From patchwork Mon Mar 5 05:24:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag X-Patchwork-Id: 1688 Return-Path: Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id 2825E6095C for ; Sun, 4 Mar 2018 19:26:41 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org X-Spam-Flag: NO X-Spam-Score: -1.099 X-Spam-Level: X-Spam-Status: No, score=-1.099 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id E3CFF111C4FE; Sun, 4 Mar 2018 18:26:39 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1520187999; x=1522779999; bh=8MY1uBT5iuwbhiOFc+xCBPCHscMt/bOnvBfiwXI/Yko=; h=From:To:Subject:Date:Message-Id:In-Reply-To:Sender:From:To:Cc: Date:Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=Tx/8lBrEL+7EY3ed35Ns7Ah12a5NB9zj9C3N7EHKkOV8wnFXx7gjL27s6PuFSBd6l qTveQFo6vddOpy9sGe+25Qkiq4HsLmnVgO7CKT9Fo4V+ji/5LCsHUXPrrDlgdBmFz+ bPevw+DGqDoOTgDE4s96pyqX8RhDS9rbpV2xVkTt/fSlYh+8pokFSLhIcBnpm5igDE w5qNRKBqm3d11D2M6OlvCdsBtRanzAIw6YYRpEy+ybJocXBT4fGPQOwaglv2xsBYrt MihiGGqsdb2kET6P3kWQNTCE5dyfM5Se/M/rZKx2hy2Z1y+w6NimO+QcvC/KAksxHV K5TRu0kFz5P5g== X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from localhost.localdomain (unknown [46.183.103.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id A3118108C3BF; Sun, 4 Mar 2018 18:26:37 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1520187998; x=1522779998; bh=8MY1uBT5iuwbhiOFc+xCBPCHscMt/bOnvBfiwXI/Yko=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:From:To:Cc:Date: Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=uOLCy3NtKLLMya1BXV7U9dkqDmDyLbnulA1j2vTYK/PXoRoD4U0MUdgSSYLGx3jZZ YWVKNtpsdSQSizfXq1c3DLQFJzA0X6DL8QRWP8tGLQypaVg0g/rGuarXP+erQYYtQ2 jsmam3Y1G0JKAQCsgDDVD+wmb03F6gkJvV0IiUyWvFzxwajH+oM+DzXyG2ewa/Kxhu sYeA88P7djJoLAgGLj8VadH5rSodo+P96HsdRVi30HFEcmPxxIC14H1POen99KEEl7 yofzCAbrhHHDW9S6kY4Jtxhvp3Ki5XJV654mQmZj0PFu/lnLF7fzZjE0AcyfGYBvuB iUrL9ZjNnN5jg== From: Jonatan Schlag To: network@lists.ipfire.org Subject: [PATCH 4/5] ip-tunnel: Improve checks Date: Sun, 4 Mar 2018 18:24:58 +0000 Message-Id: <1520187899-5759-4-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.6.3 In-Reply-To: <1520187899-5759-1-git-send-email-jonatan.schlag@ipfire.org> References: <1520187899-5759-1-git-send-email-jonatan.schlag@ipfire.org> X-BeenThere: network@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List for the network package List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: network-bounces@lists.ipfire.org Sender: "network" We cannot mix ipv6 and ipv4 and we also need to detect the IP protocol version to decide which mode we have to use. This is done in a seperated commit. Signed-off-by: Jonatan Schlag --- src/functions/functions.ip-tunnel | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel index 550b0b3..0a0c210 100644 --- a/src/functions/functions.ip-tunnel +++ b/src/functions/functions.ip-tunnel @@ -98,6 +98,24 @@ ip_tunnel_add() { return ${EXIT_ERROR} fi + # Detect the IP protocol, which is important to decide which mode we have to use + local remote_address_protocol="$(ip_detect_protocol "${remote_address}")" + + # If we could not detect the IP protocol something with + # ${remote_address} is wrong + if ! isset remote_address_protocol; then + log ERROR "Could not determine remote address IP protocol" + return ${EXIT_ERROR} + fi + + # We cannot mix IPv6 and IPv4 + if [[ "${remote_address_protocol}" != \ + "$(ip_detect_protocol "${local_address}")" ]] ; then + log ERROR "Local and remote address\ + are not from the same IP protocol" + return ${EXIT_ERROR} + fi + # ikey and okey must be set for VTI devices if [ "${mode}" = "vti" ] && (! isset ikey || ! isset okey); then error "--ikey= and --okey= must be set for VTI device"