diff --git a/Makefile b/Makefile index a09393cd..ee9f3b29 100644 --- a/Makefile +++ b/Makefile @@ -80,7 +80,7 @@ aplupload: scp aplinfo/aplinfo.dat aplinfo.dat.gz aplinfo/aplinfo.dat.asc download1.proxmox.com:/home/ftp/appliances/ .PHONY: install -install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu +install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan bridgevlanport vlan vlan-down install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve install -d ${DESTDIR}/usr/share/${PACKAGE} @@ -97,6 +97,11 @@ install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf p install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu + install -D -m 0755 bridgevlan ${DESTDIR}/etc/network/if-up.d/bridgevlan + install -D -m 0755 bridgevlanport ${DESTDIR}/etc/network/if-up.d/bridgevlanport + install -D -m 0755 vlan ${DESTDIR}/etc/network/if-pre-up.d/vlan + install -D -m 0755 vlan-down ${DESTDIR}/etc/network/if-post-down.d/vlan + install -m 0644 vzdump-hook-script.pl ${DOCDIR}/examples/vzdump-hook-script.pl install -m 0644 spice-example-sh ${DOCDIR}/examples/spice-example-sh install -m 0644 copyright ${DOCDIR} diff --git a/bridgevlan b/bridgevlan new file mode 100755 index 00000000..2e7612cc --- /dev/null +++ b/bridgevlan @@ -0,0 +1,54 @@ +#!/bin/sh + +if [ ! -x /sbin/bridge ] && [ ! -f /sys/class/net/$IFACE/bridge/vlan_filtering ] +then + exit 0 +fi + +# Enabling vlan filtering feature +if [ "$MODE" = "start" ] ; then + + if [ -n "$IF_BRIDGE_VLAN_AWARE" ] + then + echo 1 > /sys/class/net/$IFACE/bridge/vlan_filtering + else + exit 0 + fi + +fi + +. /lib/bridge-utils/bridge-utils.sh + +case "$IF_BRIDGE_PORTS" in + "") + exit 0 + ;; + none) + INTERFACES="" + ;; + *) + INTERFACES="$IF_BRIDGE_PORTS" + ;; +esac + +all_interfaces= && +unset all_interfaces && +bridge_parse_ports $INTERFACES | while read i +do + for port in $i + do + if [ "$MODE" = "start" ] && [ -d /sys/class/net/$IFACE/brif/$port ]; then + #we allow vlan to pass through attached interface + if [[ $port =~ ^(eth|bond|wlan)[0-9]{1,2}$ ]] + then + if [ -n "$IF_BRIDGE_VIDS" ] + then + bridge vlan add dev $port vid $IF_BRIDGE_VIDS + else + bridge vlan add dev $port vid 2-4094 + fi + fi + fi + done +done + diff --git a/bridgevlanport b/bridgevlanport new file mode 100755 index 00000000..6f7ec5d3 --- /dev/null +++ b/bridgevlanport @@ -0,0 +1,23 @@ +#!/bin/sh + +if [ ! -x /sbin/bridge ] +then + exit 0 +fi + +if [ "$MODE" = "start" ] ; then + case "$IFACE" in + *.[0-9]*) + VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"` + IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"` + ;; + esac + + if [ -n "$IF_VLAN_RAW_DEVICE" ]; then + if [ -e "/sys/class/net/$IF_VLAN_RAW_DEVICE/bridge/vlan_filtering" ]; then + bridge vlan add dev $IF_VLAN_RAW_DEVICE vid $VLANID self + fi + fi +fi + + diff --git a/debian/conffiles b/debian/conffiles index 895abdfe..2bb00273 100644 --- a/debian/conffiles +++ b/debian/conffiles @@ -11,3 +11,7 @@ /etc/apt/pve-repo-ca-certificates.crt /etc/apt/sources.list.d/pve-enterprise.list /etc/network/if-up.d/mtu +/etc/network/if-pre-up.d/vlan +/etc/network/if-post-down.d/vlan +/etc/network/if-up.d/bridgevlan +/etc/network/if-up.d/bridgevlanport diff --git a/debian/control.in b/debian/control.in index 7b78973e..e333d1d9 100644 --- a/debian/control.in +++ b/debian/control.in @@ -3,8 +3,8 @@ Version: @VERSION@-@PACKAGERELEASE@ Section: admin Priority: optional Architecture: amd64 -Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, vlan, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container -Conflicts: netcat-openbsd, vzdump +Depends: perl (>= 5.10.0-19), libtimedate-perl, libauthen-pam-perl, libintl-perl, rsync, libjson-perl, liblockfile-simple-perl, vncterm, qemu-server (>= 1.1-1), libwww-perl (>= 6.04-1), libnet-http-perl (>= 6.06-1), libhttp-daemon-perl, wget, libnet-dns-perl, ifenslave-2.6 (>= 1.1.0-10), liblinux-inotify2-perl, debconf (>= 0.5) | debconf-2.0, netcat-traditional, pve-cluster (>= 1.0-29), libpve-common-perl, libpve-storage-perl, libterm-readline-gnu-perl, libpve-access-control (>= 3.0-2), libio-socket-ssl-perl, libfilesys-df-perl, libfile-readbackwards-perl, libfile-sync-perl, cstream, postfix | mail-transport-agent, libxml-parser-perl, lzop, dtach, libanyevent-perl, liburi-perl, logrotate, libanyevent-http-perl, apt-transport-https, libapt-pkg-perl, libcrypt-ssleay-perl, liblwp-protocol-https-perl, spiceterm, libuuid-perl, hdparm, gdisk, librados2-perl, pve-firewall, novnc-pve, libev-perl, systemd, pve-ha-manager, pve-container +Conflicts: netcat-openbsd, vzdump, vlan Replaces: vzdump Provides: vzdump Maintainer: Proxmox Support Team diff --git a/vlan b/vlan new file mode 100755 index 00000000..abe646ad --- /dev/null +++ b/vlan @@ -0,0 +1,40 @@ +#!/bin/sh + +# Most of this stuff is to enable vlans, it's really only needed by bridge_utils +case "$IFACE" in + # Ignore any alias (#272891) which uses : + *:*) + exit 0 + ;; + vlan[0-9]*) + VLANID=`echo $IFACE|sed "s/vlan*//"` + ;; + *.[0-9]*) + # Silently ignore interfaces which ifupdown handles on its own + # If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils + [ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0 + VLANID=`echo $IFACE|sed "s/[a-zA-Z0-9]*\.//g"` + IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([a-zA-Z0-9]*\)\..*/\1/"` + ;; + + *) + exit 0 + ;; +esac + +if [ -n "$IF_VLAN_RAW_DEVICE" ]; then + if ! ip link show dev "$IF_VLAN_RAW_DEVICE" > /dev/null; then + echo "$IF_VLAN_RAW_DEVICE does not exist, unable to create $IFACE" + exit 1 + fi + if [ ! -e "/sys/class/net/$IFACE" ]; then + ip link set up dev $IF_VLAN_RAW_DEVICE + ip link add link $IF_VLAN_RAW_DEVICE name $IFACE type vlan id $VLANID + fi + +fi + +# This is not vlan specific, and should actually go somewhere else. +if [ -n "$IF_HW_MAC_ADDRESS" ]; then + ip link set $IFACE address $IF_HW_MAC_ADDRESS +fi diff --git a/vlan-down b/vlan-down new file mode 100644 index 00000000..bb2d31f8 --- /dev/null +++ b/vlan-down @@ -0,0 +1,26 @@ +#!/bin/sh + +# If IFACE is an automagic vlan interface (without the vlan-raw-device +# parameter) then let's try to discover the magic here.. Another way would be +# to just probe for the right device name in /proc/net/vlan + +case "$IFACE" in + # Ignore any alias (#272891) + *:*) + exit 0 + ;; + *.[0-9]*) + # Silently ignore interfaces which ifupdown handles on its own + # If IF_BRIDGE_PORTS is set, probably we're called by bridge-utils + [ -z "$IF_VLAN_RAW_DEVICE" -a -z "$IF_BRIDGE_PORTS" ] && exit 0 + IF_VLAN_RAW_DEVICE=`echo $IFACE|sed "s/\([A-Za-z0-9]*\)\..*/\1/"` + ;; + # Test for vlan raw device (#196890, #292648) + *) + [ -z "$IF_VLAN_RAW_DEVICE" ] && exit 0 + ;; +esac + +if [ -e "/sys/class/net/$IFACE" ]; then + ip link delete $IFACE +fi