picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #12147 from yuwata/network-gre-key-12144 

network: make GRE and GRETAP support Key= or friends
This commit is contained in:
Yu Watanabe 2019-03-31 22:12:34 +09:00 committed by GitHub
parent d923021aeb 6730a1f343
commit b07b19dff8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 92 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
man/systemd.netdev.xml
View File

@ -957,22 +957,24 @@
It is used as mark-configured SAD/SPD entry as part of the lookup key (both in data
and control path) in ip xfrm (framework used to implement IPsec protocol).
See <ulink url="http://man7.org/linux/man-pages/man8/ip-xfrm.8.html">
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6
tunnels.</para>
ip-xfrm — transform configuration</ulink> for details. It is only used for VTI/VTI6,
GRE, GRETAP, and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>InputKey=</varname></term>
<listitem>
<para>The <varname>InputKey=</varname> parameter specifies the key to use for input.
The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6, GRE, GRETAP,
and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><varname>OutputKey=</varname></term>
<listitem>
<para>The <varname>OutputKey=</varname> parameter specifies the key to use for output.
The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6 tunnels.</para>
The format is same as <varname>Key=</varname>. It is only used for VTI/VTI6, GRE, GRETAP,
and ERSPAN tunnels.</para>
</listitem>
</varlistentry>
<varlistentry>
@ -1048,8 +1050,8 @@
<varlistentry>
<term><varname>SerializeTunneledPackets=</varname></term>
<listitem>
<para>Takes a boolean. If set to yes, then packets are serialized. Only applies for ERSPAN tunnel.
When unset, the kernel's default will be used.
<para>Takes a boolean. If set to yes, then packets are serialized. Only applies for GRE,
GRETAP, and ERSPAN tunnels. When unset, the kernel's default will be used.
</para>
</listitem>
</varlistentry>

2
src/network/netdev/netdev-gperf.gperf
View File

@ -73,7 +73,7 @@ Tunnel.FOUSourcePort, config_parse_ip_port, 0,
Tunnel.Encapsulation, config_parse_fou_encap_type, 0, offsetof(Tunnel, fou_encap_type)
Tunnel.IPv6RapidDeploymentPrefix, config_parse_6rd_prefix, 0, 0
Tunnel.ERSPANIndex, config_parse_uint32, 0, offsetof(Tunnel, erspan_index)
Tunnel.SerializeTunneledPackets, config_parse_tristate, 0, offsetof(Tunnel, erspan_sequence)
Tunnel.SerializeTunneledPackets, config_parse_tristate, 0, offsetof(Tunnel, gre_erspan_sequence)
Tunnel.ISATAP, config_parse_tristate, 0, offsetof(Tunnel, isatap)
FooOverUDP.Protocol, config_parse_uint8, 0, offsetof(FouTunnel, fou_protocol)
FooOverUDP.Encapsulation, config_parse_fou_encap_type, 0, offsetof(FouTunnel, fou_encap_type)

3
src/network/netdev/netdev.c
View File

@ -779,6 +779,9 @@ int netdev_load_one(Manager *manager, const char *filename) {
case NETDEV_KIND_IP6TNL:
independent = IP6TNL(netdev)->independent;
break;
case NETDEV_KIND_ERSPAN:
independent = ERSPAN(netdev)->independent;
break;
default:
break;
}

148
src/network/netdev/tunnel.c
View File

@ -114,51 +114,7 @@ static int netdev_ipip_sit_fill_message_create(NetDev *netdev, Link *link, sd_ne
return r;
}
static int netdev_gre_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
Tunnel *t;
int r;
assert(netdev);
if (netdev->kind == NETDEV_KIND_GRE)
t = GRE(netdev);
else
t = GRETAP(netdev);
assert(t);
assert(t->family == AF_INET);
assert(m);
if (link) {
r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m");
}
r = sd_netlink_message_append_in_addr(m, IFLA_GRE_LOCAL, &t->local.in);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
r = sd_netlink_message_append_in_addr(m, IFLA_GRE_REMOTE, &t->remote.in);
if (r < 0)
log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GRE_TOS, t->tos);
if (r < 0)
log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TOS attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GRE_PMTUDISC, t->pmtudisc);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_PMTUDISC attribute: %m");
return r;
}
static int netdev_erspan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
static int netdev_gre_erspan_fill_message_create(NetDev *netdev, Link *link, sd_netlink_message *m) {
uint32_t ikey = 0;
uint32_t okey = 0;
uint16_t iflags = 0;
@ -167,16 +123,56 @@ static int netdev_erspan_fill_message_create(NetDev *netdev, Link *link, sd_netl
int r;
assert(netdev);
assert(m);
t = ERSPAN(netdev);
switch (netdev->kind) {
case NETDEV_KIND_GRE:
t = GRE(netdev);
break;
case NETDEV_KIND_ERSPAN:
t = ERSPAN(netdev);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(netdev);
break;
default:
assert_not_reached("invalid netdev kind");
}
assert(t);
assert(t->family == AF_INET);
assert(m);
r = sd_netlink_message_append_u32(m, IFLA_GRE_ERSPAN_INDEX, t->erspan_index);
if (link) {
r = sd_netlink_message_append_u32(m, IFLA_GRE_LINK, link->ifindex);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LINK attribute: %m");
}
if (netdev->kind == NETDEV_KIND_ERSPAN) {
r = sd_netlink_message_append_u32(m, IFLA_GRE_ERSPAN_INDEX, t->erspan_index);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_ERSPAN_INDEX attribute: %m");
}
r = sd_netlink_message_append_in_addr(m, IFLA_GRE_LOCAL, &t->local.in);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_ERSPAN_INDEX attribute: %m");
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
r = sd_netlink_message_append_in_addr(m, IFLA_GRE_REMOTE, &t->remote.in);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GRE_TTL, t->ttl);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TTL attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GRE_TOS, t->tos);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_TOS attribute: %m");
r = sd_netlink_message_append_u8(m, IFLA_GRE_PMTUDISC, t->pmtudisc);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_PMTUDISC attribute: %m");
if (t->key != 0) {
ikey = okey = htobe32(t->key);
@ -194,10 +190,10 @@ static int netdev_erspan_fill_message_create(NetDev *netdev, Link *link, sd_netl
oflags |= GRE_KEY;
}
if (t->erspan_sequence > 0) {
if (t->gre_erspan_sequence > 0) {
iflags |= GRE_SEQ;
oflags |= GRE_SEQ;
} else if (t->erspan_sequence == 0) {
} else if (t->gre_erspan_sequence == 0) {
iflags &= ~GRE_SEQ;
oflags &= ~GRE_SEQ;
}
@ -218,14 +214,6 @@ static int netdev_erspan_fill_message_create(NetDev *netdev, Link *link, sd_netl
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_OFLAGS, attribute: %m");
r = sd_netlink_message_append_in_addr(m, IFLA_GRE_LOCAL, &t->local.in);
if (r < 0)
return log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_LOCAL attribute: %m");
r = sd_netlink_message_append_in_addr(m, IFLA_GRE_REMOTE, &t->remote.in);
if (r < 0)
log_netdev_error_errno(netdev, r, "Could not append IFLA_GRE_REMOTE attribute: %m");
return r;
}
@ -716,19 +704,29 @@ static void vti_init(NetDev *n) {
t->pmtudisc = true;
}
static void gre_init(NetDev *n) {
static void gre_erspan_init(NetDev *n) {
Tunnel *t;
assert(n);
if (n->kind == NETDEV_KIND_GRE)
switch (n->kind) {
case NETDEV_KIND_GRE:
t = GRE(n);
else
break;
case NETDEV_KIND_ERSPAN:
t = ERSPAN(n);
break;
case NETDEV_KIND_GRETAP:
t = GRETAP(n);
break;
default:
assert_not_reached("invalid netdev kind");
}
assert(t);
t->pmtudisc = true;
t->gre_erspan_sequence = -1;
}
static void ip6gre_init(NetDev *n) {
@ -746,18 +744,6 @@ static void ip6gre_init(NetDev *n) {
t->ttl = DEFAULT_TNL_HOP_LIMIT;
}
static void erspan_init(NetDev *n) {
Tunnel *t;
assert(n);
t = ERSPAN(n);
assert(t);
t->erspan_sequence = -1;
}
static void ip6tnl_init(NetDev *n) {
Tunnel *t = IP6TNL(n);
@ -809,18 +795,18 @@ const NetDevVTable vti6_vtable = {
const NetDevVTable gre_vtable = {
.object_size = sizeof(Tunnel),
.init = gre_init,
.init = gre_erspan_init,
.sections = "Match\0NetDev\0Tunnel\0",
.fill_message_create = netdev_gre_fill_message_create,
.fill_message_create = netdev_gre_erspan_fill_message_create,
.create_type = NETDEV_CREATE_STACKED,
.config_verify = netdev_tunnel_verify,
};
const NetDevVTable gretap_vtable = {
.object_size = sizeof(Tunnel),
.init = gre_init,
.init = gre_erspan_init,
.sections = "Match\0NetDev\0Tunnel\0",
.fill_message_create = netdev_gre_fill_message_create,
.fill_message_create = netdev_gre_erspan_fill_message_create,
.create_type = NETDEV_CREATE_STACKED,
.config_verify = netdev_tunnel_verify,
};
@ -854,9 +840,9 @@ const NetDevVTable ip6tnl_vtable = {
const NetDevVTable erspan_vtable = {
.object_size = sizeof(Tunnel),
.init = erspan_init,
.init = gre_erspan_init,
.sections = "Match\0NetDev\0Tunnel\0",
.fill_message_create = netdev_erspan_fill_message_create,
.create_type = NETDEV_CREATE_INDEPENDENT,
.fill_message_create = netdev_gre_erspan_fill_message_create,
.create_type = NETDEV_CREATE_STACKED,
.config_verify = netdev_tunnel_verify,
};

2
src/network/netdev/tunnel.h
View File

@ -29,7 +29,7 @@ typedef struct Tunnel {
int family;
int ipv6_flowlabel;
int allow_localremote;
int erspan_sequence;
int gre_erspan_sequence;
int isatap;
unsigned ttl;

3
src/network/networkd-network.c
View File

@ -104,7 +104,8 @@ static int network_resolve_netdev_one(Network *network, const char *name, NetDev
NETDEV_KIND_IP6GRETAP,
NETDEV_KIND_VTI,
NETDEV_KIND_VTI6,
NETDEV_KIND_IP6TNL)))
NETDEV_KIND_IP6TNL,
NETDEV_KIND_ERSPAN)))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"%s: NetDev %s is not a %s, ignoring assignment",
network->filename, name, kind_string);

1
test/test-network/conf/25-erspan-tunnel-local-any.netdev
View File

@ -3,7 +3,6 @@ Name=erspan98
Kind=erspan
[Tunnel]
Independent=true
ERSPANIndex=124
Local = any
Remote = 172.16.1.100

1
test/test-network/conf/25-erspan-tunnel.netdev
View File

@ -3,7 +3,6 @@ Name=erspan99
Kind=erspan
[Tunnel]
Independent=true
ERSPANIndex=123
Local = 172.16.1.200
Remote = 172.16.1.100

6
test/test-network/conf/erspan.network Normal file
View File

@ -0,0 +1,6 @@
[Match]
Name=dummy98
[Network]
Tunnel=erspan99
Tunnel=erspan98

5
test/test-network/systemd-networkd-tests.py
View File

@ -296,6 +296,7 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
'25-wireguard-private-key.txt',
'25-wireguard.netdev',
'6rd.network',
'erspan.network',
'gre.network',
'gretap.network',
'gretun.network',
@ -735,9 +736,11 @@ class NetworkdNetDevTests(unittest.TestCase, Utilities):
@expectedFailureIfERSPANModuleIsNotAvailable()
def test_erspan_tunnel(self):
self.copy_unit_to_networkd_unit_path('25-erspan-tunnel.netdev', '25-erspan-tunnel-local-any.netdev')
self.copy_unit_to_networkd_unit_path('12-dummy.netdev', 'erspan.network',
'25-erspan-tunnel.netdev', '25-erspan-tunnel-local-any.netdev')
self.start_networkd()
self.assertTrue(self.link_exits('dummy98'))
self.assertTrue(self.link_exits('erspan99'))
self.assertTrue(self.link_exits('erspan98'))