* [PATCH 1/5] ip-tunnel: add new function
@ 2018-03-04 18:24 Jonatan Schlag
2018-03-04 18:24 ` [PATCH 2/5] device: add new function device_is_vti6 Jonatan Schlag
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Jonatan Schlag @ 2018-03-04 18:24 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1307 bytes --]
To be undependent from the IP protocol we use, when we use tunnel modes
in our code, this function converts the modes
to the modes the iproute2 tool uses
which often depend on the IP protocol version.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.ip-tunnel | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
index 7bb4e3f..550b0b3 100644
--- a/src/functions/functions.ip-tunnel
+++ b/src/functions/functions.ip-tunnel
@@ -21,6 +21,34 @@
IP_TUNNEL_MODES="gre sit vti"
+# This function converts our modes into the type
+# the iproute2 tool uses
+ip_tunnel_convert_mode_to_iproute2_mode() {
+ local mode=${1}
+ local protocol=${2}
+
+ if ! isset mode || ! isset protocol; then
+ log ERROR "Did not get mode and/or protocol"
+ return ${EXIT_ERROR}
+ fi
+
+ if [[ "${protocol}" = "ipv4" ]]; then
+ # When we use IPv4 we can use our modes
+ echo "${mode}"
+ fi
+
+ if [[ "${protocol}" = "ipv6" ]]; then
+ # When we use IPv6 we have to convert
+ case "${mode}" in
+ "vti")
+ echo "vti6"
+ ;;
+ "gre")
+ echo "ip6gre"
+ esac
+ fi
+}
+
ip_tunnel_add() {
local device=${1}
shift
--
2.6.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 2/5] device: add new function device_is_vti6
2018-03-04 18:24 [PATCH 1/5] ip-tunnel: add new function Jonatan Schlag
@ 2018-03-04 18:24 ` Jonatan Schlag
2018-03-04 18:24 ` [PATCH 3/5] device: add new function device_tunnel_get_type() Jonatan Schlag
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Jonatan Schlag @ 2018-03-04 18:24 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 712 bytes --]
This functions checks if a device is a vti6 device.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.device | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/functions/functions.device b/src/functions/functions.device
index 2de1ad9..a04111e 100644
--- a/src/functions/functions.device
+++ b/src/functions/functions.device
@@ -286,6 +286,14 @@ device_is_vti() {
[ "${type}" = "768" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
}
+device_is_vti6() {
+ local device=${1}
+
+ local type=$(__device_get_file ${device} type)
+
+ [ "${type}" = "769" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
+}
+
device_get_phy() {
local device="${1}"
--
2.6.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 3/5] device: add new function device_tunnel_get_type()
2018-03-04 18:24 [PATCH 1/5] ip-tunnel: add new function Jonatan Schlag
2018-03-04 18:24 ` [PATCH 2/5] device: add new function device_is_vti6 Jonatan Schlag
@ 2018-03-04 18:24 ` Jonatan Schlag
2018-03-04 18:24 ` [PATCH 4/5] ip-tunnel: Improve checks Jonatan Schlag
2018-03-04 18:24 ` [PATCH 5/5] ip-tunnel: choose the correct type based on the ip protocol Jonatan Schlag
3 siblings, 0 replies; 5+ messages in thread
From: Jonatan Schlag @ 2018-03-04 18:24 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1215 bytes --]
If we already know that the device must be a ip-tunnel device
we can save time when we check just for the types
a ip-tunnel device can have.
To avoid code duplication we call this function from device_get_type()
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.device | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/functions/functions.device b/src/functions/functions.device
index a04111e..0cd6e4e 100644
--- a/src/functions/functions.device
+++ b/src/functions/functions.device
@@ -396,9 +396,27 @@ device_get_type() {
elif device_is_phy ${device}; then
echo "phy"
+ else
+ echo "$(device_tunnel_get_type "${device}")"
+ fi
+}
+
+# This function just checks the types a ip-tunnel device usually have
+# so when we know that the device is an ip-tunnel device we save time
+device_tunnel_get_type() {
+ local device=${1}
+
+ # If the device does not exist (happens on udev remove events),
+ # we do not bother to run all checks.
+ if ! device_exists "${device}"; then
+ echo "unknown"
+
elif device_is_vti ${device}; then
echo "vti"
+ elif device_is_vti6 ${device}; then
+ echo "vti6"
+
else
echo "unknown"
fi
--
2.6.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 4/5] ip-tunnel: Improve checks
2018-03-04 18:24 [PATCH 1/5] ip-tunnel: add new function Jonatan Schlag
2018-03-04 18:24 ` [PATCH 2/5] device: add new function device_is_vti6 Jonatan Schlag
2018-03-04 18:24 ` [PATCH 3/5] device: add new function device_tunnel_get_type() Jonatan Schlag
@ 2018-03-04 18:24 ` Jonatan Schlag
2018-03-04 18:24 ` [PATCH 5/5] ip-tunnel: choose the correct type based on the ip protocol Jonatan Schlag
3 siblings, 0 replies; 5+ messages in thread
From: Jonatan Schlag @ 2018-03-04 18:24 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1421 bytes --]
We cannot mix ipv6 and ipv4 and we also need to detect the IP protocol
version to decide which mode we have to use.
This is done in a seperated commit.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.ip-tunnel | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
index 550b0b3..0a0c210 100644
--- a/src/functions/functions.ip-tunnel
+++ b/src/functions/functions.ip-tunnel
@@ -98,6 +98,24 @@ ip_tunnel_add() {
return ${EXIT_ERROR}
fi
+ # Detect the IP protocol, which is important to decide which mode we have to use
+ local remote_address_protocol="$(ip_detect_protocol "${remote_address}")"
+
+ # If we could not detect the IP protocol something with
+ # ${remote_address} is wrong
+ if ! isset remote_address_protocol; then
+ log ERROR "Could not determine remote address IP protocol"
+ return ${EXIT_ERROR}
+ fi
+
+ # We cannot mix IPv6 and IPv4
+ if [[ "${remote_address_protocol}" != \
+ "$(ip_detect_protocol "${local_address}")" ]] ; then
+ log ERROR "Local and remote address\
+ are not from the same IP protocol"
+ return ${EXIT_ERROR}
+ fi
+
# ikey and okey must be set for VTI devices
if [ "${mode}" = "vti" ] && (! isset ikey || ! isset okey); then
error "--ikey= and --okey= must be set for VTI device"
--
2.6.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 5/5] ip-tunnel: choose the correct type based on the ip protocol
2018-03-04 18:24 [PATCH 1/5] ip-tunnel: add new function Jonatan Schlag
` (2 preceding siblings ...)
2018-03-04 18:24 ` [PATCH 4/5] ip-tunnel: Improve checks Jonatan Schlag
@ 2018-03-04 18:24 ` Jonatan Schlag
3 siblings, 0 replies; 5+ messages in thread
From: Jonatan Schlag @ 2018-03-04 18:24 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1516 bytes --]
IPv4 and IPv6 need different types for iproute2.
So in the _add function we have to determine the mode
based on the IP protocol of the ${remote_address}.
When we change ikey and okey we have to dertermine the mode the device
have currently.
Fixes: #11431
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.ip-tunnel | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
index 0a0c210..3baf280 100644
--- a/src/functions/functions.ip-tunnel
+++ b/src/functions/functions.ip-tunnel
@@ -150,6 +150,9 @@ ip_tunnel_add() {
cmd_args="${cmd_args} ikey ${ikey} okey ${okey}"
fi
+ # Determine the mode based on the IP protocol
+ mode=$(ip_tunnel_convert_mode_to_iproute2_mode "${mode}" "${remote_address_protocol}")
+
log DEBUG "Creating tunnel device '${device}' (mode=${mode})..."
# Create the device.
@@ -208,8 +211,16 @@ ip_tunnel_change_keys() {
return ${EXIT_ERROR}
fi
+ # Determine the device type
+ local type="$(device_tunnel_get_type ${device})"
+
+ if ! isoneof "type" vti vti6; then
+ log ERROR "Device type '${type}' is invalid"
+ return ${EXIT_ERROR}
+ fi
+
if ! cmd ip link change dev "${device}" \
- type vti ikey "${ikey}" okey "${okey}"; then
+ type "${type}" ikey "${ikey}" okey "${okey}"; then
log ERROR "Could not change keys of device ${device}"
return ${EXIT_ERROR}
fi
--
2.6.3
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-03-04 18:24 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-03-04 18:24 [PATCH 1/5] ip-tunnel: add new function Jonatan Schlag
2018-03-04 18:24 ` [PATCH 2/5] device: add new function device_is_vti6 Jonatan Schlag
2018-03-04 18:24 ` [PATCH 3/5] device: add new function device_tunnel_get_type() Jonatan Schlag
2018-03-04 18:24 ` [PATCH 4/5] ip-tunnel: Improve checks Jonatan Schlag
2018-03-04 18:24 ` [PATCH 5/5] ip-tunnel: choose the correct type based on the ip protocol Jonatan Schlag
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox