zones: simple: fix ip-forward && ipv6 snat

Signed-off-by: Alexandre Derumier <aderumier@odiso.com>

PVE/Network/SDN/Zones/SimplePlugin.pm

@@ -47,8 +47,6 @@ sub generate_sdn_config {
 
     return $config if$config->{$vnetid}; # nothing to do
 
-    my $ipv4 = $vnet->{ipv4};
-    my $ipv6 = $vnet->{ipv6};
     my $mac = $vnet->{mac};
     my $alias = $vnet->{alias};
     my $mtu = $plugin_config->{mtu} if $plugin_config->{mtu};
@@ -59,6 +57,9 @@ sub generate_sdn_config {
     my $address = {};
     my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1);
 
+    my $ipv4 = undef;
+    my $ipv6 = undef;
+
     foreach my $subnetid (sort keys %{$subnets}) {
 	my $subnet = $subnets->{$subnetid};
 	my $cidr = $subnet->{cidr};
@@ -69,18 +70,33 @@ sub generate_sdn_config {
 	    push @iface_config, "address $gateway/$mask" if !defined($address->{$gateway});
 	    $address->{$gateway} = 1;
 	}
+
+	my $iptables = undef;
+	my $checkrouteip = undef;
+	my $ipversion = Net::IP::ip_is_ipv6($gateway) ? 6 : 4;
+
+	if ( $ipversion == 6) {
+	    $ipv6 = 1;
+	    $iptables = "ip6tables";
+	    $checkrouteip = '2001:4860:4860::8888';
+	} else {
+	    $ipv4 = 1;
+	    $iptables = "iptables";
+	    $checkrouteip = '8.8.8.8';
+	}
+
 	#add route for /32 pointtopoint
-	push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32;
+	push @iface_config, "up ip route add $cidr dev $vnetid" if $mask == 32 && $ipversion == 4;
 	if ($subnet->{snat}) {
 	    #find outgoing interface
-	    my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip('8.8.8.8');
+	    my ($outip, $outiface) = PVE::Network::SDN::Zones::Plugin::get_local_route_ip($checkrouteip);
 	    if ($outip && $outiface) {
 		#use snat, faster than masquerade
-		push @iface_config, "post-up iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
-		push @iface_config, "post-down iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+		push @iface_config, "post-up $iptables -t nat -A POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
+		push @iface_config, "post-down $iptables -t nat -D POSTROUTING -s '$cidr' -o $outiface -j SNAT --to-source $outip";
 		#add conntrack zone once on outgoing interface
-		push @iface_config, "post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
-		push @iface_config, "post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
+		push @iface_config, "post-up $iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1";
+		push @iface_config, "post-down $iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1";
 	    }
 	}
     }
@@ -95,6 +111,8 @@ sub generate_sdn_config {
     }
     push @iface_config, "mtu $mtu" if $mtu;
     push @iface_config, "alias $alias" if $alias;
+    push @iface_config, "ip-forward on" if $ipv4;
+    push @iface_config, "ip6-forward on" if $ipv6;
 
     push @{$config->{$vnetid}}, @iface_config;
 

test/zones/simple/hetzner/expected_sdn_interfaces

@@ -0,0 +1,19 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 144.76.100.65/29
+	bridge_ports none
+	bridge_stp off
+	bridge_fd 0
+	ip-forward on
+
+auto myvnet2
+iface myvnet2
+	address 144.76.0.1/32
+	up ip route add 144.76.200.65/32 dev myvnet2
+	up ip route add 144.76.200.66/32 dev myvnet2
+	bridge_ports none
+	bridge_stp off
+	bridge_fd 0
+	ip-forward on

test/zones/simple/hetzner/interfaces

@@ -0,0 +1,6 @@
+auto eth0
+iface eth0 inet static
+  address 144.76.0.1
+  netmask 255.255.255.255
+  pointopoint 172.31.1.1
+  gateway 172.31.1.1

test/zones/simple/hetzner/sdn_config

@@ -0,0 +1,34 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone" },
+                        myvnet2 => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "simple" } },
+             },
+
+  subnets => {
+                ids => {
+                        'myzone-144.76.100.64-29' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet',
+                                                        'gateway' => '144.76.100.65',
+                                                },
+                        'myzone-144.76.200.65-32' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet2',
+                                                        'gateway' => '144.76.0.1',
+                                                },
+                        'myzone-144.76.200.66-32' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet2',
+                                                        'gateway' => '144.76.0.1',
+                                                },
+                }
+             }
+}
+
+

test/zones/simple/ipv4/expected_sdn_interfaces

@@ -6,3 +6,4 @@ iface myvnet
 	bridge_ports none
 	bridge_stp off
 	bridge_fd 0
+	ip-forward on

test/zones/simple/ipv4snat/expected_sdn_interfaces

@@ -10,3 +10,4 @@ iface myvnet
 	bridge_ports none
 	bridge_stp off
 	bridge_fd 0
+	ip-forward on

test/zones/simple/ipv4v6/expected_sdn_interfaces

@@ -0,0 +1,11 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 192.168.0.1/24
+	address 2a08:2142:302:3::1/64
+	bridge_ports none
+	bridge_stp off
+	bridge_fd 0
+	ip-forward on
+	ip6-forward on

test/zones/simple/ipv4v6/interfaces

@@ -0,0 +1,5 @@
+auto vmbr0
+iface vmbr0 inet manual
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0

test/zones/simple/ipv4v6/sdn_config

@@ -0,0 +1,27 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "simple" } },
+             },
+  subnets => {
+		ids => {
+			'myzone-192.168.0.0-24' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '192.168.0.1',
+						},
+			'myzone-2a08:2142:302:3::-64' => {
+							'type' => 'subnet',
+							'vnet' => 'myvnet',
+							'gateway' => '2a08:2142:302:3::1',
+							}
+		}
+             }
+}
+
+

test/zones/simple/ipv6snat/expected_sdn_interfaces

@@ -0,0 +1,13 @@
+#version:1
+
+auto myvnet
+iface myvnet
+	address 2a08:2142:302:3::1/64
+	post-up ip6tables -t nat -A POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+	post-down ip6tables -t nat -D POSTROUTING -s '2a08:2142:302:3::/64' -o vmbr0 -j SNAT --to-source 192.168.0.1
+	post-up ip6tables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
+	post-down ip6tables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
+	bridge_ports none
+	bridge_stp off
+	bridge_fd 0
+	ip6-forward on

test/zones/simple/ipv6snat/interfaces

@@ -0,0 +1,7 @@
+auto vmbr0
+iface vmbr0 inet static
+	address 192.168.0.1/24
+	gateway 192.168.0.254
+        bridge-ports eth0
+        bridge-stp off
+        bridge-fd 0

test/zones/simple/ipv6snat/sdn_config

@@ -0,0 +1,24 @@
+{
+  version => 1,
+  vnets   => {
+               ids => {
+                        myvnet => { type => "vnet", zone => "myzone" },
+                      },
+             },
+  zones   => {
+               ids => { myzone => { ipam => "pve", type => "simple" } },
+             },
+
+  subnets => {
+                ids => {
+                        'myzone-2a08:2142:302:3::-64' => {
+                                                        'type' => 'subnet',
+                                                        'vnet' => 'myvnet',
+                                                        'gateway' => '2a08:2142:302:3::1',
+							'snat'	=> 1
+                                                        }
+                }
+             }
+}
+
+