]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
7951dea2 | 2 | /*** |
96b2fb93 | 3 | Copyright © 2014 Susant Sahani |
7951dea2 SS |
4 | ***/ |
5 | ||
7951dea2 SS |
6 | #include <arpa/inet.h> |
7 | #include <net/if.h> | |
8 | #include <linux/ip.h> | |
9 | #include <linux/if_tunnel.h> | |
855ee1a1 | 10 | #include <linux/ip6_tunnel.h> |
7951dea2 | 11 | |
1c4baffc | 12 | #include "sd-netlink.h" |
07630cea LP |
13 | |
14 | #include "conf-parser.h" | |
15 | #include "missing.h" | |
0b1831c2 | 16 | #include "networkd-link.h" |
441e9ae4 | 17 | #include "netdev/tunnel.h" |
6bedfcbb | 18 | #include "parse-util.h" |
8b43440b | 19 | #include "string-table.h" |
07630cea | 20 | #include "string-util.h" |
7951dea2 SS |
21 | #include "util.h" |
22 | ||
855ee1a1 | 23 | #define DEFAULT_TNL_HOP_LIMIT 64 |
8e38570e | 24 | #define IP6_FLOWINFO_FLOWLABEL htobe32(0x000FFFFF) |
3a4f3e42 | 25 | #define IP6_TNL_F_ALLOW_LOCAL_REMOTE 0x40 |
855ee1a1 SS |
26 | |
27 | static const char* const ip6tnl_mode_table[_NETDEV_IP6_TNL_MODE_MAX] = { | |
28 | [NETDEV_IP6_TNL_MODE_IP6IP6] = "ip6ip6", | |
73b23bea | 29 | [NETDEV_IP6_TNL_MODE_IPIP6] = "ipip6", |
855ee1a1 SS |
30 | [NETDEV_IP6_TNL_MODE_ANYIP6] = "any", |
31 | }; | |
32 | ||
33 | DEFINE_STRING_TABLE_LOOKUP(ip6tnl_mode, Ip6TnlMode); | |
34 | DEFINE_CONFIG_PARSE_ENUM(config_parse_ip6tnl_mode, ip6tnl_mode, Ip6TnlMode, "Failed to parse ip6 tunnel Mode"); | |
35 | ||
1c4baffc | 36 | static int netdev_ipip_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
aa9f1140 | 37 | Tunnel *t = IPIP(netdev); |
7951dea2 SS |
38 | int r; |
39 | ||
3be1d7e0 | 40 | assert(netdev); |
7951dea2 | 41 | assert(m); |
aa9f1140 | 42 | assert(t); |
07dcb085 | 43 | assert(IN_SET(t->family, AF_INET, AF_UNSPEC)); |
7951dea2 | 44 | |
4d7fa6de SS |
45 | if (link) { |
46 | r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex); | |
47 | if (r < 0) | |
48 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m"); | |
4d7fa6de | 49 | } |
7951dea2 | 50 | |
1c4baffc | 51 | r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &t->local.in); |
5289f3ff SS |
52 | if (r < 0) |
53 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m"); | |
7951dea2 | 54 | |
1c4baffc | 55 | r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in); |
5289f3ff SS |
56 | if (r < 0) |
57 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m"); | |
7951dea2 | 58 | |
1c4baffc | 59 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl); |
5289f3ff SS |
60 | if (r < 0) |
61 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m"); | |
9ae70211 | 62 | |
1c4baffc | 63 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PMTUDISC, t->pmtudisc); |
5289f3ff SS |
64 | if (r < 0) |
65 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m"); | |
9243e967 | 66 | |
7951dea2 SS |
67 | return r; |
68 | } | |
69 | ||
1c4baffc | 70 | static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
aa9f1140 | 71 | Tunnel *t = SIT(netdev); |
abf446af SS |
72 | int r; |
73 | ||
3be1d7e0 | 74 | assert(netdev); |
abf446af | 75 | assert(m); |
aa9f1140 | 76 | assert(t); |
07dcb085 | 77 | assert(IN_SET(t->family, AF_INET, AF_UNSPEC)); |
abf446af | 78 | |
4d7fa6de SS |
79 | if (link) { |
80 | r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex); | |
81 | if (r < 0) | |
82 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m"); | |
4d7fa6de | 83 | } |
abf446af | 84 | |
1c4baffc | 85 | r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_LOCAL, &t->local.in); |
5289f3ff SS |
86 | if (r < 0) |
87 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m"); | |
abf446af | 88 | |
1c4baffc | 89 | r = sd_netlink_message_append_in_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in); |
5289f3ff SS |
90 | if (r < 0) |
91 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m"); | |
abf446af | 92 | |
1c4baffc | 93 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl); |
5289f3ff SS |
94 | if (r < 0) |
95 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m"); | |
a9f434cf | 96 | |
1c4baffc | 97 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PMTUDISC, t->pmtudisc); |
5289f3ff SS |
98 | if (r < 0) |
99 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m"); | |
436b910f | 100 | |
abf446af SS |
101 | return r; |
102 | } | |
103 | ||
1c4baffc | 104 | static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
1af2536a | 105 | Tunnel *t; |
8bb088c5 SS |
106 | int r; |
107 | ||
3be1d7e0 | 108 | assert(netdev); |
1af2536a SS |
109 | |
110 | if (netdev->kind == NETDEV_KIND_GRE) | |
5289f3ff | 111 | t = GRE(netdev); |
1af2536a | 112 | else |
5289f3ff | 113 | t = GRETAP(netdev); |
1af2536a | 114 | |
aa9f1140 | 115 | assert(t); |
07dcb085 | 116 | assert(IN_SET(t->family, AF_INET, AF_UNSPEC)); |
1af2536a | 117 | assert(m); |
8bb088c5 | 118 | |
4d7fa6de SS |
119 | if (link) { |
120 | r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex); | |
121 | if (r < 0) | |
122 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m"); | |
123 | } | |
8bb088c5 | 124 | |
1c4baffc | 125 | r = sd_netlink_message_append_in_addr(m, IFLA_GRE_LOCAL, &t->local.in); |
5289f3ff SS |
126 | if (r < 0) |
127 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m"); | |
8bb088c5 | 128 | |
1c4baffc | 129 | r = sd_netlink_message_append_in_addr(m, IFLA_GRE_REMOTE, &t->remote.in); |
5289f3ff SS |
130 | if (r < 0) |
131 | log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m"); | |
8bb088c5 | 132 | |
1c4baffc | 133 | r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl); |
5289f3ff SS |
134 | if (r < 0) |
135 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m"); | |
8bb088c5 | 136 | |
1c4baffc | 137 | r = sd_netlink_message_append_u8(m, IFLA_GRE_TOS, t->tos); |
5289f3ff SS |
138 | if (r < 0) |
139 | log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TOS attribute: %m"); | |
8bb088c5 | 140 | |
1c4baffc | 141 | r = sd_netlink_message_append_u8(m, IFLA_GRE_PMTUDISC, t->pmtudisc); |
5289f3ff SS |
142 | if (r < 0) |
143 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_PMTUDISC attribute: %m"); | |
9243e967 | 144 | |
8bb088c5 SS |
145 | return r; |
146 | } | |
147 | ||
1c4baffc | 148 | static int netdev_ip6gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
b16492f8 SS |
149 | Tunnel *t; |
150 | int r; | |
151 | ||
152 | assert(netdev); | |
153 | ||
154 | if (netdev->kind == NETDEV_KIND_IP6GRE) | |
5289f3ff | 155 | t = IP6GRE(netdev); |
b16492f8 | 156 | else |
5289f3ff | 157 | t = IP6GRETAP(netdev); |
b16492f8 SS |
158 | |
159 | assert(t); | |
160 | assert(t->family == AF_INET6); | |
b16492f8 SS |
161 | assert(m); |
162 | ||
4d7fa6de SS |
163 | if (link) { |
164 | r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex); | |
165 | if (r < 0) | |
166 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m"); | |
167 | } | |
b16492f8 | 168 | |
1c4baffc | 169 | r = sd_netlink_message_append_in6_addr(m, IFLA_GRE_LOCAL, &t->local.in6); |
5289f3ff SS |
170 | if (r < 0) |
171 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m"); | |
b16492f8 | 172 | |
1c4baffc | 173 | r = sd_netlink_message_append_in6_addr(m, IFLA_GRE_REMOTE, &t->remote.in6); |
5289f3ff SS |
174 | if (r < 0) |
175 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m"); | |
b16492f8 | 176 | |
1c4baffc | 177 | r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl); |
5289f3ff SS |
178 | if (r < 0) |
179 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m"); | |
b16492f8 | 180 | |
54a9d20c SS |
181 | if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) { |
182 | r = sd_netlink_message_append_u32(m, IFLA_GRE_FLOWINFO, t->ipv6_flowlabel); | |
183 | if (r < 0) | |
184 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_FLOWINFO attribute: %m"); | |
185 | } | |
186 | ||
187 | r = sd_netlink_message_append_u32(m, IFLA_GRE_FLAGS, t->flags); | |
188 | if (r < 0) | |
189 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_FLAGS attribute: %m"); | |
190 | ||
b16492f8 SS |
191 | return r; |
192 | } | |
193 | ||
1d710029 | 194 | static int netdev_vti_fill_message_key(NetDev *netdev, Link *link, sd_netlink_message *m) { |
1d710029 | 195 | uint32_t ikey, okey; |
59f62519 | 196 | Tunnel *t; |
1d710029 SS |
197 | int r; |
198 | ||
1d710029 | 199 | assert(m); |
59f62519 SS |
200 | |
201 | if (netdev->kind == NETDEV_KIND_VTI) | |
202 | t = VTI(netdev); | |
203 | else | |
204 | t = VTI6(netdev); | |
205 | ||
1d710029 SS |
206 | assert(t); |
207 | ||
208 | if (t->key != 0) | |
209 | ikey = okey = htobe32(t->key); | |
210 | else { | |
211 | ikey = htobe32(t->ikey); | |
212 | okey = htobe32(t->okey); | |
213 | } | |
214 | ||
215 | r = sd_netlink_message_append_u32(m, IFLA_VTI_IKEY, ikey); | |
216 | if (r < 0) | |
217 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_VTI_IKEY attribute: %m"); | |
218 | ||
219 | r = sd_netlink_message_append_u32(m, IFLA_VTI_OKEY, okey); | |
220 | if (r < 0) | |
221 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_VTI_OKEY attribute: %m"); | |
222 | ||
223 | return 0; | |
224 | } | |
225 | ||
1c4baffc | 226 | static int netdev_vti_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
aa9f1140 | 227 | Tunnel *t = VTI(netdev); |
a613382b SS |
228 | int r; |
229 | ||
3be1d7e0 | 230 | assert(netdev); |
a613382b | 231 | assert(m); |
aa9f1140 TG |
232 | assert(t); |
233 | assert(t->family == AF_INET); | |
a613382b | 234 | |
4d7fa6de SS |
235 | if (link) { |
236 | r = sd_netlink_message_append_u32(m, IFLA_VTI_LINK, link->ifindex); | |
237 | if (r < 0) | |
238 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m"); | |
239 | } | |
a613382b | 240 | |
1d710029 SS |
241 | r = netdev_vti_fill_message_key(netdev, link, m); |
242 | if (r < 0) | |
243 | return r; | |
244 | ||
1c4baffc | 245 | r = sd_netlink_message_append_in_addr(m, IFLA_VTI_LOCAL, &t->local.in); |
5289f3ff SS |
246 | if (r < 0) |
247 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m"); | |
a613382b | 248 | |
1c4baffc | 249 | r = sd_netlink_message_append_in_addr(m, IFLA_VTI_REMOTE, &t->remote.in); |
5289f3ff SS |
250 | if (r < 0) |
251 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m"); | |
a613382b | 252 | |
a613382b SS |
253 | return r; |
254 | } | |
8bb088c5 | 255 | |
1c4baffc | 256 | static int netdev_vti6_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
9011ce77 SS |
257 | Tunnel *t = VTI6(netdev); |
258 | int r; | |
259 | ||
260 | assert(netdev); | |
9011ce77 SS |
261 | assert(m); |
262 | assert(t); | |
263 | assert(t->family == AF_INET6); | |
264 | ||
4d7fa6de SS |
265 | if (link) { |
266 | r = sd_netlink_message_append_u32(m, IFLA_VTI_LINK, link->ifindex); | |
267 | if (r < 0) | |
268 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m"); | |
269 | } | |
9011ce77 | 270 | |
1d710029 SS |
271 | r = netdev_vti_fill_message_key(netdev, link, m); |
272 | if (r < 0) | |
273 | return r; | |
274 | ||
1c4baffc | 275 | r = sd_netlink_message_append_in6_addr(m, IFLA_VTI_LOCAL, &t->local.in6); |
9011ce77 SS |
276 | if (r < 0) |
277 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m"); | |
278 | ||
1c4baffc | 279 | r = sd_netlink_message_append_in6_addr(m, IFLA_VTI_REMOTE, &t->remote.in6); |
9011ce77 SS |
280 | if (r < 0) |
281 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m"); | |
282 | ||
283 | return r; | |
284 | } | |
285 | ||
1c4baffc | 286 | static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) { |
855ee1a1 SS |
287 | Tunnel *t = IP6TNL(netdev); |
288 | uint8_t proto; | |
289 | int r; | |
290 | ||
291 | assert(netdev); | |
855ee1a1 SS |
292 | assert(m); |
293 | assert(t); | |
294 | assert(t->family == AF_INET6); | |
295 | ||
4d7fa6de SS |
296 | if (link) { |
297 | r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex); | |
298 | if (r < 0) | |
299 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m"); | |
300 | } | |
855ee1a1 | 301 | |
1c4baffc | 302 | r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_LOCAL, &t->local.in6); |
5289f3ff SS |
303 | if (r < 0) |
304 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m"); | |
855ee1a1 | 305 | |
1c4baffc | 306 | r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in6); |
5289f3ff SS |
307 | if (r < 0) |
308 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m"); | |
855ee1a1 | 309 | |
1c4baffc | 310 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl); |
5289f3ff SS |
311 | if (r < 0) |
312 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m"); | |
855ee1a1 | 313 | |
407af9dd SS |
314 | if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) { |
315 | r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLOWINFO, t->ipv6_flowlabel); | |
316 | if (r < 0) | |
317 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLOWINFO attribute: %m"); | |
318 | } | |
319 | ||
a9b70f9d | 320 | if (t->copy_dscp) |
ec2a3e3a SS |
321 | t->flags |= IP6_TNL_F_RCV_DSCP_COPY; |
322 | ||
3a4f3e42 SS |
323 | if (t->allow_localremote != -1) |
324 | SET_FLAG(t->flags, IP6_TNL_F_ALLOW_LOCAL_REMOTE, t->allow_localremote); | |
325 | ||
b4828886 SS |
326 | if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) { |
327 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit); | |
328 | if (r < 0) | |
329 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_ENCAP_LIMIT attribute: %m"); | |
330 | } | |
331 | ||
407af9dd SS |
332 | r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLAGS, t->flags); |
333 | if (r < 0) | |
334 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m"); | |
335 | ||
855ee1a1 SS |
336 | switch (t->ip6tnl_mode) { |
337 | case NETDEV_IP6_TNL_MODE_IP6IP6: | |
338 | proto = IPPROTO_IPV6; | |
339 | break; | |
340 | case NETDEV_IP6_TNL_MODE_IPIP6: | |
341 | proto = IPPROTO_IPIP; | |
342 | break; | |
343 | case NETDEV_IP6_TNL_MODE_ANYIP6: | |
344 | default: | |
345 | proto = 0; | |
346 | break; | |
347 | } | |
348 | ||
1c4baffc | 349 | r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PROTO, proto); |
5289f3ff SS |
350 | if (r < 0) |
351 | return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_MODE attribute: %m"); | |
855ee1a1 SS |
352 | |
353 | return r; | |
354 | } | |
355 | ||
3be1d7e0 | 356 | static int netdev_tunnel_verify(NetDev *netdev, const char *filename) { |
aa9f1140 TG |
357 | Tunnel *t = NULL; |
358 | ||
7951dea2 | 359 | assert(netdev); |
3be1d7e0 | 360 | assert(filename); |
7951dea2 | 361 | |
aa9f1140 TG |
362 | switch (netdev->kind) { |
363 | case NETDEV_KIND_IPIP: | |
364 | t = IPIP(netdev); | |
365 | break; | |
366 | case NETDEV_KIND_SIT: | |
367 | t = SIT(netdev); | |
368 | break; | |
369 | case NETDEV_KIND_GRE: | |
370 | t = GRE(netdev); | |
371 | break; | |
1af2536a SS |
372 | case NETDEV_KIND_GRETAP: |
373 | t = GRETAP(netdev); | |
374 | break; | |
b16492f8 SS |
375 | case NETDEV_KIND_IP6GRE: |
376 | t = IP6GRE(netdev); | |
377 | break; | |
378 | case NETDEV_KIND_IP6GRETAP: | |
379 | t = IP6GRETAP(netdev); | |
380 | break; | |
aa9f1140 TG |
381 | case NETDEV_KIND_VTI: |
382 | t = VTI(netdev); | |
383 | break; | |
9011ce77 SS |
384 | case NETDEV_KIND_VTI6: |
385 | t = VTI6(netdev); | |
386 | break; | |
855ee1a1 SS |
387 | case NETDEV_KIND_IP6TNL: |
388 | t = IP6TNL(netdev); | |
389 | break; | |
aa9f1140 TG |
390 | default: |
391 | assert_not_reached("Invalid tunnel kind"); | |
392 | } | |
393 | ||
394 | assert(t); | |
395 | ||
40a922d0 ZJS |
396 | if (!IN_SET(t->family, AF_INET, AF_INET6, AF_UNSPEC)) { |
397 | log_netdev_error(netdev, | |
398 | "Tunnel with invalid address family configured in %s. Ignoring", filename); | |
5289f3ff | 399 | return -EINVAL; |
7951dea2 SS |
400 | } |
401 | ||
194c03c8 | 402 | if (IN_SET(netdev->kind, NETDEV_KIND_VTI, NETDEV_KIND_IPIP, NETDEV_KIND_GRE, NETDEV_KIND_GRETAP) && |
6f3d4dec ZJS |
403 | (t->family != AF_INET || in_addr_is_null(t->family, &t->local))) { |
404 | log_netdev_error(netdev, | |
194c03c8 | 405 | "vti/ipip/gre/gretap tunnel without a local IPv4 address configured in %s. Ignoring", filename); |
6f3d4dec ZJS |
406 | return -EINVAL; |
407 | } | |
408 | ||
8999954f | 409 | if (IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL, NETDEV_KIND_IP6GRE) && |
6f3d4dec ZJS |
410 | (t->family != AF_INET6 || in_addr_is_null(t->family, &t->local))) { |
411 | log_netdev_error(netdev, | |
8999954f | 412 | "vti6/ip6tnl/ip6gre tunnel without a local IPv6 address configured in %s. Ignoring", filename); |
6f3d4dec ZJS |
413 | return -EINVAL; |
414 | } | |
415 | ||
40a922d0 ZJS |
416 | if (netdev->kind == NETDEV_KIND_IP6TNL && |
417 | t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) { | |
418 | log_netdev_error(netdev, | |
419 | "ip6tnl without mode configured in %s. Ignoring", filename); | |
420 | return -EINVAL; | |
855ee1a1 SS |
421 | } |
422 | ||
7951dea2 SS |
423 | return 0; |
424 | } | |
6ef892fc TG |
425 | |
426 | int config_parse_tunnel_address(const char *unit, | |
427 | const char *filename, | |
428 | unsigned line, | |
429 | const char *section, | |
430 | unsigned section_line, | |
431 | const char *lvalue, | |
432 | int ltype, | |
433 | const char *rvalue, | |
434 | void *data, | |
435 | void *userdata) { | |
aa9f1140 | 436 | Tunnel *t = userdata; |
44e7b949 LP |
437 | union in_addr_union *addr = data, buffer; |
438 | int r, f; | |
6ef892fc TG |
439 | |
440 | assert(filename); | |
441 | assert(lvalue); | |
442 | assert(rvalue); | |
443 | assert(data); | |
444 | ||
6e47dbbc ZJS |
445 | /* This is used to parse addresses on both local and remote ends of the tunnel. |
446 | * Address families must match. | |
447 | * | |
448 | * "any" is a special value which means that the address is unspecified. | |
449 | */ | |
450 | ||
efd3c897 | 451 | if (streq(rvalue, "any")) { |
6e47dbbc ZJS |
452 | *addr = IN_ADDR_NULL; |
453 | ||
454 | /* As a special case, if both the local and remote addresses are | |
455 | * unspecified, also clear the address family. | |
456 | */ | |
457 | if (t->family != AF_UNSPEC && | |
458 | in_addr_is_null(t->family, &t->local) && | |
459 | in_addr_is_null(t->family, &t->remote)) | |
460 | t->family = AF_UNSPEC; | |
6ef892fc | 461 | return 0; |
6e47dbbc | 462 | } |
6ef892fc | 463 | |
6e47dbbc ZJS |
464 | r = in_addr_from_string_auto(rvalue, &f, &buffer); |
465 | if (r < 0) { | |
466 | log_syntax(unit, LOG_ERR, filename, line, r, | |
467 | "Tunnel address \"%s\" invalid, ignoring assignment: %m", rvalue); | |
468 | return 0; | |
469 | } | |
efd3c897 | 470 | |
6e47dbbc ZJS |
471 | if (t->family != AF_UNSPEC && t->family != f) { |
472 | log_syntax(unit, LOG_ERR, filename, line, 0, | |
473 | "Tunnel addresses incompatible, ignoring assignment: %s", rvalue); | |
474 | return 0; | |
44e7b949 LP |
475 | } |
476 | ||
477 | t->family = f; | |
478 | *addr = buffer; | |
6ef892fc TG |
479 | return 0; |
480 | } | |
3be1d7e0 | 481 | |
1d710029 SS |
482 | int config_parse_tunnel_key(const char *unit, |
483 | const char *filename, | |
484 | unsigned line, | |
485 | const char *section, | |
486 | unsigned section_line, | |
487 | const char *lvalue, | |
488 | int ltype, | |
489 | const char *rvalue, | |
490 | void *data, | |
491 | void *userdata) { | |
492 | union in_addr_union buffer; | |
493 | Tunnel *t = userdata; | |
494 | uint32_t k; | |
495 | int r; | |
496 | ||
497 | assert(filename); | |
498 | assert(lvalue); | |
499 | assert(rvalue); | |
500 | assert(data); | |
501 | ||
502 | r = in_addr_from_string(AF_INET, rvalue, &buffer); | |
503 | if (r < 0) { | |
504 | r = safe_atou32(rvalue, &k); | |
505 | if (r < 0) { | |
506 | log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse tunnel key ignoring assignment: %s", rvalue); | |
507 | return 0; | |
508 | } | |
509 | } else | |
510 | k = be32toh(buffer.in.s_addr); | |
511 | ||
512 | if (streq(lvalue, "Key")) | |
513 | t->key = k; | |
514 | else if (streq(lvalue, "InputKey")) | |
515 | t->ikey = k; | |
516 | else | |
517 | t->okey = k; | |
518 | ||
519 | return 0; | |
520 | } | |
521 | ||
407af9dd SS |
522 | int config_parse_ipv6_flowlabel(const char* unit, |
523 | const char *filename, | |
524 | unsigned line, | |
525 | const char *section, | |
526 | unsigned section_line, | |
527 | const char *lvalue, | |
528 | int ltype, | |
529 | const char *rvalue, | |
530 | void *data, | |
531 | void *userdata) { | |
532 | IPv6FlowLabel *ipv6_flowlabel = data; | |
533 | Tunnel *t = userdata; | |
407af9dd SS |
534 | int k = 0; |
535 | int r; | |
536 | ||
537 | assert(filename); | |
538 | assert(lvalue); | |
539 | assert(rvalue); | |
540 | assert(ipv6_flowlabel); | |
541 | ||
6870b415 | 542 | if (streq(rvalue, "inherit")) { |
407af9dd SS |
543 | *ipv6_flowlabel = IP6_FLOWINFO_FLOWLABEL; |
544 | t->flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL; | |
545 | } else { | |
6870b415 | 546 | r = config_parse_int(unit, filename, line, section, section_line, lvalue, ltype, rvalue, &k, userdata); |
12ca818f LP |
547 | if (r < 0) |
548 | return r; | |
549 | ||
550 | if (k > 0xFFFFF) | |
551 | log_syntax(unit, LOG_ERR, filename, line, 0, "Failed to parse IPv6 flowlabel option, ignoring: %s", rvalue); | |
552 | else { | |
8e38570e | 553 | *ipv6_flowlabel = htobe32(k) & IP6_FLOWINFO_FLOWLABEL; |
12ca818f | 554 | t->flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL; |
407af9dd SS |
555 | } |
556 | } | |
557 | ||
558 | return 0; | |
559 | } | |
560 | ||
b4828886 SS |
561 | int config_parse_encap_limit(const char* unit, |
562 | const char *filename, | |
563 | unsigned line, | |
564 | const char *section, | |
565 | unsigned section_line, | |
566 | const char *lvalue, | |
4d7fa6de | 567 | int ltype, |
b4828886 SS |
568 | const char *rvalue, |
569 | void *data, | |
570 | void *userdata) { | |
571 | Tunnel *t = userdata; | |
572 | int k = 0; | |
573 | int r; | |
574 | ||
575 | assert(filename); | |
576 | assert(lvalue); | |
577 | assert(rvalue); | |
578 | ||
579 | if (streq(rvalue, "none")) | |
580 | t->flags |= IP6_TNL_F_IGN_ENCAP_LIMIT; | |
581 | else { | |
582 | r = safe_atoi(rvalue, &k); | |
583 | if (r < 0) { | |
12ca818f | 584 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse Tunnel Encapsulation Limit option, ignoring: %s", rvalue); |
b4828886 SS |
585 | return 0; |
586 | } | |
587 | ||
588 | if (k > 255 || k < 0) | |
12ca818f | 589 | log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid Tunnel Encapsulation value, ignoring: %d", k); |
b4828886 SS |
590 | else { |
591 | t->encap_limit = k; | |
592 | t->flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; | |
593 | } | |
594 | } | |
595 | ||
596 | return 0; | |
597 | } | |
598 | ||
aa9f1140 TG |
599 | static void ipip_init(NetDev *n) { |
600 | Tunnel *t = IPIP(n); | |
601 | ||
602 | assert(n); | |
603 | assert(t); | |
604 | ||
605 | t->pmtudisc = true; | |
606 | } | |
607 | ||
608 | static void sit_init(NetDev *n) { | |
609 | Tunnel *t = SIT(n); | |
610 | ||
611 | assert(n); | |
612 | assert(t); | |
613 | ||
614 | t->pmtudisc = true; | |
615 | } | |
616 | ||
617 | static void vti_init(NetDev *n) { | |
7185d805 | 618 | Tunnel *t; |
aa9f1140 TG |
619 | |
620 | assert(n); | |
9011ce77 SS |
621 | |
622 | if (n->kind == NETDEV_KIND_VTI) | |
7185d805 | 623 | t = VTI(n); |
9011ce77 SS |
624 | else |
625 | t = VTI6(n); | |
626 | ||
aa9f1140 TG |
627 | assert(t); |
628 | ||
629 | t->pmtudisc = true; | |
630 | } | |
631 | ||
632 | static void gre_init(NetDev *n) { | |
1af2536a | 633 | Tunnel *t; |
aa9f1140 TG |
634 | |
635 | assert(n); | |
1af2536a SS |
636 | |
637 | if (n->kind == NETDEV_KIND_GRE) | |
638 | t = GRE(n); | |
639 | else | |
640 | t = GRETAP(n); | |
641 | ||
aa9f1140 TG |
642 | assert(t); |
643 | ||
644 | t->pmtudisc = true; | |
645 | } | |
646 | ||
b16492f8 SS |
647 | static void ip6gre_init(NetDev *n) { |
648 | Tunnel *t; | |
649 | ||
650 | assert(n); | |
651 | ||
652 | if (n->kind == NETDEV_KIND_IP6GRE) | |
653 | t = IP6GRE(n); | |
654 | else | |
655 | t = IP6GRETAP(n); | |
656 | ||
657 | assert(t); | |
658 | ||
659 | t->ttl = DEFAULT_TNL_HOP_LIMIT; | |
660 | } | |
661 | ||
855ee1a1 SS |
662 | static void ip6tnl_init(NetDev *n) { |
663 | Tunnel *t = IP6TNL(n); | |
664 | ||
665 | assert(n); | |
666 | assert(t); | |
667 | ||
668 | t->ttl = DEFAULT_TNL_HOP_LIMIT; | |
669 | t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT; | |
670 | t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID; | |
407af9dd | 671 | t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID; |
3a4f3e42 | 672 | t->allow_localremote = -1; |
855ee1a1 SS |
673 | } |
674 | ||
3be1d7e0 | 675 | const NetDevVTable ipip_vtable = { |
aa9f1140 TG |
676 | .object_size = sizeof(Tunnel), |
677 | .init = ipip_init, | |
678 | .sections = "Match\0NetDev\0Tunnel\0", | |
679 | .fill_message_create = netdev_ipip_fill_message_create, | |
680 | .create_type = NETDEV_CREATE_STACKED, | |
3be1d7e0 TG |
681 | .config_verify = netdev_tunnel_verify, |
682 | }; | |
683 | ||
684 | const NetDevVTable sit_vtable = { | |
aa9f1140 TG |
685 | .object_size = sizeof(Tunnel), |
686 | .init = sit_init, | |
687 | .sections = "Match\0NetDev\0Tunnel\0", | |
688 | .fill_message_create = netdev_sit_fill_message_create, | |
689 | .create_type = NETDEV_CREATE_STACKED, | |
3be1d7e0 TG |
690 | .config_verify = netdev_tunnel_verify, |
691 | }; | |
692 | ||
693 | const NetDevVTable vti_vtable = { | |
aa9f1140 TG |
694 | .object_size = sizeof(Tunnel), |
695 | .init = vti_init, | |
696 | .sections = "Match\0NetDev\0Tunnel\0", | |
697 | .fill_message_create = netdev_vti_fill_message_create, | |
698 | .create_type = NETDEV_CREATE_STACKED, | |
3be1d7e0 TG |
699 | .config_verify = netdev_tunnel_verify, |
700 | }; | |
701 | ||
9011ce77 SS |
702 | const NetDevVTable vti6_vtable = { |
703 | .object_size = sizeof(Tunnel), | |
704 | .init = vti_init, | |
705 | .sections = "Match\0NetDev\0Tunnel\0", | |
706 | .fill_message_create = netdev_vti6_fill_message_create, | |
707 | .create_type = NETDEV_CREATE_STACKED, | |
708 | .config_verify = netdev_tunnel_verify, | |
709 | }; | |
710 | ||
3be1d7e0 | 711 | const NetDevVTable gre_vtable = { |
aa9f1140 TG |
712 | .object_size = sizeof(Tunnel), |
713 | .init = gre_init, | |
714 | .sections = "Match\0NetDev\0Tunnel\0", | |
715 | .fill_message_create = netdev_gre_fill_message_create, | |
716 | .create_type = NETDEV_CREATE_STACKED, | |
3be1d7e0 TG |
717 | .config_verify = netdev_tunnel_verify, |
718 | }; | |
1af2536a SS |
719 | |
720 | const NetDevVTable gretap_vtable = { | |
721 | .object_size = sizeof(Tunnel), | |
722 | .init = gre_init, | |
723 | .sections = "Match\0NetDev\0Tunnel\0", | |
724 | .fill_message_create = netdev_gre_fill_message_create, | |
725 | .create_type = NETDEV_CREATE_STACKED, | |
726 | .config_verify = netdev_tunnel_verify, | |
727 | }; | |
855ee1a1 | 728 | |
b16492f8 SS |
729 | const NetDevVTable ip6gre_vtable = { |
730 | .object_size = sizeof(Tunnel), | |
731 | .init = ip6gre_init, | |
732 | .sections = "Match\0NetDev\0Tunnel\0", | |
733 | .fill_message_create = netdev_ip6gre_fill_message_create, | |
734 | .create_type = NETDEV_CREATE_STACKED, | |
735 | .config_verify = netdev_tunnel_verify, | |
736 | }; | |
737 | ||
738 | const NetDevVTable ip6gretap_vtable = { | |
739 | .object_size = sizeof(Tunnel), | |
740 | .init = ip6gre_init, | |
741 | .sections = "Match\0NetDev\0Tunnel\0", | |
742 | .fill_message_create = netdev_ip6gre_fill_message_create, | |
743 | .create_type = NETDEV_CREATE_STACKED, | |
744 | .config_verify = netdev_tunnel_verify, | |
745 | }; | |
746 | ||
855ee1a1 SS |
747 | const NetDevVTable ip6tnl_vtable = { |
748 | .object_size = sizeof(Tunnel), | |
749 | .init = ip6tnl_init, | |
750 | .sections = "Match\0NetDev\0Tunnel\0", | |
751 | .fill_message_create = netdev_ip6tnl_fill_message_create, | |
752 | .create_type = NETDEV_CREATE_STACKED, | |
753 | .config_verify = netdev_tunnel_verify, | |
754 | }; |