git.proxmox.com Git - mirror_iproute2.git/commit

author	David Ahern <dsa@cumulusnetworks.com>
	Mon, 12 Dec 2016 00:53:15 +0000 (16:53 -0800)
committer	Stephen Hemminger <stephen@networkplumber.org>
	Tue, 13 Dec 2016 18:20:16 +0000 (10:20 -0800)
commit	1949f82cdf62c074562f04acfbce40ada0aac7e0
tree	20c063472a79b19e2f928b0aee03c3fdd18bd9c8	tree
parent	463d9efaa258a466df706e8630f128055bf10bdc	commit \| diff

Introduce ip vrf command

'ip vrf' follows the user semnatics established by 'ip netns'.

The 'ip vrf' subcommand supports 3 usages:

1. Run a command against a given vrf:
       ip vrf exec NAME CMD

   Uses the recently committed cgroup/sock BPF option. vrf directory
   is added to cgroup2 mount. Individual vrfs are created under it. BPF
   filter attached to vrf/NAME cgroup2 to set sk_bound_dev_if to the VRF
   device index. From there the current process (ip's pid) is addded to
   the cgroups.proc file and the given command is exected. In doing so
   all AF_INET/AF_INET6 (ipv4/ipv6) sockets are automatically bound to
   the VRF domain.

   The association is inherited parent to child allowing the command to
   be a shell from which other commands are run relative to the VRF.

2. Show the VRF a process is bound to:
       ip vrf id
   This command essentially looks at /proc/pid/cgroup for a "::/vrf/"
   entry with the VRF name following.

3. Show process ids bound to a VRF
       ip vrf pids NAME
   This command dumps the file MNT/vrf/NAME/cgroup.procs since that file
   shows the process ids in the particular vrf cgroup.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>

ip/Makefile		diff \| blob \| blame \| history
ip/ip.c		diff \| blob \| blame \| history
ip/ip_common.h		diff \| blob \| blame \| history
ip/ipvrf.c	[new file with mode: 0644]	blob
man/man8/ip-vrf.8	[new file with mode: 0644]	blob