Adjust domain and network validation to permit standard linux bridges
to allow vlan configuration.
Update calls to virNetDevBridgeAddPort to pass the vlan configuration.
Signed-off-by: Leigh Brown <leigh@solinno.co.uk>
---
src/conf/domain_validate.c | 3 ++-
src/lxc/lxc_process.c | 3 ++-
src/network/bridge_driver.c | 13 ++++++++-----
src/util/virnetdevtap.c | 2 +-
4 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1034bb57f5..c7a79a0277 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2077,7 +2077,8 @@ virDomainActualNetDefValidate(const virDomainNetDef *net)
(actualType == VIR_DOMAIN_NET_TYPE_DIRECT &&
virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU) ||
(actualType == VIR_DOMAIN_NET_TYPE_BRIDGE &&
- vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
+ vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
+ (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE && !vport))) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("interface %1$s - vlan tag not supported for this connection type"),
macstr);
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index 7c760cec40..c427b38605 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -289,7 +289,8 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm,
vport, virDomainNetGetActualVlan(net)) < 0)
return NULL;
} else {
- if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0)
+ if (virNetDevBridgeAddPort(brname, parentVeth,
+ virDomainNetGetActualVlan(net)) < 0)
return NULL;
if (virDomainNetGetActualPortOptionsIsolated(net) == VIR_TRISTATE_BOOL_YES &&
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index ce793c12ef..8f47ef2574 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2999,7 +2999,8 @@ networkValidate(virNetworkDriverState *driver,
/* The only type of networks that currently support transparent
* vlan configuration are those using hostdev sr-iov devices from
- * a pool, and those using an Open vSwitch bridge.
+ * a pool, those using an Open vSwitch bridge, and standard linux
+ * bridges.
*/
vlanAllowed = (def->forward.type == VIR_NETWORK_FORWARD_HOSTDEV ||
@@ -3007,15 +3008,17 @@ networkValidate(virNetworkDriverState *driver,
(def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
def->virtPortProfile &&
def->virtPortProfile->virtPortType
- == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH));
+ == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
+ (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
+ !def->virtPortProfile));
vlanUsed = def->vlan.nTags > 0;
for (i = 0; i < def->nPortGroups; i++) {
if (vlanUsed || def->portGroups[i].vlan.nTags > 0) {
/* anyone using this portgroup will get a vlan tag. Verify
- * that they will also be using an openvswitch connection,
- * as that is the only type of network that currently
- * supports a vlan tag.
+ * that they will also be using an openvswitch connection
+ * or a standard linux bridge as they are the only types of
+ * network that currently support a vlan tag.
*/
if (def->portGroups[i].virtPortProfile) {
if (def->forward.type != VIR_NETWORK_FORWARD_BRIDGE ||
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index a9573eb8e1..1dc77f0f5c 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname,
return -1;
}
} else {
- if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0)
+ if (virNetDevBridgeAddPort(brname, tapname, virtVlan) < 0)
return -1;
if (isolatedPort == VIR_TRISTATE_BOOL_YES &&
--
2.39.5On 1/2/25 4:29 AM, Leigh Brown wrote:
> Adjust domain and network validation to permit standard linux bridges
> to allow vlan configuration.
>
> Update calls to virNetDevBridgeAddPort to pass the vlan configuration.
>
> Signed-off-by: Leigh Brown <leigh@solinno.co.uk>
> ---
> src/conf/domain_validate.c | 3 ++-
> src/lxc/lxc_process.c | 3 ++-
> src/network/bridge_driver.c | 13 ++++++++-----
> src/util/virnetdevtap.c | 2 +-
> 4 files changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
> index 1034bb57f5..c7a79a0277 100644
> --- a/src/conf/domain_validate.c
> +++ b/src/conf/domain_validate.c
> @@ -2077,7 +2077,8 @@ virDomainActualNetDefValidate(const virDomainNetDef *net)
> (actualType == VIR_DOMAIN_NET_TYPE_DIRECT &&
> virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU) ||
> (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE &&
> - vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
> + vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
> + (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE && !vport))) {
it's pre-existing, but while changing the first line, the double space
in "vport && " should be made a single space.
Alsi I think it would look more consistent if the new line have "!vport"
first, e.g.:
(!vport && actualType == VIR_DOMAIN_NET_TYPE_BRIDGE))) {
> virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> _("interface %1$s - vlan tag not supported for this connection type"),
> macstr);
> diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
> index 7c760cec40..c427b38605 100644
> --- a/src/lxc/lxc_process.c
> +++ b/src/lxc/lxc_process.c
> @@ -289,7 +289,8 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm,
> vport, virDomainNetGetActualVlan(net)) < 0)
> return NULL;
> } else {
> - if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0)
> + if (virNetDevBridgeAddPort(brname, parentVeth,
> + virDomainNetGetActualVlan(net)) < 0)
It's okay to leave the above as a single line - long ago we used to
strictly limit to 80 character lines, but these days the coding-style
says to "aim for 80-90 characters, with a maximum of 100" (except for
error message strings, which should always be kept on a single line, no
matter how long)
> return NULL;
>
> if (virDomainNetGetActualPortOptionsIsolated(net) == VIR_TRISTATE_BOOL_YES &&
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index ce793c12ef..8f47ef2574 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -2999,7 +2999,8 @@ networkValidate(virNetworkDriverState *driver,
>
> /* The only type of networks that currently support transparent
> * vlan configuration are those using hostdev sr-iov devices from
> - * a pool, and those using an Open vSwitch bridge.
> + * a pool, those using an Open vSwitch bridge, and standard linux
> + * bridges.
> */
>
> vlanAllowed = (def->forward.type == VIR_NETWORK_FORWARD_HOSTDEV ||
> @@ -3007,15 +3008,17 @@ networkValidate(virNetworkDriverState *driver,
> (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
> def->virtPortProfile &&
> def->virtPortProfile->virtPortType
> - == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH));
> + == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
> + (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
> + !def->virtPortProfile));
>
> vlanUsed = def->vlan.nTags > 0;
> for (i = 0; i < def->nPortGroups; i++) {
> if (vlanUsed || def->portGroups[i].vlan.nTags > 0) {
> /* anyone using this portgroup will get a vlan tag. Verify
> - * that they will also be using an openvswitch connection,
> - * as that is the only type of network that currently
> - * supports a vlan tag.
> + * that they will also be using an openvswitch connection
> + * or a standard linux bridge as they are the only types of
> + * network that currently support a vlan tag.
> */
> if (def->portGroups[i].virtPortProfile) {
> if (def->forward.type != VIR_NETWORK_FORWARD_BRIDGE ||
> diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
> index a9573eb8e1..1dc77f0f5c 100644
> --- a/src/util/virnetdevtap.c
> +++ b/src/util/virnetdevtap.c
> @@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname,
> return -1;
> }
> } else {
> - if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0)
> + if (virNetDevBridgeAddPort(brname, tapname, virtVlan) < 0)
> return -1;
>
> if (isolatedPort == VIR_TRISTATE_BOOL_YES &&
© 2016 - 2025 Red Hat, Inc.