static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
Tunnel *t = NULL;
assert(netdev);
assert(filename);
switch (netdev->kind) {
case NETDEV_KIND_IPIP:
t = IPIP(netdev);
break;
case NETDEV_KIND_SIT:
t = SIT(netdev);
break;
case NETDEV_KIND_GRE:
t = GRE(netdev);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(netdev);
break;
case NETDEV_KIND_IP6GRE:
t = IP6GRE(netdev);
break;
case NETDEV_KIND_IP6GRETAP:
t = IP6GRETAP(netdev);
break;
case NETDEV_KIND_VTI:
t = VTI(netdev);
break;
case NETDEV_KIND_IP6TNL:
t = IP6TNL(netdev);
break;
default:
assert_not_reached("Invalid tunnel kind");
}
assert(t);
if (t->remote.in.s_addr == INADDR_ANY) {
log_warning("Tunnel without remote address configured in %s. Ignoring", filename);
return -EINVAL;
}
if (t->family != AF_INET && t->family != AF_INET6) {
log_warning("Tunnel with invalid address family configured in %s. Ignoring", filename);
return -EINVAL;
}
if (netdev->kind == NETDEV_KIND_IP6TNL) {
if (t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) {
log_warning("IP6 Tunnel without mode configured in %s. Ignoring", filename);
return -EINVAL;
}
}
return 0;
}
static void ip6tnl_init(NetDev *n) {
Tunnel *t = IP6TNL(n);
assert(n);
assert(t);
t->ttl = DEFAULT_TNL_HOP_LIMIT;
t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
}
static void ip6tnl_init(NetDev *n) {
Tunnel *t = IP6TNL(n);
assert(n);
assert(t);
t->ttl = DEFAULT_TNL_HOP_LIMIT;
t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID;
t->allow_localremote = -1;
}
static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
Tunnel *t = NULL;
assert(netdev);
assert(filename);
switch (netdev->kind) {
case NETDEV_KIND_IPIP:
t = IPIP(netdev);
break;
case NETDEV_KIND_SIT:
t = SIT(netdev);
break;
case NETDEV_KIND_GRE:
t = GRE(netdev);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(netdev);
break;
case NETDEV_KIND_IP6GRE:
t = IP6GRE(netdev);
break;
case NETDEV_KIND_IP6GRETAP:
t = IP6GRETAP(netdev);
break;
case NETDEV_KIND_VTI:
t = VTI(netdev);
break;
case NETDEV_KIND_VTI6:
t = VTI6(netdev);
break;
case NETDEV_KIND_IP6TNL:
t = IP6TNL(netdev);
break;
default:
assert_not_reached("Invalid tunnel kind");
}
assert(t);
if (!IN_SET(t->family, AF_INET, AF_INET6, AF_UNSPEC)) {
log_netdev_error(netdev,
"Tunnel with invalid address family configured in %s. Ignoring", filename);
return -EINVAL;
}
if (netdev->kind == NETDEV_KIND_VTI &&
(t->family != AF_INET || in_addr_is_null(t->family, &t->local))) {
log_netdev_error(netdev,
"vti tunnel without a local IPv4 address configured in %s. Ignoring", filename);
return -EINVAL;
}
if (IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL, NETDEV_KIND_IP6GRE) &&
(t->family != AF_INET6 || in_addr_is_null(t->family, &t->local))) {
log_netdev_error(netdev,
"vti6/ip6tnl/ip6gre tunnel without a local IPv6 address configured in %s. Ignoring", filename);
return -EINVAL;
}
if (netdev->kind == NETDEV_KIND_IP6TNL &&
t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID) {
log_netdev_error(netdev,
"ip6tnl without mode configured in %s. Ignoring", filename);
return -EINVAL;
}
return 0;
}
static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
Tunnel *t = IP6TNL(netdev);
uint8_t proto;
int r;
assert(netdev);
assert(m);
assert(t);
assert(t->family == AF_INET6);
if (link) {
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LINK attribute: %m");
}
r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_LOCAL, &t->local.in6);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_LOCAL attribute: %m");
r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in6);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_REMOTE attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_TTL attribute: %m");
if (t->ipv6_flowlabel != _NETDEV_IPV6_FLOWLABEL_INVALID) {
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLOWINFO, t->ipv6_flowlabel);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLOWINFO attribute: %m");
}
if (t->copy_dscp)
t->flags |= IP6_TNL_F_RCV_DSCP_COPY;
if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) {
r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_ENCAP_LIMIT attribute: %m");
}
r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLAGS, t->flags);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
switch (t->ip6tnl_mode) {
case NETDEV_IP6_TNL_MODE_IP6IP6:
proto = IPPROTO_IPV6;
break;
case NETDEV_IP6_TNL_MODE_IPIP6:
proto = IPPROTO_IPIP;
break;
case NETDEV_IP6_TNL_MODE_ANYIP6:
default:
proto = 0;
break;
}
r = sd_netlink_message_append_u8(m, IFLA_IPTUN_PROTO, proto);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_MODE attribute: %m");
return r;
}
static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_rtnl_message *m) {
Tunnel *t = IP6TNL(netdev);
uint8_t proto;
int r;
assert(netdev);
assert(link);
assert(m);
assert(t);
assert(t->family == AF_INET6);
r = sd_rtnl_message_append_u32(m, IFLA_IPTUN_LINK, link->ifindex);
if (r < 0) {
log_netdev_error(netdev,
"Could not append IFLA_IPTUN_LINK attribute: %s",
strerror(-r));
return r;
}
r = sd_rtnl_message_append_in6_addr(m, IFLA_IPTUN_LOCAL, &t->local.in6);
if (r < 0) {
log_netdev_error(netdev,
"Could not append IFLA_IPTUN_LOCAL attribute: %s",
strerror(-r));
return r;
}
r = sd_rtnl_message_append_in6_addr(m, IFLA_IPTUN_REMOTE, &t->remote.in6);
if (r < 0) {
log_netdev_error(netdev,
"Could not append IFLA_IPTUN_REMOTE attribute: %s",
strerror(-r));
return r;
}
r = sd_rtnl_message_append_u8(m, IFLA_IPTUN_TTL, t->ttl);
if (r < 0) {
log_netdev_error(netdev,
"Could not append IFLA_IPTUN_TTL attribute: %s",
strerror(-r));
return r;
}
switch (t->ip6tnl_mode) {
case NETDEV_IP6_TNL_MODE_IP6IP6:
proto = IPPROTO_IPV6;
break;
case NETDEV_IP6_TNL_MODE_IPIP6:
proto = IPPROTO_IPIP;
break;
case NETDEV_IP6_TNL_MODE_ANYIP6:
default:
proto = 0;
break;
}
r = sd_rtnl_message_append_u8(m, IFLA_IPTUN_PROTO, proto);
if (r < 0) {
log_netdev_error(netdev,
"Could not append IFLA_IPTUN_MODE attribute: %s",
strerror(-r));
return r;
}
return r;
}
static int netdev_tunnel_verify(NetDev *netdev, const char *filename) {
Tunnel *t = NULL;
assert(netdev);
assert(filename);
switch (netdev->kind) {
case NETDEV_KIND_IPIP:
t = IPIP(netdev);
break;
case NETDEV_KIND_SIT:
t = SIT(netdev);
break;
case NETDEV_KIND_GRE:
t = GRE(netdev);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(netdev);
break;
case NETDEV_KIND_IP6GRE:
t = IP6GRE(netdev);
break;
case NETDEV_KIND_IP6GRETAP:
t = IP6GRETAP(netdev);
break;
case NETDEV_KIND_VTI:
t = VTI(netdev);
break;
case NETDEV_KIND_VTI6:
t = VTI6(netdev);
break;
case NETDEV_KIND_IP6TNL:
t = IP6TNL(netdev);
break;
case NETDEV_KIND_ERSPAN:
t = ERSPAN(netdev);
break;
default:
assert_not_reached("Invalid tunnel kind");
}
assert(t);
if (IN_SET(netdev->kind, NETDEV_KIND_VTI, NETDEV_KIND_IPIP, NETDEV_KIND_SIT, NETDEV_KIND_GRE, NETDEV_KIND_GRETAP) &&
t->family != AF_INET)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"vti/ipip/sit/gre tunnel without a local/remote IPv4 address configured in %s. Ignoring", filename);
if (IN_SET(netdev->kind, NETDEV_KIND_GRETAP, NETDEV_KIND_ERSPAN) &&
(t->family != AF_INET || in_addr_is_null(t->family, &t->remote)))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"gretap/erspan tunnel without a remote IPv4 address configured in %s. Ignoring", filename);
if (IN_SET(netdev->kind, NETDEV_KIND_VTI6, NETDEV_KIND_IP6TNL, NETDEV_KIND_IP6GRE, NETDEV_KIND_IP6GRETAP) &&
t->family != AF_INET6)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"vti6/ip6tnl/ip6gre tunnel without a local/remote IPv6 address configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_IP6GRETAP &&
(t->family != AF_INET6 || in_addr_is_null(t->family, &t->remote)))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"ip6gretap tunnel without a remote IPv6 address configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_IP6TNL &&
t->ip6tnl_mode == _NETDEV_IP6_TNL_MODE_INVALID)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"ip6tnl without mode configured in %s. Ignoring", filename);
if (t->fou_tunnel && t->fou_destination_port <= 0)
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL),
"FooOverUDP missing port configured in %s. Ignoring", filename);
if (netdev->kind == NETDEV_KIND_ERSPAN && (t->erspan_index >= (1 << 20) || t->erspan_index == 0))
return log_netdev_error_errno(netdev, SYNTHETIC_ERRNO(EINVAL), "Invalid erspan index %d. Ignoring", t->erspan_index);
return 0;
}
