Phil Sutter [Tue, 23 Aug 2016 09:52:45 +0000 (11:52 +0200)]
ip-route: Prevent some double spaces in output
The code is a bit messy, as it starts with space after text and at some
point switches to space before text. But either way, printing space
before *and* after text almost certainly leads to printing more
whitespace than necessary.
Xin Long [Sun, 7 Aug 2016 09:12:30 +0000 (17:12 +0800)]
ip route: restore_handler should check tb[RTA_PREFSRC] for local networks
Prior to this patch, If one route entry's RTA_PREFSRC and RTA_GATEWAY
both were NULL, it was supposed to be restored ONLY as a local address.
But as it didn't check tb[RTA_PREFSRC] when restoring local networks,
rtattr_cmp would return a success if it was NULL, this route entry would
be restored again as a local network.
This patch is to add tb[RTA_PREFSRC] check when restoring local networks.
Fixes: 74af8dd9620e ("ip route: restore route entries in correct order") Signed-off-by: Xin Long <lucien.xin@gmail.com> Tested-by: Phil Sutter <phil@nwl.cc>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:58 +0000 (16:26 +0200)]
ila: show usage even if the module is not available
Currently, the `ip ila` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: ec71cae0bb7b ("ila: Support for configuring ila to use netfilter hook") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:57 +0000 (16:26 +0200)]
fou: show usage even if the module is not available
Currently, the `ip fou` command tries to initialize a genl context even
when we just want to see the help for the command, which doesn't require
to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: 6928747b6e79 ("ip fou: Support to configure foo-over-udp RX") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:56 +0000 (16:26 +0200)]
macsec: show usage even if the module is not available
Currently, the `ip macsec` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:55 +0000 (16:26 +0200)]
libgenl: introduce genl_init_handle
All users of genl have the same code to open a genl socket and resolve
the family for their specific protocol. Introduce a helper to initialize
the handle, and use it in all the genl code.
Richard Alpe [Mon, 15 Aug 2016 08:24:32 +0000 (10:24 +0200)]
tipc: refactor bearer identification
Introduce a generic function (nl_add_bearer_name()) that identifies a
bearer and adds it to an existing netlink message. This reduces code
complexity and makes the code a little bit easier to maintain.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
Richard Alpe [Mon, 15 Aug 2016 08:24:31 +0000 (10:24 +0200)]
tipc: fix UDP bearer synopsis
Local ip is not required to identify a UDP bearer and shouldn't be
passed to bearer disable, set or get. In this patch we remove the
localip entry from the synopsis of these functions.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
WANG Cong [Mon, 8 Aug 2016 23:24:45 +0000 (16:24 -0700)]
tc: fix a misleading failure
Before this patch:
# ./tc/tc actions add action drop index 11
RTNETLINK answers: File exists
We have an error talking to the kernel
Command "(null)" is unknown, try "tc actions help".
After this patch:
# ./tc/tc actions add action drop index 11
RTNETLINK answers: File exists
We have an error talking to the kernel
Cc: Stephen Hemminger <shemming@brocade.com> Cc: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Phil Sutter [Wed, 3 Aug 2016 09:43:45 +0000 (11:43 +0200)]
tc: Fix for missing estimator initialization
When switching to C99 initializers, I forgot to add this one. This means
that when trying to set an estimator value, tc would complain about
spurious duplicate estimator parameter. But much worse, the random
variable content is sent to the kernel regardless of whether an
estimator was given or not.
since kernel driver has valid default values for 'cipher' and 'icvlen',
there is no need for requiring users to specify both of them when a new
link is added. Also, prompt an error message and exit with appropriate
exit status in case of unsupported cipher suite.
- ip-macsec.8: fix wrong 'device' keyword in 'ip link add device eth0';
add missing description of 'validate' keyword; remove spurious bracket
near 'encrypt' keyword; add missing reference to configuration of 'port'
and 'sci'
- ip-link.8 fix wrong 'es' and 'encoding' keywords in MACsec section
Phil Sutter [Sat, 23 Jul 2016 11:28:08 +0000 (13:28 +0200)]
tc: util: bore up action_a2n()
It's a pitty this function is used nowhere, so let's polish it for use:
* Loop over branch names, makes it clear that every former conditional
was exactly identical.
* Support 'pipe' branch name, too.
* Make number parsing optional.
Phil Sutter [Sat, 23 Jul 2016 11:28:07 +0000 (13:28 +0200)]
tc: Reformat tc_util.h
* Drop 'extern' keyword before function declarations.
* Add parameter names where they were missing for matters of
consistency.
* Drop fancy indenting (e.g. tab between type and name).
* Break long lines to not exceed 80 columns.
Phil Sutter [Mon, 18 Jul 2016 14:48:43 +0000 (16:48 +0200)]
Replace malloc && memset by calloc
This only replaces occurrences where the newly allocated memory is
cleared completely afterwards, as in other cases it is a theoretical
performance hit although code would be cleaner this way.
Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: David Ahern <dsa@cumulusnetworks.com>
Phil Sutter [Mon, 18 Jul 2016 14:48:42 +0000 (16:48 +0200)]
Use C99 style initializers everywhere
This big patch was compiled by vimgrepping for memset calls and changing
to C99 initializer if applicable. One notable exception is the
initialization of union bpf_attr in tc/tc_bpf.c: changing it would break
for older gcc versions (at least <=3.4.6).
Calls to memset for struct rtattr pointer fields for parse_rtattr*()
were just dropped since they are not needed.
The changes here allowed the compiler to discover some unused variables,
so get rid of them, too.
Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: David Ahern <dsa@cumulusnetworks.com>
Phil Sutter [Mon, 18 Jul 2016 14:48:41 +0000 (16:48 +0200)]
tc: m_action: Improve conversion to C99 style initializers
This improves my initial change in the following points:
- Flatten embedded struct's initializers.
- No need to initialize variables to zero as the key feature of C99
initializers is to do this implicitly.
- By relocating the declaration of struct rtattr *tail, it can be
initialized at the same time.
Fixes: a0a73b298a579 ("tc: m_action: Use C99 style initializers for struct req") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: David Ahern <dsa@cumulusnetworks.com>
Storing the schema file for the json format will be useful for doc
purposes as optional paramaters are typically suppressed in the json
sample outputs.
David Ahern [Fri, 15 Jul 2016 22:41:35 +0000 (15:41 -0700)]
ss: Fix support for device filter by index
Support was recently added for device filters. The intent was to allow
the device to be specified by name or index, and using the if%u format
(dev == if5) or the simpler and more intuitive index alone (dev == 5).
The latter case is broken since the index is not saved to the filter
after the strtoul conversion. Further, the tmp variable used for the
conversion shadows another variable used in the function. Fix both.
With this change all 3 variants work as expected:
$ ss -t 'dev == 62'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 224 10.0.1.3%mgmt:ssh 192.168.0.50:58442
$ ss -t 'dev == mgmt'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 224 10.0.1.3%mgmt:ssh 192.168.0.50:58442
$ ss -t 'dev == if62'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 36 10.0.1.3%mgmt:ssh 192.168.0.50:58442
Fixes: 2d2932125616 ("ss: Add support to filter on device") Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Daniel Borkmann [Mon, 18 Jul 2016 23:09:52 +0000 (01:09 +0200)]
bpf: also check elf for official e_machine value
Use the official BPF ELF e_machine value that was assigned recently [1]
and will be propagated to glibc, libelf et al. LLVM will switch to it
in 3.9 release, therefore we need to prepare tc to check for EM_ELF as
well, older version still have the EM_NONE.
Xin Long [Tue, 12 Jul 2016 13:37:58 +0000 (21:37 +0800)]
ip route: restore route entries in correct order
Sometimes we cannot restore route entries, because in kernel
[1] fib_check_nh()
[2] fib_valid_prefsrc()
cause some routes to depend on existence of others while adding.
For example, we saved all the routes, and flushed all tables
[a] default via 192.168.122.1 dev eth0
[b] 192.168.122.0/24 dev eth0 src 192.168.122.21
[c] broadcast 127.0.0.0 dev lo table local src 127.0.0.1
[d] local 127.0.0.0/8 dev lo table local src 127.0.0.1
[e] local 127.0.0.1 dev lo table local src 127.0.0.1
[f] broadcast 127.255.255.255 dev lo table local src 127.0.0.1
[g] broadcast 192.168.122.0 dev eth0 table local src 192.168.122.21
[h] local 192.168.122.21 dev eth0 table local src 192.168.122.21
[i] broadcast 192.168.122.255 dev eth0 table local src 192.168.122.21
Now start to restore them:
If we want to add [a], we have to add [b] first, as [1] and
'via 192.168.122.1' in [a].
If we want to add [b], we have to add [h] first, as [2] and
'src 192.168.122.21' in [b].
So the correct order to restore should be like:
[e][h] -> [b][c][d][f][g][i] -> [a]
This patch fixes it by traversing the file 3 times, it only restores
part of them in each run according to the following conditions, to
make sure every entry can be restored successfully.
1. !gw && (!fib_prefsrc || fib_prefsrc == cfg->fc_dst)
2. !gw && (fib_prefsrc != cfg->fc_dst)
3. gw
Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Phil Sutter <phil@nwl.cc>
Eli Cohen [Thu, 7 Jul 2016 21:09:03 +0000 (16:09 -0500)]
Add support for configuring Infiniband GUIDs
Add two NLA's that allow configuration of Infiniband node or port GUIDs
by referencing the IPoIB net device set over the physical function. The
format to be used is as follows:
ip link set dev ib0 vf 0 node_guid 00:02:c9:03:00:21:6e:70
ip link set dev ib0 vf 0 port_guid 00:02:c9:03:00:21:6e:78
David Ahern [Wed, 29 Jun 2016 18:27:02 +0000 (11:27 -0700)]
ip route: Add support for vrf keyword
Add vrf keyword to 'ip route' commands. Allows:
1. Users can list routes by VRF name:
$ ip route show vrf NAME
VRF tables have all routes including local and broadcast routes.
The VRF keyword filters LOCAL and BROADCAST routes; to see all
routes the table option can be used. Or to see local routes only
for a VRF:
$ ip route show vrf NAME type local
2. Add or delete a route for a VRF:
$ ip route {add|delete} vrf NAME <route spec>
3. Do a route lookup for a VRF:
$ ip route get vrf NAME ADDRESS
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Amir Vadai [Mon, 4 Jul 2016 07:34:11 +0000 (10:34 +0300)]
tc: flower: Add skip_{hw|sw} support
On devices that support TC flower offloads, these flags enable a filter to be
added only to HW or only to SW. skip_sw and skip_hw are mutually exclusive
flags. By default without any flags, the filter is added to both HW and SW,
but no error checks are done in case of failure to add to HW.
With skip-sw, failure to add to HW is treated as an error.
Here is a sample script that adds 2 filters, one with skip_sw and the other
with skip_hw flag.
# add ingress qdisc
tc qdisc add dev enp0s9 ingress
# enable hw tc offload.
ethtool -K enp0s9 hw-tc-offload on
# add a flower filter with skip-sw flag.
tc filter add dev enp0s9 protocol ip parent ffff: flower \
ip_proto 1 indev enp0s9 skip_sw \
action drop
# add a flower filter with skip-hw flag.
tc filter add dev enp0s9 protocol ip parent ffff: flower \
ip_proto 3 indev enp0s9 skip_hw \
action drop
Signed-off-by: Amir Vadai <amirva@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com>
actions: skbedit add support for mod-ing skb pkt_type
I'll make a formal submission sans the header when the kernel patches
makes it in. This version is for someone who wants to play around with
the net-next kernel patches i sent
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Phil Sutter [Thu, 30 Jun 2016 14:47:02 +0000 (16:47 +0200)]
ip-address: constify match_link_kind arg
Since the function won't ever change the data 'kind' is pointing at, it
can sanely be made const.
Fixes: e0513807f6dbb ("ip-address: Support filtering by slave type, too") Suggested-by: Stephen Hemminger <shemming@brocade.com> Signed-off-by: Phil Sutter <phil@nwl.cc>
Andrew Vagin [Tue, 28 Jun 2016 23:27:14 +0000 (02:27 +0300)]
ip route: timeout for routes has to be set in seconds
Currently a timeout is multiplied by HZ in user-space and
then it multiplied by HZ in kernel-space.
$ ./ip/ip r add 2002::0/64 dev veth1 expires 10
$ ./ip/ip -6 r
2002::/64 dev veth1 metric 1024 linkdown expires 996sec pref medium
Cc: Xin Long <lucien.xin@gmail.com> Cc: Hangbin Liu <liuhangbin@gmail.com> Cc: Stephen Hemminger <shemming@brocade.com> Fixes: 68eede250500 ("route: allow routes to be configured with expire values") Signed-off-by: Andrew Vagin <avagin@virtuozzo.com>