[gentoo-commits] proj/netifrc:master commit in: doc/, net/

[gentoo-commits] proj/netifrc:master commit in: doc/, net/

[Robin H. Johnson]

commit:     89a7d0f0af6807ed9b4a7204cddc214722de1ee9
Author:     Alon Bar-Lev <alonbl <AT> gentoo <DOT> org>
AuthorDate: Sat Nov  7 20:02:33 2015 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sat Nov  7 20:02:33 2015 +0000
URL:        https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=89a7d0f0

net: bridge: display a warning for brctl options depreciation

Signed-off-by: Alon Bar-Lev <alonbl <AT> gentoo.org>

 doc/net.example.Linux.in |  1 +
 net/bridge.sh            | 22 +++++++++++++---------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index ddfe5e0..b91bb50 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -910,6 +910,7 @@
 
 # Below is an example of configuring the bridge
 # Consult "man brctl" for more details
+# This method is deprecated in favour of the sysfs interface.
 #brctl_br0="setfd 15
 #sethello 2
 #stp on"

diff --git a/net/bridge.sh b/net/bridge.sh
index 60d3eeb..1d01be2 100644
--- a/net/bridge.sh
+++ b/net/bridge.sh
@@ -82,16 +82,20 @@ bridge_pre_start()
 	# Old configuration set mechanism
 	# Only a very limited subset of the options are available in the old
 	# configuration method. The sysfs interface is in the next block instead.
-	local IFS="$__IFS"
-	for x in ${opts}; do
+	if [ -n "${opts}" ]; then
+		ewarn "brctl options are deprecated please migrate to sysfs options"
+		ewarn "map of important options is available at https://wiki.gentoo.org/wiki/Netifrc/Brctl_Migration"
+		local IFS="$__IFS"
+		for x in ${opts}; do
+			unset IFS
+			set -- ${x}
+			x=$1
+			shift
+			set -- "${x}" "${IFACE}" "$@"
+			brctl "$@"
+		done
 		unset IFS
-		set -- ${x}
-		x=$1
-		shift
-		set -- "${x}" "${IFACE}" "$@"
-		brctl "$@"
-	done
-	unset IFS
+	fi
 
 	# New configuration set mechanism, matches bonding
 	for x in /sys/class/net/"${IFACE}"/bridge/*; do

[gentoo-commits] proj/netifrc:master commit in: doc/, net/

[Robin H. Johnson]

commit:     97da3ab2158db402fd20b440cefe7a7be7501d6d
Author:     Emeric Verschuur <emeric <AT> mbedsys <DOT> org>
AuthorDate: Sun May  1 11:11:16 2016 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun May  1 11:11:16 2016 +0000
URL:        https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=97da3ab2

Adding L2TP (v3) module (net/l2tp.sh) to support L2TPv3 link

 doc/net.example.Linux.in |  24 +++++++
 net/l2tp.sh              | 169 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 193 insertions(+)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index f65c03d..72608bb 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -985,6 +985,30 @@
 #relay_6to4="192.168.3.2"
 #suffix_6to4=":ff"
 
+# For L2TP (v3) link
+# WARNING: sys-apps/iproute2 is required to use this module
+# You may have to add "l2tp" to modules list
+#
+# A L2 link between need a session within a tunnel
+# 1 session <=> 1 interface and 1 tunnel <=> n session(s)
+# a tunnel can host several session (shared by several interfaces)
+# 
+# Example to create 3 L2TPv3 links where (see man ip, iproute2 manual for more details):
+# * l2tpeth0 and l2tpeth1 are tho sessions into a same (shared) tunnel (encap IP)
+# * l2tpeth2 is a session into an separate tunnel (encap UDP)
+#
+#l2tptunnel_l2tpeth0="remote 1.2.3.4 local 1.2.4.3 encap ip tunnel_id 1 peer_tunnel_id 1"
+#l2tpsession_l2tpeth0="tunnel_id 1 session_id 1 peer_session_id 1"
+#config_l2tpeth="10.100.0.1/24"
+#
+#l2tptunnel_l2tpeth1="remote 1.2.3.4 local 1.2.4.3 encap ip tunnel_id 1 peer_tunnel_id 1"
+#l2tpsession_l2tpeth1="tunnel_id 1 session_id 2 peer_session_id 2"
+#config_l2tpeth1="10.100.1.1/24"
+#
+#l2tptunnel_l2tpeth2="remote 1.2.3.4 local 1.2.4.3 encap udp tunnel_id 2 peer_tunnel_id 2 udp_sport 5000 udp_dport 6000"
+#l2tpsession_l2tpeth2="tunnel_id 2 session_id 1 peer_session_id 1"
+#config_l2tpeth2="10.100.2.1/24"
+
 #-----------------------------------------------------------------------------
 # Advanced Routing
 # WARNING: For advanced routing you MUST be using sys-apps/iproute2

diff --git a/net/l2tp.sh b/net/l2tp.sh
new file mode 100644
index 0000000..24f5f8c
--- /dev/null
+++ b/net/l2tp.sh
@@ -0,0 +1,169 @@
+# Copyright (c) 2016 Emeric Verschuur <emeric@mbedsys.org>
+# All rights reserved. Released under the 2-clause BSD license.
+
+l2tp_depend()
+{
+	program ip
+	before bridge interface macchanger
+}
+
+# Extract parameter list to shell vars
+#   1. variable prefix
+#   2. string to parse
+_l2tp_eval_props() {
+	local prop_pref=$1
+	local prop_list=$2
+	eval set -- "$3"
+	while [ -n "$1" ]; do
+		eval "case $1 in
+			$prop_list)
+				$prop_pref$1=\"$2\"
+				shift
+				shift
+				;;
+			*)
+				l2tp_err=\"invalid property $1\"
+				return 1
+				;;
+			
+		esac" || return 1
+	done
+	return 0
+}
+
+_is_l2tp() {
+	eval "$(ip l2tp show session | \
+		awk "match(\$0, /^Session ([0-9]+) in tunnel ([0-9]+)\$/, ret) {sid=ret[1]; tid=ret[2]} 
+		match(\$0, /^[ ]*interface name: ${IFACE}\$/) {print \"session_id=\"sid\";tunnel_id=\"tid; exit}")"
+	test -n "$session_id"
+}
+
+# Get tunnel info
+#    1. Output variable prefix
+#    2. Tunnel ID to find
+_l2tp_get_tunnel_info() {
+	local found
+	eval "$(ip l2tp show tunnel | \
+		awk -v id=$2 -v prefix=$1 '
+		match($0, /^Tunnel ([0-9]+), encap (IP|UDP)$/, ret) {
+			if (found == "1") exit;
+			if (ret[1] == id) {
+				print "found=1;"
+				print prefix "tunnel_id=" ret[1] ";"
+				print prefix "encap=" ret[2] ";";
+				found="1"
+			}
+		} 
+		match($0, /^[ ]*From ([^ ]+) to ([^ ]+)$/, ret) {
+			if (found == "1") {
+				print prefix "local=" ret[1] ";"; 
+				print prefix "remote=" ret[2] ";"; 
+			}
+		}
+		match($0, /^[ ]*Peer tunnel ([0-9]+)$/, ret) {
+			if (found == "1") {
+				print prefix "peer_tunnel_id=" ret[1] ";"; 
+			}
+		}
+		match($0, /^[ ]*UDP source \/ dest ports: ([0-9]+)\/([0-9]+)$/, ret) {
+			if (found == "1") {
+				print prefix "udp_sport=" ret[1] ";"; 
+				print prefix "udp_dport=" ret[2] ";"; 
+			}
+		}')"
+	test -n "$found"
+}
+
+_ip_l2tp_add() {
+	local e
+	e="$(LC_ALL=C ip l2tp add $@ 2>&1 1>/dev/null)"
+	case $e in
+		"")
+			return 0
+			;;
+		"RTNETLINK answers: No such process")
+			# seems to not be a fatal error but I don't know why I have this error... hmmm
+			ewarn "ip l2tp add $2 error: $e"
+			return 0
+			;;
+		*)
+			eend 1 "ip l2tp add $2 error: $e"
+			return 1
+			;;
+	esac
+	
+}
+
+l2tp_pre_start()
+{
+	local l2tpsession=
+	eval l2tpsession=\$l2tpsession_${IFVAR}
+	test -n "${l2tpsession}" || return 0
+	
+	ebegin "Creating L2TP tunnel ${IFVAR}"
+	local l2tp_err s_name s_tunnel_id s_session_id s_peer_session_id s_cookie s_peer_cookie s_offset s_peer_offset s_l2spec_type
+	if ! _l2tp_eval_props s_ "name|tunnel_id|session_id|peer_session_id|cookie|peer_cookie|offset|peer_offset|l2spec_type" "${l2tpsession}"; then
+		eend 1 "l2tpsession_${IFVAR} syntax error: $l2tp_err"
+		return 1
+	fi
+	if [ -n "$s_name" ]; then
+		eend 1 "l2tpsession_${IFVAR} error: please remove the \"name\" parameter (this parameter is managed by the system)"
+		return 1
+	fi
+	# Try to load mendatory l2tp_eth kernel module
+	if ! modprobe l2tp_eth; then
+		eend 1 "l2tp_eth module not present in your kernel (please enable CONFIG_L2TP_ETH option in your kernel config)"
+		return 1
+	fi
+	local l2tptunnel=
+	eval l2tptunnel=\$l2tptunnel_${IFVAR}
+	if [ -n "${l2tptunnel}" ]; then
+		local t_tunnel_id t_encap t_local t_remote t_peer_tunnel_id t_udp_sport t_udp_dport
+		_l2tp_eval_props t_ "remote|local|encap|tunnel_id|peer_tunnel_id|encap|udp_sport|udp_dport" "${l2tptunnel}"
+		# if encap=ip we need l2tp_ip kernel module
+		if [ "${t_encap^^}" = "IP" ] && ! modprobe l2tp_ip; then
+			eend 1 "l2tp_ip module not present in your kernel (please enable CONFIG_L2TP_IP option in your kernel config)"
+			return 1
+		fi
+		# Search for an existing tunnel with the same ID
+		local f_tunnel_id f_encap f_local f_remote f_peer_tunnel_id f_udp_sport f_udp_dport
+		if _l2tp_get_tunnel_info f_ $t_tunnel_id; then
+			# check if the existing tunnel has the same property than expected
+			if [ "tunnel_id:$f_tunnel_id;encap:$f_encap;local:$f_local;remote:$f_remote;
+			peer_tunnel_id:$f_peer_tunnel_id;udp_sport:$f_udp_sport;udp_dport:$f_udp_dport" \
+			!= "tunnel_id:$t_tunnel_id;encap:${t_encap^^};local:$t_local;remote:$t_remote;
+			peer_tunnel_id:$t_peer_tunnel_id;udp_sport:$t_udp_sport;udp_dport:$t_udp_dport" ]; then
+				eend 1 "There are an existing tunnel with id=$s_tunnel_id, but the properties mismatch with the one you want to create"
+				return 1
+			fi
+		else
+			veinfo ip l2tp add tunnel ${l2tptunnel}
+			_ip_l2tp_add tunnel ${l2tptunnel} || return 1
+		fi
+	elif ! ip l2tp show tunnel | grep -Eq "^Tunnel $s_tunnel_id,"; then
+		# no l2tptunnel_<INTF> declaration, assume that the tunnel is already present
+		# checking if tunnel_id exists otherwise raise an error
+		eend 1 "Tunnel id=$s_tunnel_id no found (you may have to set l2tptunnel_${IFVAR})"
+		return 1
+	fi
+	veinfo ip l2tp add session ${l2tpsession} name "${IFACE}"
+	_ip_l2tp_add session ${l2tpsession} name "${IFACE}" || return 1
+	_up
+}
+
+
+l2tp_post_stop()
+{
+	local session_id tunnel_id
+	_is_l2tp || return 0
+	
+	ebegin "Destroying L2TP tunnel ${IFACE}"
+	veinfo ip l2tp del session tunnel_id $tunnel_id session_id $session_id
+	ip l2tp del session tunnel_id $tunnel_id session_id $session_id
+	if ! ip l2tp show session | grep -Eq "^Session [0-9]+ in tunnel $tunnel_id\$"; then
+		#tunnel $tunnel_id no longer used, destoying it...
+		veinfo ip l2tp del tunnel tunnel_id $tunnel_id
+		ip l2tp del tunnel tunnel_id $tunnel_id
+	fi
+	eend $?
+}

[gentoo-commits] proj/netifrc:master commit in: doc/, net/

[Robin H. Johnson]

commit:     4ddfad307887e80a296a611832cf3780ccaf9616
Author:     Kirill Semenkov <semenkovk <AT> gmail <DOT> com>
AuthorDate: Mon Jan 21 08:42:56 2019 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun Apr 21 04:10:41 2019 +0000
URL:        https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=4ddfad30

Two separate peer variables for every peer in veth

Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org>

 doc/net.example.Linux.in |  7 ++++---
 net/veth.sh              | 35 +++++++++++------------------------
 2 files changed, 15 insertions(+), 27 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 6fc6094..8896acf 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -916,7 +916,7 @@
 
 #-----------------------------------------------------------------------------
 # Virtual interface device (veth)
-# For veth support install iproute2 and awk
+# For veth support install iproute2
 #
 # The script uses "standard" ways of IP-address assignement in net.lo script. Network namespaces are not implemented here
 # because net.lo currently knows nothing about network namespaces.
@@ -925,10 +925,11 @@
 #   The interface type must be set for both peers
 #type_veth0="veth"
 #   Here we declare peers for "ip link add" command
-#veth_veth0="veth0 veth1"
+#veth_veth0_peer1="veth0"
+#veth_veth0_peer2="veth1"
 #config_veth0="192.168.0.1/24"
 #
-#   Avoids race
+#   Prevents race
 #rc_net_veth1_need="net.veth0"
 #type_veth1="veth"
 #   Both peers are created when the first one starts, we don't need to create the second peer

diff --git a/net/veth.sh b/net/veth.sh
index d969a14..5ff6587 100644
--- a/net/veth.sh
+++ b/net/veth.sh
@@ -3,7 +3,7 @@
 
 veth_depend()
 {
-	program ip awk
+	program ip
 }
 
 _config_vars="$_config_vars veth"
@@ -72,19 +72,13 @@ _bring_peer_down()
 #Create and bring the veth pair up
 _create_peers()
 {
-	local peers
-	peers="$(_get_array "veth_${IFVAR}")"
-
-	# veth has exactly two peers.
-	# For POSIX compatibility we evade bash arrays
-	local npeers
-	npeers=$(echo "$peers" | awk '{print NF}')
-	if [ "$npeers" != 2 ]; then
-		eerror "veth interface must have exactly two peers"
-		return 1
-	fi
+	local peer1
+	peer1="$(_get_array "veth_${IFVAR}_peer1")"
+
+	local peer2
+	peer2="$(_get_array "veth_${IFVAR}_peer2")"
 
-	for x in ${peers}; do
+	for x in $peer1 $peer2; do
 		if _exists "$x" ; then
 			eerror "Interface $x already exists. Can't continue"
 			return 1
@@ -104,12 +98,6 @@ _create_peers()
 		return 1
 	fi
 
-	local peer1
-	peer1=$(echo "$peers" | awk '{print $1}')
-	local peer2
-	peer2=$(echo "$peers" | awk '{print $2}')
-
-	
 	ip link add "$peer1" type veth peer name "$peer2" > /dev/null 2>&1 || {
 		eerror "Can't create veth peer $peer1 or $peer2"
 		return 1
@@ -177,14 +165,13 @@ veth_post_stop()
 		return 0
 	fi
 
-	local peers
-	peers="$(_get_array "veth_${IFVAR}")"
-	local first
-	first=$(echo "$peers" | awk '{print $1}')
+	local peer1
+	peer1="$(_get_array "veth_${IFVAR}_peer1")"
+
 	local netns1
 	netns1="$(_get_array "veth_${IFVAR}_ns1")"
 
-	if ! _bring_peer_down "$first" "$netns1"
+	if ! _bring_peer_down "$peer1" "$netns1"
 	then
 		eerror "Can't delete the veth pair ${IFVAR}"
 		eend 1

[gentoo-commits] proj/netifrc:master commit in: doc/, net/

[Robin H. Johnson]

commit:     0dc79645173fad82e0d437a6569b7ea7fa356197
Author:     Arseni Nimera <shorrer <AT> yandex <DOT> by>
AuthorDate: Sat May 30 22:20:25 2020 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Sun May 31 07:28:27 2020 +0000
URL:        https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=0dc79645

Added macvtap support

Bug: https://bugs.gentoo.org/691372
Signed-off-by: Arseni Nimera <shorrer <AT> yandex.by>

 doc/net.example.Linux.in | 3 +++
 net/macvlan.sh           | 8 ++++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 8896acf..f169670 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -664,6 +664,9 @@
 # MAC-VLAN mode (private, vepa, bridge, passtru)
 #mode_macvlan0="private"
 
+# MAC-VLAN type (macvlan, macvtap)
+#type_macvlan0="macvtap"
+
 # IP address, MAC address, ... are configured as a normal interface
 #config_macvlan0="192.168.20.20/24"
 #mac_macvlan0="00:50:06:20:20:20"

diff --git a/net/macvlan.sh b/net/macvlan.sh
index 8d55717..6243858 100644
--- a/net/macvlan.sh
+++ b/net/macvlan.sh
@@ -34,8 +34,12 @@ macvlan_pre_start()
 	eval mode=\$mode_${IFVAR}
 	[ -z "${mode}" ] && mode="private"
 
+	local type=
+	eval type=\$type_${IFVAR}
+	[ -z "${type}" ] && type="macvlan"
+
 	ebegin "Creating MAC-VLAN ${IFACE} to ${macvlan}"
-	e="$(ip link add link "${macvlan}" name "${IFACE}" type macvlan mode "${mode}" 2>&1 1>/dev/null)"
+	e="$(ip link add link "${macvlan}" name "${IFACE}" type "${type}" mode "${mode}" 2>&1 1>/dev/null)"
 	if [ -n "${e}" ]; then
 		eend 1 "${e}"
 	else
@@ -49,6 +53,6 @@ macvlan_post_stop()
 	_is_macvlan || return 0
 
 	ebegin "Removing MAC-VLAN ${IFACE}"
-	ip link delete "${IFACE}" type macvlan >/dev/null
+	ip link delete "${IFACE}" >/dev/null
 	eend $?
 }

[gentoo-commits] proj/netifrc:master commit in: doc/, net/

[Patrick McLean]

commit:     bde6dd2ad5b393e351ae8fd8d89f3bec62e52914
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Mon Jul  1 14:50:33 2024 +0000
Commit:     Patrick McLean <chutzpah <AT> gentoo <DOT> org>
CommitDate: Mon Jul  1 14:51:25 2024 +0000
URL:        https://gitweb.gentoo.org/proj/netifrc.git/commit/?id=bde6dd2a

Implement ip-token(8) addressing for IPv6.

This enables setting ip-token(8) up during pre-up from a config variable
ip6token_${IFVAR} to set up tokens to be used during SLAAC
auto-configuration.

Closes: https://bugs.gentoo.org/935280
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>

 doc/net.example.Linux.in | 10 ++++++++++
 net/ip6token.sh          | 25 +++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/doc/net.example.Linux.in b/doc/net.example.Linux.in
index 143dc9d..c117f4d 100644
--- a/doc/net.example.Linux.in
+++ b/doc/net.example.Linux.in
@@ -106,6 +106,16 @@
 #config_eth0="192.168.0.2/24 scope host
 #4321:0:1:2:3:4:567:89ab/64 nodad home preferred_lft 0"
 
+# Tokenized IPv6 addressing (as per ip-token(8)) is also possible.  This will
+# grab the last 64 bits of the IP address below, and use that to auto-configure
+# IPv6 addresses, when using SLAAC.  For example, given ::dead:beef below and an
+# advertised prefix of 100::/64 then Linux will configure an IPv6 address of
+# 100::dead:beef/64 on the interface.  You can use "tail-end IPv4 addresses" too.
+#ip6token_eth0="::dead:beef"
+#ip6token_eth0="::192.168.0.1"
+#ip6token_eth0="::dead:beef:192.168.0.1"
+#ip6token_eth0="::ffff:192.168.0.1" # OK because the prefix won't be ::/64.
+
 # Here's how to do routing if you need it
 # We add an IPv4 default route, IPv4 subnet route and an IPv6 unicast route
 #routes_eth0="default via 192.168.0.1

diff --git a/net/ip6token.sh b/net/ip6token.sh
new file mode 100644
index 0000000..71e17b5
--- /dev/null
+++ b/net/ip6token.sh
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 Gentoo Authors
+
+ip6token_depend()
+{
+	program ip
+	after interface
+}
+
+_config_vars="$_config_vars ip6token"
+
+ip6token_pre_start()
+{
+	local tconfig
+	eval tconfig=\$ip6token_${IFVAR}
+
+	[ -z "${tconfig}" ] && return 0
+	ip token set "${tconfig}" dev "${IFACE}" 
+	return $?
+}
+
+ip6token_post_stop()
+{
+	ip token del dev "${IFACE}"
+	return $?
+}