From nobody Tue Jan 21 04:14:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=solinno.co.uk Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736364927134663.5856730334331; Wed, 8 Jan 2025 11:35:27 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 33965140C; Wed, 8 Jan 2025 14:35:26 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id ADEA513EA; Wed, 8 Jan 2025 14:34:09 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id B5BBBE89; Wed, 8 Jan 2025 14:34:02 -0500 (EST) Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 809F91185 for ; Wed, 8 Jan 2025 14:34:01 -0500 (EST) Received: from plato.solinno.co.uk (plato.dyn.solinno.co.uk [192.168.2.203]) by doppler.solinno.uk (Postfix) with ESMTPSA id 9B50062004; Wed, 8 Jan 2025 19:34:00 +0000 (GMT) Received: by plato.solinno.co.uk (Postfix, from userid 1000) id 5FAB544; Wed, 08 Jan 2025 19:34:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1736364840; bh=AILS8ggqQPpep3f/UZpot8z3NnkQ6j9DbU0EZBvUm3I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zEtykaUO4Y6luL/WH7NN9J72pkrooJ/Kfu5qZB4Vt1mQ/5X8/ffe41VMaqQhoiB3s sPbvR7hbAAdWRiI3g84LdFmHrHmtBS6bnNslH4Scvqbb5+TaqGgcUcSzGjcC8Uy6IP RHIm9qMZOeZYYIjXvHdQeBDhu/TftWfbChqC5Ew8= From: Leigh Brown To: devel@lists.libvirt.org, Laine Stump Subject: [PATCH v5 1/4] util: add netlink bridge vlan filtering Date: Wed, 8 Jan 2025 19:34:12 +0000 Message-ID: <20250108193415.200555-2-leigh@solinno.co.uk> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250108193415.200555-1-leigh@solinno.co.uk> References: <20250108193415.200555-1-leigh@solinno.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: AQYMPKJDDKV6BNIM7YOZ2CXSJLFBSCDX X-Message-ID-Hash: AQYMPKJDDKV6BNIM7YOZ2CXSJLFBSCDX X-MailFrom: leigh@solinno.co.uk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Leigh Brown X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1736364928180116600 Content-Type: text/plain; charset="utf-8" Enable capability to add and remove vlan filters for a standard linux bridge using netlink. New function virNetlinkBridgeVlanFilterSet can be used to add or remove a vlan filter to a given bridge interface. Signed-off-by: Leigh Brown Reviewed-by: Laine Stump --- src/util/virnetlink.c | 66 +++++++++++++++++++++++++++++++++++++++++++ src/util/virnetlink.h | 7 +++++ 2 files changed, 73 insertions(+) diff --git a/src/util/virnetlink.c b/src/util/virnetlink.c index 24cd69a385..206646d9d7 100644 --- a/src/util/virnetlink.c +++ b/src/util/virnetlink.c @@ -701,6 +701,72 @@ virNetlinkDelLink(const char *ifname, virNetlinkTalkFa= llback fallback) return 0; } =20 +/** + * virNetlinkBridgeVlanFilterSet: + * + * @ifname: name of the link + * @cmd: netlink command, either RTM_SETLINK or RTM_DELLINK + * @flags: flags to use when adding the vlan filter + * @vid: vlan id to add or remove + * @error: netlink error code + * + * Add or remove a vlan filter from an interface associated with a + * bridge. + * + * Returns 0 on success, -1 on error. Additionally, if the @error is + * non-zero, then a netlink failure occurred, but no error message + * is generated leaving it up to the caller to handle the condition. + */ +int +virNetlinkBridgeVlanFilterSet(const char *ifname, + int cmd, + const unsigned short flags, + const short vid, + int *error) +{ + struct ifinfomsg ifm =3D { .ifi_family =3D PF_BRIDGE }; + struct bridge_vlan_info vinfo =3D { .flags =3D flags, .vid =3D vid }; + struct nlattr *afspec =3D NULL; + g_autoptr(virNetlinkMsg) nl_msg =3D NULL; + g_autofree struct nlmsghdr *resp =3D NULL; + unsigned int resp_len =3D 0; + + *error =3D 0; + + if (vid < 1 || vid > 4095) { + virReportError(ERANGE, _("vlanid out of range: %1$d"), vid); + return -1; + } + + if (!(cmd =3D=3D RTM_SETLINK || cmd =3D=3D RTM_DELLINK)) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Invalid vlan filter command %1$d"), cmd); + return -1; + } + + if (virNetDevGetIndex(ifname, &ifm.ifi_index) < 0) + return -1; + + nl_msg =3D virNetlinkMsgNew(cmd, NLM_F_REQUEST); + + NETLINK_MSG_APPEND(nl_msg, sizeof(ifm), &ifm); + + NETLINK_MSG_NEST_START(nl_msg, afspec, IFLA_AF_SPEC); + NETLINK_MSG_PUT(nl_msg, IFLA_BRIDGE_VLAN_INFO, sizeof(vinfo), &vinfo); + NETLINK_MSG_NEST_END(nl_msg, afspec); + + if (virNetlinkTalk(ifname, nl_msg, 0, 0, &resp, &resp_len, error, NULL= ) < 0) + return -1; + + if (resp->nlmsg_type !=3D NLMSG_ERROR && resp->nlmsg_type !=3D NLMSG_D= ONE) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("malformed netlink response message")); + return -1; + } + + return 0; +} + /** * virNetlinkGetNeighbor: * diff --git a/src/util/virnetlink.h b/src/util/virnetlink.h index 75192f645f..327fb426a1 100644 --- a/src/util/virnetlink.h +++ b/src/util/virnetlink.h @@ -25,6 +25,7 @@ #if defined(WITH_LIBNL) =20 # include +# include =20 typedef struct nl_msg virNetlinkMsg; G_DEFINE_AUTOPTR_CLEANUP_FUNC(virNetlinkMsg, nlmsg_free); @@ -76,6 +77,12 @@ typedef int (*virNetlinkTalkFallback)(const char *ifname= ); =20 int virNetlinkDelLink(const char *ifname, virNetlinkTalkFallback fallback); =20 +int virNetlinkBridgeVlanFilterSet(const char *ifname, + int cmd, + const unsigned short flags, + const short vid, + int *error); + int virNetlinkGetErrorCode(struct nlmsghdr *resp, unsigned int recvbuflen); =20 int virNetlinkDumpLink(const char *ifname, int ifindex, --=20 2.39.5 From nobody Tue Jan 21 04:14:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=solinno.co.uk Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736364985324908.6731611086863; Wed, 8 Jan 2025 11:36:25 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 5409C1389; Wed, 8 Jan 2025 14:36:24 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 187E61402; Wed, 8 Jan 2025 14:34:13 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id E1A44E89; Wed, 8 Jan 2025 14:34:02 -0500 (EST) Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 90CA71173 for ; Wed, 8 Jan 2025 14:34:01 -0500 (EST) Received: from plato.solinno.co.uk (e.d.1.4.d.2.c.e.4.d.9.9.7.9.7.e.a.c.f.8.6.f.d.1.0.b.8.0.1.0.0.2.ip6.arpa [IPv6:2001:8b0:1df6:8fca:e797:99d4:ec2d:41de]) by doppler.solinno.uk (Postfix) with ESMTPSA id BA23562056; Wed, 8 Jan 2025 19:34:00 +0000 (GMT) Received: by plato.solinno.co.uk (Postfix, from userid 1000) id 636EB45; Wed, 08 Jan 2025 19:34:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1736364840; bh=w8qXNMvUblMsk/7+PRNXnAFOMzUIZVvm+2vMkdDEZ+M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RxlnLir5MD2mL4fOyPGpbLfHWgYPMXI13oG0jCsW/0efbXLJwyNHXSMwWu0ohsUno P0qaNlYdUm2AnFNiDIDlRIJCsaUrpBNzB9A3RScZ6I74v9jaIgseriQP0kB3gJgvGe 5a7NwSK8cgSnwnmkN/Ku0O8SgGee6HCMLAv9AEis= From: Leigh Brown To: devel@lists.libvirt.org, Laine Stump Subject: [PATCH v5 2/4] util: Add vlan support to virNetDevBridgeAddPort Date: Wed, 8 Jan 2025 19:34:13 +0000 Message-ID: <20250108193415.200555-3-leigh@solinno.co.uk> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250108193415.200555-1-leigh@solinno.co.uk> References: <20250108193415.200555-1-leigh@solinno.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: FXLHIPQG6L6EW4LON32X4NYUEUD236HH X-Message-ID-Hash: FXLHIPQG6L6EW4LON32X4NYUEUD236HH X-MailFrom: leigh@solinno.co.uk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Leigh Brown X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1736364986444116600 Content-Type: text/plain; charset="utf-8" Add virNetDevBridgeSetupVlans function to configures a bridge interface using the passed virNetDevVlan struct. Add virVlan parameter to the Linux version of virNetDevBridgeAddPort and call virNetDevBridgeSetupVlans to set up the required vlan configuration. Update callers of virNetDevBridgeAddPort to pass NULL for now. Signed-off-by: Leigh Brown Reviewed-by: Laine Stump --- src/lxc/lxc_process.c | 2 +- src/util/virnetdevbridge.c | 77 ++++++++++++++++++++++++++++++++++++-- src/util/virnetdevbridge.h | 4 +- src/util/virnetdevtap.c | 2 +- 4 files changed, 78 insertions(+), 7 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index c2982244f0..7c760cec40 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -289,7 +289,7 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm, vport, virDomainNetGetActualVl= an(net)) < 0) return NULL; } else { - if (virNetDevBridgeAddPort(brname, parentVeth) < 0) + if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0) return NULL; =20 if (virDomainNetGetActualPortOptionsIsolated(net) =3D=3D VIR_T= RISTATE_BOOL_YES && diff --git a/src/util/virnetdevbridge.c b/src/util/virnetdevbridge.c index 5fd88f3195..d080c70dbf 100644 --- a/src/util/virnetdevbridge.c +++ b/src/util/virnetdevbridge.c @@ -313,6 +313,67 @@ virNetDevBridgePortSetIsolated(const char *brname, return virNetDevBridgePortSet(brname, ifname, "isolated", enable ? 1 := 0); } =20 +static int +virNetDevBridgeSetupVlans(const char *ifname, const virNetDevVlan *virtVla= n) +{ + int error =3D 0; + unsigned short flags; + + if (!virtVlan || !virtVlan->nTags) + return 0; + + // The interface will have been automatically added to vlan 1, so remo= ve it + if (virNetlinkBridgeVlanFilterSet(ifname, RTM_DELLINK, 0, 1, &error) <= 0) { + if (error !=3D 0) + virReportSystemError(-error, + _("error removing vlan filter from interf= ace %1$s"), + ifname); + return -1; + } + + // If trunk mode, add the native VLAN then add the others, if any + if (virtVlan->trunk) { + size_t i; + + if (virtVlan->nativeTag) { + flags =3D BRIDGE_VLAN_INFO_PVID; + if (virtVlan->nativeMode =3D=3D VIR_NATIVE_VLAN_MODE_UNTAGGED = || + virtVlan->nativeMode =3D=3D VIR_NATIVE_VLAN_MODE_DEFAULT) { + flags |=3D BRIDGE_VLAN_INFO_UNTAGGED; + } + + if (virNetlinkBridgeVlanFilterSet(ifname, RTM_SETLINK, flags, + virtVlan->nativeTag, &error)= < 0) { + goto error; + } + } + + for (i =3D 0; i < virtVlan->nTags; i++) { + if (virtVlan->tag[i] !=3D virtVlan->nativeTag) + if (virNetlinkBridgeVlanFilterSet(ifname, RTM_SETLINK, 0, + virtVlan->tag[i], &error= ) < 0) { + goto error; + } + } + } else { + // In native mode, add the single VLAN as pvid untagged + flags =3D BRIDGE_VLAN_INFO_PVID | BRIDGE_VLAN_INFO_UNTAGGED; + if (virNetlinkBridgeVlanFilterSet(ifname, RTM_SETLINK, flags, + virtVlan->tag[0], &error) < 0) { + goto error; + } + } + + return 0; + + error: + if (error !=3D 0) + virReportSystemError(-error, + _("error adding vlan filter to interface %1$s= "), + ifname); + return -1; +} + =20 #else int @@ -593,7 +654,8 @@ int virNetDevBridgeDelete(const char *brname G_GNUC_UNU= SED) */ #if defined(WITH_STRUCT_IFREQ) && defined(SIOCBRADDIF) int virNetDevBridgeAddPort(const char *brname, - const char *ifname) + const char *ifname, + const virNetDevVlan *virtVlan) { struct ifreq ifr; VIR_AUTOCLOSE fd =3D -1; @@ -613,14 +675,20 @@ int virNetDevBridgeAddPort(const char *brname, return -1; } =20 - return 0; + return virNetDevBridgeSetupVlans(ifname, virtVlan); } #elif defined(WITH_BSD_BRIDGE_MGMT) int virNetDevBridgeAddPort(const char *brname, - const char *ifname) + const char *ifname, + const virNetDevVlan *virtVlan) { struct ifbreq req =3D { 0 }; =20 + if (virtVlan) { + virReportSystemError(ENOSYS, "%s", _("Not supported on this platfo= rm")); + return -1; + } + if (virStrcpyStatic(req.ifbr_ifsname, ifname) < 0) { virReportSystemError(ERANGE, _("Network interface name '%1$s' is too long"= ), @@ -638,7 +706,8 @@ int virNetDevBridgeAddPort(const char *brname, } #else int virNetDevBridgeAddPort(const char *brname, - const char *ifname) + const char *ifname, + const virNetDevVlan *virtVlan G_GNUC_UNUSED) { virReportSystemError(ENOSYS, _("Unable to add bridge %1$s port %2$s"), brname,= ifname); diff --git a/src/util/virnetdevbridge.h b/src/util/virnetdevbridge.h index db4099bf0b..5f51656abe 100644 --- a/src/util/virnetdevbridge.h +++ b/src/util/virnetdevbridge.h @@ -20,6 +20,7 @@ =20 #include "internal.h" #include "virmacaddr.h" +#include "virnetdevvlan.h" =20 int virNetDevBridgeCreate(const char *brname, const virMacAddr *mac) @@ -28,7 +29,8 @@ int virNetDevBridgeDelete(const char *brname) ATTRIBUTE_NONNULL(1) G_GNUC_WARN_UNUSED_RESULT; =20 int virNetDevBridgeAddPort(const char *brname, - const char *ifname) + const char *ifname, + const virNetDevVlan *virtVlan) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) G_GNUC_WARN_UNUSED_RESULT; =20 int virNetDevBridgeRemovePort(const char *brname, diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c index 2701ba6dfc..a9573eb8e1 100644 --- a/src/util/virnetdevtap.c +++ b/src/util/virnetdevtap.c @@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname, return -1; } } else { - if (virNetDevBridgeAddPort(brname, tapname) < 0) + if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0) return -1; =20 if (isolatedPort =3D=3D VIR_TRISTATE_BOOL_YES && --=20 2.39.5 From nobody Tue Jan 21 04:14:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=solinno.co.uk Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 173636495060696.2995603642321; Wed, 8 Jan 2025 11:35:50 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id A505E1389; Wed, 8 Jan 2025 14:35:49 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 817DF132C; Wed, 8 Jan 2025 14:34:11 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id CAAA0E89; Wed, 8 Jan 2025 14:34:02 -0500 (EST) Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 874D311AC for ; Wed, 8 Jan 2025 14:34:01 -0500 (EST) Received: from plato.solinno.co.uk (plato.dyn.solinno.co.uk [192.168.2.203]) by doppler.solinno.uk (Postfix) with ESMTPSA id 9BFC562048; Wed, 8 Jan 2025 19:34:00 +0000 (GMT) Received: by plato.solinno.co.uk (Postfix, from userid 1000) id 65F4246; Wed, 08 Jan 2025 19:34:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1736364840; bh=ckmnjWL4y8UMNhfcw/dicym2YVDGLCUCRE8pEIzUlzY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=S+B7WfqKwy0nDtN3pbdVAG1UFFu+lP6RjmDPEuAYVIkAAtBS5rwSL9c4pv3e3SeUx l1DkwPrNH/EX/t3yBa5K49BmGJFBU13y1VqTMOqB1xeH/yadDjscQbwSpG6Eawjic5 A8onWAFyWWQ6zEXpQ3uHya3yPHdY8iZUCksSconk= From: Leigh Brown To: devel@lists.libvirt.org, Laine Stump Subject: [PATCH v5 3/4] Enable vlan support for standard linux bridges Date: Wed, 8 Jan 2025 19:34:14 +0000 Message-ID: <20250108193415.200555-4-leigh@solinno.co.uk> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250108193415.200555-1-leigh@solinno.co.uk> References: <20250108193415.200555-1-leigh@solinno.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: IJ5DUIP4BTU7IK2OOMPPP4UKTYUBQR55 X-Message-ID-Hash: IJ5DUIP4BTU7IK2OOMPPP4UKTYUBQR55 X-MailFrom: leigh@solinno.co.uk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Leigh Brown X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1736364952514116600 Content-Type: text/plain; charset="utf-8" Adjust domain and network validation to permit standard linux bridges to allow vlan configuration. Update calls to virNetDevBridgeAddPort to pass the vlan configuration. Signed-off-by: Leigh Brown Reviewed-by: Laine Stump --- src/conf/domain_validate.c | 3 ++- src/lxc/lxc_process.c | 2 +- src/network/bridge_driver.c | 13 ++++++++----- src/util/virnetdevtap.c | 2 +- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index 1034bb57f5..61c83e25de 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -2077,7 +2077,8 @@ virDomainActualNetDefValidate(const virDomainNetDef *= net) (actualType =3D=3D VIR_DOMAIN_NET_TYPE_DIRECT && virDomainNetGetActualDirectMode(net) =3D=3D VIR_NETDEV_MACV= LAN_MODE_PASSTHRU) || (actualType =3D=3D VIR_DOMAIN_NET_TYPE_BRIDGE && - vport && vport->virtPortType =3D=3D VIR_NETDEV_VPORT_PROFI= LE_OPENVSWITCH))) { + vport && vport->virtPortType =3D=3D VIR_NETDEV_VPORT_PROFIL= E_OPENVSWITCH) || + (!vport && actualType =3D=3D VIR_DOMAIN_NET_TYPE_BRIDGE))) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("interface %1$s - vlan tag not supported for = this connection type"), macstr); diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 7c760cec40..d785244dde 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -289,7 +289,7 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm, vport, virDomainNetGetActualVl= an(net)) < 0) return NULL; } else { - if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0) + if (virNetDevBridgeAddPort(brname, parentVeth, virDomainNetGet= ActualVlan(net)) < 0) return NULL; =20 if (virDomainNetGetActualPortOptionsIsolated(net) =3D=3D VIR_T= RISTATE_BOOL_YES && diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index ce793c12ef..8f47ef2574 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -2999,7 +2999,8 @@ networkValidate(virNetworkDriverState *driver, =20 /* The only type of networks that currently support transparent * vlan configuration are those using hostdev sr-iov devices from - * a pool, and those using an Open vSwitch bridge. + * a pool, those using an Open vSwitch bridge, and standard linux + * bridges. */ =20 vlanAllowed =3D (def->forward.type =3D=3D VIR_NETWORK_FORWARD_HOSTDEV = || @@ -3007,15 +3008,17 @@ networkValidate(virNetworkDriverState *driver, (def->forward.type =3D=3D VIR_NETWORK_FORWARD_BRIDGE && def->virtPortProfile && def->virtPortProfile->virtPortType - =3D=3D VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH)); + =3D=3D VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) || + (def->forward.type =3D=3D VIR_NETWORK_FORWARD_BRIDGE && + !def->virtPortProfile)); =20 vlanUsed =3D def->vlan.nTags > 0; for (i =3D 0; i < def->nPortGroups; i++) { if (vlanUsed || def->portGroups[i].vlan.nTags > 0) { /* anyone using this portgroup will get a vlan tag. Verify - * that they will also be using an openvswitch connection, - * as that is the only type of network that currently - * supports a vlan tag. + * that they will also be using an openvswitch connection + * or a standard linux bridge as they are the only types of + * network that currently support a vlan tag. */ if (def->portGroups[i].virtPortProfile) { if (def->forward.type !=3D VIR_NETWORK_FORWARD_BRIDGE || diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c index a9573eb8e1..1dc77f0f5c 100644 --- a/src/util/virnetdevtap.c +++ b/src/util/virnetdevtap.c @@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname, return -1; } } else { - if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0) + if (virNetDevBridgeAddPort(brname, tapname, virtVlan) < 0) return -1; =20 if (isolatedPort =3D=3D VIR_TRISTATE_BOOL_YES && --=20 2.39.5 From nobody Tue Jan 21 04:14:02 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=solinno.co.uk Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736364903469256.7294950163922; Wed, 8 Jan 2025 11:35:03 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 7DC5E13BF; Wed, 8 Jan 2025 14:35:02 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id E1E9D13CC; Wed, 8 Jan 2025 14:34:06 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 75D1F1083; Wed, 8 Jan 2025 14:34:02 -0500 (EST) Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 72EABE89 for ; Wed, 8 Jan 2025 14:34:01 -0500 (EST) Received: from plato.solinno.co.uk (plato.dyn.solinno.co.uk [192.168.2.203]) by doppler.solinno.uk (Postfix) with ESMTPSA id 9D95962049; Wed, 8 Jan 2025 19:34:00 +0000 (GMT) Received: by plato.solinno.co.uk (Postfix, from userid 1000) id 68B1D47; Wed, 08 Jan 2025 19:34:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED, SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1736364840; bh=GCXoTqRG+x2rPfYx1My1RJnpxw5Y1QKaRqL49T/MLDk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EmB6urot6gruMex17c5g0zskAMm5DlkiZvjiCVMHP60OL4RuOdsg7uvi8wKzocjMh rwC7y1iUlMJMJoPAh72BlrjfBmtznV1QXNS9FKP4woE/DS5Zw8/95VhzCLy8FUTYXL rtYsHHLKYGFgRVHmEpEKt0VXw9Om83xTc1R5duK0= From: Leigh Brown To: devel@lists.libvirt.org, Laine Stump Subject: [PATCH v5 4/4] docs: standard linux bridges now support vlans Date: Wed, 8 Jan 2025 19:34:15 +0000 Message-ID: <20250108193415.200555-5-leigh@solinno.co.uk> X-Mailer: git-send-email 2.47.1 In-Reply-To: <20250108193415.200555-1-leigh@solinno.co.uk> References: <20250108193415.200555-1-leigh@solinno.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: ZYQFDMGTUBQYF7BNYQ7YTVTPS53PFZQS X-Message-ID-Hash: ZYQFDMGTUBQYF7BNYQ7YTVTPS53PFZQS X-MailFrom: leigh@solinno.co.uk X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Leigh Brown X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one) X-ZM-MESSAGEID: 1736364904300116600 Content-Type: text/plain; charset="utf-8" Update domain XML and network XML documentation to describe how standard linux bridges support the VLAN configuration. Signed-off-by: Leigh Brown Reviewed-by: Laine Stump --- docs/formatdomain.rst | 37 +++++++++++++++++----------------- docs/formatnetwork.rst | 45 +++++++++++++++++++++--------------------- 2 files changed, 42 insertions(+), 40 deletions(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 02c5361905..89073feb48 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -6039,28 +6039,29 @@ VLAN tags to apply to the guest's network traffic := since:`Since 0.10.0`. =20 Network connections that support guest-transparent VLAN tagging include ``type=3D'bridge'`` interfaces connected to an Open vSwitch bridge, SRIOV -Virtual Functions (VF) used via ``type=3D'hostdev'`` (direct device assign= ment) -and, :since:`since 1.3.5`, SRIOV VFs used via ``type=3D'direct'`` with -``mode=3D'passthrough'`` (macvtap "passthru" mode). All other -connection types, including standard linux bridges and libvirt's own virtu= al +Virtual Functions (VF) used via ``type=3D'hostdev'`` (direct device assign= ment), +:since:`since 1.3.5`, SRIOV VFs used via ``type=3D'direct'`` with +``mode=3D'passthrough'`` (macvtap "passthru" mode) and, :since:`since 11.0= .0` +standard linux bridges. Other connection types, including libvirt's own vi= rtual networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) sw= itches provide their own way (outside of libvirt) to tag guest traffic onto a spe= cific VLAN. Each tag is given in a separate ```` subelement of ```` (= for example: ````). For VLAN trunking of multiple tags (which = is -supported only on Open vSwitch connections), multiple ```` subelement= s can -be specified, which implies that the user wants to do VLAN trunking on the -interface for all the specified tags. In the case that VLAN trunking of a = single -tag is desired, the optional attribute ``trunk=3D'yes'`` can be added to t= he -toplevel ```` element to differentiate trunking of a single tag from -normal tagging. - -For network connections using Open vSwitch it is also possible to configure -'native-tagged' and 'native-untagged' VLAN modes :since:`Since 1.1.0`. Thi= s is -done with the optional ``nativeMode`` attribute on the ```` subelemen= t: -``nativeMode`` may be set to 'tagged' or 'untagged'. The ``id`` attribute = of the -```` subelement containing ``nativeMode`` sets which VLAN is consider= ed to -be the "native" VLAN for this interface, and the ``nativeMode`` attribute -determines whether or not traffic for that VLAN will be tagged. +supported on Open vSwitch connections and standard linux bridges), multiple +```` subelements can be specified, which implies that the user wants = to do +VLAN trunking on the interface for all the specified tags. In the case tha= t VLAN +trunking of a single tag is desired, the optional attribute ``trunk=3D'yes= '`` can +be added to the toplevel ```` element to differentiate trunking of a +single tag from normal tagging. + +For network connections using Open vSwitch and standard linux bridges it i= s also +possible to configure 'native-tagged' and 'native-untagged' VLAN modes +:since:`Since 1.1.0`. This is done with the optional ``nativeMode`` attrib= ute on +the ```` subelement: ``nativeMode`` may be set to 'tagged' or 'untagg= ed'. +The ``id`` attribute of the ```` subelement containing ``nativeMode``= sets +which VLAN is considered to be the "native" VLAN for this interface, and t= he +``nativeMode`` attribute determines whether or not traffic for that VLAN w= ill be +tagged. =20 =20 Isolating guests' network traffic from each other diff --git a/docs/formatnetwork.rst b/docs/formatnetwork.rst index 9b4ecbf31d..053fe6ad56 100644 --- a/docs/formatnetwork.rst +++ b/docs/formatnetwork.rst @@ -520,28 +520,29 @@ VLAN tags to apply to the guest's network traffic :si= nce:`Since 0.10.0`. =20 Network connections that support guest-transparent VLAN tagging include ``type=3D'bridge'`` interfaces connected to an Open vSwitch bridge, SRIOV -Virtual Functions (VF) used via ``type=3D'hostdev'`` (direct device assign= ment) -and, :since:`since 1.3.5`, SRIOV VFs used via ``type=3D'direct'`` with -``mode=3D'passthrough'`` (macvtap "passthru" mode). All other -connection types, including standard linux bridges and libvirt's own virtu= al -networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (VEPA) sw= itches -provide their own way (outside of libvirt) to tag guest traffic onto a spe= cific -VLAN. Each tag is given in a separate ```` subelement of ```` (= for -example: ````). For VLAN trunking of multiple tags (which = is -supported only on Open vSwitch connections), multiple ```` subelement= s can -be specified, which implies that the user wants to do VLAN trunking on the -interface for all the specified tags. In the case that VLAN trunking of a = single -tag is desired, the optional attribute ``trunk=3D'yes'`` can be added to t= he -toplevel ```` element to differentiate trunking of a single tag from -normal tagging. - -For network connections using Open vSwitch it is also possible to configure -'native-tagged' and 'native-untagged' VLAN modes :since:`Since 1.1.0`. Thi= s is -done with the optional ``nativeMode`` attribute on the ```` subelemen= t: -``nativeMode`` may be set to 'tagged' or 'untagged'. The ``id`` attribute = of the -```` subelement containing ``nativeMode`` sets which VLAN is consider= ed to -be the "native" VLAN for this interface, and the ``nativeMode`` attribute -determines whether or not traffic for that VLAN will be tagged. +Virtual Functions (VF) used via ``type=3D'hostdev'`` (direct device assign= ment), +:since:`since 1.3.5`, SRIOV VFs used via ``type=3D'direct'`` with +``mode=3D'passthrough'`` (macvtap "passthru" mode) and, :since:`since 11.0= .0`, +standard linux bridges. All other connection types, including libvirt's own +virtual networks, **do not** support it. 802.1Qbh (vn-link) and 802.1Qbg (= VEPA) +switches provide their own way (outside of libvirt) to tag guest traffic o= nto a +specific VLAN. Each tag is given in a separate ```` subelement of +```` (for example: ````). For VLAN trunking of multi= ple +tags (which is supported on Open vSwitch connections and standard linux +bridges), multiple ```` subelements can be specified, which implies t= hat +the user wants to do VLAN trunking on the interface for all the specified = tags. +In the case that VLAN trunking of a single tag is desired, the optional +attribute ``trunk=3D'yes'`` can be added to the toplevel ```` elemen= t to +differentiate trunking of a single tag from normal tagging. + +For network connections using Open vSwitch :since:`since 1.1.10` and stand= ard +linux bridges :since:`since 11.0.0` it is also possible to configure +'native-tagged' and 'native-untagged' VLAN modes. This is done with the op= tional +``nativeMode`` attribute on the ```` subelement: ``nativeMode`` may b= e set +to 'tagged' or 'untagged'. The ``id`` attribute of the ```` subelement +containing ``nativeMode`` sets which VLAN is considered to be the "native"= VLAN +for this interface, and the ``nativeMode`` attribute determines whether or= not +traffic for that VLAN will be tagged. =20 ```` elements can also be specified in a ```` element, as= well as directly in a domain's ```` element. In the case that a vlan= tag --=20 2.39.5