[PATCH container 1/1] Signed-off-by: Maurice Klein <klein at aetherus.de>

Fri Jan 9 13:10:49 CET 2026

qemu-server: add routed tap and helper scripts
---
 src/PVE/QemuServer.pm         |  9 +++++-
 src/PVE/QemuServer/Network.pm | 19 +++++++++++
 src/usr/pve-tap               | 59 +++++++++++++++++++++++++++++++++++
 src/usr/pve-tap-hotplug       |  3 ++
 src/usr/pve-tapdown           | 16 ++++++++++
 5 files changed, 105 insertions(+), 1 deletion(-)
 create mode 100755 src/usr/pve-tap
 create mode 100755 src/usr/pve-tap-hotplug
 create mode 100755 src/usr/pve-tapdown

diff --git a/src/PVE/QemuServer.pm b/src/PVE/QemuServer.pm
index 69991843..2c0b784e 100644
--- a/src/PVE/QemuServer.pm
+++ b/src/PVE/QemuServer.pm
@@ -1443,8 +1443,15 @@ sub print_netdev_full {
 
     my $netdev = "";
     my $script = $hotplug ? "pve-bridge-hotplug" : "pve-bridge";
+    if ($net->{taprouted}) {
+            $script = $hotplug ? "pve-tap" : "pve-tap-hotplug";
+    }
+
 
-    if ($net->{bridge}) {
+    if ($net->{taprouted}) {
+		    $netdev= "type=tap,id=$netid,ifname=${ifname},script=/usr/libexec/qemu-server/$script"
+            . ",downscript=/usr/libexec/qemu-server/pve-tapdown$vhostparam";
+    } elsif ($net->{bridge}) {
         $netdev = "type=tap,id=$netid,ifname=${ifname},script=/usr/libexec/qemu-server/$script"
             . ",downscript=/usr/libexec/qemu-server/pve-bridgedown$vhostparam";
     } else {
diff --git a/src/PVE/QemuServer/Network.pm b/src/PVE/QemuServer/Network.pm
index eb8222e8..c11f002c 100644
--- a/src/PVE/QemuServer/Network.pm
+++ b/src/PVE/QemuServer/Network.pm
@@ -116,6 +116,25 @@ my $net_fmt = {
             "Force MTU of network device (VirtIO only). Setting to '1' or empty will use the bridge MTU",
         optional => 1,
     },
+    taprouted => {
+        type => 'boolean',
+        description => "routed network, just make tap interface and execute routing script",
+        optional => 1,
+    },
+    hostip => {
+        type => 'string',
+        format => 'ipv4',
+        format_description => 'IPv4Format',
+        description => 'IPv4 address for the host.',
+        optional => 1,
+    },
+    guestip => {
+        type => 'string',
+        format => 'ipv4',
+        format_description => 'GuestIPv4',
+        description => 'IPv4 address for the guest.',
+        optional => 1,
+    },
 };
 
 our $netdesc = {
diff --git a/src/usr/pve-tap b/src/usr/pve-tap
new file mode 100755
index 00000000..10623c17
--- /dev/null
+++ b/src/usr/pve-tap
@@ -0,0 +1,59 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use PVE::Tools qw(run_command);
+use PVE::Firewall;
+
+use PVE::QemuServer::Network;
+
+my $iface = shift;
+
+my $hotplug = 0;
+if ($iface eq '--hotplug') {
+    $hotplug = 1;
+    $iface = shift;
+}
+
+die "no interface specified\n" if !$iface;
+
+die "got strange interface name '$iface'\n"
+    if $iface !~ m/^tap(\d+)i(\d+)$/;
+
+my $vmid = $1;
+my $netid = "net$2";
+
+my $migratedfrom = $hotplug ? undef : $ENV{PVE_MIGRATED_FROM};
+
+my $conf = PVE::QemuConfig->load_config($vmid, $migratedfrom);
+
+my $netconf = $conf->{$netid};
+
+$netconf = $conf->{pending}->{$netid} if !$migratedfrom && defined($conf->{pending}->{$netid});
+
+die "unable to get network config '$netid'\n"
+    if !defined($netconf);
+
+my $net = PVE::QemuServer::Network::parse_net($netconf);
+die "unable to parse network config '$netid'\n" if !$net;
+
+
+# Bring up the tap interface
+run_command(['ip', 'link', 'set', $iface, 'up']);
+#set host ip if specified
+if (defined($net->{hostip})) {
+    run_command(['ip', 'addr', 'add', $net->{hostip}, 'dev', $iface]);
+}
+
+#set route to guest if specified
+if (defined($net->{guestip})) {
+run_command(['ip', 'route', 'add', $net->{guestip}, 'dev', $iface]);
+}
+
+
+
+
+
+
+exit 0;
diff --git a/src/usr/pve-tap-hotplug b/src/usr/pve-tap-hotplug
new file mode 100755
index 00000000..6fcdcd2a
--- /dev/null
+++ b/src/usr/pve-tap-hotplug
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /usr/libexec/qemu-server/pve-tap --hotplug "$@"
diff --git a/src/usr/pve-tapdown b/src/usr/pve-tapdown
new file mode 100755
index 00000000..e867b640
--- /dev/null
+++ b/src/usr/pve-tapdown
@@ -0,0 +1,16 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use PVE::Network;
+
+my $iface = shift;
+
+die "no interface specified\n" if !$iface;
+
+die "got strange interface name '$iface'\n"
+    if $iface !~ m/^tap(\d+)i(\d+)$/;
+
+PVE::Network::tap_unplug($iface);
+
+exit 0;
-- 
2.39.5 (Apple Git-154)


