1
2
3
4
5
6
7
8
9
10
11
12
13#include <string.h>
14#include <net/if.h>
15#include <sys/types.h>
16#include <sys/socket.h>
17#include <arpa/inet.h>
18
19#include <linux/ip.h>
20#include <linux/if_tunnel.h>
21#include <linux/ip6_tunnel.h>
22#include "rt_names.h"
23#include "utils.h"
24#include "ip_common.h"
25#include "tunnel.h"
26
27#define IP6_FLOWINFO_TCLASS htonl(0x0FF00000)
28#define IP6_FLOWINFO_FLOWLABEL htonl(0x000FFFFF)
29
30#define DEFAULT_TNL_HOP_LIMIT (64)
31
32static void ip6tunnel_print_help(struct link_util *lu, int argc, char **argv,
33 FILE *f)
34{
35 fprintf(f,
36 "Usage: ... %-6s [ remote ADDR ]\n"
37 " [ local ADDR ]\n"
38 " [ encaplimit ELIM ]\n"
39 " [ hoplimit HLIM ]\n"
40 " [ tclass TCLASS ]\n"
41 " [ flowlabel FLOWLABEL ]\n"
42 " [ dscp inherit ]\n"
43 " [ [no]allow-localremote ]\n"
44 " [ dev PHYS_DEV ]\n"
45 " [ fwmark MARK ]\n"
46 " [ external ]\n"
47 " [ noencap ]\n"
48 " [ encap { fou | gue | none } ]\n"
49 " [ encap-sport PORT ]\n"
50 " [ encap-dport PORT ]\n"
51 " [ [no]encap-csum ]\n"
52 " [ [no]encap-csum6 ]\n"
53 " [ [no]encap-remcsum ]\n"
54 " [ mode { ip6ip6 | ipip6 | any } ]\n"
55 "\n"
56 "Where: ADDR := IPV6_ADDRESS\n"
57 " ELIM := { none | 0..255 }(default=%d)\n"
58 " HLIM := 0..255 (default=%d)\n"
59 " TCLASS := { 0x0..0xff | inherit }\n"
60 " FLOWLABEL := { 0x0..0xfffff | inherit }\n"
61 " MARK := { 0x0..0xffffffff | inherit }\n",
62 lu->id,
63 IPV6_DEFAULT_TNL_ENCAP_LIMIT, DEFAULT_TNL_HOP_LIMIT);
64}
65
66static int ip6tunnel_parse_opt(struct link_util *lu, int argc, char **argv,
67 struct nlmsghdr *n)
68{
69 struct ifinfomsg *ifi = NLMSG_DATA(n);
70 struct {
71 struct nlmsghdr n;
72 struct ifinfomsg i;
73 } req = {
74 .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
75 .n.nlmsg_flags = NLM_F_REQUEST,
76 .n.nlmsg_type = RTM_GETLINK,
77 .i.ifi_family = preferred_family,
78 .i.ifi_index = ifi->ifi_index,
79 };
80 struct nlmsghdr *answer;
81 struct rtattr *tb[IFLA_MAX + 1];
82 struct rtattr *linkinfo[IFLA_INFO_MAX+1];
83 struct rtattr *iptuninfo[IFLA_IPTUN_MAX + 1];
84 int len;
85 inet_prefix saddr, daddr;
86 __u8 hop_limit = DEFAULT_TNL_HOP_LIMIT;
87 __u8 encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
88 __u32 flowinfo = 0;
89 __u32 flags = 0;
90 __u8 proto = 0;
91 __u32 link = 0;
92 __u16 encaptype = 0;
93 __u16 encapflags = TUNNEL_ENCAP_FLAG_CSUM6;
94 __u16 encapsport = 0;
95 __u16 encapdport = 0;
96 __u8 metadata = 0;
97 __u32 fwmark = 0;
98
99 inet_prefix_reset(&saddr);
100 inet_prefix_reset(&daddr);
101
102 if (!(n->nlmsg_flags & NLM_F_CREATE)) {
103 const struct rtattr *rta;
104
105 if (rtnl_talk(&rth, &req.n, &answer) < 0) {
106get_failed:
107 fprintf(stderr,
108 "Failed to get existing tunnel info.\n");
109 return -1;
110 }
111
112 len = answer->nlmsg_len;
113 len -= NLMSG_LENGTH(sizeof(*ifi));
114 if (len < 0)
115 goto get_failed;
116
117 parse_rtattr(tb, IFLA_MAX, IFLA_RTA(NLMSG_DATA(answer)), len);
118
119 if (!tb[IFLA_LINKINFO])
120 goto get_failed;
121
122 parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb[IFLA_LINKINFO]);
123
124 if (!linkinfo[IFLA_INFO_DATA])
125 goto get_failed;
126
127 parse_rtattr_nested(iptuninfo, IFLA_IPTUN_MAX,
128 linkinfo[IFLA_INFO_DATA]);
129
130 rta = iptuninfo[IFLA_IPTUN_LOCAL];
131 if (rta && get_addr_rta(&saddr, rta, AF_INET6))
132 goto get_failed;
133
134 rta = iptuninfo[IFLA_IPTUN_REMOTE];
135 if (rta && get_addr_rta(&daddr, rta, AF_INET6))
136 goto get_failed;
137
138 if (iptuninfo[IFLA_IPTUN_TTL])
139 hop_limit = rta_getattr_u8(iptuninfo[IFLA_IPTUN_TTL]);
140
141 if (iptuninfo[IFLA_IPTUN_ENCAP_LIMIT])
142 encap_limit = rta_getattr_u8(iptuninfo[IFLA_IPTUN_ENCAP_LIMIT]);
143
144 if (iptuninfo[IFLA_IPTUN_FLOWINFO])
145 flowinfo = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FLOWINFO]);
146
147 if (iptuninfo[IFLA_IPTUN_FLAGS])
148 flags = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FLAGS]);
149
150 if (iptuninfo[IFLA_IPTUN_LINK])
151 link = rta_getattr_u32(iptuninfo[IFLA_IPTUN_LINK]);
152
153 if (iptuninfo[IFLA_IPTUN_PROTO])
154 proto = rta_getattr_u8(iptuninfo[IFLA_IPTUN_PROTO]);
155 if (iptuninfo[IFLA_IPTUN_COLLECT_METADATA])
156 metadata = 1;
157
158 if (iptuninfo[IFLA_IPTUN_FWMARK])
159 fwmark = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FWMARK]);
160
161 free(answer);
162 }
163
164 while (argc > 0) {
165 if (strcmp(*argv, "mode") == 0) {
166 NEXT_ARG();
167 if (strcmp(*argv, "ipv6/ipv6") == 0 ||
168 strcmp(*argv, "ip6ip6") == 0)
169 proto = IPPROTO_IPV6;
170 else if (strcmp(*argv, "ip/ipv6") == 0 ||
171 strcmp(*argv, "ipv4/ipv6") == 0 ||
172 strcmp(*argv, "ipip6") == 0 ||
173 strcmp(*argv, "ip4ip6") == 0)
174 proto = IPPROTO_IPIP;
175 else if (strcmp(*argv, "any/ipv6") == 0 ||
176 strcmp(*argv, "any") == 0)
177 proto = 0;
178 else
179 invarg("Cannot guess tunnel mode.", *argv);
180 } else if (strcmp(*argv, "remote") == 0) {
181 NEXT_ARG();
182 get_addr(&daddr, *argv, AF_INET6);
183 } else if (strcmp(*argv, "local") == 0) {
184 NEXT_ARG();
185 get_addr(&saddr, *argv, AF_INET6);
186 } else if (matches(*argv, "dev") == 0) {
187 NEXT_ARG();
188 link = ll_name_to_index(*argv);
189 if (!link)
190 exit(nodev(*argv));
191 } else if (strcmp(*argv, "ttl") == 0 ||
192 strcmp(*argv, "hoplimit") == 0 ||
193 strcmp(*argv, "hlim") == 0) {
194 NEXT_ARG();
195 if (strcmp(*argv, "inherit") != 0) {
196 if (get_u8(&hop_limit, *argv, 0))
197 invarg("invalid HLIM\n", *argv);
198 } else
199 hop_limit = 0;
200 } else if (strcmp(*argv, "encaplimit") == 0) {
201 NEXT_ARG();
202 if (strcmp(*argv, "none") == 0) {
203 flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
204 } else {
205 __u8 uval;
206
207 if (get_u8(&uval, *argv, 0) < -1)
208 invarg("invalid ELIM", *argv);
209 encap_limit = uval;
210 flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
211 }
212 } else if (strcmp(*argv, "tos") == 0 ||
213 strcmp(*argv, "tclass") == 0 ||
214 strcmp(*argv, "tc") == 0 ||
215 matches(*argv, "dsfield") == 0) {
216 __u8 uval;
217
218 NEXT_ARG();
219 flowinfo &= ~IP6_FLOWINFO_TCLASS;
220 if (strcmp(*argv, "inherit") == 0)
221 flags |= IP6_TNL_F_USE_ORIG_TCLASS;
222 else {
223 if (get_u8(&uval, *argv, 16))
224 invarg("invalid TClass", *argv);
225 flowinfo |= htonl((__u32)uval << 20) & IP6_FLOWINFO_TCLASS;
226 flags &= ~IP6_TNL_F_USE_ORIG_TCLASS;
227 }
228 } else if (strcmp(*argv, "flowlabel") == 0 ||
229 strcmp(*argv, "fl") == 0) {
230 __u32 uval;
231
232 NEXT_ARG();
233 flowinfo &= ~IP6_FLOWINFO_FLOWLABEL;
234 if (strcmp(*argv, "inherit") == 0)
235 flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL;
236 else {
237 if (get_u32(&uval, *argv, 16))
238 invarg("invalid Flowlabel", *argv);
239 if (uval > 0xFFFFF)
240 invarg("invalid Flowlabel", *argv);
241 flowinfo |= htonl(uval) & IP6_FLOWINFO_FLOWLABEL;
242 flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL;
243 }
244 } else if (strcmp(*argv, "dscp") == 0) {
245 NEXT_ARG();
246 if (strcmp(*argv, "inherit") != 0)
247 invarg("not inherit", *argv);
248 flags |= IP6_TNL_F_RCV_DSCP_COPY;
249 } else if (strcmp(*argv, "fwmark") == 0) {
250 NEXT_ARG();
251 if (strcmp(*argv, "inherit") == 0) {
252 flags |= IP6_TNL_F_USE_ORIG_FWMARK;
253 fwmark = 0;
254 } else {
255 if (get_u32(&fwmark, *argv, 0))
256 invarg("invalid fwmark\n", *argv);
257 flags &= ~IP6_TNL_F_USE_ORIG_FWMARK;
258 }
259 } else if (strcmp(*argv, "allow-localremote") == 0) {
260 flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE;
261 } else if (strcmp(*argv, "noallow-localremote") == 0) {
262 flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE;
263 } else if (strcmp(*argv, "noencap") == 0) {
264 encaptype = TUNNEL_ENCAP_NONE;
265 } else if (strcmp(*argv, "encap") == 0) {
266 NEXT_ARG();
267 if (strcmp(*argv, "fou") == 0)
268 encaptype = TUNNEL_ENCAP_FOU;
269 else if (strcmp(*argv, "gue") == 0)
270 encaptype = TUNNEL_ENCAP_GUE;
271 else if (strcmp(*argv, "none") == 0)
272 encaptype = TUNNEL_ENCAP_NONE;
273 else
274 invarg("Invalid encap type.", *argv);
275 } else if (strcmp(*argv, "encap-sport") == 0) {
276 NEXT_ARG();
277 if (strcmp(*argv, "auto") == 0)
278 encapsport = 0;
279 else if (get_u16(&encapsport, *argv, 0))
280 invarg("Invalid source port.", *argv);
281 } else if (strcmp(*argv, "encap-dport") == 0) {
282 NEXT_ARG();
283 if (get_u16(&encapdport, *argv, 0))
284 invarg("Invalid destination port.", *argv);
285 } else if (strcmp(*argv, "encap-csum") == 0) {
286 encapflags |= TUNNEL_ENCAP_FLAG_CSUM;
287 } else if (strcmp(*argv, "noencap-csum") == 0) {
288 encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM;
289 } else if (strcmp(*argv, "encap-udp6-csum") == 0) {
290 encapflags |= TUNNEL_ENCAP_FLAG_CSUM6;
291 } else if (strcmp(*argv, "noencap-udp6-csum") == 0) {
292 encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM6;
293 } else if (strcmp(*argv, "encap-remcsum") == 0) {
294 encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM;
295 } else if (strcmp(*argv, "noencap-remcsum") == 0) {
296 encapflags &= ~TUNNEL_ENCAP_FLAG_REMCSUM;
297 } else if (strcmp(*argv, "external") == 0) {
298 metadata = 1;
299 } else {
300 ip6tunnel_print_help(lu, argc, argv, stderr);
301 return -1;
302 }
303 argc--, argv++;
304 }
305
306 addattr8(n, 1024, IFLA_IPTUN_PROTO, proto);
307 if (metadata) {
308 addattr_l(n, 1024, IFLA_IPTUN_COLLECT_METADATA, NULL, 0);
309 return 0;
310 }
311
312 if (is_addrtype_inet_not_unspec(&saddr)) {
313 addattr_l(n, 1024, IFLA_IPTUN_LOCAL,
314 saddr.data, saddr.bytelen);
315 }
316 if (is_addrtype_inet_not_unspec(&daddr)) {
317 addattr_l(n, 1024, IFLA_IPTUN_REMOTE,
318 daddr.data, daddr.bytelen);
319 }
320 addattr8(n, 1024, IFLA_IPTUN_TTL, hop_limit);
321 addattr8(n, 1024, IFLA_IPTUN_ENCAP_LIMIT, encap_limit);
322 addattr32(n, 1024, IFLA_IPTUN_FLOWINFO, flowinfo);
323 addattr32(n, 1024, IFLA_IPTUN_FLAGS, flags);
324 addattr32(n, 1024, IFLA_IPTUN_LINK, link);
325 addattr32(n, 1024, IFLA_IPTUN_FWMARK, fwmark);
326
327 addattr16(n, 1024, IFLA_IPTUN_ENCAP_TYPE, encaptype);
328 addattr16(n, 1024, IFLA_IPTUN_ENCAP_FLAGS, encapflags);
329 addattr16(n, 1024, IFLA_IPTUN_ENCAP_SPORT, htons(encapsport));
330 addattr16(n, 1024, IFLA_IPTUN_ENCAP_DPORT, htons(encapdport));
331
332 return 0;
333}
334
335static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
336{
337 char s2[64];
338 __u32 flags = 0;
339 __u32 flowinfo = 0;
340 __u8 ttl = 0;
341
342 if (!tb)
343 return;
344
345 if (tb[IFLA_IPTUN_COLLECT_METADATA]) {
346 print_bool(PRINT_ANY, "external", "external ", true);
347 }
348
349 if (tb[IFLA_IPTUN_FLAGS])
350 flags = rta_getattr_u32(tb[IFLA_IPTUN_FLAGS]);
351
352 if (tb[IFLA_IPTUN_FLOWINFO])
353 flowinfo = rta_getattr_u32(tb[IFLA_IPTUN_FLOWINFO]);
354
355 if (tb[IFLA_IPTUN_PROTO]) {
356 switch (rta_getattr_u8(tb[IFLA_IPTUN_PROTO])) {
357 case IPPROTO_IPIP:
358 print_string(PRINT_ANY, "proto", "%s ", "ipip6");
359 break;
360 case IPPROTO_IPV6:
361 print_string(PRINT_ANY, "proto", "%s ", "ip6ip6");
362 break;
363 case 0:
364 print_string(PRINT_ANY, "proto", "%s ", "any");
365 break;
366 }
367 }
368
369 tnl_print_endpoint("remote", tb[IFLA_IPTUN_REMOTE], AF_INET6);
370 tnl_print_endpoint("local", tb[IFLA_IPTUN_LOCAL], AF_INET6);
371
372 if (tb[IFLA_IPTUN_LINK]) {
373 __u32 link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
374
375 if (link) {
376 print_string(PRINT_ANY, "link", "dev %s ",
377 ll_index_to_name(link));
378 }
379 }
380
381 if (tb[IFLA_IPTUN_TTL])
382 ttl = rta_getattr_u8(tb[IFLA_IPTUN_TTL]);
383 if (is_json_context() || ttl)
384 print_uint(PRINT_ANY, "ttl", "hoplimit %u ", ttl);
385 else
386 print_string(PRINT_FP, NULL, "hoplimit %s ", "inherit");
387
388 if (flags & IP6_TNL_F_IGN_ENCAP_LIMIT) {
389 print_bool(PRINT_ANY,
390 "ip6_tnl_f_ign_encap_limit",
391 "encaplimit none ",
392 true);
393 } else if (tb[IFLA_IPTUN_ENCAP_LIMIT]) {
394 __u8 val = rta_getattr_u8(tb[IFLA_IPTUN_ENCAP_LIMIT]);
395
396 print_uint(PRINT_ANY, "encap_limit", "encaplimit %u ", val);
397 }
398
399 if (flags & IP6_TNL_F_USE_ORIG_TCLASS) {
400 print_bool(PRINT_ANY,
401 "ip6_tnl_f_use_orig_tclass",
402 "tclass inherit ",
403 true);
404 } else if (tb[IFLA_IPTUN_FLOWINFO]) {
405 __u32 val = ntohl(flowinfo & IP6_FLOWINFO_TCLASS) >> 20;
406
407 snprintf(s2, sizeof(s2), "0x%02x", val);
408 print_string(PRINT_ANY, "tclass", "tclass %s ", s2);
409 }
410
411 if (flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) {
412 print_bool(PRINT_ANY,
413 "ip6_tnl_f_use_orig_flowlabel",
414 "flowlabel inherit ",
415 true);
416 } else if (tb[IFLA_IPTUN_FLOWINFO]) {
417 __u32 val = ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL);
418
419 snprintf(s2, sizeof(s2), "0x%05x", val);
420 print_string(PRINT_ANY, "flowlabel", "flowlabel %s ", s2);
421 }
422
423 if (flags & IP6_TNL_F_RCV_DSCP_COPY)
424 print_bool(PRINT_ANY,
425 "ip6_tnl_f_rcv_dscp_copy",
426 "dscp inherit ",
427 true);
428
429 if (flags & IP6_TNL_F_MIP6_DEV)
430 print_bool(PRINT_ANY, "ip6_tnl_f_mip6_dev", "mip6 ", true);
431
432 if (flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE)
433 print_bool(PRINT_ANY,
434 "ip6_tnl_f_allow_local_remote",
435 "allow-localremote ",
436 true);
437
438 if (flags & IP6_TNL_F_USE_ORIG_FWMARK) {
439 print_bool(PRINT_ANY,
440 "ip6_tnl_f_use_orig_fwmark",
441 "fwmark inherit ",
442 true);
443 } else if (tb[IFLA_IPTUN_FWMARK]) {
444 __u32 fwmark = rta_getattr_u32(tb[IFLA_IPTUN_FWMARK]);
445
446 if (fwmark) {
447 print_0xhex(PRINT_ANY,
448 "fwmark", "fwmark %#llx ", fwmark);
449 }
450 }
451
452 tnl_print_encap(tb,
453 IFLA_IPTUN_ENCAP_TYPE,
454 IFLA_IPTUN_ENCAP_FLAGS,
455 IFLA_IPTUN_ENCAP_SPORT,
456 IFLA_IPTUN_ENCAP_DPORT);
457}
458
459struct link_util ip6tnl_link_util = {
460 .id = "ip6tnl",
461 .maxattr = IFLA_IPTUN_MAX,
462 .parse_opt = ip6tunnel_parse_opt,
463 .print_opt = ip6tunnel_print_opt,
464 .print_help = ip6tunnel_print_help,
465};
466
