]> git.proxmox.com Git - mirror_iproute2.git/log
mirror_iproute2.git
8 years agoip_tunnel: determine tunnel address family from the tunnel type
Konstantin Shemyak [Thu, 26 Nov 2015 16:22:05 +0000 (18:22 +0200)]
ip_tunnel: determine tunnel address family from the tunnel type

On 24.11.2015 02:26, Stephen Hemminger wrote:
> On Thu, 12 Nov 2015 21:10:08 +0000
> Konstantin Shemyak <konstantin@shemyak.com> wrote:
>
>> When creating an IP tunnel over IPv6, the address family must be passed in
>> the option, e.g.
>>
>> ip -6 tunnel add mode ip6gre local 1::1 remote 2::2
>>
>> This makes it impossible to create both IPv4 and IPv6 tunnels in one batch.
>>
>> In fact the address family option is redundant here, as each tunnel mode is
>> relevant for only one address family.
>> The patch determines whether the applicable address family is AF_INET6
>> instead of the default AF_INET and makes the "-6" option unnecessary for
>> "ip tunnel add".
>>
>> Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com>
>> ---
>>   ip/iptunnel.c                          | 26 ++++++++++++++++++++++++++
>>   testsuite/tests/ip/tunnel/add_tunnel.t | 14 ++++++++++++++
>>   2 files changed, 40 insertions(+)
>>   create mode 100755 testsuite/tests/ip/tunnel/add_tunnel.t
>>
>> diff --git a/ip/iptunnel.c b/ip/iptunnel.c
>> index 78fa988..7826a37 100644
>> --- a/ip/iptunnel.c
>> +++ b/ip/iptunnel.c
>> @@ -629,8 +629,34 @@ static int do_6rd(int argc, char **argv)
>>          return tnl_6rd_ioctl(cmd, medium, &ip6rd);
>>   }
>>
>> +static int tunnel_mode_is_ipv6(char *tunnel_mode) {
>> +       char *ipv6_modes[] = {
>> +               "ipv6/ipv6", "ip6ip6",
>> +               "vti6",
>> +               "ip/ipv6", "ipv4/ipv6", "ipip6", "ip4ip6",
>> +               "ip6gre", "gre/ipv6",
>> +               "any/ipv6", "any"
>> +       };
>> +       int i;
>> +
>> +       for (i = 0; i < sizeof(ipv6_modes) / sizeof(char *); i++) {
>> +               if (strcmp(ipv6_modes[i], tunnel_mode) == 0)
>> +                       return 1;
>> +       }
>> +       return 0;
>> +}
>> +
>
> The ipv6_modes table should be static const.

Thank you for the note! attached the corrected patch.

> Also is it possible to use strstr for ipv6 and ip6 or even strchr(tunnel_mode, '6')
> to simplify this?

There is IPv6 tunnel mode 'any', and IPv4 tunnel mode 'ipv6/ip' (aka
'sit'). It looks to me that attempts to find some substring match
would not make the code much shorter, but definitely less readable.

Konstantin Shemyak.

>From 42d27db0055c3a114fe6eb86d680bef9ec098ad4 Mon Sep 17 00:00:00 2001
From: Konstantin Shemyak <konstantin@shemyak.com>
Date: Thu, 12 Nov 2015 20:52:02 +0200
Subject: [PATCH] Tunnel address family is determined from the tunnel mode

When the tunnel mode already tells the IP address family, "ip tunnel"
command determines it and does not require option "-4"/"-6" to be passed.

This makes possible creating both IPv4 and IPv6 tunnels in one batch.

Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com>
8 years agovxlan: Add support for remote checksum offload
Tom Herbert [Fri, 27 Nov 2015 18:23:43 +0000 (10:23 -0800)]
vxlan: Add support for remote checksum offload

This patch adds support to remote checksum checksum offload
to VXLAN. This patch adds remcsumtx and remcsumrx to ip vxlan
configuration to enable remote checksum offload for transmit
and receive on the VXLAN tunnel.

https://tools.ietf.org/html/draft-herbert-vxlan-rco-00

Example:

ip link add name vxlan0 type vxlan id 42 group 239.1.1.1 dev eth0 \
    udpcsum remcsumtx remcsumrx

Testing:

Ran single netperf over mlnx4 to illustrate the effest:

- Without RCO (UDP csum set to zero)
  4335.99 Mbps
- With RCO enabled
  7661.81 Mbps

Signed-off-by: Tom Herbert <tom@herbertland.com>
8 years agoget rid of unnecessary fgets() buffer size limitation
Phil Sutter [Sat, 28 Nov 2015 00:00:05 +0000 (01:00 +0100)]
get rid of unnecessary fgets() buffer size limitation

fgets() will read at most size-1 bytes into the buffer and add a
terminating null-char at the end. Therefore it is not necessary to pass
a reduced buffer size when calling it.

This change was generated using the following semantic patch:

@@
identifier buf, fp;
@@
- fgets(buf, sizeof(buf) - 1, fp)
+ fgets(buf, sizeof(buf), fp)

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoget rid of remaining -Wunused-result warnings
Phil Sutter [Sat, 28 Nov 2015 00:00:04 +0000 (01:00 +0100)]
get rid of remaining -Wunused-result warnings

Although not fundamentally necessary to check return codes in these
spots, preventing the warnings will put new ones into focus.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoss: review is_ephemeral()
Phil Sutter [Sat, 28 Nov 2015 00:00:03 +0000 (01:00 +0100)]
ss: review is_ephemeral()

No need to keep static port boundaries global, they are not used
directly. Keeping them local also allows to safely reduce their names to
the minimum. Assign hardcoded fallback values also if fscanf() fails.
Get rid of unnecessary braces around return parameter.

Instead of more or less duplicating is_ephemeral() in run_ssfilter(),
simply call the function instead.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoss: reduce max indentation level in init_service_resolver()
Phil Sutter [Sat, 28 Nov 2015 00:00:02 +0000 (01:00 +0100)]
ss: reduce max indentation level in init_service_resolver()

Exit early or continue on error instead of putting conditional into
conditional to make reading the code a bit easier.

Also, the call to memcpy() can be skipped by initialising prog with the
desired prefix.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agolnstat: review lnstat_update()
Phil Sutter [Sat, 28 Nov 2015 00:00:01 +0000 (01:00 +0100)]
lnstat: review lnstat_update()

Instead of calling rewind() and fgets() before every call to
scan_lines(), move them into scan_lines() itself.

This should also fix compat mode, as before the second call to
scan_lines() the first line was skipped unconditionally.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agobridge.8: minor formatting cleanup
Phil Sutter [Tue, 24 Nov 2015 14:50:00 +0000 (15:50 +0100)]
bridge.8: minor formatting cleanup

- Replace commas at end of subsection with dots.
- Replace double whitespace by single one.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiproute: restrict hoplimit values to be in range [0; 255]
Phil Sutter [Tue, 24 Nov 2015 14:45:31 +0000 (15:45 +0100)]
iproute: restrict hoplimit values to be in range [0; 255]

Technically, the range of possible hoplimit values are defined by IPv4
and IPv6 header formats. Both define the field to be eight bits in size,
which leads to a value range of [0;255]. Setting a packet's hoplimit
field to 0 though makes not much sense, as the next hop would
immediately drop the packet. Therefore Linux uses 0 as a special value
indicating to use the system's default hoplimit (configurable via
sysctl). In iproute, setting the hoplimit of a route to 0 is equivalent
to omitting the hoplimit parameter alltogether, so it is actually not
necessary to allow that value to be specified, but keep it anyway for
backwards compatibility.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiptoken: simplify iptoken_list a bit
Phil Sutter [Tue, 24 Nov 2015 14:31:04 +0000 (15:31 +0100)]
iptoken: simplify iptoken_list a bit

Since it uses only a single filter, rtnl_dump_filter() can be used.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoipaddress: drop unnecessary check in ipaddr_list_flush_or_save()
Phil Sutter [Tue, 24 Nov 2015 14:31:03 +0000 (15:31 +0100)]
ipaddress: drop unnecessary check in ipaddr_list_flush_or_save()

Right after ipaddr_reset_filter(), filter.family is always AF_UNSPEC.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoipaddress: fix ipaddr_flush for Linux >= 3.1
Phil Sutter [Tue, 24 Nov 2015 14:31:02 +0000 (15:31 +0100)]
ipaddress: fix ipaddr_flush for Linux >= 3.1

Linux version 3.1 introduced a consistency check for netlink dumps in
commit 670dc28 ("netlink: advertise incomplete dumps"). This bites
iproute2 when flushing more addresses than can fit into a single
RTM_GETADDR response. To silence the spurious error message "Dump was
interrupted and may be inconsistent.", advise rtnl_dump_filter_l() to
not care about NLM_F_DUMP_INTR.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agolibnetlink: introduce nc_flags
Phil Sutter [Tue, 24 Nov 2015 14:31:01 +0000 (15:31 +0100)]
libnetlink: introduce nc_flags

Allow for a filter to ignore certain nlmsg_flags.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoipaddress: simplify ipaddr_flush()
Phil Sutter [Tue, 24 Nov 2015 14:31:00 +0000 (15:31 +0100)]
ipaddress: simplify ipaddr_flush()

Since it's no longer relevant whether an IP address is primary or
secondary when flushing, ipaddr_flush() can be simplified a bit.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agort_names: style cleanup
Stephen Hemminger [Sun, 29 Nov 2015 19:41:23 +0000 (11:41 -0800)]
rt_names: style cleanup

Cleanup all checkpatch complaints about whitespace in rt_names.

8 years agoAdd support for rt_tables.d
David Ahern [Tue, 24 Nov 2015 21:20:01 +0000 (13:20 -0800)]
Add support for rt_tables.d

Add support for reading table id/name mappings from rt_tables.d
directory.

Suggested-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
8 years agogeneve: add support for IPv6 link partners
John W. Linville [Thu, 24 Sep 2015 18:39:39 +0000 (14:39 -0400)]
geneve: add support for IPv6 link partners

Signed-off-by: John W. Linville <linville@tuxdriver.com>
8 years agoiproute2: Ignore EADDRNOTAVAIL errors during address flush operation
Neil Horman [Thu, 5 Nov 2015 19:54:17 +0000 (14:54 -0500)]
iproute2: Ignore EADDRNOTAVAIL errors during address flush operation

I found recently that, if I disabled address promotion in the kernel, that
ip addr flush dev <dev>

would fail with an EADDRNOTAVAIL errno (though the flush operation would in fact
flush all addresses from an interface properly)

Whats happening is that, if I add a primary and multiple secondary addresses to
an interface, the flush operation first ennumerates them all with a GETADDR |
DUMP operation, then sends a delete request for each address.  But the kernel,
having promotion disabled, deletes all secondary addresses when the primary is
removed.  That means, that several delete requests may still be pending in the
netlink request for addresses that have been removed on our behalf, resulting in
EADDRNOTAVAIL return codes.

It seems the simplest thing to do is to understand that EADDRUNAVAIL isn't a
fatal outcome on a flush operation, as it just indicates that an address which
you want to remove is already removed, so it can safely be ignored.

Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Stephen Hemminger <stephen@networkplumber.org>
CC: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
8 years agobridge.8: document fdb replace command
Phil Sutter [Wed, 18 Nov 2015 11:46:42 +0000 (12:46 +0100)]
bridge.8: document fdb replace command

Despite commit 45a82e5 ("iproute vxlan add support for fdb replace
command"), the 'fdb replace' command was not mentioned in bridge.8.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agolnstat: fix header displaying mechanism
Phil Sutter [Wed, 18 Nov 2015 15:57:47 +0000 (16:57 +0100)]
lnstat: fix header displaying mechanism

The algorithm depends on the loop counter ('i') to increment by one in
each iteration. Though if running endlessly (count==0), the counter was
not incremented at all.

Also change formatting of the header printing conditional a bit so it's
hopefully easier to read.

Fixes: e7e2913 ("lnstat: run indefinitely by default")
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agolnstat: describe -s option in help output
Phil Sutter [Wed, 18 Nov 2015 15:57:46 +0000 (16:57 +0100)]
lnstat: describe -s option in help output

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoupdate kernel headers to 4.4-rc1
Stephen Hemminger [Mon, 23 Nov 2015 23:53:04 +0000 (15:53 -0800)]
update kernel headers to 4.4-rc1

Post merge window changes

8 years agoip_common.h header cleanup
Phil Sutter [Fri, 6 Nov 2015 17:54:08 +0000 (18:54 +0100)]
ip_common.h header cleanup

- Drop 'extern' keyword from all function prototypes.
- Make line breaking of print_* functions consistent.
- Make print_ntable() and ipntable_reset_filter() static and remove
  their declaration.
- Drop declaration of non-existent ipaddr_list() and iproute_monitor().

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agomisc: remove extra blank line
Stephen Hemminger [Mon, 23 Nov 2015 23:42:34 +0000 (15:42 -0800)]
misc: remove extra blank line

8 years agoman8: scrub trailing whitespace
Stephen Hemminger [Mon, 23 Nov 2015 23:41:37 +0000 (15:41 -0800)]
man8: scrub trailing whitespace

Remove extraneous whitespace

8 years agoman: Spelling fixes
Ville Skyttä [Sat, 7 Nov 2015 09:53:00 +0000 (11:53 +0200)]
man: Spelling fixes

Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
8 years agoman: Syntax and warning fixes
Ville Skyttä [Sat, 7 Nov 2015 09:52:59 +0000 (11:52 +0200)]
man: Syntax and warning fixes

Fix syntax issues and warnings highlighted by `man --warnings=w' from
man-db 2.7.1.

Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
8 years agoip{,6}tunnel: put spaces around non-unary operators
Phil Sutter [Fri, 13 Nov 2015 17:09:05 +0000 (18:09 +0100)]
ip{,6}tunnel: put spaces around non-unary operators

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiptunnel: sanitize copying tunnel name
Phil Sutter [Fri, 13 Nov 2015 17:09:04 +0000 (18:09 +0100)]
iptunnel: sanitize copying tunnel name

Since p->name is only IFNAMSIZ bytes, do not copy more than IFNAMSIZ - 1
bytes into it so there remains at least a single null byte in the end.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiptunnel: share common code when determining the default interface name
Phil Sutter [Fri, 13 Nov 2015 17:09:03 +0000 (18:09 +0100)]
iptunnel: share common code when determining the default interface name

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiptunnel: simplify parsing TTL, allow 'hlim' as identifier
Phil Sutter [Fri, 13 Nov 2015 17:09:02 +0000 (18:09 +0100)]
iptunnel: simplify parsing TTL, allow 'hlim' as identifier

Instead of parsing an unsigned integer and checking boundaries, simply
parse u8. This and the added ttl alias 'hlim' provide consistency with
ip6tunnel.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiptunnel: share common code when setting tunnel mode
Phil Sutter [Fri, 13 Nov 2015 17:09:01 +0000 (18:09 +0100)]
iptunnel: share common code when setting tunnel mode

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip6tunnel: fix coding style: no newline between brace and else
Phil Sutter [Fri, 13 Nov 2015 17:09:00 +0000 (18:09 +0100)]
ip6tunnel: fix coding style: no newline between brace and else

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip6tunnel: print local/remote addresses like iptunnel does
Phil Sutter [Fri, 13 Nov 2015 17:08:59 +0000 (18:08 +0100)]
ip6tunnel: print local/remote addresses like iptunnel does

This makes output consistent with iptunnel, also supporting reverse DNS
lookup for remote address if requested.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip{,6}tunnel: align do_tunnels_list() a bit
Phil Sutter [Fri, 13 Nov 2015 17:08:58 +0000 (18:08 +0100)]
ip{,6}tunnel: align do_tunnels_list() a bit

In iptunnel, declare loop variables inside the loop as done in
ip6tunnel.

Fix and simplify goto logic in ip6tunnel:
- Failure to read over header lines would have left fp opened.
- By returning directly upon fopen() failure, fp can be closed
  unconditionally in the end.

Use the same goto logic in iptunnel, as well.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoiptunnel: use ll_name_to_index() for physical interface lookup
Phil Sutter [Fri, 13 Nov 2015 17:08:57 +0000 (18:08 +0100)]
iptunnel: use ll_name_to_index() for physical interface lookup

Although the cache is only initialized in do_show(), this way it is at
least consistent with ip6tunnel.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip{, 6}tunnel: unify behaviour if physical device is not found
Phil Sutter [Fri, 13 Nov 2015 17:08:56 +0000 (18:08 +0100)]
ip{, 6}tunnel: unify behaviour if physical device is not found

Make ip6tunnel print an error message as well. While there, get rid of
unnecessary line breaking.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip/tunnel: introduce tnl_parse_key()
Phil Sutter [Fri, 13 Nov 2015 17:08:55 +0000 (18:08 +0100)]
ip/tunnel: introduce tnl_parse_key()

Instead of duplicating the same code six times (key, ikey and okey in
iptunnel and ip6tunnel), have a common parsing routine. This has the
added benefit of having the same verbose error message in ip6tunnel as
well as iptunnel.

I'm not sure if parsing an IPv4 address as key makes sense for
ip6tunnel, but the code was there before so this patch at least doesn't
make it worse.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip{, 6}tunnel: get rid of extraneous whitespace when printing
Phil Sutter [Fri, 13 Nov 2015 17:08:54 +0000 (18:08 +0100)]
ip{, 6}tunnel: get rid of extraneous whitespace when printing

Put whitespace in the beginning of optional parts, not as suffix
anywhere. Also drop double whitespaces in between words.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agomisc/Makefile: use PKG_CONFIG
Aaro Koskinen [Tue, 17 Nov 2015 14:08:00 +0000 (16:08 +0200)]
misc/Makefile: use PKG_CONFIG

Use PKG_CONFIG from Config - it works better when cross-compiling.

Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com>
8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Wed, 4 Nov 2015 00:38:15 +0000 (16:38 -0800)]
Merge branch 'master' into net-next

8 years agov4.3.0
Stephen Hemminger [Wed, 4 Nov 2015 00:34:46 +0000 (16:34 -0800)]
v4.3.0

8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Wed, 4 Nov 2015 00:31:57 +0000 (16:31 -0800)]
Merge branch 'master' into net-next

8 years agolib/utils: improve error messages of get_addr() and get_prefix()
Phil Sutter [Thu, 29 Oct 2015 16:20:56 +0000 (17:20 +0100)]
lib/utils: improve error messages of get_addr() and get_prefix()

Instead of statically complaining about illegal inet address, use
get_family() to get the address family right.

Based on a patch by Hangbin Liu to print "inet6" for AF_INET6 made more
generic by me.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agobridge: fdb: minor syntax fix in help text
Phil Sutter [Thu, 29 Oct 2015 09:55:24 +0000 (10:55 +0100)]
bridge: fdb: minor syntax fix in help text

8 years agoifstat: add manpage
Phil Sutter [Thu, 29 Oct 2015 09:55:23 +0000 (10:55 +0100)]
ifstat: add manpage

8 years agogenl: add manpage
Phil Sutter [Thu, 29 Oct 2015 09:55:22 +0000 (10:55 +0100)]
genl: add manpage

8 years agoifcfg: add manpage
Phil Sutter [Thu, 29 Oct 2015 09:55:21 +0000 (10:55 +0100)]
ifcfg: add manpage

8 years agoadd new IFLA_VF_TRUST netlink attribute
Stephen Hemminger [Fri, 23 Oct 2015 22:47:07 +0000 (15:47 -0700)]
add new IFLA_VF_TRUST netlink attribute

8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Fri, 23 Oct 2015 22:46:08 +0000 (15:46 -0700)]
Merge branch 'master' into net-next

8 years agomisc: cleanup extra whitespace
Stephen Hemminger [Fri, 23 Oct 2015 22:44:30 +0000 (15:44 -0700)]
misc: cleanup extra whitespace

No blank lines at end of file

8 years agotc: remove extra whitespace
Stephen Hemminger [Fri, 23 Oct 2015 22:43:28 +0000 (15:43 -0700)]
tc: remove extra whitespace

No blank lines at EOF, or trailing whitespace.

8 years agoip: remove extra newlines at end-of-file
Stephen Hemminger [Fri, 23 Oct 2015 22:41:58 +0000 (15:41 -0700)]
ip: remove extra newlines at end-of-file

Shouldn't have extra blank lines.

8 years agotc: ship filter man pages and refer to them in tc.8
Phil Sutter [Fri, 23 Oct 2015 17:47:16 +0000 (19:47 +0200)]
tc: ship filter man pages and refer to them in tc.8

Cc: Thomas Graf <tgraf@suug.ch>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Patrick McHardy <kaber@trash.net>
Cc: Werner Almesberger <werner@almesberger.net>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for u32 filter
Phil Sutter [Fri, 23 Oct 2015 17:47:15 +0000 (19:47 +0200)]
tc: add a man page for u32 filter

Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for tcindex filter
Phil Sutter [Fri, 23 Oct 2015 17:47:14 +0000 (19:47 +0200)]
tc: add a man page for tcindex filter

Cc: Werner Almesberger <werner@almesberger.net>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for route filter
Phil Sutter [Fri, 23 Oct 2015 17:47:13 +0000 (19:47 +0200)]
tc: add a man page for route filter

Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for fw filter
Phil Sutter [Fri, 23 Oct 2015 17:47:12 +0000 (19:47 +0200)]
tc: add a man page for fw filter

Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for flower filter
Phil Sutter [Fri, 23 Oct 2015 17:47:11 +0000 (19:47 +0200)]
tc: add a man page for flower filter

Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for flow filter
Phil Sutter [Fri, 23 Oct 2015 17:47:10 +0000 (19:47 +0200)]
tc: add a man page for flow filter

Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for cgroup filter
Phil Sutter [Fri, 23 Oct 2015 17:47:09 +0000 (19:47 +0200)]
tc: add a man page for cgroup filter

Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: add a man page for basic filter
Phil Sutter [Fri, 23 Oct 2015 17:47:08 +0000 (19:47 +0200)]
tc: add a man page for basic filter

Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: u32 filter coding style cleanup
Phil Sutter [Fri, 23 Oct 2015 17:21:23 +0000 (19:21 +0200)]
tc: u32 filter coding style cleanup

Add missing spaces around operators to increase readability. Aside from
that, make "preference" match a real synonym for "tos" and "dsfield" as
it's effect was identical to them.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agotc: improve filter help texts a bit
Phil Sutter [Fri, 23 Oct 2015 17:21:17 +0000 (19:21 +0200)]
tc: improve filter help texts a bit

This fixes a few syntax errors and changes route filter help text to use
classid instead of flowid to be consistent with other filters' help
texts.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoupdate bpf kernel header
Stephen Hemminger [Fri, 23 Oct 2015 06:43:35 +0000 (23:43 -0700)]
update bpf kernel header

8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Fri, 23 Oct 2015 06:42:37 +0000 (23:42 -0700)]
Merge branch 'master' into net-next

8 years agoip, realms: also allow to pass in raw realms value
Daniel Borkmann [Thu, 8 Oct 2015 10:22:39 +0000 (12:22 +0200)]
ip, realms: also allow to pass in raw realms value

If get_rt_realms() fails, try to get a possible raw u32 realms
value for the u32 RTA_FLOW/FRA_FLOW attribute, as it might be
useful to directly configure the hex value itself. And only if
that fails, then bail out.

The source realm is provided in the upper u16 (mask: 0xffff0000)
and the destination realm through the lower u16 part (mask:
0x0000ffff). This can be useful for tc's bpf realm matcher, but
also a full hex/mask param can be provided already for matching
through iptables' --realm cmdline option, for example.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
8 years agoupdate kernel headers
Stephen Hemminger [Fri, 23 Oct 2015 06:36:49 +0000 (23:36 -0700)]
update kernel headers

Track upstream

8 years agoAdd ip rule save/restore
Kirill Tkhai [Tue, 20 Oct 2015 10:41:48 +0000 (13:41 +0300)]
Add ip rule save/restore

This patch adds save and restore commands to "ip rule"
similar the same is made in commit f4ff11e3e298 for "ip route".

The feature is useful in checkpoint/restore for container
migration, also it may be helpful in some normal situations.

Signed-off-by: Kirill Tkhai <ktkhai@odin.com>
8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Mon, 19 Oct 2015 04:58:29 +0000 (21:58 -0700)]
Merge branch 'master' into net-next

8 years agoip route get: change exit to return to support batch commands
Roopa Prabhu [Thu, 15 Oct 2015 22:23:50 +0000 (15:23 -0700)]
ip route get: change exit to return to support batch commands

replace exit with return -2 on rtnl_talk failure

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
8 years agobridge: add calls to fflush in fdb and mdb print functions
Wilson Kok [Thu, 15 Oct 2015 21:53:17 +0000 (14:53 -0700)]
bridge: add calls to fflush in fdb and mdb print functions

This patch adds fflush in fdb and mdb print functions

Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
8 years agoip-rule: neither prohibit nor reject or unreachable flags exist
Phil Sutter [Thu, 15 Oct 2015 20:32:17 +0000 (22:32 +0200)]
ip-rule: neither prohibit nor reject or unreachable flags exist

This has been inconsistent since the beginning of Git and seems to be
merely a documentation leftover, therefore just remove it from help
output and man page.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoss: return -1 if an unrecognized option was given
Phil Sutter [Thu, 15 Oct 2015 19:01:16 +0000 (21:01 +0200)]
ss: return -1 if an unrecognized option was given

When getopt_long encounters an option which has not been registered, it
returns '?'. React upon that and call usage() instead of help() so ss
returns with a non-zero exit status.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip-route man: add usage and description for lwtunnel encap attributes
Roopa Prabhu [Thu, 15 Oct 2015 11:13:40 +0000 (13:13 +0200)]
ip-route man: add usage and description for lwtunnel encap attributes

This patch updates ip-route man page with lwtunnel encap
usage and description, covering MPLS and IP encapsulation.

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Jiri Benc <jbenc@redhat.com>
8 years agolwtunnel: Add encapsulation support to ip route
Roopa Prabhu [Thu, 15 Oct 2015 11:13:39 +0000 (13:13 +0200)]
lwtunnel: Add encapsulation support to ip route

This patch adds support to parse and print lwtunnel
encapsulation attributes attached to routes for MPLS
and IP tunnels.

example:
Add ipv4 route with mpls encap attributes:

Examples:

  MPLS:
  $ ip route add 40.1.2.0/30 encap mpls 200 via inet 40.1.1.1 dev eth3
  $ ip route show
  40.1.2.0/30  encap mpls 200 via 40.1.1.1 dev eth3

  Add ipv4 multipath route with mpls encap attributes:
  $ ip route add 10.1.1.0/30 nexthop encap mpls 200 via 10.1.1.1 dev eth0 \
    nexthop encap mpls 700 via  40.1.1.2 dev eth3
  $ ip route show
  10.1.1.0/30
    nexthop encap mpls 200  via 10.1.1.1  dev eth0 weight 1
    nexthop encap mpls 700  via 40.1.1.2  dev eth3 weight 1

  IP:
  $ ip route add 10.1.1.1/24 encap ip id 200 dst 20.1.1.1 dev vxlan0

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Jiri Benc <jbenc@redhat.com>
8 years agoadd tunnel header files from net-next uapi
Stephen Hemminger [Fri, 16 Oct 2015 23:07:03 +0000 (16:07 -0700)]
add tunnel header files from net-next uapi

Files needed for new lwtunnel code.

8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Fri, 16 Oct 2015 23:03:32 +0000 (16:03 -0700)]
Merge branch 'master' into net-next

8 years agoip-address: fix oneline mode for interfaces with VF
Phil Sutter [Fri, 16 Oct 2015 10:38:33 +0000 (12:38 +0200)]
ip-address: fix oneline mode for interfaces with VF

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip monitor neigh: Change 'delete' to 'Deleted' to be consistent with ip route
Roopa Prabhu [Thu, 15 Oct 2015 18:47:43 +0000 (11:47 -0700)]
ip monitor neigh: Change 'delete' to 'Deleted' to be consistent with ip route

It helps to grep for one string "Deleted" when monitoring all events.

Fixes: 6ea3ebafe077 ("iproute2: inform user when a neighbor is removed")
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
8 years agolibnetlink: introduce rta_nest and u8, u16, u64 helpers for nesting within rtattr
Roopa Prabhu [Thu, 15 Oct 2015 11:13:38 +0000 (13:13 +0200)]
libnetlink: introduce rta_nest and u8, u16, u64 helpers for nesting within rtattr

This patch introduces two new api's rta_nest and rta_nest_end to
nest attributes inside a rta attribute represented by 'struct rtattr'
as required to construct a nexthop. Also adds rta_addattr* variants
for u8, u16 and u64 as needed to support encapsulation.

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Jiri Benc <jbenc@redhat.com>
8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Mon, 12 Oct 2015 16:50:46 +0000 (09:50 -0700)]
Merge branch 'master' into net-next

8 years agofix "ss -p" segfaults
willy tarreau [Tue, 6 Oct 2015 10:09:33 +0000 (12:09 +0200)]
fix "ss -p" segfaults

I've updated Jose's patch to make it slightly simpler (eg: calloc instead
of malloc+memset), and ported it to 4.2.0 which requires it as well, and
attached it to this e-mail.

I can confirm that with this patch 4.1.1 doesn't segfault on me anymore.
The commit message should be reworked I guess though everything's in it
and I didn't want to modify his description.

Can it be merged as-is or should I reword the commit message and reference
Jose as the fix reporter ? We should not let this bug live forever.

From: "j.ps@openmailbox.org" <j.ps@openmailbox.org>

Essentially all that is needed to get rid of this issue is the
addition of:

    memset(u, 0, sizeof(*u));

after:

    if (!(u = malloc(sizeof(*u))))
            break;

Also patched some other situations (strcpy and sprintf uses) that
potentially produce the same results.

Signed-off-by: Jose P Santos <j.ps@openmailbox.org>
[ wt: made Jose's patch slightly simpler, all credits to him for the diag ]
Signed-off-by: Willy Tarreau <w@1wt.eu>
8 years agoman: ip-link: document MACVLAN/MACVTAP interface types
Phil Sutter [Fri, 25 Sep 2015 12:09:51 +0000 (14:09 +0200)]
man: ip-link: document MACVLAN/MACVTAP interface types

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip: macvlan: support MACVLAN_FLAG_NOPROMISC flag
Phil Sutter [Fri, 25 Sep 2015 12:09:50 +0000 (14:09 +0200)]
ip: macvlan: support MACVLAN_FLAG_NOPROMISC flag

This flag is allowed for devices in passthru mode to prevent forcing the
underlying interface into promiscuous mode.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agoip: link: consolidate macvlan and macvtap
Phil Sutter [Fri, 25 Sep 2015 12:09:49 +0000 (14:09 +0200)]
ip: link: consolidate macvlan and macvtap

After eliminating the minor differences in both files which existed
solely because features/fixes were applied to only one of them and not
the other, the remaining differences were in function naming and error
messages. The latter is addressed by using the 'id' field of struct
link_util.

Fold both files into one in order to share common code and eliminate the
chance of having fixes/enhancements applied to only one of them.

Signed-off-by: Phil Sutter <phil@nwl.cc>
8 years agom_bpf: don't require default opcode on ebpf actions
Daniel Borkmann [Thu, 8 Oct 2015 13:22:05 +0000 (15:22 +0200)]
m_bpf: don't require default opcode on ebpf actions

After the patch, the most minimal command to load an eBPF action
for late binding with auto index selection through tc is:

  tc actions add action bpf obj prog.o

We already set TC_ACT_PIPE in tc as default opcode, so if nothing
further has been specified, just use it. Also, allow "ok" next to
"pass" for matching cmdline on TC_ACT_OK.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
8 years agoip neigh: Add ifindex to request when filtering dumps by device
David Ahern [Wed, 7 Oct 2015 17:23:24 +0000 (10:23 -0700)]
ip neigh: Add ifindex to request when filtering dumps by device

Add ifindex to dump request when filtering by device. If the kernel
supports it adding the index to the request limits the amount of data
the kernel pushes to userpsace.

The feature exists in userspace already, so no need to warn the user
if kernel side support does not exist. Using the kernel side filter
makes the request more efficient.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
8 years agof_bpf: allow for optional classid and add flags
Daniel Borkmann [Fri, 25 Sep 2015 10:32:41 +0000 (12:32 +0200)]
f_bpf: allow for optional classid and add flags

When having optional classid, most minimal command can be sth
like:

  tc filter add dev foo parent X: bpf obj prog.o

Therefore, adapt the code so that a next argument will not be
enforced as the case currently.

Also, minor cleanup on the classid, where we should rather
have used addattr32(), and add flags for exec configuration,
for example (using short notation):

  tc filter add dev foo parent X: bpf da obj prog.o

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
8 years agoip neigh: Add support for filtering dumps by master device
David Ahern [Fri, 2 Oct 2015 16:42:27 +0000 (09:42 -0700)]
ip neigh: Add support for filtering dumps by master device

Add support for filtering neighbor dumps by master device. Kernel side
support provided by commit 21fdd092acc7. Since the feature is not
available in older kernels the user is given a warning message if the
kernel does not support the request.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
8 years agoupdate kernel headers for net-next
Stephen Hemminger [Mon, 12 Oct 2015 16:32:44 +0000 (09:32 -0700)]
update kernel headers for net-next

8 years agoMerge branch 'master' into net-next
Stephen Hemminger [Mon, 12 Oct 2015 16:32:14 +0000 (09:32 -0700)]
Merge branch 'master' into net-next

8 years agoip, bridge: document -timestamp option
Satish Ashok [Mon, 12 Oct 2015 16:28:55 +0000 (09:28 -0700)]
ip, bridge: document -timestamp option

This patch documents bridge and ip -timestamp option

Signed-off-by: Satish Ashok <sashok@cumulusnetworks.com>
8 years agobridge: add batch command support
Wilson Kok [Sun, 11 Oct 2015 21:03:03 +0000 (14:03 -0700)]
bridge: add batch command support

This patch adds support to batch bridge commands.
Follows ip batch code.

Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Acked-by: Christophe Gouault <christophe.gouault@6wind.com>
8 years agoupdate kernel headers
Stephen Hemminger [Mon, 12 Oct 2015 16:22:29 +0000 (09:22 -0700)]
update kernel headers

8 years agobatch: support quoted strings
Christophe Gouault [Fri, 2 Oct 2015 09:59:37 +0000 (11:59 +0200)]
batch: support quoted strings

Support quoting strings with " or ' in an iproute2 batch file.

Enables to configure empty crypto keys (for ESP-null) or keys with
spaces:

    xfrm state add src 1.1.1.1 dst 2.2.2.2 proto ah spi 0x1 \
        mode tunnel auth hmac(sha1) "r4ezR/@kd6'749f2 6zf$"

    xfrm state add src 5.5.5.5 dst 2.2.2.2 proto esp spi 0x2 \
        mode tunnel enc cipher_null ""

Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
8 years agoip: allow using a device "help" (or a prefix thereof)
Christoph Schulz [Fri, 25 Sep 2015 06:44:07 +0000 (08:44 +0200)]
ip: allow using a device "help" (or a prefix thereof)

Device names that match "help" or a prefix thereof should be allowed anywhere
a device name can be used. Note that a suitable keyword ("dev" or "name", the
latter for "ip tunnel") has to be used in these cases to resolve ambiguities.

Signed-off-by: Christoph Schulz <develop@kristov.de>
Reported-by: Leonhard Preis <leonhard@pre.is>
Reported-by: Wilhelm Wijkander <lists@0x5e.se>
8 years agoadd tipc manpages to Makefile
Stephen Hemminger [Wed, 7 Oct 2015 09:33:39 +0000 (10:33 +0100)]
add tipc manpages to Makefile

8 years agotipc: add man pages
Richard Alpe [Fri, 2 Oct 2015 08:15:21 +0000 (10:15 +0200)]
tipc: add man pages

This patch adds man pages for the TIPC tool. There is one main page
and one page for each top level sub-command. These pages mainly aims
to help a user of the tipc tool. In addition to this they describe
a bit about what TIPC is and some of its features as a protocol.

Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
9 years agofq: fix whitespace
Stephen Hemminger [Fri, 25 Sep 2015 19:40:00 +0000 (12:40 -0700)]
fq: fix whitespace