proxmox-mirrors/pve-common
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-common synced 2025-04-28 12:10:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

net: add name checks when creating bridge and veth interfaces

Browse Source 
Adds checks when creating interfaces with `veth_create`, which is used
when creating the veth interface for Linux firewall bridges, and
`iface_create`, which is used when creating Linux / OVS firewall bridges
and VLAN bridges.

There are no functional changes in `veth_create` except the added check.

Without these checks, the following cases:

- When creating more than 10 Linux firewall bridges on a VM with 9
  digits, e.g. 'fwbr999999999i10' is too long for an interface name
- When creating a VLAN bridge on a bridge that has already a long name,
  e.g. the bridge 'abcdefghjklm' will try to create 'abcdefghijklmv249'

will fail with a rather unhelpful error message from the kernel:

> Error: Attribute failed policy validation.

Signed-off-by: Daniel Kral <d.kral@proxmox.com>
This commit is contained in:
Daniel Kral 2024-09-25 13:39:30 +02:00 committed by Thomas Lamprecht
parent d67d5b26c3
commit d0dd3f25dc
1 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/PVE/Network.pm
View File

@ -190,6 +190,10 @@ sub iface_delete :prototype($) {
sub iface_create :prototype($$@) {
my ($iface, $type, @args) = @_;
eval { check_iface_name($iface) };
die "failed to create interface '$iface' - $@" if $@;
run_command(['/sbin/ip', 'link', 'add', $iface, 'type', $type, @args], noerr => 1)
== 0 or die "failed to create interface '$iface'\n";
return;
@ -376,17 +380,21 @@ sub veth_create {
# create veth pair
if (! -d "/sys/class/net/$veth") {
my $cmd = ['/sbin/ip', 'link', 'add'];
# veth device + MTU
push @$cmd, 'name', $veth;
push @$cmd, 'mtu', $bridgemtu;
push @$cmd, 'type', 'veth';
# peer device + MTU
push @$cmd, 'peer', 'name', $vethpeer, 'mtu', $bridgemtu;
eval {
check_iface_name($veth);
push @$cmd, 'addr', $mac if $mac;
my $cmd = ['/sbin/ip', 'link', 'add'];
# veth device + MTU
push @$cmd, 'name', $veth;
push @$cmd, 'mtu', $bridgemtu;
push @$cmd, 'type', 'veth';
# peer device + MTU
push @$cmd, 'peer', 'name', $vethpeer, 'mtu', $bridgemtu;
eval { run_command($cmd) };
push @$cmd, 'addr', $mac if $mac;
run_command($cmd);
};
die "can't create interface $veth - $@\n" if $@;
}