support full vlan:priv option

threefoldtech · Oct 18, 2023 · 77c9e62 · 77c9e62
1 parent 5f0f884
commit 77c9e62
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/cmds/internet/main.go b/cmds/internet/main.go
@@ -113,6 +113,20 @@ func check() error {
 	return backoff.RetryNotify(f, backoff.NewExponentialBackOff(), errHandler)
 }
 
+/*
+*
+configureZOS boots strap the private zos network (private subnet) it goes as follows:
+  - Find a physical interface that can get an IPv4 over dhcp
+  - Once interface is found, a bridge called `zos` is created, then the interface that was
+    found in previous step is attached to the zos bridge.
+  - Bridge and interface are brought UP then a dhcp daemon is started on the zos to get an IP.
+
+In case there is a priv vlan is configured (kernel param vlan:priv=<id>) it is basically the same as
+before but with the next twist:
+- During probing of the interface, probing done on that vlan
+- ZOS is added to vlan as `bridge vlan add vid <id> dev zos pvid self untagged`
+- link is added to vlan as `bridge vlan add vid <id> dev <link>`
+*/
 func configureZOS() error {
 
 	env := environment.MustGet()
@@ -138,7 +152,7 @@ func configureZOS() error {
 		}
 
 		log.Info().Str("interface", zosChild).Msg("selecting interface")
-		br, err := bootstrap.CreateDefaultBridge(types.DefaultBridge)
+		br, err := bootstrap.CreateDefaultBridge(types.DefaultBridge, env.PrivVlan)
 		if err != nil {
 			return err
 		}
@@ -171,6 +185,18 @@ func configureZOS() error {
 			return errors.Wrapf(err, "could not bring %s up", zosChild)
 		}
 
+		if env.PrivVlan != nil {
+			// remove default
+			if err := netlink.BridgeVlanDel(link, 1, true, true, false, false); err != nil {
+				return errors.Wrapf(err, "failed to delete default vlan on device '%s'", link.Attrs().Name)
+			}
+
+			// add new vlan
+			if err := netlink.BridgeVlanAdd(link, *env.PrivVlan, false, false, false, false); err != nil {
+				return errors.Wrapf(err, "failed to set vlan on device '%s'", link.Attrs().Name)
+			}
+		}
+
 		dhcpService := dhcp.NewService(types.DefaultBridge, "", zinit.Default())
 		if err := dhcpService.DestroyOlderService(); err != nil {
 			log.Error().Err(err).Msgf("failed to destory older %s service", dhcpService.Name)

diff --git a/pkg/network/bootstrap/bridge.go b/pkg/network/bootstrap/bridge.go
@@ -52,7 +52,7 @@ func DefaultBridgeValid() error {
 
 // CreateDefaultBridge creates the default bridge of the node that will received
 // the management interface
-func CreateDefaultBridge(name string) (*netlink.Bridge, error) {
+func CreateDefaultBridge(name string, vlan *uint16) (*netlink.Bridge, error) {
 	log.Info().Msg("Create default bridge")
 	br, err := bridge.New(name)
 	if err != nil {
@@ -67,5 +67,17 @@ func CreateDefaultBridge(name string) (*netlink.Bridge, error) {
 		return nil, errors.Wrapf(err, "failed to disable ipv6 forwarding")
 	}
 
+	if vlan == nil {
+		return br, nil
+	}
+
+	if err := netlink.BridgeVlanDel(br, 1, true, true, true, false); err != nil {
+		return nil, errors.Wrap(err, "failed to delete default vlan tag")
+	}
+
+	if err := netlink.BridgeVlanAdd(br, *vlan, true, true, true, false); err != nil {
+		return nil, errors.Wrap(err, "failed to set vlan for priv network")
+	}
+
 	return br, nil
 }