Add support to dump the mroute cache entry age if the show_stats (-s)
switch is provided.
Example:
$ ip -s mroute
(0.0.0.0, 239.10.10.10) Iif: eth0 Oifs: eth0
0 packets, 0 bytes, Age 245.44
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Anton Aksola [Tue, 20 Sep 2016 06:01:27 +0000 (06:01 +0000)]
iproute2: build nsid-name cache only for commands that need it
The calling of netns_map_init() before command parsing introduced
a performance issue with large number of namespaces.
As commands such as add, del and exec do not need to iterate through
/var/run/netns it would be good not no build the cache before executing
these commands.
Example:
unpatched:
time seq 1 1000 | xargs -n 1 ip netns add
real 0m16.832s
user 0m1.350s
sys 0m15.029s
patched:
time seq 1 1000 | xargs -n 1 ip netns add
real 0m3.859s
user 0m0.132s
sys 0m3.205s
Signed-off-by: Anton Aksola <aakso@iki.fi> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Currently, 'linkid' input by the user is parsed but 'handle' is appended to the netlink message.
# tc filter add dev enp1s0f1 protocol ip parent ffff: prio 99 u32 ht 800: \
order 1 link 1: offset at 0 mask 0f00 shift 6 plus 0 eat match ip \
protocol 6 ff
resulted in:
filter protocol ip pref 99 u32 fh 800::1 order 1 key ht 800 bkt 0
match 00060000/00ff0000 at 8
offset 0f00>>6 at 0 eat
This patch results in:
filter protocol ip pref 99 u32 fh 800::1 order 1 key ht 800 bkt 0 link 1:
match 00060000/00ff0000 at 8
offset 0f00>>6 at 0 eat
Lorenzo Colitti [Wed, 21 Sep 2016 16:02:50 +0000 (01:02 +0900)]
ss: Support displaying and filtering on socket marks.
This allows the user to dump sockets with a given mark (via
"fwmark = 0x1234/0x1234" or "fwmark = 12345", etc.) , and to
display the socket marks of dumped sockets.
The relevant kernel commits are: d545caca827b ("net: inet: diag:
expose the socket mark to privileged processes.") and
- a52e95abf772 ("net: diag: allow socket bytecode filters to
match socket marks")
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
ipmonitor: fix ip monitor can't work when NET_NS is not enabled
In ip monitor, netns_map_init will check getnsid is supported or not.
But when /proc/self/ns/net does not exist, we just print out error
messages and exit. So user cannot use ip monitor anymore when
CONFIG_NET_NS is disabled:
# ip monitor
open("/proc/self/ns/net"): No such file or directory
If open "/proc/self/ns/net" failed, set have_rtnl_getnsid to false.
Fixes: d652ccbf8195 ("netns: allow to dump and monitor nsid") Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Dump useful TCP BBR state information from a struct tcp_bbr_info that
was grabbed using the inet_diag API.
We tolerate info that is shorter or longer than expected, in case the
kernel is older or newer than the ss binary. We simply print the
minimum of what is expected from the kernel and what is provided from
the kernel. We use the same trick as that used for struct tcp_info:
when the info from the kernel is shorter than we hoped, we pad the end
with zeroes, and don't print fields if they are zero.
The BBR output looks like:
bbr:(bw:1.2Mbps,mrtt:18.965,pacing_gain:2.88672,cwnd_gain:2.88672)
The motivation here is to be consistent with DCTCP, which looks like:
dctcp(ce_state:23,alpha:23,ab_ecn:23,ab_tot:23)
Hangbin Liu [Thu, 8 Sep 2016 02:26:57 +0000 (10:26 +0800)]
ip route: check ftell, fseek return value
ftell() may return -1 in error case, which is not handled and
therefore pass a negative offset to fseek(). The return code of
fseek() is also not checked.
Reported-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
fix get_icvlen() accordingly, so that a proper error message is displayed
in case input 'icvlen' is greater than 16.
since get_qdisc_handle() truncates the input value to 16 bit, return an
error and prompt "invalid qdisc ID" in case input 'handle' parameter needs
more than 16 bit to be stored.
Signed-off-by: Davide Caratti <dcaratti@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc>
In this commit, we list the monitor attributes. By default it lists
the attributes for all bearers, otherwise the specified bearer.
A sample usage is shown below:
$ tipc link monitor list
bearer eth:data0
node status monitored generation applied_node_status [non_applied_node:status]
1.1.1 up direct 16 UU []
1.1.2 up direct 16 UU []
1.1.3 up direct 16 UU []
bearer eth:data1
node status monitored generation applied_node_status [non_applied_node:status]
1.1.1 up direct 2 UU []
1.1.2 up direct 3 UU []
1.1.3 up direct 3 UU []
$ tipc link monitor list media eth device data0
bearer eth:data0
node status monitored generation applied_node_status [non_applied_node:status]
1.1.1 up direct 16 UU []
1.1.2 up direct 16 UU []
1.1.3 up direct 16 UU []
$ tipc link monitor list -h
Usage: tipc monitor list [ media MEDIA ARGS...]
MEDIA
udp - User Datagram Protocol
ib - Infiniband
eth - Ethernet
Acked-by: Jon Maloy <jon.maloy@ericsson.com> Tested-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
In this commit, we:
1. Export print_bearer_media()
2. Move the bearer name handling from nl_add_bearer_name() into
a new function cmd_get_unique_bearer_name().
These exported functions will be used by link monitor used in
subsequent commits.
The monitor summary command prints the basic attributes
specific to the local node.
A sample usage is shown below:
$ tipc link monitor summary
bearer eth:data0
table_generation 15
cluster_size 8
algorithm overlapping-ring
Phil Sutter [Thu, 8 Sep 2016 10:33:03 +0000 (12:33 +0200)]
iproute: fix documentation for ip rule scan order
Hi,
On Thu, Sep 08, 2016 at 11:59:55AM +0200, Michal Kubecek wrote:
> On Thu, Sep 01, 2016 at 09:04:54AM -0700, Stephen Hemminger wrote:
> > On Tue, 30 Aug 2016 17:32:52 -0700
> > Iskren Chernev <iskren@imo.im> wrote:
> >
> > > From 416f45b62f33017d19a9b14e7b0179807c993cbe Mon Sep 17 00:00:00 2001
> > > From: Iskren Chernev <iskren@imo.im>
> > > Date: Tue, 30 Aug 2016 17:08:54 -0700
> > > Subject: [PATCH bug-fix] iproute: fix documentation for ip rule scan order
> > >
> > > ---
> > > man/man8/ip-rule.8 | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8
> > > index 1774ae3..3508d80 100644
> > > --- a/man/man8/ip-rule.8
> > > +++ b/man/man8/ip-rule.8
> > > @@ -93,7 +93,7 @@ Each policy routing rule consists of a
> > > .B selector
> > > and an
> > > .B action predicate.
> > > -The RPDB is scanned in order of decreasing priority. The selector
> > > +The RPDB is scanned in order of increasing priority. The selector
> > > of each rule is applied to {source address, destination address,
> > > incoming
> > > interface, tos, fwmark} and, if the selector matches the packet,
> > > the action is performed. The action predicate may return with success.
> > > --
> > > 2.4.5
> >
> > Applied
>
> I'm sorry I didn't notice before but this just reverts the change done
> by commit 49572501664d ("iproute2: clarification of various man8 pages").
> IMHO the problem is that both versions are equally confusing as the word
> "priority" can be understood in two different senses.
>
> How about more explicit formulation, e.g.
>
> ... in order of decreasing logical priority (i.e. increasing numeric
> values).
>
> Would that be better?
Looks like the real issue is missing definition of priority. What about
this:
Hangbin Liu [Mon, 5 Sep 2016 03:35:02 +0000 (11:35 +0800)]
nstat: add sctp snmp support
SCTP module was not load by default. But this should be OK since we will not
load table if fdopen() failed, also opening the proc file won't load SCTP
kernel module.
Davide Caratti [Tue, 30 Aug 2016 11:23:14 +0000 (13:23 +0200)]
macsec: fix byte ordering on input/display of 'sci'
use get_be64() in place of get_u64() when parsing input 'sci' parameter,
so that 'sci' can be entered using network byte order regardless the
endianness of target system; use ntohll() when printing out 'sci'. While
at it, improve documentation of 'sci' in ip-link.8.
Davide Caratti [Tue, 30 Aug 2016 11:23:12 +0000 (13:23 +0200)]
macsec: fix input of 'port', improve documentation of 'address'
remove hardcoded base 10 parsing of 'port' parameter, update man page
and fix usage() functions as well. Fix misleading line in man page that
theoretically allowed specifying 'port' keyword right after 'sci' keyword.
Provide documentation of 'address' parameter in man pages and in usage()
functions as well.
Show which processes are using which tun/tap devices, e.g.:
$ ip -d tuntap
tun0: tun
Attached to processes: vpnc(9531)
vnet0: tap vnet_hdr
Attached to processes: qemu-system-x86(10442)
virbr0-nic: tap UNKNOWN_FLAGS:800
Attached to processes:
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
If we have multicast routes and do ip route show table all we'll get the
following output:
...
multicast ???/32 from ???/32 table default proto static iif eth0
The "???" are because the rtm_family is set to RTNL_FAMILY_IPMR instead
(or RTNL_FAMILY_IP6MR for ipv6). Add a simple workaround that returns the
real family based on the rtm_type (always RTN_MULTICAST for ipmr routes)
and the rtm_family. Similar workaround is already used in ipmroute, and
we can use this helper there as well.
After the patch the output is:
multicast 239.10.10.10/32 from 0.0.0.0/32 table default proto static iif eth0
Also fix a minor whitespace error and switch to tabs.
Reported-by: Satish Ashok <sashok@cumulusnetworks.com> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Yotam Gigi [Wed, 31 Aug 2016 07:28:27 +0000 (09:28 +0200)]
tc: man: Add man entry for the matchall classifier.
In addition to providing information about the mathcall filter and its
configurations, the man entry contains examples for creating port
mirorring entries.
Yotam Gigi [Wed, 31 Aug 2016 07:28:26 +0000 (09:28 +0200)]
tc: Add support for the matchall traffic classifier.
The matchall classifier matches every packet and allows the user to apply
actions on it. In addition, it supports the skip_sw and skip_hw (as can
be found on u32 and flower filter) that direct the kernel to skip the
software/hardware processing of the actions.
This filter is very useful in usecases where every packet should be
matched. For example, packet mirroring (SPAN) can be setup very easily
using that filter.
Richard Alpe [Tue, 30 Aug 2016 08:37:00 +0000 (10:37 +0200)]
tipc: add the ability to get UDP bearer options
In this patch we introduce the ability to get UDP specific bearer
options such as remoteip, remoteport, localip and localport.
After some discussions on tipc-discussion on how to handle media
specific options we agreed to pass them after the media.
For media generic bearer options we already do:
$ tipc bearer get OPTION media MEDIA name|device NAME|DEVICE
For the UDP media specific bearer options we introduce in this path:
$ tipc bearer get media udp name NAME OPTION
such as
$ tipc bearer get media udp name NAME remoteip
This allows bash-completion to tab complete only appropriate options,
it makes more logical sense and it scales better. Even though it might
look a little different to the user.
In order to use the existing option parsing framework to do this we
add a flag (OPT_KEY) to the option parsing function.
If the UDP bearer has multiple remoteip addresses associated with it
(replicast) we handle the TIPC_NLA_UDP_MULTI_REMOTEIP flag and send
a TIPC_NL_UDP_GET_REMOTEIP query transparently to the user.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Richard Alpe [Tue, 30 Aug 2016 08:36:59 +0000 (10:36 +0200)]
tipc: introduce bearer add for remoteip
Introduce the ability to add remote IP addresses to an existing UDP
bearer. On the kernel side, adding a "remoteip" to an existing bearer
puts the bearer in "replicast" mode where TIPC multicast messages are
send out to each configured remoteip using unicast. This is required
for TIPC UDP bearers to work in environments where IP multicast is
disabled.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com>
bridge: vlan: add support to display per-vlan statistics
This patch adds support for the stats argument to the bridge
vlan command which will display the per-vlan statistics and the device
each vlan belongs to with its flags. The supported command filtering
options are dev and vid. Also the man page is updated to explain the new
option.
The patch uses the new RTM_GETSTATS interface with a filter_mask to dump
all bridges and ports vlans. Later we can add support for using the
per-device dump and filter it in the kernel instead.
Phil Sutter [Tue, 23 Aug 2016 09:52:45 +0000 (11:52 +0200)]
ip-route: Prevent some double spaces in output
The code is a bit messy, as it starts with space after text and at some
point switches to space before text. But either way, printing space
before *and* after text almost certainly leads to printing more
whitespace than necessary.
Richard Alpe [Mon, 22 Aug 2016 08:18:29 +0000 (10:18 +0200)]
tipc: add peer remove functionality
This enables a user to remove an offline peer from the kernel data
structures. This could for example be useful when deliberately scaling
in peer nodes in a cloud environment.
This functionality was first merged in: f9dec657e4 (Richard Alpe tipc: add peer remove functionality)
And later backed out (as the kernel counterpart was held up) in: 385caeb13b (Stephen Hemminger Revert "tipc: add peer remove functionality")
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com> Reviewed-by: Ying Xue <ying.xue@windriver.com>
Xin Long [Sun, 7 Aug 2016 09:12:30 +0000 (17:12 +0800)]
ip route: restore_handler should check tb[RTA_PREFSRC] for local networks
Prior to this patch, If one route entry's RTA_PREFSRC and RTA_GATEWAY
both were NULL, it was supposed to be restored ONLY as a local address.
But as it didn't check tb[RTA_PREFSRC] when restoring local networks,
rtattr_cmp would return a success if it was NULL, this route entry would
be restored again as a local network.
This patch is to add tb[RTA_PREFSRC] check when restoring local networks.
Fixes: 74af8dd9620e ("ip route: restore route entries in correct order") Signed-off-by: Xin Long <lucien.xin@gmail.com> Tested-by: Phil Sutter <phil@nwl.cc>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:58 +0000 (16:26 +0200)]
ila: show usage even if the module is not available
Currently, the `ip ila` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: ec71cae0bb7b ("ila: Support for configuring ila to use netfilter hook") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:57 +0000 (16:26 +0200)]
fou: show usage even if the module is not available
Currently, the `ip fou` command tries to initialize a genl context even
when we just want to see the help for the command, which doesn't require
to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: 6928747b6e79 ("ip fou: Support to configure foo-over-udp RX") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:56 +0000 (16:26 +0200)]
macsec: show usage even if the module is not available
Currently, the `ip macsec` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:55 +0000 (16:26 +0200)]
libgenl: introduce genl_init_handle
All users of genl have the same code to open a genl socket and resolve
the family for their specific protocol. Introduce a helper to initialize
the handle, and use it in all the genl code.
Richard Alpe [Mon, 15 Aug 2016 08:24:32 +0000 (10:24 +0200)]
tipc: refactor bearer identification
Introduce a generic function (nl_add_bearer_name()) that identifies a
bearer and adds it to an existing netlink message. This reduces code
complexity and makes the code a little bit easier to maintain.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
Richard Alpe [Mon, 15 Aug 2016 08:24:31 +0000 (10:24 +0200)]
tipc: fix UDP bearer synopsis
Local ip is not required to identify a UDP bearer and shouldn't be
passed to bearer disable, set or get. In this patch we remove the
localip entry from the synopsis of these functions.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
WANG Cong [Mon, 8 Aug 2016 23:24:45 +0000 (16:24 -0700)]
tc: fix a misleading failure
Before this patch:
# ./tc/tc actions add action drop index 11
RTNETLINK answers: File exists
We have an error talking to the kernel
Command "(null)" is unknown, try "tc actions help".
After this patch:
# ./tc/tc actions add action drop index 11
RTNETLINK answers: File exists
We have an error talking to the kernel
Cc: Stephen Hemminger <shemming@brocade.com> Cc: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
projects / mirror_iproute2.git / log