[pve-devel] [PATCH pve-network] vnet/subnet : add skipdns option

allow to register ip to ipam without dns registration. can be used for temp/pending ip for example Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Subnets.pm | 70 ++ PVE/Network/SDN/Vnets.pm | 16 - 2 files changed, 49 insertions(+), 37

[pve-devel] ifupdown2 "bridge_set_static_mac_from_port" policy

Hi, it seem that it's possible to enable some policy on bridge in ifupdown2 cumulus linux distro for example, have this policy $ cat /var/lib/ifupdown2/policy.d/bridge.json { "bridge": { "module_globals": { "warn_on_untagged_bridge_absence": "yes", "vxlan_bridge_default_igmp_snooping": "off", "

Re: [pve-devel] [PATCH pve-network] vnet/subnet : add skipdns option

Le mardi 13 juillet 2021 à 06:41 +0200, Thomas Lamprecht a écrit : > On 12.07.21 00:48, Alexandre Derumier wrote: > > allow to register ip to ipam without dns registration. > > can be used for temp/pending ip for example > > > > Signed-off-by: Alexandre Derumier &

Re: [pve-devel] [PATCH pve-network] vnet/subnet : add skipdns option

atches too before the end of the week Le mardi 13 juillet 2021 à 08:17 +0200, alexandre derumier a écrit : > Le mardi 13 juillet 2021 à 06:41 +0200, Thomas Lamprecht a écrit : > > On 12.07.21 00:48, Alexandre Derumier wrote: > > > allow to register ip to ipam without dns registr

[pve-devel] [PATCH frr 3/3] bump to 7.5.1

Signed-off-by: Alexandre Derumier --- Makefile | 2 +- debian/changelog | 6 ++ debian/compat| 1 + debian/control | 9 + 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 debian/compat diff --git a/Makefile b/Makefile index 5ed61ca..39a5d10 100644

[pve-devel] [PATCH frr 0/3] update to 7.5.1

This update frr to 7.5.1 Alexandre Derumier (3): update patches Work around the sphinx-build error that doesn't copy images to texinfo bump to 7.5.1 Makefile | 2 +- debian/changelog | 6 + debian/c

[pve-devel] [PATCH frr 1/3] update patches

Signed-off-by: Alexandre Derumier --- .../patches/pve/0001-enable-bgp-daemon.patch | 10 ...on-for-RT-auto-derivation-to-force-A.patch | 24 +-- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/debian/patches/pve/0001-enable-bgp-daemon.patch b/debian

[pve-devel] [PATCH frr 2/3] Work around the sphinx-build error that doesn't copy images to texinfo

Signed-off-by: Alexandre Derumier --- debian/frr-doc.install | 16 1 file changed, 16 insertions(+) create mode 100644 debian/frr-doc.install diff --git a/debian/frr-doc.install b/debian/frr-doc.install new file mode 100644 index 000..a666162 --- /dev/null +++ b/debian/frr

[pve-devel] [PATCH ifupdown2 1/2] update patches

Signed-off-by: Alexandre Derumier --- .../pve/0009-allow-vlan-tag-inside-vxlan-tunnel.patch | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/patches/pve/0009-allow-vlan-tag-inside-vxlan-tunnel.patch b/debian/patches/pve/0009-allow-vlan-tag-inside-vxlan

[pve-devel] [PATCH ifupdown2 0/2] update to 3.1.0

This patches serie update ifupdown2 to 3.1.0. Alexandre Derumier (2): update patches bump version to 3.1.0-1+pve1 debian/changelog | 6 ++ .../pve/0009-allow-vlan-tag-inside-vxlan-tunnel.patch | 10 +- 2 files changed, 11 insertions(+), 5

[pve-devel] [PATCH ifupdown2 2/2] bump version to 3.1.0-1+pve1

Signed-off-by: Alexandre Derumier --- debian/changelog | 6 ++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 80886f9..960cf5d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ifupdown2 (3.1.0-1+pve1) bullseye; urgency=medium

Re: [pve-devel] ifupdown2 "bridge_set_static_mac_from_port" policy

about this option: https://support.cumulusnetworks.com/hc/en-us/articles/360005695794- Cumulus-Linux-Derivation-of-MAC-Address-for-a-Bridge Le mercredi 14 juillet 2021 à 08:19 +0200, Thomas Lamprecht a écrit : > On 14.07.21 07:38, Thomas Lamprecht wrote: > > On 13.07.21 07:16, alexandre derumier wrote:

Re: [pve-devel] ifupdown2 "bridge_set_static_mac_from_port" policy

0 address c8:1f:66:f8:e8:bc info: vmbr0: netlink: ip link set dev vmbr0 up info: executing /sbin/sysctl net.mpls.conf.vmbr0/100.input=0 info: vmbr0.100: netlink: ip link set dev vmbr0.100 down info: vmbr0.100: netlink: ip link set dev vmbr0.100 address c8:1f:66:f8:e8:bc info: vmbr0.100: netlink:

Re: [pve-devel] [RFC qemu-server 2/2] fix #3075: add TPM v1.2 and v2.0 support via swtpm

Hi, I have found old post where a nvram device (using a qcow2 or raw file as backend) was used with tpm https://libvir-list.redhat.narkive.com/eOrJPdYX/libvirt-how-libvirt-address-qemu-command-line-args also dev doc from 2011 mention it https://wiki.qemu.org/Features/TPM (I don't have tested to

[pve-devel] [PATCH pve-network] evpn : remove "ip route add vrf vrf_myzone unreachable default metric 4278198272" on exit node

This is breaking routing between the evpn vrf && default vrf leak on exit node only Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/EvpnPlugin.pm | 5 ++--- test/zones/evpn/exitnode/expected_sdn_interfaces | 1 - test/zones/evpn/exitn

[pve-devel] [PATCH ifupdown2] patch: fix 3.1 pointopoint regression

+From: Alexandre Derumier +Date: Mon, 26 Jul 2021 08:05:38 +0200 +Subject: [PATCH] fix pointopoint regression + +partially revert ba5437b9ecf9aa1401ac985ebf97009cc3114481 + +https://forum.proxmox.com/threads/hetzner-pve-7-0-problems-after-reboot-maybe-ifupdown2.92935/ +Signed-off-by: Alexandre Der

[pve-devel] [PATCH pve-manager 0/2] sdn: permissions improvments

- display zones list in global permissions management pathselector - remove vmbrX bridges from bridgeselector if user have permissions on vnets Alexandre Derumier (2): permpathstore: add sdn zones api2 : network: anybridge: don't display bridges if user have access to vnets. PVE

[pve-devel] [PATCH pve-network] get_local_vnets: add permissions on /sdn/vnets/*

Signed-off-by: Alexandre Derumier --- PVE/Network/SDN.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN.pm b/PVE/Network/SDN.pm index d3399ce..b95dd5b 100644 --- a/PVE/Network/SDN.pm +++ b/PVE/Network/SDN.pm @@ -193,7 +193,7 @@ sub get_local_vnets

[pve-devel] [PATCH pve-manager 1/2] permpathstore: add sdn zones

Signed-off-by: Alexandre Derumier --- www/manager6/data/PermPathStore.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/www/manager6/data/PermPathStore.js b/www/manager6/data/PermPathStore.js index 1dc276b6..cf702c03 100644 --- a/www/manager6/data/PermPathStore.js +++ b/www/manager6

[pve-devel] [PATCH pve-manager 2/2] api2 : network: anybridge: don't display bridges if user have access to vnets.

This remove vmbr* from bridgeselector if user have access to vnets. (as currently, we don't have have permission management on vmbr$) Signed-off-by: Alexandre Derumier --- PVE/API2/Network.pm | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/PVE

[pve-devel] [PATCH pve-manager 1/1] api2 : network: anybridge: don't display bridges if user have access to vnets.

This remove vmbr* from bridgeselector if user have access to vnets. (as currently, we don't have have permission management on vmbr$) Signed-off-by: Alexandre Derumier --- PVE/API2/Network.pm | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/PVE

[pve-devel] [PATCH pve-access-control] check_path: add /sdn/vnets/* path

Signed-off-by: Alexandre Derumier --- src/PVE/AccessControl.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/src/PVE/AccessControl.pm b/src/PVE/AccessControl.pm index 3d8d01c..a9d97e8 100644 --- a/src/PVE/AccessControl.pm +++ b/src/PVE/AccessControl.pm @@ -944,6 +944,7 @@ sub check_path

Re: [pve-devel] [PATCH pve-manager 2/2] api2 : network: anybridge: don't display bridges if user have access to vnets.

be could we add a special permission like "noaccess" with path like /bridge/vmbrX  ? (we currently have a role "noaccess", but it's simply a role without any permission. Le jeudi 05 août 2021 à 16:59 +0200, Alexandre Derumier a écrit : > This remove vmbr* from bridgeselec

[pve-devel] [PATCH frr] fix regression with evpn MH introduce in 7.5

Signed-off-by: Alexandre Derumier --- Makefile | 2 +- debian/changelog | 6 .../pve/0003-bugfix-local_inactive.patch | 33 +++ debian/patches/series | 1 + 4 files changed, 41

Re: [pve-devel] [PATCH qemu] drop patch force-disabling smm

> 6.1, it should be tested) > > All this does is toggle an option, and it's available via a > qemu CLI option anyway, so if dropping this patch causes > issues for some people we can just add an option to > qemu-server & UI control smm explicitly. > >

[pve-devel] [PATCH frr 4/4] bump to 7.5.1-99+pve~really7.4

--- Makefile | 2 +- debian/changelog | 7 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 39a5d10..dcd7d74 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ PACKAGE=frr VER=7.5.1 -PKGREL=1+pve +PKGREL=99+pve~really7.4 SRCDIR=frr BUI

[pve-devel] [PATCH frr 2/4] Revert "update patches"

f098e90f4d690e771f63f48e0540a470faa91892 Mon Sep 17 00:00:00 2001 From: Alexandre Derumier Date: Wed, 25 Nov 2020 12:41:32 +0100 -Subject: [PATCH 1/2] enable bgp && bfd daemons +Subject: [PATCH] enable bgp && bfd daemons Signed-off-by: Alexandre Derumier --- @@ -9,12 +9,12

[pve-devel] [PATCH frr 1/4] Revert "update submodule to frr-7.5.1"

This reverts commit 077f1f03aea2dae44c160a97af04a30d41760ee4. --- frr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frr b/frr index df7ab48..507bf79 16 --- a/frr +++ b/frr @@ -1 +1 @@ -Subproject commit df7ab485bde1a511f131f7ad6b70cb43c48c8e6d +Subproject commit 507bf79cd

[pve-devel] [PATCH frr 0/4] revert frr to 7.4

fixed, this patch series is reverting to 7.4, with "7.5.1-99+pve~really7.4" version to be sure to have the priority over debian package. Alexandre Derumier (4): Revert "update submodule to frr-7.5.1" Revert "update patches" fix python3.9 bump t

[pve-devel] [PATCH frr 3/4] fix python3.9

--- ...e-ax_python.m4-to-hardcode-python3.9.patch | 25 +++ debian/patches/series | 1 + 2 files changed, 26 insertions(+) create mode 100644 debian/patches/0001-Adjust-the-ax_python.m4-to-hardcode-python3.9.patch diff --git a/debian/patches/0001-Adjust

[pve-devel] [PATCH pve-network 2/5] evpn : add advertise-subnets option

allow to advertise type5 routes for evpn subnets, if vms are silents hosts. (don't do any traffic, so anycast gateway don't have their mac-ip) fix: https://bugzilla.proxmox.com/show_bug.cgi?id=3571 Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Controllers/EvpnPlugin.p

[pve-devel] [PATCH pve-network 4/5] vnet : alias : check pattern

fix : https://bugzilla.proxmox.com/show_bug.cgi?id=2966 Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/VnetPlugin.pm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 96a13b4..121fb7f 100644 --- a/PVE/Network/SDN

[pve-devel] [PATCH pve-network 5/5] get_local_vnets: add permissions on /sdn/vnets/*

Signed-off-by: Alexandre Derumier --- PVE/Network/SDN.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN.pm b/PVE/Network/SDN.pm index d3399ce..b95dd5b 100644 --- a/PVE/Network/SDN.pm +++ b/PVE/Network/SDN.pm @@ -193,7 +193,7 @@ sub get_local_vnets

[pve-devel] [PATCH pve-network 1/5] evpn : add "ip route del vrf vrf_myzone unreachable default metric 4278198272" on exit node

This is breaking routing between the evpn vrf && default vrf leak on exit node only Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones/EvpnPlugin.pm | 10 +++--- test/zones/evpn/exitnode/expected_sdn_interfaces | 2 +- test/zones/evpn/exitn

[pve-devel] [PATCH pve-network 0/5] evpn improvments + fixes

This patches serie add new user requested features and fixes. Alexandre Derumier (5): evpn : add "ip route del vrf vrf_myzone unreachable default metric 4278198272" on exit node evpn : add advertise-subnets option evpn: add exitnodes-local-routing vnet : alias : che

[pve-devel] [PATCH pve-network 3/5] evpn: add exitnodes-local-routing

This option allow an exit-node to reach itself a guest in evpn network. Forum user have requested it, the exitnode need to reach virtual dns server in evpn. This use a veth-pair instead a simple leak. It's not enable by default is slowing down a little bit the routing. Signed-off-by: Alex

Re: [pve-devel] [PATCH pve-network] evpn : remove "ip route add vrf vrf_myzone unreachable default metric 4278198272" on exit node

Don't apply this patch, it has been replaced by another one in my last patches serie. Le mercredi 21 juillet 2021 à 08:22 +0200, Alexandre Derumier a écrit : > This is breaking routing between the evpn vrf && default vrf leak  on > exit node only > > Signed-o

Re: [pve-devel] [PATCH pve-manager 2/2] api2 : network: anybridge: don't display bridges if user have access to vnets.

Le lundi 23 août 2021 à 18:39 +0200, Thomas Lamprecht a écrit : > I mean, we could also just see bridges as a vnet and handle them with > the > `/sdn/vnets/` path? Checking for every bridge/vnet if some priv. > is > available, we probably would need two privileges, one for "allowed to > use" > and

[pve-devel] debian11 ifslave bonding bug (with ifupdown1)

Hi, multiple users have reported problems if ifenslave (ifupdown1), (maintly upgrade from proxmox6 without switch to ifupdown2) when physical interfaces have "auto .." auto eth0 iface eth0  ... auto eth1 iface eth1 auto bond0 iface bond0 bond-slaves eth0 eth1 it seem to come from

[pve-devel] [PATCH pve-network] api2: zones: fix update

Signed-off-by: Alexandre Derumier --- PVE/API2/Network/SDN/Zones.pm | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/PVE/API2/Network/SDN/Zones.pm b/PVE/API2/Network/SDN/Zones.pm index 9485590..6e53240 100644 --- a/PVE/API2/Network/SDN/Zones.pm +++ b/PVE/API2/Network/SDN

[pve-devel] [PATCH qemu-server] qemu-agent: allow hotplug of fstrim_cloned_disk option.

This option don't have any impact on device itself. Signed-off-by: Alexandre Derumier --- PVE/QemuServer.pm | 19 +++ 1 file changed, 19 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index cc73af8..09701e0 100644 --- a/PVE/QemuServer.pm +++

[pve-devel] [PATCH frr] add upstream 7573cb86a259d3c9ef6eae9dd5d529f8080922cd.patch

user have requested a patch from upstream, fixing special manual config in frr https://forum.proxmox.com/threads/sdn-issue-with-frr-version-7-5-1-99-pve-really7-4-and-set-src.95532/ Signed-off-by: Alexandre Derumier --- debian/patches/series | 1

[pve-devel] [PATCH pve-manager] ui: sdn: zones: evpn : add exitnodes-local-routing && advertise-subnets

Signed-off-by: Alexandre Derumier --- www/manager6/sdn/zones/Base.js | 2 ++ www/manager6/sdn/zones/EvpnEdit.js | 22 ++ 2 files changed, 24 insertions(+) diff --git a/www/manager6/sdn/zones/Base.js b/www/manager6/sdn/zones/Base.js index e4dc7ccf..347889c0 100644 --- a

[pve-devel] [PATCH pve-docs 0/2] sdn: evpn && vxlan improvments

add new evpn options && notes on vxlan encryption Alexandre Derumier (2): pvesdn: add evpn Advertise Subnets && Exit Nodes Local routing options sdn: add vxlan encryption notes pvesdn.adoc | 61 + 1 file change

[pve-devel] [PATCH pve-docs 1/2] pvesdn: add evpn Advertise Subnets && Exit Nodes Local routing options

Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 9 + 1 file changed, 9 insertions(+) diff --git a/pvesdn.adoc b/pvesdn.adoc index 3b3fd8f..d26c6b9 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -233,6 +233,15 @@ Exit Nodes:: This is used if you want to define some proxmox nodes, as

[pve-devel] [PATCH pve-docs 2/2] sdn: add vxlan encryption notes

Signed-off-by: Alexandre Derumier --- pvesdn.adoc | 52 1 file changed, 52 insertions(+) diff --git a/pvesdn.adoc b/pvesdn.adoc index d26c6b9..eae47ad 100644 --- a/pvesdn.adoc +++ b/pvesdn.adoc @@ -898,3 +898,55 @@ public network can reply

[pve-devel] [PATCH pve-docs] network: add bridge-vids to vlan aware bridge example.

This is mandatory for ifupdown2. Signed-off-by: Alexandre Derumier --- pve-network.adoc | 1 + 1 file changed, 1 insertion(+) diff --git a/pve-network.adoc b/pve-network.adoc index bf24604..f92ba4d 100644 --- a/pve-network.adoc +++ b/pve-network.adoc @@ -498,6 +498,7 @@ iface vmbr0 inet manual

Re: [pve-devel] [PATCH storage 1/1] fix #3580: plugins: make preallocation mode selectable for qcow2 and raw images

Hi, it can be done too with ceph rbd with "rbd create ... –thick-provision" Le lundi 06 septembre 2021 à 15:15 +0200, Lorenz Stechauner a écrit : > the plugins for file based storages >  * BTRFS >  * CIFS >  * Dir >  * Glusterfs >  * NFS > now allow the option 'preallocation'. > > 'preallocation'

[pve-devel] hetzner bug with pve-firewall

Hi, multiple users have reported problems with hetzner in bridged mode this week and pve-firewall https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/ https://forum.proxmox.com/threads/mac-address-abuse-report.95656/ Seem that hetzner have bugs or are under attack, but they are f

[pve-devel] [PATCH pve-firewall] add cluster ebtables_dst_macfilter option.

ac,mac," (with a comma at the end), so I compile the full mac list with --among-dst to compare, and if update is needed, I'm writing the dst file in /var/lib/pve-firewall/chain-macfilter, and replace among-dst syntax by among-dst-file Signed-off-by:

[pve-devel] [PATCH V2 pve-firewall] add cluster ebtables_dst_macfilter option.

ce, add all vms/ct macaddress when vm firewall is enabled. (even if vm macfilter option is disabled). Signed-off-by: Alexandre Derumier --- src/PVE/Firewall.pm | 40 1 file changed, 36 insertions(+), 4 deletions(-) diff --git a/src/PVE/Firewall.pm b/src/P

Re: [pve-devel] hetzner bug with pve-firewall

Hi, Le vendredi 10 septembre 2021 à 12:53 +0200, Josef Johansson a écrit : > > > I have a patch for the source code regarding only allowing the VMs > MAC > in ebtables for incoming traffic also. I just send a patch too for incoming traffic, maybe could you try it ? >>Traffic is only broadcas

Re: [pve-devel] hetzner bug with pve-firewall

0200, Fabian Grünbichler a écrit : > On September 10, 2021 12:31 pm, alexandre derumier wrote: > > Hi, > > > > multiple users have reported problems with hetzner in bridged mode > > this > > week and pve-firewall > > https://forum.proxmox.com/threads/proxmox-claimi

[pve-devel] [PATCH pve-common] network: disable unicast flooding on tap|veth|fwln ports

block the server at Hetzner for example) So, we can disable unicast_flood on tap|veth|fwln port interface. bridge will learn mac address of the vm|ct, when it send traffic or when It'll reply to arp requests coming from outside. Signed-off-by: Alexandre Derumier --- src/PVE/Network.p

Re: [pve-devel] hetzner bug with pve-firewall

the mac-address-table, my bad. > > Sent from Nine > ____ > From: alexandre derumier > Sent: Friday, 10 September 2021 18:19 > To: Proxmox VE development discussion > Subject: Re: [pve-devel] hetzner bug with pve-firewall > > > Hi, >

Re: [pve-devel] [PATCH pve-common] network: disable unicast flooding on tap|veth|fwln ports

, Alexandre Derumier a écrit : > Currently, if bridge receive an unknown dest mac (network > bug/attack/..), > we are flooding packets to all bridge ports. > > This can waste cpu time, even more with firewall enabled. > Also, if firewall is used with reject action, the src mac of R

Re: [pve-devel] [PATCH pve-common] network: disable unicast flooding on tap|veth|fwln ports

p interface, but also promisc mode on tap interface! I was think about add an option on vmbrX or vnetX directly to enable/disable. I'm going to do tests, testing vlan aware && live migration too. Le mardi 14 septembre 2021 à 08:32 +0200, alexandre derumier a écrit : > Think

Re: [pve-devel] [PATCH pve-common] network: disable unicast flooding on tap|veth|fwln ports

Le mercredi 15 septembre 2021 à 19:09 +0200, Thomas Lamprecht a écrit : > On 15.09.21 17:33, alexandre derumier wrote: > > I have looked at other hypervisors implementations (as it don't see > > to > > have problem with hetzner), > > > > > > https://

[pve-devel] [PATCH pve-common 2/2] Inotify: add bridge-disable-mac-learning option to bridges.

This is an internal option, only used by proxmox, and not ifupdown1/2 Signed-off-by: Alexandre Derumier --- src/PVE/INotify.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/PVE/INotify.pm b/src/PVE/INotify.pm index 4ff63e8..db942b1 100644 --- a/src/PVE/INotify.pm

[pve-devel] [PATCH pve-common 1/2] network: add support for disabling bridge learning on tap|veth|fwln ports

block the server at Hetzner for example) So, we can disable learning && unicast_flood on tap|veth|fwln port interface. Then mac address need to be add statically in bridge fdb. Signed-off-by: Alexandre Derumier --- src/PVE/Network.pm | 60 +-

[pve-devel] [PATCH pve-common 0/2] add disable bridge learning feature

block the server at Hetzner for example) So, we can disable learning && unicast_flood on tap|veth|fwln port interface. Then mac address need to be add statically in bridge fdb. Alexandre Derumier (2): network: add support for disabling bridge learning on tap|veth|fwln ports Inot

[pve-devel] [PATCH pve-network 3/4] zones: add add_bridge_fdb

Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones.pm | 14 ++ 1 file changed, 14 insertions(+) diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index c59a724..011446f 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -323,5 +323,19

[pve-devel] [PATCH pve-network 4/4] zones: add del_bridge_fdb

Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones.pm | 14 ++ 1 file changed, 14 insertions(+) diff --git a/PVE/Network/SDN/Zones.pm b/PVE/Network/SDN/Zones.pm index 011446f..39988b6 100644 --- a/PVE/Network/SDN/Zones.pm +++ b/PVE/Network/SDN/Zones.pm @@ -337,5 +337,19

[pve-devel] [PATCH pve-network 0/4] add disable bridge learning feature

following pve-common https://lists.proxmox.com/pipermail/pve-devel/2021-September/050090.html Alexandre Derumier (4): vnets: fix get_vnet zones : tap_plug: add support for disable bridge learning zones: add add_bridge_fdb zones: add del_bridge_fdb PVE/Network/SDN/Vnets.pm

[pve-devel] [PATCH pve-container 0/1] add disable bridge learning feature

following pve-common https://lists.proxmox.com/pipermail/pve-devel/2021-September/050090.html Alexandre Derumier (1): net : add support for bridge disable mac learning src/PVE/LXC.pm | 11 --- src/lxcnetaddbr | 6 +- 2 files changed, 13 insertions(+), 4 deletions(-) -- 2.30.2

[pve-devel] [PATCH qemu-server 0/3] add disable bridge learning feature

following pve-common https://lists.proxmox.com/pipermail/pve-devel/2021-September/050090.html Alexandre Derumier (3): tap_plug: add support for bridge disable learning vm_start/vm_resume : add_nets_bridge_fdb migration : add del_nets_bridge_fdb PVE/QemuMigrate.pm| 1

[pve-devel] [PATCH qemu-server 1/3] tap_plug: add support for bridge disable learning

This disabling mac learning && unicast flood for the tap interface for vmstart, we don't add mac directly to fdb. We set it latter if it's a migration or a fresh start. for nic hotplug, we directly add mac to fdb Signed-off-by: Alexandre Derumier --- PVE/QemuServer.

[pve-devel] [PATCH pve-network 1/4] vnets: fix get_vnet

Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Vnets.pm | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/PVE/Network/SDN/Vnets.pm b/PVE/Network/SDN/Vnets.pm index 86967a3..f6d7ab0 100644 --- a/PVE/Network/SDN/Vnets.pm +++ b/PVE/Network/SDN/Vnets.pm @@ -54,15

[pve-devel] [PATCH pve-network 2/4] zones : tap_plug: add support for disable bridge learning

Signed-off-by: Alexandre Derumier --- PVE/Network/SDN/Zones.pm| 4 +++- PVE/Network/SDN/Zones/Plugin.pm | 2 +- PVE/Network/SDN/Zones/QinQPlugin.pm | 1 + PVE/Network/SDN/Zones/VlanPlugin.pm | 5 + 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/PVE/Network

[pve-devel] [PATCH pve-container 1/1] net : add support for bridge disable mac learning

Signed-off-by: Alexandre Derumier --- src/PVE/LXC.pm | 11 --- src/lxcnetaddbr | 6 +- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm index dbdec23..66c972f 100644 --- a/src/PVE/LXC.pm +++ b/src/PVE/LXC.pm @@ -939,8 +939,13 @@ sub

[pve-devel] [PATCH qemu-server 3/3] migration : add del_nets_bridge_fdb

at the end of a live migration, we need to remove old mac entries on source host (vm is not yet stopped), before resume vm on target host Signed-off-by: Alexandre Derumier --- PVE/QemuMigrate.pm| 1 + PVE/QemuServer.pm | 20 test

[pve-devel] [PATCH qemu-server 2/3] vm_start/vm_resume : add_nets_bridge_fdb

on vm start (no live migration), we can simply add mac address in fdb. In case of a live migration, we add the mac address just before the resume. Signed-off-by: Alexandre Derumier --- PVE/QemuServer.pm | 25 +++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git

[pve-devel] [PATCH v2 pve-manager 0/2] sdn: permissions improvments

- display zones list in global permissions management pathselector - remove vmbrX bridges from bridgeselector if user have permissions on vnets changelog v2: - check permission on /sdn/vnet/ too if user need access on both vnets && vmbr Alexandre Derumier (2): permpathstore: add s

[pve-devel] [PATCH v2 pve-manager 1/2] permpathstore: add sdn zones

Signed-off-by: Alexandre Derumier --- www/manager6/data/PermPathStore.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/www/manager6/data/PermPathStore.js b/www/manager6/data/PermPathStore.js index 1dc276b6..cf702c03 100644 --- a/www/manager6/data/PermPathStore.js +++ b/www/manager6

[pve-devel] [PATCH v2 pve-manager 2/2] api2 : network: anybridge: don't display bridges if user have access to vnets.

This remove vmbr* from bridgeselector if user have access to vnets. if user need to have also access to vmbr, we can add a permission in path "/sdn/vnets/vmbrX" Signed-off-by: Alexandre Derumier --- PVE/API2/Network.pm | 21 ++--- 1 file changed, 14 insertions(+), 7

[pve-devel] [PATCH v2 qemu-server] qemu-agent: allow hotplug of fstrim_cloned_disk option.

This option don't have any impact on device itself. Signed-off-by: Alexandre Derumier --- PVE/QemuServer.pm | 19 +++ 1 file changed, 19 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 076ce59..907d522 100644 --- a/PVE/QemuServer.pm +++

[pve-devel] [PATCH pve-cluster] sysctl: disable net.ipv4.igmp_link_local_mcast_reports

0.0 > igmp.mcast.net: igmp v3 report, 1 group record(s) Signed-off-by: Alexandre Derumier --- debian/sysctl.d/pve.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/sysctl.d/pve.conf b/debian/sysctl.d/pve.conf index 929698f..85b59b9 100644 --- a/debian/sysctl.d/pve.conf +++ b/

[pve-devel] [PATCH v3 qemu-server] qemu-agent: allow hotplug of fstrim_cloned_disk option.

This option don't have any impact on device itself. Signed-off-by: Alexandre Derumier --- PVE/QemuServer.pm | 25 + 1 file changed, 25 insertions(+) diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm index 076ce59..2c63826 100644 --- a/PVE/QemuServer.pm +++

[pve-devel] [PATCH pve-network 0/5] sdn fixes and improvements

This is a resubmit of last months patches + some new fix && features for evpn. Alexandre Derumier (5): vnet/subnet : add skipdns option get_local_vnets: add permissions on /sdn/vnets/* api2: zones: fix update zones: evpn: add disable-arp-nd-suppression option vnets: alias: f

[pve-devel] [PATCH pve-network 1/5] vnet/subnet : add skipdns option

allow to register ip to ipam without dns registration. can be used for temp/pending ip for example --- PVE/Network/SDN/Subnets.pm | 70 ++ PVE/Network/SDN/Vnets.pm | 16 - 2 files changed, 49 insertions(+), 37 deletions(-) diff --git a/PVE/Network/SDN

[pve-devel] [PATCH pve-network 3/5] api2: zones: fix update

--- PVE/API2/Network/SDN/Zones.pm | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/PVE/API2/Network/SDN/Zones.pm b/PVE/API2/Network/SDN/Zones.pm index 9485590..6e53240 100644 --- a/PVE/API2/Network/SDN/Zones.pm +++ b/PVE/API2/Network/SDN/Zones.pm @@ -284,9 +284,7 @@ __PACKAGE

[pve-devel] [PATCH pve-network 2/5] get_local_vnets: add permissions on /sdn/vnets/*

--- PVE/Network/SDN.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN.pm b/PVE/Network/SDN.pm index d3399ce..b95dd5b 100644 --- a/PVE/Network/SDN.pm +++ b/PVE/Network/SDN.pm @@ -193,7 +193,7 @@ sub get_local_vnets { my $privs = [ 'SDN.Audit', 'SDN.Alloc

[pve-devel] [PATCH pve-network 4/5] zones: evpn: add disable-arp-nd-suppression option

arp-nd-suppression can break ip mobility, when an ip from a vm is moved to another vm, with different mac. For example, with a keepalived vip, the garp is filtered. --- PVE/Network/SDN/Zones/EvpnPlugin.pm | 10 - .../expected_controller_config| 31 ++ .../

[pve-devel] [PATCH pve-network 5/5] vnets: alias: fix regex

--- PVE/Network/SDN/VnetPlugin.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PVE/Network/SDN/VnetPlugin.pm b/PVE/Network/SDN/VnetPlugin.pm index 121fb7f..062904c 100644 --- a/PVE/Network/SDN/VnetPlugin.pm +++ b/PVE/Network/SDN/VnetPlugin.pm @@ -68,7 +68,7 @@ sub properties

[pve-devel] [PATCH frr 0/2] update frr to 8.0.1

repos: https://deb.frrouting.org/frr/pool/frr-8/liby/libyang2/libyang2_2.0.7-1~deb11u1_amd64.deb https://deb.frrouting.org/frr/pool/frr-8/liby/libyang2/libyang2-dev_2.0.7-1~deb11u1_amd64.deb Alexandre Derumier (2): update patches bump to 8.0.1 Makefile

[pve-devel] [PATCH frr 1/2] update patches

Signed-off-by: Alexandre Derumier --- ...e-ax_python.m4-to-hardcode-python3.9.patch | 25 .../patches/pve/0001-enable-bgp-daemon.patch | 8 +-- ...on-for-RT-auto-derivation-to-force-A.patch | 59 ++- debian/patches/series | 1 - 4 files changed

[pve-devel] [PATCH frr 2/2] bump to 8.0.1

Signed-off-by: Alexandre Derumier --- Makefile | 4 ++-- debian/changelog | 6 ++ debian/control | 56 3 files changed, 36 insertions(+), 30 deletions(-) diff --git a/Makefile b/Makefile index dcd7d74..7123516 100644 --- a

[pve-devel] [PATCH pve-ha-manager 2/3] tests: add support for ressources

--- src/PVE/HA/Sim/Hardware.pm | 61 ++ src/PVE/HA/Sim/TestEnv.pm | 33 + 2 files changed, 82 insertions(+), 12 deletions(-) diff --git a/src/PVE/HA/Sim/Hardware.pm b/src/PVE/HA/Sim/Hardware.pm index ba731e5..396e8bd 100644 --- a/src/PVE/HA

[pve-devel] [PATCH pve-ha-manager 1/3] add ressource awareness manager

--- src/PVE/HA/Env.pm | 24 src/PVE/HA/Env/PVE2.pm| 90 ++ src/PVE/HA/Manager.pm | 246 -- src/PVE/HA/Sim/TestEnv.pm | 27 + 4 files changed, 380 insertions(+), 7 deletions(-) diff --git a/src/PVE/HA/Env.pm b/src/PVE/HA/E

[pve-devel] [PATCH pve-ha-manager 0/3] POC/RFC: ressource aware HA manager

.archives-ouvertes.fr/hal-00868016v2/document Alexandre Derumier (3): add ressource awareness manager tests: add support for ressources add test-basic0 src/PVE/HA/Env.pm| 24 +++ src/PVE/HA/Env/PVE2.pm | 90 ++ src/PVE/HA/Manage

[pve-devel] [PATCH pve-ha-manager 3/3] add test-basic0

--- src/test/test-basic0/README | 1 + src/test/test-basic0/cmdlist | 4 +++ src/test/test-basic0/hardware_status | 5 +++ src/test/test-basic0/log.expect | 52 src/test/test-basic0/manager_status | 1 + src/test/test-basic0/node_stats |

[pve-devel] [PATCH V2 pve-ha-manager 0/2] POC/RFC: ressource aware HA manager

lability test Alexandre Derumier (2): add ressource awareness manager add test-basic0 src/PVE/HA/Env.pm| 33 src/PVE/HA/Env/PVE2.pm | 171 ++ src/PVE/HA/Manager.pm| 258 ++- src/PVE/HA/Sim/Hardware.pm

[pve-devel] [PATCH V2 pve-ha-manager 2/2] add test-basic0

--- src/test/test-basic0/README | 1 + src/test/test-basic0/cmdlist | 4 +++ src/test/test-basic0/hardware_status | 5 +++ src/test/test-basic0/log.expect | 52 src/test/test-basic0/manager_status | 1 + src/test/test-basic0/node_stats |

[pve-devel] [PATCH V2 pve-ha-manager 1/2] add ressource awareness manager

his new implementation use best-fit heuristic vector packing with constraints support. - We compute nodes memory/cpu, and vm memory/cpu average stats on last 20min For each ressource : - First, we ordering pending recovery state services by memory, then cpu usage. Memory is more important her

[pve-devel] [PATCH V3 pve-ha-manager 0/2] POC/RFC: ressource aware HA manager

specify node) - fix storage_availability_check params - Classify nodes with low/medium/high threshold for better balancing. We try to fill nodes with lower usage first until the threshold is reached I still need to add missing storage availability test Alexandre Derumier (2): add ressou

[pve-devel] [PATCH V3 pve-ha-manager 1/2] add ressource awareness manager

his new implementation use best-fit heuristic vector packing with constraints support. - We compute nodes memory/cpu, and vm memory/cpu average stats on last 20min For each ressource : - First, we ordering pending recovery state services by memory, then cpu usage. Memory is more important her

[pve-devel] [PATCH V3 pve-ha-manager 2/2] add test-basic0

--- src/test/test-basic0/README | 1 + src/test/test-basic0/cmdlist | 4 +++ src/test/test-basic0/hardware_status | 5 +++ src/test/test-basic0/log.expect | 52 src/test/test-basic0/manager_status | 1 + src/test/test-basic0/node_stats |

[pve-devel] [PATCH pve-common 0/4] improve host read_proc_stat

This patch series improve current host cpu stats Alexandre Derumier (4): read_proc_stat : initialize newer fields to 0 read_proc_stat: substract guest && guest_nice from user && nice time read_proc_stat: add irq/softirq/steal to total used cpu read_proc_stat: use to

[pve-devel] [PATCH pve-common 4/4] read_proc_stat: use total of fields to compute percentage

--- src/PVE/ProcFSTools.pm | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/PVE/ProcFSTools.pm b/src/PVE/ProcFSTools.pm index 10c0cbd..88df5d2 100644 --- a/src/PVE/ProcFSTools.pm +++ b/src/PVE/ProcFSTools.pm @@ -214,11 +214,15 @@ sub read_proc_stat { if ($diff >

[pve-devel] [PATCH pve-common 1/4] read_proc_stat : initialize newer fields to 0

new fields has been added recently, but values are not initialized https://git.proxmox.com/?p=pve-common.git;a=commit;h=5a82eb712e4c879a271686f07c589fadc0b09185 as total of all fields is compute later, this can give undef values --- src/PVE/ProcFSTools.pm | 2 +- 1 file changed, 1 insertion(+), 1

<    2   3   4   5   6   7   8   9   10   11   >