Vadim Kochan [Thu, 8 Jan 2015 17:32:22 +0000 (19:32 +0200)]
ss: Filter inet dgram sockets with established state by default
As inet dgram sockets (udp, raw) can call connect(...) - they
might be set in ESTABLISHED state. So keep the original behaviour of
'ss' which filtered them by ESTABLISHED state by default. So:
$ ss -u
or
$ ss -w
Will show only ESTABLISHED UDP sockets by default.
Nicolas Dichtel [Thu, 15 Jan 2015 10:36:25 +0000 (11:36 +0100)]
lib: fix setns() function when !HAVE_SETNS
When HAVE_SETNS is not set, iproute2 provides a local implementation of this
function based on __NR_setns.
This macro is defined in sys/syscall.h, which was not included, thus the local
implementation always returned -1.
CC: Vadim Kochan <vadim4j@gmail.com> Fixes: eb67e4498aec ("lib: Add netns_switch func for change network namespace") Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Vadim Kochan [Thu, 8 Jan 2015 00:42:54 +0000 (02:42 +0200)]
ss: Fix case when UDP is printed as ipproto-xxx
When 'ss' prints UDP sockets info together with RAW sockets
e.g.:
$ ss -a
then UDP sockets are resolved as "ipproto-xxx".
It was caused that dg_proto was set after printing UDP
socket info from netlink. So fixed issue by moving
setting dg_proto before printing info from Netlink.
Vadim Kochan [Sun, 4 Jan 2015 20:18:40 +0000 (22:18 +0200)]
ss: Filtering logic changing, with fixes
This patch fixes some filtering combinations issues which does not
work on the 'master' version:
$ ss -4
shows inet & unix sockets, instead of only inet sockets
$ ss -u
needs to specify 'state closed'
$ ss src unix:*X11*
needs to specify '-x' shortcut for UNIX family
$ ss -A all
shows only sockets with established states
There might some other issues which was not observed.
Also changed logic for calculating families, socket types and
states filtering. I think that this version is a little simpler
one. Now there are 2 predefined default tables which describes
the following maping:
Jiri Pirko [Tue, 6 Jan 2015 16:23:45 +0000 (17:23 +0100)]
libnetlink: add parse_rtattr_one_nested helper
Sometimes, it is more convenient to get only one specific nested attribute by
type. For example for IFLA_AF_SPEC where type is address family (AF_INET6).
So add this helper for this purpose.
Scott Feldman [Mon, 29 Dec 2014 20:20:07 +0000 (12:20 -0800)]
bridge/link: add learning_sync policy flag
v2:
Resending now that the dust has cleared in 3.18 on "self" vs. hwmode debate for
brport settings. learning_sync is now set/cleared using "self" qualifier on
brport.
v1:
Add 'learned_sync' flag to turn on/off syncing of learned MAC addresses from
offload device to bridge's FDB. Flag is be set/cleared on offload device port
using "self" qualifier:
$ sudo bridge link set dev swp1 learning_sync on self
$ bridge -d link show dev swp1
2: swp1 state UNKNOWN : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
hairpin off guard off root_block off fastleave off learning off flood off
2: swp1 state UNKNOWN : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0
learning on learning_sync on
Adds new IFLA_BRPORT_LEARNED_SYNCED attribute for IFLA_PROTINFO on the SELF
brport.
Roopa Prabhu [Sat, 6 Dec 2014 08:21:01 +0000 (00:21 -0800)]
bridge link: add option 'self'
Currently self is set internally only if hwmode is set.
This makes it necessary for the hw to have a mode.
There is no hwmode really required to go to hardware. So, introduce
self for anybody who wants to target hardware.
v1 -> v2
- fix a few bugs. Initialize flags to zero: this was required to
keep the current behaviour unchanged.
Heiner Kallweit [Mon, 22 Dec 2014 19:18:43 +0000 (20:18 +0100)]
ip: allow ip address show to list addresses with certain flags not being set
Sometimes it's needed to have "ip address show" list only addresses
with certain flags not being set, e.g. in network scripts.
As an example one might want to exclude addresses in "tentative"
or "deprecated" state.
Support listing addresses with flags tentative, deprecated, dadfailed
not being set by prefixing the respective flag with a minus.
Vadim Kochan [Mon, 22 Dec 2014 22:13:58 +0000 (00:13 +0200)]
ip lib: Added shorter timestamp option
Added another timestamp format to look like more logging info:
[2014-12-22T22:36:50.489 ] 2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default
link/ether 3c:97:0e:a3:86:2e brd ff:ff:ff:ff:ff:ff
vadimk [Thu, 4 Dec 2014 10:32:58 +0000 (12:32 +0200)]
ss: Use rtnl_dump_filter in handle_netlink_request
Replaced handling netlink messages by rtnl_dump_filter
from lib/libnetlink.c, also:
- removed unused dump_fp arg;
- added MAGIC_SEQ #define for 123456 seq id;
- silently exit if ENOENT errno is caused for NETLINK_SOCK_DIAG proto
in lib/libnetlink.c: rtnl_duml_filter_l(...) function. This fix
was added in a3fd8e58c1787af186f5c4b234ff974544f840b6 by Eric
for misc/ss.c
This patch makes CAN_CTRLMODE_PRESUME_ACK netlink feature configurable.
When enabled, the feature sets CAN controller in mode in which
acknowledgement absence is ignored.
Signed-off-by: Nikita Edward Baruzdin <nebaruzdin@gmail.com> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
vadimk [Fri, 5 Dec 2014 17:19:11 +0000 (19:19 +0200)]
ss: Fix layout/output issues introduced by regression
This patch fixes the following issues which was introduced by me in commits:
#1 (2dc854854b7f1b) ss: Fixed broken output for Netlink 'Peer Address:Port' column
ISSUE: Broken layout when all sockets are printed out
#2 (eef43b5052afb7) ss: Identify more netlink protocol names
ISSUE: Protocol id is not printed if 'numbers only' output was specified (-n)
Also aligned the width of the local/peer ports to be more wider.
I tested with a lot of option combinations (I may miss some test cases),
but layout seems to me better than the previous released version of iproute2/ss.
vadimk [Fri, 5 Dec 2014 00:18:59 +0000 (02:18 +0200)]
ip monitor: Fix issue when timestamp is printed w/o msg
The issue was observed when IPv6 router broadcasted NDUSEROPT
messages which are not handled by monitor and caused printing
'Timestamps' w/o message because such kind of rtnl messages is not
handled by monitor.
As 'ip monitor' by default subscribes to the all mcast rtnl groups except
RTGRP_TC then all messages of these rtnl groups which are not handled by
monitor may cause such issues.
Fixed by subscribing by default to rtnl mcast groups which are
supported by 'ip monitor'.
Nicolas Dichtel [Thu, 4 Dec 2014 16:41:07 +0000 (17:41 +0100)]
ipaddress: enable -details option
This option was used only for 'ip link', but it can be useful to have it for
'ip address'. Thus it is possible to display link details and addresses with one
command.
Example:
$ ip -d a ls dev gre1
9: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN group default
link/gre 10.16.0.249 peer 10.16.0.121 promiscuity 0
gre remote 10.16.0.121 local 10.16.0.249 ttl inherit ikey 0.0.0.10 okey 0.0.0.10 icsum ocsum
inet 192.168.0.249 peer 192.168.0.121/32 scope global gre1
valid_lft forever preferred_lft forever
inet6 fe80::5efe:a10:f9/64 scope link
valid_lft forever preferred_lft forever
Suggested-by: Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Nicolas Dichtel [Thu, 4 Dec 2014 16:41:07 +0000 (17:41 +0100)]
ipaddress: enable -details option
This option was used only for 'ip link', but it can be useful to have it for
'ip address'. Thus it is possible to display link details and addresses with one
command.
Example:
$ ip -d a ls dev gre1
9: gre1@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1468 qdisc noqueue state UNKNOWN group default
link/gre 10.16.0.249 peer 10.16.0.121 promiscuity 0
gre remote 10.16.0.121 local 10.16.0.249 ttl inherit ikey 0.0.0.10 okey 0.0.0.10 icsum ocsum
inet 192.168.0.249 peer 192.168.0.121/32 scope global gre1
valid_lft forever preferred_lft forever
inet6 fe80::5efe:a10:f9/64 scope link
valid_lft forever preferred_lft forever
Suggested-by: Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Scott Feldman [Thu, 4 Dec 2014 08:57:15 +0000 (09:57 +0100)]
bridge/fdb: add flag/indication for FDB entry synced from offload device
Add NTF_EXT_LEARNED flag to neigh flags to indicate FDB entry learned by
device has been learned externally to bridge FDB. For these entries,
add "external" annotation in bridge fdb show output:
00:02:00:00:03:00 dev swp2 used 2/2 master br0 external
00:02:00:00:03:00 dev swp2 self permanent
In the example above, 00:02:00:00:03:00 is shown twice on dev swp2. The
first entry if from the bridge (master) and is marked as "external" by
the offload device. The second entry is from the brport offload device (self),
and was learned by the device.
Signed-off-by: Scott Feldman <sfeldma@gmail.com> Signed-off-by: Jiri Pirko <jiri@resnulli.us> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
vadimk [Sun, 30 Nov 2014 16:08:25 +0000 (18:08 +0200)]
configure: Add check for the doc tools
Added checking existence of the doc files converters.
If the XXX tool exists then HAVE_XXX:=y will be written
to the Config file. Example of the configure script output:
TC schedulers
ATM no
IPT using xtables
IPSET yes
iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
Docs
latex: no
WARNING: no docs can be built from LaTeX files
sgml2html: yes
vadimk [Sat, 18 Oct 2014 17:46:29 +0000 (20:46 +0300)]
ss: Fixed broken output for Netlink 'Peer Address:Port' column
When output the netlink sockets:
ss -A netlink state close
the layout is a little broken with a shifted 'Peer Address:Port'
stars and empty new lines. Fixed by making the port field to be
wider for 'Local Address:Port' column.
vadimk [Thu, 16 Oct 2014 08:19:29 +0000 (11:19 +0300)]
ss: Remove checking SS_CLOSE state for packet and netlink
I dont see a reason that packet and netlink states will be
printed only if SS_CLOSE state is set in filter, in that case
to print states of netlink or packet sockets it is needed to run:
Tom Herbert [Fri, 7 Nov 2014 16:05:34 +0000 (08:05 -0800)]
vxlan: Add support for enabling UDP checksums
Add udpcsum option to enable transmitting UDP checksums when doing
VXLAN/IPv4. Add udp6zerocsumtx, and udp6zerocsumrx options to enable
sending zero checksums and receiving zero checksums in VXLAN/IPv6.
Tom Herbert [Wed, 5 Nov 2014 18:06:26 +0000 (10:06 -0800)]
ip link gre: Add support to configure FOU and GUE
This patch adds support to configure foo-over-udp (FOU) and Generic
UDP Encapsulation for GRE tunnels. This configuration allows selection
of FOU or GUE for the tunnel, specification of the source and
destination ports for UDP tunnel, and enabling TX checksum. This
configuration only affects the transmit side of a tunnel.
Example:
ip link add name tun1 type gre remote 192.168.1.1 local 192.168.1.2 \
ttl 225 encap fou encap-sport auto encap-dport 7777 encap-csum
This would create an GRE tunnel in GUE encapsulation where the source
port is automatically selected (based on hash of inner packet) and
checksums in the encapsulating UDP header are enabled.
Tom Herbert [Wed, 5 Nov 2014 18:06:25 +0000 (10:06 -0800)]
ip link ipip: Add support to configure FOU and GUE
This patch adds support to configure foo-over-udp (FOU) and Generic
UDP Encapsulation for IPIP and sit tunnels. This configuration allows
selection of FOU or GUE for the tunnel, specification of the source and
destination ports for UDP tunnel, and enabling TX checksum. This
configuration only affects the transmit side of a tunnel.
Example:
ip link add name tun1 type ipip remote 192.168.1.1 local 192.168.1.2 \
ttl 225 encap gue encap-sport auto encap-dport 9999 encap-csum
This would create an IPIP tunnel in GUE encapsulation where the source
port is automatically selected (based on hash of inner packet) and
checksums in the encapsulating UDP header are enabled.
Tom Herbert [Wed, 5 Nov 2014 18:06:24 +0000 (10:06 -0800)]
ip fou: Support to configure foo-over-udp RX
Added 'ip fou...' commands to enable/disable UDP ports for doing
foo-over-udp and Generic UDP Encapsulation variant. Arguments are port
number to bind to and IP protocol to map to port (for direct FOU).
Examples:
ip fou add port 7777 gue
ip fou add port 8888 ipproto 4
The first command creates a GUE port, the second creates a direct FOU
port for IPIP (receive payload is a assumed to be an IPv4 packet).
- any ipv6 tunnel mode (proto == 0) could not be set
due to incomplete set of cases in do_add, do_del.
- vti6 logic was inverted: it was using "ip6_vti0" basedev
UNLESS mode is set to vti6.
We don't need a switch by p.proto in do_add()/do_del(): it
already exists in parse_args(). So if parse_args() call
was successful, no need to check tunnel mode again.
projects / mirror_iproute2.git / log