[pve-devel] [PATCH] add vlan aware ifupdown script v3

Alexandre Derumier aderumier at odiso.com
Wed Jul 29 04:42:42 CEST 2015 

This add support to enable vlan aware bridge,
and management interfaces

example: 1 bridge and 1 administration port on vlan 100

auto vmbr0
iface vmbr0 inet manual
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        bridge_vlan_aware yes
        bridge_vids 10-15

auto vmbr0.100
iface vmbr0.100 inet static
        address X.X.X.X
        netmask 255.255.255.0
        gateway X.X.X.X

bridge_vids is optional, and allow on the specified vlans.(current take 1 value or range, need to be improve with list)
If not specified, the allowed vlan are 2-4094.
vlan 1 is the default pvid. (all untagged traffic is going to this vlan).

scripts:
- /etc/network/if-up.d/bridgevlan

manage bridge vlan aware configuration

- /etc/network/if-up.d/bridgevlanport

manage bridge vlan admin port

-/etc/network/if-pre-up.d/vlan
-/etc/network/if-post-down.d/vlan

replace current vlan package, without vconfig usage and cleanups
It's only needed to create vlan interface from bridge_ports.

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 Makefile          |  7 ++++++-
 bridgevlan        | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 bridgevlanport    | 23 +++++++++++++++++++++++
 debian/conffiles  |  4 ++++
 debian/control.in |  4 ++--
 vlan              | 40 ++++++++++++++++++++++++++++++++++++++++
 vlan-down         | 26 ++++++++++++++++++++++++++
 7 files changed, 155 insertions(+), 3 deletions(-)
 create mode 100755 bridgevlan
 create mode 100755 bridgevlanport
 create mode 100755 vlan
 create mode 100644 vlan-down

diff --git a/Makefile b/Makefile
index a09393c..ee9f3b2 100644
--- a/Makefile
+++ b/Makefile
@@ -80,7 +80,7 @@ aplupload:
 	scp aplinfo/aplinfo.dat aplinfo.dat.gz aplinfo/aplinfo.dat.asc download1.proxmox.com:/home/ftp/appliances/
 
 .PHONY: install
-install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu
+install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan bridgevlanport vlan vlan-down
 	install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
 	install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
 	install -d ${DESTDIR}/usr/share/${PACKAGE}
@@ -97,6 +97,11 @@ install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf p
 	install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
 	install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
 	install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
+	install -D -m 0755 bridgevlan ${DESTDIR}/etc/network/if-up.d/bridgevlan
+	install -D -m 0755 bridgevlanport ${DESTDIR}/etc/network/if-up.d/bridgevlanport
+	install -D -m 0755 vlan ${DESTDIR}/etc/network/if-pre-up.d/vlan
+	install -D -m 0755 vlan-down ${DESTDIR}/etc/network/if-post-down.d/vlan
+
 	install -m 0644 vzdump-hook-script.pl ${DOCDIR}/examples/vzdump-hook-script.pl
 	install -m 0644 spice-example-sh ${DOCDIR}/examples/spice-example-sh
 	install -m 0644 copyright ${DOCDIR}
diff --git a/bridgevlan b/bridgevlan
new file mode 100755
index 0000000..2e7612c
--- /dev/null
+++ b/bridgevlan
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+if [ ! -x /sbin/bridge ] && [ ! -f /sys/class/net/$IFACE/bridge/vlan_filtering ]
+then
+  exit 0
+fi
+
+# Enabling vlan filtering feature
+if [ "$MODE" = "start" ] ; then
+
+  if [ -n "$IF_BRIDGE_VLAN_AWARE" ]
+  then
+    echo 1 > /sys/class/net/$IFACE/bridge/vlan_filtering
+  else
+   exit 0
+  fi
+
+fi
+
+. /lib/bridge-utils/bridge-utils.sh
+
+case "$IF_BRIDGE_PORTS" in
+    "")
+	exit 0
+	;;
+    none)
+	INTERFACES=""
+	;;
+    *)
+	INTERFACES="$IF_BRIDGE_PORTS"
+	;;
+esac
+
+all_interfaces= &&
+unset all_interfaces &&
+bridge_parse_ports $INTERFACES | while read i
+do
+  for port in $i
+  do
+    if [ "$MODE" = "start" ] && [ -d /sys/class/net/$IFACE/brif/$port ]; then
+      #we allow vlan to pass through attached interface
+      if [[ $port =~ ^(eth|bond|wlan)[0-9]{1,2}$ ]]
+      then
+        if [ -n "$IF_BRIDGE_VIDS" ]
+	then
+             bridge vlan add dev $port vid $IF_BRIDGE_VIDS
+	else
+             bridge vlan add dev $port vid 2-4094
+        fi
+      fi
+    fi
+  done
+done
+
diff --git a/bridgevlanport b/bridgevlanport
new file mode 100755
index 0000000..6f7ec5d
--- /dev/null
+++ b/bridgevlanport
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+if [ ! -x /sbin/bridge ]
+then
+  exit 0
+fi
+
+if [ "$MODE" = "start" ] ; then
+  case "$IFACE" in
+    *.[0-9]*)
+      VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"`
+      IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"`
+    ;;
+  esac
+
+  if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
+      if [ -e "/sys/class/net/$IF_VLAN_RAW_DEVICE/bridge/vlan_filtering" ]; then 
+          bridge vlan add dev $IF_VLAN_RAW_DEVICE vid $VLANID self
+      fi
+  fi
+fi
+
+
diff --git a/debian/conffiles b/debian/conffiles
index 895abdf..2bb0027 100644
--- a/debian/conffiles
+++ b/debian/conffiles
@@ -11,3 +11,7 @@
 /etc/apt/pve-repo-ca-certificates.crt
 /etc/apt/sources.list.d/pve-enterprise.list
 /etc/network/if-up.d/mtu
+/etc/network/if-pre-up.d/vlan
+/etc/network/if-post-down.d/vlan
+/etc/network/if-up.d/bridgevlan
+/etc/network/if-up.d/bridgevlanport
diff --git a/debian/control.in b/debian/control.in
index 7b78973..e333d1d 100644
--- a/debian/control.in
+++ b/debian/control.in
@@ -3,8 +3,8 @@ Version: @VERSION at -@PACKAGERELEASE@
 Section: admin
 Priority: optional
 Architecture: amd64
-Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, vlan, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container
-Conflicts: netcat-openbsd, vzdump
+Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container
+Conflicts: netcat-openbsd, vzdump, vlan
 Replaces: vzdump
 Provides: vzdump
 Maintainer: Proxmox Support Team <support at proxmox.com>
diff --git a/vlan b/vlan
new file mode 100755
index 0000000..abe646a
--- /dev/null
+++ b/vlan
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# Most of this stuff is to enable vlans, it's really only needed by bridge_utils
+case "$IFACE" in
+  # Ignore any alias (#272891) which uses <interface>:<alabel>
+  *:*)
+    exit 0
+  ;;
+  vlan[0-9]*)
+    VLANID=`echo $IFACE|sed "s/vlan*//"`
+  ;;
+  *.[0-9]*)
+    # Silently ignore interfaces which ifupdown handles on its own
+    # If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils
+    [ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0
+    VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"`
+    IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"`
+  ;;
+
+  *)
+    exit 0
+  ;;
+esac
+
+if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
+    if ! ip link show dev "$IF_VLAN_RAW_DEVICE" > /dev/null; then
+        echo "$IF_VLAN_RAW_DEVICE does not exist, unable to create $IFACE"
+        exit 1
+    fi
+    if [ ! -e "/sys/class/net/$IFACE" ]; then
+        ip link set up dev $IF_VLAN_RAW_DEVICE
+	ip link add link $IF_VLAN_RAW_DEVICE name $IFACE type vlan id $VLANID 
+    fi
+
+fi
+
+# This is not vlan specific, and should actually go somewhere else.
+if [ -n "$IF_HW_MAC_ADDRESS" ]; then
+    ip link set $IFACE address $IF_HW_MAC_ADDRESS
+fi
diff --git a/vlan-down b/vlan-down
new file mode 100644
index 0000000..bb2d31f
--- /dev/null
+++ b/vlan-down
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+# If IFACE is an automagic vlan interface (without the vlan-raw-device
+# parameter) then let's try to discover the magic here..  Another way would be
+# to just probe for the right device name in /proc/net/vlan
+
+case "$IFACE" in
+  # Ignore any alias (#272891)
+  *:*)
+    exit 0
+  ;;
+  *.[0-9]*)
+    # Silently ignore interfaces which ifupdown handles on its own
+    # If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils
+    [ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0
+    IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([A-Za-z0-9]*\)\..*/\1/"`
+  ;;
+  # Test for vlan raw device (#196890, #292648)
+  *)
+    [ -z "$IF_VLAN_RAW_DEVICE" ] && exit 0
+  ;;
+esac
+
+if [ -e "/sys/class/net/$IFACE" ]; then
+    ip link delete $IFACE
+fi
-- 
2.1.4

More information about the pve-devel mailing list