Phil Sutter [Thu, 15 Nov 2018 13:28:59 +0000 (14:28 +0100)]
ip-address: Fix filtering by negated address flags
When disabling a flag, one needs to AND with the inverse not the flag
itself. Otherwise specifying for instance 'home -nodad' will effectively
clear the flags variable.
While being at it, simplify the code a bit by merging common parts of
negated and non-negated case branches. Also allow for the "special
cases" to be inverted, too.
Fixes: f73ac674d0abf ("ip: change flag names to an array") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Tue, 13 Nov 2018 12:39:04 +0000 (13:39 +0100)]
ip-route: Fix nexthop encap parsing
When parsing nexthop parameters, a buffer of 4k bytes is provided. Yet,
in lwt_parse_encap() and some functions called by it, buffer size was
assumed to be 1k despite the actual size was provided. This led to
spurious buffer size errors if the buffer was filled by previous nexthop
parameters to exceed that 1k boundary.
Fixes: 1e5293056a02c ("lwtunnel: Add encapsulation support to ip route") Fixes: 5866bddd9aa9e ("ila: Add support for ILA lwtunnels") Fixes: ed67f83806538 ("ila: Support for checksum neutral translation") Fixes: 86905c8f057c0 ("ila: support for configuring identifier and hook types") Fixes: b15f440e78373 ("lwt: BPF support for LWT") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Stefano Brivio [Sat, 10 Nov 2018 09:21:59 +0000 (10:21 +0100)]
testsuite: ss: Fix spacing in expected output for ssfilter.t
Since commit 00240899ec0b ("ss: Actually print left delimiter for
columns") changes spacing in ss output, we also need to adjust for that in
the ss filter test.
Fixes: 00240899ec0b ("ss: Actually print left delimiter for columns") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Jakub Kicinski [Tue, 6 Nov 2018 03:23:27 +0000 (19:23 -0800)]
tc: f_u32: allow skip_hw and skip_sw flags to be last
u32 uses NEXT_ARG() incorrectly when parsing skip_hw and skip_sw
flags. NEXT_ARG() ensures there is another argument on the command
line, and is used in handling <keyword> <value> syntax to move past
<keyword> and ensure there is a <value> to read.
Commit 5e5b3008d1fb ("tc: f_u32: Add support for skip_hw and skip_sw
flags") seems to have copy pasted the handling from the previous
command - "police", which needs an extra parameter and is kind of
special due to the use of parse_police() helper.
The combination of NEXT_ARG() and continue worked fine as long as
skip_sw/skip_hw wasn't last, e.g.:
$ tc filter add dev dummy0 ingress prio 101 protocol ipv6 \
u32 match ip6 priority 0xa0 0xe0 flowid :1 skip_hw
Command line is not complete. Try option "help"
Remove the NEXT_ARG()s and the continues, and let the argc--; argv++;
at the end of the loop do its job.
Fixes: 5e5b3008d1fb ("tc: f_u32: Add support for skip_hw and skip_sw flags") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Luca Boccassi [Fri, 2 Nov 2018 12:35:44 +0000 (12:35 +0000)]
Pass CPPFLAGS to the compiler
When building Debian packages pre-processor flags are passed via
CPPFLAGS, as the convention indicates. Specifically, the hardening
-D_FORTIFY_SOURCE=2 flag is used.
Pass CPPFLAGS to all calls of QUIET_CC together with CFLAGS.
Signed-off-by: Luca Boccassi <bluca@debian.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Alex Vesker [Thu, 8 Nov 2018 09:14:13 +0000 (11:14 +0200)]
devlink: Add missing region option to devlink man page
The region field was not added to the devlink man page.
Fixes: 8b4fbf0bed8e6 ("devlink: Add support for devlink-region access") Signed-off-by: Alex Vesker <valex@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Roopa Prabhu [Wed, 7 Nov 2018 23:14:09 +0000 (15:14 -0800)]
bridge: fdb: remove redundant dev string in show output
After commit 4abb8c723a64 ("bridge: fdb: Fix for missing
keywords in non-JSON output"), I am seeing a double print for dev
in bridge fdb show. eg:
"44:38:39:00:6a:82 dev dev bridge vlan 1 master bridge permanent"
this patch removes the redundant print.
Fixes: 4abb8c723a64 ("bridge: fdb: Fix for missing keywords in non-JSON output") CC: Phil Sutter <phil@nwl.cc> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Luca Boccassi [Thu, 1 Nov 2018 22:25:27 +0000 (22:25 +0000)]
Include bsd/string.h only in include/utils.h
This is simpler and cleaner, and avoids having to include the header
from every file where the functions are used. The prototypes of the
internal implementation are in this header, so utils.h will have to be
included anyway for those.
Fixes: 508f3c231efb ("Use libbsd for strlcpy if available") Signed-off-by: Luca Boccassi <bluca@debian.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Leon Romanovsky [Thu, 1 Nov 2018 08:35:05 +0000 (10:35 +0200)]
rdma: Refresh help section of resource information
After commit 4060e4c0d257 ("rdma: Add PD resource tracking
information"), the resource information shows PDs and MRs,
but help pages didn't fully reflect it.
Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Reviewed-by: Steve Wise <swise@opengridcomputing.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
David Ahern [Tue, 30 Oct 2018 20:59:05 +0000 (13:59 -0700)]
ip rule: Require at least one argument for add
'ip rule add' with no additional arguments just adds another rule
for the main table - which exists by default. Require at least
1 argument similar to delete.
Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
David Ahern [Tue, 30 Oct 2018 20:58:56 +0000 (13:58 -0700)]
ip rule: Honor filter arguments on flush
'ip ru flush' currently removes all rules with priority > 0 regardless
of any other command line arguments passed in. Update flush_rule to
call filter_nlmsg to determine if the rule should be flushed or not.
This enables rule flushing such as 'ip ru flush table 1001' and
'ip ru flush pref 99'.
Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Yonghong Song [Mon, 29 Oct 2018 22:32:03 +0000 (15:32 -0700)]
bpf: check map symbol type properly with newer llvm compiler
With llvm 7.0 or earlier, the map symbol type is STT_NOTYPE.
-bash-4.4$ cat t.c
__attribute__((section("maps"))) int g;
-bash-4.4$ clang -target bpf -O2 -c t.c
-bash-4.4$ readelf -s t.o
Symbol table '.symtab' contains 2 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 3 g
The following llvm commit enables BPF target to generate
proper symbol type and size.
commit bf6ec206615b9718869d48b4e5400d0c6e3638dd
Author: Yonghong Song <yhs@fb.com>
Date: Wed Sep 19 16:04:13 2018 +0000
[bpf] Symbol sizes and types in object file
Clang-compiled object files currently don't include the symbol sizes and
types. Some tools however need that information. For example, ctfconvert
uses that information to generate FreeBSD's CTF representation from ELF
files.
With this patch, symbol sizes and types are included in object files.
Signed-off-by: Paul Chaignon <paul.chaignon@orange.com> Reported-by: Yutaro Hayakawa <yhayakawa3720@gmail.com>
Hence, for llvm 8.0.0 (currently trunk), symbol type will be not NOTYPE, but OBJECT.
-bash-4.4$ clang -target bpf -O2 -c t.c
-bash-4.4$ readelf -s t.o
Symbol table '.symtab' contains 3 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FILE LOCAL DEFAULT ABS t.c
2: 0000000000000000 4 OBJECT GLOBAL DEFAULT 3 g
This patch makes sure bpf library accepts both NOTYPE and OBJECT types
of global map symbols.
Signed-off-by: Yonghong Song <yhs@fb.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Stefano Brivio [Mon, 29 Oct 2018 22:04:25 +0000 (23:04 +0100)]
ss: Actually print left delimiter for columns
While rendering columns, we use a local variable to keep track of the
field currently being printed, without touching current_field, which is
used for buffering.
Use the right pointer to access the left delimiter for the current column,
instead of always printing the left delimiter for the last buffered field,
which is usually an empty string.
This fixes an issue especially visible on narrow terminals, where some
columns might be displayed without separation.
Reported-by: YoyPa <yoann.p.public@gmail.com> Fixes: 691bd854bf4a ("ss: Buffer raw fields first, then render them as a table") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Tested-by: YoyPa <yoann.p.public@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Peter Korsgaard [Sat, 27 Oct 2018 15:31:02 +0000 (17:31 +0200)]
utils.h: provide fallback CLOCK_TAI definition
q_{etf,taprio}.c uses CLOCK_TAI, which isn't exposed by glibc < 2.21 or
uClibc, breaking the build. Provide a fallback definition like it is done
for IPPROTO_MPLS and others.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Hangbin Liu [Mon, 22 Oct 2018 07:46:18 +0000 (15:46 +0800)]
ip/geneve: fix ttl inherit behavior
Currently when we add geneve with "ttl inherit", we only set ttl to 0, which
is actually use whatever default value instead of inherit the inner protocol's
ttl value.
To make a difference with ttl inherit and ttl == 0, we add an attribute
IFLA_GENEVE_TTL_INHERIT in kernel commit 52d0d404d39dd ("geneve: add ttl
inherit support"). Now let's use "ttl inherit" to inherit the inner
protocol's ttl, and use "ttl auto" to means "use whatever default value",
the same behavior with ttl == 0.
v2:
1) remove IFLA_GENEVE_TTL_INHERIT defination in if_link.h as it's already
updated.
2) Still use addattr8() so we can enable/disable ttl inherit, as Michal
suggested.
v3: Update man page
Reported-by: Jianlin Shi <jishi@redhat.com> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Phil Sutter [Tue, 23 Oct 2018 10:36:24 +0000 (12:36 +0200)]
tc: htb: Print default value in hex
Value of 'default' is assumed to be hexadecimal when parsing, so
consequently it should be printed in hex as well. This is a regression
introduced when adding JSON output.
As requested, also change JSON output to print the value as hex string.
Fixes: f354fa6aa5ff0 ("tc: jsonify htb qdisc") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Thu, 18 Oct 2018 13:48:48 +0000 (15:48 +0200)]
tc: Remove pointless assignments in batch()
All these assignments are later overwritten without reading in between,
so just drop them.
Fixes: 485d0c6001c4a ("tc: Add batchsize feature for filter and actions") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Thu, 18 Oct 2018 13:44:14 +0000 (15:44 +0200)]
ip-route: Fix parse_encap_seg6() srh parsing
In case caller did not specify 'segs' parameter, parse_srh() would read
garbage while iterating over 'segbuf'. Avoid this by initializing
'segbuf' to an empty string.
Fixes: e8493916a8ede ("iproute: add support for SR-IPv6 lwtunnel encapsulation") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Thu, 18 Oct 2018 12:35:50 +0000 (14:35 +0200)]
rdma: Don't pass garbage to rd_check_is_filtered()
Variables 'src_port' and 'dst_port' are initialized only if attributes
RDMA_NLDEV_ATTR_RES_SRC_ADDR or RDMA_NLDEV_ATTR_RES_DST_ADDR are
present. Make sure to pass them over to rd_check_is_filtered() only if
that is the case.
Fixes: 9a362cc71a455 ("rdma: Add CM_ID resource tracking information") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Thu, 18 Oct 2018 12:30:31 +0000 (14:30 +0200)]
ip-route: Fix for memleak in error path
If call to rta_addattr_l() failed, parse_encap_seg6() would leak memory.
Fix this by making sure calls to free() are not skipped.
Fixes: bd59e5b1517b0 ("ip-route: Fix segfault with many nexthops") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Lorenzo Bianconi [Wed, 10 Oct 2018 15:00:58 +0000 (17:00 +0200)]
utils: fix get_rtnl_link_stats_rta stats parsing
iproute2 walks through the list of available tunnels using netlink
protocol in order to get device info instead of reading
them from proc filesystem. However the kernel reports device statistics
using IFLA_INET6_STATS/IFLA_INET6_ICMP6STATS attributes nested in
IFLA_PROTINFO one but iproutes expects these info in
IFLA_STATS64/IFLA_STATS attributes.
The issue can be triggered with the following reproducer:
$ip link add ip6d0 type ip6tnl mode ip6ip6 local 1111::1 remote 2222::1
$ip -6 -d -s tunnel show ip6d0
ip6d0: ipv6/ipv6 remote 2222::1 local 1111::1 encaplimit 4 hoplimit 64
tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
Dump terminated
Fix the issue introducing IFLA_INET6_STATS attribute parsing
Fixes: 3e953938717f ("iptunnel/ip6tunnel: Use netlink to walk through
tunnels list")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Lorenzo Bianconi [Wed, 10 Oct 2018 15:00:57 +0000 (17:00 +0200)]
uapi: add snmp header file
Introduce snmp header file. It will be used in subsequent patch in
order to parse device statistics reported in
IFLA_INET6_STATS/IFLA_INET6_ICMP6STATS netlink attributes
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Sabrina Dubroca [Fri, 12 Oct 2018 15:34:12 +0000 (17:34 +0200)]
macsec: fix off-by-one when parsing attributes
I seem to have had a massive brainfart with uses of
parse_rtattr_nested(). The rtattr* array must have MAX+1 elements, and
the call to parse_rtattr_nested must have MAX as its bound. Let's fix
those.
Sabrina Dubroca [Fri, 12 Oct 2018 15:34:32 +0000 (17:34 +0200)]
json: make 0xhex handle u64
Stephen converted macsec's sci to use 0xhex, but 0xhex handles
unsigned int's, not 64 bits ints. Thus, the output of the "ip macsec
show" command is mangled, with half of the SCI replaced with 0s:
# ip macsec show
11: macsec0: [...]
cipher suite: GCM-AES-128, using ICV length 16
TXSC: 0000000001560001 on SA 0
# ip -d link show macsec0
11: macsec0@ens3: [...]
link/ether 52:54:00:12:01:56 brd ff:ff:ff:ff:ff:ff promiscuity 0
macsec sci 5254001201560001 [...]
where TXSC and sci should match.
Fixes: c0b904de6211 ("macsec: support JSON") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Tue, 9 Oct 2018 12:44:08 +0000 (14:44 +0200)]
bridge: fdb: Fix for missing keywords in non-JSON output
While migrating to JSON print library, some keywords were dropped from
standard output by accident. Add them back to unbreak output parsers.
Fixes: c7c1a1ef51aea ("bridge: colorize output and use JSON print library") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds support for the new backup port option that can be set
on a bridge port. If the port's carrier goes down all of the traffic
gets redirected to the configured backup port. We add the following new
arguments:
$ ip link set dev brport type bridge_slave backup_port brport2
$ ip link set dev brport type bridge_slave nobackup_port
$ bridge link set dev brport backup_port brport2
$ bridge link set dev brport nobackup_port
The man pages are updated respectively.
Also 2 minor style adjustments:
- add missing space to bridge man page's state argument
- use lower starting case for vlan_tunnel in ip-link man page (to be
consistent with the rest)
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Vlad Buslov [Mon, 8 Oct 2018 20:52:26 +0000 (23:52 +0300)]
libnetlink: fix use-after-free of message buf
In __rtnl_talk_iov() main loop, err is a pointer to memory in dynamically
allocated 'buf' that is used to store netlink messages. If netlink message
is an error message, buf is deallocated before returning with error code.
However, on return err->error code is checked one more time to generate
return value, after memory which err points to has already been
freed. Save error code in temporary variable and use the variable to
generate return value.
Fixes: c60389e4f9ea ("libnetlink: fix leak and using unused memory on error") Signed-off-by: Vlad Buslov <vladbu@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
tc: Add support for configuring the taprio scheduler
This traffic scheduler allows traffic classes states (transmission
allowed/not allowed, in the simplest case) to be scheduled, according
to a pre-generated time sequence. This is the basis of the IEEE
802.1Qbv specification.
The configuration format is similar to mqprio. The main difference is
the presence of a schedule, built by multiple "sched-entry"
definitions, each entry has the following format:
sched-entry <CMD> <GATE MASK> <INTERVAL>
The only supported <CMD> is "S", which means "SetGateStates",
following the IEEE 802.1Qbv-2015 definition (Table 8-6). <GATE MASK>
is a bitmask where each bit is a associated with a traffic class, so
bit 0 (the least significant bit) being "on" means that traffic class
0 is "active" for that schedule entry. <INTERVAL> is a time duration
in nanoseconds that specifies for how long that state defined by <CMD>
and <GATE MASK> should be held before moving to the next entry.
This schedule is circular, that is, after the last entry is executed
it starts from the first one, indefinitely.
The other parameters can be defined as follows:
- base-time: specifies the instant when the schedule starts, if
'base-time' is a time in the past, the schedule will start at
base-time + (N * cycle-time)
where N is the smallest integer so the resulting time is greater
than "now", and "cycle-time" is the sum of all the intervals of the
entries in the schedule;
- clockid: specifies the reference clock to be used;
The parameters should be similar to what the IEEE 802.1Q family of
specification defines.
Signed-off-by: Vinicius Costa Gomes <vinicius.gomes@intel.com> Signed-off-by: Jesus Sanchez-Palencia <jesus.sanchez-palencia@intel.com> Signed-off-by: David Ahern <dsahern@gmail.com>
David Ahern [Wed, 3 Oct 2018 01:40:37 +0000 (18:40 -0700)]
Merge branch 'hdrs-for-dump-req' into iproute2-next
David Ahern says:
====================
iproute2 currently uses ifinfomsg as the header for all dumps using the
wilddump headers. This is wrong as each message type actually has its own
header type. While the kernel has traditionally let it go as it for the
most part only uses the family entry, the use of kernel side filters is
increasing to alter what is returned on a request. The kernel side filters
really need to use the proper header type.
To that end, fix iproute2 to use the proper header struct for the GET type.
David Ahern [Sat, 29 Sep 2018 17:12:59 +0000 (10:12 -0700)]
libnetlink: Rename rtnl_wilddump_stats_req_filter to rtnl_statsdump_req_filter
rtnl_wilddump_stats_req_filter only takes RTM_GETSTATS as the type argument
so rename to rtnl_statsdump_req_filter for consistency with other request
functions and hardcode the type argument.
David Ahern [Sat, 29 Sep 2018 16:56:57 +0000 (09:56 -0700)]
libnetlink: Rename rtnl_wilddump_* to rtnl_linkdump_*
Rename rtnl_wilddump_req_filter to rtnl_linkdump_req_filter,
rtnl_wilddump_request to rtnl_linkdump_req and
rtnl_wilddump_req_filter_fn to rtnl_linkdump_req_filter_fn.
In all cases drop the type argument which at this point is only
RTM_GETLINK and hardcode in the functions.
tc: f_flower: add geneve option match support to flower
Allow matching on options in Geneve tunnel headers.
The options can be described in the form
CLASS:TYPE:DATA/CLASS_MASK:TYPE_MASK:DATA_MASK, where CLASS is
represented as a 16bit hexadecimal value, TYPE as an 8bit
hexadecimal value and DATA as a variable length hexadecimal value.
e.g.
# ip link add name geneve0 type geneve dstport 0 external
# tc qdisc add dev geneve0 ingress
# tc filter add dev geneve0 protocol ip parent ffff: \
flower \
enc_src_ip 10.0.99.192 \
enc_dst_ip 10.0.99.193 \
enc_key_id 11 \
geneve_opts 0102:80:1122334421314151/ffff:ff:ffffffffffffffff \
ip_proto udp \
action mirred egress redirect dev eth1
Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com> Signed-off-by: Simon Horman <simon.horman@netronome.com> Signed-off-by: David Ahern <dsahern@gmail.com>