David Ahern [Wed, 29 Apr 2020 16:50:25 +0000 (16:50 +0000)]
Merge branch 'mptcp' into next
Paolo Abeni says:
====================
This introduces support for the MPTCP PM netlink interface, allowing admins
to configure several aspects of the MPTCP path manager. The subcommand is
documented with a newly added man-page.
This series also includes support for MPTCP subflow diag.
David Ahern [Sun, 26 Apr 2020 18:32:20 +0000 (18:32 +0000)]
Merge branch 'macsec-offload' into next
Igor Russkikh says:
====================
From: Mark Starovoytov <mstarovoitov@marvell.com>
This series adds support for selecting the offloading mode of a MACsec
interface at link creation time.
Available modes are for now 'off', 'phy' and 'mac', 'off' being the default
when an interface is created.
First patch adds support for MAC offloading.
Last patch allows a user to change the offloading mode at runtime
through a new attribute, `ip link add link ... offload`:
# ip link add link enp1s0 type macsec encrypt on offload off
# ip link add link enp1s0 type macsec encrypt on offload phy
# ip link add link enp1s0 type macsec encrypt on offload mac
Mark Starovoytov [Fri, 24 Apr 2020 08:38:57 +0000 (11:38 +0300)]
macsec: add support for specifying offload at link add time
This patch adds support for configuring offload mode upon MACsec
device creation.
If offload mode is not specified, then netlink attribute is not
added. Default behavior on the kernel side in this case is
backward-compatible (offloading is disabled by default).
Example:
$ ip link add link eth0 macsec0 type macsec port 11 encrypt on offload mac
Signed-off-by: Mark Starovoytov <mstarovoitov@marvell.com> Signed-off-by: Igor Russkikh <irusskikh@marvell.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Mark Starovoytov [Fri, 24 Apr 2020 08:38:56 +0000 (11:38 +0300)]
macsec: add support for MAC offload
This patch enables MAC HW offload usage in iproute, since MACSec
implementation supports it now.
Signed-off-by: Mark Starovoytov <mstarovoitov@marvell.com> Signed-off-by: Igor Russkikh <irusskikh@marvell.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Eran Ben Elisha [Tue, 14 Apr 2020 06:57:52 +0000 (09:57 +0300)]
devlink: Add devlink health auto_dump command support
Add support for configuring auto_dump attribute per reporter.
With this attribute, one can indicate whether the devlink kernel core
should execute automatic dump on error.
The change will be reflected in show, set and man commands.
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com> Reviewed-by: Aya Levin <ayal@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Petr Machata [Fri, 3 Apr 2020 22:55:34 +0000 (01:55 +0300)]
ip: link_gre: Do not send ERSPAN attributes to GRE tunnels
In the commit referenced below, ip link started sending ERSPAN-specific
attributes even for GRE and gretap tunnels. Fix by more carefully
distinguishing between the GRE/tap and ERSPAN modes. Do not show
ERSPAN-related help in GRE/tap mode, likewise do not accept ERSPAN
arguments, or send ERSPAN attributes.
Fixes: 83c543af872e ("erspan: set erspan_ver to 1 by default") Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: William Tu <u9012063@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The current JSON output of mon command is broken. Fix it and make sure
that the output is a valid JSON. Also, handle SIGINT gracefully to allow
to end the JSON properly.
devlink: Add alias "counters_enabled" for "counters" option
To be consistent with netlink attribute name and also with the
"dpipe table show" output, add "counters_enabled" for "counters" in
"dpipe table set" command.
Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
DEVLINK_ATTR_ESWITCH_ENCAP_MODE netlink attribute carries enum. But the
code assumes bool value. Fix this by treating the encap mode in the same
way as other eswitch mode attributes, switching from "enable"/"disable"
to "basic"/"none", according to the enum. Maintain the backward
compatibility to allow user to pass "enable"/"disable" too. Also to be
in-sync with the rest of the "mode" commands, rename to "encap-mode".
Adjust the help and man page accordingly.
Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
devlink: remove custom bool command line options parsing
Change the code that is doing custom processing of boolean command line
options to use dl_argv_bool(). Extend strtobool() to accept
"enable"/"disable" to maintain current behavior.
Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Ido Schimmel [Tue, 31 Mar 2020 08:42:52 +0000 (11:42 +0300)]
devlink: Add ability to bind policer to trap group
Add ability to associate a policer with a trap group. The policer can be
unbound by using the 'nopolicer' keyword. In which case, the value
encoded in the 'DEVLINK_ATTR_TRAP_POLICER_ID' attribute will be '0'.
This is consistent with ip-link 'nomaster' keyword and the 'IFLA_MASTER'
attribute.
Example:
# devlink trap group set netdevsim/netdevsim10 group l3_drops policer 2
# devlink -jp trap group show netdevsim/netdevsim10 group l3_drops
{
"trap_group": {
"netdevsim/netdevsim10": [ {
"name": "l3_drops",
"generic": true,
"policer": 2
} ]
}
}
# devlink trap group set netdevsim/netdevsim10 group l3_drops nopolicer
# devlink -jp trap group show netdevsim/netdevsim10 group l3_drops
{
"trap_group": {
"netdevsim/netdevsim10": [ {
"name": "l3_drops",
"generic": true
} ]
}
}
The trap policer show command allows the user to get the current
parameters of an individual policer or a dump of all policers in case
one is not specified. When '-s' is specified the policer's statistics
are shown. Example:
Andrea Claudi [Fri, 27 Mar 2020 10:45:12 +0000 (11:45 +0100)]
man: bridge.8: fix bridge link show description
When multiple bridges are present, 'bridge link show' diplays ports
for all bridges. Make this clear in the command description, and
point out the user to the ip command to display ports for a specific
bridge.
Reported-by: Marc Muehlfeld <mmuehlfe@redhat.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Petr Machata [Mon, 23 Mar 2020 16:12:21 +0000 (18:12 +0200)]
tc: q_red: Support 'nodrop' flag
Recognize the new configuration option of the RED Qdisc, "nodrop". Add
support for passing flags through TCA_RED_FLAGS, and use it when passing
TC_RED_NODROP flag.
Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Jiri Pirko [Sat, 14 Mar 2020 09:25:48 +0000 (10:25 +0100)]
tc: m_action: introduce support for hw stats type
Introduce support for per-action hw stats type config.
This patch allows user to specify one of the following types of HW
stats for added action:
immediate - queried during dump time
delayed - polled from HW periodically or sent by HW in async manner
disabled - no stats needed
Note that if "hw_stats" option is not passed, user does not care about
the type, just expects any type of stats.
Examples:
$ tc filter add dev enp0s16np28 ingress proto ip handle 1 pref 1 flower skip_sw dst_ip 192.168.1.1 action drop hw_stats disabled
$ tc -s filter show dev enp0s16np28 ingress
filter protocol ip pref 1 flower chain 0
filter protocol ip pref 1 flower chain 0 handle 0x1
eth_type ipv4
dst_ip 192.168.1.1
skip_sw
in_hw in_hw_count 2
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1 installed 7 sec used 2 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
hw_stats disabled
$ tc filter add dev enp0s16np28 ingress proto ip handle 1 pref 1 flower skip_sw dst_ip 192.168.1.1 action drop hw_stats immediate
$ tc -s filter show dev enp0s16np28 ingress
filter protocol ip pref 1 flower chain 0
filter protocol ip pref 1 flower chain 0 handle 0x1
eth_type ipv4
dst_ip 192.168.1.1
skip_sw
in_hw in_hw_count 2
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1 installed 11 sec used 4 sec
Action statistics:
Sent 102 bytes 1 pkt (dropped 1, overlimits 0 requeues 0)
Sent software 0 bytes 0 pkt
Sent hardware 102 bytes 1 pkt
backlog 0b 0p requeues 0
hw_stats immediate
Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Guillaume Nault [Wed, 11 Mar 2020 15:16:36 +0000 (16:16 +0100)]
iproute2: fix MPLS label parsing
The initial value of "label" in parse_mpls() is 0xffffffff. Therefore
we should test for this value, and not 0, to detect if a label has been
provided. The "!label" test not only fails to detect a missing label
parameter, it also prevents the use of the IPv4 explicit NULL label,
which actually equals 0.
Reproducer:
$ ip link add name dm0 type dummy
$ tc qdisc add dev dm0 ingress
$ tc filter add dev dm0 parent ffff: matchall action mpls push
Error: act_mpls: Label is required for MPLS push.
We have an error talking to the kernel
--> Filter was pushed to the kernel, where it got rejected.
$ tc filter add dev dm0 parent ffff: matchall action mpls push label 0
Error: argument "label" is required
--> Label 0 was rejected by iproute2.
Expected result:
$ tc filter add dev dm0 parent ffff: matchall action mpls push
Error: argument "label" is required
--> Filter was directly rejected by iproute2.
$ tc filter add dev dm0 parent ffff: matchall action mpls push label 0
--> Filter is accepted.
Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Tue, 10 Mar 2020 12:15:17 +0000 (13:15 +0100)]
nexthop: fix error reporting in filter dump
nh_dump_filter is missing a return value check in two cases.
Fix this simply adding an assignment to the proper variable.
Fixes: 63df8e8543b03 ("Add support for nexthop objects") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Kernel commit 3f95f55eb55d ("net: sched: pie: change tc_pie_xstats->prob")
removes the need to change the maximum integer value of
tc_pie_stats->prob here.
Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Leslie Monis <lesliemonis@gmail.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Leslie Monis [Thu, 5 Mar 2020 16:25:40 +0000 (21:55 +0530)]
tc: pie: change maximum integer value of tc_pie_xstats->prob
Kernel commit 105e808c1da2 ("pie: remove pie_vars->accu_prob_overflows"),
changes the maximum value of tc_pie_xstats->prob from (2^64 - 1) to
(2^56 - 1).
Signed-off-by: Mohit P. Tahiliani <tahiliani@nitk.edu.in> Signed-off-by: Gautam Ramakrishnan <gautamramk@gmail.com> Signed-off-by: Leslie Monis <lesliemonis@gmail.com> Signed-off-by: David Ahern <dsahern@gmail.com>
David Ahern [Wed, 4 Mar 2020 19:58:31 +0000 (19:58 +0000)]
Merge branch 'macsec-offload' into next
Antoine Tenart says:
====================
This series adds support for selecting and reporting the offloading mode
of a MACsec interface. Available modes are for now 'off' and 'phy',
'off' being the default when an interface is created. Modes are not only
'off' and 'on' as the MACsec operations can be offloaded to multiple
kinds of specialized hardware devices, at least to PHYs and Ethernet
MACs. The later isn't currently supported in the kernel though.
The first patch adds support for reporting the offloading mode currently
selected for a given MACsec interface through the `ip macsec show`
command:
The second patch allows an user to change the offloading mode at runtime
through a new subcommand, `ip macsec offload`:
# ip macsec offload macsec0 phy
# ip macsec offload macsec0 off
If a mode isn't supported, `ip macsec offload` will report an issue
(-EOPNOTSUPP).
Giving the offloading mode when a macsec interface is created was
discussed; it is not implemented in this series. It could come later
on, when needed, as we'll still want to support updating the offloading
mode at runtime (what's implemented in this series).
====================
Antoine Tenart [Tue, 3 Mar 2020 10:36:17 +0000 (11:36 +0100)]
macsec: add support for changing the offloading mode
MacSEC can now be offloaded to specialized hardware devices. Offloading
is off by default when creating a new MACsec interface, but the mode can
be updated at runtime. This patch adds a new subcommand,
`ip macsec offload`, to allow users to select the offloading mode of a
MACsec interface. It takes the mode to switch to as an argument, which
can for now either be 'off' or 'phy':
# ip macsec offload macsec0 phy
# ip macsec offload macsec0 off
Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Antoine Tenart [Tue, 3 Mar 2020 10:36:16 +0000 (11:36 +0100)]
macsec: report the offloading mode currently selected
This patch adds support to report the MACsec offloading mode currently
being enabled, which as of now can either be 'off' or 'phy'. This
information is reported through the `ip macsec show` command:
Parav Pandit [Wed, 4 Mar 2020 04:06:26 +0000 (22:06 -0600)]
devlink: Introduce devlink port flavour virtual
Currently PCI PF and VF devlink devices register their ports as
physical port in non-representors mode.
Introduce a new port flavour as virtual so that virtual devices can
register 'virtual' flavour to make it more clear to users.
An example of one PCI PF and 2 PCI virtual functions, each having
one devlink port.
$ devlink port show
pci/0000:06:00.0/1: type eth netdev ens2f0 flavour physical port 0
pci/0000:06:00.2/1: type eth netdev ens2f2 flavour virtual port 0
pci/0000:06:00.3/1: type eth netdev ens2f3 flavour virtual port 0
Andrea Claudi [Fri, 28 Feb 2020 17:36:25 +0000 (18:36 +0100)]
man: rdma-statistic: Add filter description
Add description for filters on rdma statistics show command.
Also add a filter description on the help message of the command.
Additionally, fix some whitespace issue in the man page.
Reported-by: Zhaojuan Guo <zguo@redhat.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Xin Long [Mon, 24 Feb 2020 14:57:01 +0000 (09:57 -0500)]
xfrm: not try to delete ipcomp states when using deleteall
In kernel space, ipcomp(sub) states used by main states are not
allowed to be deleted by users, they would be freed only when
all main states are destroyed and no one uses them.
In user space, ip xfrm sta deleteall doesn't filter these ipcomp
states out, and it causes errors:
# ip xfrm state add src 192.168.0.1 dst 192.168.0.2 spi 0x1000 \
proto comp comp deflate mode tunnel sel src 192.168.0.1 dst \
192.168.0.2 proto gre
# ip xfrm sta deleteall
Failed to send delete-all request
: Operation not permitted
This patch is to fix it by filtering ipcomp states with a check
xsinfo->id.proto == IPPROTO_IPIP.
Fixes: c7699875bee0 ("Import patch ipxfrm-20040707_2.diff") Signed-off-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Thu, 27 Feb 2020 16:45:43 +0000 (17:45 +0100)]
man: ip.8: Add missing vrf subcommand description
Add description to the vrf subcommand and a reference to the
dedicated man page.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Donald Sharp [Tue, 25 Feb 2020 13:12:13 +0000 (08:12 -0500)]
ip route: Do not imply pref and ttl-propagate are per nexthop
Currently `ip -6 route show` gives us this output:
sharpd@eva ~/i/ip (master)> ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
4:5::6:7 nhid 18 proto static metric 20
nexthop via fe80::99 dev enp39s0 weight 1
nexthop via fe80::44 dev enp39s0 weight 1 pref medium
Displaying `pref medium` as the last bit of output implies
that the RTA_PREF is a per nexthop value, when it is infact
a per route piece of data.
Change the output to display RTA_PREF and RTA_TTL_PROPAGATE
before the RTA_MULTIPATH data is shown:
sharpd@eva ~/i/ip (master)> ./ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
4:5::6:7 nhid 18 proto static metric 20 pref medium
nexthop via fe80::99 dev enp39s0 weight 1
nexthop via fe80::44 dev enp39s0 weight 1
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Mon, 17 Feb 2020 13:46:18 +0000 (14:46 +0100)]
nstat: print useful error messages in abort() cases
When nstat temporary file is corrupted or in some other corner cases,
nstat use abort() to stop its execution. This can puzzle some users,
wondering what is the reason for the crash.
This commit replaces abort() with some meaningful error messages and exit()
Reported-by: Renaud Métrich <rmetrich@redhat.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Xin Long [Tue, 18 Feb 2020 03:50:20 +0000 (11:50 +0800)]
erspan: set erspan_ver to 1 by default
Commit 289763626721 ("erspan: add erspan version II support")
breaks the command:
# ip link add erspan1 type erspan key 1 seq erspan 123 \
local 10.1.0.2 remote 10.1.0.1
as erspan_ver is set to 0 by default, then IFLA_GRE_ERSPAN_INDEX
won't be set in gre_parse_opt().
# ip -d link show erspan1
...
erspan remote 10.1.0.1 local 10.1.0.2 ... erspan_index 0 erspan_ver 1
^^^^^^^^^^^^^^
This patch is to change to set erspan_ver to 1 by default.
Fixes: 289763626721 ("erspan: add erspan version II support") Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: William Tu <u9012063@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds support for the FQ-PIE packet Scheduler
Principles:
- Packets are classified on flows.
- This is a Stochastic model (as we use a hash, several flows might
be hashed to the same slot)
- Each flow has a PIE managed queue.
- Flows are linked onto two (Round Robin) lists,
so that new flows have priority on old ones.
- For a given flow, packets are not reordered.
- Drops during enqueue only.
- ECN capability is off by default.
- ECN threshold (if ECN is enabled) is at 10% by default.
- Uses timestamps to calculate queue delay by default.
Usage:
tc qdisc ... fq_pie [ limit PACKETS ] [ flows NUMBER ]
[ target TIME ] [ tupdate TIME ]
[ alpha NUMBER ] [ beta NUMBER ]
[ quantum BYTES ] [ memory_limit BYTES ]
[ ecn_prob PERCENTAGE ] [ [no]ecn ]
[ [no]bytemode ] [ [no_]dq_rate_estimator ]
defaults:
limit: 10240 packets, flows: 1024
target: 15 ms, tupdate: 15 ms (in jiffies)
alpha: 1/8, beta : 5/4
quantum: device MTU, memory_limit: 32 Mb
ecnprob: 10%, ecn: off
bytemode: off, dq_rate_estimator: off
Signed-off-by: Mohit P. Tahiliani <tahiliani@nitk.edu.in> Signed-off-by: Sachin D. Patil <sdp.sachin@gmail.com> Signed-off-by: V. Saicharan <vsaicharan1998@gmail.com> Signed-off-by: Mohit Bhasi <mohitbhasi1998@gmail.com> Signed-off-by: Leslie Monis <lesliemonis@gmail.com> Signed-off-by: Gautam Ramakrishnan <gautamramk@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
devlink.c: In function ‘cmd_dev_flash’:
devlink.c:3071:3: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result [-Wunused-result]
3071 | write(pipe_w, &err, sizeof(err));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fixes: 9b13cddfe268 ("devlink: implement flash status monitoring") Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Wed, 29 Jan 2020 14:56:40 +0000 (15:56 +0100)]
ip-xfrm: Fix help messages
After commit 8589eb4efdf2a ("treewide: refactor help messages") help
messages for xfrm state and policy are broken, printing many times the
same protocol in UPSPEC section:
$ ip xfrm state help
[...]
UPSPEC := proto { { tcp | tcp | tcp | tcp } [ sport PORT ] [ dport PORT ] |
{ icmp | icmp | icmp } [ type NUMBER ] [ code NUMBER ] |
gre [ key { DOTTED-QUAD | NUMBER } ] | PROTO }
This happens because strxf_proto function is non-reentrant and gets called
multiple times in the same fprintf instruction.
This commit fix the issue avoiding calls to strxf_proto() with a constant
param, just hardcoding strings for protocol names.
Fixes: 8589eb4efdf2a ("treewide: refactor help messages") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Ron Diskin [Thu, 23 Jan 2020 10:32:30 +0000 (12:32 +0200)]
devlink: Replace pr_#type_value wrapper functions with common functions
Replace calls for pr_bool/uint/uint64_value with direct calls for the
matching common json_print library function: print_bool(), print_uint()
and print_u64()
Signed-off-by: Ron Diskin <rondi@mellanox.com> Reviewed-by: Moshe Shemesh <moshe@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Ron Diskin [Thu, 23 Jan 2020 10:32:27 +0000 (12:32 +0200)]
json_print: Add new json object function not as array item
Currently new json object opens (and delete_json_obj closes) the object as
an array, what adds prints for the matching bracket '[' ']' at the
start/end of the object. This patch adds new_json_obj_plain() and the
matching delete_json_obj_plain() to enable opening and closing json object,
not as array and leave it to the using function to decide which type of
object to open/close as the main object.
Signed-off-by: Ron Diskin <rondi@mellanox.com> Reviewed-by: Moshe Shemesh <moshe@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Ron Diskin [Thu, 23 Jan 2020 10:32:26 +0000 (12:32 +0200)]
json_print: Introduce print_#type_name_value
Until now print_#type functions supported printing constant names and
unknown (variable) values only.
Add functions to allow printing when the name is also sent to the
function as a variable.
Signed-off-by: Ron Diskin <rondi@mellanox.com> Reviewed-by: Moshe Shemesh <moshe@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Leslie Monis [Thu, 16 Jan 2020 15:57:01 +0000 (21:27 +0530)]
tc: parse attributes with NLA_F_NESTED flag
The kernel now requires all new nested attributes to set the
NLA_F_NESTED flag. Enable tc {qdisc,class,filter} to parse
attributes that have the NLA_F_NESTED flag set.
Signed-off-by: Leslie Monis <lesliemonis@gmail.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Sabrina Dubroca [Sun, 19 Jan 2020 10:32:09 +0000 (11:32 +0100)]
ip: xfrm: add espintcp encapsulation
While at it, convert xfrm_xfrma_print and xfrm_encap_type_parse to use
the UAPI macros for encap_type as suggested by David Ahern, and add the
UAPI udp.h header (sync'd from ipsec-next to get the TCP_ENCAP_ESPINTCP
definition).
Co-developed-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David Ahern <dsahern@gmail.com>
Ethan Sommer [Wed, 8 Jan 2020 19:57:05 +0000 (14:57 -0500)]
make yacc usage POSIX compatible
config: put YACC in config.mk and use environmental variable if present
ss:
use YACC variable instead of hardcoding bison
place options before source file argument
use -b to specify file prefix instead of output file, as -o isn't POSIX
compatible, this generates ssfilter.tab.c instead of ssfilter.c
replace any references to ssfilter.c with references to ssfilter.tab.c
tc:
use -p flag to set name prefix instead of bison-specific api.prefix
directive
remove unneeded bison-specific directives
use -b instead of -o, replace references to previously generated
emp_ematch.yacc.[ch] with references to newly generated
emp_ematch.tab.[ch]
Signed-off-by: Ethan Sommer <e5ten.arch@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Jan Engelhardt [Wed, 8 Jan 2020 10:04:24 +0000 (11:04 +0100)]
build: fix build failure with -fno-common
$ make CCOPTS=-fno-common
gcc ... -o ip
ld: rt_names.o (symbol from plugin): in function "rtnl_rtprot_n2a":
(.text+0x0): multiple definition of "numeric"; ip.o (symbol from plugin):(.text+0x0): first defined here
gcc ... -o tipc
ld: ../lib/libutil.a(utils.o):(.bss+0xc): multiple definition of `pretty';
tipc.o:tipc.c:28: first defined here
References: https://bugzilla.opensuse.org/1160244 Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Vladis Dronov [Sun, 19 Jan 2020 01:12:51 +0000 (02:12 +0100)]
ip: fix link type and vlan oneline output
Move link type printing in print_linkinfo() so multiline output does not
break link options line. Add oneline support for vlan's ingress and egress
qos maps.
Before the fix:
5: veth90.4000@veth90: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 26:9a:05:af:db:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
vlan protocol 802.1Q id 4000 <REORDER_HDR> the option line is broken ^^^
ingress-qos-map { 1:2 }
egress-qos-map { 2:1 } addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
5: veth90.4000@veth90: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000\ link/ether 26:9a:05:af:db:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535 \ vlan protocol 802.1Q id 4000 <REORDER_HDR>
ingress-qos-map { 1:2 } <<< a multiline output despite -oneline
egress-qos-map { 2:1 } addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
After the fix:
5: veth90.4000@veth90: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 26:9a:05:af:db:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
vlan protocol 802.1Q id 4000 <REORDER_HDR>
ingress-qos-map { 1:2 }
egress-qos-map { 2:1 }
- Use "bands" to specify number of bands explicitly. Underspecified bands
are implicitly ETS and their quantum is taken from MTU. The following
thus gives each band the same weight:
Petr Machata [Mon, 13 Jan 2020 14:16:28 +0000 (15:16 +0100)]
libnetlink: parse_rtattr_nested should allow NLA_F_NESTED flag
In kernel commit 8cb081746c03 ("netlink: make validation more configurable
for future strictness"), Linux started implicitly flagging nests with
NLA_F_NESTED, unless the nest is created with nla_nest_start_noflag().
The ETS code uses nla_nest_start() where possible, so it does not work with
the current iproute2 code. Have libnetlink catch up by admitting the flag
in the attribute.
Signed-off-by: Petr Machata <petrm@mellanox.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Ido Schimmel [Thu, 16 Jan 2020 18:43:48 +0000 (20:43 +0200)]
ip route: Print "rt_offload" and "rt_trap" indication
The kernel now signals the offload state of a route using the
'RTM_F_OFFLOAD' and 'RTM_F_TRAP' flags. Print these to help users
understand the offload state of each route. The "rt_" prefix is used in
order to distinguish it from the offload state of nexthops.
Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Tuong Lien [Mon, 30 Dec 2019 03:03:33 +0000 (10:03 +0700)]
tipc: fix clang warning in tipc/node.c
When building tipc with clang, the following warning is found:
tipc
CC bearer.o
CC cmdl.o
CC link.o
CC media.o
CC misc.o
CC msg.o
CC nametable.o
CC node.o
node.c:182:24: warning: field 'key' with variable sized type 'struct tipc_aead_key' not at the end of a struct or class is a GNU extension [-Wgnu-variable-sized-type-not-at-end]
struct tipc_aead_key key;
This commit fixes it by putting the memory area allocated for the user
input key along with the variable-sized 'key' structure in the 'union'
form instead.
Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") Reported-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>