mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
networkd: Tunnel allows tunnel traffic on ip6tnl devices (#7756)
where the remote endpoint is a local host address.
This commit is contained in:
parent
323d9329e7
commit
3a4f3e423d
@ -889,6 +889,14 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>AllowLocalRemote=</varname></term>
|
||||
<listitem>
|
||||
<para>A boolean. When true allows tunnel traffic on <varname>ip6tnl</varname> devices where the remote endpoint is a local host address.
|
||||
Defaults to unset.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
<refsect1>
|
||||
|
@ -63,6 +63,7 @@ Tunnel.IPv6FlowLabel, config_parse_ipv6_flowlabel, 0,
|
||||
Tunnel.CopyDSCP, config_parse_bool, 0, offsetof(Tunnel, copy_dscp)
|
||||
Tunnel.EncapsulationLimit, config_parse_encap_limit, 0, offsetof(Tunnel, encap_limit)
|
||||
Tunnel.Independent, config_parse_bool, 0, offsetof(Tunnel, independent)
|
||||
Tunnel.AllowLocalRemote, config_parse_tristate, 0, offsetof(Tunnel, allow_localremote)
|
||||
Peer.Name, config_parse_ifname, 0, offsetof(Veth, ifname_peer)
|
||||
Peer.MACAddress, config_parse_hwaddr, 0, offsetof(Veth, mac_peer)
|
||||
VXCAN.Peer, config_parse_ifname, 0, offsetof(VxCan, ifname_peer)
|
||||
|
@ -37,6 +37,7 @@
|
||||
|
||||
#define DEFAULT_TNL_HOP_LIMIT 64
|
||||
#define IP6_FLOWINFO_FLOWLABEL htobe32(0x000FFFFF)
|
||||
#define IP6_TNL_F_ALLOW_LOCAL_REMOTE 0x40
|
||||
|
||||
static const char* const ip6tnl_mode_table[_NETDEV_IP6_TNL_MODE_MAX] = {
|
||||
[NETDEV_IP6_TNL_MODE_IP6IP6] = "ip6ip6",
|
||||
@ -336,6 +337,9 @@ static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netl
|
||||
if (t->copy_dscp)
|
||||
t->flags |= IP6_TNL_F_RCV_DSCP_COPY;
|
||||
|
||||
if (t->allow_localremote != -1)
|
||||
SET_FLAG(t->flags, IP6_TNL_F_ALLOW_LOCAL_REMOTE, t->allow_localremote);
|
||||
|
||||
if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) {
|
||||
r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit);
|
||||
if (r < 0)
|
||||
@ -682,6 +686,7 @@ static void ip6tnl_init(NetDev *n) {
|
||||
t->encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
|
||||
t->ip6tnl_mode = _NETDEV_IP6_TNL_MODE_INVALID;
|
||||
t->ipv6_flowlabel = _NETDEV_IPV6_FLOWLABEL_INVALID;
|
||||
t->allow_localremote = -1;
|
||||
}
|
||||
|
||||
const NetDevVTable ipip_vtable = {
|
||||
|
@ -45,6 +45,7 @@ typedef struct Tunnel {
|
||||
|
||||
int family;
|
||||
int ipv6_flowlabel;
|
||||
int allow_localremote;
|
||||
|
||||
unsigned ttl;
|
||||
unsigned tos;
|
||||
|
Loading…
Reference in New Issue
Block a user