fix ip tunnel for vti tunnels with ikey

Consider the following command:

ip tunnel add mode vti remote 12.0.0.1 local 12.0.0.3 ikey 15

i_flags will be GRE_KEY|VTI_ISVTI. So, in order to distinguish between ipip and
vti we have to check just VTI_ISVTI bit, not the equality of i_flags and
VTI_ISVTI.

* Note, that there also was a bug in ip_tunnel/ip_vti, see
commit 7c8e6b9c281(ip_vti: Fix 'ip tunnel add' with 'key' parameters),
https://lkml.org/lkml/2014/6/7/125.
Even patched iproute could be unable to create vti tunnels with non-zero keys.

1) Unpatched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip                    4197  0
tunnel4                 1659  1 ipip
ip_tunnel               9295  1 ipip
[root@vm ~]# ip tunnel show
tunl0: ip/ip  remote any  local any  ttl inherit
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
ipip0: ip/ip  remote 1.2.3.4  local any  ttl inherit
tunl0: ip/ip  remote any  local any  ttl inherit
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip                    4197  0
tunnel4                 1659  1 ipip
ip_tunnel               9295  1 ipip

# ipip tunnels are created instead of vti

2) Patched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ip_vti                  5258  0
ip_tunnel               9295  1 ip_vti
[root@vm ~]# ip tunnel show
vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0
ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0
vti1: ip/ip  remote 1.2.3.4  local any  ttl inherit  ikey 2  okey 0
ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0

# Vti tunnels are created as expected
# * If you have unpatched kernel your vti tunnels will have ikey == okey == 0

Same story exists with ip tunnel show/del with non-zero [io]key: requests are
routed to tunl0 instead of ip_vti0.

Signed-off-by: Dmitry Popov <ixaphire@qrator.net>

diff --git a/ip/iptunnel.c b/ip/iptunnel.c
index f96ce4582ca620e29f240f20f34669891fa0a641..c31b176cc0eca0fff12bfc4312abd92cd4389433 100644 (file)
--- a/ip/iptunnel.c
+++ b/ip/iptunnel.c
@@ -290,10 +290,10 @@ static int do_add(int cmd, int argc, char **argv)
 
        switch (p.iph.protocol) {
        case IPPROTO_IPIP:
-               if (p.i_flags != VTI_ISVTI)
-                       return tnl_add_ioctl(cmd, "tunl0", p.name, &p);
-               else
+               if (p.i_flags & VTI_ISVTI)
                        return tnl_add_ioctl(cmd, "ip_vti0", p.name, &p);
+               else
+                       return tnl_add_ioctl(cmd, "tunl0", p.name, &p);
        case IPPROTO_GRE:
                return tnl_add_ioctl(cmd, "gre0", p.name, &p);
        case IPPROTO_IPV6:
@@ -314,10 +314,10 @@ static int do_del(int argc, char **argv)
 
        switch (p.iph.protocol) {
        case IPPROTO_IPIP:
-               if (p.i_flags != VTI_ISVTI)
-                       return tnl_del_ioctl("tunl0", p.name, &p);
-               else
+               if (p.i_flags & VTI_ISVTI)
                        return tnl_del_ioctl("ip_vti0", p.name, &p);
+               else
+                       return tnl_del_ioctl("tunl0", p.name, &p);
        case IPPROTO_GRE:
                return tnl_del_ioctl("gre0", p.name, &p);
        case IPPROTO_IPV6:
@@ -506,10 +506,10 @@ static int do_show(int argc, char **argv)
 
        switch (p.iph.protocol) {
        case IPPROTO_IPIP:
-               if (p.i_flags != VTI_ISVTI)
-                       err = tnl_get_ioctl(p.name[0] ? p.name : "tunl0", &p);
-               else
+               if (p.i_flags & VTI_ISVTI)
                        err = tnl_get_ioctl(p.name[0] ? p.name : "ip_vti0", &p);
+               else
+                       err = tnl_get_ioctl(p.name[0] ? p.name : "tunl0", &p);
                break;
        case IPPROTO_GRE:
                err = tnl_get_ioctl(p.name[0] ? p.name : "gre0", &p);