2 This file is part of systemd.
4 Copyright 2014 Susant Sahani
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include <arpa/inet.h>
23 #include <linux/if_tunnel.h>
24 #include <linux/ip6_tunnel.h>
26 #include "sd-netlink.h"
28 #include "conf-parser.h"
30 #include "networkd-link.h"
31 #include "netdev/tunnel.h"
32 #include "parse-util.h"
33 #include "string-table.h"
34 #include "string-util.h"
37 #define DEFAULT_TNL_HOP_LIMIT 64
38 #define IP6_FLOWINFO_FLOWLABEL htobe32(0x000FFFFF)
40 static const char* const ip6tnl_mode_table
[_NETDEV_IP6_TNL_MODE_MAX
] = {
41 [NETDEV_IP6_TNL_MODE_IP6IP6
] = "ip6ip6",
42 [NETDEV_IP6_TNL_MODE_IPIP6
] = "ipip6",
43 [NETDEV_IP6_TNL_MODE_ANYIP6
] = "any",
46 DEFINE_STRING_TABLE_LOOKUP(ip6tnl_mode
, Ip6TnlMode
);
47 DEFINE_CONFIG_PARSE_ENUM(config_parse_ip6tnl_mode
, ip6tnl_mode
, Ip6TnlMode
, "Failed to parse ip6 tunnel Mode");
49 static int netdev_ipip_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
50 Tunnel
*t
= IPIP(netdev
);
57 assert(IN_SET(t
->family
, AF_INET
, AF_UNSPEC
));
59 r
= sd_netlink_message_append_u32(m
, IFLA_IPTUN_LINK
, link
->ifindex
);
61 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LINK attribute: %m");
63 r
= sd_netlink_message_append_in_addr(m
, IFLA_IPTUN_LOCAL
, &t
->local
.in
);
65 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
67 r
= sd_netlink_message_append_in_addr(m
, IFLA_IPTUN_REMOTE
, &t
->remote
.in
);
69 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
71 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_TTL
, t
->ttl
);
73 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_TTL attribute: %m");
75 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_PMTUDISC
, t
->pmtudisc
);
77 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m");
82 static int netdev_sit_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
83 Tunnel
*t
= SIT(netdev
);
90 assert(IN_SET(t
->family
, AF_INET
, AF_UNSPEC
));
92 r
= sd_netlink_message_append_u32(m
, IFLA_IPTUN_LINK
, link
->ifindex
);
94 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LINK attribute: %m");
96 r
= sd_netlink_message_append_in_addr(m
, IFLA_IPTUN_LOCAL
, &t
->local
.in
);
98 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
100 r
= sd_netlink_message_append_in_addr(m
, IFLA_IPTUN_REMOTE
, &t
->remote
.in
);
102 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
104 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_TTL
, t
->ttl
);
106 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_TTL attribute: %m");
108 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_PMTUDISC
, t
->pmtudisc
);
110 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_PMTUDISC attribute: %m");
115 static int netdev_gre_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
121 if (netdev
->kind
== NETDEV_KIND_GRE
)
127 assert(IN_SET(t
->family
, AF_INET
, AF_UNSPEC
));
131 r
= sd_netlink_message_append_u32(m
, IFLA_GRE_LINK
, link
->ifindex
);
133 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_LINK attribute: %m");
135 r
= sd_netlink_message_append_in_addr(m
, IFLA_GRE_LOCAL
, &t
->local
.in
);
137 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_LOCAL attribute: %m");
139 r
= sd_netlink_message_append_in_addr(m
, IFLA_GRE_REMOTE
, &t
->remote
.in
);
141 log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_REMOTE attribute: %m");
143 r
= sd_netlink_message_append_u8(m
, IFLA_GRE_TTL
, t
->ttl
);
145 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_TTL attribute: %m");
147 r
= sd_netlink_message_append_u8(m
, IFLA_GRE_TOS
, t
->tos
);
149 log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_TOS attribute: %m");
151 r
= sd_netlink_message_append_u8(m
, IFLA_GRE_PMTUDISC
, t
->pmtudisc
);
153 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_PMTUDISC attribute: %m");
158 static int netdev_ip6gre_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
164 if (netdev
->kind
== NETDEV_KIND_IP6GRE
)
167 t
= IP6GRETAP(netdev
);
170 assert(t
->family
== AF_INET6
);
174 r
= sd_netlink_message_append_u32(m
, IFLA_GRE_LINK
, link
->ifindex
);
176 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_LINK attribute: %m");
178 r
= sd_netlink_message_append_in6_addr(m
, IFLA_GRE_LOCAL
, &t
->local
.in6
);
180 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_LOCAL attribute: %m");
182 r
= sd_netlink_message_append_in6_addr(m
, IFLA_GRE_REMOTE
, &t
->remote
.in6
);
184 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_REMOTE attribute: %m");
186 r
= sd_netlink_message_append_u8(m
, IFLA_GRE_TTL
, t
->ttl
);
188 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_TTL attribute: %m");
190 if (t
->ipv6_flowlabel
!= _NETDEV_IPV6_FLOWLABEL_INVALID
) {
191 r
= sd_netlink_message_append_u32(m
, IFLA_GRE_FLOWINFO
, t
->ipv6_flowlabel
);
193 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_FLOWINFO attribute: %m");
196 r
= sd_netlink_message_append_u32(m
, IFLA_GRE_FLAGS
, t
->flags
);
198 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_GRE_FLAGS attribute: %m");
203 static int netdev_vti_fill_message_key(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
211 if (netdev
->kind
== NETDEV_KIND_VTI
)
219 ikey
= okey
= htobe32(t
->key
);
221 ikey
= htobe32(t
->ikey
);
222 okey
= htobe32(t
->okey
);
225 r
= sd_netlink_message_append_u32(m
, IFLA_VTI_IKEY
, ikey
);
227 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_VTI_IKEY attribute: %m");
229 r
= sd_netlink_message_append_u32(m
, IFLA_VTI_OKEY
, okey
);
231 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_VTI_OKEY attribute: %m");
236 static int netdev_vti_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
237 Tunnel
*t
= VTI(netdev
);
244 assert(t
->family
== AF_INET
);
246 r
= sd_netlink_message_append_u32(m
, IFLA_VTI_LINK
, link
->ifindex
);
248 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LINK attribute: %m");
250 r
= netdev_vti_fill_message_key(netdev
, link
, m
);
254 r
= sd_netlink_message_append_in_addr(m
, IFLA_VTI_LOCAL
, &t
->local
.in
);
256 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
258 r
= sd_netlink_message_append_in_addr(m
, IFLA_VTI_REMOTE
, &t
->remote
.in
);
260 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
265 static int netdev_vti6_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
266 Tunnel
*t
= VTI6(netdev
);
273 assert(t
->family
== AF_INET6
);
275 r
= sd_netlink_message_append_u32(m
, IFLA_VTI_LINK
, link
->ifindex
);
277 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LINK attribute: %m");
279 r
= netdev_vti_fill_message_key(netdev
, link
, m
);
283 r
= sd_netlink_message_append_in6_addr(m
, IFLA_VTI_LOCAL
, &t
->local
.in6
);
285 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
287 r
= sd_netlink_message_append_in6_addr(m
, IFLA_VTI_REMOTE
, &t
->remote
.in6
);
289 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
294 static int netdev_ip6tnl_fill_message_create(NetDev
*netdev
, Link
*link
, sd_netlink_message
*m
) {
295 Tunnel
*t
= IP6TNL(netdev
);
303 assert(t
->family
== AF_INET6
);
305 r
= sd_netlink_message_append_u32(m
, IFLA_IPTUN_LINK
, link
->ifindex
);
307 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LINK attribute: %m");
309 r
= sd_netlink_message_append_in6_addr(m
, IFLA_IPTUN_LOCAL
, &t
->local
.in6
);
311 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
313 r
= sd_netlink_message_append_in6_addr(m
, IFLA_IPTUN_REMOTE
, &t
->remote
.in6
);
315 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
317 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_TTL
, t
->ttl
);
319 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_TTL attribute: %m");
321 if (t
->ipv6_flowlabel
!= _NETDEV_IPV6_FLOWLABEL_INVALID
) {
322 r
= sd_netlink_message_append_u32(m
, IFLA_IPTUN_FLOWINFO
, t
->ipv6_flowlabel
);
324 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_FLOWINFO attribute: %m");
328 t
->flags
|= IP6_TNL_F_RCV_DSCP_COPY
;
330 if (t
->encap_limit
!= IPV6_DEFAULT_TNL_ENCAP_LIMIT
) {
331 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_ENCAP_LIMIT
, t
->encap_limit
);
333 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_ENCAP_LIMIT attribute: %m");
336 r
= sd_netlink_message_append_u32(m
, IFLA_IPTUN_FLAGS
, t
->flags
);
338 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
340 switch (t
->ip6tnl_mode
) {
341 case NETDEV_IP6_TNL_MODE_IP6IP6
:
342 proto
= IPPROTO_IPV6
;
344 case NETDEV_IP6_TNL_MODE_IPIP6
:
345 proto
= IPPROTO_IPIP
;
347 case NETDEV_IP6_TNL_MODE_ANYIP6
:
353 r
= sd_netlink_message_append_u8(m
, IFLA_IPTUN_PROTO
, proto
);
355 return log_netdev_error_errno(netdev
, r
, "Could not append IFLA_IPTUN_MODE attribute: %m");
360 static int netdev_tunnel_verify(NetDev
*netdev
, const char *filename
) {
366 switch (netdev
->kind
) {
367 case NETDEV_KIND_IPIP
:
370 case NETDEV_KIND_SIT
:
373 case NETDEV_KIND_GRE
:
376 case NETDEV_KIND_GRETAP
:
379 case NETDEV_KIND_IP6GRE
:
382 case NETDEV_KIND_IP6GRETAP
:
383 t
= IP6GRETAP(netdev
);
385 case NETDEV_KIND_VTI
:
388 case NETDEV_KIND_VTI6
:
391 case NETDEV_KIND_IP6TNL
:
395 assert_not_reached("Invalid tunnel kind");
400 if (!IN_SET(t
->family
, AF_INET
, AF_INET6
, AF_UNSPEC
)) {
401 log_netdev_error(netdev
,
402 "Tunnel with invalid address family configured in %s. Ignoring", filename
);
406 if (netdev
->kind
== NETDEV_KIND_VTI
&&
407 (t
->family
!= AF_INET
|| in_addr_is_null(t
->family
, &t
->local
))) {
408 log_netdev_error(netdev
,
409 "vti tunnel without a local IPv4 address configured in %s. Ignoring", filename
);
413 if (netdev
->kind
== NETDEV_KIND_VTI6
&&
414 (t
->family
!= AF_INET6
|| in_addr_is_null(t
->family
, &t
->local
))) {
415 log_netdev_error(netdev
,
416 "vti6 tunnel without a local IPv4 address configured in %s. Ignoring", filename
);
420 if (netdev
->kind
== NETDEV_KIND_IP6TNL
&&
421 t
->ip6tnl_mode
== _NETDEV_IP6_TNL_MODE_INVALID
) {
422 log_netdev_error(netdev
,
423 "ip6tnl without mode configured in %s. Ignoring", filename
);
430 int config_parse_tunnel_address(const char *unit
,
431 const char *filename
,
434 unsigned section_line
,
440 Tunnel
*t
= userdata
;
441 union in_addr_union
*addr
= data
, buffer
;
449 /* This is used to parse addresses on both local and remote ends of the tunnel.
450 * Address families must match.
452 * "any" is a special value which means that the address is unspecified.
455 if (streq(rvalue
, "any")) {
456 *addr
= IN_ADDR_NULL
;
458 /* As a special case, if both the local and remote addresses are
459 * unspecified, also clear the address family.
461 if (t
->family
!= AF_UNSPEC
&&
462 in_addr_is_null(t
->family
, &t
->local
) &&
463 in_addr_is_null(t
->family
, &t
->remote
))
464 t
->family
= AF_UNSPEC
;
468 r
= in_addr_from_string_auto(rvalue
, &f
, &buffer
);
470 log_syntax(unit
, LOG_ERR
, filename
, line
, r
,
471 "Tunnel address \"%s\" invalid, ignoring assignment: %m", rvalue
);
475 if (t
->family
!= AF_UNSPEC
&& t
->family
!= f
) {
476 log_syntax(unit
, LOG_ERR
, filename
, line
, 0,
477 "Tunnel addresses incompatible, ignoring assignment: %s", rvalue
);
486 int config_parse_tunnel_key(const char *unit
,
487 const char *filename
,
490 unsigned section_line
,
496 union in_addr_union buffer
;
497 Tunnel
*t
= userdata
;
506 r
= in_addr_from_string(AF_INET
, rvalue
, &buffer
);
508 r
= safe_atou32(rvalue
, &k
);
510 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Failed to parse tunnel key ignoring assignment: %s", rvalue
);
514 k
= be32toh(buffer
.in
.s_addr
);
516 if (streq(lvalue
, "Key"))
518 else if (streq(lvalue
, "InputKey"))
526 int config_parse_ipv6_flowlabel(const char* unit
,
527 const char *filename
,
530 unsigned section_line
,
536 IPv6FlowLabel
*ipv6_flowlabel
= data
;
537 Tunnel
*t
= userdata
;
544 assert(ipv6_flowlabel
);
546 if (streq(rvalue
, "inherit")) {
547 *ipv6_flowlabel
= IP6_FLOWINFO_FLOWLABEL
;
548 t
->flags
|= IP6_TNL_F_USE_ORIG_FLOWLABEL
;
550 r
= config_parse_int(unit
, filename
, line
, section
, section_line
, lvalue
, ltype
, rvalue
, &k
, userdata
);
555 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Failed to parse IPv6 flowlabel option, ignoring: %s", rvalue
);
557 *ipv6_flowlabel
= htobe32(k
) & IP6_FLOWINFO_FLOWLABEL
;
558 t
->flags
&= ~IP6_TNL_F_USE_ORIG_FLOWLABEL
;
565 int config_parse_encap_limit(const char* unit
,
566 const char *filename
,
569 unsigned section_line
,
575 Tunnel
*t
= userdata
;
583 if (streq(rvalue
, "none"))
584 t
->flags
|= IP6_TNL_F_IGN_ENCAP_LIMIT
;
586 r
= safe_atoi(rvalue
, &k
);
588 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse Tunnel Encapsulation Limit option, ignoring: %s", rvalue
);
592 if (k
> 255 || k
< 0)
593 log_syntax(unit
, LOG_ERR
, filename
, line
, 0, "Invalid Tunnel Encapsulation value, ignoring: %d", k
);
596 t
->flags
&= ~IP6_TNL_F_IGN_ENCAP_LIMIT
;
603 static void ipip_init(NetDev
*n
) {
612 static void sit_init(NetDev
*n
) {
621 static void vti_init(NetDev
*n
) {
626 if (n
->kind
== NETDEV_KIND_VTI
)
636 static void gre_init(NetDev
*n
) {
641 if (n
->kind
== NETDEV_KIND_GRE
)
651 static void ip6gre_init(NetDev
*n
) {
656 if (n
->kind
== NETDEV_KIND_IP6GRE
)
663 t
->ttl
= DEFAULT_TNL_HOP_LIMIT
;
666 static void ip6tnl_init(NetDev
*n
) {
667 Tunnel
*t
= IP6TNL(n
);
672 t
->ttl
= DEFAULT_TNL_HOP_LIMIT
;
673 t
->encap_limit
= IPV6_DEFAULT_TNL_ENCAP_LIMIT
;
674 t
->ip6tnl_mode
= _NETDEV_IP6_TNL_MODE_INVALID
;
675 t
->ipv6_flowlabel
= _NETDEV_IPV6_FLOWLABEL_INVALID
;
678 const NetDevVTable ipip_vtable
= {
679 .object_size
= sizeof(Tunnel
),
681 .sections
= "Match\0NetDev\0Tunnel\0",
682 .fill_message_create
= netdev_ipip_fill_message_create
,
683 .create_type
= NETDEV_CREATE_STACKED
,
684 .config_verify
= netdev_tunnel_verify
,
687 const NetDevVTable sit_vtable
= {
688 .object_size
= sizeof(Tunnel
),
690 .sections
= "Match\0NetDev\0Tunnel\0",
691 .fill_message_create
= netdev_sit_fill_message_create
,
692 .create_type
= NETDEV_CREATE_STACKED
,
693 .config_verify
= netdev_tunnel_verify
,
696 const NetDevVTable vti_vtable
= {
697 .object_size
= sizeof(Tunnel
),
699 .sections
= "Match\0NetDev\0Tunnel\0",
700 .fill_message_create
= netdev_vti_fill_message_create
,
701 .create_type
= NETDEV_CREATE_STACKED
,
702 .config_verify
= netdev_tunnel_verify
,
705 const NetDevVTable vti6_vtable
= {
706 .object_size
= sizeof(Tunnel
),
708 .sections
= "Match\0NetDev\0Tunnel\0",
709 .fill_message_create
= netdev_vti6_fill_message_create
,
710 .create_type
= NETDEV_CREATE_STACKED
,
711 .config_verify
= netdev_tunnel_verify
,
714 const NetDevVTable gre_vtable
= {
715 .object_size
= sizeof(Tunnel
),
717 .sections
= "Match\0NetDev\0Tunnel\0",
718 .fill_message_create
= netdev_gre_fill_message_create
,
719 .create_type
= NETDEV_CREATE_STACKED
,
720 .config_verify
= netdev_tunnel_verify
,
723 const NetDevVTable gretap_vtable
= {
724 .object_size
= sizeof(Tunnel
),
726 .sections
= "Match\0NetDev\0Tunnel\0",
727 .fill_message_create
= netdev_gre_fill_message_create
,
728 .create_type
= NETDEV_CREATE_STACKED
,
729 .config_verify
= netdev_tunnel_verify
,
732 const NetDevVTable ip6gre_vtable
= {
733 .object_size
= sizeof(Tunnel
),
735 .sections
= "Match\0NetDev\0Tunnel\0",
736 .fill_message_create
= netdev_ip6gre_fill_message_create
,
737 .create_type
= NETDEV_CREATE_STACKED
,
738 .config_verify
= netdev_tunnel_verify
,
741 const NetDevVTable ip6gretap_vtable
= {
742 .object_size
= sizeof(Tunnel
),
744 .sections
= "Match\0NetDev\0Tunnel\0",
745 .fill_message_create
= netdev_ip6gre_fill_message_create
,
746 .create_type
= NETDEV_CREATE_STACKED
,
747 .config_verify
= netdev_tunnel_verify
,
750 const NetDevVTable ip6tnl_vtable
= {
751 .object_size
= sizeof(Tunnel
),
753 .sections
= "Match\0NetDev\0Tunnel\0",
754 .fill_message_create
= netdev_ip6tnl_fill_message_create
,
755 .create_type
= NETDEV_CREATE_STACKED
,
756 .config_verify
= netdev_tunnel_verify
,