ip: link_ip6tnl.c/ip6tunnel.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag

IP6_TNL_F_ALLOW_LOCAL_REMOTE allows tunnel traffic on ip6tnl devices where the remote endpoint is a local host address. Specifying "[no]allow-localremote" controls the IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on ip6tnl interfaces. This is the user-space counterpart for kernel commit 908d140a87a7 ("ip6_tunnel: Allow rcv/xmit even if remote address is a local address") Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
2025-08-13 16:46:06 +00:00 · 2017-10-29 17:50:46 +02:00 · 2017-10-29 17:50:46 +02:00 · 21440d19d9
commit 21440d19d9
parent 8652eeb3ab
3 changed files with 26 additions and 0 deletions
--- a/ip/ip6tunnel.c
+++ b/ip/ip6tunnel.c
@ -52,6 +52,7 @@ static void usage(void)
 	fprintf(stderr, "          [ encaplimit ELIM ]\n");
 	fprintf(stderr, "          [ hoplimit TTL ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n");
 	fprintf(stderr, "          [ dscp inherit ]\n");
+	fprintf(stderr, "          [ [no]allow-localremote ]\n");
 	fprintf(stderr, "          [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]\n");
 	fprintf(stderr, "\n");
 	fprintf(stderr, "Where: NAME      := STRING\n");
@ -111,6 +112,9 @@ static void print_tunnel(struct ip6_tnl_parm2 *p)
 	if (p->flags & IP6_TNL_F_RCV_DSCP_COPY)
 		printf(" dscp inherit");

+	if (p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE)
+		printf(" allow-localremote");
+
 	if ((p->i_flags & GRE_KEY) && (p->o_flags & GRE_KEY) &&
 	    p->o_key == p->i_key)
 		printf(" key %u", ntohl(p->i_key));
@ -239,6 +243,10 @@ static int parse_args(int argc, char **argv, int cmd, struct ip6_tnl_parm2 *p)
 			if (strcmp(*argv, "inherit") != 0)
 				invarg("not inherit", *argv);
 			p->flags |= IP6_TNL_F_RCV_DSCP_COPY;
+		} else if (strcmp(*argv, "allow-localremote") == 0) {
+			p->flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE;
+		} else if (strcmp(*argv, "noallow-localremote") == 0) {
+			p->flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE;
 		} else if (strcmp(*argv, "key") == 0) {
 			NEXT_ARG();
 			p->i_flags |= GRE_KEY;
--- a/ip/link_ip6tnl.c
+++ b/ip/link_ip6tnl.c
@ -42,6 +42,7 @@ static void print_usage(FILE *f)
 		"                  [ flowlabel FLOWLABEL ]\n"
 		"                  [ dscp inherit ]\n"
 		"                  [ fwmark MARK ]\n"
+		"                  [ [no]allow-localremote ]\n"
 		"                  [ noencap ]\n"
 		"                  [ encap { fou | gue | none } ]\n"
 		"                  [ encap-sport PORT ]\n"
@ -268,6 +269,10 @@ get_failed:
 					invarg("invalid fwmark\n", *argv);
 				flags &= ~IP6_TNL_F_USE_ORIG_FWMARK;
 			}
+		} else if (strcmp(*argv, "allow-localremote") == 0) {
+			flags |= IP6_TNL_F_ALLOW_LOCAL_REMOTE;
+		} else if (strcmp(*argv, "noallow-localremote") == 0) {
+			flags &= ~IP6_TNL_F_ALLOW_LOCAL_REMOTE;
 		} else if (strcmp(*argv, "noencap") == 0) {
 			encaptype = TUNNEL_ENCAP_NONE;
 		} else if (strcmp(*argv, "encap") == 0) {
@ -472,6 +477,12 @@ static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb
 		}
 	}

+	if (flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE)
+		print_bool(PRINT_ANY,
+			   "ip6_tnl_f_allow_local_remote",
+			   "allow-localremote ",
+			   true);
+
 	if (tb[IFLA_IPTUN_ENCAP_TYPE] &&
 	    rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) {
 		__u16 type = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]);
--- a/man/man8/ip-tunnel.8
+++ b/man/man8/ip-tunnel.8
@ -50,6 +50,8 @@ ip-tunnel - tunnel configuration
 .br
 .RB "[ [" no "]" pmtudisc " ]"
 .RB "[ [" no "]" ignore-df " ]"
+.RB "[ [" no "]" allow-localremote " ]"
+.br
 .RB "[ " dev
 .IR PHYS_DEV " ]"

@ -241,6 +243,11 @@ set a fixed encapsulation limit. Default is 4.
 .BI flowlabel " FLOWLABEL"
 .RB ( " only IPv6 tunnels " )
 set a fixed flowlabel.
+
+.TP
+.BI allow-localremote
+.RB ( " only IPv6 tunnels " )
+allow remote endpoint on the local host.
 .RE

 .TP