iptunnel: Allow GRE_KEY for vti interface
The vti interface will use GRE_KEY to match the right policy in kernel. So we
can not return fail when the tunnel is vti.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
diff --git a/ip/iptunnel.c b/ip/iptunnel.c
index 40186d3..8479c72 100644
--- a/ip/iptunnel.c
+++ b/ip/iptunnel.c
@@ -240,8 +240,9 @@
}
}
- if (p->iph.protocol == IPPROTO_IPIP || p->iph.protocol == IPPROTO_IPV6) {
- if ((p->i_flags & GRE_KEY) || (p->o_flags & GRE_KEY)) {
+ if ((p->i_flags & GRE_KEY) || (p->o_flags & GRE_KEY)) {
+ if (!(p->i_flags & VTI_ISVTI) &&
+ (p->iph.protocol != IPPROTO_GRE)) {
fprintf(stderr, "Keys are not allowed with ipip and sit tunnels\n");
return -1;
}