From 48c93b3bba928b594a5e5dec6b51382fcff97701 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 13 May 2020 10:09:43 +0200 Subject: [PATCH 1/3] libnm-core: add _nm_ip_tunnel_mode_is_layer2() --- libnm-core/nm-core-internal.h | 5 +++++ libnm-core/nm-setting-ip-tunnel.c | 12 +++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/libnm-core/nm-core-internal.h b/libnm-core/nm-core-internal.h index 57f46f94b..00645a761 100644 --- a/libnm-core/nm-core-internal.h +++ b/libnm-core/nm-core-internal.h @@ -927,4 +927,9 @@ gboolean _nmtst_variant_attribute_spec_assert_sorted (const NMVariantAttributeSp const NMVariantAttributeSpec *_nm_variant_attribute_spec_find_binary_search (const NMVariantAttributeSpec *const*array, gsize len, const char *name); + +/*****************************************************************************/ + +gboolean _nm_ip_tunnel_mode_is_layer2 (NMIPTunnelMode mode); + #endif diff --git a/libnm-core/nm-setting-ip-tunnel.c b/libnm-core/nm-setting-ip-tunnel.c index f6690e8b5..5db2dde59 100644 --- a/libnm-core/nm-setting-ip-tunnel.c +++ b/libnm-core/nm-setting-ip-tunnel.c @@ -291,6 +291,14 @@ nm_setting_ip_tunnel_get_flags (NMSettingIPTunnel *setting) /*****************************************************************************/ +gboolean +_nm_ip_tunnel_mode_is_layer2 (NMIPTunnelMode mode) +{ + return NM_IN_SET (mode, + NM_IP_TUNNEL_MODE_GRETAP, + NM_IP_TUNNEL_MODE_IP6GRETAP); +} + static gboolean verify (NMSetting *setting, NMConnection *connection, GError **error) { @@ -444,9 +452,7 @@ verify (NMSetting *setting, NMConnection *connection, GError **error) } if ( nm_connection_get_setting_wired (connection) - && !NM_IN_SET (priv->mode, - NM_IP_TUNNEL_MODE_GRETAP, - NM_IP_TUNNEL_MODE_IP6GRETAP)) { + && !_nm_ip_tunnel_mode_is_layer2 (priv->mode)) { g_set_error (error, NM_CONNECTION_ERROR, NM_CONNECTION_ERROR_INVALID_PROPERTY, From 0494a84878e696baccbf3b1d16089b92cb7c7835 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Wed, 13 May 2020 10:10:13 +0200 Subject: [PATCH 2/3] ip-tunnel: set cloned-mac-address only for layer2 tunnel devices For ip-tunnel modes that encapsulate layer2 packets (gretap and ip6gretap) we allow the presence of an ethernet setting in the connection and honor the cloned-mac-address specified in it. For all other modes, the ethernet setting is removed during normalization, but a value different from 'preserve' could be set via global default. The kernel doesn't allow setting a MAC for layer3 devices, don't do it. --- src/devices/nm-device-ip-tunnel.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/src/devices/nm-device-ip-tunnel.c b/src/devices/nm-device-ip-tunnel.c index 0a33c82e9..fcee2d2ce 100644 --- a/src/devices/nm-device-ip-tunnel.c +++ b/src/devices/nm-device-ip-tunnel.c @@ -667,7 +667,8 @@ create_and_realize (NMDevice *device, mode = nm_setting_ip_tunnel_get_mode (s_ip_tunnel); - if ( nm_device_hw_addr_get_cloned (device, + if ( _nm_ip_tunnel_mode_is_layer2 (mode) + && nm_device_hw_addr_get_cloned (device, connection, FALSE, &hwaddr, @@ -686,13 +687,6 @@ create_and_realize (NMDevice *device, g_return_val_if_reached (FALSE); } - if (NM_IN_SET (mode, NM_IP_TUNNEL_MODE_GRE)) { - g_set_error (error, NM_DEVICE_ERROR, NM_DEVICE_ERROR_FAILED, - "Invalid hardware address '%s' for tunnel type", - hwaddr); - return FALSE; - } - mac_address_valid = TRUE; } @@ -929,6 +923,23 @@ can_reapply_change (NMDevice *device, error); } +static NMActStageReturn +act_stage1_prepare (NMDevice *device, NMDeviceStateReason *out_failure_reason) +{ + NMDeviceIPTunnel *self = NM_DEVICE_IP_TUNNEL (device); + NMDeviceIPTunnelPrivate *priv = NM_DEVICE_IP_TUNNEL_GET_PRIVATE (self); + + if ( _nm_ip_tunnel_mode_is_layer2 (priv->mode) + && !nm_device_hw_addr_set_cloned (device, + nm_device_get_applied_connection (device), + FALSE)) { + *out_failure_reason = NM_DEVICE_STATE_REASON_CONFIG_FAILED; + return NM_ACT_STAGE_RETURN_FAILURE; + } + + return NM_ACT_STAGE_RETURN_SUCCESS; +} + /*****************************************************************************/ static void @@ -1078,7 +1089,8 @@ nm_device_ip_tunnel_class_init (NMDeviceIPTunnelClass *klass) NM_LINK_TYPE_IPIP, NM_LINK_TYPE_SIT); - device_class->act_stage1_prepare_set_hwaddr_ethernet = TRUE; + + device_class->act_stage1_prepare = act_stage1_prepare; device_class->link_changed = link_changed; device_class->can_reapply_change = can_reapply_change; device_class->complete_connection = complete_connection; From fa4fbd3333989dc2f5abc865a95b5a39ca9dba09 Mon Sep 17 00:00:00 2001 From: Beniamino Galvani Date: Thu, 14 May 2020 11:35:47 +0200 Subject: [PATCH 3/3] ip-tunnel: set ip6gretap MAC address when creating the link --- src/devices/nm-device-ip-tunnel.c | 5 ++++- src/platform/nm-platform.h | 4 +++- src/platform/tests/test-common.c | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/devices/nm-device-ip-tunnel.c b/src/devices/nm-device-ip-tunnel.c index fcee2d2ce..2c9a60503 100644 --- a/src/devices/nm-device-ip-tunnel.c +++ b/src/devices/nm-device-ip-tunnel.c @@ -843,7 +843,10 @@ create_and_realize (NMDevice *device, lnk_ip6tnl.is_tap = (mode == NM_IP_TUNNEL_MODE_IP6GRETAP); r = nm_platform_link_ip6gre_add (nm_device_get_platform (device), - iface, &lnk_ip6tnl, out_plink); + iface, + mac_address_valid ? mac_address : NULL, + mac_address_valid ? ETH_ALEN : 0, + &lnk_ip6tnl, out_plink); } else { lnk_ip6tnl.proto = nm_setting_ip_tunnel_get_mode (s_ip_tunnel) == NM_IP_TUNNEL_MODE_IPIP6 ? IPPROTO_IPIP diff --git a/src/platform/nm-platform.h b/src/platform/nm-platform.h index 931ab1639..260b5356f 100644 --- a/src/platform/nm-platform.h +++ b/src/platform/nm-platform.h @@ -1511,13 +1511,15 @@ nm_platform_link_ip6tnl_add (NMPlatform *self, static inline int nm_platform_link_ip6gre_add (NMPlatform *self, const char *name, + const void *address, + size_t address_len, const NMPlatformLnkIp6Tnl *props, const NMPlatformLink **out_link) { g_return_val_if_fail (props, -NME_BUG); g_return_val_if_fail (props->is_gre, -NME_BUG); - return nm_platform_link_add (self, props->is_tap ? NM_LINK_TYPE_IP6GRETAP : NM_LINK_TYPE_IP6GRE, name, 0, NULL, 0, props, out_link); + return nm_platform_link_add (self, props->is_tap ? NM_LINK_TYPE_IP6GRETAP : NM_LINK_TYPE_IP6GRE, name, 0, address, address_len, props, out_link); } static inline int diff --git a/src/platform/tests/test-common.c b/src/platform/tests/test-common.c index f393ae933..f28dfa3a7 100644 --- a/src/platform/tests/test-common.c +++ b/src/platform/tests/test-common.c @@ -1380,7 +1380,7 @@ nmtstp_link_ip6gre_add (NMPlatform *platform, 100); } } else - success = NMTST_NM_ERR_SUCCESS (nm_platform_link_ip6gre_add (platform, name, lnk, &pllink)); + success = NMTST_NM_ERR_SUCCESS (nm_platform_link_ip6gre_add (platform, name, NULL, 0, lnk, &pllink)); _assert_pllink (platform, success, pllink, name, lnk->is_tap ? NM_LINK_TYPE_IP6GRETAP : NM_LINK_TYPE_IP6GRE);