X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fnetifd.git;a=blobdiff_plain;f=system-linux.c;h=fb2ee29d2d8e216adf76163318e6da0fcc7590dc;hp=d0835803ecd2ca3054903893b7b7e67952c29b6c;hb=2d09cca0e90127d33eed43b8790f5778ba3b943f;hpb=09ae3bfa2ad7a3a9630fdf290b872a2d7673843f

diff --git a/system-linux.c b/system-linux.c
index d083580..fb2ee29 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -1,6 +1,9 @@
 /*
  * netifd - network interface daemon
  * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
+ * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013 Steven Barth <steven@midlink.org>
+ * Copyright (C) 2014 Gioacchino Mazzurco <gio@eigenlab.org>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2
@@ -27,12 +30,19 @@
 #include <linux/rtnetlink.h>
 #include <linux/sockios.h>
 #include <linux/ip.h>
+#include <linux/if_link.h>
 #include <linux/if_vlan.h>
 #include <linux/if_bridge.h>
 #include <linux/if_tunnel.h>
+#include <linux/ip6_tunnel.h>
 #include <linux/ethtool.h>
+#include <linux/fib_rules.h>
+#include <linux/version.h>
+
+#ifndef RTN_FAILED_POLICY
+#define RTN_FAILED_POLICY 12
+#endif
 
-#include <unistd.h>
 #include <string.h>
 #include <fcntl.h>
 #include <glob.h>
@@ -50,7 +60,7 @@
 struct event_socket {
 	struct uloop_fd uloop;
 	struct nl_sock *sock;
-	struct nl_cb *cb;
+	int bufsize;
 };
 
 static int sock_ioctl = -1;
@@ -65,7 +75,38 @@ static void
 handler_nl_event(struct uloop_fd *u, unsigned int events)
 {
 	struct event_socket *ev = container_of(u, struct event_socket, uloop);
-	nl_recvmsgs(ev->sock, ev->cb);
+	int err;
+	socklen_t errlen = sizeof(err);
+
+	if (!u->error) {
+		nl_recvmsgs_default(ev->sock);
+		return;
+	}
+
+	if (getsockopt(u->fd, SOL_SOCKET, SO_ERROR, (void *)&err, &errlen))
+		goto abort;
+
+	switch(err) {
+	case ENOBUFS:
+		// Increase rx buffer size on netlink socket
+		ev->bufsize *= 2;
+		if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0))
+			goto abort;
+
+		// Request full dump since some info got dropped
+		struct rtgenmsg msg = { .rtgen_family = AF_UNSPEC };
+		nl_send_simple(ev->sock, RTM_GETLINK, NLM_F_DUMP, &msg, sizeof(msg));
+		break;
+
+	default:
+		goto abort;
+	}
+	u->error = false;
+	return;
+
+abort:
+	uloop_fd_delete(&ev->uloop);
+	return;
 }
 
 static struct nl_sock *
@@ -88,7 +129,7 @@ create_socket(int protocol, int groups)
 
 static bool
 create_raw_event_socket(struct event_socket *ev, int protocol, int groups,
-			uloop_fd_handler cb)
+                        uloop_fd_handler cb, int flags)
 {
 	ev->sock = create_socket(protocol, groups);
 	if (!ev->sock)
@@ -96,7 +137,9 @@ create_raw_event_socket(struct event_socket *ev, int protocol, int groups,
 
 	ev->uloop.fd = nl_socket_get_fd(ev->sock);
 	ev->uloop.cb = cb;
-	uloop_fd_add(&ev->uloop, ULOOP_READ | ULOOP_EDGE_TRIGGER);
+	if (uloop_fd_add(&ev->uloop, ULOOP_READ|flags))
+		return false;
+
 	return true;
 }
 
@@ -104,14 +147,73 @@ static bool
 create_event_socket(struct event_socket *ev, int protocol,
 		    int (*cb)(struct nl_msg *msg, void *arg))
 {
-	// Prepare socket for link events
-	ev->cb = nl_cb_alloc(NL_CB_DEFAULT);
-	if (!ev->cb)
+	if (!create_raw_event_socket(ev, protocol, 0, handler_nl_event, ULOOP_ERROR_CB))
 		return false;
 
-	nl_cb_set(ev->cb, NL_CB_VALID, NL_CB_CUSTOM, cb, NULL);
+	// Install the valid custom callback handler
+	nl_socket_modify_cb(ev->sock, NL_CB_VALID, NL_CB_CUSTOM, cb, NULL);
+
+	// Disable sequence number checking on event sockets
+	nl_socket_disable_seq_check(ev->sock);
+
+	// Increase rx buffer size to 65K on event sockets
+	ev->bufsize = 65535;
+	if (nl_socket_set_buffer_size(ev->sock, ev->bufsize, 0))
+		return false;
 
-	return create_raw_event_socket(ev, protocol, 0, handler_nl_event);
+	return true;
+}
+
+static bool
+system_rtn_aton(const char *src, unsigned int *dst)
+{
+	char *e;
+	unsigned int n;
+
+	if (!strcmp(src, "local"))
+		n = RTN_LOCAL;
+	else if (!strcmp(src, "nat"))
+		n = RTN_NAT;
+	else if (!strcmp(src, "broadcast"))
+		n = RTN_BROADCAST;
+	else if (!strcmp(src, "anycast"))
+		n = RTN_ANYCAST;
+	else if (!strcmp(src, "multicast"))
+		n = RTN_MULTICAST;
+	else if (!strcmp(src, "prohibit"))
+		n = RTN_PROHIBIT;
+	else if (!strcmp(src, "unreachable"))
+		n = RTN_UNREACHABLE;
+	else if (!strcmp(src, "blackhole"))
+		n = RTN_BLACKHOLE;
+	else if (!strcmp(src, "xresolve"))
+		n = RTN_XRESOLVE;
+	else if (!strcmp(src, "unicast"))
+		n = RTN_UNICAST;
+	else if (!strcmp(src, "throw"))
+		n = RTN_THROW;
+	else if (!strcmp(src, "failed_policy"))
+		n = RTN_FAILED_POLICY;
+	else {
+		n = strtoul(src, &e, 0);
+		if (!e || *e || e == src || n > 255)
+			return false;
+	}
+
+	*dst = n;
+	return true;
+}
+
+static bool
+system_tos_aton(const char *src, unsigned *dst)
+{
+	char *e;
+
+	*dst = strtoul(src, &e, 16);
+	if (e == src || *e || *dst > 255)
+		return false;
+
+	return true;
 }
 
 int system_init(void)
@@ -120,7 +222,7 @@ int system_init(void)
 	static struct event_socket hotplug_event;
 
 	sock_ioctl = socket(AF_LOCAL, SOCK_DGRAM, 0);
-	fcntl(sock_ioctl, F_SETFD, fcntl(sock_ioctl, F_GETFD) | FD_CLOEXEC);
+	system_fd_set_cloexec(sock_ioctl);
 
 	// Prepare socket for routing / address control
 	sock_rtnl = create_socket(NETLINK_ROUTE, 0);
@@ -131,7 +233,7 @@ int system_init(void)
 		return -1;
 
 	if (!create_raw_event_socket(&hotplug_event, NETLINK_KOBJECT_UEVENT, 1,
-				     handle_hotplug_event))
+	                             handle_hotplug_event, 0))
 		return -1;
 
 	// Receive network link events form kernel
@@ -148,7 +250,7 @@ static void system_set_sysctl(const char *path, const char *val)
 	if (fd < 0)
 		return;
 
-	write(fd, val, strlen(val));
+	if (write(fd, val, strlen(val))) {}
 	close(fd);
 }
 
@@ -163,26 +265,130 @@ static void system_set_disable_ipv6(struct device *dev, const char *val)
 	system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6", dev->ifname, val);
 }
 
+static void system_set_rpfilter(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter", dev->ifname, val);
+}
+
+static void system_set_acceptlocal(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local", dev->ifname, val);
+}
+
+static void system_set_igmpversion(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version", dev->ifname, val);
+}
+
+static void system_set_mldversion(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version", dev->ifname, val);
+}
+
+static void system_set_neigh4reachabletime(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms", dev->ifname, val);
+}
+
+static void system_set_neigh6reachabletime(struct device *dev, const char *val)
+{
+	system_set_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms", dev->ifname, val);
+}
+
+static int system_get_sysctl(const char *path, char *buf, const size_t buf_sz)
+{
+	int fd = -1, ret = -1;
+
+	fd = open(path, O_RDONLY);
+	if (fd < 0)
+		goto out;
+
+	ssize_t len = read(fd, buf, buf_sz - 1);
+	if (len < 0)
+		goto out;
+
+	ret = buf[len] = 0;
+
+out:
+	if (fd >= 0)
+		close(fd);
+
+	return ret;
+}
+
+static int
+system_get_dev_sysctl(const char *path, const char *device, char *buf, const size_t buf_sz)
+{
+	snprintf(dev_buf, sizeof(dev_buf), path, device);
+	return system_get_sysctl(dev_buf, buf, buf_sz);
+}
+
+static int system_get_disable_ipv6(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/disable_ipv6",
+			dev->ifname, buf, buf_sz);
+}
+
+static int system_get_rpfilter(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/rp_filter",
+			dev->ifname, buf, buf_sz);
+}
+
+static int system_get_acceptlocal(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/accept_local",
+			dev->ifname, buf, buf_sz);
+}
+
+static int system_get_igmpversion(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv4/conf/%s/force_igmp_version",
+			dev->ifname, buf, buf_sz);
+}
+
+static int system_get_mldversion(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv6/conf/%s/force_mld_version",
+			dev->ifname, buf, buf_sz);
+}
+
+static int system_get_neigh4reachabletime(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv4/neigh/%s/base_reachable_time_ms",
+			dev->ifname, buf, buf_sz);
+}
+
+static int system_get_neigh6reachabletime(struct device *dev, char *buf, const size_t buf_sz)
+{
+	return system_get_dev_sysctl("/proc/sys/net/ipv6/neigh/%s/base_reachable_time_ms",
+			dev->ifname, buf, buf_sz);
+}
+
 // Evaluate netlink messages
 static int cb_rtnl_event(struct nl_msg *msg, void *arg)
 {
 	struct nlmsghdr *nh = nlmsg_hdr(msg);
 	struct ifinfomsg *ifi = NLMSG_DATA(nh);
 	struct nlattr *nla[__IFLA_MAX];
+	int link_state = 0;
+	char buf[10];
 
-	if (nh->nlmsg_type != RTM_DELLINK && nh->nlmsg_type != RTM_NEWLINK)
+	if (nh->nlmsg_type != RTM_NEWLINK)
 		goto out;
 
 	nlmsg_parse(nh, sizeof(*ifi), nla, __IFLA_MAX - 1, NULL);
 	if (!nla[IFLA_IFNAME])
 		goto out;
 
-	struct device *dev = device_get(RTA_DATA(nla[IFLA_IFNAME]), false);
-	if (!dev)
+	struct device *dev = device_get(nla_data(nla[IFLA_IFNAME]), false);
+	if (!dev || dev->type->keep_link_status)
 		goto out;
 
-	dev->ifindex = ifi->ifi_index;
-	/* TODO: parse link status */
+	if (!system_get_dev_sysctl("/sys/class/net/%s/carrier", dev->ifname, buf, sizeof(buf)))
+		link_state = strtoul(buf, NULL, 0);
+
+	device_set_link(dev, link_state ? true : false);
 
 out:
 	return 0;
@@ -302,17 +508,18 @@ static bool system_is_bridge(const char *name, char *buf, int buflen)
 static char *system_get_bridge(const char *name, char *buf, int buflen)
 {
 	char *path;
-	ssize_t len;
+	ssize_t len = -1;
 	glob_t gl;
 
 	snprintf(buf, buflen, "/sys/devices/virtual/net/*/brif/%s/bridge", name);
 	if (glob(buf, GLOB_NOSORT, NULL, &gl) < 0)
 		return NULL;
 
-	if (gl.gl_pathc == 0)
-		return NULL;
+	if (gl.gl_pathc > 0)
+		len = readlink(gl.gl_pathv[0], buf, buflen);
+
+	globfree(&gl);
 
-	len = readlink(gl.gl_pathv[0], buf, buflen);
 	if (len < 0)
 		return NULL;
 
@@ -324,25 +531,35 @@ static char *system_get_bridge(const char *name, char *buf, int buflen)
 	return path + 1;
 }
 
+static void system_bridge_set_wireless(const char *bridge, const char *dev)
+{
+	snprintf(dev_buf, sizeof(dev_buf),
+		 "/sys/devices/virtual/net/%s/brif/%s/multicast_to_unicast",
+		 bridge, dev);
+	system_set_sysctl(dev_buf, "1");
+}
+
 int system_bridge_addif(struct device *bridge, struct device *dev)
 {
 	char *oldbr;
+	int ret = 0;
 
-	system_set_disable_ipv6(dev, "1");
 	oldbr = system_get_bridge(dev->ifname, dev_buf, sizeof(dev_buf));
-	if (oldbr && !strcmp(oldbr, bridge->ifname))
-		return 0;
+	if (!oldbr || strcmp(oldbr, bridge->ifname) != 0)
+		ret = system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL);
+
+	if (dev->wireless)
+		system_bridge_set_wireless(bridge->ifname, dev->ifname);
 
-	return system_bridge_if(bridge->ifname, dev, SIOCBRADDIF, NULL);
+	return ret;
 }
 
 int system_bridge_delif(struct device *bridge, struct device *dev)
 {
-	system_set_disable_ipv6(dev, "0");
 	return system_bridge_if(bridge->ifname, dev, SIOCBRDELIF, NULL);
 }
 
-static int system_if_resolve(struct device *dev)
+int system_if_resolve(struct device *dev)
 {
 	struct ifreq ifr;
 	strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name));
@@ -396,6 +613,11 @@ static bool check_route(struct nlmsghdr *hdr, int ifindex)
 	return *(int *)RTA_DATA(tb[RTA_OIF]) == ifindex;
 }
 
+static bool check_rule(struct nlmsghdr *hdr, int ifindex)
+{
+	return true;
+}
+
 static int cb_clear_event(struct nl_msg *msg, void *arg)
 {
 	struct clear_data *clr = arg;
@@ -418,23 +640,34 @@ static int cb_clear_event(struct nl_msg *msg, void *arg)
 
 		cb = check_route;
 		break;
+	case RTM_GETRULE:
+		type = RTM_DELRULE;
+		if (hdr->nlmsg_type != RTM_NEWRULE)
+			return NL_SKIP;
+
+		cb = check_rule;
+		break;
 	default:
 		return NL_SKIP;
 	}
 
-	if (!cb(hdr, clr->dev->ifindex))
+	if (!cb(hdr, clr->dev ? clr->dev->ifindex : 0))
 		return NL_SKIP;
 
-	D(SYSTEM, "Remove %s from device %s\n",
-	  type == RTM_DELADDR ? "an address" : "a route",
-	  clr->dev->ifname);
+	if (type == RTM_DELRULE)
+		D(SYSTEM, "Remove a rule\n");
+	else
+		D(SYSTEM, "Remove %s from device %s\n",
+		  type == RTM_DELADDR ? "an address" : "a route",
+		  clr->dev->ifname);
 	memcpy(nlmsg_hdr(clr->msg), hdr, hdr->nlmsg_len);
 	hdr = nlmsg_hdr(clr->msg);
 	hdr->nlmsg_type = type;
 	hdr->nlmsg_flags = NLM_F_REQUEST;
 
-	if (!nl_send_auto_complete(sock_rtnl, clr->msg))
-		nl_wait_for_ack(sock_rtnl);
+	nl_socket_disable_auto_ack(sock_rtnl);
+	nl_send_auto_complete(sock_rtnl, clr->msg);
+	nl_socket_enable_auto_ack(sock_rtnl);
 
 	return NL_SKIP;
 }
@@ -472,6 +705,7 @@ system_if_clear_entries(struct device *dev, int type, int af)
 	clr.type = type;
 	switch (type) {
 	case RTM_GETADDR:
+	case RTM_GETRULE:
 		clr.size = sizeof(struct rtgenmsg);
 		break;
 	case RTM_GETROUTE:
@@ -510,11 +744,8 @@ void system_if_clear_state(struct device *dev)
 	static char buf[256];
 	char *bridge;
 
-	if (dev->external)
-		return;
-
-	dev->ifindex = system_if_resolve(dev);
-	if (!dev->ifindex)
+	device_set_ifindex(dev, system_if_resolve(dev));
+	if (dev->external || !dev->ifindex)
 		return;
 
 	system_if_flags(dev->ifname, 0, IFF_UP);
@@ -562,6 +793,13 @@ int system_bridge_addbr(struct device *bridge, struct bridge_config *cfg)
 	system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_snooping",
 		bridge->ifname, cfg->igmp_snoop ? "1" : "0");
 
+	system_set_dev_sysctl("/sys/devices/virtual/net/%s/bridge/multicast_querier",
+		bridge->ifname, cfg->igmp_snoop ? "1" : "0");
+
+	args[0] = BRCTL_SET_BRIDGE_PRIORITY;
+	args[1] = cfg->priority;
+	system_bridge_if(bridge->ifname, NULL, SIOCDEVPRIVATE, &args);
+
 	if (cfg->flags & BRIDGE_OPT_AGEING_TIME) {
 		args[0] = BRCTL_SET_AGEING_TIME;
 		args[1] = sec_to_jiffies(cfg->ageing_time);
@@ -583,6 +821,89 @@ int system_bridge_addbr(struct device *bridge, struct bridge_config *cfg)
 	return 0;
 }
 
+int system_macvlan_add(struct device *macvlan, struct device *dev, struct macvlan_config *cfg)
+{
+	struct nl_msg *msg;
+	struct nlattr *linkinfo, *data;
+	struct ifinfomsg iim = { .ifi_family = AF_UNSPEC, };
+	int i, rv;
+	static const struct {
+		const char *name;
+		enum macvlan_mode val;
+	} modes[] = {
+		{ "private", MACVLAN_MODE_PRIVATE },
+		{ "vepa", MACVLAN_MODE_VEPA },
+		{ "bridge", MACVLAN_MODE_BRIDGE },
+		{ "passthru", MACVLAN_MODE_PASSTHRU },
+	};
+
+	msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL);
+
+	if (!msg)
+		return -1;
+
+	nlmsg_append(msg, &iim, sizeof(iim), 0);
+
+	if (cfg->flags & MACVLAN_OPT_MACADDR)
+		nla_put(msg, IFLA_ADDRESS, sizeof(cfg->macaddr), cfg->macaddr);
+	nla_put_string(msg, IFLA_IFNAME, macvlan->ifname);
+	nla_put_u32(msg, IFLA_LINK, dev->ifindex);
+
+	if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO)))
+		goto nla_put_failure;
+
+	nla_put_string(msg, IFLA_INFO_KIND, "macvlan");
+
+	if (!(data = nla_nest_start(msg, IFLA_INFO_DATA)))
+		goto nla_put_failure;
+
+	if (cfg->mode) {
+		for (i = 0; i < ARRAY_SIZE(modes); i++) {
+			if (strcmp(cfg->mode, modes[i].name) != 0)
+				continue;
+
+			nla_put_u32(msg, IFLA_MACVLAN_MODE, modes[i].val);
+			break;
+		}
+	}
+
+	nla_nest_end(msg, data);
+	nla_nest_end(msg, linkinfo);
+
+	rv = system_rtnl_call(msg);
+	if (rv)
+		D(SYSTEM, "Error adding macvlan '%s' over '%s': %d\n", macvlan->ifname, dev->ifname, rv);
+
+	return rv;
+
+nla_put_failure:
+	nlmsg_free(msg);
+	return -ENOMEM;
+}
+
+static int system_link_del(const char *ifname)
+{
+	struct nl_msg *msg;
+	struct ifinfomsg iim = {
+		.ifi_family = AF_UNSPEC,
+		.ifi_index = 0,
+	};
+
+	msg = nlmsg_alloc_simple(RTM_DELLINK, NLM_F_REQUEST);
+
+	if (!msg)
+		return -1;
+
+	nlmsg_append(msg, &iim, sizeof(iim), 0);
+	nla_put_string(msg, IFLA_IFNAME, ifname);
+	return system_rtnl_call(msg);
+}
+
+int system_macvlan_del(struct device *macvlan)
+{
+	return system_link_del(macvlan->ifname);
+}
+
 static int system_vlan(struct device *dev, int id)
 {
 	struct vlan_ioctl_args ifr = {
@@ -613,10 +934,63 @@ int system_vlan_del(struct device *dev)
 	return system_vlan(dev, -1);
 }
 
+int system_vlandev_add(struct device *vlandev, struct device *dev, struct vlandev_config *cfg)
+{
+	struct nl_msg *msg;
+	struct nlattr *linkinfo, *data;
+	struct ifinfomsg iim = { .ifi_family = AF_UNSPEC };
+	int rv;
+
+	msg = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_CREATE | NLM_F_EXCL);
+
+	if (!msg)
+		return -1;
+
+	nlmsg_append(msg, &iim, sizeof(iim), 0);
+	nla_put_string(msg, IFLA_IFNAME, vlandev->ifname);
+	nla_put_u32(msg, IFLA_LINK, dev->ifindex);
+	
+	if (!(linkinfo = nla_nest_start(msg, IFLA_LINKINFO)))
+		goto nla_put_failure;
+	
+	nla_put_string(msg, IFLA_INFO_KIND, "vlan");
+
+	if (!(data = nla_nest_start(msg, IFLA_INFO_DATA)))
+		goto nla_put_failure;
+
+	nla_put_u16(msg, IFLA_VLAN_ID, cfg->vid);
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3,10,0)
+	nla_put_u16(msg, IFLA_VLAN_PROTOCOL, htons(cfg->proto));
+#else
+	if(cfg->proto == VLAN_PROTO_8021AD)
+		netifd_log_message(L_WARNING, "%s Your kernel is older than linux 3.10.0, 802.1ad is not supported defaulting to 802.1q", vlandev->type->name);
+#endif
+
+	nla_nest_end(msg, data);
+	nla_nest_end(msg, linkinfo);
+
+	rv = system_rtnl_call(msg);
+	if (rv)
+		D(SYSTEM, "Error adding vlandev '%s' over '%s': %d\n", vlandev->ifname, dev->ifname, rv);
+
+	return rv;
+
+nla_put_failure:
+	nlmsg_free(msg);
+	return -ENOMEM;
+}
+
+int system_vlandev_del(struct device *vlandev)
+{
+	return system_link_del(vlandev->ifname);
+}
+
 static void
 system_if_get_settings(struct device *dev, struct device_settings *s)
 {
 	struct ifreq ifr;
+	char buf[10];
 
 	memset(&ifr, 0, sizeof(ifr));
 	strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name));
@@ -635,53 +1009,203 @@ system_if_get_settings(struct device *dev, struct device_settings *s)
 		memcpy(s->macaddr, &ifr.ifr_hwaddr.sa_data, sizeof(s->macaddr));
 		s->flags |= DEV_OPT_MACADDR;
 	}
+
+	if (!system_get_disable_ipv6(dev, buf, sizeof(buf))) {
+		s->ipv6 = !strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_IPV6;
+	}
+
+	if (ioctl(sock_ioctl, SIOCGIFFLAGS, &ifr) == 0) {
+		s->promisc = ifr.ifr_flags & IFF_PROMISC;
+		s->flags |= DEV_OPT_PROMISC;
+	}
+
+	if (!system_get_rpfilter(dev, buf, sizeof(buf))) {
+		s->rpfilter = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_RPFILTER;
+	}
+
+	if (!system_get_acceptlocal(dev, buf, sizeof(buf))) {
+		s->acceptlocal = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_ACCEPTLOCAL;
+	}
+
+	if (!system_get_igmpversion(dev, buf, sizeof(buf))) {
+		s->igmpversion = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_IGMPVERSION;
+	}
+
+	if (!system_get_mldversion(dev, buf, sizeof(buf))) {
+		s->mldversion = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_MLDVERSION;
+	}
+
+	if (!system_get_neigh4reachabletime(dev, buf, sizeof(buf))) {
+		s->neigh4reachabletime = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_NEIGHREACHABLETIME;
+	}
+
+	if (!system_get_neigh6reachabletime(dev, buf, sizeof(buf))) {
+		s->neigh6reachabletime = strtoul(buf, NULL, 0);
+		s->flags |= DEV_OPT_NEIGHREACHABLETIME;
+	}
 }
 
 void
-system_if_apply_settings(struct device *dev, struct device_settings *s)
+system_if_apply_settings(struct device *dev, struct device_settings *s, unsigned int apply_mask)
 {
 	struct ifreq ifr;
 
+	if (!apply_mask)
+		return;
+
 	memset(&ifr, 0, sizeof(ifr));
 	strncpy(ifr.ifr_name, dev->ifname, sizeof(ifr.ifr_name));
-	if (s->flags & DEV_OPT_MTU) {
+	if (s->flags & DEV_OPT_MTU & apply_mask) {
 		ifr.ifr_mtu = s->mtu;
 		if (ioctl(sock_ioctl, SIOCSIFMTU, &ifr) < 0)
 			s->flags &= ~DEV_OPT_MTU;
 	}
-	if (s->flags & DEV_OPT_TXQUEUELEN) {
+	if (s->flags & DEV_OPT_TXQUEUELEN & apply_mask) {
 		ifr.ifr_qlen = s->txqueuelen;
 		if (ioctl(sock_ioctl, SIOCSIFTXQLEN, &ifr) < 0)
 			s->flags &= ~DEV_OPT_TXQUEUELEN;
 	}
-	if ((s->flags & DEV_OPT_MACADDR) && !dev->external) {
+	if ((s->flags & DEV_OPT_MACADDR & apply_mask) && !dev->external) {
 		ifr.ifr_hwaddr.sa_family = ARPHRD_ETHER;
 		memcpy(&ifr.ifr_hwaddr.sa_data, s->macaddr, sizeof(s->macaddr));
 		if (ioctl(sock_ioctl, SIOCSIFHWADDR, &ifr) < 0)
 			s->flags &= ~DEV_OPT_MACADDR;
 	}
+	if (s->flags & DEV_OPT_IPV6 & apply_mask)
+		system_set_disable_ipv6(dev, s->ipv6 ? "0" : "1");
+	if (s->flags & DEV_OPT_PROMISC & apply_mask) {
+		if (system_if_flags(dev->ifname, s->promisc ? IFF_PROMISC : 0,
+				    !s->promisc ? IFF_PROMISC : 0) < 0)
+			s->flags &= ~DEV_OPT_PROMISC;
+	}
+	if (s->flags & DEV_OPT_RPFILTER & apply_mask) {
+		char buf[2];
+
+		snprintf(buf, sizeof(buf), "%d", s->rpfilter);
+		system_set_rpfilter(dev, buf);
+	}
+	if (s->flags & DEV_OPT_ACCEPTLOCAL & apply_mask)
+		system_set_acceptlocal(dev, s->acceptlocal ? "1" : "0");
+	if (s->flags & DEV_OPT_IGMPVERSION & apply_mask) {
+		char buf[2];
+
+		snprintf(buf, sizeof(buf), "%d", s->igmpversion);
+		system_set_igmpversion(dev, buf);
+	}
+	if (s->flags & DEV_OPT_MLDVERSION & apply_mask) {
+		char buf[2];
+
+		snprintf(buf, sizeof(buf), "%d", s->mldversion);
+		system_set_mldversion(dev, buf);
+	}
+	if (s->flags & DEV_OPT_NEIGHREACHABLETIME & apply_mask) {
+		char buf[12];
+
+		snprintf(buf, sizeof(buf), "%d", s->neigh4reachabletime);
+		system_set_neigh4reachabletime(dev, buf);
+		snprintf(buf, sizeof(buf), "%d", s->neigh6reachabletime);
+		system_set_neigh6reachabletime(dev, buf);
+	}
 }
 
 int system_if_up(struct device *dev)
 {
 	system_if_get_settings(dev, &dev->orig_settings);
-	system_if_apply_settings(dev, &dev->settings);
-	dev->ifindex = system_if_resolve(dev);
+	/* Only keep orig settings based on what needs to be set */
+	dev->orig_settings.flags &= dev->settings.flags;
+	system_if_apply_settings(dev, &dev->settings, dev->settings.flags);
 	return system_if_flags(dev->ifname, IFF_UP, 0);
 }
 
 int system_if_down(struct device *dev)
 {
 	int ret = system_if_flags(dev->ifname, 0, IFF_UP);
-	dev->orig_settings.flags &= dev->settings.flags;
-	system_if_apply_settings(dev, &dev->orig_settings);
+	system_if_apply_settings(dev, &dev->orig_settings, dev->orig_settings.flags);
 	return ret;
 }
 
+struct if_check_data {
+	struct device *dev;
+	int pending;
+	int ret;
+};
+
+#ifndef IFF_LOWER_UP
+#define IFF_LOWER_UP	0x10000
+#endif
+
+static int cb_if_check_valid(struct nl_msg *msg, void *arg)
+{
+	struct nlmsghdr *nh = nlmsg_hdr(msg);
+	struct ifinfomsg *ifi = NLMSG_DATA(nh);
+	struct if_check_data *chk = (struct if_check_data *)arg;
+
+	if (nh->nlmsg_type != RTM_NEWLINK)
+		return NL_SKIP;
+
+	device_set_present(chk->dev, ifi->ifi_index > 0 ? true : false);
+	device_set_link(chk->dev, ifi->ifi_flags & IFF_LOWER_UP ? true : false);
+
+	return NL_OK;
+}
+
+static int cb_if_check_ack(struct nl_msg *msg, void *arg)
+{
+	struct if_check_data *chk = (struct if_check_data *)arg;
+	chk->pending = 0;
+	return NL_STOP;
+}
+
+static int cb_if_check_error(struct sockaddr_nl *nla, struct nlmsgerr *err, void *arg)
+{
+	struct if_check_data *chk = (struct if_check_data *)arg;
+
+	device_set_present(chk->dev, false);
+	device_set_link(chk->dev, false);
+	chk->pending = err->error;
+
+	return NL_STOP;
+}
+
 int system_if_check(struct device *dev)
 {
-	device_set_present(dev, (system_if_resolve(dev) > 0));
-	return 0;
+	struct nl_cb *cb = nl_cb_alloc(NL_CB_DEFAULT);
+	struct nl_msg *msg;
+	struct ifinfomsg ifi = {
+		.ifi_family = AF_UNSPEC,
+		.ifi_index = 0,
+	};
+	struct if_check_data chk = {
+		.dev = dev,
+		.pending = 1,
+	};
+	int ret = 1;
+
+	msg = nlmsg_alloc_simple(RTM_GETLINK, 0);
+	if (!msg || nlmsg_append(msg, &ifi, sizeof(ifi), 0) ||
+	    nla_put_string(msg, IFLA_IFNAME, dev->ifname))
+		goto out;
+
+	nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, cb_if_check_valid, &chk);
+	nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, cb_if_check_ack, &chk);
+	nl_cb_err(cb, NL_CB_CUSTOM, cb_if_check_error, &chk);
+
+	nl_send_auto_complete(sock_rtnl, msg);
+	while (chk.pending > 0)
+		nl_recvmsgs(sock_rtnl, cb);
+
+	nlmsg_free(msg);
+	ret = chk.pending;
+
+out:
+	nl_cb_put(cb);
+	return ret;
 }
 
 struct device *
@@ -799,14 +1323,10 @@ system_if_dump_info(struct device *dev, struct blob_buf *b)
 	char buf[64], *s;
 	void *c;
 	int dir_fd;
-	uint64_t val = 0;
 
 	snprintf(buf, sizeof(buf), "/sys/class/net/%s", dev->ifname);
 	dir_fd = open(buf, O_DIRECTORY);
 
-	if (read_uint64_file(dir_fd, "carrier", &val))
-		blobmsg_add_u8(b, "link", !!val);
-
 	memset(&ecmd, 0, sizeof(ecmd));
 	memset(&ifr, 0, sizeof(ifr));
 	strcpy(ifr.ifr_name, dev->ifname);
@@ -894,17 +1414,21 @@ static int system_addr(struct device *dev, struct device_addr *addr, int cmd)
 		struct ifa_cacheinfo cinfo = {0xffffffffU, 0xffffffffU, 0, 0};
 
 		if (addr->preferred_until) {
-			int preferred = addr->preferred_until - now;
+			int64_t preferred = addr->preferred_until - now;
 			if (preferred < 0)
 				preferred = 0;
+			else if (preferred > UINT32_MAX)
+				preferred = UINT32_MAX;
 
 			cinfo.ifa_prefered = preferred;
 		}
 
 		if (addr->valid_until) {
-			int valid = addr->valid_until - now;
+			int64_t valid = addr->valid_until - now;
 			if (valid <= 0)
 				return -1;
+			else if (valid > UINT32_MAX)
+				valid = UINT32_MAX;
 
 			cinfo.ifa_valid = valid;
 		}
@@ -939,18 +1463,18 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd)
 			route->nexthop.in6.s6_addr32[2] ||
 			route->nexthop.in6.s6_addr32[3];
 
-	unsigned char scope = (cmd == RTM_DELROUTE) ? RT_SCOPE_NOWHERE :
-			(have_gw) ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK;
-
-	unsigned int table = (route->flags & DEVROUTE_TABLE) ? route->table : RT_TABLE_MAIN;
+	unsigned int table = (route->flags & (DEVROUTE_TABLE | DEVROUTE_SRCTABLE))
+			? route->table : RT_TABLE_MAIN;
 
 	struct rtmsg rtm = {
 		.rtm_family = (alen == 4) ? AF_INET : AF_INET6,
 		.rtm_dst_len = route->mask,
+		.rtm_src_len = route->sourcemask,
 		.rtm_table = (table < 256) ? table : RT_TABLE_UNSPEC,
 		.rtm_protocol = (route->flags & DEVADDR_KERNEL) ? RTPROT_KERNEL : RTPROT_STATIC,
-		.rtm_scope = scope,
+		.rtm_scope = RT_SCOPE_NOWHERE,
 		.rtm_type = (cmd == RTM_DELROUTE) ? 0: RTN_UNICAST,
+		.rtm_flags = (route->flags & DEVROUTE_ONLINK) ? RTNH_F_ONLINK : 0,
 	};
 	struct nl_msg *msg;
 
@@ -961,6 +1485,28 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd)
 			rtm.rtm_scope = RT_SCOPE_UNIVERSE;
 			rtm.rtm_type = RTN_UNREACHABLE;
 		}
+		else
+			rtm.rtm_scope = (have_gw) ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK;
+	}
+
+	if (route->flags & DEVROUTE_TYPE) {
+		rtm.rtm_type = route->type;
+		if (!(route->flags & (DEVROUTE_TABLE | DEVROUTE_SRCTABLE))) {
+			if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_BROADCAST ||
+			    rtm.rtm_type == RTN_NAT || rtm.rtm_type == RTN_ANYCAST)
+				rtm.rtm_table = RT_TABLE_LOCAL;
+		}
+
+		if (rtm.rtm_type == RTN_LOCAL || rtm.rtm_type == RTN_NAT) {
+			rtm.rtm_scope = RT_SCOPE_HOST;
+		} else if (rtm.rtm_type == RTN_BROADCAST || rtm.rtm_type == RTN_MULTICAST ||
+				rtm.rtm_type == RTN_ANYCAST) {
+			rtm.rtm_scope = RT_SCOPE_LINK;
+		} else if (rtm.rtm_type == RTN_BLACKHOLE || rtm.rtm_type == RTN_UNREACHABLE ||
+				rtm.rtm_type == RTN_PROHIBIT || rtm.rtm_type == RTN_FAILED_POLICY) {
+			rtm.rtm_scope = RT_SCOPE_UNIVERSE;
+			dev = NULL;
+		}
 	}
 
 	msg = nlmsg_alloc_simple(cmd, flags);
@@ -972,6 +1518,13 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd)
 	if (route->mask)
 		nla_put(msg, RTA_DST, alen, &route->addr);
 
+	if (route->sourcemask) {
+		if (rtm.rtm_family == AF_INET)
+			nla_put(msg, RTA_PREFSRC, alen, &route->source);
+		else
+			nla_put(msg, RTA_SRC, alen, &route->source);
+	}
+
 	if (route->metric > 0)
 		nla_put_u32(msg, RTA_PRIORITY, route->metric);
 
@@ -984,7 +1537,22 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd)
 	if (table >= 256)
 		nla_put_u32(msg, RTA_TABLE, table);
 
+	if (route->flags & DEVROUTE_MTU) {
+		struct nlattr *metrics;
+
+		if (!(metrics = nla_nest_start(msg, RTA_METRICS)))
+			goto nla_put_failure;
+
+		nla_put_u32(msg, RTAX_MTU, route->mtu);
+
+		nla_nest_end(msg, metrics);
+	}
+
 	return system_rtnl_call(msg);
+
+nla_put_failure:
+	nlmsg_free(msg);
+	return -ENOMEM;
 }
 
 int system_add_route(struct device *dev, struct device_route *route)
@@ -1010,12 +1578,17 @@ int system_flush_routes(void)
 		if (fd < 0)
 			continue;
 
-		write(fd, "-1", 2);
+		if (write(fd, "-1", 2)) {}
 		close(fd);
 	}
 	return 0;
 }
 
+bool system_resolve_rt_type(const char *type, unsigned int *id)
+{
+	return system_rtn_aton(type, id);
+}
+
 bool system_resolve_rt_table(const char *name, unsigned int *id)
 {
 	FILE *f;
@@ -1058,14 +1631,172 @@ bool system_resolve_rt_table(const char *name, unsigned int *id)
 	if (table == RT_TABLE_UNSPEC)
 		return false;
 
-	/* do not consider main table special */
-	if (table == RT_TABLE_MAIN)
-		table = RT_TABLE_UNSPEC;
-
 	*id = table;
 	return true;
 }
 
+bool system_is_default_rt_table(unsigned int id)
+{
+	return (id == RT_TABLE_MAIN);
+}
+
+bool system_resolve_rpfilter(const char *filter, unsigned int *id)
+{
+	char *e;
+	unsigned int n;
+
+	if (!strcmp(filter, "strict"))
+		n = 1;
+	else if (!strcmp(filter, "loose"))
+		n = 2;
+	else {
+		n = strtoul(filter, &e, 0);
+		if (*e || e == filter || n > 2)
+			return false;
+	}
+
+	*id = n;
+	return true;
+}
+
+static int system_iprule(struct iprule *rule, int cmd)
+{
+	int alen = ((rule->flags & IPRULE_FAMILY) == IPRULE_INET4) ? 4 : 16;
+
+	struct nl_msg *msg;
+	struct rtmsg rtm = {
+		.rtm_family = (alen == 4) ? AF_INET : AF_INET6,
+		.rtm_protocol = RTPROT_STATIC,
+		.rtm_scope = RT_SCOPE_UNIVERSE,
+		.rtm_table = RT_TABLE_UNSPEC,
+		.rtm_type = RTN_UNSPEC,
+		.rtm_flags = 0,
+	};
+
+	if (cmd == RTM_NEWRULE) {
+		rtm.rtm_type = RTN_UNICAST;
+		rtm.rtm_flags |= NLM_F_REPLACE | NLM_F_EXCL;
+	}
+
+	if (rule->invert)
+		rtm.rtm_flags |= FIB_RULE_INVERT;
+
+	if (rule->flags & IPRULE_SRC)
+		rtm.rtm_src_len = rule->src_mask;
+
+	if (rule->flags & IPRULE_DEST)
+		rtm.rtm_dst_len = rule->dest_mask;
+
+	if (rule->flags & IPRULE_TOS)
+		rtm.rtm_tos = rule->tos;
+
+	if (rule->flags & IPRULE_LOOKUP) {
+		if (rule->lookup < 256)
+			rtm.rtm_table = rule->lookup;
+	}
+
+	if (rule->flags & IPRULE_ACTION)
+		rtm.rtm_type = rule->action;
+	else if (rule->flags & IPRULE_GOTO)
+		rtm.rtm_type = FR_ACT_GOTO;
+	else if (!(rule->flags & (IPRULE_LOOKUP | IPRULE_ACTION | IPRULE_GOTO)))
+		rtm.rtm_type = FR_ACT_NOP;
+
+	msg = nlmsg_alloc_simple(cmd, NLM_F_REQUEST);
+
+	if (!msg)
+		return -1;
+
+	nlmsg_append(msg, &rtm, sizeof(rtm), 0);
+
+	if (rule->flags & IPRULE_IN)
+		nla_put(msg, FRA_IFNAME, strlen(rule->in_dev) + 1, rule->in_dev);
+
+	if (rule->flags & IPRULE_OUT)
+		nla_put(msg, FRA_OIFNAME, strlen(rule->out_dev) + 1, rule->out_dev);
+
+	if (rule->flags & IPRULE_SRC)
+		nla_put(msg, FRA_SRC, alen, &rule->src_addr);
+
+	if (rule->flags & IPRULE_DEST)
+		nla_put(msg, FRA_DST, alen, &rule->dest_addr);
+
+	if (rule->flags & IPRULE_PRIORITY)
+		nla_put_u32(msg, FRA_PRIORITY, rule->priority);
+	else if (cmd == RTM_NEWRULE)
+		nla_put_u32(msg, FRA_PRIORITY, rule->order);
+
+	if (rule->flags & IPRULE_FWMARK)
+		nla_put_u32(msg, FRA_FWMARK, rule->fwmark);
+
+	if (rule->flags & IPRULE_FWMASK)
+		nla_put_u32(msg, FRA_FWMASK, rule->fwmask);
+
+	if (rule->flags & IPRULE_LOOKUP) {
+		if (rule->lookup >= 256)
+			nla_put_u32(msg, FRA_TABLE, rule->lookup);
+	}
+
+	if (rule->flags & IPRULE_GOTO)
+		nla_put_u32(msg, FRA_GOTO, rule->gotoid);
+
+	return system_rtnl_call(msg);
+}
+
+int system_add_iprule(struct iprule *rule)
+{
+	return system_iprule(rule, RTM_NEWRULE);
+}
+
+int system_del_iprule(struct iprule *rule)
+{
+	return system_iprule(rule, RTM_DELRULE);
+}
+
+int system_flush_iprules(void)
+{
+	int rv = 0;
+	struct iprule rule;
+
+	system_if_clear_entries(NULL, RTM_GETRULE, AF_INET);
+	system_if_clear_entries(NULL, RTM_GETRULE, AF_INET6);
+
+	memset(&rule, 0, sizeof(rule));
+
+
+	rule.flags = IPRULE_INET4 | IPRULE_PRIORITY | IPRULE_LOOKUP;
+
+	rule.priority = 0;
+	rule.lookup = RT_TABLE_LOCAL;
+	rv |= system_iprule(&rule, RTM_NEWRULE);
+
+	rule.priority = 32766;
+	rule.lookup = RT_TABLE_MAIN;
+	rv |= system_iprule(&rule, RTM_NEWRULE);
+
+	rule.priority = 32767;
+	rule.lookup = RT_TABLE_DEFAULT;
+	rv |= system_iprule(&rule, RTM_NEWRULE);
+
+
+	rule.flags = IPRULE_INET6 | IPRULE_PRIORITY | IPRULE_LOOKUP;
+
+	rule.priority = 0;
+	rule.lookup = RT_TABLE_LOCAL;
+	rv |= system_iprule(&rule, RTM_NEWRULE);
+
+	rule.priority = 32766;
+	rule.lookup = RT_TABLE_MAIN;
+	rv |= system_iprule(&rule, RTM_NEWRULE);
+
+	return rv;
+}
+
+bool system_resolve_iprule_action(const char *action, unsigned int *id)
+{
+	return system_rtn_aton(action, id);
+}
+
 time_t system_get_rtime(void)
 {
 	struct timespec ts;
@@ -1084,14 +1815,6 @@ time_t system_get_rtime(void)
 #define IP_DF       0x4000
 #endif
 
-static void tunnel_parm_init(struct ip_tunnel_parm *p)
-{
-	memset(p, 0, sizeof(*p));
-	p->iph.version = 4;
-	p->iph.ihl = 5;
-	p->iph.frag_off = htons(IP_DF);
-}
-
 static int tunnel_ioctl(const char *name, int cmd, void *p)
 {
 	struct ifreq ifr;
@@ -1102,12 +1825,271 @@ static int tunnel_ioctl(const char *name, int cmd, void *p)
 	return ioctl(sock_ioctl, cmd, &ifr);
 }
 
-int system_del_ip_tunnel(const char *name)
+#ifdef IFLA_IPTUN_MAX
+#define IP6_FLOWINFO_TCLASS	htonl(0x0FF00000)
+static int system_add_gre_tunnel(const char *name, const char *kind,
+				 const unsigned int link, struct blob_attr **tb, bool v6)
+{
+	struct nl_msg *nlm;
+	struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, };
+	struct blob_attr *cur;
+	uint32_t ikey = 0, okey = 0, flags = 0, flowinfo = 0;
+	uint16_t iflags = 0, oflags = 0;
+	uint8_t tos = 0;
+	int ret = 0, ttl = 64;
+
+	nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE);
+	if (!nlm)
+		return -1;
+
+	nlmsg_append(nlm, &ifi, sizeof(ifi), 0);
+	nla_put_string(nlm, IFLA_IFNAME, name);
+
+	struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO);
+	if (!linkinfo) {
+		ret = -ENOMEM;
+		goto failure;
+	}
+
+	nla_put_string(nlm, IFLA_INFO_KIND, kind);
+	struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA);
+	if (!infodata) {
+		ret = -ENOMEM;
+		goto failure;
+	}
+
+	if (link)
+		nla_put_u32(nlm, IFLA_GRE_LINK, link);
+
+	if ((cur = tb[TUNNEL_ATTR_TTL]))
+		ttl = blobmsg_get_u32(cur);
+
+	nla_put_u8(nlm, IFLA_GRE_TTL, ttl);
+
+	if ((cur = tb[TUNNEL_ATTR_TOS])) {
+		char *str = blobmsg_get_string(cur);
+		if (strcmp(str, "inherit")) {
+			unsigned uval;
+
+			if (!system_tos_aton(str, &uval)) {
+				ret = -EINVAL;
+				goto failure;
+			}
+
+			if (v6)
+				flowinfo |= htonl(uval << 20) & IP6_FLOWINFO_TCLASS;
+			else
+				tos = uval;
+		} else {
+			if (v6)
+				flags |= IP6_TNL_F_USE_ORIG_TCLASS;
+			else
+				tos = 1;
+		}
+        }
+
+	if ((cur = tb[TUNNEL_ATTR_INFO]) && (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)) {
+		uint8_t icsum, ocsum, iseqno, oseqno;
+		if (sscanf(blobmsg_get_string(cur), "%u,%u,%hhu,%hhu,%hhu,%hhu",
+			&ikey, &okey, &icsum, &ocsum, &iseqno, &oseqno) < 6) {
+			ret = -EINVAL;
+			goto failure;
+		}
+
+		if (ikey)
+			iflags |= GRE_KEY;
+
+		if (okey)
+			oflags |= GRE_KEY;
+
+		if (icsum)
+			iflags |= GRE_CSUM;
+
+		if (ocsum)
+			oflags |= GRE_CSUM;
+
+		if (iseqno)
+			iflags |= GRE_SEQ;
+
+		if (oseqno)
+			oflags |= GRE_SEQ;
+	}
+
+	if (v6) {
+		struct in6_addr in6buf;
+		if ((cur = tb[TUNNEL_ATTR_LOCAL])) {
+			if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) {
+				ret = -EINVAL;
+				goto failure;
+			}
+			nla_put(nlm, IFLA_GRE_LOCAL, sizeof(in6buf), &in6buf);
+		}
+
+		if ((cur = tb[TUNNEL_ATTR_REMOTE])) {
+			if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) {
+				ret = -EINVAL;
+				goto failure;
+			}
+			nla_put(nlm, IFLA_GRE_REMOTE, sizeof(in6buf), &in6buf);
+		}
+		nla_put_u8(nlm, IFLA_GRE_ENCAP_LIMIT, 4);
+
+		if (flowinfo)
+			nla_put_u32(nlm, IFLA_GRE_FLOWINFO, flowinfo);
+
+		if (flags)
+			nla_put_u32(nlm, IFLA_GRE_FLAGS, flags);
+	} else {
+		struct in_addr inbuf;
+		bool set_df = true;
+
+		if ((cur = tb[TUNNEL_ATTR_LOCAL])) {
+			if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) {
+				ret = -EINVAL;
+				goto failure;
+			}
+			nla_put(nlm, IFLA_GRE_LOCAL, sizeof(inbuf), &inbuf);
+		}
+
+		if ((cur = tb[TUNNEL_ATTR_REMOTE])) {
+			if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) {
+				ret = -EINVAL;
+				goto failure;
+			}
+			nla_put(nlm, IFLA_GRE_REMOTE, sizeof(inbuf), &inbuf);
+
+			if (IN_MULTICAST(ntohl(inbuf.s_addr))) {
+				if (!okey) {
+					okey = inbuf.s_addr;
+					oflags |= GRE_KEY;
+				}
+
+				if (!ikey) {
+					ikey = inbuf.s_addr;
+					iflags |= GRE_KEY;
+				}
+			}
+		}
+
+		if ((cur = tb[TUNNEL_ATTR_DF]))
+			set_df = blobmsg_get_bool(cur);
+
+		/* ttl !=0 and nopmtudisc are incompatible */
+		if (ttl && !set_df) {
+			ret = -EINVAL;
+			goto failure;
+		}
+
+		nla_put_u8(nlm, IFLA_GRE_PMTUDISC, set_df ? 1 : 0);
+
+		nla_put_u8(nlm, IFLA_GRE_TOS, tos);
+	}
+
+	if (oflags)
+		nla_put_u16(nlm, IFLA_GRE_OFLAGS, oflags);
+
+	if (iflags)
+		nla_put_u16(nlm, IFLA_GRE_IFLAGS, iflags);
+
+	if (okey)
+		nla_put_u32(nlm, IFLA_GRE_OKEY, okey);
+
+	if (ikey)
+		nla_put_u32(nlm, IFLA_GRE_IKEY, ikey);
+
+	nla_nest_end(nlm, infodata);
+	nla_nest_end(nlm, linkinfo);
+
+	return system_rtnl_call(nlm);
+
+failure:
+	nlmsg_free(nlm);
+	return ret;
+}
+#endif
+
+static int system_add_proto_tunnel(const char *name, const uint8_t proto, const unsigned int link, struct blob_attr **tb)
+{
+	struct blob_attr *cur;
+	bool set_df = true;
+	struct ip_tunnel_parm p  = {
+	        .link = link,
+		.iph = {
+			.version = 4,
+			.ihl = 5,
+			.protocol = proto,
+		}
+	};
+
+	if ((cur = tb[TUNNEL_ATTR_LOCAL]) &&
+			inet_pton(AF_INET, blobmsg_data(cur), &p.iph.saddr) < 1)
+		return -EINVAL;
+
+	if ((cur = tb[TUNNEL_ATTR_REMOTE]) &&
+			inet_pton(AF_INET, blobmsg_data(cur), &p.iph.daddr) < 1)
+		return -EINVAL;
+
+	if ((cur = tb[TUNNEL_ATTR_DF]))
+		set_df = blobmsg_get_bool(cur);
+
+	if ((cur = tb[TUNNEL_ATTR_TTL]))
+		p.iph.ttl = blobmsg_get_u32(cur);
+
+	if ((cur = tb[TUNNEL_ATTR_TOS])) {
+		char *str = blobmsg_get_string(cur);
+		if (strcmp(str, "inherit")) {
+			unsigned uval;
+
+			if (!system_tos_aton(str, &uval))
+				return -EINVAL;
+
+			p.iph.tos = uval;
+		} else
+			p.iph.tos = 1;
+	}
+
+	p.iph.frag_off = set_df ? htons(IP_DF) : 0;
+	/* ttl !=0 and nopmtudisc are incompatible */
+	if (p.iph.ttl && p.iph.frag_off == 0)
+		return -EINVAL;
+
+	strncpy(p.name, name, sizeof(p.name));
+
+	switch (p.iph.protocol) {
+	case IPPROTO_IPIP:
+		return tunnel_ioctl("tunl0", SIOCADDTUNNEL, &p);
+	case IPPROTO_IPV6:
+		return tunnel_ioctl("sit0", SIOCADDTUNNEL, &p);
+	default:
+		break;
+	}
+	return -1;
+}
+
+static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb)
+{
+	struct blob_attr *cur;
+	const char *str;
+
+	if (!(cur = tb[TUNNEL_ATTR_TYPE]))
+		return -EINVAL;
+	str = blobmsg_data(cur);
+
+	if (!strcmp(str, "greip") || !strcmp(str, "gretapip") ||
+	    !strcmp(str, "greip6") || !strcmp(str, "gretapip6"))
+		return system_link_del(name);
+	else
+		return tunnel_ioctl(name, SIOCDELTUNNEL, NULL);
+}
+
+int system_del_ip_tunnel(const char *name, struct blob_attr *attr)
 {
-	struct ip_tunnel_parm p;
+	struct blob_attr *tb[__TUNNEL_ATTR_MAX];
+
+	blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb,
+		blob_data(attr), blob_len(attr));
 
-	tunnel_parm_init(&p);
-	return tunnel_ioctl(name, SIOCDELTUNNEL, &p);
+	return __system_del_ip_tunnel(name, tb);
 }
 
 int system_update_ipv6_mtu(struct device *dev, int mtu)
@@ -1137,86 +2119,184 @@ out:
 	return ret;
 }
 
-static int parse_ipaddr(struct blob_attr *attr, __be32 *addr)
-{
-	if (!attr)
-		return 1;
-
-	return inet_pton(AF_INET, blobmsg_data(attr), (void *) addr);
-}
-
-
 int system_add_ip_tunnel(const char *name, struct blob_attr *attr)
 {
 	struct blob_attr *tb[__TUNNEL_ATTR_MAX];
 	struct blob_attr *cur;
-	struct ip_tunnel_parm p;
-	const char *base, *str;
-	bool is_sit;
-
-	system_del_ip_tunnel(name);
-
-	tunnel_parm_init(&p);
+	const char *str;
 
 	blobmsg_parse(tunnel_attr_list.params, __TUNNEL_ATTR_MAX, tb,
 		blob_data(attr), blob_len(attr));
 
+	__system_del_ip_tunnel(name, tb);
+
 	if (!(cur = tb[TUNNEL_ATTR_TYPE]))
 		return -EINVAL;
 	str = blobmsg_data(cur);
-	is_sit = !strcmp(str, "sit");
-
-	if (is_sit) {
-		p.iph.protocol = IPPROTO_IPV6;
-		base = "sit0";
-	} else
-		return -EINVAL;
-
-	if (!parse_ipaddr(tb[TUNNEL_ATTR_LOCAL], &p.iph.saddr))
-		return -EINVAL;
-
-	if (!parse_ipaddr(tb[TUNNEL_ATTR_REMOTE], &p.iph.daddr))
-		return -EINVAL;
 
+	unsigned int ttl = 0;
 	if ((cur = tb[TUNNEL_ATTR_TTL])) {
-		unsigned int val = blobmsg_get_u32(cur);
+		ttl = blobmsg_get_u32(cur);
+		if (ttl > 255)
+			return -EINVAL;
+	}
 
-		if (val > 255)
+	unsigned int link = 0;
+	if ((cur = tb[TUNNEL_ATTR_LINK])) {
+		struct interface *iface = vlist_find(&interfaces, blobmsg_data(cur), iface, node);
+		if (!iface)
 			return -EINVAL;
 
-		p.iph.ttl = val;
+		if (iface->l3_dev.dev)
+			link = iface->l3_dev.dev->ifindex;
 	}
 
-	strncpy(p.name, name, sizeof(p.name));
-	if (tunnel_ioctl(base, SIOCADDTUNNEL, &p) < 0)
-		return -1;
+	if (!strcmp(str, "sit")) {
+		if (system_add_proto_tunnel(name, IPPROTO_IPV6, link, tb) < 0)
+			return -1;
 
 #ifdef SIOCADD6RD
-	cur = tb[TUNNEL_ATTR_6RD_PREFIX];
-	if (cur && is_sit) {
-		unsigned int mask;
-		struct ip_tunnel_6rd p6;
+		if ((cur = tb[TUNNEL_ATTR_6RD_PREFIX])) {
+			unsigned int mask;
+			struct ip_tunnel_6rd p6;
 
-		memset(&p6, 0, sizeof(p6));
+			memset(&p6, 0, sizeof(p6));
 
-		if (!parse_ip_and_netmask(AF_INET6, blobmsg_data(cur),
-					&p6.prefix, &mask) || mask > 128)
-			return -EINVAL;
-		p6.prefixlen = mask;
-
-		if ((cur = tb[TUNNEL_ATTR_6RD_RELAY_PREFIX])) {
-			if (!parse_ip_and_netmask(AF_INET, blobmsg_data(cur),
-						&p6.relay_prefix, &mask) || mask > 32)
+			if (!parse_ip_and_netmask(AF_INET6, blobmsg_data(cur),
+						&p6.prefix, &mask) || mask > 128)
 				return -EINVAL;
-			p6.relay_prefixlen = mask;
-		}
+			p6.prefixlen = mask;
 
-		if (tunnel_ioctl(name, SIOCADD6RD, &p6) < 0) {
-			system_del_ip_tunnel(name);
+			if ((cur = tb[TUNNEL_ATTR_6RD_RELAY_PREFIX])) {
+				if (!parse_ip_and_netmask(AF_INET, blobmsg_data(cur),
+							&p6.relay_prefix, &mask) || mask > 32)
+					return -EINVAL;
+				p6.relay_prefixlen = mask;
+			}
+
+			if (tunnel_ioctl(name, SIOCADD6RD, &p6) < 0) {
+				__system_del_ip_tunnel(name, tb);
+				return -1;
+			}
+		}
+#endif
+#ifdef IFLA_IPTUN_MAX
+	} else if (!strcmp(str, "ipip6")) {
+		struct nl_msg *nlm = nlmsg_alloc_simple(RTM_NEWLINK,
+				NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE);
+		struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC };
+		int ret = 0;
+
+		if (!nlm)
 			return -1;
+
+		nlmsg_append(nlm, &ifi, sizeof(ifi), 0);
+		nla_put_string(nlm, IFLA_IFNAME, name);
+
+		if (link)
+			nla_put_u32(nlm, IFLA_LINK, link);
+
+		struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO);
+		if (!linkinfo) {
+			ret = -ENOMEM;
+			goto failure;
+		}
+		nla_put_string(nlm, IFLA_INFO_KIND, "ip6tnl");
+		struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA);
+		if (!infodata) {
+			ret = -ENOMEM;
+			goto failure;
+		}
+
+		if (link)
+			nla_put_u32(nlm, IFLA_IPTUN_LINK, link);
+
+		nla_put_u8(nlm, IFLA_IPTUN_PROTO, IPPROTO_IPIP);
+		nla_put_u8(nlm, IFLA_IPTUN_TTL, (ttl) ? ttl : 64);
+		nla_put_u8(nlm, IFLA_IPTUN_ENCAP_LIMIT, 4);
+
+		struct in6_addr in6buf;
+		if ((cur = tb[TUNNEL_ATTR_LOCAL])) {
+			if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) {
+				ret = -EINVAL;
+				goto failure;
+			}
+			nla_put(nlm, IFLA_IPTUN_LOCAL, sizeof(in6buf), &in6buf);
+		}
+
+		if ((cur = tb[TUNNEL_ATTR_REMOTE])) {
+			if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) {
+				ret = -EINVAL;
+				goto failure;
+			}
+			nla_put(nlm, IFLA_IPTUN_REMOTE, sizeof(in6buf), &in6buf);
+		}
+
+#ifdef IFLA_IPTUN_FMR_MAX
+		if ((cur = tb[TUNNEL_ATTR_FMRS])) {
+			struct nlattr *fmrs = nla_nest_start(nlm, IFLA_IPTUN_FMRS);
+
+			struct blob_attr *fmr;
+			unsigned rem, fmrcnt = 0;
+			blobmsg_for_each_attr(fmr, cur, rem) {
+				if (blobmsg_type(fmr) != BLOBMSG_TYPE_STRING)
+					continue;
+
+				unsigned ip4len, ip6len, ealen, offset = 6;
+				char ip6buf[48];
+				char ip4buf[16];
+
+				if (sscanf(blobmsg_get_string(fmr), "%47[^/]/%u,%15[^/]/%u,%u,%u",
+						ip6buf, &ip6len, ip4buf, &ip4len, &ealen, &offset) < 5) {
+					ret = -EINVAL;
+					goto failure;
+				}
+
+				struct in6_addr ip6prefix;
+				struct in_addr ip4prefix;
+				if (inet_pton(AF_INET6, ip6buf, &ip6prefix) != 1 ||
+						inet_pton(AF_INET, ip4buf, &ip4prefix) != 1) {
+					ret = -EINVAL;
+					goto failure;
+				}
+
+				struct nlattr *rule = nla_nest_start(nlm, ++fmrcnt);
+
+				nla_put(nlm, IFLA_IPTUN_FMR_IP6_PREFIX, sizeof(ip6prefix), &ip6prefix);
+				nla_put(nlm, IFLA_IPTUN_FMR_IP4_PREFIX, sizeof(ip4prefix), &ip4prefix);
+				nla_put_u8(nlm, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, ip6len);
+				nla_put_u8(nlm, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, ip4len);
+				nla_put_u8(nlm, IFLA_IPTUN_FMR_EA_LEN, ealen);
+				nla_put_u8(nlm, IFLA_IPTUN_FMR_OFFSET, offset);
+
+				nla_nest_end(nlm, rule);
+			}
+
+			nla_nest_end(nlm, fmrs);
 		}
-	}
 #endif
 
+		nla_nest_end(nlm, infodata);
+		nla_nest_end(nlm, linkinfo);
+
+		return system_rtnl_call(nlm);
+failure:
+		nlmsg_free(nlm);
+		return ret;
+	} else if (!strcmp(str, "greip")) {
+		return system_add_gre_tunnel(name, "gre", link, tb, false);
+	} else if (!strcmp(str, "gretapip"))  {
+		return system_add_gre_tunnel(name, "gretap", link, tb, false);
+	} else if (!strcmp(str, "greip6")) {
+		return system_add_gre_tunnel(name, "ip6gre", link, tb, true);
+	} else if (!strcmp(str, "gretapip6")) {
+		return system_add_gre_tunnel(name, "ip6gretap", link, tb, true);
+#endif
+	} else if (!strcmp(str, "ipip")) {
+		return system_add_proto_tunnel(name, IPPROTO_IPIP, link, tb);
+	}
+	else
+		return -EINVAL;
+
 	return 0;
 }