show dev "$IF_VLAN_RAW_DEVICE" > /dev/null; then
+        echo "$IF_VLAN_RAW_DEVICE does not exist, unable to create $IFACE"
+        exit 1
+    fi
+    if [ ! -e "/sys/class/net/$IFACE" ]; then
+        ip link set up dev $IF_VLAN_RAW_DEVICE
+        vconfig add $IF_VLAN_RAW_DEVICE $VLANID
+    fi
+fi
+
+# This is not vlan specific, and should actually go somewhere else.
+if [ -n "$IF_HW_MAC_ADDRESS" ]; then
+    ip link set $IFACE address $IF_HW_MAC_ADDRESS
+fi
-- 
2.1.4

More information about the pve-devel mailing list