X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=ip%2Fip.c;h=e4131714018f9a843a02cbff2fa9054eae75e75d;hb=25c6339b223f17d1603702c0c87f06b252bb4949;hp=233a9d772492a0cff28eaece88c95ef792f021fc;hpb=bff0f2524103d3c1c153887ee823ec36a6732af7;p=mirror_iproute2.git diff --git a/ip/ip.c b/ip/ip.c index 233a9d77..e4131714 100644 --- a/ip/ip.c +++ b/ip/ip.c @@ -31,10 +31,8 @@ int show_stats; int show_details; int oneline; int brief; -int show_pretty; int json; int timestamp; -const char *_SL_; int force; int max_flush_loops = 10; int batch_mode; @@ -55,8 +53,8 @@ static void usage(void) " vrf | sr }\n" " OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n" " -h[uman-readable] | -iec | -j[son] | -p[retty] |\n" -" -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |\n" -" -4 | -6 | -I | -D | -B | -0 |\n" +" -f[amily] { inet | inet6 | mpls | bridge | link } |\n" +" -4 | -6 | -I | -D | -M | -B | -0 |\n" " -l[oops] { maximum-addr-flush-attempts } | -br[ief] |\n" " -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] |\n" " -rc[vbuf] [size] | -n[etns] name | -a[ll] | -c[olor]}\n"); @@ -173,6 +171,19 @@ int main(int argc, char **argv) { char *basename; char *batch_file = NULL; + int color = 0; + + /* to run vrf exec without root, capabilities might be set, drop them + * if not needed as the first thing. + * execv will drop them for the child command. + * vrf exec requires: + * - cap_dac_override to create the cgroup subdir in /sys + * - cap_sys_admin to load the BPF program + * - cap_net_admin to set the socket into the cgroup + */ + if (argc < 3 || strcmp(argv[1], "vrf") != 0 || + strcmp(argv[2], "exec") != 0) + drop_cap(); basename = strrchr(argv[0], '/'); if (basename == NULL) @@ -214,8 +225,6 @@ int main(int argc, char **argv) preferred_family = AF_INET6; } else if (strcmp(opt, "-0") == 0) { preferred_family = AF_PACKET; - } else if (strcmp(opt, "-I") == 0) { - preferred_family = AF_IPX; } else if (strcmp(opt, "-D") == 0) { preferred_family = AF_DECnet; } else if (strcmp(opt, "-M") == 0) { @@ -241,10 +250,6 @@ int main(int argc, char **argv) } else if (matches(opt, "-tshort") == 0) { ++timestamp; ++timestamp_short; -#if 0 - } else if (matches(opt, "-numeric") == 0) { - rtnl_names_numeric++; -#endif } else if (matches(opt, "-Version") == 0) { printf("ip utility, iproute2-ss%s\n", SNAPSHOT); exit(0); @@ -261,7 +266,7 @@ int main(int argc, char **argv) } else if (matches(opt, "-json") == 0) { ++json; } else if (matches(opt, "-pretty") == 0) { - ++show_pretty; + ++pretty; } else if (matches(opt, "-rcvbuf") == 0) { unsigned int size; @@ -275,8 +280,7 @@ int main(int argc, char **argv) exit(-1); } rcvbuf = size; - } else if (matches(opt, "-color") == 0) { - enable_color(); + } else if (matches_color(opt, &color)) { } else if (matches(opt, "-help") == 0) { usage(); } else if (matches(opt, "-netns") == 0) { @@ -296,8 +300,7 @@ int main(int argc, char **argv) _SL_ = oneline ? "\\" : "\n"; - if (json) - check_if_color_enabled(); + check_enable_color(color, json); if (batch_file) return batch(batch_file); @@ -305,6 +308,8 @@ int main(int argc, char **argv) if (rtnl_open(&rth, 0) < 0) exit(1); + rtnl_set_strict_dump(&rth); + if (strlen(basename) > 2) return do_cmd(basename+2, argc, argv);