From: Shmulik Ladkani <shmulik.ladk...@gmail.com> IP6_TNL_F_ALLOW_LOCAL_REMOTE allows tunnel traffic on ip6tnl devices where the remote endpoint is a local host address.
Specifying "[no]allow-localremote" controls the IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on ip6tnl interfaces. This is the user-space counterpart for kernel commit 908d140a87a7 ("ip6_tunnel: Allow rcv/xmit even if remote address is a local address") Signed-off-by: Shmulik Ladkani <shmulik.ladk...@gmail.com> --- ip/ip6tunnel.c | 8 ++++++++ ip/link_ip6tnl.c | 11 +++++++++++ man/man8/ip-tunnel.8 | 7 +++++++ 3 files changed, 26 insertions(+) diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c index bc44bef7..4563e1e0 100644 --- a/ip/ip6tunnel.c +++ b/ip/ip6tunnel.c @@ -52,6 +52,7 @@ static void usage(void) fprintf(stderr, " [ encaplimit ELIM ]\n"); fprintf(stderr, " [ hoplimit TTL ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n"); fprintf(stderr, " [ dscp inherit ]\n"); + fprintf(stderr, " [ [no]allow-localremote ]\n"); fprintf(stderr, " [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]\n"); fprintf(stderr, "\n"); fprintf(stderr, "Where: NAME := STRING\n"); @@ -111,6 +112,9 @@ static void print_tunnel(struct ip6_tnl_parm2 *p) if (p->flags & IP6_TNL_F_RCV_DSCP_COPY) printf(" dscp inherit"); + if (p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) + printf(" allow-localremote"); + if ((p->i_flags & GRE_KEY) && (p->o_flags & GRE_KEY) && p->o_key == p->i_key) printf(" key %u", ntohl(p->i_key)); @@ -239,6 +243,10 @@ static int parse_args(int argc, char **argv, int cmd, struct ip6_tnl_parm2 *p) if (strcmp(*argv, "inherit") != 0) invarg("not inherit", *argv); p->flags |= IP6_TNL_F_RCV_DSCP_COPY; + } else if (strcmp(*argv, "allow-localremote") == 0) { + p->flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE; + } else if (strcmp(*argv, "noallow-localremote") == 0) { + p->flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE; } else if (strcmp(*argv, "key") == 0) { NEXT_ARG(); p->i_flags |= GRE_KEY; diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c index 2f8c3f34..43287ab3 100644 --- a/ip/link_ip6tnl.c +++ b/ip/link_ip6tnl.c @@ -42,6 +42,7 @@ static void print_usage(FILE *f) " [ flowlabel FLOWLABEL ]\n" " [ dscp inherit ]\n" " [ fwmark MARK ]\n" + " [ [no]allow-localremote ]\n" " [ noencap ]\n" " [ encap { fou | gue | none } ]\n" " [ encap-sport PORT ]\n" @@ -268,6 +269,10 @@ get_failed: invarg("invalid fwmark\n", *argv); flags &= ~IP6_TNL_F_USE_ORIG_FWMARK; } + } else if (strcmp(*argv, "allow-localremote") == 0) { + flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE; + } else if (strcmp(*argv, "noallow-localremote") == 0) { + flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE; } else if (strcmp(*argv, "noencap") == 0) { encaptype = TUNNEL_ENCAP_NONE; } else if (strcmp(*argv, "encap") == 0) { @@ -472,6 +477,12 @@ static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb } } + if (flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) + print_bool(PRINT_ANY, + "ip6_tnl_f_allow_local_remote", + "allow-localremote ", + true); + if (tb[IFLA_IPTUN_ENCAP_TYPE] && rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) { __u16 type = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]); diff --git a/man/man8/ip-tunnel.8 b/man/man8/ip-tunnel.8 index 7ddbffb2..9040ddda 100644 --- a/man/man8/ip-tunnel.8 +++ b/man/man8/ip-tunnel.8 @@ -50,6 +50,8 @@ ip-tunnel - tunnel configuration .br .RB "[ [" no "]" pmtudisc " ]" .RB "[ [" no "]" ignore-df " ]" +.RB "[ [" no "]" allow-localremote " ]" +.br .RB "[ " dev .IR PHYS_DEV " ]" @@ -241,6 +243,11 @@ set a fixed encapsulation limit. Default is 4. .BI flowlabel " FLOWLABEL" .RB ( " only IPv6 tunnels " ) set a fixed flowlabel. + +.TP +.BI allow-localremote +.RB ( " only IPv6 tunnels " ) +allow remote endpoint on the local host. .RE .TP -- 2.14.2