ip-tunnel: Improve checks

[people/jschlag/network.git] / src / functions / functions.ip-tunnel

diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
index 550b0b30b444abb0904147c9f5405cd78653a25c..0a0c210c0169eb061fc39e3db598f53b66791477 100644 (file)
--- a/src/functions/functions.ip-tunnel
+++ b/src/functions/functions.ip-tunnel
@@ -98,6 +98,24 @@ ip_tunnel_add() {
                return ${EXIT_ERROR}
        fi
 
+       # Detect the IP protocol, which is important to decide which mode we have to use
+       local remote_address_protocol="$(ip_detect_protocol "${remote_address}")"
+
+       # If we could not detect the IP protocol something with
+       # ${remote_address} is wrong
+       if ! isset remote_address_protocol; then
+               log ERROR "Could not determine remote address IP protocol"
+               return ${EXIT_ERROR}
+       fi
+
+       # We cannot mix IPv6 and IPv4
+       if [[ "${remote_address_protocol}" != \
+               "$(ip_detect_protocol "${local_address}")" ]] ; then
+               log ERROR "Local and remote address\
+                       are not from the same IP protocol"
+               return ${EXIT_ERROR}
+       fi
+
        # ikey and okey must be set for VTI devices
        if [ "${mode}" = "vti" ] && (! isset ikey || ! isset okey); then
                error "--ikey= and --okey= must be set for VTI device"