libnetlink: Modify the parser to track first duplicated attributes
Modify the parser to keep track of the first of any duplicated attributes,
instead of the last. This is required for VF configuration reporting, where
multiple attributes of the same type are added sequentially.
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
laurent chavey [Tue, 15 Dec 2009 13:05:15 +0000 (13:05 +0000)]
Add initrwnd to iproute2
Add initrwnd option parsing to iproute. This option uses the new
rtnetlink init_rcvwnd to set the TCP initial receive window size
advertised by passive and active TCP connections.
This adds the required changes to gain access to
the head drop classfull queuing discipline named
pfifo_head_drop. In difference to pfifo or pfifo_fast
this queuing discipline will drop the first packet
in the case of queue congestion. As a result the queue
contain always the freshest packets.
To replace the current a root queueing discipline
for eth0:
$ tc qdisc replace dev eth0 root pfifo_head_drop
And show statistics:
$ tc -s qdisc show dev eth0
Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Alexandre Cassen [Wed, 16 Dec 2009 02:38:29 +0000 (02:38 +0000)]
IPv6: 6rd iproute2 support
This patch provides iproute2 facilities to configure 6rd tunnel. To
configure a 6rd tunnel, you need to configure a sit tunnel and set
6rd prefix as following :
ip tunnel add sit1 mode sit local a.b.c.d ttl 64
ip tunnel 6rd dev sit1 6rd-prefix xxxx:yyyy::/z
Brian Haley [Mon, 14 Sep 2009 21:01:43 +0000 (17:01 -0400)]
ip: print "temporary" for IPv6 temp addresses
IPv6 addresses that have IFA_F_SECONDARY set are actually temporary addresses,
hence the IFA_F_TEMPORARY equivalent. Change the output in this case and
allow filtering on the word "temporary".
Currently you can configure "equalize" and it looks all fine and dandy.
The kernel has the interface defined, but apparently there's never actually
been any implementation for it (only a never merged patch in the 2.4 era).
I'm suggesting to drop the code to give any potential users of this feature
the benefit of receiving a proper error message. I see it unlikely that
this will be implemented in the near future, but if it ever happens
reviving the iproute2 side should be as easy as git revert this patch.
For more details see http://bugs.debian.org/149897
Arnd Bergmann [Sat, 26 Dec 2009 19:22:57 +0000 (11:22 -0800)]
iproute2/iplink: add macvlan options for bridge mode
Macvlan can now optionally support forwarding between its
ports, if they are in "bridge" mode. This adds support
for this option to "ip link add", "ip link set" and "ip
-d link show".
The default mode in the kernel is now "vepa" mode, meaning
"virtual ethernet port aggregator". This mode is used
together with the "hairpin" mode of an ethernet bridge
that the parent of the macvlan device is connected to.
All frames still get sent out to the external interface,
but the adjacent bridge is able to send them back on
the same wire in hairpin mode, so the macvlan ports
are able to see each other, which the bridge can be
configured to monitor and control traffic between
all macvlan instances. Multicast traffic coming in
from the external interface is checked for the source
MAC address and only delivered to ports that have not
yet seen it.
In bridge mode, macvlan will send all multicast traffic
to other interfaces that are also in bridge mode but
not to those in vepa mode, which get them on the way
back from the hairpin.
The third supported mode is "private", which prevents
communication between macvlans even if the adjacent
bridge is in hairpin mode. This behavior is closer to
the original implementation of macvlan but stricly
maintains isolation.
Patrick McHardy [Thu, 3 Dec 2009 20:07:14 +0000 (20:07 +0000)]
iprule: add oif classification support
David Miller wrote:
> From: Patrick McHardy <kaber@trash.net>
> Date: Mon, 30 Nov 2009 19:00:14 +0100
>
>> This patch contains iproute support for iprule oif classification
>> for the send-to-self RFC I just sent out.
>
> Patrick, you need to submit a new version of this patch with
> the FIB_RULE_* macro fixed, just like the kernel version got
> fixed.
Thanks for reminind me of this. New patch attached.
Split up in functions. Make XT checks bail if previous XT check
was successful.
This result improves the output of the configure script to not indicate
using iptables only because the last test failed (when previous ones could
have already succeded).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Simon Horman [Thu, 3 Dec 2009 01:08:27 +0000 (12:08 +1100)]
flush secondary addresses before primary ones
Unless promote_secondaries has been active deleting the primary address of
an interface will automatically delete all the secondary addresses.
In the case where ip flush requests the primary then secondary addresses to
be removed - which is the order the addresses are returned by the kernel -
this will cause an error as by the time the request to remove a secondary
address is made it will be missing as it will have been deleted in the
course of deleting the primary address.
This approach to solving this problem orders requests for the
deletion of secondary addresses before primary ones providing
rtnl_dump_filter_l(), a version of rtnl_dump_filter() that
iterates over a list of filters. And by providing two specialised
filters print_addrinfo_secondary() and print_addrinfo_primary().
rtnl_dump_filter_l() first iterates over all addresses using
print_addrinfo_secondary(), which appends secondary addresses to the
request buffer. Then again using print_addrinfo_primary() which appends
primary addresses.
This approach should work regardless of it promote_secondaries is
active or not. And regardless of if any primary of secondary addresses
are present or not.
Add new (iptables 1.4.5 compatible) tc/ipt/xt module.
Add a new cleaned up m_xt.c based on m_xt_old.c
The new m_xt.c has been updated to use the new names and new api
that xtables exposes in iptables 1.4.5.
All the old internal api cruft has also been dropped.
Additionally, a configure script test is added to check for
the new xtables api and set the TC_CONFIG_XT flag in Config.
(tc/Makefile already handles this flag in previous commit.)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Peter Palfrader said in http://bugs.debian.org/545008 that
"--help output, if explicitly requested, should go to stdout, not stderr."
which this patch fixes.
Additionally, the exit code was adjusted to success if help was
explicitly requested.
(Syntax error still outputs to stderr and has the same exit code.)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Patrick McHardy [Mon, 23 Nov 2009 11:03:41 +0000 (12:03 +0100)]
f_fw: fix compat mode
The kernel takes a lack of options as indication that the fw classifier
should operate in compatibility mode, where marks are mapped directly to
classids.
Commit e22b42a (tc mask patch) broke this by adding an empty TCA_OPTIONS
attribute even if no handle is specified. Restore the old behaviour.
The static libnetlink.a library is exposed to other users in Debian via the
"iproute-dev" package. Apparently people are interested in using it in their
shared libraries and would like to see the code be position independent.
Patch below makes the code under lib/ build with -fPIC.
See http://bugs.debian.org/547602
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
This shows 2 Oifs here. However, ipmroute.c, function read_mroute_list(), uses sscanf() with a %s mask for oiflist, which stops after the first whitespace (i.e. after Oif 0:1). The patch below fixes this to read until the newline (though I'm not sure whether this is the proper way to fix it).
After this patch:
mark@flappie:~/iproute-20090324/ip$ ./ip mroute show
(192.168.1.1, 224.0.0.123) Iif: _rename Oifs: eth1 eth0
This patch originally submitted as http://bugs.debian.org/550097
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
David Ward [Thu, 15 Oct 2009 18:53:13 +0000 (14:53 -0400)]
iproute2: Add ll_index_to_addr function
After calling ll_init_map, all of the information stored in the link-layer map
can be retrieved by function calls (ll_index_to_*), except for the link-layer
address. This patch fills the gap by adding a ll_index_to_addr function.
Changes welcome.
iproute2 add hoplimit parsing and update usage and documentation
- Parse and handle the hoplimit ip route option and add it to the usage
line and documentation.
- Add the missing reordering ip route option to the usage line.
- Add documentation for initcwnd ip route option.
Tested by setting hoplimit and retreiving it via "show".
Signed-off-by: Gilad Ben-Yossef <gilad@codefidence.com>
[ported to HEAD, fixed a bug with hoplimit lock handling, added documentation] Signed-off-by: Ori Finkelman <ori@comsleep.com> Signed-off-by: Yony Amit <yony@comsleep.com>
Mike Frysinger [Wed, 4 Nov 2009 04:26:34 +0000 (04:26 +0000)]
tc: remove dlfcn.h from files that dont need it
A bunch of source files look like they're copy & pasted from other files,
and some include header files that they don't actually need. Since dlfcn
has very specific usage (and is a pain on a static-only system), drop it
where it isn't really needed.
Mike Frysinger [Fri, 6 Nov 2009 11:09:22 +0000 (06:09 -0500)]
support static-only systems
The iptables code supports a "no shared libs" mode where it can be used
without requiring dlfcn related functionality. This adds similar support
to iproute2 so that it can easily be used on systems like nommu Linux (but
obviously with a few limitations -- no dynamic plugins).
Rather than modify every location that uses dlfcn.h, I hooked the dlfcn.h
header with stub functions when shared library support is disabled. Then
symbol lookup is done via a local static lookup table (which is generated
automatically at build time) so that internal symbols can be found.
Mike Frysinger [Fri, 6 Nov 2009 11:04:39 +0000 (06:04 -0500)]
arpd/ifstat/nstat/rtacct: use daemon()
A bunch of misc utils basically reimplement the daemon() function (the
whole fork/close/chdir/etc...). Rather than do that, use daemon() as
that will work under nommu Linux systems that lack fork().
Patrick McHardy [Wed, 28 Oct 2009 19:50:48 +0000 (20:50 +0100)]
iproute uses too small of a receive buffer
It uses 1MB as receive buf limit by default (without
increasing /proc/sys/net/core/rmem_max it will be limited by less
however) and allows to specify the size manually using "-rcvbuf X"
(-r is already used, so you need to specify at least -rc).
Additionally rtnl_listen() continues on ENOBUFS after printing the
error message.
please review attached patch to add support for in-kernel potential router=
=20
lists for ISATAP tunnels.
Usage:
ip tunnel add name isatap0 mode isatap local 192.168.1.100
ip tunnel prl dev isatap0 prl-default 192.168.1.1
ip tunnel prl dev isatap0 prl-nodefault 192.168.1.2
ip tunnel prl dev isatap0 prl-delete 192.168.1.1
ip tunnel show # pr and pdr will be listed as well
Patch based on http://osprey67.com/seal/iproute2_diff.v0_3.txt by Fred L.=20
Templin.
Sometimes while dividing bandwidth by classes it is useful to see how some
specific class doing things live.
Which my simple patch it is possible to do
watch -n1 "tc -s -d class show dev eth0.2022 classid 1:1520"
and to get live statistics, how packets queued or dropped, and how much
bandwidth used (if estimator defined) for specific class.
On tor, 2009-04-30 at 14:32 +0100, Timothy Baldwin wrote:
> Package: iproute
> Version: 20090324-1
> Severity: minor
>
>
> $ ip link set eth0 address help
> "help" is invalid lladdr.
> Segmentation fault
>
> Desipte the invalid command line arguments it shouldn't crash.
>
Callers need to check return value from ll_addr_a2n(). Patch below.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Thomas Egerer [Tue, 14 Apr 2009 23:15:17 +0000 (16:15 -0700)]
Fix display of xfrm
When using iproute2 to display information on policies installed in kernel
(ip x p s) output is incorrect: IPv6 addresses printed as IPv4 addresses.
In case I am dealing with inter protocol policies where the template's address
family differs from those of the policy itself.
The patch attached solves this problem.
Oliver Hartkopp [Fri, 27 Mar 2009 18:21:29 +0000 (11:21 -0700)]
Add support Controller Area Network
t's not a big problem, but it makes a better show in 'ip link show' on
CAN interfaces :-)
I also moved __PF(CAN,can) in ll_proto.c to the same position where it
can be found in if_ether.h .
The only thing i did not know if the __PF(CAN,can) in ll_types.c needs
to be put in #ifdef ARPHDR_CAN like __PF(HWX25,hwx25) is or not. You
definitely know that better than me.
Srivats P [Fri, 27 Mar 2009 18:17:26 +0000 (11:17 -0700)]
ip6tunnel: Fix no default display of ip4ip6 tunnels
"ip -6 tunnel show" displays only ip6ip6 tunnels not ip4ip6 tunnels
- it should display all irrespective of proto.
This is because the default tunnel proto is initialized to IPPROTO_IPV6 in ip6_tnl_parm_init() which is fine for a 'add' command but not for 'show'. This patch overrides proto with 0 signifying 'mode any' as the default in case of a 'show'.
Sascha Hlusiak [Fri, 27 Mar 2009 18:14:00 +0000 (11:14 -0700)]
iptunnel: allow ISATAP with stateless autoconf
please commit my patch below to the iproutes package. It just an incorrect
check so that adding an isatap tunnel with remote works, since it's needed if
one wants to use stateless autoconf. The current check makes tunnel mode
isatap unusable for all client users.
Currently you can configure "equalize" and it looks all fine and dandy.
The kernel has the interface defined, but apparently there's never actually
been any implementation for it (only a never merged patch in the 2.4 era).
I'm suggesting to drop the code to give any potential users of this feature
the benefit of receiving a proper error message. I see it unlikely that
this will be implemented in the near future, but if it ever happens
reviving the iproute2 side should be as easy as git revert this patch.
For more details see http://bugs.debian.org/149897
jamal [Fri, 8 Aug 2008 14:06:17 +0000 (10:06 -0400)]
ip: Allow for easier debug of buggy devices that dont send their names
patch attached this time..
On Fri, 2008-08-08 at 10:01 -0400, jamal wrote:
> wireless drivers using wext is a prime example if you need a test case.
>
> cheers,
> jamal
ip: Allow for easier debug of buggy devices that dont send their names
With the old message couldnt tell which device had the bug.
This patch provides at least an ifindex to narrow it down.
Theres also no point in bailing out because of one bug; we
allow it to go on so we could dump as much info as we can
Breakage noticed when debian upgraded to xtables (iptables > 1.4.1)
Many thanks to Yevgeny Kosarzhevsky <yevg@pisem.net> for reporting
and a lot of testing
Thanks to Jan Engelhardt <jengelh@medozas.de> for a lot of advice
Thanks to Denys Fedoryschenko <denys@visp.net.lb> for some sample
code that he tried and thanks to Andreas Henriksson <andreas@fatal.se>
(who maintains iproute2 on debian) for the persistent followup.
Original from: Alexander Duyck <alexander.h.duyck@intel.com>
A bug was found in which the memory for the tc_skbedit struct was being
used uninitialized to 0. Alternative version of original fix
using initializer rather than memset.
Signed-off-by: Alexander Duyck <alexander.h.duyck@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>