This allow to define a management vlan on the bridge

example : tagging vlan94 for vmbr0

auto vmbr0
iface vmbr0 inet static
address X.X.X.X
netmask 255.255.255.0
bridge_ports bond0
bridge_stp off
bridge_fd 0
bridge_vlan 94

Signed-off-by: Alexandre Derumier <***@odiso.com>
---
Makefile | 3 ++-
bridgevlan | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
debian/conffiles | 1 +
3 files changed, 52 insertions(+), 1 deletion(-)
create mode 100755 bridgevlan

diff --git a/Makefile b/Makefile
index 9c8bf64..0005e5e 100644
--- a/Makefile
+++ b/Makefile
@@ -79,7 +79,7 @@ aplupload:
scp aplinfo/aplinfo.dat aplinfo.dat.gz aplinfo/aplinfo.dat.asc download1.proxmox.com:/home/ftp/appliances/

.PHONY: install
-install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu
+install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan
install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
install -d ${DESTDIR}/usr/share/${PACKAGE}
@@ -96,6 +96,7 @@ install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf p
install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
+ install -D -m 0755 bridgevlan ${DESTDIR}/etc/network/if-up.d/bridgevlan
install -m 0644 vzdump-hook-script.pl ${DOCDIR}/examples/vzdump-hook-script.pl
install -m 0644 copyright ${DOCDIR}
install -m 0644 debian/changelog.Debian ${DOCDIR}
diff --git a/bridgevlan b/bridgevlan
new file mode 100755
index 0000000..be2cf70
--- /dev/null
+++ b/bridgevlan
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+if [ ! -x /sbin/bridge ] && [ ! -f /sys/class/net/$IFACE/bridge/vlan_filtering ]
+then
+ exit 0
+fi
+
+. /lib/bridge-utils/bridge-utils.sh
+
+case "$IF_BRIDGE_PORTS" in
+ "")
+ exit 0
+ ;;
+ none)
+ INTERFACES=""
+ ;;
+ *)
+ INTERFACES="$IF_BRIDGE_PORTS"
+ ;;
+esac
+
+all_interfaces= &&
+unset all_interfaces &&
+bridge_parse_ports $INTERFACES | while read i
+do
+ for port in $i
+ do
+ if [ "$MODE" = "start" ] && [ -d /sys/class/net/$IFACE/brif/$port ]; then
+ #we allow vlan to pass through attached interface
+ if [ -n "$IF_BRIDGE_VLAN" ]
+ then
+ if [[ $port =~ ^(eth|bond|wlan)[0-9]{1,2}$ ]]; then
+ bridge vlan add dev $port vid $IF_BRIDGE_VLAN
+ fi
+ fi
+ fi
+ done
+done
+
+# We setup the administration vlan on the bridge
+if [ "$MODE" = "start" ] ; then
+
+ if [ -n "$IF_BRIDGE_VLAN" ]
+ then
+ echo 1 > /sys/class/net/$IFACE/bridge/vlan_filtering
+ bridge vlan add dev $IFACE vid $IF_BRIDGE_VLAN pvid untagged self
+ fi
+
+fi
diff --git a/debian/conffiles b/debian/conffiles
index 43953c3..9ec26b0 100644
--- a/debian/conffiles
+++ b/debian/conffiles
@@ -13,3 +13,4 @@
/etc/apt/pve-repo-ca-certificates.crt
/etc/apt/sources.list.d/pve-enterprise.list
/etc/network/if-up.d/mtu
+/etc/network/if-up.d/bridgevlan

On Thu, 2 Jan 2014 16:02:40 +0100
Should it be wlan or vlan? I have used wlan in my regex since wlan was
used in the first patch.
--
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
It's documented in The Book, somewhere...
-- Larry Wall in <***@jpl-devvax.JPL.NASA.GOV>

This is wlan. (not used by proxmox, but it's used in debian ifup scripts, so i think it's better to also add it)


----- Mail original -----

De: "Michael Rasmussen" <***@datanom.net>
À: "Alexandre Derumier" <***@odiso.com>
Cc: pve-***@pve.proxmox.com
Envoyé: Jeudi 2 Janvier 2014 16:13:58
Objet: Re: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2

On Thu, 2 Jan 2014 16:02:40 +0100
Should it be wlan or vlan? I have used wlan in my regex since wlan was
used in the first patch.
--
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
It's documented in The Book, somewhere...
-- Larry Wall in <***@jpl-devvax.JPL.NASA.GOV>

no, only eth,bond,wlan. not vlan.

ethXX
bondXX
wlanXX

this is the outside interface which can be plugged to the bridge.

As we are now tagging vlan directly with the "bridge" command,
we want to avoid to have already tagged ethXX.Y , bondXX.Y or wlanXX.Y


----- Mail original -----

De: "Michael Rasmussen" <***@datanom.net>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com
Envoyé: Jeudi 2 Janvier 2014 17:16:52
Objet: Re: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2

On Thu, 02 Jan 2014 17:04:58 +0100 (CET)
Like? if [[ $port =~ ^(eth|bond|vlan|wlan)[0-9]{1,2}$ ]]; then
--
Hilsen/Regards
Michael Rasmussen

Get my public GnuPG keys:
michael <at> rasmussen <dot> cc
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD3C9A00E
mir <at> datanom <dot> net
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE501F51C
mir <at> miras <dot> org
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE3E80917
--------------------------------------------------------------
/usr/games/fortune -es says:
Remember the good old days, when CPU was singular?

As I said, we don't use it in proxmox, but debian ifup script use it in /etc/network/if-post-down.d/vlan, for classic interface vlan tagging.




----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>, "Michael Rasmussen" <***@datanom.net>
Cc: pve-***@pve.proxmox.com
Envoyé: Jeudi 2 Janvier 2014 18:21:28
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
Why wlan (I can't remember we use such thing)?

yes,it's for wireless.
It's seem that's is possible to plug it in a bridge:

http://linux.ioerror.us/2013/03/bridging-eth0-to-wlan0/


(But I can remove it from the regex if you want, as we don't support it in proxmox)


----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com, "Michael Rasmussen" <***@datanom.net>
Envoyé: Jeudi 2 Janvier 2014 18:50:32
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
I guess wlan = wireless? and that does not work on bridge ports anyways?

do you mean : eth0.94--->vmbr0 ?

If yes, it don't break this kind of setup.

you can also mix things like this

eth0.94--->vmbr0
eth0----->vmbr1 (with new vlan filtering, you can also tag vlan 94 if you want on the bridge)









----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com, "Michael Rasmussen" <***@datanom.net>
Envoyé: Vendredi 3 Janvier 2014 09:34:15
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
AFAIK It works if you use only one MAC (access point rejects other packets).
yes.

But I am quite unsure if we can add this patchset now. AFAIK some users rely on
the vlan bridge, and I am not sure if we can change that in a minor release.

Maybe targeting debian jessy is a better fit for that patch?

oh ok.
(for openvz maybe ?)

But ok, no problem, this can wait. we have also openvswitch now.



----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com, "Michael Rasmussen" <***@datanom.net>
Envoyé: Vendredi 3 Janvier 2014 09:59:37
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
No.

We currently create a new bridge called 'vmbr0v$tag' for each vlan.
Some users use/configure that bridge directly.

Ok, I'll check that today


----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com, "Michael Rasmussen" <***@datanom.net>
Envoyé: Vendredi 3 Janvier 2014 10:44:05
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
BTW, I still have problem with OVS when I shutdown my host (error about non-existing database).

I can't reproduce here.

Only at start
/etc/openvswitch/conf.db does not exist ... (warning).
Creating empty database /etc/openvswitch/conf.db.

(because pvenetcommit remove the conf.db, so it's ok).



----- Mail original -----

De: "Alexandre DERUMIER" <***@odiso.com>
À: "Dietmar Maurer" <***@proxmox.com>
Cc: pve-***@pve.proxmox.com
Envoyé: Vendredi 3 Janvier 2014 10:52:23
Objet: Re: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
Ok, I'll check that today


----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com, "Michael Rasmussen" <***@datanom.net>
Envoyé: Vendredi 3 Janvier 2014 10:44:05
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
BTW, I still have problem with OVS when I shutdown my host (error about non-existing database).
_______________________________________________
pve-devel mailing list
pve-***@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Isn't it only for allow-ovs interfaces ?

network_interfaces () {
[ -z "${RUNLEVEL}" ] && return
INTERFACES="/etc/network/interfaces"
[ -e "${INTERFACES}" ] || return
bridges=`awk '{ if ($1 == "allow-ovs") { print $2; } }' "${INTERFACES}"`
[ -n "${bridges}" ] && $1 --allow=ovs ${bridges}
}
stop () {
network_interfaces ifdown
ovs_ctl stop
}



----- Mail original -----

De: "Dietmar Maurer" <***@proxmox.com>
À: "Alexandre DERUMIER" <***@odiso.com>
Cc: pve-***@pve.proxmox.com
Envoyé: Vendredi 3 Janvier 2014 15:37:03
Objet: RE: [pve-devel] pve-manager: add bridge_vlan option to bridge in /etc/network/interface v2
We call openvswitch-switch after network is stopped.

But that script calles 'ifdown ..'

I guess we can safely remove the ifup/ifdown code there.