From 458b1a7e9473c150a40cae5d8be174f4bb03bd39 Mon Sep 17 00:00:00 2001
From: Nick Hainke <vincent@systemli.org>
Date: Sat, 12 Dec 2020 21:50:53 +0100
Subject: netifd: add segment routing support

seg6_enabled - Bool
  Accept or drop SR-enabled IPv6 packets on this interface.

More Information:
https://www.kernel.org/doc/html/latest/networking/seg6-sysctl.html

Now you can set as interface option
  option ip6segmentrouting '1'

It is not enough to turn on "seg6_enabled" on the interface. Further,
we have to enable "/all/seg6_enabled". This means that a working config
is "interface + all".

Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [style fixes]
---
 system-linux.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'system-linux.c')

diff --git a/system-linux.c b/system-linux.c
index bf746f9..c57ecab 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -304,6 +304,11 @@ static void system_set_disable_ipv6(struct device *dev, const char *val)
 	system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val);
 }
 
+static void system_set_ip6segmentrouting(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled", dev->ifname, val);
+}
+
 static void system_set_rpfilter(struct device *dev, const char *val)
 {
 	system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val);
@@ -509,6 +514,12 @@ static int system_get_disable_ipv6(struct device *dev, char *buf, const size_t b
 			dev->ifname, buf, buf_sz);
 }
 
+static int system_get_ip6segmentrouting(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/seg6_enabled",
+			dev->ifname, buf, buf_sz);
+}
+
 static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz)
 {
 	return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter",
@@ -1572,6 +1583,11 @@ system_if_get_settings(struct device *dev, struct device_settings *s)
 		s->flags |= DEV_OPT_IPV6;
 	}
 
+	if (!system_get_ip6segmentrouting(dev, buf, sizeof(buf))) {
+		s->ip6segmentrouting = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_IP6SEGMENTROUTING;
+	}
+
 	if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) {
 		s->promisc = ifr.ifr_flags & IFF_PROMISC;
 		s->flags |= DEV_OPT_PROMISC;
@@ -1667,6 +1683,15 @@ system_if_apply_settings(struct device *dev, struct device_settings *s, unsigned
 	}
 	if (apply_mask & DEV_OPT_IPV6)
 		system_set_disable_ipv6(dev, s->ipv6 ? "0" : "1");
+	if (s->flags & DEV_OPT_IP6SEGMENTROUTING & apply_mask) {
+		struct device dummy = {
+			.ifname = "all",
+		};
+		bool ip6segmentrouting = device_check_ip6segmentrouting();
+
+		system_set_ip6segmentrouting(dev, s->ip6segmentrouting ? "1" : "0");
+		system_set_ip6segmentrouting(&dummy, ip6segmentrouting ? "1" : "0");
+	}
 	if (apply_mask & DEV_OPT_PROMISC) {
 		if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0,
 				    !s->promisc ? IFF_PROMISC : 0) < 0)
-- 
cgit v1.2.1