Merge pull request #1066 from ssahani/tunnel

networkd: add support for tunnel encap limit

4 files changed, 65 insertions, 0 deletions

diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index 2680627a78..05bbad7f65 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -535,6 +535,19 @@
         </listitem>
       </varlistentry>
       <varlistentry>
+        <term><varname>EncapsulationLimit=</varname></term>
+        <listitem>
+          <para>The Tunnel Encapsulation Limit option specifies how many additional
+          levels of encapsulation are permitted to be prepended to the packet.
+          For example, a Tunnel Encapsulation Limit option containing a limit
+          value of zero means that a packet carrying that option may not enter
+          another tunnel before exiting the current tunnel.
+          (see <ulink url="https://tools.ietf.org/html/rfc2473#section-4.1.1"> RFC 2473</ulink>).
+          The valid range is 0-255 and <literal>none</literal>. Defaults to 4.
+        </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
         <term><varname>Mode=</varname></term>
         <listitem>
           <para>An <literal>ip6tnl</literal> tunnels can have three
diff --git a/src/network/networkd-netdev-gperf.gperf b/src/network/networkd-netdev-gperf.gperf
index 9469160eba..e0bd0e024a 100644
--- a/src/network/networkd-netdev-gperf.gperf
+++ b/src/network/networkd-netdev-gperf.gperf
@@ -39,6 +39,7 @@ Tunnel.DiscoverPathMTU,      config_parse_bool,                  0,
 Tunnel.Mode,                 config_parse_ip6tnl_mode,           0,                             offsetof(Tunnel, ip6tnl_mode)
 Tunnel.IPv6FlowLabel,        config_parse_ipv6_flowlabel,        0,                             offsetof(Tunnel, ipv6_flowlabel)
 Tunnel.CopyDSCP,             config_parse_bool,                  0,                             offsetof(Tunnel, copy_dscp)
+Tunnel.EncapsulationLimit,   config_parse_encap_limit,           0,                             offsetof(Tunnel, encap_limit)
 Peer.Name,                   config_parse_ifname,                0,                             offsetof(Veth, ifname_peer)
 Peer.MACAddress,             config_parse_hwaddr,                0,                             offsetof(Veth, mac_peer)
 VXLAN.Id,                    config_parse_uint64,                0,                             offsetof(VxLan, id)
diff --git a/src/network/networkd-netdev-tunnel.c b/src/network/networkd-netdev-tunnel.c
index 265e67b7e3..a906e473b6 100644
--- a/src/network/networkd-netdev-tunnel.c
+++ b/src/network/networkd-netdev-tunnel.c
@@ -284,6 +284,12 @@ static int netdev_ip6tnl_fill_message_create(NetDev *netdev, Link *link, sd_netl
         if (t->copy_dscp)
                 t->flags |= IP6_TNL_F_RCV_DSCP_COPY;
 
+        if (t->encap_limit != IPV6_DEFAULT_TNL_ENCAP_LIMIT) {
+                r = sd_netlink_message_append_u8(m, IFLA_IPTUN_ENCAP_LIMIT, t->encap_limit);
+                if (r < 0)
+                        return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_ENCAP_LIMIT attribute: %m");
+        }
+
         r = sd_netlink_message_append_u32(m, IFLA_IPTUN_FLAGS, t->flags);
         if (r < 0)
                 return log_netdev_error_errno(netdev, r, "Could not append IFLA_IPTUN_FLAGS attribute: %m");
@@ -442,6 +448,45 @@ int config_parse_ipv6_flowlabel(const char* unit,
         return 0;
 }
 
+int config_parse_encap_limit(const char* unit,
+                             const char *filename,
+                             unsigned line,
+                             const char *section,
+                             unsigned section_line,
+                             const char *lvalue,
+                              int ltype,
+                             const char *rvalue,
+                             void *data,
+                             void *userdata) {
+        Tunnel *t = userdata;
+        int k = 0;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+
+        if (streq(rvalue, "none"))
+                t->flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
+        else {
+                r = safe_atoi(rvalue, &k);
+                if (r < 0) {
+                        log_syntax(unit, LOG_ERR, filename, line, r,
+                                   "Failed to parse Tunnel Encapsulation Limit option, ignoring: %s", rvalue);
+                        return 0;
+                }
+
+                if (k > 255 || k < 0)
+                        log_syntax(unit, LOG_ERR, filename, line, k, "Invalid Tunnel Encapsulation value, ignoring: %d", k);
+                else {
+                        t->encap_limit = k;
+                        t->flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
+                }
+        }
+
+        return 0;
+}
+
 static void ipip_init(NetDev *n) {
         Tunnel *t = IPIP(n);
 
diff --git a/src/network/networkd-netdev-tunnel.h b/src/network/networkd-netdev-tunnel.h
index e4fa74aef4..fa7decce18 100644
--- a/src/network/networkd-netdev-tunnel.h
+++ b/src/network/networkd-netdev-tunnel.h
@@ -95,3 +95,9 @@ int config_parse_ipv6_flowlabel(const char *unit, const char *filename,
                                 unsigned section_line, const char *lvalue,
                                 int ltype, const char *rvalue, void *data,
                                 void *userdata);
+
+int config_parse_encap_limit(const char *unit, const char *filename,
+                             unsigned line, const char *section,
+                             unsigned section_line, const char *lvalue,
+                             int ltype, const char *rvalue, void *data,
+                             void *userdata);