+#ifdef IFLA_IPTUN_MAX
+#define IP6_FLOWINFO_TCLASS htonl(0x0FF00000)
+static int system_add_gre_tunnel(const char *name, const char *kind,
+ const unsigned int link, struct blob_attr **tb, bool v6)
+{
+ struct nl_msg *nlm;
+ struct ifinfomsg ifi = { .ifi_family = AF_UNSPEC, };
+ struct blob_attr *cur;
+ uint32_t ikey = 0, okey = 0, flags = 0, flowinfo = 0;
+ uint16_t iflags = 0, oflags = 0;
+ uint8_t tos = 0;
+ int ret = 0, ttl = 64;
+
+ nlm = nlmsg_alloc_simple(RTM_NEWLINK, NLM_F_REQUEST | NLM_F_REPLACE | NLM_F_CREATE);
+ if (!nlm)
+ return -1;
+
+ nlmsg_append(nlm, &ifi, sizeof(ifi), 0);
+ nla_put_string(nlm, IFLA_IFNAME, name);
+
+ struct nlattr *linkinfo = nla_nest_start(nlm, IFLA_LINKINFO);
+ if (!linkinfo) {
+ ret = -ENOMEM;
+ goto failure;
+ }
+
+ nla_put_string(nlm, IFLA_INFO_KIND, kind);
+ struct nlattr *infodata = nla_nest_start(nlm, IFLA_INFO_DATA);
+ if (!infodata) {
+ ret = -ENOMEM;
+ goto failure;
+ }
+
+ if (link)
+ nla_put_u32(nlm, IFLA_GRE_LINK, link);
+
+ if ((cur = tb[TUNNEL_ATTR_TTL]))
+ ttl = blobmsg_get_u32(cur);
+
+ nla_put_u8(nlm, IFLA_GRE_TTL, ttl);
+
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ char *str = blobmsg_get_string(cur);
+ if (strcmp(str, "inherit")) {
+ unsigned uval;
+
+ if (!system_tos_aton(str, &uval)) {
+ ret = -EINVAL;
+ goto failure;
+ }
+
+ if (v6)
+ flowinfo |= htonl(uval << 20) & IP6_FLOWINFO_TCLASS;
+ else
+ tos = uval;
+ } else {
+ if (v6)
+ flags |= IP6_TNL_F_USE_ORIG_TCLASS;
+ else
+ tos = 1;
+ }
+ }
+
+ if ((cur = tb[TUNNEL_ATTR_INFO]) && (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)) {
+ uint8_t icsum, ocsum, iseqno, oseqno;
+ if (sscanf(blobmsg_get_string(cur), "%u,%u,%hhu,%hhu,%hhu,%hhu",
+ &ikey, &okey, &icsum, &ocsum, &iseqno, &oseqno) < 6) {
+ ret = -EINVAL;
+ goto failure;
+ }
+
+ if (ikey)
+ iflags |= GRE_KEY;
+
+ if (okey)
+ oflags |= GRE_KEY;
+
+ if (icsum)
+ iflags |= GRE_CSUM;
+
+ if (ocsum)
+ oflags |= GRE_CSUM;
+
+ if (iseqno)
+ iflags |= GRE_SEQ;
+
+ if (oseqno)
+ oflags |= GRE_SEQ;
+ }
+
+ if (v6) {
+ struct in6_addr in6buf;
+ if ((cur = tb[TUNNEL_ATTR_LOCAL])) {
+ if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) {
+ ret = -EINVAL;
+ goto failure;
+ }
+ nla_put(nlm, IFLA_GRE_LOCAL, sizeof(in6buf), &in6buf);
+ }
+
+ if ((cur = tb[TUNNEL_ATTR_REMOTE])) {
+ if (inet_pton(AF_INET6, blobmsg_data(cur), &in6buf) < 1) {
+ ret = -EINVAL;
+ goto failure;
+ }
+ nla_put(nlm, IFLA_GRE_REMOTE, sizeof(in6buf), &in6buf);
+ }
+ nla_put_u8(nlm, IFLA_GRE_ENCAP_LIMIT, 4);
+
+ if (flowinfo)
+ nla_put_u32(nlm, IFLA_GRE_FLOWINFO, flowinfo);
+
+ if (flags)
+ nla_put_u32(nlm, IFLA_GRE_FLAGS, flags);
+ } else {
+ struct in_addr inbuf;
+ bool set_df = true;
+
+ if ((cur = tb[TUNNEL_ATTR_LOCAL])) {
+ if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) {
+ ret = -EINVAL;
+ goto failure;
+ }
+ nla_put(nlm, IFLA_GRE_LOCAL, sizeof(inbuf), &inbuf);
+ }
+
+ if ((cur = tb[TUNNEL_ATTR_REMOTE])) {
+ if (inet_pton(AF_INET, blobmsg_data(cur), &inbuf) < 1) {
+ ret = -EINVAL;
+ goto failure;
+ }
+ nla_put(nlm, IFLA_GRE_REMOTE, sizeof(inbuf), &inbuf);
+
+ if (IN_MULTICAST(ntohl(inbuf.s_addr))) {
+ if (!okey) {
+ okey = inbuf.s_addr;
+ oflags |= GRE_KEY;
+ }
+
+ if (!ikey) {
+ ikey = inbuf.s_addr;
+ iflags |= GRE_KEY;
+ }
+ }
+ }
+
+ if ((cur = tb[TUNNEL_ATTR_DF]))
+ set_df = blobmsg_get_bool(cur);
+
+ /* ttl !=0 and nopmtudisc are incompatible */
+ if (ttl && !set_df) {
+ ret = -EINVAL;
+ goto failure;
+ }
+
+ nla_put_u8(nlm, IFLA_GRE_PMTUDISC, set_df ? 1 : 0);
+
+ nla_put_u8(nlm, IFLA_GRE_TOS, tos);
+ }
+
+ if (oflags)
+ nla_put_u16(nlm, IFLA_GRE_OFLAGS, oflags);
+
+ if (iflags)
+ nla_put_u16(nlm, IFLA_GRE_IFLAGS, iflags);
+
+ if (okey)
+ nla_put_u32(nlm, IFLA_GRE_OKEY, okey);
+
+ if (ikey)
+ nla_put_u32(nlm, IFLA_GRE_IKEY, ikey);
+
+ nla_nest_end(nlm, infodata);
+ nla_nest_end(nlm, linkinfo);
+
+ return system_rtnl_call(nlm);
+
+failure:
+ nlmsg_free(nlm);
+ return ret;
+}
+#endif
+
+static int system_add_proto_tunnel(const char *name, const uint8_t proto, const unsigned int link, struct blob_attr **tb)
+{
+ struct blob_attr *cur;
+ bool set_df = true;
+ struct ip_tunnel_parm p = {
+ .link = link,
+ .iph = {
+ .version = 4,
+ .ihl = 5,
+ .protocol = proto,
+ }
+ };
+
+ if ((cur = tb[TUNNEL_ATTR_LOCAL]) &&
+ inet_pton(AF_INET, blobmsg_data(cur), &p.iph.saddr) < 1)
+ return -EINVAL;
+
+ if ((cur = tb[TUNNEL_ATTR_REMOTE]) &&
+ inet_pton(AF_INET, blobmsg_data(cur), &p.iph.daddr) < 1)
+ return -EINVAL;
+
+ if ((cur = tb[TUNNEL_ATTR_DF]))
+ set_df = blobmsg_get_bool(cur);
+
+ if ((cur = tb[TUNNEL_ATTR_TTL]))
+ p.iph.ttl = blobmsg_get_u32(cur);
+
+ if ((cur = tb[TUNNEL_ATTR_TOS])) {
+ char *str = blobmsg_get_string(cur);
+ if (strcmp(str, "inherit")) {
+ unsigned uval;
+
+ if (!system_tos_aton(str, &uval))
+ return -EINVAL;
+
+ p.iph.tos = uval;
+ } else
+ p.iph.tos = 1;
+ }
+
+ p.iph.frag_off = set_df ? htons(IP_DF) : 0;
+ /* ttl !=0 and nopmtudisc are incompatible */
+ if (p.iph.ttl && p.iph.frag_off == 0)
+ return -EINVAL;
+
+ strncpy(p.name, name, sizeof(p.name));
+
+ switch (p.iph.protocol) {
+ case IPPROTO_IPIP:
+ return tunnel_ioctl("tunl0", SIOCADDTUNNEL, &p);
+ case IPPROTO_IPV6:
+ return tunnel_ioctl("sit0", SIOCADDTUNNEL, &p);
+ default:
+ break;
+ }
+ return -1;
+}
+
+static int __system_del_ip_tunnel(const char *name, struct blob_attr **tb)