1. Patchew
  2. Libvirt
  3. View series

[PATCH v4 0/4] iproute2 bridge vlan support

Leigh Brown posted 4 patches 1 week, 5 days ago
There is a newer version of this series
docs/formatdomain.rst       | 37 +++++++++---------
docs/formatnetwork.rst      | 45 +++++++++++-----------
src/conf/domain_validate.c  |  3 +-
src/lxc/lxc_process.c       |  2 +-
src/network/bridge_driver.c | 13 ++++---
src/util/virnetdevbridge.c  | 75 +++++++++++++++++++++++++++++++++++--
src/util/virnetdevbridge.h  |  4 +-
src/util/virnetdevtap.c     |  2 +-
src/util/virnetlink.c       | 66 ++++++++++++++++++++++++++++++++
src/util/virnetlink.h       |  7 ++++
10 files changed, 201 insertions(+), 53 deletions(-)
[PATCH v4 0/4] iproute2 bridge vlan support
Posted by Leigh Brown 1 week, 5 days ago 
I have incorporated Laine's feedback and added Reviewed-by tags.  I also
noticed that I hadn't updated the patch series description, so I updated
it to reflect the change to using netlink, for posterity.

Description
-----------
The iproute2 bridge command supports the capability for VLAN filtering
that allows each interface connected to a standard linux bridge to be
configured to use one or more VLANs. For simple setups, this capability
is enough to allow virtual machines or containers to be put onto
separate VLANs without creating multiple bridges and VLANs on the host.

The first patch adds a new function virNetDevBridgeVlanFilterSet that
allows a VLAN filter to be added or removed from an interface associated
with a bridge.

The second patch adds virNetDevBridgeSetupVlans that will, given a
virNetDevVlan structure, call virNetDevBridgeVlanFilterSet to apply the
required VLAN filtering for the given interface.

The third patch adjusts the domain and network validation to permit
standard linux bridges to allow VLAN configuration and updates calls to
virNetDevBridgeAddPort to pass the VLAN configuration.

The fourth patch updates documentation to match the new capability.

Changes since v3
----------------
- Update patch series description.
- Fix coding style.
- Add G_GNUC_UNUSED annotation to virNetDevBridgeAddPort for MacOS.

Changes since v2
----------------
- Convert to use netlink rather than executing bridge vlan commands.
- Add unsupported on this platform error message on FreeBSD.

Changes since v1
----------------
- Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
- Update bridge network validation to permit vlan configuration.
- Update documentation to match the functionality.
- Tweak some of the commit descriptions for clarity.

Usage example
-------------
Configure the host with systemd-networkd as follows:

/etc/systemd/network/br0.netdev (br0.network not shown)

[NetDev]
Name=br0
Kind=bridge
MACAddress=xx:xx:xx:xx:xx:xx
[Bridge]
VLANFiltering=on

/etc/systemd/network/eno1.network

[Match]
Name=eno1
[Network]
Bridge=br0
[Link]
MTUBytes=9000
[BridgeVLAN]
VLAN=40
[BridgeVLAN]
VLAN=60

Then add <vlan> tags into the lxc or qemu config:

lxc interface definition:
    <interface type='bridge'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <source bridge='br0'/>
      <vlan>
        <tag id='40'/>
      </vlan>
    </interface>

qemu interface definition:
    <interface type='network'>
      <mac address='xx:xx:xx:xx:xx:xx'/>
      <source network='br0'/>
      <vlan>
        <tag id='60'/>
      </vlan>
      <model type='virtio'/>
      <address type='pci' domain='0x0000'
       bus='0x01' slot='0x00' function='0x0'/>
    </interface>

Then, after starting them, you will see the following

$ sudo bridge vlan
port              vlan-id  
eno1              1 PVID Egress Untagged
                  40
                  60
br0               1 PVID Egress Untagged
vnet0             60 PVID Egress Untagged
vnet1             40 PVID Egress Untagged

Regards,

Leigh Brown (4):
  util: add netlink bridge vlan filtering
  util: Add vlan support to virNetDevBridgeAddPort
  Enable vlan support for standard linux bridges
  docs: standard linux bridges now support vlans

 docs/formatdomain.rst       | 37 +++++++++---------
 docs/formatnetwork.rst      | 45 +++++++++++-----------
 src/conf/domain_validate.c  |  3 +-
 src/lxc/lxc_process.c       |  2 +-
 src/network/bridge_driver.c | 13 ++++---
 src/util/virnetdevbridge.c  | 75 +++++++++++++++++++++++++++++++++++--
 src/util/virnetdevbridge.h  |  4 +-
 src/util/virnetdevtap.c     |  2 +-
 src/util/virnetlink.c       | 66 ++++++++++++++++++++++++++++++++
 src/util/virnetlink.h       |  7 ++++
 10 files changed, 201 insertions(+), 53 deletions(-)

-- 
2.39.5
Re: [PATCH v4 0/4] iproute2 bridge vlan support
Posted by Laine Stump 1 week, 5 days ago 
On 1/8/25 8:31 AM, Leigh Brown wrote:
> I have incorporated Laine's feedback and added Reviewed-by tags.  I also
> noticed that I hadn't updated the patch series description, so I updated
> it to reflect the change to using netlink, for posterity.

Okay, I've gone through all of these again, fixed a few conditionals 
that should have had braces but didn't (in patch 2), and removed one 
change that I'd mistakenly requested (in patch 3 - I commented in a 
reply to that), and pushed it all. Thanks for the contribution! (and for 
your patience, and for being so quick responding to reviews with a new 
spin :-)

Tomorrow I'll add an entry to NEWS.rst and also send a patch for the 
minor update that's needed to qemuChangeNet()

> 
> Description
> -----------
> The iproute2 bridge command supports the capability for VLAN filtering
> that allows each interface connected to a standard linux bridge to be
> configured to use one or more VLANs. For simple setups, this capability
> is enough to allow virtual machines or containers to be put onto
> separate VLANs without creating multiple bridges and VLANs on the host.
> 
> The first patch adds a new function virNetDevBridgeVlanFilterSet that
> allows a VLAN filter to be added or removed from an interface associated
> with a bridge.
> 
> The second patch adds virNetDevBridgeSetupVlans that will, given a
> virNetDevVlan structure, call virNetDevBridgeVlanFilterSet to apply the
> required VLAN filtering for the given interface.
> 
> The third patch adjusts the domain and network validation to permit
> standard linux bridges to allow VLAN configuration and updates calls to
> virNetDevBridgeAddPort to pass the VLAN configuration.
> 
> The fourth patch updates documentation to match the new capability.
> 
> Changes since v3
> ----------------
> - Update patch series description.
> - Fix coding style.
> - Add G_GNUC_UNUSED annotation to virNetDevBridgeAddPort for MacOS.
> 
> Changes since v2
> ----------------
> - Convert to use netlink rather than executing bridge vlan commands.
> - Add unsupported on this platform error message on FreeBSD.
> 
> Changes since v1
> ----------------
> - Fix bug in virNetDevSetupVlans where bridge port has no native vlan.
> - Update bridge network validation to permit vlan configuration.
> - Update documentation to match the functionality.
> - Tweak some of the commit descriptions for clarity.
> 
> Usage example
> -------------
> Configure the host with systemd-networkd as follows:
> 
> /etc/systemd/network/br0.netdev (br0.network not shown)
> 
> [NetDev]
> Name=br0
> Kind=bridge
> MACAddress=xx:xx:xx:xx:xx:xx
> [Bridge]
> VLANFiltering=on
> 
> /etc/systemd/network/eno1.network
> 
> [Match]
> Name=eno1
> [Network]
> Bridge=br0
> [Link]
> MTUBytes=9000
> [BridgeVLAN]
> VLAN=40
> [BridgeVLAN]
> VLAN=60
> 
> Then add <vlan> tags into the lxc or qemu config:
> 
> lxc interface definition:
>      <interface type='bridge'>
>        <mac address='xx:xx:xx:xx:xx:xx'/>
>        <source bridge='br0'/>
>        <vlan>
>          <tag id='40'/>
>        </vlan>
>      </interface>
> 
> qemu interface definition:
>      <interface type='network'>
>        <mac address='xx:xx:xx:xx:xx:xx'/>
>        <source network='br0'/>
>        <vlan>
>          <tag id='60'/>
>        </vlan>
>        <model type='virtio'/>
>        <address type='pci' domain='0x0000'
>         bus='0x01' slot='0x00' function='0x0'/>
>      </interface>
> 
> Then, after starting them, you will see the following
> 
> $ sudo bridge vlan
> port              vlan-id
> eno1              1 PVID Egress Untagged
>                    40
>                    60
> br0               1 PVID Egress Untagged
> vnet0             60 PVID Egress Untagged
> vnet1             40 PVID Egress Untagged
> 
> Regards,
> 
> Leigh Brown (4):
>    util: add netlink bridge vlan filtering
>    util: Add vlan support to virNetDevBridgeAddPort
>    Enable vlan support for standard linux bridges
>    docs: standard linux bridges now support vlans
> 
>   docs/formatdomain.rst       | 37 +++++++++---------
>   docs/formatnetwork.rst      | 45 +++++++++++-----------
>   src/conf/domain_validate.c  |  3 +-
>   src/lxc/lxc_process.c       |  2 +-
>   src/network/bridge_driver.c | 13 ++++---
>   src/util/virnetdevbridge.c  | 75 +++++++++++++++++++++++++++++++++++--
>   src/util/virnetdevbridge.h  |  4 +-
>   src/util/virnetdevtap.c     |  2 +-
>   src/util/virnetlink.c       | 66 ++++++++++++++++++++++++++++++++
>   src/util/virnetlink.h       |  7 ++++
>   10 files changed, 201 insertions(+), 53 deletions(-)
>
Re: [PATCH v4 0/4] iproute2 bridge vlan support
Posted by Leigh Brown 1 week, 3 days ago 
Hi Laine,

On 2025-01-08 22:33, Laine Stump wrote:
> On 1/8/25 8:31 AM, Leigh Brown wrote:
>> I have incorporated Laine's feedback and added Reviewed-by tags.  I 
>> also
>> noticed that I hadn't updated the patch series description, so I 
>> updated
>> it to reflect the change to using netlink, for posterity.
> 
> Okay, I've gone through all of these again, fixed a few conditionals 
> that should have had braces but didn't (in patch 2), and removed one 
> change that I'd mistakenly requested (in patch 3 - I commented in a 
> reply to that), and pushed it all. Thanks for the contribution! (and 
> for your patience, and for being so quick responding to reviews with a 
> new spin :-)

Thanks for merging. I am very happy. I'm running 11.0.0-rc1 on my two 
servers right now.

> Tomorrow I'll add an entry to NEWS.rst and also send a patch for the 
> minor update that's needed to qemuChangeNet()

I notice you didn't apply the fourth (documentation) patch - just 
checking if that was on purpose.

[..]

Regards,

Leigh.
Re: [PATCH v4 0/4] iproute2 bridge vlan support
Posted by Laine Stump 1 week, 3 days ago 
On 1/10/25 3:44 AM, Leigh Brown wrote:
> Hi Laine,
> 
> On 2025-01-08 22:33, Laine Stump wrote:
>> On 1/8/25 8:31 AM, Leigh Brown wrote:
>>> I have incorporated Laine's feedback and added Reviewed-by tags.  I also
>>> noticed that I hadn't updated the patch series description, so I updated
>>> it to reflect the change to using netlink, for posterity.
>>
>> Okay, I've gone through all of these again, fixed a few conditionals 
>> that should have had braces but didn't (in patch 2), and removed one 
>> change that I'd mistakenly requested (in patch 3 - I commented in a 
>> reply to that), and pushed it all. Thanks for the contribution! (and 
>> for your patience, and for being so quick responding to reviews with a 
>> new spin :-)
> 
> Thanks for merging. I am very happy. I'm running 11.0.0-rc1 on my two 
> servers right now.
> 
>> Tomorrow I'll add an entry to NEWS.rst and also send a patch for the 
>> minor update that's needed to qemuChangeNet()
> 
> I notice you didn't apply the fourth (documentation) patch - just 
> checking if that was on purpose.

No, that was completely an accident! I recall I accidentally git merged 
the patch just after yours without first rebasing its branch, so I had 
to git reset --hard my local master, rebase, and do it over; possibly I 
accidentally backed up one patch too far :-/

Anyway, thanks for noticing that! It's not a problem to push 
documentation changes during freeze, so I'll do that tonight, and also 
write up the other two patches I'd promised.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.