add vlan aware ifupdown script v3

This add support to enable vlan aware bridge, and management interfaces example: 1 bridge and 1 administration port on vlan 100 auto vmbr0 iface vmbr0 inet manual bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_vlan_aware yes bridge_vids 10-15 auto vmbr0.100 iface vmbr0.100 inet static address X.X.X.X netmask 255.255.255.0 gateway X.X.X.X bridge_vids is optional, and allow on the specified vlans.(current take 1 value or range, need to be improve with list) If not specified, the allowed vlan are 2-4094. vlan 1 is the default pvid. (all untagged traffic is going to this vlan). scripts: - /etc/network/if-up.d/bridgevlan manage bridge vlan aware configuration - /etc/network/if-up.d/bridgevlanport manage bridge vlan admin port -/etc/network/if-pre-up.d/vlan -/etc/network/if-post-down.d/vlan replace current vlan package, without vconfig usage and cleanups It's only needed to create vlan interface from bridge_ports. Signed-off-by: Alexandre Derumier <aderumier@odiso.com>
2015-07-29 04:42:42 +02:00 · 2015-07-29 04:42:42 +02:00 · 312ce78084
commit 312ce78084
parent f6913d83c5
7 changed files with 155 additions and 3 deletions
--- a/7
+++ b/7
@ -80,7 +80,7 @@ aplupload:
 	scp aplinfo/aplinfo.dat aplinfo.dat.gz aplinfo/aplinfo.dat.asc download1.proxmox.com:/home/ftp/appliances/

 .PHONY: install
-install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu
+install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan bridgevlanport vlan vlan-down
 	install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
 	install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
 	install -d ${DESTDIR}/usr/share/${PACKAGE}
@ -97,6 +97,11 @@ install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf p
 	install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
 	install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
 	install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
+	install -D -m 0755 bridgevlan ${DESTDIR}/etc/network/if-up.d/bridgevlan
+	install -D -m 0755 bridgevlanport ${DESTDIR}/etc/network/if-up.d/bridgevlanport
+	install -D -m 0755 vlan ${DESTDIR}/etc/network/if-pre-up.d/vlan
+	install -D -m 0755 vlan-down ${DESTDIR}/etc/network/if-post-down.d/vlan
+
 	install -m 0644 vzdump-hook-script.pl ${DOCDIR}/examples/vzdump-hook-script.pl
 	install -m 0644 spice-example-sh ${DOCDIR}/examples/spice-example-sh
 	install -m 0644 copyright ${DOCDIR}
--- a/54
+++ b/54
@ -0,0 +1,54 @@
+#!/bin/sh
+
+if [ ! -x /sbin/bridge ] && [ ! -f /sys/class/net/$IFACE/bridge/vlan_filtering ]
+then
+  exit 0
+fi
+
+# Enabling vlan filtering feature
+if [ "$MODE" = "start" ] ; then
+
+  if [ -n "$IF_BRIDGE_VLAN_AWARE" ]
+  then
+    echo 1 > /sys/class/net/$IFACE/bridge/vlan_filtering
+  else
+   exit 0
+  fi
+
+fi
+
+. /lib/bridge-utils/bridge-utils.sh
+
+case "$IF_BRIDGE_PORTS" in
+    "")
+	exit 0
+	;;
+    none)
+	INTERFACES=""
+	;;
+    *)
+	INTERFACES="$IF_BRIDGE_PORTS"
+	;;
+esac
+
+all_interfaces= &&
+unset all_interfaces &&
+bridge_parse_ports $INTERFACES | while read i
+do
+  for port in $i
+  do
+    if [ "$MODE" = "start" ] && [ -d /sys/class/net/$IFACE/brif/$port ]; then
+      #we allow vlan to pass through attached interface
+      if [[ $port =~ ^(eth|bond|wlan)[0-9]{1,2}$ ]]
+      then
+        if [ -n "$IF_BRIDGE_VIDS" ]
+	then
+             bridge vlan add dev $port vid $IF_BRIDGE_VIDS
+	else
+             bridge vlan add dev $port vid 2-4094
+        fi
+      fi
+    fi
+  done
+done
+
--- a/23
+++ b/23
@ -0,0 +1,23 @@
+#!/bin/sh
+
+if [ ! -x /sbin/bridge ]
+then
+  exit 0
+fi
+
+if [ "$MODE" = "start" ] ; then
+  case "$IFACE" in
+    *.[0-9]*)
+      VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"`
+      IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"`
+    ;;
+  esac
+
+  if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
+      if [ -e "/sys/class/net/$IF_VLAN_RAW_DEVICE/bridge/vlan_filtering" ]; then 
+          bridge vlan add dev $IF_VLAN_RAW_DEVICE vid $VLANID self
+      fi
+  fi
+fi
+
+
--- a/debian/conffiles
+++ b/debian/conffiles
@ -11,3 +11,7 @@
 /etc/apt/pve-repo-ca-certificates.crt
 /etc/apt/sources.list.d/pve-enterprise.list
 /etc/network/if-up.d/mtu
+/etc/network/if-pre-up.d/vlan
+/etc/network/if-post-down.d/vlan
+/etc/network/if-up.d/bridgevlan
+/etc/network/if-up.d/bridgevlanport
--- a/debian/control.in
+++ b/debian/control.in
@ -3,8 +3,8 @@ Version: @VERSION@-@PACKAGERELEASE@
 Section: admin
 Priority: optional
 Architecture: amd64
-Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, vlan, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container
-Conflicts: netcat-openbsd, vzdump
+Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container
+Conflicts: netcat-openbsd, vzdump, vlan
 Replaces: vzdump
 Provides: vzdump
 Maintainer: Proxmox Support Team <support@proxmox.com>
--- a/40
+++ b/40
@ -0,0 +1,40 @@
+#!/bin/sh
+
+# Most of this stuff is to enable vlans, it's really only needed by bridge_utils
+case "$IFACE" in
+  # Ignore any alias (#272891) which uses <interface>:<alabel>
+  *:*)
+    exit 0
+  ;;
+  vlan[0-9]*)
+    VLANID=`echo $IFACE|sed "s/vlan*//"`
+  ;;
+  *.[0-9]*)
+    # Silently ignore interfaces which ifupdown handles on its own
+    # If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils
+    [ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0
+    VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"`
+    IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"`
+  ;;
+
+  *)
+    exit 0
+  ;;
+esac
+
+if [ -n "$IF_VLAN_RAW_DEVICE" ]; then
+    if ! ip link show dev "$IF_VLAN_RAW_DEVICE" > /dev/null; then
+        echo "$IF_VLAN_RAW_DEVICE does not exist, unable to create $IFACE"
+        exit 1
+    fi
+    if [ ! -e "/sys/class/net/$IFACE" ]; then
+        ip link set up dev $IF_VLAN_RAW_DEVICE
+	ip link add link $IF_VLAN_RAW_DEVICE name $IFACE type vlan id $VLANID 
+    fi
+
+fi
+
+# This is not vlan specific, and should actually go somewhere else.
+if [ -n "$IF_HW_MAC_ADDRESS" ]; then
+    ip link set $IFACE address $IF_HW_MAC_ADDRESS
+fi
--- a/26
+++ b/26
@ -0,0 +1,26 @@
+#!/bin/sh
+
+# If IFACE is an automagic vlan interface (without the vlan-raw-device
+# parameter) then let's try to discover the magic here..  Another way would be
+# to just probe for the right device name in /proc/net/vlan
+
+case "$IFACE" in
+  # Ignore any alias (#272891)
+  *:*)
+    exit 0
+  ;;
+  *.[0-9]*)
+    # Silently ignore interfaces which ifupdown handles on its own
+    # If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils
+    [ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0
+    IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([A-Za-z0-9]*\)\..*/\1/"`
+  ;;
+  # Test for vlan raw device (#196890, #292648)
+  *)
+    [ -z "$IF_VLAN_RAW_DEVICE" ] && exit 0
+  ;;
+esac
+
+if [ -e "/sys/class/net/$IFACE" ]; then
+    ip link delete $IFACE
+fi