Commit 312ce780 authored by Alexandre Derumier's avatar Alexandre Derumier Committed by Dietmar Maurer

add vlan aware ifupdown script v3

This add support to enable vlan aware bridge,
and management interfaces

example: 1 bridge and 1 administration port on vlan 100

auto vmbr0
iface vmbr0 inet manual
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        bridge_vlan_aware yes
        bridge_vids 10-15

auto vmbr0.100
iface vmbr0.100 inet static
        address X.X.X.X
        netmask 255.255.255.0
        gateway X.X.X.X

bridge_vids is optional, and allow on the specified vlans.(current take 1 value or range, need to be improve with list)
If not specified, the allowed vlan are 2-4094.
vlan 1 is the default pvid. (all untagged traffic is going to this vlan).

scripts:
- /etc/network/if-up.d/bridgevlan

manage bridge vlan aware configuration

- /etc/network/if-up.d/bridgevlanport

manage bridge vlan admin port

-/etc/network/if-pre-up.d/vlan
-/etc/network/if-post-down.d/vlan

replace current vlan package, without vconfig usage and cleanups
It's only needed to create vlan interface from bridge_ports.
Signed-off-by: 's avatarAlexandre Derumier <aderumier@odiso.com>
parent f6913d83
......@@ -80,7 +80,7 @@ aplupload:
scp aplinfo/aplinfo.dat aplinfo.dat.gz aplinfo/aplinfo.dat.asc download1.proxmox.com:/home/ftp/appliances/
.PHONY: install
install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu
install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan bridgevlanport vlan vlan-down
install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
install -d ${DESTDIR}/usr/share/${PACKAGE}
......@@ -97,6 +97,11 @@ install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf p
install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
install -D -m 0755 bridgevlan ${DESTDIR}/etc/network/if-up.d/bridgevlan
install -D -m 0755 bridgevlanport ${DESTDIR}/etc/network/if-up.d/bridgevlanport
install -D -m 0755 vlan ${DESTDIR}/etc/network/if-pre-up.d/vlan
install -D -m 0755 vlan-down ${DESTDIR}/etc/network/if-post-down.d/vlan
install -m 0644 vzdump-hook-script.pl ${DOCDIR}/examples/vzdump-hook-script.pl
install -m 0644 spice-example-sh ${DOCDIR}/examples/spice-example-sh
install -m 0644 copyright ${DOCDIR}
......
#!/bin/sh
if [ ! -x /sbin/bridge ] && [ ! -f /sys/class/net/$IFACE/bridge/vlan_filtering ]
then
exit 0
fi
# Enabling vlan filtering feature
if [ "$MODE" = "start" ] ; then
if [ -n "$IF_BRIDGE_VLAN_AWARE" ]
then
echo 1 > /sys/class/net/$IFACE/bridge/vlan_filtering
else
exit 0
fi
fi
. /lib/bridge-utils/bridge-utils.sh
case "$IF_BRIDGE_PORTS" in
"")
exit 0
;;
none)
INTERFACES=""
;;
*)
INTERFACES="$IF_BRIDGE_PORTS"
;;
esac
all_interfaces= &&
unset all_interfaces &&
bridge_parse_ports $INTERFACES | while read i
do
for port in $i
do
if [ "$MODE" = "start" ] && [ -d /sys/class/net/$IFACE/brif/$port ]; then
#we allow vlan to pass through attached interface
if [[ $port =~ ^(eth|bond|wlan)[0-9]{1,2}$ ]]
then
if [ -n "$IF_BRIDGE_VIDS" ]
then
bridge vlan add dev $port vid $IF_BRIDGE_VIDS
else
bridge vlan add dev $port vid 2-4094
fi
fi
fi
done
done
#!/bin/sh
if [ ! -x /sbin/bridge ]
then
exit 0
fi
if [ "$MODE" = "start" ] ; then
case "$IFACE" in
*.[0-9]*)
VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"`
IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"`
;;
esac
if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
if [ -e "/sys/class/net/$IF_VLAN_RAW_DEVICE/bridge/vlan_filtering" ]; then
bridge vlan add dev $IF_VLAN_RAW_DEVICE vid $VLANID self
fi
fi
fi
......@@ -11,3 +11,7 @@
/etc/apt/pve-repo-ca-certificates.crt
/etc/apt/sources.list.d/pve-enterprise.list
/etc/network/if-up.d/mtu
/etc/network/if-pre-up.d/vlan
/etc/network/if-post-down.d/vlan
/etc/network/if-up.d/bridgevlan
/etc/network/if-up.d/bridgevlanport
......@@ -3,8 +3,8 @@ Version: @VERSION@-@PACKAGERELEASE@
Section: admin
Priority: optional
Architecture: amd64
Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, vlan, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container
Conflicts: netcat-openbsd, vzdump
Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container
Conflicts: netcat-openbsd, vzdump, vlan
Replaces: vzdump
Provides: vzdump
Maintainer: Proxmox Support Team <support@proxmox.com>
......
#!/bin/sh
# Most of this stuff is to enable vlans, it's really only needed by bridge_utils
case "$IFACE" in
# Ignore any alias (#272891) which uses <interface>:<alabel>
*:*)
exit 0
;;
vlan[0-9]*)
VLANID=`echo $IFACE|sed "s/vlan*//"`
;;
*.[0-9]*)
# Silently ignore interfaces which ifupdown handles on its own
# If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils
[ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0
VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"`
IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"`
;;
*)
exit 0
;;
esac
if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
if ! ip link show dev "$IF_VLAN_RAW_DEVICE" > /dev/null; then
echo "$IF_VLAN_RAW_DEVICE does not exist, unable to create $IFACE"
exit 1
fi
if [ ! -e "/sys/class/net/$IFACE" ]; then
ip link set up dev $IF_VLAN_RAW_DEVICE
ip link add link $IF_VLAN_RAW_DEVICE name $IFACE type vlan id $VLANID
fi
fi
# This is not vlan specific, and should actually go somewhere else.
if [ -n "$IF_HW_MAC_ADDRESS" ]; then
ip link set $IFACE address $IF_HW_MAC_ADDRESS
fi
#!/bin/sh
# If IFACE is an automagic vlan interface (without the vlan-raw-device
# parameter) then let's try to discover the magic here.. Another way would be
# to just probe for the right device name in /proc/net/vlan
case "$IFACE" in
# Ignore any alias (#272891)
*:*)
exit 0
;;
*.[0-9]*)
# Silently ignore interfaces which ifupdown handles on its own
# If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils
[ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0
IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([A-Za-z0-9]*\)\..*/\1/"`
;;
# Test for vlan raw device (#196890, #292648)
*)
[ -z "$IF_VLAN_RAW_DEVICE" ] && exit 0
;;
esac
if [ -e "/sys/class/net/$IFACE" ]; then
ip link delete $IFACE
fi
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment