Note that in ip-rule.8 I rephrased a sentence to "The RPDB is scanned
in order of decreasing priority." The original version talked about
*in*creasing priority, but from the context that didn't make sense.
Signed-off-by: Kees van Reeuwijk <reeuwijk@few.vu.nl>
On openSUSE 12.2 (at least) xtables.h is not installed in the system-wide
include dir but in /usr/include/iptables-1.4.16.3/. This results in the
following build failure:
em_ipset.c:26:21: fatal error: xtables.h: No such file or directory
Other includers of xtables.h already call out to pkg-config
Nicolas Dichtel [Tue, 5 Feb 2013 08:38:34 +0000 (00:38 -0800)]
iplink: display the value of IFLA_PROMISCUITY
This is useful to know the 'real' status of an interface (the flag IFF_PROMISC
is exported by the kernel only when the user set it explicitly, for example it
will not be exported when a tcpdump is running).
This information will be displayed when '-details' is provided by the user.
Example:
$ ip -d l l tun10
6: tun10: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT
link/sit 10.16.0.249 peer 10.16.0.121
sit remote 10.16.0.121 local 10.16.0.249 ttl inherit pmtudisc 6rd-prefix 2002::/16
promiscuity 2
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
David Ward [Sun, 27 Jan 2013 13:04:59 +0000 (13:04 +0000)]
ip/iptunnel: Extend TOS syntax
The 'inherit/STRING' or 'inherit/00..ff' syntax indicates that the
TOS field of tunneled packets should be copied from the original IP
header, but for non-IP packets the value STRING or 00..ff should be
used instead. (This syntax is already used by 'ip tunnel show'.)
Also clarify the man page and the command usage text (particularly
that the TOS is not specified as a decimal number).
iproute2: Add "ip netns pids" and "ip netns identify"
Add command that go between network namespace names and process
identifiers. The code builds and runs agains older kernels but
only works on Linux 3.8+ kernels where I have fixed stat to work
properly.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
iproute2: Make "ip netns delete" more likely to succeed
Sometimes "ip netns delete" fails because it can not delete the file a
network namespace was mounted on. If this only happened when a
network namespace was really in use this would be fine, but today it
is possible to pin all network namespaces by simply having a long
running process started with "ip netns exec".
Every mount is copied when a network namespace is created so it is
impossible to prevent the mounts from getting into other mount
namespaces. Modify all mounts in the files and subdirectories of
/var/run/netns to be shared mount points so that unmount events can
propogate, making it unlikely that "ip netns delete" will fail because
a directory is mounted in another mount namespace.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Ben Hutchings pointed out that the return value of do_netns is passed
to exit and the current convention of returning -1 for failure is
inconsitent with that reality.
Return EXIT_FAILURE instead of -1 and EXIT_SUCCESS instead of 0. To make
it clear that the return codes are expected to be passed to exit.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Some systems are now following the advice in
linux/Documentation/sharedsubtrees.txt and running with all mount
points shared between all mount namespaces by default.
After creating the mount namespace call mount on / with
MS_SLAVE|MS_REC to modify all mounts in the new mount namespace to
slave mounts if they are shared or private mounts otherwise.
Guarnateeing that changes to the mount namespace created with
"ip netns exec" don't propgate to other namespaces.
Reported-by: Petr Šabata <contyk@redhat.com> Tested-by: Petr Šabata <contyk@redhat.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Jan Engelhardt [Tue, 18 Dec 2012 17:18:45 +0000 (09:18 -0800)]
build: unbreak linakge of m_xt.so
Commit v3.7.0~10 caused the variable new PKG_CONFIG variable never
to be present at the time of calling make, leading to tc/m_xt.so
not linked with -lxtables (result from pkg-config xtables --libs),
that in turn leading to
tc: symbol lookup error: /usr/lib64/tc//m_xt.so: undefined symbol:
xtables_init_all
Nicolas Dichtel [Fri, 14 Dec 2012 18:08:17 +0000 (10:08 -0800)]
ip: use rtnelink to manage mroute
mroute was using /proc/net/ip_mr_[vif|cache] to display mroute entries. Hence,
only RT_TABLE_DEFAULT was displayed and only IPv4.
With rtnetlink, it is possible to display all tables for IPv4 and IPv6. The output
format is kept. Also, like before the patch, statistics are displayed when user specify
the '-s' argument.
The patch also adds the support of 'ip monitor mroute', which is now possible.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
David L Stevens [Wed, 12 Dec 2012 18:02:19 +0000 (10:02 -0800)]
add DOVE extensions for iproute2
This patch adds a new flag to iproute2 for vxlan devices to enable
DOVE features. It also adds support for L2 and L3 switch lookup miss
netlink messages to "ip monitor".
Changes since v2: fix merge conflict
Changes since v1:
- split "dove" flag into separate feature flags:
- "proxy" for ARP reduction
- "rsc" for route short circuiting
- "l2miss" for L2 switch miss notifications
- "l3miss" for L3 switch miss notifications
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
Nicolas Dichtel [Wed, 12 Dec 2012 17:05:51 +0000 (09:05 -0800)]
ip: add support of netconf messages
Example of the output:
$ ip monitor netconf&
[1] 24901
$ echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
ipv6 dev lo forwarding off
ipv6 dev eth0 forwarding off
ipv6 all forwarding off
$ echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
ipv4 dev eth0 forwarding on
$ ip -6 netconf
ipv6 all forwarding on mc_forwarding 0
$ ip netconf show dev eth0
ipv4 dev eth0 forwarding on rp_filter off mc_forwarding 1
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Minor cleanup of original patch, made sure netconf.h matched
result of santized kernel headers
Petr Sabata [Tue, 11 Dec 2012 06:42:52 +0000 (06:42 +0000)]
iproute2: ss - change default filter to include all socket types
Currently the default filter lists TCP sockets only which is
rather confusing especially when the '-a/--all' flag is used.
This patch changes the default to include all sockets, imitating
netstat(8) behavior.
Signed-off-by: Petr Šabata <contyk@redhat.com> Acked-by: David S. Miller <davem@davemloft.net>
Nicolas Dichtel [Wed, 14 Nov 2012 15:29:26 +0000 (16:29 +0100)]
ip/ip6tunnel: fix update of tclass and flowlabel
When tclass or flowlabel field were updated, we only performed an OR with the
new value. For example, it was not possible to reset tclass:
ip -6 tunnel change ip6tnl2 tclass 0
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
While building the iproute package in Debian I get warnings from
package helpers like this:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/iproute/sbin/tc debian/iproute/usr/bin/lnstat debian/iproute/bin/ip debian/iproute/bin/ss debian/iproute/sbin/bridge debian/iproute/sbin/rtmon were not linked against libresolv.so.2 (they use none of the library's symbols)
The -lresolv in ./Makefile seems to come from pre-historic times (before
iproute2 git history, possibly from libc5/pre-glibc days).
I couldn't find out if/why there was any reason for linking to libresolv.
Does anyone know if there are any valid reasons for keeping it still?
If not, I'd be happy to see it go.... while at it I also removed includes
of <resolv.h> which I also couldn't find any reason for, but this is
just an added bonus of the patch (and there are probably more unneeded
includes that could be dropped in the same sources).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
iproute2: avoid errors from double-installing manpages
Three manpages in man8 are listed twice in MAN8PAGES (both directly and
in TARGETS) which causes the install command to spit our a couple of
warnings as below and exiting with non-zero exit code....
Pavel Emelyanov [Thu, 25 Oct 2012 03:23:36 +0000 (03:23 +0000)]
ss: Support sock-diag
That is -- write the code, that sends diag request in new format. It's
mostly copied from tcp-diag code. Plus, sock-diag differentiates sockets
by families, thus we have to send two requests sequentially.
If we fail to submit new sock-diag request, try to fall-back and submit
the legacy tcp-diag one.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Pavel Emelyanov [Thu, 25 Oct 2012 03:21:39 +0000 (03:21 +0000)]
ss: Split inet_show_netlink into parts
The existing function inet_show_netlink sends tcp-diag request and
then receives back the response and prints it on the screen.
The sock-diag and legacy tcp-diag have different request types, but
report sockets in the same format. In order to support both it's
convenient to split the code into sending and receiving parts.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Vincent Bernat [Tue, 23 Oct 2012 12:42:55 +0000 (14:42 +0200)]
ip: fix "ip -6 route add ... nexthop"
IPv6 multipath routes were not accepted by "ip route" because an IPv4
address was expected for each gateway. Use `get_addr()` instead of
`get_addr32()`.
Signed-off-by: Vincent Bernat <bernat@luffy.cx> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Or Gerlitz [Thu, 25 Oct 2012 14:57:59 +0000 (16:57 +0200)]
iplink: Added support for the kernel IPoIB RTNL ops
Added support to ipoib rtnl ops through which one can create, configure,
query and delete IPoIB devices, for example
$ ip link add link ib0.8001 name ib0.8001 type ipoib pkey 0x8001
$ ip link add link ib0.1 name ib0.1 type ipoib mode connected
$ ip --details link show dev ib0.1
Cc: Patrick McHardy <kaber@trash.net> Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Werner Fink [Mon, 24 Sep 2012 19:50:37 +0000 (12:50 -0700)]
Change how pdf doc's are created
Currently the pdf docs are done with
sgml -> sgmltool -> tex -> latex -> dvi -> dvips -> ps -> ps2pdf -> pdf
or
tex -> latex -> dvi -> dvips -> ps -> ps2pdf -> pdf
with this patch we do
sgml -> sgmltool -> tex -> pdflatex -> pdf
or
tex -> pdflatex -> pdf
Pavel Emelyanov [Tue, 11 Sep 2012 15:47:00 +0000 (19:47 +0400)]
iproute: Add ability to save, restore and show the interfaces' addresses (resend)
This functionality is required by checkpoint-restore project. Since the
dump and restore for routes is already done in ip tool it's naturally to
dump and restore addresses in the ip tool as well.
The implementation logic is the same as for the respective one for routes.
The magic number digits are taken from the Seattle coordinates.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Li Wei [Tue, 28 Aug 2012 20:41:56 +0000 (20:41 +0000)]
iproute2: tc.8: update UNITS section.
- rename section UNITS to PARAMETERS.
- break section PARAMETERS down to four subsections to cover the
common used parameter types(RATES, TIMES, SIZES, VALUES).
- add some explaination for IEC units in RATES.
- point out the max value we can set for RATES, TIMES and SIZES.
Pavel Emelyanov [Fri, 27 Jul 2012 04:57:20 +0000 (08:57 +0400)]
iproute: Add route showdump command (v2)
Some time ago the save+restore commands were added to ip route (git
id f4ff11e3, Add ip route save/restore). These two save the raw rtnl
stream into a file and restore one (reading it from stdin).
The problem is that there's no way to get the contents of the dump
file in a human readable form. The proposal is to add a command that
reads the rtnl stream from stdin and prints the data in a way the
usual "ip route list" does?
changes since v1:
* Take the magic at the beginning of the dump file into account
* Check for stdin (the dump is taken from) is not a tty
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>