community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update add-iptag.sh

Browse Source
This commit is contained in:
CanbiZ 2025-07-21 12:12:23 +02:00
parent 1617f334d5
commit 1f21b4dc86
1 changed files with 51 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
tools/pve/add-iptag.sh
View File

@ -194,12 +194,14 @@ CIDR_LIST=(
10.0.0.0/8 10.0.0.0/8
100.64.0.0/10 100.64.0.0/10
) )
# Enable or Disable IPv6 tagging
ENABLE_IPV6_TAGS=false
# Tag format options: # Tag format options:
# - "full": full IP address (e.g., 192.168.0.100) # - "full": full IP address (e.g., 192.168.0.100)
# - "last_octet": only the last octet (e.g., 100) # - "last_octet": only the last octet (e.g., 100)
# - "last_two_octets": last two octets (e.g., 0.100) # - "last_two_octets": last two octets (e.g., 0.100)
TAG_FORMAT="last_two_octets" TAG_FORMAT="full"
# Interval settings (in seconds) - optimized for lower CPU usage # Interval settings (in seconds) - optimized for lower CPU usage
LOOP_INTERVAL=300 LOOP_INTERVAL=300
@ -1088,14 +1090,23 @@ process_lxc_parallel() {
} }
# Optimized LXC IP detection with caching and alternative methods # Optimized LXC IP detection with caching and alternative methods
# -------------------------------------------
# Combined optimized LXC IP detection
# Keeps advanced debug logs & methods
# Adds IPv6 detection controlled by ENABLE_IPV6_TAGS
# -------------------------------------------
get_lxc_ips() { get_lxc_ips() {
local vmid=$1 local vmid=$1
local ips=""
local method_used=""
# status cache for container state
local status_cache_file="/tmp/iptag_lxc_status_${vmid}_cache" local status_cache_file="/tmp/iptag_lxc_status_${vmid}_cache"
local status_cache_ttl=${LXC_STATUS_CACHE_TTL:-30} local status_cache_ttl=${LXC_STATUS_CACHE_TTL:-30}
debug_log "lxc $vmid: starting extreme optimized IP detection" debug_log "lxc $vmid: starting combined IP detection"
# Check status cache first (avoid expensive pct status calls) # ----- STATUS CHECK -----
local lxc_status="" local lxc_status=""
if [[ -f "$status_cache_file" ]] && [[ $(($(date +%s) - $(stat -c %Y "$status_cache_file" 2>/dev/null || echo 0))) -lt $status_cache_ttl ]]; then if [[ -f "$status_cache_file" ]] && [[ $(($(date +%s) - $(stat -c %Y "$status_cache_file" 2>/dev/null || echo 0))) -lt $status_cache_ttl ]]; then
lxc_status=$(cat "$status_cache_file" 2>/dev/null) lxc_status=$(cat "$status_cache_file" 2>/dev/null)
@ -1111,74 +1122,48 @@ get_lxc_ips() {
return return
fi fi
local ips="" # ----- TRY CONFIG FOR STATIC IP -----
local method_used=""
# EXTREME Method 1: Direct Proxmox config inspection (super fast)
debug_log "lxc $vmid: trying direct Proxmox config inspection"
local pve_lxc_config="/etc/pve/lxc/${vmid}.conf" local pve_lxc_config="/etc/pve/lxc/${vmid}.conf"
if [[ -f "$pve_lxc_config" ]]; then if [[ -f "$pve_lxc_config" ]]; then
local static_ip=$(grep -E "^net[0-9]+:" "$pve_lxc_config" 2>/dev/null | grep -oE 'ip=([0-9]{1,3}\.){3}[0-9]{1,3}' | cut -d'=' -f2 | head -1) local static_ip=$(grep -E "^net[0-9]+:" "$pve_lxc_config" 2>/dev/null | grep -oE 'ip=([0-9]{1,3}\.){3}[0-9]{1,3}' | cut -d'=' -f2 | head -1)
debug_log "lxc $vmid: [CONFIG] static_ip='$static_ip' (from $pve_lxc_config)" debug_log "lxc $vmid: [CONFIG] static_ip='$static_ip'"
if [[ -n "$static_ip" && "$static_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then if [[ -n "$static_ip" && "$static_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
debug_log "lxc $vmid: found static IP $static_ip in Proxmox config"
ips="$static_ip" ips="$static_ip"
method_used="proxmox_config" method_used="proxmox_config"
fi fi
else
debug_log "lxc $vmid: [CONFIG] config file not found: $pve_lxc_config"
fi fi
# EXTREME Method 2: Direct network namespace inspection (fastest dynamic) # ----- NAMESPACE FAST PARSE -----
if [[ -z "$ips" ]]; then if [[ -z "$ips" ]]; then
debug_log "lxc $vmid: trying optimized namespace inspection"
local ns_file="/var/lib/lxc/${vmid}/rootfs/proc/net/fib_trie" local ns_file="/var/lib/lxc/${vmid}/rootfs/proc/net/fib_trie"
debug_log "lxc $vmid: trying namespace fib_trie"
if [[ -f "$ns_file" ]]; then if [[ -f "$ns_file" ]]; then
local ns_ip=$(timeout 1 grep -m1 -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' "$ns_file" 2>/dev/null | grep -v '127.0.0.1' | head -1) local ns_ip=$(timeout 1 grep -m1 -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' "$ns_file" 2>/dev/null | grep -v '127.0.0.1' | head -1)
debug_log "lxc $vmid: [NAMESPACE] ns_ip='$ns_ip'"
if [[ -n "$ns_ip" ]] && is_valid_ipv4 "$ns_ip"; then if [[ -n "$ns_ip" ]] && is_valid_ipv4 "$ns_ip"; then
debug_log "lxc $vmid: found IP $ns_ip via namespace inspection"
ips="$ns_ip" ips="$ns_ip"
method_used="namespace" method_used="namespace_fib"
debug_log "lxc $vmid: found IP via namespace: $ips"
fi fi
else
debug_log "lxc $vmid: [NAMESPACE] ns_file not found: $ns_file"
fi fi
fi fi
# EXTREME Method 3: Batch ARP table lookup (if namespace failed) # ----- ARP TABLE -----
if [[ -z "$ips" ]]; then if [[ -z "$ips" ]]; then
debug_log "lxc $vmid: trying batch ARP lookup" debug_log "lxc $vmid: trying ARP lookup"
local bridge_name=""; local mac_addr="" local mac_addr=$(grep -Eo 'hwaddr=([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}' "$pve_lxc_config" | head -1 | cut -d'=' -f2 | tr 'A-F' 'a-f')
if [[ -f "$pve_lxc_config" ]]; then if [[ -n "$mac_addr" ]]; then
bridge_name=$(grep -Eo 'bridge=[^,]+' "$pve_lxc_config" | head -1 | cut -d'=' -f2) local bridge_ip=$(ip neighbor show | grep "$mac_addr" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -1)
mac_addr=$(grep -Eo 'hwaddr=([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}' "$pve_lxc_config" | head -1 | cut -d'=' -f2)
debug_log "lxc $vmid: [ARP] bridge_name='$bridge_name' mac_addr='$mac_addr' (from $pve_lxc_config)"
fi
if [[ -z "$bridge_name" || -z "$mac_addr" ]]; then
local lxc_config="/var/lib/lxc/${vmid}/config"
if [[ -f "$lxc_config" ]]; then
[[ -z "$bridge_name" ]] && bridge_name=$(grep "lxc.net.0.link" "$lxc_config" 2>/dev/null | cut -d'=' -f2 | tr -d ' ')
[[ -z "$mac_addr" ]] && mac_addr=$(grep "lxc.net.0.hwaddr" "$lxc_config" 2>/dev/null | cut -d'=' -f2 | tr -d ' ')
debug_log "lxc $vmid: [ARP] bridge_name='$bridge_name' mac_addr='$mac_addr' (from $lxc_config)"
else
debug_log "lxc $vmid: [ARP] lxc config not found: $lxc_config"
fi
fi
if [[ -n "$bridge_name" && -n "$mac_addr" ]]; then
local bridge_ip=$(ip neighbor show dev "$bridge_name" 2>/dev/null | grep "$mac_addr" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -1)
debug_log "lxc $vmid: [ARP] bridge_ip='$bridge_ip'"
if [[ -n "$bridge_ip" && "$bridge_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then if [[ -n "$bridge_ip" && "$bridge_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
debug_log "lxc $vmid: found IP $bridge_ip via ARP table"
ips="$bridge_ip" ips="$bridge_ip"
method_used="arp_table" method_used="arp_table"
debug_log "lxc $vmid: found IP via ARP: $ips"
fi fi
fi fi
fi fi
# EXTREME Method 4: Fast process namespace (if ARP failed) # ----- PROCESS NAMESPACE (fast) -----
if [[ -z "$ips" ]] && [[ "${LXC_SKIP_SLOW_METHODS:-true}" != "true" ]]; then if [[ -z "$ips" && "${LXC_SKIP_SLOW_METHODS:-true}" != "true" ]]; then
debug_log "lxc $vmid: trying fast process namespace" debug_log "lxc $vmid: trying process namespace"
local pid_cache_file="/tmp/iptag_lxc_pid_${vmid}_cache" local pid_cache_file="/tmp/iptag_lxc_pid_${vmid}_cache"
local container_pid="" local container_pid=""
if [[ -f "$pid_cache_file" ]] && [[ $(($(date +%s) - $(stat -c %Y "$pid_cache_file" 2>/dev/null || echo 0))) -lt 60 ]]; then if [[ -f "$pid_cache_file" ]] && [[ $(($(date +%s) - $(stat -c %Y "$pid_cache_file" 2>/dev/null || echo 0))) -lt 60 ]]; then
@ -1187,54 +1172,47 @@ get_lxc_ips() {
container_pid=$(pct list 2>/dev/null | grep "^$vmid" | awk '{print $3}') container_pid=$(pct list 2>/dev/null | grep "^$vmid" | awk '{print $3}')
[[ -n "$container_pid" && "$container_pid" != "-" ]] && echo "$container_pid" > "$pid_cache_file" [[ -n "$container_pid" && "$container_pid" != "-" ]] && echo "$container_pid" > "$pid_cache_file"
fi fi
debug_log "lxc $vmid: [PROCESS_NS] container_pid='$container_pid'"
if [[ -n "$container_pid" && "$container_pid" != "-" ]]; then if [[ -n "$container_pid" && "$container_pid" != "-" ]]; then
local ns_ip=$(timeout 1 nsenter -t "$container_pid" -n ip -4 addr show 2>/dev/null | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v '127.0.0.1' | head -1) local ns_ip=$(timeout 1 nsenter -t "$container_pid" -n ip -4 addr show 2>/dev/null | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v '127.0.0.1' | head -1)
debug_log "lxc $vmid: [PROCESS_NS] ns_ip='$ns_ip'"
if [[ -n "$ns_ip" ]] && is_valid_ipv4 "$ns_ip"; then if [[ -n "$ns_ip" ]] && is_valid_ipv4 "$ns_ip"; then
debug_log "lxc $vmid: found IP $ns_ip via process namespace"
ips="$ns_ip" ips="$ns_ip"
method_used="process_ns" method_used="process_ns"
debug_log "lxc $vmid: found IP via process namespace: $ips"
fi fi
fi fi
fi fi
# Fallback: always do lxc-attach/pct exec with timeout if nothing found # ----- FORCED METHODS (attach/exec) -----
if [[ -z "$ips" && "${LXC_ALLOW_FORCED_COMMANDS:-true}" == "true" ]]; then if [[ -z "$ips" && "${LXC_ALLOW_FORCED_COMMANDS:-false}" == "true" ]]; then
debug_log "lxc $vmid: trying fallback lxc-attach (forced)" debug_log "lxc $vmid: trying forced pct exec"
local attach_ip="" local pct_ip=$(timeout 7s pct exec "$vmid" -- ip -4 addr show 2>/dev/null | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v '127.0.0.1' | head -1)
attach_ip=$(timeout 7s lxc-attach -n "$vmid" -- ip -4 addr show 2>/dev/null | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v '127.0.0.1' | head -1)
local attach_status=$?
debug_log "lxc $vmid: [LXC_ATTACH] attach_ip='$attach_ip' status=$attach_status"
if [[ $attach_status -eq 124 ]]; then
debug_log "lxc $vmid: lxc-attach timed out after 7s"
fi
if [[ -n "$attach_ip" ]] && is_valid_ipv4 "$attach_ip"; then
debug_log "lxc $vmid: found IP $attach_ip via lxc-attach (forced)"
ips="$attach_ip"
method_used="lxc_attach_forced"
fi
fi
if [[ -z "$ips" && "${LXC_ALLOW_FORCED_COMMANDS:-true}" == "true" ]]; then
debug_log "lxc $vmid: trying fallback pct exec (forced)"
local pct_ip=""
pct_ip=$(timeout 7s pct exec "$vmid" -- ip -4 addr show 2>/dev/null | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v '127.0.0.1' | head -1)
local pct_status=$?
debug_log "lxc $vmid: [PCT_EXEC] pct_ip='$pct_ip' status=$pct_status"
if [[ $pct_status -eq 124 ]]; then
debug_log "lxc $vmid: pct exec timed out after 7s"
fi
if [[ -n "$pct_ip" ]] && is_valid_ipv4 "$pct_ip"; then if [[ -n "$pct_ip" ]] && is_valid_ipv4 "$pct_ip"; then
debug_log "lxc $vmid: found IP $pct_ip via pct exec (forced)"
ips="$pct_ip" ips="$pct_ip"
method_used="pct_exec_forced" method_used="pct_exec_forced"
debug_log "lxc $vmid: found IP via pct exec: $ips"
fi fi
fi fi
# ----- OPTIONAL IPv6 detection -----
if [[ -z "$ips" && "${ENABLE_IPV6_TAGS,,}" == "true" ]]; then
debug_log "lxc $vmid: trying IPv6 neighbor lookup"
local mac_addr=$(grep -Eo 'hwaddr=([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}' "$pve_lxc_config" | head -1 | cut -d'=' -f2 | tr 'A-F' 'a-f')
if [[ -n "$mac_addr" ]]; then
local ipv6=$(ip -6 neighbor show | grep -i "$mac_addr" | grep -oE '([0-9a-fA-F:]+:+)+' | head -1)
if [[ -n "$ipv6" ]]; then
ips="$ipv6"
method_used="ipv6_neighbor"
debug_log "lxc $vmid: found IPv6: $ips"
fi
fi
fi
# ----- FINAL RESULT -----
debug_log "lxc $vmid: [RESULT] ips='$ips' method='$method_used'" debug_log "lxc $vmid: [RESULT] ips='$ips' method='$method_used'"
echo "$ips" echo "$ips"
} }
main main
EOF EOF
} }