From 667943f46c93a500dc1ecd08565640364b5fb9af Mon Sep 17 00:00:00 2001
From: Maximilian Wilhelm <max@sdn.clinic>
Date: Thu, 17 Dec 2020 03:49:43 +0100
Subject: [PATCH] Add support for MPLS on Linux

Closes #135

Signed-off-by: Maximilian Wilhelm <max@sdn.clinic>
---
 Makefile                    |  1 +
 doc/interfaces-mpls.scd     | 40 +++++++++++++++++++++++++++++++++++++
 doc/interfaces.scd          |  1 +
 executor-scripts/linux/mpls | 36 +++++++++++++++++++++++++++++++++
 tests/linux/Kyuafile        |  1 +
 tests/linux/mpls_test       | 23 +++++++++++++++++++++
 6 files changed, 102 insertions(+)
 create mode 100644 doc/interfaces-mpls.scd
 create mode 100755 executor-scripts/linux/mpls
 create mode 100755 tests/linux/mpls_test

diff --git a/Makefile b/Makefile
index c7113be..cc48953 100644
--- a/Makefile
+++ b/Makefile
@@ -108,6 +108,7 @@ EXECUTOR_SCRIPTS_OPT ?= \
 	bridge \
 	ethtool \
 	gre \
+	mpls \
 	tunnel \
 	vrf \
 	vxlan \
diff --git a/doc/interfaces-mpls.scd b/doc/interfaces-mpls.scd
new file mode 100644
index 0000000..5f54e02
--- /dev/null
+++ b/doc/interfaces-mpls.scd
@@ -0,0 +1,40 @@
+interfaces-mpls(5)
+
+# NAME
+
+*interfaces-mpls* - MPLS vocabulary for the interfaces(5) file format
+
+# DESCRIPTION
+
+Linux allows has support for MultiProtocol Label Switching (MPLS) for a while
+now.  The following options allow for this configuration.
+
+# MPLS-RELATED OPTIONS
+
+The MPLS executor will only modify the sysctl configuration if these options
+are provided, otherwise other mechanisms such as /etc/sysctl.conf may be used.
+If MPLS is enabled on (at least) one interface the executor will load the
+_mpls_iptunnel_ kernel module.
+
+Be aware that you have to set the _platform_labels_ sysctl to make MPLS work.
+See https://www.kernel.org/doc/Documentation/networking/mpls-sysctl.rst for
+more details on the MPLS related knobs in the Linux kernel.
+
+
+*mpls-enable* _yes|no_
+	Control whether packets can be input on this interface.  If disabled,
+	packets carrying an MPLS label will be discarded without further
+	processing.
+
+# EXAMPLES
+
+```
+iface eth0
+	address 2001:db8:08:15::42/64
+	#
+	mpls-enable yes
+```
+
+# AUTHORS
+
+Maximilian Wilhelm <max@sdn.clinic>
diff --git a/doc/interfaces.scd b/doc/interfaces.scd
index d2a099c..24c3365 100644
--- a/doc/interfaces.scd
+++ b/doc/interfaces.scd
@@ -240,6 +240,7 @@ iface eth0
 *interfaces-bond*(5)
 *interfaces-bridge*(5)
 *interfaces-forward*(5)
+*interfaces-mpls*(5)
 *interfaces-ppp*(5)
 *interfaces-vrf*(5)
 *interfaces-vxlan*(5)
diff --git a/executor-scripts/linux/mpls b/executor-scripts/linux/mpls
new file mode 100755
index 0000000..97d42c9
--- /dev/null
+++ b/executor-scripts/linux/mpls
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# Maximilian Wilhelm <max@sdn.clinic>
+#  --  Thu, 17 Dec 2020 03:02:10 +0100
+#
+# This executor is responsible for setting up MPLS decapsulation on a given interface.
+#
+# See interfaces-mpls(5) for a list of supported options.
+#
+
+yesno() {
+	case "$1" in
+	yes|1)	echo 1 ;;
+	*)	echo 0 ;;
+	esac
+}
+
+[ -z "$VERBOSE" ] || set -x
+
+# We only operate in pre-up phase
+[ "$PHASE" != "pre-up" ] && exit 0
+
+
+if [ "$IF_MPLS_ENABLE" ]; then
+	value=$(yesno $IF_MPLS_ENABLE)
+
+	# Load mpls module if we should enable MPLS decap on (at least) one interface
+	if [ "${value}" = 1 ]; then
+		${MOCK} modprobe mpls_iptunnel
+	fi
+
+	# If MPLS support isn't loaded and we are not MOCKing, carry on
+	if [ -f "/proc/sys/net/mpls/conf/$IFACE/input" -o "${MOCK}" ]; then
+		${MOCK} /bin/sh -c "echo ${value} > /proc/sys/net/mpls/conf/$IFACE/input"
+	fi
+fi
diff --git a/tests/linux/Kyuafile b/tests/linux/Kyuafile
index ef000f7..2e668b8 100644
--- a/tests/linux/Kyuafile
+++ b/tests/linux/Kyuafile
@@ -9,6 +9,7 @@ atf_test_program{name='forward_test'}
 atf_test_program{name='gre_test'}
 atf_test_program{name='ipv6-ra_test'}
 atf_test_program{name='link_test'}
+atf_test_program{name='mpls_test'}
 atf_test_program{name='ppp_test'}
 atf_test_program{name='static_test'}
 atf_test_program{name='tunnel_test'}
diff --git a/tests/linux/mpls_test b/tests/linux/mpls_test
new file mode 100755
index 0000000..1755c5c
--- /dev/null
+++ b/tests/linux/mpls_test
@@ -0,0 +1,23 @@
+#!/usr/bin/env atf-sh
+
+. $(atf_get_srcdir)/../test_env.sh
+EXECUTOR="$(atf_get_srcdir)/../../executor-scripts/linux/mpls"
+
+tests_init \
+	mpls_enable \
+	mpls_disable
+
+mpls_enable_body() {
+	export MOCK=echo IFACE=vlan2342 PHASE=pre-up IF_MPLS_ENABLE=yes
+	atf_check -s exit:0 \
+		-o match:"modprobe mpls_iptunnel" \
+		-o match:"echo 1 > /proc/sys/net/mpls/conf/vlan2342/input" \
+		${EXECUTOR}
+}
+
+mpls_disable_body() {
+	export MOCK=echo IFACE=vlan2342 PHASE=pre-up IF_MPLS_ENABLE=no
+	atf_check -s exit:0 \
+		-o match:"echo 0 > /proc/sys/net/mpls/conf/vlan2342/input" \
+		${EXECUTOR}
+}