Merge pull request #11021 from ssahani/isatap

networkd: Add support to configure ISATAP tunnel

man/systemd.netdev.xml

@@ -924,6 +924,13 @@
           applicable to SIT tunnels.</para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term><varname>ISATAP=</varname></term>
+        <listitem>
+          <para>Takes a boolean. If set, configures the tunnel as Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel.
+          Only applicable to SIT tunnels. When unset, the kernel's default will be used.</para>
+        </listitem>
+      </varlistentry>
       <varlistentry>
         <term><varname>SerializeTunneledPackets=</varname></term>
         <listitem>

src/network/netdev/netdev-gperf.gperf

@@ -73,6 +73,7 @@ Tunnel.Encapsulation,              config_parse_fou_encap_type,          0,
 Tunnel.IPv6RapidDeploymentPrefix,  config_parse_6rd_prefix,              0,                             0
 Tunnel.ERSPANIndex,                config_parse_uint32,                  0,                             offsetof(Tunnel, erspan_index)
 Tunnel.SerializeTunneledPackets,   config_parse_tristate,                0,                             offsetof(Tunnel, erspan_sequence)
+Tunnel.ISATAP,                     config_parse_tristate,                0,                             offsetof(Tunnel, isatap)
 FooOverUDP.Protocol,               config_parse_uint8,                   0,                             offsetof(FouTunnel, fou_protocol)
 FooOverUDP.Encapsulation,          config_parse_fou_encap_type,          0,                             offsetof(FouTunnel, fou_encap_type)
 FooOverUDP.Port,                   config_parse_ip_port,                 0,                             offsetof(FouTunnel, port)

src/network/netdev/tunnel.c

@@ -118,6 +118,7 @@ static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink
                 r = sd_netlink_message_append_in6_addr(m, IFLA_IPTUN_6RD_PREFIX, &t->sixrd_prefix);
                 if (r < 0)
                         return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_6RD_PREFIX attribute: %m");
+
                 /* u16 is deliberate here, even though we're passing a netmask that can never be >128. The kernel is
                  * expecting to receive the prefixlen as a u16.
                  */
@@ -126,6 +127,16 @@ static int netdev_sit_fill_message_create(NetDev *netdev, Link *link, sd_netlink
                         return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_6RD_PREFIXLEN attribute: %m");
         }
 
+        if (t->isatap >= 0) {
+                uint16_t flags = 0;
+
+                SET_FLAG(flags, SIT_ISATAP, t->isatap);
+
+                r = sd_netlink_message_append_u16(m, IFLA_IPTUN_FLAGS, flags);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
+        }
+
         return r;
 }
 
@@ -761,6 +772,7 @@ static void sit_init(NetDev *n) {
         assert(t);
 
         t->pmtudisc = true;
+        t->isatap = -1;
 }
 
 static void vti_init(NetDev *n) {

src/network/netdev/tunnel.h

@@ -30,6 +30,7 @@ typedef struct Tunnel {
         int ipv6_flowlabel;
         int allow_localremote;
         int erspan_sequence;
+        int isatap;
 
         unsigned ttl;
         unsigned tos;

test/fuzz/fuzz-netdev-parser/directives.netdev

@@ -76,6 +76,7 @@ FOUSourcePort=
 IPv6RapidDeploymentPrefix=
 ERSPANIndex=
 SerializeTunneledPackets=
+ISATAP=
 [VXLAN]
 UDP6ZeroChecksumRx=
 ARPProxy=

test/test-network/conf/25-isatap-tunnel.netdev

@@ -0,0 +1,8 @@
+[NetDev]
+Name=isataptun99
+Kind=sit
+
+[Tunnel]
+Local=10.65.223.238
+Remote=10.65.223.239
+ISATAP=true

test/test-network/conf/isatap.network

@@ -0,0 +1,5 @@
+[Match]
+Name=dummy98
+
+[Network]
+Tunnel=isataptun99

test/test-network/systemd-networkd-tests.py

@@ -166,7 +166,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
             'macvlan99', 'ipvlan99', 'vxlan99', 'veth99', 'vrf99', 'tun99',
             'tap99', 'vcan99', 'geneve99', 'dummy98', 'ipiptun99', 'sittun99', '6rdtun99',
             'gretap99', 'vtitun99', 'vti6tun99','ip6tnl99', 'gretun99', 'ip6gretap99',
-            'wg99', 'dropin-test', 'erspan-test']
+            'wg99', 'dropin-test', 'erspan-test', 'isataptun99']
 
     units = ['25-bridge.netdev', '25-bond.netdev', '21-vlan.netdev', '11-dummy.netdev', '21-vlan.network',
              '21-macvtap.netdev', 'macvtap.network', '21-macvlan.netdev', 'macvlan.network', 'vxlan.network',
@@ -176,7 +176,8 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
              '25-erspan-tunnel.netdev', '25-gre-tunnel.netdev', '25-gretap-tunnel.netdev', '25-vti-tunnel.netdev',
              '25-vti6-tunnel.netdev', '12-dummy.netdev', 'gre.network', 'ipip.network', 'ip6gretap.network',
              'gretun.network', 'ip6tnl.network', '25-tap.netdev', 'vti6.network', 'vti.network', 'gretap.network',
-             'sit.network', '25-ipip-tunnel-independent.netdev', '25-wireguard.netdev', '6rd.network', '10-dropin-test.netdev']
+             'sit.network', '25-ipip-tunnel-independent.netdev', '25-wireguard.netdev', '6rd.network', '10-dropin-test.netdev',
+             '25-isatap-tunnel.netdev', 'isatap.network']
 
     def setUp(self):
         self.link_remove(self.links)
@@ -389,6 +390,15 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
         self.assertTrue(self.link_exits('dummy98'))
         self.assertTrue(self.link_exits('sittun99'))
 
+    def test_isatap_tunnel(self):
+        self.copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-isatap-tunnel.netdev', 'isatap.network')
+        self.start_networkd()
+
+        self.assertTrue(self.link_exits('dummy98'))
+        self.assertTrue(self.link_exits('isataptun99'))
+        output = subprocess.check_output(['ip', '-d', 'link', 'show', 'isataptun99']).rstrip().decode('utf-8')
+        self.assertRegex(output, "isatap ")
+
     def test_6rd_tunnel(self):
         self.copy_unit_to_networkd_unit_path('12-dummy.netdev', '25-6rd-tunnel.netdev', '6rd.network')
         self.start_networkd()