]> git.proxmox.com Git - mirror_iproute2.git/blobdiff - ip/ip.c
projects / mirror_iproute2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ll_map: Add function to remove link cache entry by index
[mirror_iproute2.git] / ip / ip.c
diff --git a/ip/ip.c b/ip/ip.c
index 233a9d772492a0cff28eaece88c95ef792f021fc..e4131714018f9a843a02cbff2fa9054eae75e75d 100644 (file)
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -31,10 +31,8 @@ int show_stats;
 int show_details;
 int oneline;
 int brief;
-int show_pretty;
 int json;
 int timestamp;
-const char *_SL_;
 int force;
 int max_flush_loops = 10;
 int batch_mode;
@@ -55,8 +53,8 @@ static void usage(void)
 "                   vrf | sr }\n"
 "       OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n"
 "                    -h[uman-readable] | -iec | -j[son] | -p[retty] |\n"
-"                    -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |\n"
-"                    -4 | -6 | -I | -D | -B | -0 |\n"
+"                    -f[amily] { inet | inet6 | mpls | bridge | link } |\n"
+"                    -4 | -6 | -I | -D | -M | -B | -0 |\n"
 "                    -l[oops] { maximum-addr-flush-attempts } | -br[ief] |\n"
 "                    -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |\n"
 "                    -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}\n");
@@ -173,6 +171,19 @@ int main(int argc, char **argv)
 {
        char *basename;
        char *batch_file = NULL;
+       int color = 0;
+
+       /* to run vrf exec without root, capabilities might be set, drop them
+        * if not needed as the first thing.
+        * execv will drop them for the child command.
+        * vrf exec requires:
+        * - cap_dac_override to create the cgroup subdir in /sys
+        * - cap_sys_admin to load the BPF program
+        * - cap_net_admin to set the socket into the cgroup
+        */
+       if (argc < 3 || strcmp(argv[1], "vrf") != 0 ||
+                       strcmp(argv[2], "exec") != 0)
+               drop_cap();
 
        basename = strrchr(argv[0], '/');
        if (basename == NULL)
@@ -214,8 +225,6 @@ int main(int argc, char **argv)
                        preferred_family = AF_INET6;
                } else if (strcmp(opt, "-0") == 0) {
                        preferred_family = AF_PACKET;
-               } else if (strcmp(opt, "-I") == 0) {
-                       preferred_family = AF_IPX;
                } else if (strcmp(opt, "-D") == 0) {
                        preferred_family = AF_DECnet;
                } else if (strcmp(opt, "-M") == 0) {
@@ -241,10 +250,6 @@ int main(int argc, char **argv)
                } else if (matches(opt, "-tshort") == 0) {
                        ++timestamp;
                        ++timestamp_short;
-#if 0
-               } else if (matches(opt, "-numeric") == 0) {
-                       rtnl_names_numeric++;
-#endif
                } else if (matches(opt, "-Version") == 0) {
                        printf("ip utility, iproute2-ss%s\n", SNAPSHOT);
                        exit(0);
@@ -261,7 +266,7 @@ int main(int argc, char **argv)
                } else if (matches(opt, "-json") == 0) {
                        ++json;
                } else if (matches(opt, "-pretty") == 0) {
-                       ++show_pretty;
+                       ++pretty;
                } else if (matches(opt, "-rcvbuf") == 0) {
                        unsigned int size;
 
@@ -275,8 +280,7 @@ int main(int argc, char **argv)
                                exit(-1);
                        }
                        rcvbuf = size;
-               } else if (matches(opt, "-color") == 0) {
-                       enable_color();
+               } else if (matches_color(opt, &color)) {
                } else if (matches(opt, "-help") == 0) {
                        usage();
                } else if (matches(opt, "-netns") == 0) {
@@ -296,8 +300,7 @@ int main(int argc, char **argv)
 
        _SL_ = oneline ? "\\" : "\n";
 
-       if (json)
-               check_if_color_enabled();
+       check_enable_color(color, json);
 
        if (batch_file)
                return batch(batch_file);
@@ -305,6 +308,8 @@ int main(int argc, char **argv)
        if (rtnl_open(&rth, 0) < 0)
                exit(1);
 
+       rtnl_set_strict_dump(&rth);
+
        if (strlen(basename) > 2)
                return do_cmd(basename+2, argc, argv);
 
Upstream mirror of iproute2