diff --git a/src/core/platform/tests/test-common.c b/src/core/platform/tests/test-common.c
index 571fedfee5..c32bff4511 100644
--- a/src/core/platform/tests/test-common.c
+++ b/src/core/platform/tests/test-common.c
@@ -2520,7 +2520,9 @@ nmtstp_link_ip6gre_add(NMPlatform *platform,
gboolean success;
char b1[NM_INET_ADDRSTRLEN];
char b2[NM_INET_ADDRSTRLEN];
+ char encap[20];
char tclass[20];
+ gboolean encap_ignore;
gboolean tclass_inherit;
g_assert(nm_utils_ifname_valid_kernel(name, NULL));
@@ -2538,9 +2540,11 @@ nmtstp_link_ip6gre_add(NMPlatform *platform,
g_strdup_printf("dev %s", nm_platform_link_get_name(platform, lnk->parent_ifindex));
tclass_inherit = NM_FLAGS_HAS(lnk->flags, IP6_TNL_F_USE_ORIG_TCLASS);
+ encap_ignore = NM_FLAGS_HAS(lnk->flags, IP6_TNL_F_IGN_ENCAP_LIMIT);
success = !nmtstp_run_command(
- "ip link add %s type %s%s%s local %s remote %s ttl %u tclass %s flowlabel %x",
+ "ip link add %s type %s%s%s local %s remote %s ttl %u tclass %s encaplimit %s "
+ "flowlabel %x",
name,
lnk->is_tap ? "ip6gretap" : "ip6gre",
NM_PRINT_FMT_QUOTED2(dev, " ", dev, ""),
@@ -2548,6 +2552,7 @@ nmtstp_link_ip6gre_add(NMPlatform *platform,
nm_inet6_ntop(&lnk->remote, b2),
lnk->ttl,
tclass_inherit ? "inherit" : nm_sprintf_buf(tclass, "%02x", lnk->tclass),
+ encap_ignore ? "none" : nm_sprintf_buf(encap, "%u", lnk->encap_limit),
lnk->flow_label);
if (success) {
pllink = nmtstp_assert_wait_for_link(platform,
diff --git a/src/core/platform/tests/test-link.c b/src/core/platform/tests/test-link.c
index cc1ec6d1d4..8335aef1d4 100644
--- a/src/core/platform/tests/test-link.c
+++ b/src/core/platform/tests/test-link.c
@@ -1439,12 +1439,25 @@ test_software_detect(gconstpointer user_data)
module_loaded = nmtstp_ensure_module("ip6_gre");
- lnk_ip6tnl.local = nmtst_inet6_from_string("fd01::42");
- lnk_ip6tnl.remote = nmtst_inet6_from_string("fd01::aaaa");
- lnk_ip6tnl.parent_ifindex = ifindex_parent;
- lnk_ip6tnl.tclass = 21;
- lnk_ip6tnl.flow_label = 1338;
- lnk_ip6tnl.is_gre = TRUE;
+ switch (test_data->test_mode) {
+ case 0:
+ lnk_ip6tnl.local = nmtst_inet6_from_string("fd01::43");
+ lnk_ip6tnl.remote = nmtst_inet6_from_string("fd01::aaaa");
+ lnk_ip6tnl.parent_ifindex = ifindex_parent;
+ lnk_ip6tnl.tclass = 21;
+ lnk_ip6tnl.flow_label = 1338;
+ lnk_ip6tnl.is_gre = TRUE;
+ break;
+ case 1:
+ lnk_ip6tnl.local = nmtst_inet6_from_string("fd01::44");
+ lnk_ip6tnl.remote = nmtst_inet6_from_string("fd01::aaab");
+ lnk_ip6tnl.parent_ifindex = ifindex_parent;
+ lnk_ip6tnl.tclass = 0;
+ lnk_ip6tnl.flow_label = 1339;
+ lnk_ip6tnl.is_gre = TRUE;
+ lnk_ip6tnl.flags = IP6_TNL_F_IGN_ENCAP_LIMIT | IP6_TNL_F_USE_ORIG_TCLASS;
+ break;
+ }
if (!nmtstp_link_ip6gre_add(NULL, ext, DEVICE_NAME, &lnk_ip6tnl)) {
if (!module_loaded) {
@@ -1463,14 +1476,29 @@ test_software_detect(gconstpointer user_data)
module_loaded = nmtstp_ensure_module("ip6_gre");
- lnk_ip6tnl.local = nmtst_inet6_from_string("fe80::abcd");
- lnk_ip6tnl.remote = nmtst_inet6_from_string("fc01::bbbb");
- lnk_ip6tnl.parent_ifindex = ifindex_parent;
- lnk_ip6tnl.ttl = 10;
- lnk_ip6tnl.tclass = 22;
- lnk_ip6tnl.flow_label = 1339;
- lnk_ip6tnl.is_gre = TRUE;
- lnk_ip6tnl.is_tap = TRUE;
+ switch (test_data->test_mode) {
+ case 0:
+ lnk_ip6tnl.local = nmtst_inet6_from_string("fe80::abcd");
+ lnk_ip6tnl.remote = nmtst_inet6_from_string("fc01::bbbb");
+ lnk_ip6tnl.parent_ifindex = ifindex_parent;
+ lnk_ip6tnl.ttl = 10;
+ lnk_ip6tnl.tclass = 23;
+ lnk_ip6tnl.flow_label = 1340;
+ lnk_ip6tnl.is_gre = TRUE;
+ lnk_ip6tnl.is_tap = TRUE;
+ break;
+ case 1:
+ lnk_ip6tnl.local = nmtst_inet6_from_string("fe80::abce");
+ lnk_ip6tnl.remote = nmtst_inet6_from_string("fc01::bbbc");
+ lnk_ip6tnl.parent_ifindex = ifindex_parent;
+ lnk_ip6tnl.ttl = 10;
+ lnk_ip6tnl.tclass = 0;
+ lnk_ip6tnl.flow_label = 1341;
+ lnk_ip6tnl.is_gre = TRUE;
+ lnk_ip6tnl.is_tap = TRUE;
+ lnk_ip6tnl.flags = IP6_TNL_F_IGN_ENCAP_LIMIT | IP6_TNL_F_USE_ORIG_TCLASS;
+ break;
+ }
if (!nmtstp_link_ip6gre_add(NULL, ext, DEVICE_NAME, &lnk_ip6tnl)) {
if (!module_loaded) {
@@ -1851,29 +1879,65 @@ test_software_detect(gconstpointer user_data)
{
const NMPlatformLnkIp6Tnl *plnk = &lnk->lnk_ip6tnl;
- g_assert(plnk == nm_platform_link_get_lnk_ip6gre(NM_PLATFORM_GET, ifindex, NULL));
- g_assert_cmpint(plnk->parent_ifindex, ==, ifindex_parent);
- nmtst_assert_ip6_address(&plnk->local, "fd01::42");
- nmtst_assert_ip6_address(&plnk->remote, "fd01::aaaa");
- g_assert_cmpint(plnk->tclass, ==, 21);
- g_assert_cmpint(plnk->flow_label, ==, 1338);
- g_assert_cmpint(plnk->is_gre, ==, TRUE);
- g_assert_cmpint(plnk->is_tap, ==, FALSE);
+ switch (test_data->test_mode) {
+ case 0:
+ g_assert(plnk == nm_platform_link_get_lnk_ip6gre(NM_PLATFORM_GET, ifindex, NULL));
+ g_assert_cmpint(plnk->parent_ifindex, ==, ifindex_parent);
+ nmtst_assert_ip6_address(&plnk->local, "fd01::43");
+ nmtst_assert_ip6_address(&plnk->remote, "fd01::aaaa");
+ g_assert_cmpint(plnk->tclass, ==, 21);
+ g_assert_cmpint(plnk->flow_label, ==, 1338);
+ g_assert_cmpint(plnk->is_gre, ==, TRUE);
+ g_assert_cmpint(plnk->is_tap, ==, FALSE);
+ break;
+ case 1:
+ g_assert(plnk == nm_platform_link_get_lnk_ip6gre(NM_PLATFORM_GET, ifindex, NULL));
+ g_assert_cmpint(plnk->parent_ifindex, ==, ifindex_parent);
+ nmtst_assert_ip6_address(&plnk->local, "fd01::44");
+ nmtst_assert_ip6_address(&plnk->remote, "fd01::aaab");
+ g_assert_cmpint(plnk->flow_label, ==, 1339);
+ g_assert_cmpint(plnk->is_gre, ==, TRUE);
+ g_assert_cmpint(plnk->is_tap, ==, FALSE);
+ g_assert_cmpint(plnk->flags & 0xFFFF, /* ignore kernel internal flags */
+ ==,
+ IP6_TNL_F_IGN_ENCAP_LIMIT | IP6_TNL_F_USE_ORIG_TCLASS);
+ break;
+ }
+
break;
}
case NM_LINK_TYPE_IP6GRETAP:
{
const NMPlatformLnkIp6Tnl *plnk = &lnk->lnk_ip6tnl;
- g_assert(plnk == nm_platform_link_get_lnk_ip6gretap(NM_PLATFORM_GET, ifindex, NULL));
- g_assert_cmpint(plnk->parent_ifindex, ==, ifindex_parent);
- nmtst_assert_ip6_address(&plnk->local, "fe80::abcd");
- nmtst_assert_ip6_address(&plnk->remote, "fc01::bbbb");
- g_assert_cmpint(plnk->ttl, ==, 10);
- g_assert_cmpint(plnk->tclass, ==, 22);
- g_assert_cmpint(plnk->flow_label, ==, 1339);
- g_assert_cmpint(plnk->is_gre, ==, TRUE);
- g_assert_cmpint(plnk->is_tap, ==, TRUE);
+ switch (test_data->test_mode) {
+ case 0:
+ g_assert(plnk
+ == nm_platform_link_get_lnk_ip6gretap(NM_PLATFORM_GET, ifindex, NULL));
+ g_assert_cmpint(plnk->parent_ifindex, ==, ifindex_parent);
+ nmtst_assert_ip6_address(&plnk->local, "fe80::abcd");
+ nmtst_assert_ip6_address(&plnk->remote, "fc01::bbbb");
+ g_assert_cmpint(plnk->ttl, ==, 10);
+ g_assert_cmpint(plnk->tclass, ==, 23);
+ g_assert_cmpint(plnk->flow_label, ==, 1340);
+ g_assert_cmpint(plnk->is_gre, ==, TRUE);
+ g_assert_cmpint(plnk->is_tap, ==, TRUE);
+ break;
+ case 1:
+ g_assert(plnk
+ == nm_platform_link_get_lnk_ip6gretap(NM_PLATFORM_GET, ifindex, NULL));
+ g_assert_cmpint(plnk->parent_ifindex, ==, ifindex_parent);
+ nmtst_assert_ip6_address(&plnk->local, "fe80::abce");
+ nmtst_assert_ip6_address(&plnk->remote, "fc01::bbbc");
+ g_assert_cmpint(plnk->ttl, ==, 10);
+ g_assert_cmpint(plnk->flow_label, ==, 1341);
+ g_assert_cmpint(plnk->is_gre, ==, TRUE);
+ g_assert_cmpint(plnk->is_tap, ==, TRUE);
+ g_assert_cmpint(plnk->flags & 0xFFFF, /* ignore kernel internal flags */
+ ==,
+ IP6_TNL_F_IGN_ENCAP_LIMIT | IP6_TNL_F_USE_ORIG_TCLASS);
+ break;
+ }
break;
}
case NM_LINK_TYPE_IPIP:
@@ -3888,8 +3952,10 @@ _nmtstp_setup_tests(void)
test_software_detect_add("/link/software/detect/gretap", NM_LINK_TYPE_GRETAP, 0);
test_software_detect_add("/link/software/detect/ip6tnl/0", NM_LINK_TYPE_IP6TNL, 0);
test_software_detect_add("/link/software/detect/ip6tnl/1", NM_LINK_TYPE_IP6TNL, 1);
- test_software_detect_add("/link/software/detect/ip6gre", NM_LINK_TYPE_IP6GRE, 0);
- test_software_detect_add("/link/software/detect/ip6gretap", NM_LINK_TYPE_IP6GRETAP, 0);
+ test_software_detect_add("/link/software/detect/ip6gre/0", NM_LINK_TYPE_IP6GRE, 0);
+ test_software_detect_add("/link/software/detect/ip6gre/1", NM_LINK_TYPE_IP6GRE, 1);
+ test_software_detect_add("/link/software/detect/ip6gretap/0", NM_LINK_TYPE_IP6GRETAP, 0);
+ test_software_detect_add("/link/software/detect/ip6gretap/1", NM_LINK_TYPE_IP6GRETAP, 1);
test_software_detect_add("/link/software/detect/ipip", NM_LINK_TYPE_IPIP, 0);
test_software_detect_add("/link/software/detect/macvlan", NM_LINK_TYPE_MACVLAN, 0);
test_software_detect_add("/link/software/detect/macvtap", NM_LINK_TYPE_MACVTAP, 0);
diff --git a/src/libnm-core-impl/nm-setting-ip-tunnel.c b/src/libnm-core-impl/nm-setting-ip-tunnel.c
index 7fb8b01739..d28eb73fd7 100644
--- a/src/libnm-core-impl/nm-setting-ip-tunnel.c
+++ b/src/libnm-core-impl/nm-setting-ip-tunnel.c
@@ -491,7 +491,11 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
}
flags = priv->flags;
- if (NM_IN_SET(priv->mode, NM_IP_TUNNEL_MODE_IPIP6, NM_IP_TUNNEL_MODE_IP6IP6))
+ if (NM_IN_SET(priv->mode,
+ NM_IP_TUNNEL_MODE_IPIP6,
+ NM_IP_TUNNEL_MODE_IP6IP6,
+ NM_IP_TUNNEL_MODE_IP6GRE,
+ NM_IP_TUNNEL_MODE_IP6GRETAP))
flags &= (guint32) (~_NM_IP_TUNNEL_FLAG_ALL_IP6TNL);
if (flags) {
g_set_error(error,
@@ -727,7 +731,7 @@ nm_setting_ip_tunnel_class_init(NMSettingIPTunnelClass *klass)
* NMSettingIPTunnel:encapsulation-limit:
*
* How many additional levels of encapsulation are permitted to be prepended
- * to packets. This property applies only to IPv6 tunnels.
+ * to packets. This property applies only to IPv6 tunnels. To disable this option, add %NM_IP_TUNNEL_FLAG_IP6_IGN_ENCAP_LIMIT to ip-tunnel flags.
*
* Since: 1.2
**/
diff --git a/src/libnmc-setting/settings-docs.h.in b/src/libnmc-setting/settings-docs.h.in
index cd5b231bb9..fc6df80c50 100644
--- a/src/libnmc-setting/settings-docs.h.in
+++ b/src/libnmc-setting/settings-docs.h.in
@@ -216,7 +216,7 @@
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTES N_("Array of IP routes.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_ROUTING_RULES N_("A comma separated list of routing rules for policy routing.")
#define DESCRIBE_DOC_NM_SETTING_IP6_CONFIG_TOKEN N_("Configure the token for draft-chown-6man-tokenised-ipv6-identifiers-02 IPv6 tokenized interface identifiers. Useful with eui64 addr-gen-mode.")
-#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT N_("How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels.")
+#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_ENCAPSULATION_LIMIT N_("How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels. To disable this option, add NM_IP_TUNNEL_FLAG_IP6_IGN_ENCAP_LIMIT (0x1) to ip-tunnel flags.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLAGS N_("Tunnel flags. Currently, the following values are supported: NM_IP_TUNNEL_FLAG_IP6_IGN_ENCAP_LIMIT (0x1), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_TCLASS (0x2), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_FLOWLABEL (0x4), NM_IP_TUNNEL_FLAG_IP6_MIP6_DEV (0x8), NM_IP_TUNNEL_FLAG_IP6_RCV_DSCP_COPY (0x10), NM_IP_TUNNEL_FLAG_IP6_USE_ORIG_FWMARK (0x20). They are valid only for IPv6 tunnels.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FLOW_LABEL N_("The flow label to assign to tunnel packets. This property applies only to IPv6 tunnels.")
#define DESCRIBE_DOC_NM_SETTING_IP_TUNNEL_FWMARK N_("The fwmark value to assign to tunnel packets. This property can be set to a non zero value only on VTI and VTI6 tunnels.")
diff --git a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
index dfea3c3440..f4598f937b 100644
--- a/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
+++ b/src/nmcli/gen-metadata-nm-settings-nmcli.xml.in
@@ -640,7 +640,7 @@
+ description="How many additional levels of encapsulation are permitted to be prepended to packets. This property applies only to IPv6 tunnels. To disable this option, add NM_IP_TUNNEL_FLAG_IP6_IGN_ENCAP_LIMIT (0x1) to ip-tunnel flags." />