]> git.proxmox.com Git - mirror_iproute2.git/log
mirror_iproute2.git
6 years agordma: add UAPI rdma_user_cm.h
Steve Wise [Thu, 29 Mar 2018 16:10:32 +0000 (09:10 -0700)]
rdma: add UAPI rdma_user_cm.h

This allows parsing rdma_cm_id UAPI values.

Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agordma: update rdma_netlink.h
Steve Wise [Thu, 29 Mar 2018 16:10:30 +0000 (09:10 -0700)]
rdma: update rdma_netlink.h

Pull in the latest rdma_netlink.h which has support for
the rdma nldev resource tracking objects being added
with this patch series.

Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: enable json output for actions
Roman Mashak [Wed, 28 Mar 2018 20:59:44 +0000 (16:59 -0400)]
tc: enable json output for actions

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: add oneline mode
Roman Mashak [Thu, 29 Mar 2018 22:12:35 +0000 (18:12 -0400)]
tc: add oneline mode

Add initial support for oneline mode in tc; actions, filters and qdiscs
will be gradually updated in the follow-up patches.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoMerge branch 'tipc-addr' into iproute2-next
David Ahern [Thu, 29 Mar 2018 17:50:30 +0000 (10:50 -0700)]
Merge branch 'tipc-addr' into iproute2-next

Jon Maloy  says:

====================

1: We introduce ability to set/get 128-bit node identities
2: We rename 'net id' to 'cluster id' in the command API,
   of course in a compatible way.
3: We print out all 32-bit node addresses as an integer in hex format,
   i.e., we remove the assumption about an internal structure.
====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotipc: change node address printout formats
Jon Maloy [Wed, 28 Mar 2018 16:52:14 +0000 (18:52 +0200)]
tipc: change node address printout formats

Since a node address now per definition is only an unstructured 32-bit
integer it makes no sense print it out as a structured string.

In this commit, we replace all occurrences of "<Z.C.N>" printouts with
just an "%x".

Acked-by: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotipc: introduce command for handling a new 128-bit node identity
Jon Maloy [Wed, 28 Mar 2018 16:52:13 +0000 (18:52 +0200)]
tipc: introduce command for handling a new 128-bit node identity

We add the possibility to set and get a 128 bit node identifier, as
an alternative to the legacy 32-bit node address we are using now.

We also add an option to set and get 'clusterid' in the node. This
is the same as what we have so far called 'netid' and performs the
same operations. For compatibility the old 'netid' commands are
retained, -we just remove them from the help texts.

Acked-by: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip/l2tp: add JSON support
Stephen Hemminger [Wed, 28 Mar 2018 01:07:45 +0000 (18:07 -0700)]
ip/l2tp: add JSON support

Convert ip l2tp to use JSON output routines.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip/ila: support json and color
Stephen Hemminger [Wed, 28 Mar 2018 01:07:44 +0000 (18:07 -0700)]
ip/ila: support json and color

Use json print to enhance ila output.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoMerge branch 'tipc-stats' into iproute2-next
David Ahern [Thu, 29 Mar 2018 03:28:58 +0000 (20:28 -0700)]
Merge branch 'tipc-stats' into iproute2-next

GhantaKrishnamurthy MohanKrishna
         says:

====================

The following patchset add user space TIPC socket diagnostics support
in ss tool of iproute2. It requires the sock_diag framework
for AF_TIPC support in the kernel, commit id: c30b70deb5f
(tipc: implement socket diagnostics for AF_TIPC).

tipc socket stats are requested with the "--tipc" option. Additional
tipc specific info are requested with "--tipcinfo" option.

This patchset is based on top of iproute2 v4.15.0-100-g4f63187
commitid: f85adc6. It has been co-authored by
Parthasarathy Bhuvaragan.

Example output (the first socket is the internal topology server)

State  Recv-Q  Send-Q     Local Address:Port           Peer Address:Port
UNCONN 0       0               16781313:2809484547                 -             ino:13348 sk:4 users:(("tipc-pipe",pid=292,fd=3))
LISTEN 0       0               16781313:4117673024                 -             ino:13346 sk:5 users:(("tipc-pipe",pid=291,fd=3))
ESTAB  0       0               16781313:484097386          16781313:3203149317   ino:13345 sk:6 users:(("tipc-pipe",pid=294,fd=4))
LISTEN 0       0               16781313:2438310591                 -             ino:13344 sk:7 users:(("tipc-pipe",pid=294,fd=3),("tipc-pipe",pid=290,fd=3))
LISTEN 0       0               16781313:2658440413                 -             ino:12368 sk:3
ESTAB  0       0               16781313:3203149317         16781313:484097386    ino:13349 sk:8 users:(("tipc-pipe",pid=293,fd=3))

State  Recv-Q  Send-Q     Local Address:Port           Peer Address:Port
UNCONN 0       0               16781313:2809484547                 -
type:RDM cong:none  drop:0  publ
LISTEN 0       0               16781313:4117673024                 -
type:SEQPACKET cong:none  drop:0  publ
ESTAB  0       0               16781313:484097386          16781313:3203149317
type:STREAM cong:none  drop:0  via {1000,1000}
LISTEN 0       0               16781313:2438310591                 -
type:STREAM cong:none  drop:0  publ
LISTEN 0       0               16781313:2658440413                 -
type:SEQPACKET cong:none  drop:0  publ
ESTAB  0       0               16781313:3203149317         16781313:484097386
type:STREAM cong:none  drop:0  via {1000,1000}

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoss: Add support for TIPC socket diag in ss tool
GhantaKrishnamurthy MohanKrishna [Fri, 23 Mar 2018 14:01:02 +0000 (15:01 +0100)]
ss: Add support for TIPC socket diag in ss tool

For iproute 4.x
Allow TIPC socket statistics to be dumped with --tipc
and tipc specific info with --tipcinfo.

Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoUpdate kernel headers
David Ahern [Thu, 29 Mar 2018 03:26:25 +0000 (20:26 -0700)]
Update kernel headers

Update kernel headers to commit 5d22d47b9ed9
("Merge branch 'sfc-filter-locking'")

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoMerge branch 'iproute2-master' into iproute2-next
David Ahern [Tue, 27 Mar 2018 19:33:02 +0000 (12:33 -0700)]
Merge branch 'iproute2-master' into iproute2-next

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoDrop capabilities if not running ip exec vrf with libcap
Luca Boccassi [Tue, 27 Mar 2018 17:48:55 +0000 (18:48 +0100)]
Drop capabilities if not running ip exec vrf with libcap

ip vrf exec requires root or CAP_NET_ADMIN, CAP_SYS_ADMIN and
CAP_DAC_OVERRIDE. It is not possible to run unprivileged commands like
ping as non-root or non-cap-enabled due to this requirement.
To allow users and administrators to safely add the required
capabilities to the binary, drop all capabilities on start if not
invoked with "vrf exec".
Update the manpage with the requirements.

Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agossfilter: Eliminate shift/reduce conflicts
Phil Sutter [Sat, 24 Mar 2018 17:45:14 +0000 (18:45 +0100)]
ssfilter: Eliminate shift/reduce conflicts

The problematic bit was the 'expr: expr expr' rule. Fix this by making
'expr' token represent a single filter only and introduce a new token
'exprlist' to represent a combination of filters.

Signed-off-by: Phil Sutter <phil@nwl.cc>
6 years agoman: tc-vlan.8: Fix for incorrect example
Phil Sutter [Fri, 23 Mar 2018 20:18:56 +0000 (21:18 +0100)]
man: tc-vlan.8: Fix for incorrect example

This has to be a second match statement to the same u32 filter, not a
second one (which tc-filter doesn't support at all).

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: fix port new monitoring message typo
Jiri Pirko [Fri, 23 Mar 2018 12:19:13 +0000 (13:19 +0100)]
devlink: fix port new monitoring message typo

s/net/new/

Fixes: a3c4b484a1ed ("add devlink tool")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoss: Fix rendering of continuous output (-E, --events)
Stefano Brivio [Fri, 23 Mar 2018 08:37:05 +0000 (09:37 +0100)]
ss: Fix rendering of continuous output (-E, --events)

Roman Mashak reported that ss currently shows no output when it
should continuously report information about terminated sockets
(-E, --events switch).

This happens because I missed this case in 691bd854bf4a ("ss:
Buffer raw fields first, then render them as a table") and the
rendering function is simply not called.

To fix this, we need to:

- call render() every time we need to display new socket events
  from generic_show_sock(), which is only used to follow events.
  Always call it even if specific socket display functions
  return errors to ensure we clean up buffers

- get the screen width every time we have new events to display,
  thus factor out getting the screen width from main() into a
  function we'll call whenever we calculate columns width

- reset the current field pointer after rendering, more output
  might come after render() is called

Reported-by: Roman Mashak <mrv@mojatatu.com>
Fixes: 691bd854bf4a ("ss: Buffer raw fields first, then render them as a table")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoman: ip-route.8: ssthresh parameter is NUMBER
Phil Sutter [Thu, 22 Mar 2018 14:00:38 +0000 (15:00 +0100)]
man: ip-route.8: ssthresh parameter is NUMBER

Synopsis section was inconsistent with regards to help text and later
description of ssthresh parameter.

Signed-off-by: Phil Sutter <phil@nwl.cc>
6 years agotc: print actual action for connmark action
Roman Mashak [Tue, 20 Mar 2018 17:45:38 +0000 (13:45 -0400)]
tc: print actual action for connmark action

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
6 years agoMerge branch 'revert'
Stephen Hemminger [Tue, 27 Mar 2018 15:58:36 +0000 (08:58 -0700)]
Merge branch 'revert'

6 years agotreat "default" and "all"/"any" addresses differenty
Alexander Zubkov [Sun, 18 Mar 2018 16:50:25 +0000 (17:50 +0100)]
treat "default" and "all"/"any" addresses differenty

Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.

Recently behavior of "default" prefix parameter was corrected. But at
the same time behavior of "all"/"any" was altered too, because they
were the same branch of the code. As those parameters mean different,
they need to be treated differently in code too. This patch reflects
the difference.

Also after mentioned change, address parsing code was changed more
and address family was set explicitly even for "all"/"any" addresses.
And that broke matching conditions further. This patch fixes that too
and returns AF_UNSPEC to "all"/"any" address.

Now "default" is treated as top-level prefix (for example 0.0.0.0/0 in
IPv4) and "all"/"any" always matches anything in exact, root and match
modes.

Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Alexander Zubkov <green@msu.ru>
6 years agotc: Fix compilation error with old iptables
Roi Dayan [Tue, 27 Mar 2018 09:20:48 +0000 (12:20 +0300)]
tc: Fix compilation error with old iptables

The compat_rev field does not exists in old versions of iptables.
e.g. iptables 1.4.

Fixes: dd29621578d2 ("tc: add em_ipt ematch for calling xtables matches from tc matching context")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agordma: Move RDMA UAPI header file to be under RDMA responsibility
Leon Romanovsky [Sun, 25 Mar 2018 06:38:56 +0000 (09:38 +0300)]
rdma: Move RDMA UAPI header file to be under RDMA responsibility

In iproute2 package, the updates of UAPIs files are performed
after the needed feature lands in kernel's net-next tree.

Such development flow created delays to the rdma tool developers,
who uses rdma-next tree as a basis for their work.

Move RDMA UAPI file to be under rdma/ folder, so whole responsibility
of syncing this file will be on them.

Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agobridge: add option extern_learn to set NTF_EXT_LEARNED on fdb entries
Roopa Prabhu [Mon, 19 Mar 2018 17:20:10 +0000 (10:20 -0700)]
bridge: add option extern_learn to set NTF_EXT_LEARNED on fdb entries

NTF_EXT_LEARNED can be set by a user on bridge fdb entry.
Provide a bridge command option to allow a user to set
NTF_EXT_LEARNED on a bridge fdb entry.

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotreat "default" and "all"/"any" addresses differenty
Alexander Zubkov [Sun, 18 Mar 2018 16:50:25 +0000 (17:50 +0100)]
treat "default" and "all"/"any" addresses differenty

Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.

Recently behavior of "default" prefix parameter was corrected. But at
the same time behavior of "all"/"any" was altered too, because they
were the same branch of the code. As those parameters mean different,
they need to be treated differently in code too. This patch reflects
the difference.

Also after mentioned change, address parsing code was changed more
and address family was set explicitly even for "all"/"any" addresses.
And that broke matching conditions further. This patch fixes that too
and returns AF_UNSPEC to "all"/"any" address.

Now "default" is treated as top-level prefix (for example 0.0.0.0/0 in
IPv4) and "all"/"any" always matches anything in exact, root and match
modes.

Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Alexander Zubkov <green@msu.ru>
6 years agotc: use get_u32() in psample action to match types
Roman Mashak [Tue, 13 Mar 2018 21:16:23 +0000 (17:16 -0400)]
tc: use get_u32() in psample action to match types

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Acked-by: Yotam Gigi <yotam.gi@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agotc: print actual action for sample action
Roman Mashak [Tue, 13 Mar 2018 13:57:10 +0000 (09:57 -0400)]
tc: print actual action for sample action

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agotc: Add JSON output of fq_codel stats
Toke Høiland-Jørgensen [Thu, 8 Mar 2018 22:31:37 +0000 (23:31 +0100)]
tc: Add JSON output of fq_codel stats

Enable proper JSON output support for fq_codel in `tc -s qdisc` output.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: Add missing documentation for codel and fq_codel parameters
Toke Høiland-Jørgensen [Thu, 8 Mar 2018 22:31:36 +0000 (23:31 +0100)]
tc: Add missing documentation for codel and fq_codel parameters

Add missing documentation of the memory_limit fq_codel parameter and the
ce_threshold codel and fq_codel parameters.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: f_flower: Add support for matching first frag packets
Pieter Jansen van Vuuren [Fri, 9 Mar 2018 10:07:22 +0000 (11:07 +0100)]
tc: f_flower: Add support for matching first frag packets

Add matching support for distinguishing between first and later fragmented
packets.

 # tc filter add dev eth0 protocol ip parent ffff: \
     flower indev eth0 \
ip_flags firstfrag \
        ip_proto udp \
    action mirred egress redirect dev eth1

 # tc filter add dev eth0 protocol ip parent ffff: \
     flower indev eth0 \
ip_flags nofirstfrag \
        ip_proto udp \
    action mirred egress redirect dev eth1

Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoUpdate kernel headers
David Ahern [Wed, 14 Mar 2018 00:59:59 +0000 (17:59 -0700)]
Update kernel headers

Update kernel headers to commit a870a02cc963
("pktgen: use dynamic allocation for debug print buffer")

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoMerge branch 'iproute2-master' into iproute2-next
David Ahern [Wed, 14 Mar 2018 00:48:10 +0000 (17:48 -0700)]
Merge branch 'iproute2-master' into iproute2-next

Conflicts:
bridge/mdb.c

Updated bridge/bridge.c per removal of check_if_color_enabled by commit
1ca4341d2c6b ("color: disable color when json output is requested")

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoRevert "iproute: "list/flush/save default" selected all of the routes"
Stephen Hemminger [Mon, 12 Mar 2018 20:58:17 +0000 (13:58 -0700)]
Revert "iproute: "list/flush/save default" selected all of the routes"

This reverts commit 9135c4d6037ff9f1818507bac0049fc44db8c3d2.

Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.

Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoMerge branch 'mcast-json' into iproute2-next
David Ahern [Mon, 12 Mar 2018 01:53:36 +0000 (18:53 -0700)]
Merge branch 'mcast-json' into iproute2-next

Stephen Hemminger  says:

====================

From: Stephen Hemminger <sthemmin@microsoft.com>

Some more JSON support and report better error if kernel
is configured without multicast.

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipmroute: better error message if no kernel mroute
Stephen Hemminger [Fri, 9 Mar 2018 02:02:19 +0000 (18:02 -0800)]
ipmroute: better error message if no kernel mroute

If kernel does not support the IP multicast address family,
then it will report all routes (PF_UNSPEC).
Give the user a better error message and abort the command.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipmroute: convert to output JSON
Stephen Hemminger [Fri, 9 Mar 2018 02:02:18 +0000 (18:02 -0800)]
ipmroute: convert to output JSON

Should be no change for non-json case except putting color
on address if desired.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipmaddr: json and color support
Stephen Hemminger [Fri, 9 Mar 2018 02:02:17 +0000 (18:02 -0800)]
ipmaddr: json and color support

Support printing mulitcast addresses in json and color mode.
Output format is unchanged for normal use.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoMerge branch 'iplink-parse' into iproute2-next
David Ahern [Mon, 12 Mar 2018 01:46:07 +0000 (18:46 -0700)]
Merge branch 'iplink-parse' into iproute2-next

Serhey Popovych  says:

====================

This is main routine to parse ip-link(8) configuration parameters.

Move all code related to command line parsing and validation to it from
iptables_modify(). As benefit we reduce number of arguments as well as
checking for most of weired cases in single place to give benefit to
iptables_parse() users.

See individual patch description message for more information.

v4
  Drop patches intended to reduce number of arguments to
  iptables_parse(): postpone to the series with real use cases.

  Save only ifi_index in iplink_vxcan.c and link_veth.c: no need
  to save whole ifinfomsg data structure.

  Note that there is no sense to introduce custom version of
  iplink_parse() to use in iplink_vxcan.c and link_veth.c because
  there is too much parameters we need to support (except VF and
  few others) making huge code duplication.

v3
  Move vxlan/veth ifinfomsg save/restore to separate patch to
  make clear change that perform most of request buffer setups
  and checks in iplink_parse().

  Update commit message descriptions and extra new line from
  "utils: Introduce and use nodev() helper routine" patch.

v2
  Terminate via exit() when failing to parse command line arguments
  to help identify failing line in batch mode.

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoiplink: Perform most of request buffer setups and checks in iplink_parse()
Serhey Popovych [Wed, 7 Mar 2018 08:40:39 +0000 (10:40 +0200)]
iplink: Perform most of request buffer setups and checks in iplink_parse()

To benefit other users (e.g. link_veth.c) of iplink_parse() from
additional attribute checks and setups made in iplink_modify(). This
catches most of weired cobination of parameters to peer device
configuration.

Drop @name, @dev, @link, @group and @index from iplink_parse() parameters
list: they are not needed outside.

While there change return -1 to exit(-1) for group parsing errors: we
want to stop further command processing unless -force option is given
to get error line easily.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
6 years agoiplink: Follow documented behaviour when "index" is given
Serhey Popovych [Wed, 7 Mar 2018 08:40:38 +0000 (10:40 +0200)]
iplink: Follow documented behaviour when "index" is given

Both ip-link(8) and error message when "index" parameter is given for
set/delete case says that index can only be given during network
device creation.

Follow this documented behaviour and get rid of ambiguous behaviour in
case of both "dev" and "index" specified for ip link delete scenario
(actually "index" being ignored in favor to "dev").

Prohibit "index" when configuring/deleting group of network devices.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
6 years agoiplink: Use "dev" and "name" parameters interchangeable when possible
Serhey Popovych [Wed, 7 Mar 2018 08:40:37 +0000 (10:40 +0200)]
iplink: Use "dev" and "name" parameters interchangeable when possible

Both of them accept network device name as argument, but have different
meaning:

  dev  - is a device by it's name,
  name - name for specific device.

The only case where they treated separately is network device rename
case where need to specify both ifindex and new name. In rest of the
cases we can assume that dev == name.

With this change we do following:

  1) Kill ambiguity with both "dev" and "name" parameters given the same
     name:

       ip link {add|set} dev veth100a name veth100a ...

  2) Make sure we do not accept "name" more than once.

  3) For VF and XDP treat "name" as "dev". Fail in case of "dev" is
     given after VF and/or XDP parsing.

  4) Make veth and vxcan to accept both "name" and "dev" as their peer
     parameters, effectively following general ip-link(8) utility
     behaviour on link create:

       ip link add {name|dev} veth1a type veth peer {name|dev} veth1b

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
6 years agoutils: Introduce and use nodev() helper routine
Serhey Popovych [Wed, 7 Mar 2018 08:40:36 +0000 (10:40 +0200)]
utils: Introduce and use nodev() helper routine

There is a couple of places where we report error in case of no network
device is found. In all of them we output message in the same format to
stderr and either return -1 or 1 to the caller or exit with -1.

Introduce new helper function nodev() that takes name of the network
device caused error and returns -1 to it's caller. Either call exit()
or return to the caller to preserve behaviour before change.

Use -nodev() in traffic control (tc) code to return 1.

Simplify expression for checking for argument being 0/NULL in @if
statement.

Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
6 years agoip-address: Fix negative prints of large TX rate limits
Tariq Toukan [Thu, 8 Mar 2018 16:08:26 +0000 (18:08 +0200)]
ip-address: Fix negative prints of large TX rate limits

TX rate limit fields are unsigned (__u32).
Use %u and print_uint when printing.

Tested:
$ ip link set ens1 vf 1 rate 2294967296
$ ip link show |grep -iE "vf 1" | grep rate

before:
vf 1 MAC 00:00:00:00:00:00, tx rate -2000000000 (Mbps), max_tx_rate -2000000000Mbps, ...

after:
vf 1 MAC 00:00:00:00:00:00, tx rate 2294967296 (Mbps), max_tx_rate 2294967296Mbps, ...

Fixes: 3fd86630876a ("iproute2: rework SR-IOV VF support")
Fixes: 8c29ae7cc249 ("ip link: Fix crash on older kernels when show VF dev")
Fixes: f89a2a05ffa9 ("Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool")
Fixes: ae7229d5f99e ("ip: Add support for setting and showing SR-IOV virtual funtion link params")
Fixes: d0e720111aad ("ip: ipaddress.c: add support for json output")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
6 years agoiprule: support for ip_proto, sport and dport match options
Roopa Prabhu [Thu, 8 Mar 2018 18:06:47 +0000 (10:06 -0800)]
iprule: support for ip_proto, sport and dport match options

add support to match on ip_proto, sport and dport ranges.
For ip_proto, this patch currently enumerates, tcp, udp and sctp.
This list can be extended in the future.

example:
$ip rule add sport 666-777 dport 999 ip_proto tcp table 100
$ip rule show
0:      from all lookup local
32765:  from all ip_proto 6 sport 666-777 dport 999 lookup 100
32766:  from all lookup main
32767:  from all lookup default

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agonetns: add JSON support
Stephen Hemminger [Thu, 8 Mar 2018 16:39:10 +0000 (08:39 -0800)]
netns: add JSON support

Basic support for JSON output when showing network namespaces.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoUpdate kernel headers to 4.16.0-rc4+
David Ahern [Thu, 8 Mar 2018 17:34:05 +0000 (09:34 -0800)]
Update kernel headers to 4.16.0-rc4+

Update kernel headers to commit 08a24239cd46
("Merge branch 'hns3-next'")

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agordma: Update device capabilities flags
Leon Romanovsky [Wed, 7 Mar 2018 09:05:35 +0000 (11:05 +0200)]
rdma: Update device capabilities flags

In kernel commit e1d2e8873369 ("IB/core: Add PCI write
end padding flags for WQ and QP"), we introduced new
device capability to advertise PCI write end padding.

PCI write end padding is the device's ability to pad the ending of
incoming packets (scatter) to full cache line such that the last
upstream write generated by an incoming packet will be a full cache
line.

This commit updates RDMAtool to present this field.

Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: updated tc-bpf man page
Roman Mashak [Wed, 7 Mar 2018 14:35:39 +0000 (09:35 -0500)]
tc: updated tc-bpf man page

Added description of direct-action parameter.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
6 years agoMerge branch 'macsec-json' into iproute2-next
David Ahern [Wed, 7 Mar 2018 16:43:29 +0000 (08:43 -0800)]
Merge branch 'macsec-json' into iproute2-next

Stephen Hemminger  says:

====================

The macsec code didn't really support JSON and had several
pieces of copy/pasted code.

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agomacsec: support JSON
Stephen Hemminger [Tue, 6 Mar 2018 06:58:30 +0000 (22:58 -0800)]
macsec: support JSON

The JSON support in macsec code was mostly missing and what was
there was broken. This uses new json_print utilities to complete
output.

Compile tested only.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipmacsec: collapse common code
Stephen Hemminger [Tue, 6 Mar 2018 06:58:29 +0000 (22:58 -0800)]
ipmacsec: collapse common code

Several places copy/paste same code for printing array of statistics.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip: macsec cleanup
Stephen Hemminger [Tue, 6 Mar 2018 06:58:28 +0000 (22:58 -0800)]
ip: macsec cleanup

Break long lines and use const as recommended by checkpatch.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoMerge branch 'more-json' into iproute2-next
David Ahern [Tue, 6 Mar 2018 23:48:22 +0000 (15:48 -0800)]
Merge branch 'more-json' into iproute2-next

Stephen Hemminger says:

====================

The ip command implementation of JSON was very spotty. Only address
and link were originally implemented. After doing route for next,
went ahead and implemented it for a bunch of the other sub commands.

Hopefully will reach full coverage soon.

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agofou: support JSON output
Stephen Hemminger [Tue, 6 Mar 2018 21:07:20 +0000 (13:07 -0800)]
fou: support JSON output

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agofou: break long lines
Stephen Hemminger [Tue, 6 Mar 2018 21:07:19 +0000 (13:07 -0800)]
fou: break long lines

Split up long lines.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotuntap: support JSON output
Stephen Hemminger [Tue, 6 Mar 2018 21:07:18 +0000 (13:07 -0800)]
tuntap: support JSON output

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotoken: support JSON
Stephen Hemminger [Tue, 6 Mar 2018 21:07:17 +0000 (13:07 -0800)]
token: support JSON

Add JSON output to ip token command.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipsr: add json support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:16 +0000 (13:07 -0800)]
ipsr: add json support

Add json flag to ip sr command outputs.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotcp_metrics: add json support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:15 +0000 (13:07 -0800)]
tcp_metrics: add json support

Add JSON support to the ip tcp_metrics output.

$ ip -j -p tcp_metrics show
[ {
        "dst": "192.18.1.11",
        "age": 23617.8,
        "ssthresh": 7,
        "cwnd": 3,
        "rtt": 0.039176,
        "rttvar": 0.039176,
        "source": "192.18.1.2"
    }
...

The JSON output does scale values differently since there is no good
way to indicate units. The rtt values are displayed in seconds in
JSON and microseconds in the original (non JSON) mode. In the example
above the output in without the -j flag, the output would be
 ... rtt 39176us rttvar 39176us

I did this since all the other values in the JSON record are also in
floating point seconds.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotcp_metrics; make tables const
Stephen Hemminger [Tue, 6 Mar 2018 21:07:14 +0000 (13:07 -0800)]
tcp_metrics; make tables const

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipnetconf: add JSON support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:13 +0000 (13:07 -0800)]
ipnetconf: add JSON support

Basic JSON support for ip netconf command.
Also cleanup some checkpatch warnings about long lines.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipntable: add json support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:12 +0000 (13:07 -0800)]
ipntable: add json support

Add JSON (and limited color) to ip neighbor table parameter output.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoiprule: add json support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:11 +0000 (13:07 -0800)]
iprule: add json support

More JSON and colorizing.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipaddrlabel: add json support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:10 +0000 (13:07 -0800)]
ipaddrlabel: add json support

Add missing json and color support to addrlabel display

Example:
$ ip -j -p addrlabel
[ {
        "address": "::1",
        "prefixlen": 128,
        "label": 56
    },{
        "address": "::",
        "prefixlen": 96,
        "label": 56
    },{
...

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoipneigh: add color and json support
Stephen Hemminger [Tue, 6 Mar 2018 21:07:09 +0000 (13:07 -0800)]
ipneigh: add color and json support

Use json_print to provide json (and color) support to
ip neigh command.

Example:
$ ip -j -p neigh
[ {
        "dst": "192.168.1.29",
        "dev": "enp12s0",
        "state": [ "FAILED" ]
    },{
        "dst": "192.168.1.130",
        "dev": "enp12s0",
        "state": [ "FAILED" ]
    },{
        "dst": "192.168.1.131",
        "dev": "enp12s0",
        "lladdr": "00:15:5d:2a:16:4f",
        "state": [ "STALE" ]
    }
...

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agojson_writer: add SPDX Identifier (GPL-2/BSD-2)
Stephen Hemminger [Tue, 6 Mar 2018 22:39:19 +0000 (14:39 -0800)]
json_writer: add SPDX Identifier (GPL-2/BSD-2)

I wrote this code so put SPDX License on it and intentionally
allow use in BSD code.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agotc: added tc monitor description in man page
Roman Mashak [Mon, 5 Mar 2018 16:36:16 +0000 (11:36 -0500)]
tc: added tc monitor description in man page

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agotc: fix parsing of the control action
Davide Caratti [Fri, 2 Mar 2018 18:36:16 +0000 (19:36 +0100)]
tc: fix parsing of the control action

If the user didn't specify any control action, don't pop the command line
arguments: otherwise, parsing of the next argument (tipically the 'index'
keyword) results in an error, causing the following 'tc-testing' failures:

 Test a6d6: Add skbedit action with index
 Test 38f3: Delete skbedit action
 Test a568: Add action with ife type
 Test b983: Add action without ife type
 Test 7d50: Add skbmod action to set destination mac
 Test 9b29: Add skbmod action to set source mac
 Test e93a: Delete an skbmod action

Also, add missing parse for 'ok' control action to m_police, to fix the
following 'tc-testing' failure:

 Test 8dd5: Add police action with control ok

tested with:
 # ./tdc.py

test results:
 all tests ok using kernel 4.16-rc2, except 9aa8 "Get a single skbmod
 action from a list" (which is failing also before this commit)

Fixes: 3572e01a090a ("tc: util: Don't call NEXT_ARG_FWD() in __parse_action_control()")
Cc: Michal Privoznik <mprivozn@redhat.com>
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoss: fix NULL dereference when rendering without header
Jean-Philippe Brucker [Sat, 3 Mar 2018 16:59:44 +0000 (16:59 +0000)]
ss: fix NULL dereference when rendering without header

When ss is invoked with the no-header flag, if the query doesn't return
any result, render() is called with 'buffer' uninitialized. This
currently leads to a segfault. Ensure that buffer is initialized before
rendering.

The bug can be triggered with: ss -H sport = 100000

Signed-off-by: Jean-Philippe Brucker <jphilippe.brucker@gmail.com>
Acked-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agolibnetlink: __rtnl_talk_iov should only loop max iovlen times
David Ahern [Thu, 1 Mar 2018 22:43:08 +0000 (14:43 -0800)]
libnetlink: __rtnl_talk_iov should only loop max iovlen times

William reported ip hanging and bisected to a recent commit for batching
allowing more than 1 command to be sent per message. The loop over
recvmsg should never cycle more than iovlen times -- 1 response for
each command in the message.

Fixes: 72a2ff3916e5 ("lib/libnetlink: Add a new function rtnl_talk_iov")
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip-link: Fix use after free in nl_get_ll_addr_len()
Phil Sutter [Thu, 1 Mar 2018 09:35:12 +0000 (10:35 +0100)]
ip-link: Fix use after free in nl_get_ll_addr_len()

Immediately after freeing the buffer returned from rtnl_talk(), it is
accessed again via pointer in struct rtattr array. This leads to some
builds not allowing to set an interface's MAC address because the
expected length value is garbage.

Fixes: 86bf43c7c2fdc ("lib/libnetlink: update rtnl_talk to support malloc buff at run time")
Signed-off-by: Phil Sutter <phil@nwl.cc>
6 years agobpf: Print section name when hitting non ld64 issue
Joe Stringer [Wed, 28 Feb 2018 22:16:42 +0000 (14:16 -0800)]
bpf: Print section name when hitting non ld64 issue

It's useful to be able to tell which section is being processed in the
ELF when this error is triggered, so print that detail.

Signed-off-by: Joe Stringer <joe@wand.net.nz>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoMerge branch 'ip-rule-proto' into iproute2-next
David Ahern [Thu, 1 Mar 2018 03:45:56 +0000 (19:45 -0800)]
Merge branch 'ip-rule-proto' into iproute2-next

Donald Sharp  says:

====================

Fix iprule.c to use the actual `struct fib_rule_hdr` and to
allow the end user to see and use the protocol keyword
for rule manipulation.

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip: Allow rules to accept a specified protocol
Donald Sharp [Wed, 28 Feb 2018 23:44:00 +0000 (18:44 -0500)]
ip: Allow rules to accept a specified protocol

Allow the specification of a protocol when the user
adds/modifies/deletes a rule.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip: Display ip rule protocol used
Donald Sharp [Wed, 28 Feb 2018 23:43:59 +0000 (18:43 -0500)]
ip: Display ip rule protocol used

Modify 'ip rule' command to notice when the kernel passes
to us the originating protocol.

Add code to allow the `ip rule flush protocol XXX`
command to be accepted and properly handled.

Modify the documentation to reflect these code changes.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip: Use the `struct fib_rule_hdr` for rules
Donald Sharp [Wed, 28 Feb 2018 23:43:58 +0000 (18:43 -0500)]
ip: Use the `struct fib_rule_hdr` for rules

The iprule.c code was using `struct rtmsg` as the data
type to pass into the kernel for the netlink message.
While 'struct rtmsg' and `struct fib_rule_hdr` are
the same size and mostly the same, we should use
the correct data structure.  This commit translates
the data structures to have iprule.c use the correct
one.

Additionally copy over the modified fib_rules.h file

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agodevlink: Fix error reporting
Arkadi Sharshevsky [Wed, 28 Feb 2018 09:24:22 +0000 (11:24 +0200)]
devlink: Fix error reporting

The current code doesn't set errno in case of extended ack.

Fixes: 049c58539f5d ("devlink: mnlg: Add support for extended ack")
Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoMerge branch 'tc-ipt-ematch' into iproute2-next
David Ahern [Tue, 27 Feb 2018 17:44:33 +0000 (09:44 -0800)]
Merge branch 'tc-ipt-ematch' into iproute2-next

Eyal Birger  says:

====================

This patchset extends tc to support the ipt ematch.

The first patch adds the ability for ematch cmdline parsers
to receive argc,argv parameters.
The second patch adds the em_ipt module.

====================

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: add em_ipt ematch for calling xtables matches from tc matching context
Eyal Birger [Fri, 23 Feb 2018 11:12:25 +0000 (13:12 +0200)]
tc: add em_ipt ematch for calling xtables matches from tc matching context

The commit calls a new tc ematch for using netfilter xtable matches.

This allows early classification as well as mirroning/redirecting traffic
based on logic implemented in netfilter extensions.

Current supported use case is classification based on the incoming IPSec
state used during decpsulation using the 'policy' iptables extension
(xt_policy).

The matcher uses libxtables for parsing the input parameters.

Example use for matching an IPSec state with reqid 1:

tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: \
    basic match 'ipt(-m policy --dir in --pol ipsec --reqid 1)' \
    action drop

This is the user-space counter part of kernel commit ccc007e4a746
("net: sched: add em_ipt ematch for calling xtables matches")

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agotc: ematch: add parse_eopt_argv() method for providing ematches with argv parameters
Eyal Birger [Fri, 23 Feb 2018 11:12:24 +0000 (13:12 +0200)]
tc: ematch: add parse_eopt_argv() method for providing ematches with argv parameters

ematche uses YACC to parse ematch arguments and places them in struct bstr
linked lists.

It is useful to be able to receive parameters as argc,argv in order to use
getopt (and alike) argument parsers.

Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoImport tc_em_ipt.h from kernel at commit 08009a760213
David Ahern [Tue, 27 Feb 2018 17:42:23 +0000 (09:42 -0800)]
Import tc_em_ipt.h from kernel at commit 08009a760213

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoUpdate kernel headers to 08009a760213
David Ahern [Mon, 26 Feb 2018 21:24:38 +0000 (13:24 -0800)]
Update kernel headers to 08009a760213

Update kernel headers to commit 08009a760213
("net: make kmem caches as __ro_after_init")

Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip link: add json support for tun attributes
Sabrina Dubroca [Mon, 26 Feb 2018 10:36:15 +0000 (11:36 +0100)]
ip link: add json support for tun attributes

Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: 118eda77d660 ("ip link: add support to display extended tun attributes")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip: link_gre6.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag
Petr Machata [Wed, 21 Feb 2018 11:18:37 +0000 (12:18 +0100)]
ip: link_gre6.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag

For IP-in-IP tunnels, one can specify the [no]allow-localremote command
when configuring a device. Under the hood, this flips the
IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on the netdevice. However, ip6gretap
and ip6erspan devices, where the flag is also relevant, are not IP-in-IP
tunnels, and thus there's no way to configure the flag on these
netdevices. Therefore introduce the command to link_gre6 as well.

The original support was introduced in commit 21440d19d957
("ip: link_ip6tnl.c/ip6tunnel.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag")

Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
6 years agoip: Properly display AF_BRIDGE address information for neighbor events
Donald Sharp [Fri, 23 Feb 2018 19:10:09 +0000 (14:10 -0500)]
ip: Properly display AF_BRIDGE address information for neighbor events

The vxlan driver when a neighbor add/delete event occurs sends
NDA_DST filled with a union:

union vxlan_addr {
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
struct sockaddr sa;
};

This eventually calls rt_addr_n2a_r which had no handler for the
AF_BRIDGE family and "???" was being printed.

Add code to properly display this data when requested.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agordma: Avoid memory leak for skipper resource
Leon Romanovsky [Tue, 20 Feb 2018 12:47:18 +0000 (14:47 +0200)]
rdma: Avoid memory leak for skipper resource

The call to get_task_name() allocates memory which is not freed
in case of skipping the object.

Fixes: 8ecac46a60ff ("rdma: Add QP resource tracking information")
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: Update man pages and add resource man
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:22 +0000 (10:55 +0200)]
devlink: Update man pages and add resource man

Add resource man, and update dev manual for reload command.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: Add support for resource/dpipe relation
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:21 +0000 (10:55 +0200)]
devlink: Add support for resource/dpipe relation

Dpipe - Each dpipe table can have one resource which is mapped to it.
The resource is presented via its full path. Furthermore, the number
of units consumed by single table entry is presented.

Resource - Each resource presents the dpipe tables that use it.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: Move dpipe context from heap to stack
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:20 +0000 (10:55 +0200)]
devlink: Move dpipe context from heap to stack

Move dpipe context to stack instead of dynamically.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: Add support for hot reload
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:19 +0000 (10:55 +0200)]
devlink: Add support for hot reload

Add support for hot reload. It should be used in order for resource
updates to take place.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: Add support for devlink resource abstraction
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:18 +0000 (10:55 +0200)]
devlink: Add support for devlink resource abstraction

Add support for devlink resource abstraction. The resources are
represented by a tree based structure and are identified by a name and
a size. Some resources can present their real time occupancy.

First the resources exposed by the driver can be observed, for example:

$devlink resource show pci/0000:03:00.0
pci/0000:03:00.0:
  name kvd size 245760 unit entry
    resources:
      name linear size 98304 occ 0 unit entry size_min 0 size_max 147456 size_gran 128
      name hash_double size 60416 unit entry size_min 32768 size_max 180224 size_gran 128
      name hash_single size 87040 unit entry size_min 65536 size_max 212992 size_gran 128

Some resource's size can be changed. Examples:

$devlink resource set pci/0000:03:00.0 path /kvd/hash_single size 73088
$devlink resource set pci/0000:03:00.0 path /kvd/hash_double size 74368

The changes do not apply immediately, this can be validate by the 'size_new'
attribute, which represents the pending changed size. For example

$devlink resource show pci/0000:03:00.0
pci/0000:03:00.0:
  name kvd size 245760 unit entry size_valid false
  resources:
    name linear size 98304 size_new 147456 occ 0 unit entry size_min 0 size_max 147456 size_gran 128
    name hash_double size 60416 unit entry size_min 32768 size_max 180224 size_gran 128
    name hash_single size 87040 unit entry size_min 65536 size_max 212992 size_gran 128

In case of a pending change the nested resources present an indication
for a valid configuration of its children (sum of its children sizes
doesn't exceed the parent's size).

In order for the changes to take place hot reload is needed. The hot
reload through devlink will be introduced in the following patch.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: mnlg: Add support for extended ack
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:17 +0000 (10:55 +0200)]
devlink: mnlg: Add support for extended ack

Add support for extended ack.

Signed-off-by: Arkadi Sharshevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agodevlink: Change empty line indication with indentations
Arkadi Sharshevsky [Wed, 14 Feb 2018 08:55:16 +0000 (10:55 +0200)]
devlink: Change empty line indication with indentations

Currently multi-line objects are separated by new-lines. This patch
changes this behavior by using indentations for separation.

Signed-off-by: Arkadi Sharhsevsky <arkadis@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoss: prepare rth when killing inet sock
Masatake YAMATO [Thu, 15 Feb 2018 19:11:20 +0000 (04:11 +0900)]
ss: prepare rth when killing inet sock

kill_inet_sock() expects rhn_handle instance is passed
via inet_diag_arg argument. However on the following calling path:

    generic_show_sock
    => show_one_inet_sock
       => kill_inet_sock

rth field of inet_diag_arg is not filled with the address of
rhn_handle instance. As the result ss crashes.

This commit fills the field with newly created rhn_handle
instance.

Changes in v2:
Instead of creating rtn_handle instances for each socket, create
one in upper layer and reuse it.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agoREADME: re-add updated information link
Quentin Monnet [Thu, 22 Feb 2018 03:22:14 +0000 (19:22 -0800)]
README: re-add updated information link

The "Information" link was removed from README file in commit
d7843207e6fd ("README: update location of git repositories, remove
broken info link"), because it redirected to a page that no longer
existed on the Linux Foundation wiki.

This page has just been restored, so we can add the link back again.
Since the previous link was a redirection, use the updated link instead.

Thanks to Luca Boccassi for investigating this issue, restoring and
updating the page.

Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
6 years agocolor: disable color when json output is requested
Vincent Bernat [Tue, 20 Feb 2018 23:28:04 +0000 (00:28 +0100)]
color: disable color when json output is requested

Instead of declaring -color and -json exclusive, ignore -color when
-json is provided. The rationale is to allow to put -color in an alias
for ip while still being able to use -json. -color is merely a
presentation suggestion and we can assume there is nothing to color in
the JSON output.

Signed-off-by: Vincent Bernat <vincent@bernat.im>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agotc: fix an off-by-one error while printing tc actions
Adam Vyskovsky [Sun, 18 Feb 2018 19:50:10 +0000 (20:50 +0100)]
tc: fix an off-by-one error while printing tc actions

The tc_print_action() function did not print all tc actions
when e.g. TCA_ACT_MAX_PRIO actions were defined for a single
tc filter.

Signed-off-by: Adam Vyskovsky <adamvyskovsky@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agobridge: Prevent a double space in bridge mdb show
Timothy Redaelli [Mon, 19 Feb 2018 16:13:06 +0000 (17:13 +0100)]
bridge: Prevent a double space in bridge mdb show

Prevent a double space in "bridge mdb show" when the MDB entry is not
marked as "offload".

Signed-off-by: Timothy Redaelli <tredaelli@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
6 years agolib/namespace: don't try to mount rw /sys over a ro one
Lubomir Rintel [Mon, 12 Feb 2018 19:23:12 +0000 (20:23 +0100)]
lib/namespace: don't try to mount rw /sys over a ro one

It will fail with EPERM on Linux 4.15.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>