[pve-devel] [PATCH pve-network 7/7] vxlanmultuicast: on_update_hook: check vnet tag in allowed vxlan
Alexandre Derumier
aderumier at odiso.com
Fri May 3 11:00:20 CEST 2019
Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
PVE/Network/Network/VxlanMulticastPlugin.pm | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/PVE/Network/Network/VxlanMulticastPlugin.pm b/PVE/Network/Network/VxlanMulticastPlugin.pm
index 48e7d68..d6cc4f6 100644
--- a/PVE/Network/Network/VxlanMulticastPlugin.pm
+++ b/PVE/Network/Network/VxlanMulticastPlugin.pm
@@ -90,12 +90,30 @@ sub on_delete_hook {
}
sub on_update_hook {
- my ($class, $networkid, $scfg) = @_;
+ my ($class, $transportid, $network_cfg) = @_;
+
+ my $transport = $network_cfg->{ids}->{$transportid};
# verify that vxlan-allowed don't conflict with another vxlan-allowed transport
# verify that vxlan-allowed is matching currently vnet tag in this transport
-
+ my $vxlanallowed = $transport->{'vxlan-allowed'};
+ if ($vxlanallowed) {
+ foreach my $id (keys %{$network_cfg->{ids}}) {
+ my $network = $network_cfg->{ids}->{$id};
+ if ($network->{type} eq 'vnet' && defined($network->{tag})) {
+ if(defined($network->{transportzone}) && $network->{transportzone} eq $transportid) {
+ my $tag = $network->{tag};
+ eval {
+ PVE::Network::Network::Plugin::parse_tag_number_or_range($vxlanallowed, '16777216', $tag);
+ };
+ if($@) {
+ die "vnet $id - vlan $tag is not allowed in transport $transportid";
+ }
+ }
+ }
+ }
+ }
}
1;
--
2.11.0
More information about the pve-devel
mailing list