2 * link_ip6tnl.c ip6tnl driver module
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Nicolas Dichtel <nicolas.dichtel@6wind.com>
15 #include <sys/types.h>
16 #include <sys/socket.h>
17 #include <arpa/inet.h>
20 #include <linux/if_tunnel.h>
21 #include <linux/ip6_tunnel.h>
24 #include "ip_common.h"
27 #define IP6_FLOWINFO_TCLASS htonl(0x0FF00000)
28 #define IP6_FLOWINFO_FLOWLABEL htonl(0x000FFFFF)
30 #define DEFAULT_TNL_HOP_LIMIT (64)
32 static void ip6tunnel_print_help(struct link_util
*lu
, int argc
, char **argv
,
38 "Usage: ... %-6s [ remote ADDR ]\n",
43 " [ encaplimit ELIM ]\n"
44 " [ hoplimit HLIM ]\n"
45 " [ tclass TCLASS ]\n"
46 " [ flowlabel FLOWLABEL ]\n"
48 " [ [no]allow-localremote ]\n"
53 " [ encap { fou | gue | none } ]\n"
54 " [ encap-sport PORT ]\n"
55 " [ encap-dport PORT ]\n"
56 " [ [no]encap-csum ]\n"
57 " [ [no]encap-csum6 ]\n"
58 " [ [no]encap-remcsum ]\n"
60 mode
= "{ ip6ip6 | ipip6 | any }";
67 "Where: ADDR := IPV6_ADDRESS\n"
68 " ELIM := { none | 0..255 }(default=%d)\n"
69 " HLIM := 0..255 (default=%d)\n"
70 " TCLASS := { 0x0..0xff | inherit }\n"
71 " FLOWLABEL := { 0x0..0xfffff | inherit }\n"
72 " MARK := { 0x0..0xffffffff | inherit }\n",
73 IPV6_DEFAULT_TNL_ENCAP_LIMIT
, DEFAULT_TNL_HOP_LIMIT
77 static int ip6tunnel_parse_opt(struct link_util
*lu
, int argc
, char **argv
,
80 struct ifinfomsg
*ifi
= NLMSG_DATA(n
);
85 .n
.nlmsg_len
= NLMSG_LENGTH(sizeof(*ifi
)),
86 .n
.nlmsg_flags
= NLM_F_REQUEST
,
87 .n
.nlmsg_type
= RTM_GETLINK
,
88 .i
.ifi_family
= preferred_family
,
89 .i
.ifi_index
= ifi
->ifi_index
,
91 struct nlmsghdr
*answer
;
92 struct rtattr
*tb
[IFLA_MAX
+ 1];
93 struct rtattr
*linkinfo
[IFLA_INFO_MAX
+1];
94 struct rtattr
*iptuninfo
[IFLA_IPTUN_MAX
+ 1];
96 inet_prefix saddr
, daddr
;
97 __u8 hop_limit
= DEFAULT_TNL_HOP_LIMIT
;
98 __u8 encap_limit
= IPV6_DEFAULT_TNL_ENCAP_LIMIT
;
104 __u16 encapflags
= TUNNEL_ENCAP_FLAG_CSUM6
;
105 __u16 encapsport
= 0;
106 __u16 encapdport
= 0;
110 inet_prefix_reset(&saddr
);
111 inet_prefix_reset(&daddr
);
113 if (!(n
->nlmsg_flags
& NLM_F_CREATE
)) {
114 const struct rtattr
*rta
;
116 if (rtnl_talk(&rth
, &req
.n
, &answer
) < 0) {
119 "Failed to get existing tunnel info.\n");
123 len
= answer
->nlmsg_len
;
124 len
-= NLMSG_LENGTH(sizeof(*ifi
));
128 parse_rtattr(tb
, IFLA_MAX
, IFLA_RTA(NLMSG_DATA(answer
)), len
);
130 if (!tb
[IFLA_LINKINFO
])
133 parse_rtattr_nested(linkinfo
, IFLA_INFO_MAX
, tb
[IFLA_LINKINFO
]);
135 if (!linkinfo
[IFLA_INFO_DATA
])
138 parse_rtattr_nested(iptuninfo
, IFLA_IPTUN_MAX
,
139 linkinfo
[IFLA_INFO_DATA
]);
141 rta
= iptuninfo
[IFLA_IPTUN_LOCAL
];
142 if (rta
&& get_addr_rta(&saddr
, rta
, AF_INET6
))
145 rta
= iptuninfo
[IFLA_IPTUN_REMOTE
];
146 if (rta
&& get_addr_rta(&daddr
, rta
, AF_INET6
))
149 if (iptuninfo
[IFLA_IPTUN_TTL
])
150 hop_limit
= rta_getattr_u8(iptuninfo
[IFLA_IPTUN_TTL
]);
152 if (iptuninfo
[IFLA_IPTUN_ENCAP_LIMIT
])
153 encap_limit
= rta_getattr_u8(iptuninfo
[IFLA_IPTUN_ENCAP_LIMIT
]);
155 if (iptuninfo
[IFLA_IPTUN_FLOWINFO
])
156 flowinfo
= rta_getattr_u32(iptuninfo
[IFLA_IPTUN_FLOWINFO
]);
158 if (iptuninfo
[IFLA_IPTUN_FLAGS
])
159 flags
= rta_getattr_u32(iptuninfo
[IFLA_IPTUN_FLAGS
]);
161 if (iptuninfo
[IFLA_IPTUN_LINK
])
162 link
= rta_getattr_u32(iptuninfo
[IFLA_IPTUN_LINK
]);
164 if (iptuninfo
[IFLA_IPTUN_PROTO
])
165 proto
= rta_getattr_u8(iptuninfo
[IFLA_IPTUN_PROTO
]);
166 if (iptuninfo
[IFLA_IPTUN_COLLECT_METADATA
])
169 if (iptuninfo
[IFLA_IPTUN_FWMARK
])
170 fwmark
= rta_getattr_u32(iptuninfo
[IFLA_IPTUN_FWMARK
]);
176 if (strcmp(*argv
, "mode") == 0) {
178 if (strcmp(*argv
, "ipv6/ipv6") == 0 ||
179 strcmp(*argv
, "ip6ip6") == 0)
180 proto
= IPPROTO_IPV6
;
181 else if (strcmp(*argv
, "ip/ipv6") == 0 ||
182 strcmp(*argv
, "ipv4/ipv6") == 0 ||
183 strcmp(*argv
, "ipip6") == 0 ||
184 strcmp(*argv
, "ip4ip6") == 0)
185 proto
= IPPROTO_IPIP
;
186 else if (strcmp(*argv
, "any/ipv6") == 0 ||
187 strcmp(*argv
, "any") == 0)
190 invarg("Cannot guess tunnel mode.", *argv
);
191 } else if (strcmp(*argv
, "remote") == 0) {
193 get_addr(&daddr
, *argv
, AF_INET6
);
194 } else if (strcmp(*argv
, "local") == 0) {
196 get_addr(&saddr
, *argv
, AF_INET6
);
197 } else if (matches(*argv
, "dev") == 0) {
199 link
= ll_name_to_index(*argv
);
202 } else if (strcmp(*argv
, "ttl") == 0 ||
203 strcmp(*argv
, "hoplimit") == 0 ||
204 strcmp(*argv
, "hlim") == 0) {
206 if (strcmp(*argv
, "inherit") != 0) {
207 if (get_u8(&hop_limit
, *argv
, 0))
208 invarg("invalid HLIM\n", *argv
);
211 } else if (strcmp(*argv
, "encaplimit") == 0) {
213 if (strcmp(*argv
, "none") == 0) {
214 flags
|= IP6_TNL_F_IGN_ENCAP_LIMIT
;
218 if (get_u8(&uval
, *argv
, 0) < -1)
219 invarg("invalid ELIM", *argv
);
221 flags
&= ~IP6_TNL_F_IGN_ENCAP_LIMIT
;
223 } else if (strcmp(*argv
, "tos") == 0 ||
224 strcmp(*argv
, "tclass") == 0 ||
225 strcmp(*argv
, "tc") == 0 ||
226 matches(*argv
, "dsfield") == 0) {
230 flowinfo
&= ~IP6_FLOWINFO_TCLASS
;
231 if (strcmp(*argv
, "inherit") == 0)
232 flags
|= IP6_TNL_F_USE_ORIG_TCLASS
;
234 if (get_u8(&uval
, *argv
, 16))
235 invarg("invalid TClass", *argv
);
236 flowinfo
|= htonl((__u32
)uval
<< 20) & IP6_FLOWINFO_TCLASS
;
237 flags
&= ~IP6_TNL_F_USE_ORIG_TCLASS
;
239 } else if (strcmp(*argv
, "flowlabel") == 0 ||
240 strcmp(*argv
, "fl") == 0) {
244 flowinfo
&= ~IP6_FLOWINFO_FLOWLABEL
;
245 if (strcmp(*argv
, "inherit") == 0)
246 flags
|= IP6_TNL_F_USE_ORIG_FLOWLABEL
;
248 if (get_u32(&uval
, *argv
, 16))
249 invarg("invalid Flowlabel", *argv
);
251 invarg("invalid Flowlabel", *argv
);
252 flowinfo
|= htonl(uval
) & IP6_FLOWINFO_FLOWLABEL
;
253 flags
&= ~IP6_TNL_F_USE_ORIG_FLOWLABEL
;
255 } else if (strcmp(*argv
, "dscp") == 0) {
257 if (strcmp(*argv
, "inherit") != 0)
258 invarg("not inherit", *argv
);
259 flags
|= IP6_TNL_F_RCV_DSCP_COPY
;
260 } else if (strcmp(*argv
, "fwmark") == 0) {
262 if (strcmp(*argv
, "inherit") == 0) {
263 flags
|= IP6_TNL_F_USE_ORIG_FWMARK
;
266 if (get_u32(&fwmark
, *argv
, 0))
267 invarg("invalid fwmark\n", *argv
);
268 flags
&= ~IP6_TNL_F_USE_ORIG_FWMARK
;
270 } else if (strcmp(*argv
, "allow-localremote") == 0) {
271 flags
|= IP6_TNL_F_ALLOW_LOCAL_REMOTE
;
272 } else if (strcmp(*argv
, "noallow-localremote") == 0) {
273 flags
&= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE
;
274 } else if (strcmp(*argv
, "noencap") == 0) {
275 encaptype
= TUNNEL_ENCAP_NONE
;
276 } else if (strcmp(*argv
, "encap") == 0) {
278 if (strcmp(*argv
, "fou") == 0)
279 encaptype
= TUNNEL_ENCAP_FOU
;
280 else if (strcmp(*argv
, "gue") == 0)
281 encaptype
= TUNNEL_ENCAP_GUE
;
282 else if (strcmp(*argv
, "none") == 0)
283 encaptype
= TUNNEL_ENCAP_NONE
;
285 invarg("Invalid encap type.", *argv
);
286 } else if (strcmp(*argv
, "encap-sport") == 0) {
288 if (strcmp(*argv
, "auto") == 0)
290 else if (get_u16(&encapsport
, *argv
, 0))
291 invarg("Invalid source port.", *argv
);
292 } else if (strcmp(*argv
, "encap-dport") == 0) {
294 if (get_u16(&encapdport
, *argv
, 0))
295 invarg("Invalid destination port.", *argv
);
296 } else if (strcmp(*argv
, "encap-csum") == 0) {
297 encapflags
|= TUNNEL_ENCAP_FLAG_CSUM
;
298 } else if (strcmp(*argv
, "noencap-csum") == 0) {
299 encapflags
&= ~TUNNEL_ENCAP_FLAG_CSUM
;
300 } else if (strcmp(*argv
, "encap-udp6-csum") == 0) {
301 encapflags
|= TUNNEL_ENCAP_FLAG_CSUM6
;
302 } else if (strcmp(*argv
, "noencap-udp6-csum") == 0) {
303 encapflags
&= ~TUNNEL_ENCAP_FLAG_CSUM6
;
304 } else if (strcmp(*argv
, "encap-remcsum") == 0) {
305 encapflags
|= TUNNEL_ENCAP_FLAG_REMCSUM
;
306 } else if (strcmp(*argv
, "noencap-remcsum") == 0) {
307 encapflags
&= ~TUNNEL_ENCAP_FLAG_REMCSUM
;
308 } else if (strcmp(*argv
, "external") == 0) {
311 ip6tunnel_print_help(lu
, argc
, argv
, stderr
);
317 addattr8(n
, 1024, IFLA_IPTUN_PROTO
, proto
);
319 addattr_l(n
, 1024, IFLA_IPTUN_COLLECT_METADATA
, NULL
, 0);
323 if (is_addrtype_inet(&saddr
)) {
324 addattr_l(n
, 1024, IFLA_IPTUN_LOCAL
,
325 saddr
.data
, saddr
.bytelen
);
327 if (is_addrtype_inet(&daddr
)) {
328 addattr_l(n
, 1024, IFLA_IPTUN_REMOTE
,
329 daddr
.data
, daddr
.bytelen
);
331 addattr8(n
, 1024, IFLA_IPTUN_TTL
, hop_limit
);
332 addattr8(n
, 1024, IFLA_IPTUN_ENCAP_LIMIT
, encap_limit
);
333 addattr32(n
, 1024, IFLA_IPTUN_FLOWINFO
, flowinfo
);
334 addattr32(n
, 1024, IFLA_IPTUN_FLAGS
, flags
);
335 addattr32(n
, 1024, IFLA_IPTUN_LINK
, link
);
336 addattr32(n
, 1024, IFLA_IPTUN_FWMARK
, fwmark
);
338 addattr16(n
, 1024, IFLA_IPTUN_ENCAP_TYPE
, encaptype
);
339 addattr16(n
, 1024, IFLA_IPTUN_ENCAP_FLAGS
, encapflags
);
340 addattr16(n
, 1024, IFLA_IPTUN_ENCAP_SPORT
, htons(encapsport
));
341 addattr16(n
, 1024, IFLA_IPTUN_ENCAP_DPORT
, htons(encapdport
));
346 static void ip6tunnel_print_opt(struct link_util
*lu
, FILE *f
, struct rtattr
*tb
[])
356 if (tb
[IFLA_IPTUN_COLLECT_METADATA
]) {
357 print_bool(PRINT_ANY
, "external", "external", true);
361 if (tb
[IFLA_IPTUN_FLAGS
])
362 flags
= rta_getattr_u32(tb
[IFLA_IPTUN_FLAGS
]);
364 if (tb
[IFLA_IPTUN_FLOWINFO
])
365 flowinfo
= rta_getattr_u32(tb
[IFLA_IPTUN_FLOWINFO
]);
367 if (tb
[IFLA_IPTUN_PROTO
]) {
368 switch (rta_getattr_u8(tb
[IFLA_IPTUN_PROTO
])) {
370 print_string(PRINT_ANY
, "proto", "%s ", "ipip6");
373 print_string(PRINT_ANY
, "proto", "%s ", "ip6ip6");
376 print_string(PRINT_ANY
, "proto", "%s ", "any");
381 tnl_print_endpoint("remote", tb
[IFLA_IPTUN_REMOTE
], AF_INET6
);
382 tnl_print_endpoint("local", tb
[IFLA_IPTUN_LOCAL
], AF_INET6
);
384 if (tb
[IFLA_IPTUN_LINK
]) {
385 __u32 link
= rta_getattr_u32(tb
[IFLA_IPTUN_LINK
]);
388 print_string(PRINT_ANY
, "link", "dev %s ",
389 ll_index_to_name(link
));
393 if (tb
[IFLA_IPTUN_TTL
])
394 ttl
= rta_getattr_u8(tb
[IFLA_IPTUN_TTL
]);
395 if (is_json_context() || ttl
)
396 print_uint(PRINT_ANY
, "ttl", "hoplimit %u ", ttl
);
398 print_string(PRINT_FP
, NULL
, "hoplimit %s ", "inherit");
400 if (flags
& IP6_TNL_F_IGN_ENCAP_LIMIT
) {
401 print_bool(PRINT_ANY
,
402 "ip6_tnl_f_ign_encap_limit",
405 } else if (tb
[IFLA_IPTUN_ENCAP_LIMIT
]) {
406 __u8 val
= rta_getattr_u8(tb
[IFLA_IPTUN_ENCAP_LIMIT
]);
408 print_uint(PRINT_ANY
, "encap_limit", "encaplimit %u ", val
);
411 if (flags
& IP6_TNL_F_USE_ORIG_TCLASS
) {
412 print_bool(PRINT_ANY
,
413 "ip6_tnl_f_use_orig_tclass",
416 } else if (tb
[IFLA_IPTUN_FLOWINFO
]) {
417 __u32 val
= ntohl(flowinfo
& IP6_FLOWINFO_TCLASS
) >> 20;
419 snprintf(s2
, sizeof(s2
), "0x%02x", val
);
420 print_string(PRINT_ANY
, "tclass", "tclass %s ", s2
);
423 if (flags
& IP6_TNL_F_USE_ORIG_FLOWLABEL
) {
424 print_bool(PRINT_ANY
,
425 "ip6_tnl_f_use_orig_flowlabel",
426 "flowlabel inherit ",
428 } else if (tb
[IFLA_IPTUN_FLOWINFO
]) {
429 __u32 val
= ntohl(flowinfo
& IP6_FLOWINFO_FLOWLABEL
);
431 snprintf(s2
, sizeof(s2
), "0x%05x", val
);
432 print_string(PRINT_ANY
, "flowlabel", "flowlabel %s ", s2
);
435 if (flags
& IP6_TNL_F_RCV_DSCP_COPY
)
436 print_bool(PRINT_ANY
,
437 "ip6_tnl_f_rcv_dscp_copy",
441 if (flags
& IP6_TNL_F_MIP6_DEV
)
442 print_bool(PRINT_ANY
, "ip6_tnl_f_mip6_dev", "mip6 ", true);
444 if (flags
& IP6_TNL_F_ALLOW_LOCAL_REMOTE
)
445 print_bool(PRINT_ANY
,
446 "ip6_tnl_f_allow_local_remote",
447 "allow-localremote ",
450 if (flags
& IP6_TNL_F_USE_ORIG_FWMARK
) {
451 print_bool(PRINT_ANY
,
452 "ip6_tnl_f_use_orig_fwmark",
455 } else if (tb
[IFLA_IPTUN_FWMARK
]) {
456 __u32 fwmark
= rta_getattr_u32(tb
[IFLA_IPTUN_FWMARK
]);
459 print_0xhex(PRINT_ANY
,
460 "fwmark", "fwmark 0x%x ", fwmark
);
465 IFLA_IPTUN_ENCAP_TYPE
,
466 IFLA_IPTUN_ENCAP_FLAGS
,
467 IFLA_IPTUN_ENCAP_SPORT
,
468 IFLA_IPTUN_ENCAP_DPORT
);
471 struct link_util ip6tnl_link_util
= {
473 .maxattr
= IFLA_IPTUN_MAX
,
474 .parse_opt
= ip6tunnel_parse_opt
,
475 .print_opt
= ip6tunnel_print_opt
,
476 .print_help
= ip6tunnel_print_help
,