From: Susant Sahani <145210+ssahani@users.noreply.github.com>
Date: Fri, 29 Dec 2017 14:19:21 +0000 (+0530)
Subject: networkd: Tunnel allows tunnel traffic on ip6tnl devices (#7756)
X-Git-Tag: v237~167
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a4f3e423d7c330499dedf96eae55c4a80af543c;p=thirdparty%2Fsystemd.git

networkd: Tunnel allows tunnel traffic on ip6tnl devices (#7756)

where the remote endpoint is a local host address.
---

diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index b9647a2f7a5..8f8d54a8eb3 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -889,6 +889,14 @@
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><varname>AllowLocalRemote=</varname></term>
+        <listitem>
+          <para>A boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address.
+          Defaults to unset.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
   <refsect1>
diff --git a/src/network/netdev/netdev-gperf.gperf b/src/network/netdev/netdev-gperf.gperf
index 03b86619574..1b4cb5a60c2 100644
--- a/src/network/netdev/netdev-gperf.gperf
+++ b/src/network/netdev/netdev-gperf.gperf
@@ -63,6 +63,7 @@ Tunnel.IPv6FlowLabel,        config_parse_ipv6_flowlabel,          0,
 Tunnel.CopyDSCP,             config_parse_bool,                    0,                             offsetof(Tunnel, copy_dscp)
 Tunnel.EncapsulationLimit,   config_parse_encap_limit,             0,                             offsetof(Tunnel, encap_limit)
 Tunnel.Independent,          config_parse_bool,                    0,                             offsetof(Tunnel, independent)
+Tunnel.AllowLocalRemote,     config_parse_tristate,                0,                             offsetof(Tunnel, allow_localremote)
 Peer.Name,                   config_parse_ifname,                  0,                             offsetof(Veth, ifname_peer)
 Peer.MACAddress,             config_parse_hwaddr,                  0,                             offsetof(Veth, mac_peer)
 VXCAN.Peer,                  config_parse_ifname,                  0,                             offsetof(VxCan, ifname_peer)
diff --git a/src/network/netdev/tunnel.c b/src/network/netdev/tunnel.c
index 8d6d54d5679..bbc6dca53bc 100644
--- a/src/network/netdev/tunnel.c
+++ b/src/network/netdev/tunnel.c
@@ -37,6 +37,7 @@
 
 #define DEFAULT_TNL_HOP_LIMIT   64
 #define IP6_FLOWINFO_FLOWLABEL  htobe32(0x000FFFFF)
+#define IP6_TNL_F_ALLOW_LOCAL_REMOTE 0x40
 
 static const char* const ip6tnl_mode_table[_NETDEV_IP6_TNL_MODE_MAX] = {
         [NETDEV_IP6_TNL_MODE_IP6IP6] = "ip6ip6",
@@ -336,6 +337,9 @@ static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netl
         if (t->copy_dscp)
                 t->flags |= IP6_TNL_F_RCV_DSCP_COPY;
 
+        if (t->allow_localremote != -1)
+                SET_FLAG(t->flags, IP6_TNL_F_ALLOW_LOCAL_REMOTE, t->allow_localremote);
+
         if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) {
                 r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit);
                 if (r < 0)
@@ -682,6 +686,7 @@ static void ip6tnl_init(NetDev *n) {
         t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
         t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
         t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID;
+        t->allow_localremote = -1;
 }
 
 const NetDevVTable ipip_vtable = {
diff --git a/src/network/netdev/tunnel.h b/src/network/netdev/tunnel.h
index 67f8fe35c75..7ffafe9e981 100644
--- a/src/network/netdev/tunnel.h
+++ b/src/network/netdev/tunnel.h
@@ -45,6 +45,7 @@ typedef struct Tunnel {
 
         int family;
         int ipv6_flowlabel;
+        int allow_localremote;
 
         unsigned ttl;
         unsigned tos;