]> git.proxmox.com Git - mirror_iproute2.git/log
mirror_iproute2.git
7 years agoupdate kernel headers from net-next
Stephen Hemminger [Mon, 30 Jan 2017 04:31:31 +0000 (20:31 -0800)]
update kernel headers from net-next

7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Mon, 30 Jan 2017 04:30:05 +0000 (20:30 -0800)]
Merge branch 'master' into net-next

7 years agotc: distinguish Add/Replace action operations.
Roman Mashak [Sun, 22 Jan 2017 13:55:33 +0000 (08:55 -0500)]
tc: distinguish Add/Replace action operations.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Phil Sutter <phil@nwl.cc>
7 years agoman: tc-csum.8: Fix example
Phil Sutter [Sat, 28 Jan 2017 11:59:10 +0000 (12:59 +0100)]
man: tc-csum.8: Fix example

This fixes two issues with the provided example:

- Add missing 'dev' keyword to second command.
- Use a real IPv4 address instead of a bogus hex value since that will
  be rejected by get_addr_ipv4().

Fixes: dbfb17a67f9c7 ("man: tc-csum.8: Add an example")
Reported-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
7 years agof_flower: don't set TCA_FLOWER_KEY_ETH_TYPE for "protocol all"
Benjamin LaHaise [Fri, 20 Jan 2017 19:07:38 +0000 (14:07 -0500)]
f_flower: don't set TCA_FLOWER_KEY_ETH_TYPE for "protocol all"

v2 - update to address changes in 00697ca19ae3e1118f2af82c3b41ac4335fe918b.

When using the tc flower filter, rules marked with "protocol all" do not
actually match all packets.  This is due to a bug in f_flower.c that passes
in ETH_P_ALL in the TCA_FLOWER_KEY_ETH_TYPE attribute when adding a rule.
Fix this by omitting TCA_FLOWER_KEY_ETH_TYPE if the protocol is set to
ETH_P_ALL.

Fixes: 488b41d020fb ("tc: flower no need to specify the ethertype")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Benjamin LaHaise <benjamin.lahaise@netronome.com>
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Reviewed-by: Roi Dayan <roid@mellanox.com>
7 years agotc: flower: Refactor matching flags to be more user friendly
Paul Blakey [Fri, 20 Jan 2017 18:36:45 +0000 (10:36 -0800)]
tc: flower: Refactor matching flags to be more user friendly

Instead of "magic numbers" we can now specify each flag
by name. Prefix of "no"  (e.g nofrag) unsets the flag,
otherwise it wil be set.

Example:
    # add a flower filter that will drop fragmented packets
    tc filter add dev ens4f0 protocol ip parent ffff: \
            flower \
            src_mac e4:1d:2d:fd:8b:01 \
            dst_mac e4:1d:2d:fd:8b:02 \
            indev ens4f0 \
            ip_flags frag \
    action drop

    # add a flower filter that will drop non-fragmented packets
    tc filter add dev ens4f0 protocol ip parent ffff: \
            flower \
            src_mac e4:1d:2d:fd:8b:01 \
            dst_mac e4:1d:2d:fd:8b:02 \
            indev ens4f0 \
            ip_flags nofrag \
    action drop

Fixes: 22a8f019891c ('tc: flower: support matching flags')
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoiplink: bridge_slave: add support for IFLA_BRPORT_FLUSH
Hangbin Liu [Wed, 18 Jan 2017 06:36:45 +0000 (14:36 +0800)]
iplink: bridge_slave: add support for IFLA_BRPORT_FLUSH

This patch implements support for the IFLA_BRPORT_FLUSH attribute
in iproute2 so it can flush bridge slave's fdb dynamic entries.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
7 years agoiplink: bridge: add support for IFLA_BR_MCAST_MLD_VERSION
Hangbin Liu [Wed, 18 Jan 2017 06:12:51 +0000 (14:12 +0800)]
iplink: bridge: add support for IFLA_BR_MCAST_MLD_VERSION

This patch implements support for the IFLA_BR_MCAST_MLD_VERSION
attribute in iproute2 so it can change the mcast mld version.

Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
7 years agoiplink: bridge: add support for IFLA_BR_MCAST_IGMP_VERSION
Hangbin Liu [Wed, 18 Jan 2017 06:12:50 +0000 (14:12 +0800)]
iplink: bridge: add support for IFLA_BR_MCAST_IGMP_VERSION

This patch implements support for the IFLA_BR_MCAST_IGMP_VERSION
attribute in iproute2 so it can change the mcast igmp version.

Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
7 years agoiplink: bridge: add support for IFLA_BR_MCAST_STATS_ENABLED
Hangbin Liu [Wed, 18 Jan 2017 06:12:49 +0000 (14:12 +0800)]
iplink: bridge: add support for IFLA_BR_MCAST_STATS_ENABLED

This patch implements support for the IFLA_BR_MCAST_STATS_ENABLED
attribute in iproute2 so it can enable/disable mcast stats accounting.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
7 years agoiplink: bridge: add support for IFLA_BR_VLAN_STATS_ENABLED
Hangbin Liu [Wed, 18 Jan 2017 06:12:48 +0000 (14:12 +0800)]
iplink: bridge: add support for IFLA_BR_VLAN_STATS_ENABLED

This patch implements support for the IFLA_BR_VLAN_STATS_ENABLED
attribute in iproute2 so it can enable/disable vlan stats accounting.

Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
7 years agoiplink: bridge: add support for IFLA_BR_FDB_FLUSH
Hangbin Liu [Wed, 18 Jan 2017 06:12:47 +0000 (14:12 +0800)]
iplink: bridge: add support for IFLA_BR_FDB_FLUSH

This patch implements support for the IFLA_BR_FDB_FLUSH attribute
in iproute2 so it can flush bridge fdb dynamic entries.

Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
7 years agoipmroute: add support for RTNH_F_UNRESOLVED
Nikolay Aleksandrov [Fri, 20 Jan 2017 14:15:21 +0000 (15:15 +0100)]
ipmroute: add support for RTNH_F_UNRESOLVED

This patch adds a new field that is printed in the end of the line which
denotes the real entry state. Before this patch an entry's IIF could
disappear and it would look like an unresolved one (iif = unresolved):
(3.0.16.1, 225.11.16.1)          Iif: unresolved

with no way to really distinguish it from an unresolved entry.
After the patch if the dumped entry has RTNH_F_UNRESOLVED set we get:
(3.0.16.1, 225.11.16.1)          Iif: unresolved  State: unresolved

for unresolved entries and:
(0.0.0.0, 225.11.11.11)          Iif: eth4       Oifs: eth3  State: resolved

for resolved entries after the OIF list. Note that "State:" has ':' in
it so it cannot be mistaken for an interface name.

And for the example above, we'd get:
(0.0.0.0, 225.11.11.11)          Iif: unresolved     State: resolved

Also when dumping all routes via ip route show table all,
 it will show up as:
multicast 225.11.16.1/32 from 3.0.16.1/32 table default proto 17 unresolved

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoip route: error out on multiple via without nexthop keyword
David Ahern [Thu, 19 Jan 2017 17:08:21 +0000 (09:08 -0800)]
ip route: error out on multiple via without nexthop keyword

To specify multiple nexthops in a route the user is expected to use the
"nexthop" keyword which ip route uses to create the RTA_MULTIPATH.
However, ip route always accepts multiple 'via' keywords where only the
last one is used in the route leading to confusion. For example, ip
accepts this syntax:
    $ ip ro add vrf red  1.1.1.0/24 via 10.100.1.18 via 10.100.2.18

but the route entered inserted by the kernel is just the last gateway:
    1.1.1.0/24 via 10.100.2.18 dev eth2

which is not the full request from the user. Detect the presense of
multiple 'via' and give the user a hint to add nexthop:

    $ ip ro add vrf red  1.1.1.0/24 via 10.100.1.18 via 10.100.2.18
    Error: argument "via" is wrong: use nexthop syntax to specify multiple via

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agotc: m_csum: add support for SCTP checksum
Davide Caratti [Fri, 20 Jan 2017 10:10:10 +0000 (11:10 +0100)]
tc: m_csum: add support for SCTP checksum

'sctp' parameter can now be used as 'csum' target to enable CRC32c
computation on SCTP packets.

Signed-off-by: Davide Caratti <dcaratti@redhat.com>
7 years agoupdate kernel headers from 4.10 net-next
Stephen Hemminger [Fri, 20 Jan 2017 17:28:36 +0000 (09:28 -0800)]
update kernel headers from 4.10 net-next

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Fri, 20 Jan 2017 17:27:57 +0000 (09:27 -0800)]
Merge branch 'master' into net-next

7 years agotc: flower: Fix incorrect error msg about eth type
Roi Dayan [Thu, 19 Jan 2017 12:31:20 +0000 (14:31 +0200)]
tc: flower: Fix incorrect error msg about eth type

addattr16 may return an error about the nl msg size
but not about incorrect eth type.

Fixes: 488b41d020fb ("tc: flower no need to specify the ethertype")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
7 years agotc: flower: Add missing err check when parsing flower options
Roi Dayan [Thu, 19 Jan 2017 12:31:19 +0000 (14:31 +0200)]
tc: flower: Add missing err check when parsing flower options

addattr32 may return an error.

Fixes: cfcabf18d84a ("tc: flower: Add skip_{hw|sw} support")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Paul Blakey <paulb@mellanox.com>
7 years agoupdate kernel headers (from 4.10-rc4)
Stephen Hemminger [Fri, 20 Jan 2017 17:26:27 +0000 (09:26 -0800)]
update kernel headers (from 4.10-rc4)

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoip/xfrm: Fix deleteall when having many policies installed
Alexander Heinlein [Mon, 16 Jan 2017 13:48:25 +0000 (14:48 +0100)]
ip/xfrm: Fix deleteall when having many policies installed

Fix "Policy buffer overflow" when trying to use deleteall with many
policies installed.

Signed-off-by: Alexander Heinlein <alexander.heinlein@secunet.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoRevert "man pages: add man page for skbmod action"
Jiri Benc [Wed, 18 Jan 2017 12:37:25 +0000 (13:37 +0100)]
Revert "man pages: add man page for skbmod action"

This reverts commit a40995d1c79e5a1b8711f6cd26eca9807fc4dd50.

The patch is missing the actual tc-skbmod.8 file which causes 'make
install' to fail:

install -m 0755 -d /tmp/ip/usr/share/man/man8
install -m 0644 ip-address.8 ip-link.8 ip-route.8 ip.8 arpd.8 lnstat.8
routel.8 rtacct.8 rtmon.8 rtpr.8 ss.8 tc.8 tc-bfifo.8 tc-bpf.8 tc-cbq.8
tc-cbq-details.8 tc-choke.8 tc-codel.8 tc-fq.8 tc-drr.8 tc-ematch.8
tc-fq_codel.8 tc-hfsc.8 tc-htb.8 tc-pie.8 tc-mqprio.8 tc-netem.8 tc-pfifo.8
tc-pfifo_fast.8 tc-prio.8 tc-red.8 tc-sfb.8 tc-sfq.8 tc-stab.8 tc-tbf.8
bridge.8 rtstat.8 ctstat.8 nstat.8 routef.8 ip-addrlabel.8 ip-fou.8 ip-gue.8
ip-l2tp.8 ip-macsec.8 ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8
ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 ip-tcp_metrics.8
ip-netconf.8 ip-token.8 tipc.8 tipc-bearer.8 tipc-link.8 tipc-media.8
tipc-nametable.8 tipc-node.8 tipc-socket.8 tc-basic.8 tc-cgroup.8 tc-flow.8
tc-flower.8 tc-fw.8 tc-route.8 tc-tcindex.8 tc-u32.8 tc-matchall.8
tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8
tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8  tc-ife.8 tc-skbmod.8
tc-tunnel_key.8 devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8
devlink-sb.8 /tmp/ip/usr/share/man/man8
install: cannot stat ‘tc-skbmod.8’: No such file or directory
make[2]: *** [install] Error 1
make[1]: *** [install] Error 2

Signed-off-by: Jiri Benc <jbenc@redhat.com>
7 years agotc: flower: Fix flower output for src and dst ports
Roi Dayan [Sun, 15 Jan 2017 14:23:49 +0000 (16:23 +0200)]
tc: flower: Fix flower output for src and dst ports

This fix a missing use case after the introduction of enum flower_endpoint.

Fixes: 6910d65661a3 ("tc: flower: introduce enum flower_endpoint")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Paul Blakey <paulb@mellanox.com>
7 years agoutils: make hex2mem available to all users
Jamal Hadi Salim [Sat, 14 Jan 2017 22:04:43 +0000 (17:04 -0500)]
utils: make hex2mem available to all users

hex2mem() api is useful for parsing hexstrings which are then packed in
a stream of chars.

Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
7 years agoip: fix igmp parsing when iface is long
Petr Vorel [Mon, 16 Jan 2017 23:25:50 +0000 (00:25 +0100)]
ip: fix igmp parsing when iface is long

Entries with long vhost names in /proc/net/igmp have no whitespace
between name and colon, so sscanf() adds it to vhost and
'ip maddr show iface' doesn't include inet result.

Signed-off-by: Petr Vorel <pvorel@suse.cz>
7 years agotc: m_xt: Drop needless parentheses from #if checks
Phil Sutter [Fri, 13 Jan 2017 12:06:19 +0000 (13:06 +0100)]
tc: m_xt: Drop needless parentheses from #if checks

Signed-off-by: Phil Sutter <phil@nwl.cc>
7 years agoinclude: remove unused header
Stephen Hemminger [Fri, 13 Jan 2017 22:11:12 +0000 (14:11 -0800)]
include: remove unused header

not used by any source here

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoadd more uapi header files
Stephen Hemminger [Fri, 13 Jan 2017 01:54:39 +0000 (17:54 -0800)]
add more uapi header files

In order to ensure no backward/forward compatiablity problems,
make sure that all kernel headers used come from the local copy.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agotc: flower: Support matching ARP
Simon Horman [Thu, 12 Jan 2017 08:11:59 +0000 (09:11 +0100)]
tc: flower: Support matching ARP

Support matching on ARP operation, and hardware and protocol addresses
for Ethernet hardware and IPv4 protocol addresses.

Example usage:

tc qdisc add dev eth0 ingress

tc filter add dev eth0 protocol arp parent ffff: flower indev eth0 \                    arp_op request arp_sip 10.0.0.1 action drop
tc filter add dev eth0 protocol rarp parent ffff: flower indev eth0 \                   arp_op reply arp_tha 52:54:3f:00:00:00/24 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agokernel headers update
Stephen Hemminger [Fri, 13 Jan 2017 01:45:30 +0000 (17:45 -0800)]
kernel headers update

For flower, etc.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Fri, 13 Jan 2017 01:44:44 +0000 (17:44 -0800)]
Merge branch 'master' into net-next

7 years agotc: ife: correct spelling of prio in example
Simon Horman [Wed, 11 Jan 2017 13:10:16 +0000 (14:10 +0100)]
tc: ife: correct spelling of prio in example

Correct typo in example in ife man page.

Fixes: 06f9a59170c0 ("man: tc-ife.8: man page for ife action")
Cc: Lucas Bates <lucasb@mojatatu.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agobridge: fdb: add state filter support
Nikolay Aleksandrov [Thu, 12 Jan 2017 16:47:39 +0000 (17:47 +0100)]
bridge: fdb: add state filter support

This patch adds a new argument to the bridge fdb show command that allows
to filter by entry state.
Also update the man page to include all available show arguments.

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
7 years agorttable: Fix invalid range checking when table id is converted to u32
David Ahern [Tue, 10 Jan 2017 23:33:55 +0000 (15:33 -0800)]
rttable: Fix invalid range checking when table id is converted to u32

Frank reported that table ids for very large numbers are not properly
detected:
$ ip li add foobar type vrf table 98765432100123456789

command succeeds and resulting table id is actually:

21: foobar: <NOARP,MASTER> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether da:ea:d4:77:38:2a brd ff:ff:ff:ff:ff:ff promiscuity 0
    vrf table 4294967295 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

Make the temp variable 'i' unsigned long and let the typecast to u32
happen on assignment to id.

Reported-by: Frank Kellermann <frank.kellermann@atos.net>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip6tunnel: Align ipv6 tunnel key display with ipv4
David Forster [Tue, 10 Jan 2017 10:45:54 +0000 (10:45 +0000)]
ip6tunnel: Align ipv6 tunnel key display with ipv4

Show ipv6 tunnel keys on presence of GRE_KEY flag for tunnel types
other than GRE. Aligns ipv6 behaviour with ipv4.

Signed-off-by: dforster@brocade.com
7 years agotc: m_xt: Fix segfault with iptables-1.6.0
Phil Sutter [Thu, 12 Jan 2017 14:22:49 +0000 (15:22 +0100)]
tc: m_xt: Fix segfault with iptables-1.6.0

Said iptables version introduced struct xtables_globals field
'compat_rev', a function pointer. Initializing it is mandatory as
libxtables calls it without existence check.

Without this, tc segfaults when using the xt action like so:

| tc filter add dev d0 parent ffff: u32 match u32 0 0 \
| action xt -j MARK --set-mark 20

Signed-off-by: Phil Sutter <phil@nwl.cc>
7 years agowhitespace cleanup
Stephen Hemminger [Fri, 13 Jan 2017 01:29:41 +0000 (17:29 -0800)]
whitespace cleanup

Get rid of blanks at end of line and extra lines at eof

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoAdd support for rt_protos.d
David Ahern [Mon, 9 Jan 2017 23:43:09 +0000 (15:43 -0800)]
Add support for rt_protos.d

Add support for reading proto id/name mappings from rt_protos.d
directory. Allows users to have custom protocol values converted
to human friendly names.

Each file under rt_protos.d has the 'id name' format used by
rt_protos. Only .conf files are read and parsed.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip vrf: Improve bpf error messages
David Ahern [Fri, 6 Jan 2017 00:22:23 +0000 (16:22 -0800)]
ip vrf: Improve bpf error messages

Next up a non-root user gets various bpf related error messages:

$ ip vrf exec mgmt bash
Failed to load BPF prog: 'Operation not permitted'
Kernel compiled with CGROUP_BPF enabled?

Catch the EPERM error and do not show the kernel config option.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip vrf: Improve cgroup2 error messages
David Ahern [Fri, 6 Jan 2017 00:22:22 +0000 (16:22 -0800)]
ip vrf: Improve cgroup2 error messages

Currently, if a non-root user attempts to run ip vrf exec a non-helpful
error is returned:

$ ip vrf exec mgmt bash
Failed to mount cgroup2. Are CGROUPS enabled in your kernel?

Only show the CGROUPS kernel hint for the ENODEV error and for the
rest show the strerror for the errno. So now:

$ ip/ip vrf exec mgmt bash
Failed to mount cgroup2: Operation not permitted

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip vrf: Fix run-on error message on mkdir failure
David Ahern [Fri, 6 Jan 2017 00:22:21 +0000 (16:22 -0800)]
ip vrf: Fix run-on error message on mkdir failure

Andy reported a missing newline if a non-root user attempts to run
'ip vrf exec':

$ ./ip/ip vrf exec default /bin/echo asdf
mkdir failed for /var/run/cgroup2: Permission deniedFailed to setup vrf cgroup2 directory

Reported-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agotc: flower: Update dest UDP port documentation
Simon Horman [Wed, 4 Jan 2017 11:02:18 +0000 (12:02 +0100)]
tc: flower: Update dest UDP port documentation

Since 41aa17ff4668 ("tc/cls_flower: Add dest UDP port to tunnel params")
tc flower supports setting the dest UDP port.

* Use "port_number" to be consistent with other man-page text
* Re-add "enc_dst_port" documentation to manpage which was
  accidently removed by b2a1f740aa4d ("tc: flower: document that *_ip
  parameters take a PREFIX as an argument.")

Cc: Hadar Hen Zion <hadarh@mellanox.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agominor kernel header update
Stephen Hemminger [Mon, 9 Jan 2017 20:09:26 +0000 (12:09 -0800)]
minor kernel header update

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Mon, 9 Jan 2017 20:08:34 +0000 (12:08 -0800)]
Merge branch 'master' into net-next

7 years agotc: make tc linking depend on libtc.a
David Michael [Tue, 3 Jan 2017 23:32:46 +0000 (15:32 -0800)]
tc: make tc linking depend on libtc.a

There was a race condition where the command to link the tc binary
could (rarely) run before the libtc.a archive existed.

7 years agotc: flower: support matching flags
Paul Blakey [Thu, 29 Dec 2016 18:42:08 +0000 (10:42 -0800)]
tc: flower: support matching flags

Enhance flower to support matching on flags.

The 1st flag allows to match on whether the packet is
an IP fragment.

Example:

# add a flower filter that will drop fragmented packets
# (bit 0 of control flags)
tc filter add dev ens4f0 protocol ip parent ffff: \
flower \
src_mac e4:1d:2d:fd:8b:01 \
dst_mac e4:1d:2d:fd:8b:02 \
indev ens4f0 \
matching_flags 0x1/0x1 \
action drop

Signed-off-by: Paul Blakey <paulb@mellanox.com>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Thu, 29 Dec 2016 18:31:44 +0000 (10:31 -0800)]
Merge branch 'master' into net-next

7 years agofix typo in ip-xfrm man page, rmd610 -> rmd160
Alexey Kodanev [Fri, 23 Dec 2016 11:03:16 +0000 (14:03 +0300)]
fix typo in ip-xfrm man page, rmd610 -> rmd160

Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com>
7 years agotc: add missing limits.h header
Baruch Siach [Thu, 22 Dec 2016 18:52:48 +0000 (20:52 +0200)]
tc: add missing limits.h header

This fixes under musl build issues like:

f_matchall.c: In function ‘matchall_parse_opt’:
f_matchall.c:48:12: error: ‘LONG_MIN’ undeclared (first use in this function)
   if (h == LONG_MIN || h == LONG_MAX) {
            ^
f_matchall.c:48:12: note: each undeclared identifier is reported only once for each function it appears in
f_matchall.c:48:29: error: ‘LONG_MAX’ undeclared (first use in this function)
   if (h == LONG_MIN || h == LONG_MAX) {
                             ^

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
7 years agotc/m_tunnel_key: Add to the usage encapsulation dest UDP port
Hadar Hen Zion [Thu, 22 Dec 2016 08:14:41 +0000 (10:14 +0200)]
tc/m_tunnel_key: Add to the usage encapsulation dest UDP port

tunnel key set parameters includes also dest UDP port, add it to the
usage.

Fixes: 449c709c3868 ("tc/m_tunnel_key: Add dest UDP port to tunnel key action")
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Reported-by: Simon Horman <simon.horman@netronome.com>
7 years agotc/cls_flower: Add to the usage encapsulation dest UDP port
Hadar Hen Zion [Thu, 22 Dec 2016 08:14:40 +0000 (10:14 +0200)]
tc/cls_flower: Add to the usage encapsulation dest UDP port

Encapsulation dest UDP port is part of the classifier matching
parameters, add it to the usage.

Fixes: 41aa17ff4668 ("tc/cls_flower: Add dest UDP port to tunnel params")
Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Reported-by: Simon Horman <simon.horman@netronome.com>
7 years agotc: flower: Allow *_mac options to accept a mask
Simon Horman [Fri, 16 Dec 2016 13:54:37 +0000 (14:54 +0100)]
tc: flower: Allow *_mac options to accept a mask

* The argument to src_mac and dst_mac may now take an optional mask
  to limit the scope of matching.
* This address is is documented as a LLADDR in keeping with ip-link(8).
* The formats accepted match those already output when dumping flower
  filters from the kernel.

Example of use of LLADDR with and without a mask:

tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \
src_mac 52:54:01:00:00:00/ff:ff:00:00:00:01 action drop
tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \
src_mac 52:54:00:00:00:00/23 action drop
tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \
src_mac 52:54:00:00:00:00 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agotc: flower: document that *_ip parameters take a PREFIX as an argument.
Simon Horman [Fri, 16 Dec 2016 13:54:36 +0000 (14:54 +0100)]
tc: flower: document that *_ip parameters take a PREFIX as an argument.

* The argument to src_ip, dst_ip, enc_src_ip and enc_dst_ip take an
  optional prefix length which is used to provide a mask to limit the scope
  of matching.
* This is documented as a PREFIX in keeping with ip-route(8).

Example of uses of IPv4 and IPv6 prefixes

tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: flower \
    indev eth0 dst_ip 192.168.1.1 action drop
tc filter add dev eth0 protocol ip parent ffff: flower \
    indev eth0 src_ip 10.0.0.0/8 action drop
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
    indev eth0 src_ip 2001:DB8:1::/48 action drop
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
    indev eth0 dst_ip 2001:DB8::1 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agoRevert "tc: flower: Allow *_mac options to accept a mask"
Stephen Hemminger [Thu, 22 Dec 2016 00:06:49 +0000 (16:06 -0800)]
Revert "tc: flower: Allow *_mac options to accept a mask"

This reverts commit 0390185078dedd551028fba58d53ef303ab57a2f.

7 years agoRevert "tc: flower: document that *_ip parameters take a PREFIX as an argument."
Stephen Hemminger [Thu, 22 Dec 2016 00:06:35 +0000 (16:06 -0800)]
Revert "tc: flower: document that *_ip parameters take a PREFIX as an argument."

This reverts commit a8a1dccd2af957077aa9d975db979c39d571bb6c.

7 years agoupdate kernel headers
Stephen Hemminger [Wed, 21 Dec 2016 23:58:49 +0000 (15:58 -0800)]
update kernel headers

7 years agotc: updated man page to reflect filter-id use in filter GET command.
Roman Mashak [Sun, 18 Dec 2016 17:25:37 +0000 (12:25 -0500)]
tc: updated man page to reflect filter-id use in filter GET command.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
7 years agotc: fixed man page fonts for keywords and variable values
Roman Mashak [Sun, 18 Dec 2016 17:25:12 +0000 (12:25 -0500)]
tc: fixed man page fonts for keywords and variable values

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
7 years agoip: vfinfo: remove code duplication for IFLA_VF_RSS_QUERY_EN
Julien Fortin [Fri, 16 Dec 2016 16:36:05 +0000 (17:36 +0100)]
ip: vfinfo: remove code duplication for IFLA_VF_RSS_QUERY_EN

Fixes: 4fb4a10e120b1 ("ipaddress: Print IFLA_VF_QUERY_RSS_EN setting”)
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Acked-by: Phil Sutter <phil@nwl.cc>
7 years agotc: flower: Allow *_mac options to accept a mask
Simon Horman [Fri, 16 Dec 2016 13:54:37 +0000 (14:54 +0100)]
tc: flower: Allow *_mac options to accept a mask

* The argument to src_mac and dst_mac may now take an optional mask
  to limit the scope of matching.
* This address is is documented as a LLADDR in keeping with ip-link(8).
* The formats accepted match those already output when dumping flower
  filters from the kernel.

Example of use of LLADDR with and without a mask:

tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \
src_mac 52:54:01:00:00:00/ff:ff:00:00:00:01 action drop
tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \
src_mac 52:54:00:00:00:00/23 action drop
tc filter add dev eth0 protocol ip parent ffff: flower indev eth0 \
src_mac 52:54:00:00:00:00 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agotc: flower: document that *_ip parameters take a PREFIX as an argument.
Simon Horman [Fri, 16 Dec 2016 13:54:36 +0000 (14:54 +0100)]
tc: flower: document that *_ip parameters take a PREFIX as an argument.

* The argument to src_ip, dst_ip, enc_src_ip and enc_dst_ip take an
  optional prefix length which is used to provide a mask to limit the scope
  of matching.
* This is documented as a PREFIX in keeping with ip-route(8).

Example of uses of IPv4 and IPv6 prefixes

tc qdisc add dev eth0 ingress
tc filter add dev eth0 protocol ip parent ffff: flower \
    indev eth0 dst_ip 192.168.1.1 action drop
tc filter add dev eth0 protocol ip parent ffff: flower \
    indev eth0 src_ip 10.0.0.0/8 action drop
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
    indev eth0 src_ip 2001:DB8:1::/48 action drop
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
    indev eth0 dst_ip 2001:DB8::1 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agoip netns: Reset vrf to default VRF on namespace switch
David Ahern [Thu, 15 Dec 2016 20:07:02 +0000 (12:07 -0800)]
ip netns: Reset vrf to default VRF on namespace switch

A vrf is local to a namespace. Drop any VRF association before trying
to exec a command in the new namespace.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip vrf: Fix reset to default VRF
David Ahern [Thu, 15 Dec 2016 20:07:01 +0000 (12:07 -0800)]
ip vrf: Fix reset to default VRF

Path in vrf_switch for "default" VRF is supposed to be MNT/vrf not
MNT/default. Also, default_vrf flag is redundant with ifindex. Remove
the flag in favor of ifindex != 0.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip vrf: Refactor ipvrf_identify
David Ahern [Thu, 15 Dec 2016 20:07:00 +0000 (12:07 -0800)]
ip vrf: Refactor ipvrf_identify

Split ipvrf_identify into arg processing and a function that does the
actual cgroup file parsing. The latter function is used in a follow
on patch.

In the process, convert the reading of the cgroups file to use fopen
and fgets just in case the file ever grows beyond 4k. Move printing
of any error message and the vrf name to the caller of the new
vrf_identify.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoip vrf: Move kernel config hint to prog_load failure
David Ahern [Thu, 15 Dec 2016 20:06:59 +0000 (12:06 -0800)]
ip vrf: Move kernel config hint to prog_load failure

Move the hint about CGROUP_BPF enabled to prog_load failure since
it fails before the attach. Update the existing error message to
print to stderr.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoconfigure: fix elftest when warnings enabled
Stephen Hemminger [Thu, 15 Dec 2016 03:09:55 +0000 (19:09 -0800)]
configure: fix elftest when warnings enabled

If compile testing with -W then elftest.c would fail because
of unused variables.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoFix compile warning in get_addr_1
David Ahern [Tue, 13 Dec 2016 23:34:32 +0000 (15:34 -0800)]
Fix compile warning in get_addr_1

A recent cleanup causes a compile warning on Debian jessie:

    CC       utils.o
utils.c: In function ‘get_addr_1’:
utils.c:486:21: warning: passing argument 1 of ‘ll_addr_a2n’ from incompatible pointer type
   len = ll_addr_a2n(&addr->data, sizeof(addr->data), name);
                     ^
In file included from utils.c:34:0:
../include/rt_names.h:27:5: note: expected ‘char *’ but argument is of type ‘__u32 (*)[8]’
 int ll_addr_a2n(char *lladdr, int len, const char *arg);
     ^

Revert the removal of the typecast

Fixes: e1933b928125 ("utils: cleanup style")
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agotc: pass correct conversion specifier to print 'unsigned int' action index.
Roman Mashak [Tue, 13 Dec 2016 20:31:16 +0000 (15:31 -0500)]
tc: pass correct conversion specifier to print 'unsigned int' action index.

Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
7 years agoipvrf: cleanup style issues
Stephen Hemminger [Tue, 13 Dec 2016 18:43:24 +0000 (10:43 -0800)]
ipvrf: cleanup style issues

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoutils: cleanup style
Stephen Hemminger [Tue, 13 Dec 2016 18:41:36 +0000 (10:41 -0800)]
utils: cleanup style

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agolibnetlink: break up dump function
Stephen Hemminger [Tue, 13 Dec 2016 18:40:49 +0000 (10:40 -0800)]
libnetlink: break up dump function

Indentation is deep here.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoIntroduce ip vrf command
David Ahern [Mon, 12 Dec 2016 00:53:15 +0000 (16:53 -0800)]
Introduce ip vrf command

'ip vrf' follows the user semnatics established by 'ip netns'.

The 'ip vrf' subcommand supports 3 usages:

1. Run a command against a given vrf:
       ip vrf exec NAME CMD

   Uses the recently committed cgroup/sock BPF option. vrf directory
   is added to cgroup2 mount. Individual vrfs are created under it. BPF
   filter attached to vrf/NAME cgroup2 to set sk_bound_dev_if to the VRF
   device index. From there the current process (ip's pid) is addded to
   the cgroups.proc file and the given command is exected. In doing so
   all AF_INET/AF_INET6 (ipv4/ipv6) sockets are automatically bound to
   the VRF domain.

   The association is inherited parent to child allowing the command to
   be a shell from which other commands are run relative to the VRF.

2. Show the VRF a process is bound to:
       ip vrf id
   This command essentially looks at /proc/pid/cgroup for a "::/vrf/"
   entry with the VRF name following.

3. Show process ids bound to a VRF
       ip vrf pids NAME
   This command dumps the file MNT/vrf/NAME/cgroup.procs since that file
   shows the process ids in the particular vrf cgroup.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agolibnetlink: Add variant of rtnl_talk that does not display RTNETLINK answers error
David Ahern [Mon, 12 Dec 2016 00:53:14 +0000 (16:53 -0800)]
libnetlink: Add variant of rtnl_talk that does not display RTNETLINK answers error

iplink_vrf has 2 functions used to validate a user given device name is
a VRF device and to return the table id. If the user string is not a
device name ip commands with a vrf keyword show a confusing error
message: "RTNETLINK answers: No such device".

Add a variant of rtnl_talk that does not display the "RTNETLINK answers"
message and update iplink_vrf to use it.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agochange name_is_vrf to return index
David Ahern [Mon, 12 Dec 2016 00:53:13 +0000 (16:53 -0800)]
change name_is_vrf to return index

index of 0 means name is not a valid vrf.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agoAdd filesystem APIs to lib
David Ahern [Mon, 12 Dec 2016 00:53:12 +0000 (16:53 -0800)]
Add filesystem APIs to lib

Add make_path to recursively call mkdir as needed to create a given
path with the given mode.

Add find_cgroup2_mount to lookup path where cgroup2 is mounted. If it
is not already mounted, cgroup2 is mounted under /var/run/cgroup2 for
use by iproute2.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agomove cmd_exec to lib utils
David Ahern [Mon, 12 Dec 2016 00:53:11 +0000 (16:53 -0800)]
move cmd_exec to lib utils

Code move only; no functional change intended.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agobpf: Add BPF_ macros
David Ahern [Mon, 12 Dec 2016 00:53:10 +0000 (16:53 -0800)]
bpf: Add BPF_ macros

Based on version in kernel repo, samples/bpf/libbpf.h

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
7 years agobpf: export bpf_prog_load
David Ahern [Mon, 12 Dec 2016 00:53:09 +0000 (16:53 -0800)]
bpf: export bpf_prog_load

Code move only; no functional change intended.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
7 years agolib bpf: Add support for BPF_PROG_ATTACH and BPF_PROG_DETACH
David Ahern [Mon, 12 Dec 2016 00:53:08 +0000 (16:53 -0800)]
lib bpf: Add support for BPF_PROG_ATTACH and BPF_PROG_DETACH

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
7 years agotc: tunnel_key: Add tc-tunnel_key man page to Makefile
Roi Dayan [Tue, 13 Dec 2016 12:39:02 +0000 (14:39 +0200)]
tc: tunnel_key: Add tc-tunnel_key man page to Makefile

To be installed with the other man pages.

Fixes: d57639a475a9 ("tc/act_tunnel: Introduce ip tunnel action")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Amir Vadai <amir@vadai.me>
7 years agotc: flower: Fix typo and style in flower man page
Roi Dayan [Tue, 13 Dec 2016 12:39:01 +0000 (14:39 +0200)]
tc: flower: Fix typo and style in flower man page

Replace vlan_eth_type with vlan_ethtype.

Fixes: 745d91726006 ("tc: flower: Introduce vlan support")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Hadar Hen Zion <hadarh@mellanox.com>
7 years agotc/m_tunnel_key: Add dest UDP port to tunnel key action
Hadar Hen Zion [Tue, 13 Dec 2016 08:07:47 +0000 (10:07 +0200)]
tc/m_tunnel_key: Add dest UDP port to tunnel key action

Enhance tunnel key action parameters by adding destination UDP port.

Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
7 years agotc/cls_flower: Add dest UDP port to tunnel params
Hadar Hen Zion [Tue, 13 Dec 2016 08:07:46 +0000 (10:07 +0200)]
tc/cls_flower: Add dest UDP port to tunnel params

Enhance IP tunnel parameters by adding destination UDP port.

Signed-off-by: Hadar Hen Zion <hadarh@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
7 years agolwtunnel: style cleanup
Stephen Hemminger [Mon, 12 Dec 2016 23:37:00 +0000 (15:37 -0800)]
lwtunnel: style cleanup

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agolwt: BPF support for LWT
Thomas Graf [Mon, 12 Dec 2016 00:14:35 +0000 (01:14 +0100)]
lwt: BPF support for LWT

Adds support to configure BPF programs as nexthop actions via the LWT
framework.

Example:
   ip route add 192.168.253.2/32 \
     encap bpf out obj lwt_len_hist_kern.o section len_hist \
     dev veth0

Signed-off-by: Thomas Graf <tgraf@suug.ch>
7 years agoupdate to net-next headers (pre 4.10 rc)
Stephen Hemminger [Mon, 12 Dec 2016 23:26:34 +0000 (15:26 -0800)]
update to net-next headers (pre 4.10 rc)

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Mon, 12 Dec 2016 23:24:40 +0000 (15:24 -0800)]
Merge branch 'master' into net-next

7 years agov4.9.0
Stephen Hemminger [Mon, 12 Dec 2016 23:07:42 +0000 (15:07 -0800)]
v4.9.0

7 years agoupdate to 4.9 release headers
Stephen Hemminger [Mon, 12 Dec 2016 23:05:59 +0000 (15:05 -0800)]
update to 4.9 release headers

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoMakefile: really suppress printing of directories
David Ahern [Wed, 7 Dec 2016 20:55:09 +0000 (12:55 -0800)]
Makefile: really suppress printing of directories

Makefile adds --no-print-directory to MAKEFLAGS if VERBOSE is not
defined however Config always defines VERBOSE. Update the check to
whether VERBOSE is 0.

Fixes: 57bdf8b76451 ("Make builds default to quiet mode")
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
7 years agotc: flower: support matching on ICMP type and code
Simon Horman [Wed, 7 Dec 2016 13:54:03 +0000 (14:54 +0100)]
tc: flower: support matching on ICMP type and code

Support matching on ICMP type and code.

Example usage:

tc qdisc add dev eth0 ingress

tc filter add dev eth0 protocol ip parent ffff: flower \
indev eth0 ip_proto icmp type 8 code 0 action drop

tc filter add dev eth0 protocol ipv6 parent ffff: flower \
indev eth0 ip_proto icmpv6 type 128 code 0 action drop

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agotc: flower: introduce enum flower_endpoint
Simon Horman [Wed, 7 Dec 2016 13:54:02 +0000 (14:54 +0100)]
tc: flower: introduce enum flower_endpoint

Introduce enum flower_endpoint and use it instead of a bool
as the type for paramatising source and destination.

This is intended to improve read-ability and provide some type
checking of endpoint parameters.

Signed-off-by: Simon Horman <simon.horman@netronome.com>
7 years agobpf: add initial support for attaching xdp progs
Daniel Borkmann [Tue, 6 Dec 2016 01:21:57 +0000 (02:21 +0100)]
bpf: add initial support for attaching xdp progs

Now that we made the BPF loader generic as a library, reuse it
for loading XDP programs as well. This basically adds a minimal
start of a facility for iproute2 to load XDP programs. There
currently only exists the xdp1_user.c sample code in the kernel
tree that sets up netlink directly and an iovisor/bcc front-end.

Since we have all the necessary infrastructure in place already
from tc side, we can just reuse its loader back-end and thus
facilitate migration and usability among the two for people
familiar with tc/bpf already. Sharing maps, performing tail calls,
etc works the same way as with tc. Naturally, once kernel
configuration API evolves, we will extend new features for XDP
here as well, resp. extend dumping of related netlink attributes.

Minimal example:

  clang -target bpf -O2 -Wall -c prog.c -o prog.o
  ip [-force] link set dev em1 xdp obj prog.o       # attaching
  ip [-d] link                                      # dumping
  ip link set dev em1 xdp off                       # detaching

For the dump, intention is that in the first line for each ip
link entry, we'll see "xdp" to indicate that this device has an
XDP program attached. Once we dump some more useful information
via netlink (digest, etc), idea is that 'ip -d link' will then
display additional relevant program information below the "link/
ether [...]" output line for such devices, for example.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
7 years agobpf: check for owner_prog_type and notify users when differ
Daniel Borkmann [Tue, 6 Dec 2016 01:17:58 +0000 (02:17 +0100)]
bpf: check for owner_prog_type and notify users when differ

Kernel commit 21116b7068b9 ("bpf: add owner_prog_type and accounted mem
to array map's fdinfo") added support for telling the owner prog type in
case of prog arrays. Give a notification to the user when they differ,
and the program eventually fails to load.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
7 years agobpf: Fix number of retries when growing log buffer
Thomas Graf [Wed, 7 Dec 2016 09:47:59 +0000 (10:47 +0100)]
bpf: Fix number of retries when growing log buffer

The log buffer is automatically grown when the verifier output does not
fit into the default buffer size. The number of growing attempts was
not sufficient to reach the maximum buffer size so far.

Perform 9 iterations to reach max and let the 10th one fail.

j:0     i:65536         max:16777215
j:1     i:131072        max:16777215
j:2     i:262144        max:16777215
j:3     i:524288        max:16777215
j:4     i:1048576       max:16777215
j:5     i:2097152       max:16777215
j:6     i:4194304       max:16777215
j:7     i:8388608       max:16777215
j:8     i:16777216      max:16777215

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
7 years agodevlink: Add option to set and show eswitch inline mode
Roi Dayan [Sun, 27 Nov 2016 11:21:03 +0000 (13:21 +0200)]
devlink: Add option to set and show eswitch inline mode

This is needed for some HWs to do proper macthing and steering.
Possible values are none, link, network, transport.

Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
7 years agodevlink: Add usage help for eswitch subcommand
Roi Dayan [Sun, 27 Nov 2016 11:21:02 +0000 (13:21 +0200)]
devlink: Add usage help for eswitch subcommand

Add missing usage help for devlink dev eswitch subcommand.

Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
7 years agoupdate kernel headers from net-next
Stephen Hemminger [Fri, 9 Dec 2016 20:39:39 +0000 (12:39 -0800)]
update kernel headers from net-next

Net-next now closed.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
7 years agoMerge branch 'master' into net-next
Stephen Hemminger [Fri, 9 Dec 2016 20:38:51 +0000 (12:38 -0800)]
Merge branch 'master' into net-next

7 years agoupdate kernel headers
Stephen Hemminger [Fri, 9 Dec 2016 20:38:35 +0000 (12:38 -0800)]
update kernel headers