From patchwork Thu May 16 10:56:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leigh Brown X-Patchwork-Id: 13665996 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 40309C25B78 for ; Thu, 16 May 2024 10:56:58 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.723124.1127687 (Exim 4.92) (envelope-from ) id 1s7Yn4-0007vy-9F; Thu, 16 May 2024 10:56:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 723124.1127687; Thu, 16 May 2024 10:56:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn4-0007vn-6c; Thu, 16 May 2024 10:56:50 +0000 Received: by outflank-mailman (input) for mailman id 723124; Thu, 16 May 2024 10:56:48 +0000 Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50] helo=se1-gles-flk1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn2-0007M7-8e for xen-devel@lists.xenproject.org; Thu, 16 May 2024 10:56:48 +0000 Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS id fcf3a761-1372-11ef-b4bb-af5377834399; Thu, 16 May 2024 12:56:46 +0200 (CEST) Received: from folly.solinno.co.uk (folly.dyn.solinno.co.uk [192.168.2.135]) by doppler.solinno.uk (Postfix) with ESMTPSA id 2997080079; Thu, 16 May 2024 11:56:46 +0100 (BST) Received: by folly.solinno.co.uk (Postfix, from userid 1000) id 03ED920189; Thu, 16 May 2024 11:56:46 +0100 (BST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: fcf3a761-1372-11ef-b4bb-af5377834399 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1715857006; bh=IqQbHL4zd6sroMW8oqRG7fEFGbUFht56fidjDQZye10=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AhpBQQ3x4Lb7jWtkqMmnz4tg6Gmc8b+edVc4M0iWm8UQ11z8en4i2Mj7HQdjuYoD7 oGVrLAf1XEiTy5TMWzh7IEMqAJBsgjXrsVySQPmeHw9G9VFB6OT2WKF85/unQxZLuv rUeolKYwZtQsKcQM3xneLSPrmP+dv1nrx3jANIrY= From: Leigh Brown To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony Perard , Jason Andryuk , Leigh Brown Subject: [PATCH v3 1/4] tools/libs/light: Add vlan field to libxl_device_nic Date: Thu, 16 May 2024 11:56:09 +0100 Message-Id: <20240516105612.15306-2-leigh@solinno.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240516105612.15306-1-leigh@solinno.co.uk> References: <20240516105612.15306-1-leigh@solinno.co.uk> MIME-Version: 1.0 Add `vlan' string field to libxl_device_nic, to allow a VLAN configuration to be specified for the VIF when adding it to the bridge device. Update libxl_nic.c to read and write the vlan field from the xenstore. This provides the capability for supported operating systems (e.g. Linux) to perform VLAN filtering on bridge ports. The Xen hotplug scripts need to be updated to read this information from the xenstore and perform the required configuration. Signed-off-by: Leigh Brown Reviewed-by: Jason Andryuk --- tools/libs/light/libxl_nic.c | 10 ++++++++++ tools/libs/light/libxl_types.idl | 1 + 2 files changed, 11 insertions(+) diff --git a/tools/libs/light/libxl_nic.c b/tools/libs/light/libxl_nic.c index d6bf06fc34..d861e3726d 100644 --- a/tools/libs/light/libxl_nic.c +++ b/tools/libs/light/libxl_nic.c @@ -233,6 +233,11 @@ static int libxl__set_xenstore_nic(libxl__gc *gc, uint32_t domid, flexarray_append(back, GCSPRINTF("%u", nic->mtu)); } + if (nic->vlan) { + flexarray_append(back, "vlan"); + flexarray_append(back, libxl__strdup(gc, nic->vlan)); + } + flexarray_append(back, "bridge"); flexarray_append(back, libxl__strdup(gc, nic->bridge)); flexarray_append(back, "handle"); @@ -313,6 +318,11 @@ static int libxl__nic_from_xenstore(libxl__gc *gc, const char *libxl_path, nic->mtu = LIBXL_DEVICE_NIC_MTU_DEFAULT; } + rc = libxl__xs_read_checked(gc, XBT_NULL, + GCSPRINTF("%s/vlan", libxl_path), + (const char **)(&nic->vlan)); + if (rc) goto out; + rc = libxl__xs_read_checked(gc, XBT_NULL, GCSPRINTF("%s/mac", libxl_path), &tmp); if (rc) goto out; diff --git a/tools/libs/light/libxl_types.idl b/tools/libs/light/libxl_types.idl index 7d8bd5d216..5c510dc272 100644 --- a/tools/libs/light/libxl_types.idl +++ b/tools/libs/light/libxl_types.idl @@ -809,6 +809,7 @@ libxl_device_nic = Struct("device_nic", [ ("backend_domname", string), ("devid", libxl_devid), ("mtu", integer), + ("vlan", string), ("model", string), ("mac", libxl_mac), ("ip", string), From patchwork Thu May 16 10:56:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leigh Brown X-Patchwork-Id: 13665999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 85C81C41513 for ; Thu, 16 May 2024 10:56:59 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.723125.1127693 (Exim 4.92) (envelope-from ) id 1s7Yn4-0007y0-KM; Thu, 16 May 2024 10:56:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 723125.1127693; Thu, 16 May 2024 10:56:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn4-0007xX-DH; Thu, 16 May 2024 10:56:50 +0000 Received: by outflank-mailman (input) for mailman id 723125; Thu, 16 May 2024 10:56:48 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn2-0007XN-ML for xen-devel@lists.xenproject.org; Thu, 16 May 2024 10:56:48 +0000 Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id fdaeafff-1372-11ef-909d-e314d9c70b13; Thu, 16 May 2024 12:56:48 +0200 (CEST) Received: from folly.solinno.co.uk (folly.dyn.solinno.co.uk [192.168.2.135]) by doppler.solinno.uk (Postfix) with ESMTPSA id 5B26B8009E; Thu, 16 May 2024 11:56:47 +0100 (BST) Received: by folly.solinno.co.uk (Postfix, from userid 1000) id 32D1520189; Thu, 16 May 2024 11:56:47 +0100 (BST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: fdaeafff-1372-11ef-909d-e314d9c70b13 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1715857007; bh=0RL/5syMYmKDu7gc+zffZXfng7BleYOM9Jn0BEO2t7o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eryxgq4RS00dz0XWpf0ry83hU9EsoIJaowHO9dpyp+xEGYa6C9J2Ecl9oDNTtbwIo P1U3pu3D62zCQ5M0OF1oMg5ooOavCYPITm9RDL5jsfvS36j3W6oYUQDRGajMGODqcf 8edB1TFYEXpuoPDcMs2HG7sjurrrUzaI7jfx/L1Y= From: Leigh Brown To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony Perard , Jason Andryuk , Leigh Brown Subject: [PATCH v3 2/4] tools/xl: add vlan keyword to vif option Date: Thu, 16 May 2024 11:56:10 +0100 Message-Id: <20240516105612.15306-3-leigh@solinno.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240516105612.15306-1-leigh@solinno.co.uk> References: <20240516105612.15306-1-leigh@solinno.co.uk> MIME-Version: 1.0 Update parse_nic_config() to support a new `vlan' keyword. This keyword specifies the VLAN configuration to assign to the VIF when attaching it to the bridge port, on operating systems that support the capability (e.g. Linux). The vlan keyword will allow one or more VLANs to be configured on the VIF when adding it to the bridge port. This will be done by the vif-bridge script and functions. Document the new `vlan' keyword in xl-network-configuration(5). Signed-off-by: Leigh Brown Reviewed-by: Jason Andryuk --- docs/man/xl-network-configuration.5.pod.in | 38 ++++++++++++++++++++++ tools/xl/xl_parse.c | 2 ++ 2 files changed, 40 insertions(+) diff --git a/docs/man/xl-network-configuration.5.pod.in b/docs/man/xl-network-configuration.5.pod.in index f3e379bcf8..dfc35e72c6 100644 --- a/docs/man/xl-network-configuration.5.pod.in +++ b/docs/man/xl-network-configuration.5.pod.in @@ -259,6 +259,44 @@ Specifies the MTU (i.e. the maximum size of an IP payload, exclusing headers). T default value is 1500 but, if the VIF is attached to a bridge, it will be set to match unless overridden by this parameter. +=head2 vlan + +Specifies the VLAN configuration. The format of this parameter is one or more +VLAN IDs or ranges separated by forward slashes. Each term can be: + +=over + +=item * + +B - a single VLAN ID in the range 1 to 4094. This can optionally followed +by a B

to indicate the PVID or by a B to indicate an untagged VLAN. C

+implies B. + +=item * + +B-B - a range of VLAN IDs from B to B, both between +1 and 4094 and B being less than or equal to B. This can be +optionally followed by a B to indicate that the range of VLANs are untagged. + +=item * + +B+BxB - describing a range of VLAN IDs starting at B +with B additional entries, each incremented by B. This can be +optionally followed by a B to indicate that the range of VLANs are untagged. + +=back + +Note, one VLAN ID must be marked as the PVID. In the case of a vlan +specification consisting of a single VLAN ID (e.g. C), the B

suffix +may be omitted. Specifying more than one untagged VLAN ID is an advanced +configuration - use with caution. + +For example: + + 'vlan=10' -- meaning a single VLAN that is the PVID. + 'vlan=10p/20' -- VLAN 10 is the PVID and VLAN 20 is tagged. + 'vlan=10p/100+10x4' -- VLANs 10, 100, 110, 120, 130, 140, 150. + =head2 trusted / untrusted An advisory setting for the frontend driver on whether the backend should be diff --git a/tools/xl/xl_parse.c b/tools/xl/xl_parse.c index ed983200c3..7546fe7e7a 100644 --- a/tools/xl/xl_parse.c +++ b/tools/xl/xl_parse.c @@ -565,6 +565,8 @@ int parse_nic_config(libxl_device_nic *nic, XLU_Config **config, char *token) nic->devid = parse_ulong(oparg); } else if (MATCH_OPTION("mtu", token, oparg)) { nic->mtu = parse_ulong(oparg); + } else if (MATCH_OPTION("vlan", token, oparg)) { + replace_string(&nic->vlan, oparg); } else if (!strcmp("trusted", token)) { libxl_defbool_set(&nic->trusted, true); } else if (!strcmp("untrusted", token)) { From patchwork Thu May 16 10:56:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leigh Brown X-Patchwork-Id: 13665997 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7B30FC25B74 for ; Thu, 16 May 2024 10:56:59 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.723126.1127697 (Exim 4.92) (envelope-from ) id 1s7Yn5-000863-0e; Thu, 16 May 2024 10:56:51 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 723126.1127697; Thu, 16 May 2024 10:56:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn4-000853-P2; Thu, 16 May 2024 10:56:50 +0000 Received: by outflank-mailman (input) for mailman id 723126; Thu, 16 May 2024 10:56:49 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn3-0007XN-MV for xen-devel@lists.xenproject.org; Thu, 16 May 2024 10:56:49 +0000 Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id fe152f91-1372-11ef-909d-e314d9c70b13; Thu, 16 May 2024 12:56:48 +0200 (CEST) Received: from folly.solinno.co.uk (folly.dyn.solinno.co.uk [192.168.2.135]) by doppler.solinno.uk (Postfix) with ESMTPSA id 0C42C8009F; Thu, 16 May 2024 11:56:48 +0100 (BST) Received: by folly.solinno.co.uk (Postfix, from userid 1000) id D4C4B20189; Thu, 16 May 2024 11:56:47 +0100 (BST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: fe152f91-1372-11ef-909d-e314d9c70b13 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1715857008; bh=/LeYpkSLtC63z1CHHwG/PrlVgENABot2k3FS2Sid64E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RnuQNhykSjB2NiCV5Wh4HaLqxR5NpHTnhfMZ5lYVizmPF9dA46LeV6Bqj8SM6BXMP Om5n+o72WDQwxxpkXaC8YqJvS3sF9qKkbXo/ky/qwe+xIMN3IOFmRVNppYJmDpNWDJ 3GBsd5Ts/U8OPirHDvBKAkstrBiGxCsgSz4SBFVw= From: Leigh Brown To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony Perard , Jason Andryuk , Leigh Brown Subject: [PATCH v3 3/4] tools/hotplug/Linux: Add bridge VLAN support Date: Thu, 16 May 2024 11:56:11 +0100 Message-Id: <20240516105612.15306-4-leigh@solinno.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240516105612.15306-1-leigh@solinno.co.uk> References: <20240516105612.15306-1-leigh@solinno.co.uk> MIME-Version: 1.0 Update add_to_bridge shell function to read the vlan parameter from xenstore and set the bridge VLAN configuration for the VID. Add additional helper functions to parse the vlan specification, which consists of one or more of the following: a) single VLAN (e.g. 10). b) contiguous range of VLANs (e.g. 10-15). c) discontiguous range with base, increment and count (e.g. 100+10x9 which gives VLAN IDs 100, 110, ... 190). A single VLAN can be suffixed with "p" to indicate the PVID, or "u" to indicate untagged. A range of VLANs can be suffixed with "u" to indicate untagged. A complex example would be: vlan=1p/10-15/20-25u This capability requires the iproute2 bridge command to be installed. An error will be generated if the vlan parameter is set and the bridge command is not available. Signed-off-by: Leigh Brown --- tools/hotplug/Linux/xen-network-common.sh | 103 ++++++++++++++++++++++ 1 file changed, 103 insertions(+) diff --git a/tools/hotplug/Linux/xen-network-common.sh b/tools/hotplug/Linux/xen-network-common.sh index 42fa704e8d..fa7615ce0f 100644 --- a/tools/hotplug/Linux/xen-network-common.sh +++ b/tools/hotplug/Linux/xen-network-common.sh @@ -121,10 +121,105 @@ create_bridge () { fi } +_vif_vlan_add() { + # References vlans and pvid variables from the calling function + local -i vid=$1 + local flag=${2:-} + + if (( vid < 1 || vid > 4094 )) ;then + fatal "vlan id $vid not between 1 and 4094" + fi + if [[ -n "${vlans[$vid]}" ]] ;then + fatal "vlan id $vid specified more than once" + fi + case $flag in + p) if (( pvid != 0 )) ;then + fatal "more than one pvid specified ($vid and $pvid)" + fi + pvid=$vid + vlans[$vid]=p ;; + u) vlans[$vid]=u ;; + *) vlans[$vid]=t ;; + esac +} + +_vif_vlan_parse_term() { + local vid incr last term=${1:-} + + if [[ $term =~ ^([0-9]+)([pu])?$ ]] ;then + _vif_vlan_add ${BASH_REMATCH[1]} ${BASH_REMATCH[2]} + elif [[ $term =~ ^([0-9]+)-([0-9]+)(u)?$ ]] ;then + vid=${BASH_REMATCH[1]} + last=${BASH_REMATCH[2]} + if (( last >= vid )) ;then + for (( ; vid<=last; vid++ )) ;do + _vif_vlan_add $vid ${BASH_REMATCH[3]} + done + else + fatal "invalid vlan id range: $term" + fi + elif [[ $term =~ ^([0-9]+)\+([0-9]+)x([0-9]+)(u)?$ ]] ;then + vid=${BASH_REMATCH[1]} + incr=${BASH_REMATCH[2]} + for (( j=${BASH_REMATCH[3]}; j>0; --j, vid+=incr )) + do + _vif_vlan_add $vid ${BASH_REMATCH[4]} + done + else + fatal "invalid vlan specification: $term" + fi +} + +_vif_vlan_validate_pvid() { + # References vlans and pvid variables from the calling function + if (( pvid == 0 )) ;then + if (( ${#vlans[@]} == 1 )) ;then + vlans[${!vlans[*]}]=p + else + fatal "pvid required when using multiple vlan ids" + fi + fi +} + +_vif_vlan_setup() { + # References vlans and dev variable from the calling function + local vid cmd + + bridge vlan del dev "$dev" vid 1 + for vid in ${!vlans[@]} ;do + cmd="bridge vlan add dev '$dev' vid $vid" + case ${vlans[$vid]} in + p) cmd="$cmd pvid untagged" ;; + u) cmd="$cmd untagged" ;; + t) ;; + esac + eval "$cmd" + done +} + +_vif_vlan_membership() { + # The vlans, pvid and dev variables are used by sub-functions + local -A vlans=() + local -a terms=() + local -i i pvid=0 + local dev=$1 + + # Split the vlan specification string into its terms + readarray -d / -t terms <<<$2 + for (( i=0; i<${#terms[@]}; ++i )) ;do + _vif_vlan_parse_term ${terms[$i]%%[[:space:]]} + done + + _vif_vlan_validate_pvid + _vif_vlan_setup + return 0 +} + # Usage: add_to_bridge bridge dev add_to_bridge () { local bridge=$1 local dev=$2 + local vlan=$(xenstore_read_default "$XENBUS_PATH/vlan" "") # Don't add $dev to $bridge if it's already on the bridge. if [ ! -e "/sys/class/net/${bridge}/brif/${dev}" ]; then @@ -134,6 +229,14 @@ add_to_bridge () { else ip link set ${dev} master ${bridge} fi + if [ -n "${vlan}" ] ;then + log debug "configuring vlans for ${dev} on ${bridge}" + if which bridge >&/dev/null; then + _vif_vlan_membership "${dev}" "${vlan}" + else + fatal "vlan configuration failed: bridge command not found" + fi + fi else log debug "$dev already on bridge $bridge" fi From patchwork Thu May 16 10:56:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leigh Brown X-Patchwork-Id: 13665998 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3D718C25B7B for ; Thu, 16 May 2024 10:57:00 +0000 (UTC) Received: from list by lists.xenproject.org with outflank-mailman.723127.1127717 (Exim 4.92) (envelope-from ) id 1s7Yn6-0000Cs-Ah; Thu, 16 May 2024 10:56:52 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 723127.1127717; Thu, 16 May 2024 10:56:52 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn6-0000B5-5I; Thu, 16 May 2024 10:56:52 +0000 Received: by outflank-mailman (input) for mailman id 723127; Thu, 16 May 2024 10:56:50 +0000 Received: from se1-gles-sth1-in.inumbo.com ([159.253.27.254] helo=se1-gles-sth1.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1s7Yn4-0007XN-Mn for xen-devel@lists.xenproject.org; Thu, 16 May 2024 10:56:50 +0000 Received: from doppler.solinno.uk (doppler.solinno.uk [81.2.106.178]) by se1-gles-sth1.inumbo.com (Halon) with ESMTPS id fea2b9dd-1372-11ef-909d-e314d9c70b13; Thu, 16 May 2024 12:56:49 +0200 (CEST) Received: from folly.solinno.co.uk (folly.dyn.solinno.co.uk [192.168.2.135]) by doppler.solinno.uk (Postfix) with ESMTPSA id F1AB280079; Thu, 16 May 2024 11:56:48 +0100 (BST) Received: by folly.solinno.co.uk (Postfix, from userid 1000) id D064B20189; Thu, 16 May 2024 11:56:48 +0100 (BST) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: fea2b9dd-1372-11ef-909d-e314d9c70b13 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=solinno.co.uk; s=mail; t=1715857008; bh=BO2dM/EaQO5+8TZ0KmpaERvUueDUoaoFR9BWzwbr6DA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EQYwpQy7HufR+rblgxoXxtD7nZEfkOlkGVQDgC3TeiuRPjUzB7z/62j3xlKmXofmF iKGFI98OHiYvL6kqirsRH8k6pm7wwR0i9yCvk5PH9J4Ya0KizVGJwkV/L7I5MsKlil b1IzO1/efCBSRYf9AwW5GWqlIWCT76AK4/cMjlyc= From: Leigh Brown To: xen-devel@lists.xenproject.org Cc: Andrew Cooper , Anthony Perard , Jason Andryuk , Leigh Brown Subject: [PATCH v3 4/4] docs/misc: Example Linux bridge VLAN config Date: Thu, 16 May 2024 11:56:12 +0100 Message-Id: <20240516105612.15306-5-leigh@solinno.co.uk> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240516105612.15306-1-leigh@solinno.co.uk> References: <20240516105612.15306-1-leigh@solinno.co.uk> MIME-Version: 1.0 Add a new directory linux-bridge-vlan with example files showing how to configure systemd-networkd to support a bridge VLAN configuration. Signed-off-by: Leigh Brown --- docs/misc/linux-bridge-vlan/README | 68 ++++++++++++++++++++++ docs/misc/linux-bridge-vlan/br0.netdev | 7 +++ docs/misc/linux-bridge-vlan/br0.network | 8 +++ docs/misc/linux-bridge-vlan/enp0s0.network | 16 +++++ 4 files changed, 99 insertions(+) create mode 100644 docs/misc/linux-bridge-vlan/README create mode 100644 docs/misc/linux-bridge-vlan/br0.netdev create mode 100644 docs/misc/linux-bridge-vlan/br0.network create mode 100644 docs/misc/linux-bridge-vlan/enp0s0.network diff --git a/docs/misc/linux-bridge-vlan/README b/docs/misc/linux-bridge-vlan/README new file mode 100644 index 0000000000..9a048bca39 --- /dev/null +++ b/docs/misc/linux-bridge-vlan/README @@ -0,0 +1,68 @@ +Linux Xen Dom0 single bridge multiple VLAN configuration with systemd +===================================================================== + +Introduction +------------ + +This directory contains example files to be placed in /etc/systemd/network +to enable a single bridge with multiple VLAN support. + +The example is to support the scenario where the Xen host network interface +is connected to an Ethernet switch configured as a trunk port. Each domain +VIF can then be configured with one or more VLAN IDs, one of which will be +the PVID. + +The example files create a bridge device called br0, with a physical interface +called enp0s0. You will need to update this with your system's device name. + +Key points of the configuration are: + +1. In br0.netdev, VLANFiltering=on is set. This is required to ensure the + VLAN tags are handled correctly. If it is not set then the packets + from the VIF interfaces will not have the correct VLAN tags set. + +2. In br0.network, a system IPv4 address is configured that can be updated + according to your local network settings. + +3. In enp0s0.network, Bridge=br0 sets the bridge device to connect to. There + is also a [BridgeVLAN] section for each VLAN allowed on the external + interface. Note, if you want to create an internal VLAN private to the + host, do not include its VLAN ID in this file. + + +Domain configuration +-------------------- + +Add the vlan= keyword to the vif definition in the domain. The simplest +and most common example is a domain that wishes to connect to a single VLAN: + +vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10' ] + +If you wish to configure a domain to route between two VLANs, you have two +options. Option 1 is to create multiple interfaces on different VLANs: + +vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10', + 'max=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=20' ] + +Alternatively, you can create single interface: + +vif = [ 'mac=xx:xx:xx:xx:xx:xx, bridge=br0, vlan=10p/20' ] + +In the domain, you would, for example, use enX0 for VLAN 10 and enX0.20 for +VLAN 20. + + +Hints and tips +-------------- + +You can run the following commands on dom0 or a driver domain: + +1. To check if vlan_filtering is enabled: + # cat /sys/devices/virtual/net//bridge/vlan_filtering + +2. To check the bridge port VLAN assignments: + # bridge vlan + +3. To check the vlan setting in the xenstore (dom0 only): + # xenstore-ls -f | grep 'vlan =' + diff --git a/docs/misc/linux-bridge-vlan/br0.netdev b/docs/misc/linux-bridge-vlan/br0.netdev new file mode 100644 index 0000000000..ae1fe487c3 --- /dev/null +++ b/docs/misc/linux-bridge-vlan/br0.netdev @@ -0,0 +1,7 @@ +[NetDev] +Name=br0 +Kind=bridge +MACAddress=xx:xx:xx:xx:xx:xx + +[Bridge] +VLANFiltering=on diff --git a/docs/misc/linux-bridge-vlan/br0.network b/docs/misc/linux-bridge-vlan/br0.network new file mode 100644 index 0000000000..b56203b66a --- /dev/null +++ b/docs/misc/linux-bridge-vlan/br0.network @@ -0,0 +1,8 @@ +[Match] +Name=br0 + +[Network] +DNS=8.8.8.8 +#Domains=example.com +Address=10.1.1.10/24 +Gateway=10.1.1.1 diff --git a/docs/misc/linux-bridge-vlan/enp0s0.network b/docs/misc/linux-bridge-vlan/enp0s0.network new file mode 100644 index 0000000000..6ee3154dfc --- /dev/null +++ b/docs/misc/linux-bridge-vlan/enp0s0.network @@ -0,0 +1,16 @@ +[Match] +Name=enp0s0 + +[Network] +Bridge=br0 + +# If Jumbo frames are required +#[Link] +#MTUBytes=9000 + +[BridgeVLAN] +VLAN=10 + +[BridgeVLAN] +VLAN=20 +