[pve-devel] applied: [PATCH v4 container/manager 0/3] fix #3413: Add `Disconnect` option for LXC networks

Thomas Lamprecht t.lamprecht at proxmox.com
Thu Mar 16 12:51:02 CET 2023 

Am 22/02/2023 um 13:49 schrieb Christoph Heiss:
> Add a `Disconnect` option for network interfaces on LXC containers, much
> like it already exists for VMs. This has been requested in #3413 [0] and
> seems useful, especially considering we already support the same thing
> for VMs.
> 
> One thing to note is that LXC does not seem to support the notion of
> setting an interface down. The `flags` property would suggest that this
> possible [1], but AFAICS it does not work. I tried setting the value as
> empty and to something else than "up" (since that is really the only
> supported option [2][3]), which both had absolutely no effect.
> 
> Thus force the host-side link of the container network down and avoid
> adding it to the designated bridge if the new option is set, effectively
> disconnecting the container network.
> 
> The first patch is cleanup only and does not change anything regarding
> functionality.
> 
> Testing
> -------
> Testing was done by starting a LXC container (w/ and w/o `link_down`
> set), checking if the interface has (or not) LOWERLAYERDOWN set inside
> the container (`ip address eth0`) and if packet transit works (or not)
> using a simple `ping`. Same thing after toggeling the option on the
> interface. Further, the interface(s) should (or should not) be listed
> in `brctl show`. Same thing was done for hotplugged interfaces to a
> running container.
> 
> Also tested with `ifreload -a` (thanks Wolfgang!) thrown in, which did
> nothing unexpected: If `link_down` was set, interfaces stayed in
> LOWERLAYERDOWN and unplugged from the bridge, and stayed UP and plugged
> into the bridge when `link_down` was unset.
> 
> [0] https://bugzilla.proxmox.com/show_bug.cgi?id=3413
> [1] https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbAO
> [2] https://github.com/lxc/lxc/blob/08f0e769/src/lxc/confile.c#L453-L467
> [3] https://github.com/lxc/lxc/blob/08f0e769/src/lxc/confile.c#L5933-L5952
> 
> v1: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055762.html
> v2: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055795.html
> v3: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055839.html
> 
> pve-container:
> 
> Christoph Heiss (2):
>       net: Pass network config directly to net_tap_plug()
>       net: Add `link_down` config to allow setting interfaces as disconnected
> 
>  src/PVE/LXC.pm        | 37 +++++++++++++++++++++++--------------
>  src/PVE/LXC/Config.pm |  6 ++++++
>  src/lxcnetaddbr       |  9 +--------
>  3 files changed, 30 insertions(+), 22 deletions(-)
> 


applied above two, with the relevant bits of the cover letter added to the commit
message of the second container patch, thanks!

More information about the pve-devel mailing list