Am 22/02/2023 um 13:49 schrieb Christoph Heiss: > Add a `Disconnect` option for network interfaces on LXC containers, much > like it already exists for VMs. This has been requested in #3413 [0] and > seems useful, especially considering we already support the same thing > for VMs. > > One thing to note is that LXC does not seem to support the notion of > setting an interface down. The `flags` property would suggest that this > possible [1], but AFAICS it does not work. I tried setting the value as > empty and to something else than "up" (since that is really the only > supported option [2][3]), which both had absolutely no effect. > > Thus force the host-side link of the container network down and avoid > adding it to the designated bridge if the new option is set, effectively > disconnecting the container network. > > The first patch is cleanup only and does not change anything regarding > functionality. > > Testing > ------- > Testing was done by starting a LXC container (w/ and w/o `link_down` > set), checking if the interface has (or not) LOWERLAYERDOWN set inside > the container (`ip address eth0`) and if packet transit works (or not) > using a simple `ping`. Same thing after toggeling the option on the > interface. Further, the interface(s) should (or should not) be listed > in `brctl show`. Same thing was done for hotplugged interfaces to a > running container. > > Also tested with `ifreload -a` (thanks Wolfgang!) thrown in, which did > nothing unexpected: If `link_down` was set, interfaces stayed in > LOWERLAYERDOWN and unplugged from the bridge, and stayed UP and plugged > into the bridge when `link_down` was unset. > > [0] https://bugzilla.proxmox.com/show_bug.cgi?id=3413 > [1] > https://linuxcontainers.org/lxc/manpages/man5/lxc.container.conf.5.html#lbAO > [2] https://github.com/lxc/lxc/blob/08f0e769/src/lxc/confile.c#L453-L467 > [3] https://github.com/lxc/lxc/blob/08f0e769/src/lxc/confile.c#L5933-L5952 > > v1: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055762.html > v2: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055795.html > v3: https://lists.proxmox.com/pipermail/pve-devel/2023-February/055839.html > > pve-container: > > Christoph Heiss (2): > net: Pass network config directly to net_tap_plug() > net: Add `link_down` config to allow setting interfaces as disconnected > > src/PVE/LXC.pm | 37 +++++++++++++++++++++++-------------- > src/PVE/LXC/Config.pm | 6 ++++++ > src/lxcnetaddbr | 9 +-------- > 3 files changed, 30 insertions(+), 22 deletions(-) >
applied above two, with the relevant bits of the cover letter added to the commit message of the second container patch, thanks! _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
