note : we need to add also vlan to ethX or bondX plugged in the bridge, to allow vlan to pass.
(by default, when vlan_filtering is enabled, traffic is blocked if vlan if not defined on interfaces) Signed-off-by: Alexandre Derumier <[email protected]> --- data/PVE/Network.pm | 61 ++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 3 deletions(-) diff --git a/data/PVE/Network.pm b/data/PVE/Network.pm index 9ad34f1..98ef18e 100644 --- a/data/PVE/Network.pm +++ b/data/PVE/Network.pm @@ -74,11 +74,22 @@ sub tap_plug { eval {run_command("/usr/bin/ovs-vsctl del-port $iface", outfunc => sub {}, errfunc => sub {}) }; if (-d "/sys/class/net/$bridge/bridge") { - my $newbridge = activate_bridge_vlan($bridge, $tag); - copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; + + my $newbridge = ""; + + if(-e "/sys/class/net/$bridge/bridge/vlan_filtering" && -e "/sbin/bridge" ){ + $newbridge = bridge_tap_vlan($iface, $bridge, $tag); + return if !$newbridge; + + }else{ + + $newbridge = activate_bridge_vlan($bridge, $tag); + copy_bridge_config($bridge, $newbridge) if $bridge ne $newbridge; + } system("/sbin/brctl addif $newbridge $iface") == 0 || die "can't add interface to bridge\n"; + } else { my $cmd = "/usr/bin/ovs-vsctl add-port $bridge $iface"; $cmd .= " tag=$tag" if $tag; @@ -91,7 +102,10 @@ sub tap_unplug { my ($iface, $bridge, $tag) = @_; if (-d "/sys/class/net/$bridge/bridge") { - $bridge .= "v$tag" if $tag; + + unless (-e "/sys/class/net/$bridge/bridge/vlan_filtering") { + $bridge .= "v$tag" if $tag; + } system("/sbin/brctl delif $bridge $iface") == 0 || die "can't del interface from bridge\n"; @@ -101,6 +115,47 @@ sub tap_unplug { } } +sub bridge_tap_vlan { + my ($iface, $bridge, $tag_param) = @_; + + die "bridge '$bridge' is not active\n" if ! -d "/sys/class/net/$bridge"; + + return $bridge if !defined($tag_param); # no vlan, simply return + + my $tag = int($tag_param); + + die "got strange vlan tag '$tag'\n" if $tag < 1 || $tag > 4094; + + #enable vlan filtering + + system("echo 1 > /sys/class/net/$bridge/bridge/vlan_filtering") == 0 || + die "unable to enable vlan filtering on bridge $bridge\n"; + + + #allow vlans on ethX or bondX interface in the bridge + + my $dir = "/sys/class/net/$bridge/brif"; + + PVE::Tools::dir_glob_foreach($dir, '((eth|bond)\d+)', sub { + my ($slave) = @_; + system("/sbin/bridge vlan add dev $slave vid $tag") == 0 || + die "unable to add vlan $tag to interface $slave\n"; + + }); + + #plug tap interface + system("/sbin/brctl addif $bridge $iface") == 0 || + die "can't add interface $iface to bridge $bridge\n"; + + #tag tap interface + + system("/sbin/bridge vlan add dev $iface vid $tag pvid untagged") == 0 || + die "unable to add vlan $tag to interface $iface\n"; + + return undef; +} + + sub copy_bridge_config { my ($br0, $br1) = @_; -- 1.7.10.4 _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
