From c1a0d08518a08b3a37eff6609e2f7385f16600f1 Mon Sep 17 00:00:00 2001
From: Leigh Brown <leigh@solinno.co.uk>
Date: Wed, 8 Jan 2025 13:31:29 +0000
Subject: [PATCH] Enable vlan support for standard linux bridges

Adjust domain and network validation to permit vlan configuration on
standard linux bridges.

Update calls to virNetDevBridgeAddPort to pass the vlan configuration.

Signed-off-by: Leigh Brown <leigh@solinno.co.uk>
Reviewed-by: Laine Stump <laine@redhat.com>
---
 src/conf/domain_validate.c  |  3 ++-
 src/lxc/lxc_process.c       |  2 +-
 src/network/bridge_driver.c | 13 ++++++++-----
 src/util/virnetdevtap.c     |  2 +-
 4 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 1034bb57f5..6aed74dd8d 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2077,7 +2077,8 @@ virDomainActualNetDefValidate(const virDomainNetDef *net)
               (actualType == VIR_DOMAIN_NET_TYPE_DIRECT &&
                virDomainNetGetActualDirectMode(net) == VIR_NETDEV_MACVLAN_MODE_PASSTHRU) ||
               (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE &&
-               vport  && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH))) {
+               vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
+              (actualType == VIR_DOMAIN_NET_TYPE_BRIDGE && !vport))) {
             virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
                            _("interface %1$s - vlan tag not supported for this connection type"),
                            macstr);
diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
index 7c760cec40..d785244dde 100644
--- a/src/lxc/lxc_process.c
+++ b/src/lxc/lxc_process.c
@@ -289,7 +289,7 @@ virLXCProcessSetupInterfaceTap(virDomainDef *vm,
                                             vport, virDomainNetGetActualVlan(net)) < 0)
                 return NULL;
         } else {
-            if (virNetDevBridgeAddPort(brname, parentVeth, NULL) < 0)
+            if (virNetDevBridgeAddPort(brname, parentVeth, virDomainNetGetActualVlan(net)) < 0)
                 return NULL;
 
             if (virDomainNetGetActualPortOptionsIsolated(net) == VIR_TRISTATE_BOOL_YES &&
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index ce793c12ef..8f47ef2574 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -2999,7 +2999,8 @@ networkValidate(virNetworkDriverState *driver,
 
     /* The only type of networks that currently support transparent
      * vlan configuration are those using hostdev sr-iov devices from
-     * a pool, and those using an Open vSwitch bridge.
+     * a pool, those using an Open vSwitch bridge, and standard linux
+     * bridges.
      */
 
     vlanAllowed = (def->forward.type == VIR_NETWORK_FORWARD_HOSTDEV ||
@@ -3007,15 +3008,17 @@ networkValidate(virNetworkDriverState *driver,
                    (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
                     def->virtPortProfile &&
                     def->virtPortProfile->virtPortType
-                    == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH));
+                    == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ||
+                   (def->forward.type == VIR_NETWORK_FORWARD_BRIDGE &&
+                    !def->virtPortProfile));
 
     vlanUsed = def->vlan.nTags > 0;
     for (i = 0; i < def->nPortGroups; i++) {
         if (vlanUsed || def->portGroups[i].vlan.nTags > 0) {
             /* anyone using this portgroup will get a vlan tag. Verify
-             * that they will also be using an openvswitch connection,
-             * as that is the only type of network that currently
-             * supports a vlan tag.
+             * that they will also be using an openvswitch connection
+             * or a standard linux bridge as they are the only types of
+             * network that currently support a vlan tag.
              */
             if (def->portGroups[i].virtPortProfile) {
                 if (def->forward.type != VIR_NETWORK_FORWARD_BRIDGE ||
diff --git a/src/util/virnetdevtap.c b/src/util/virnetdevtap.c
index a9573eb8e1..1dc77f0f5c 100644
--- a/src/util/virnetdevtap.c
+++ b/src/util/virnetdevtap.c
@@ -483,7 +483,7 @@ virNetDevTapAttachBridge(const char *tapname,
                 return -1;
         }
     } else {
-        if (virNetDevBridgeAddPort(brname, tapname, NULL) < 0)
+        if (virNetDevBridgeAddPort(brname, tapname, virtVlan) < 0)
             return -1;
 
         if (isolatedPort == VIR_TRISTATE_BOOL_YES &&