[PATCH v3] VLAN: Do not allow bridge to be the trunk device
From: Zhou Zheng Sheng <zhshzhou@linux.vnet.ibm.com> In Linux networking, a usual VLAN + bridge network setup is as the following. eth0 |-> eth0.10 -> br10 -> vnet101, vnet102, ... |-> eth0.20 -> br20 -> vnet201, vnet202, ... While the eth0 trunk and VLAN interfaces provide the isolation service, the bridges provide the switching inside the respective VLAN. It's not very useful to have a bridge device as the trunk because the VLAN interfaces on a trunk should be isolated. This patch contains changes to the back-end and front-end. The back-end checks if the front-end submits an invalid setup to use a bridge as the VLAN trunk device and raises exception. Before this patch, if the user creates a bridged network over an existing bridge with VLAN tag set. The back-end just ignores the VLAN and creates an ordinary bridged network. After this patch, the back-end raises an exception with an explanation in this case. The front-end also checks the currently selected interface type. If the selected interface is a bridge, it disables the vlan check box, otherwise it enables the vlan check box. V2 Add front-end code to disable vlan check box if the selected interface is a bridge. V3 Clear the vlan check box and vlan id input box value when disabling them. Signed-off-by: Zhou Zheng Sheng <zhshzhou@linux.vnet.ibm.com> --- src/kimchi/i18n.py | 1 + src/kimchi/model/networks.py | 2 ++ ui/js/src/kimchi.network.js | 14 ++++++++++++++ 3 files changed, 17 insertions(+) diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py index 589c8cb..b463bd1 100644 --- a/src/kimchi/i18n.py +++ b/src/kimchi/i18n.py @@ -182,6 +182,7 @@ messages = { "KCHNET0016E": _("Specify name and type to create a Network"), "KCHNET0017E": _("Unable to delete network %(name)s. There are some virtual machines and/or templates linked to this network."), "KCHNET0018E": _("Unable to deactivate network %(name)s. There are some virtual machines and/or templates linked to this network."), + "KCHNET0019E": _("Bridge device %(name)s can not be the trunk device of a VLAN."), "KCHDR0001E": _("Debug report %(name)s does not exist"), "KCHDR0002E": _("Debug report tool not found in system"), diff --git a/src/kimchi/model/networks.py b/src/kimchi/model/networks.py index 27abd54..7872a73 100644 --- a/src/kimchi/model/networks.py +++ b/src/kimchi/model/networks.py @@ -151,6 +151,8 @@ class NetworksModel(object): raise MissingParameter("KCHNET0004E", {'name': params['name']}) if netinfo.is_bridge(iface): + if 'vlan_id' in params: + raise InvalidParameter('KCHNET0019E', {'name': iface}) params['bridge'] = iface elif netinfo.is_bare_nic(iface) or netinfo.is_bonding(iface): if params.get('vlan_id') is None: diff --git a/ui/js/src/kimchi.network.js b/ui/js/src/kimchi.network.js index 7c4bc77..1642b99 100644 --- a/ui/js/src/kimchi.network.js +++ b/ui/js/src/kimchi.network.js @@ -215,10 +215,24 @@ kimchi.initNetworkDialog = function() { kimchi.openNetworkDialog = function(okCallback) { kimchi.getInterfaces(function(result) { var options = ""; + var nics = {}; for (var i = 0; i < result.length; i++) { options += "<option value=" + result[i].name + ">" + result[i].name + "</option>"; + nics[result[i].name] = result[i]; } $("#networkInterface").append(options); + onChange = function() { + if (nics[$("#networkInterface").val()].type === "bridge") { + $("#enableVlan").prop("checked", false); + $("#enableVlan").prop("disabled", true); + $("#networkVlanID").val(""); + $("#networkVlanID").prop("disabled", true); + } else { + $("#enableVlan").prop("disabled", false); + } + }; + $("#networkInterface").on("change", onChange); + onChange(); kimchi.setDefaultNetworkType(result.length!==0); }); $("#networkConfig").dialog({ -- 1.8.5.3
Reviewed-by: ShaoHe Feng <shaohef@linux.vnet.ibm.com> On 03/19/2014 04:09 PM, zhshzhou@linux.vnet.ibm.com wrote:
From: Zhou Zheng Sheng <zhshzhou@linux.vnet.ibm.com>
In Linux networking, a usual VLAN + bridge network setup is as the following.
eth0 |-> eth0.10 -> br10 -> vnet101, vnet102, ... |-> eth0.20 -> br20 -> vnet201, vnet202, ...
While the eth0 trunk and VLAN interfaces provide the isolation service, the bridges provide the switching inside the respective VLAN.
It's not very useful to have a bridge device as the trunk because the VLAN interfaces on a trunk should be isolated.
This patch contains changes to the back-end and front-end.
The back-end checks if the front-end submits an invalid setup to use a bridge as the VLAN trunk device and raises exception.
Before this patch, if the user creates a bridged network over an existing bridge with VLAN tag set. The back-end just ignores the VLAN and creates an ordinary bridged network. After this patch, the back-end raises an exception with an explanation in this case.
The front-end also checks the currently selected interface type. If the selected interface is a bridge, it disables the vlan check box, otherwise it enables the vlan check box.
V2 Add front-end code to disable vlan check box if the selected interface is a bridge.
V3 Clear the vlan check box and vlan id input box value when disabling them.
Signed-off-by: Zhou Zheng Sheng <zhshzhou@linux.vnet.ibm.com> --- src/kimchi/i18n.py | 1 + src/kimchi/model/networks.py | 2 ++ ui/js/src/kimchi.network.js | 14 ++++++++++++++ 3 files changed, 17 insertions(+)
diff --git a/src/kimchi/i18n.py b/src/kimchi/i18n.py index 589c8cb..b463bd1 100644 --- a/src/kimchi/i18n.py +++ b/src/kimchi/i18n.py @@ -182,6 +182,7 @@ messages = { "KCHNET0016E": _("Specify name and type to create a Network"), "KCHNET0017E": _("Unable to delete network %(name)s. There are some virtual machines and/or templates linked to this network."), "KCHNET0018E": _("Unable to deactivate network %(name)s. There are some virtual machines and/or templates linked to this network."), + "KCHNET0019E": _("Bridge device %(name)s can not be the trunk device of a VLAN."),
"KCHDR0001E": _("Debug report %(name)s does not exist"), "KCHDR0002E": _("Debug report tool not found in system"), diff --git a/src/kimchi/model/networks.py b/src/kimchi/model/networks.py index 27abd54..7872a73 100644 --- a/src/kimchi/model/networks.py +++ b/src/kimchi/model/networks.py @@ -151,6 +151,8 @@ class NetworksModel(object): raise MissingParameter("KCHNET0004E", {'name': params['name']})
if netinfo.is_bridge(iface): + if 'vlan_id' in params: + raise InvalidParameter('KCHNET0019E', {'name': iface}) params['bridge'] = iface elif netinfo.is_bare_nic(iface) or netinfo.is_bonding(iface): if params.get('vlan_id') is None: diff --git a/ui/js/src/kimchi.network.js b/ui/js/src/kimchi.network.js index 7c4bc77..1642b99 100644 --- a/ui/js/src/kimchi.network.js +++ b/ui/js/src/kimchi.network.js @@ -215,10 +215,24 @@ kimchi.initNetworkDialog = function() { kimchi.openNetworkDialog = function(okCallback) { kimchi.getInterfaces(function(result) { var options = ""; + var nics = {}; for (var i = 0; i < result.length; i++) { options += "<option value=" + result[i].name + ">" + result[i].name + "</option>"; + nics[result[i].name] = result[i]; } $("#networkInterface").append(options); + onChange = function() { + if (nics[$("#networkInterface").val()].type === "bridge") { + $("#enableVlan").prop("checked", false); + $("#enableVlan").prop("disabled", true); + $("#networkVlanID").val(""); + $("#networkVlanID").prop("disabled", true); + } else { + $("#enableVlan").prop("disabled", false); + } + }; + $("#networkInterface").on("change", onChange); + onChange(); kimchi.setDefaultNetworkType(result.length!==0); }); $("#networkConfig").dialog({
-- Thanks and best regards! Sheldon Feng(冯少合)<shaohef@linux.vnet.ibm.com> IBM Linux Technology Center
participants (3)
-
Aline Manera -
Sheldon -
zhshzhou@linux.vnet.ibm.com