diff options
Diffstat (limited to '')
-rw-r--r-- | ip/link_ip6tnl.c | 461 |
1 files changed, 461 insertions, 0 deletions
diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c new file mode 100644 index 0000000..c2a05ce --- /dev/null +++ b/ip/link_ip6tnl.c @@ -0,0 +1,461 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * link_ip6tnl.c ip6tnl driver module + * + * Authors: Nicolas Dichtel <nicolas.dichtel@6wind.com> + */ + +#include <string.h> +#include <net/if.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <arpa/inet.h> + +#include <linux/ip.h> +#include <linux/if_tunnel.h> +#include <linux/ip6_tunnel.h> +#include "rt_names.h" +#include "utils.h" +#include "ip_common.h" +#include "tunnel.h" + +#define IP6_FLOWINFO_TCLASS htonl(0x0FF00000) +#define IP6_FLOWINFO_FLOWLABEL htonl(0x000FFFFF) + +#define DEFAULT_TNL_HOP_LIMIT (64) + +static void ip6tunnel_print_help(struct link_util *lu, int argc, char **argv, + FILE *f) +{ + fprintf(f, + "Usage: ... %-6s [ remote ADDR ]\n" + " [ local ADDR ]\n" + " [ encaplimit ELIM ]\n" + " [ hoplimit HLIM ]\n" + " [ tclass TCLASS ]\n" + " [ flowlabel FLOWLABEL ]\n" + " [ dscp inherit ]\n" + " [ [no]allow-localremote ]\n" + " [ dev PHYS_DEV ]\n" + " [ fwmark MARK ]\n" + " [ external ]\n" + " [ noencap ]\n" + " [ encap { fou | gue | none } ]\n" + " [ encap-sport PORT ]\n" + " [ encap-dport PORT ]\n" + " [ [no]encap-csum ]\n" + " [ [no]encap-csum6 ]\n" + " [ [no]encap-remcsum ]\n" + " [ mode { ip6ip6 | ipip6 | any } ]\n" + "\n" + "Where: ADDR := IPV6_ADDRESS\n" + " ELIM := { none | 0..255 }(default=%d)\n" + " HLIM := 0..255 (default=%d)\n" + " TCLASS := { 0x0..0xff | inherit }\n" + " FLOWLABEL := { 0x0..0xfffff | inherit }\n" + " MARK := { 0x0..0xffffffff | inherit }\n", + lu->id, + IPV6_DEFAULT_TNL_ENCAP_LIMIT, DEFAULT_TNL_HOP_LIMIT); +} + +static int ip6tunnel_parse_opt(struct link_util *lu, int argc, char **argv, + struct nlmsghdr *n) +{ + struct ifinfomsg *ifi = NLMSG_DATA(n); + struct { + struct nlmsghdr n; + struct ifinfomsg i; + } req = { + .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)), + .n.nlmsg_flags = NLM_F_REQUEST, + .n.nlmsg_type = RTM_GETLINK, + .i.ifi_family = preferred_family, + .i.ifi_index = ifi->ifi_index, + }; + struct nlmsghdr *answer = NULL; + struct rtattr *tb[IFLA_MAX + 1]; + struct rtattr *linkinfo[IFLA_INFO_MAX+1]; + struct rtattr *iptuninfo[IFLA_IPTUN_MAX + 1]; + int len; + inet_prefix saddr, daddr; + __u8 hop_limit = DEFAULT_TNL_HOP_LIMIT; + __u8 encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT; + __u32 flowinfo = 0; + __u32 flags = 0; + __u8 proto = 0; + __u32 link = 0; + __u16 encaptype = 0; + __u16 encapflags = TUNNEL_ENCAP_FLAG_CSUM6; + __u16 encapsport = 0; + __u16 encapdport = 0; + __u8 metadata = 0; + __u32 fwmark = 0; + + inet_prefix_reset(&saddr); + inet_prefix_reset(&daddr); + + if (!(n->nlmsg_flags & NLM_F_CREATE)) { + const struct rtattr *rta; + + if (rtnl_talk(&rth, &req.n, &answer) < 0) + goto get_failed; + + len = answer->nlmsg_len; + len -= NLMSG_LENGTH(sizeof(*ifi)); + if (len < 0) + goto get_failed; + + parse_rtattr(tb, IFLA_MAX, IFLA_RTA(NLMSG_DATA(answer)), len); + + if (!tb[IFLA_LINKINFO]) + goto get_failed; + + parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb[IFLA_LINKINFO]); + + if (!linkinfo[IFLA_INFO_DATA]) + goto get_failed; + + parse_rtattr_nested(iptuninfo, IFLA_IPTUN_MAX, + linkinfo[IFLA_INFO_DATA]); + + rta = iptuninfo[IFLA_IPTUN_LOCAL]; + if (rta && get_addr_rta(&saddr, rta, AF_INET6)) + goto get_failed; + + rta = iptuninfo[IFLA_IPTUN_REMOTE]; + if (rta && get_addr_rta(&daddr, rta, AF_INET6)) + goto get_failed; + + if (iptuninfo[IFLA_IPTUN_TTL]) + hop_limit = rta_getattr_u8(iptuninfo[IFLA_IPTUN_TTL]); + + if (iptuninfo[IFLA_IPTUN_ENCAP_LIMIT]) + encap_limit = rta_getattr_u8(iptuninfo[IFLA_IPTUN_ENCAP_LIMIT]); + + if (iptuninfo[IFLA_IPTUN_FLOWINFO]) + flowinfo = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FLOWINFO]); + + if (iptuninfo[IFLA_IPTUN_FLAGS]) + flags = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FLAGS]); + + if (iptuninfo[IFLA_IPTUN_LINK]) + link = rta_getattr_u32(iptuninfo[IFLA_IPTUN_LINK]); + + if (iptuninfo[IFLA_IPTUN_PROTO]) + proto = rta_getattr_u8(iptuninfo[IFLA_IPTUN_PROTO]); + if (iptuninfo[IFLA_IPTUN_COLLECT_METADATA]) + metadata = 1; + + if (iptuninfo[IFLA_IPTUN_FWMARK]) + fwmark = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FWMARK]); + + free(answer); + } + + while (argc > 0) { + if (strcmp(*argv, "mode") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "ipv6/ipv6") == 0 || + strcmp(*argv, "ip6ip6") == 0) + proto = IPPROTO_IPV6; + else if (strcmp(*argv, "ip/ipv6") == 0 || + strcmp(*argv, "ipv4/ipv6") == 0 || + strcmp(*argv, "ipip6") == 0 || + strcmp(*argv, "ip4ip6") == 0) + proto = IPPROTO_IPIP; + else if (strcmp(*argv, "any/ipv6") == 0 || + strcmp(*argv, "any") == 0) + proto = 0; + else + invarg("Cannot guess tunnel mode.", *argv); + } else if (strcmp(*argv, "remote") == 0) { + NEXT_ARG(); + get_addr(&daddr, *argv, AF_INET6); + } else if (strcmp(*argv, "local") == 0) { + NEXT_ARG(); + get_addr(&saddr, *argv, AF_INET6); + } else if (matches(*argv, "dev") == 0) { + NEXT_ARG(); + link = ll_name_to_index(*argv); + if (!link) + exit(nodev(*argv)); + } else if (strcmp(*argv, "ttl") == 0 || + strcmp(*argv, "hoplimit") == 0 || + strcmp(*argv, "hlim") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "inherit") != 0) { + if (get_u8(&hop_limit, *argv, 0)) + invarg("invalid HLIM\n", *argv); + } else + hop_limit = 0; + } else if (strcmp(*argv, "encaplimit") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "none") == 0) { + flags |= IP6_TNL_F_IGN_ENCAP_LIMIT; + } else { + __u8 uval; + + if (get_u8(&uval, *argv, 0) < -1) + invarg("invalid ELIM", *argv); + encap_limit = uval; + flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT; + } + } else if (strcmp(*argv, "tos") == 0 || + strcmp(*argv, "tclass") == 0 || + strcmp(*argv, "tc") == 0 || + matches(*argv, "dsfield") == 0) { + __u8 uval; + + NEXT_ARG(); + flowinfo &= ~IP6_FLOWINFO_TCLASS; + if (strcmp(*argv, "inherit") == 0) + flags |= IP6_TNL_F_USE_ORIG_TCLASS; + else { + if (get_u8(&uval, *argv, 16)) + invarg("invalid TClass", *argv); + flowinfo |= htonl((__u32)uval << 20) & IP6_FLOWINFO_TCLASS; + flags &= ~IP6_TNL_F_USE_ORIG_TCLASS; + } + } else if (strcmp(*argv, "flowlabel") == 0 || + strcmp(*argv, "fl") == 0) { + __u32 uval; + + NEXT_ARG(); + flowinfo &= ~IP6_FLOWINFO_FLOWLABEL; + if (strcmp(*argv, "inherit") == 0) + flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL; + else { + if (get_u32(&uval, *argv, 16)) + invarg("invalid Flowlabel", *argv); + if (uval > 0xFFFFF) + invarg("invalid Flowlabel", *argv); + flowinfo |= htonl(uval) & IP6_FLOWINFO_FLOWLABEL; + flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL; + } + } else if (strcmp(*argv, "dscp") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "inherit") != 0) + invarg("not inherit", *argv); + flags |= IP6_TNL_F_RCV_DSCP_COPY; + } else if (strcmp(*argv, "fwmark") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "inherit") == 0) { + flags |= IP6_TNL_F_USE_ORIG_FWMARK; + fwmark = 0; + } else { + if (get_u32(&fwmark, *argv, 0)) + invarg("invalid fwmark\n", *argv); + flags &= ~IP6_TNL_F_USE_ORIG_FWMARK; + } + } else if (strcmp(*argv, "allow-localremote") == 0) { + flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE; + } else if (strcmp(*argv, "noallow-localremote") == 0) { + flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE; + } else if (strcmp(*argv, "noencap") == 0) { + encaptype = TUNNEL_ENCAP_NONE; + } else if (strcmp(*argv, "encap") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "fou") == 0) + encaptype = TUNNEL_ENCAP_FOU; + else if (strcmp(*argv, "gue") == 0) + encaptype = TUNNEL_ENCAP_GUE; + else if (strcmp(*argv, "none") == 0) + encaptype = TUNNEL_ENCAP_NONE; + else + invarg("Invalid encap type.", *argv); + } else if (strcmp(*argv, "encap-sport") == 0) { + NEXT_ARG(); + if (strcmp(*argv, "auto") == 0) + encapsport = 0; + else if (get_u16(&encapsport, *argv, 0)) + invarg("Invalid source port.", *argv); + } else if (strcmp(*argv, "encap-dport") == 0) { + NEXT_ARG(); + if (get_u16(&encapdport, *argv, 0)) + invarg("Invalid destination port.", *argv); + } else if (strcmp(*argv, "encap-csum") == 0) { + encapflags |= TUNNEL_ENCAP_FLAG_CSUM; + } else if (strcmp(*argv, "noencap-csum") == 0) { + encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM; + } else if (strcmp(*argv, "encap-udp6-csum") == 0) { + encapflags |= TUNNEL_ENCAP_FLAG_CSUM6; + } else if (strcmp(*argv, "noencap-udp6-csum") == 0) { + encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM6; + } else if (strcmp(*argv, "encap-remcsum") == 0) { + encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM; + } else if (strcmp(*argv, "noencap-remcsum") == 0) { + encapflags &= ~TUNNEL_ENCAP_FLAG_REMCSUM; + } else if (strcmp(*argv, "external") == 0) { + metadata = 1; + } else { + ip6tunnel_print_help(lu, argc, argv, stderr); + return -1; + } + argc--, argv++; + } + + addattr8(n, 1024, IFLA_IPTUN_PROTO, proto); + if (metadata) { + addattr_l(n, 1024, IFLA_IPTUN_COLLECT_METADATA, NULL, 0); + return 0; + } + + if (is_addrtype_inet_not_unspec(&saddr)) { + addattr_l(n, 1024, IFLA_IPTUN_LOCAL, + saddr.data, saddr.bytelen); + } + if (is_addrtype_inet_not_unspec(&daddr)) { + addattr_l(n, 1024, IFLA_IPTUN_REMOTE, + daddr.data, daddr.bytelen); + } + addattr8(n, 1024, IFLA_IPTUN_TTL, hop_limit); + addattr8(n, 1024, IFLA_IPTUN_ENCAP_LIMIT, encap_limit); + addattr32(n, 1024, IFLA_IPTUN_FLOWINFO, flowinfo); + addattr32(n, 1024, IFLA_IPTUN_FLAGS, flags); + addattr32(n, 1024, IFLA_IPTUN_LINK, link); + addattr32(n, 1024, IFLA_IPTUN_FWMARK, fwmark); + + addattr16(n, 1024, IFLA_IPTUN_ENCAP_TYPE, encaptype); + addattr16(n, 1024, IFLA_IPTUN_ENCAP_FLAGS, encapflags); + addattr16(n, 1024, IFLA_IPTUN_ENCAP_SPORT, htons(encapsport)); + addattr16(n, 1024, IFLA_IPTUN_ENCAP_DPORT, htons(encapdport)); + + return 0; + +get_failed: + fprintf(stderr, "Failed to get existing tunnel info.\n"); + free(answer); + return -1; +} + +static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) +{ + char s2[64]; + __u32 flags = 0; + __u32 flowinfo = 0; + __u8 ttl = 0; + + if (!tb) + return; + + if (tb[IFLA_IPTUN_COLLECT_METADATA]) { + print_bool(PRINT_ANY, "external", "external ", true); + } + + if (tb[IFLA_IPTUN_FLAGS]) + flags = rta_getattr_u32(tb[IFLA_IPTUN_FLAGS]); + + if (tb[IFLA_IPTUN_FLOWINFO]) + flowinfo = rta_getattr_u32(tb[IFLA_IPTUN_FLOWINFO]); + + if (tb[IFLA_IPTUN_PROTO]) { + switch (rta_getattr_u8(tb[IFLA_IPTUN_PROTO])) { + case IPPROTO_IPIP: + print_string(PRINT_ANY, "proto", "%s ", "ipip6"); + break; + case IPPROTO_IPV6: + print_string(PRINT_ANY, "proto", "%s ", "ip6ip6"); + break; + case 0: + print_string(PRINT_ANY, "proto", "%s ", "any"); + break; + } + } + + tnl_print_endpoint("remote", tb[IFLA_IPTUN_REMOTE], AF_INET6); + tnl_print_endpoint("local", tb[IFLA_IPTUN_LOCAL], AF_INET6); + + if (tb[IFLA_IPTUN_LINK]) { + __u32 link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]); + + if (link) { + print_string(PRINT_ANY, "link", "dev %s ", + ll_index_to_name(link)); + } + } + + if (tb[IFLA_IPTUN_TTL]) + ttl = rta_getattr_u8(tb[IFLA_IPTUN_TTL]); + if (is_json_context() || ttl) + print_uint(PRINT_ANY, "ttl", "hoplimit %u ", ttl); + else + print_string(PRINT_FP, NULL, "hoplimit %s ", "inherit"); + + if (flags & IP6_TNL_F_IGN_ENCAP_LIMIT) { + print_bool(PRINT_ANY, + "ip6_tnl_f_ign_encap_limit", + "encaplimit none ", + true); + } else if (tb[IFLA_IPTUN_ENCAP_LIMIT]) { + __u8 val = rta_getattr_u8(tb[IFLA_IPTUN_ENCAP_LIMIT]); + + print_uint(PRINT_ANY, "encap_limit", "encaplimit %u ", val); + } + + if (flags & IP6_TNL_F_USE_ORIG_TCLASS) { + print_bool(PRINT_ANY, + "ip6_tnl_f_use_orig_tclass", + "tclass inherit ", + true); + } else if (tb[IFLA_IPTUN_FLOWINFO]) { + __u32 val = ntohl(flowinfo & IP6_FLOWINFO_TCLASS) >> 20; + + snprintf(s2, sizeof(s2), "0x%02x", val); + print_string(PRINT_ANY, "tclass", "tclass %s ", s2); + } + + if (flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) { + print_bool(PRINT_ANY, + "ip6_tnl_f_use_orig_flowlabel", + "flowlabel inherit ", + true); + } else if (tb[IFLA_IPTUN_FLOWINFO]) { + __u32 val = ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL); + + snprintf(s2, sizeof(s2), "0x%05x", val); + print_string(PRINT_ANY, "flowlabel", "flowlabel %s ", s2); + } + + if (flags & IP6_TNL_F_RCV_DSCP_COPY) + print_bool(PRINT_ANY, + "ip6_tnl_f_rcv_dscp_copy", + "dscp inherit ", + true); + + if (flags & IP6_TNL_F_MIP6_DEV) + print_bool(PRINT_ANY, "ip6_tnl_f_mip6_dev", "mip6 ", true); + + if (flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) + print_bool(PRINT_ANY, + "ip6_tnl_f_allow_local_remote", + "allow-localremote ", + true); + + if (flags & IP6_TNL_F_USE_ORIG_FWMARK) { + print_bool(PRINT_ANY, + "ip6_tnl_f_use_orig_fwmark", + "fwmark inherit ", + true); + } else if (tb[IFLA_IPTUN_FWMARK]) { + __u32 fwmark = rta_getattr_u32(tb[IFLA_IPTUN_FWMARK]); + + if (fwmark) { + print_0xhex(PRINT_ANY, + "fwmark", "fwmark %#llx ", fwmark); + } + } + + tnl_print_encap(tb, + IFLA_IPTUN_ENCAP_TYPE, + IFLA_IPTUN_ENCAP_FLAGS, + IFLA_IPTUN_ENCAP_SPORT, + IFLA_IPTUN_ENCAP_DPORT); +} + +struct link_util ip6tnl_link_util = { + .id = "ip6tnl", + .maxattr = IFLA_IPTUN_MAX, + .parse_opt = ip6tunnel_parse_opt, + .print_opt = ip6tunnel_print_opt, + .print_help = ip6tunnel_print_help, +}; |