tag:
priority: 380
type: txt
help: Tunnel interface
val_help: <tunN>; Tunnel interface name
syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \
		   ; "tunnel must be (tun0-tun999)"

commit:expression: $VAR(./local-ip/) != "" || $VAR(./dhcp-interface/) != "";  \
                   "Must configure either local-ip or dhcp-interface for tunnel $VAR(@)"
commit:expression: $VAR(./local-ip/) == "" || $VAR(./dhcp-interface/) == "";  \
                   "Must configure only one of local-ip or dhcp-interface for tunnel $VAR(@)"
commit:expression: $VAR(./encapsulation/) != "" ;               \
                   "Must configure the tunnel encapsulation for $VAR(@)"
commit:expression:
exec "
        if [ $VAR(./encapsulation/@) = gre  ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then  \
                echo \"No remote-ip configured for $VAR(@), tunnel can only be used for mGRE.\";   \
        fi; \
        if [ -n \"$VAR(./6rd-prefix/)\" ]; then \
            if [ $VAR(./encapsulation/@) != sit ]; then \
                echo \"6rd-prefix can only be set for SIT tunnels\"; \
                exit 1; \
            fi \
        fi; \
        if [ $VAR(./encapsulation/@) != gre  ] && [ ! -n \"$VAR(./remote-ip/)\" ]; then  \
                echo \"Must configure the tunnel remote-ip for $VAR(@)\";   \
                exit 1;                                                  \
        fi;

        exit 0"
commit:expression: (!(pattern $VAR(./local-ip/@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \
                   $VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 local-ip ($VAR(./local-ip/@)) is forbidden for mGRE tunnels."

commit:expression: (!(pattern $VAR(./address/@@) ".*:.*") && $VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) == "") || \
                   $VAR(./encapsulation/@) != "gre" || ($VAR(./encapsulation/@) == "gre" && $VAR(./remote-ip/) != ""); "IPv6 addresses ($VAR(./address/@@)) are forbidden for mGRE tunnels."

create:
  if [ $VAR(./encapsulation/@) == gre  ] && [ -z $VAR(./remote-ip/) ]; then
     sudo invoke-rc.d opennhrp.init start;
  fi
  if [ x$VAR(./multicast/@) == xenable ]; then
    MC="multicast on allmulticast on";
  fi
  if [ -n "$VAR(./local-ip/@)" ]; then
    LIP=$VAR(./local-ip/@)
  else
    LIP=$(/opt/vyatta/sbin/vyatta-dhcp-helper.pl --interface=$VAR(./dhcp-interface/@) --want=local)
  fi
  case "$VAR(./encapsulation/@)" in
	  "gre" | "ipip" | "sit")
        if [ -n "$VAR(./parameters/ip/bridge-group/)" ] ; then
            echo "interfaces tunnel $VAR(@): Tunnel encapsulation type must be gre-bridge if a bridge group is defined";
            exit 1;
        fi
        if [ -n "$VAR(./parameters/ip/tos/@)" ]; then
            TOS="tos $VAR(./parameters/ip/tos/@)"
        else
            TOS="tos inherit"
        fi
        if [ -n "$VAR(./parameters/ip/ttl/@)" ]; then
            TTL="ttl $VAR(./parameters/ip/ttl/@)"
        else
            TTL="ttl 255"
        fi
        if [ -n "$VAR(./parameters/ip/key/@)" ]; then
            KEY="key $VAR(./parameters/ip/key/@)"
        fi
        if [ "$VAR(./encapsulation/@)" == "gre" ] && [ -z $VAR(./remote-ip/) ]; then
            sudo ip tunnel add $VAR(@) local $LIP mode gre $KEY $TTL $TOS
        elif [ "$VAR(./encapsulation/@)" == "sit" ] && [ -n "$VAR(./6rd-prefix/@)" ]; then
            if [ -n "$VAR(./6rd-relay-prefix/@)" ]; then
                RP="6rd-relay_prefix $VAR(./6rd-relay-prefix/@)"
            fi
            sudo ip tunnel add $VAR(@) remote $VAR(./remote-ip/@) mode sit
            sudo ip tunnel 6rd dev $VAR(@) 6rd-prefix $VAR(./6rd-prefix/@) $RP
        else
            sudo ip tunnel add $VAR(@) local $LIP remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) $KEY $TTL $TOS
        fi
        if [ -z "`ip tunnel show | grep $VAR(@)`" ]; then
            echo interfaces tunnel $VAR(@): error creating tunnel interface
            exit 1
        fi
	  ;;
	  "gre-bridge")
	    sudo ip link add $VAR(@) type gretap local $LIP remote $VAR(./remote-ip/@) ||
        echo "interfaces tunnel $VAR(@): error creating tunnel interface"
	  ;;
	  "ipip6" | "ip6ip6")
        sudo ip -6 tunnel add $VAR(@) local $LIP remote $VAR(./remote-ip/@) mode $VAR(./encapsulation/@) ||
        echo "interfaces tunnel $VAR(@): error creating tunnel interface"
	  ;;
    esac
      sudo ip link set $VAR(@) $MC up ||
      echo "interfaces tunnel $VAR(@): error setting tunnel interface active"

delete:
  /opt/vyatta/sbin/vyos-update-nhrp.pl --checkref --tun $VAR(@)
  sudo ip link set $VAR(@) down
  case "$VAR(./encapsulation/@)" in
    "gre" | "ipip" | "sit")
      if [ -z $VAR(./remote-ip/) ]; then
        sudo ip tunnel del $VAR(@) mode gre
      else
        sudo ip tunnel del $VAR(@) mode $VAR(./encapsulation/@)
      fi;;
    "gre-bridge")
      sudo ip link delete $VAR(@) ;;
    "ipip6" | "ip6ip6")
      sudo ip -6 tunnel del $VAR(@) mode $VAR(./encapsulation/@);;
  esac


end:
  if [ "${COMMIT_ACTION}" == DELETE ]; then
    /opt/vyatta/sbin/vyatta-tunnel-cleanup $VAR(@)
  fi