In recent kernels, net_device_stats is not exposed and the code
shoulf have used rt_link_statistics. Also, fix use of sprintf
with user supplied value.
Eric Dumazet [Wed, 21 Jul 2010 09:42:50 +0000 (11:42 +0200)]
ip: add RTA_MARK support
Adds support for RTA_MARK rt attribute added in linux-2.6.36
$ ip route get ADDR mark 4
192.168.20.110 dev eth1 src 192.168.20.108 mark 4
cache mtu 1500 advmss 1460 hoplimit 64
$ ip route get 192.168.20.108 from ADDR iif STRING mark 256
local 192.168.20.108 from 192.168.20.110 dev lo src 192.168.20.108 mark 0x100
cache <local,src-direct> iif eth1
$ ip route list cache [ADDR] mark NUMBER
Hexadecimal output if mark >= 16
null marks are not displayed.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
tc: make symbols loaded from tc action modules global.
Fixes problems with xtables based MARK target ("ipt" module).
When tc loads the "ipt" (xt) module it kept the symbols local,
this made loading of libxtables not find the required struct.
currently ipt/xt is the only tc action module.
iproute2 never seem to do dlclose.
hopefully the modules doesn't export more symbols then needed.
In this situation hopefully the RTLD_GLOBAL flag won't hurt us.
I've been using this patch in the Debian package of iproute for
the last 3 weeks and noone has complained.
( This fixes http://bugs.debian.org/584898 )
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Steve Fink [Wed, 9 Jun 2010 18:42:38 +0000 (11:42 -0700)]
ss -p is much too slow
> On closer inspection, it appears that ss -p does a quadratic scan. It
> rescans every entry in /proc/*/fd/* repeatedly (once per listening
> port? per process? I don't remember what I figured out.)
>
> I humbly suggest that this is not a good idea.
Yep, this is junk. Please give this patch a try:
ss: Avoid quadradic complexity with '-p'
Scan the process list of open sockets once, and store in a hash
table to be used by subsequent find_user() calls.
Reported-by: Steve Fink <sphink@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Mike Frysinger [Wed, 9 Jun 2010 14:52:09 +0000 (14:52 +0000)]
netem: fix installs of dist files
The tc program searches LIBDIR by default for the .dist files, and that
defaults to /usr/lib. But the netem subdir has /lib/ hardcoded which
means the default build+install results in the files not being found.
Further, these are plain text files which are read at runtime, so it
doesn't make sense to give them executable bits.
Mike Frysinger [Wed, 9 Jun 2010 14:52:41 +0000 (14:52 +0000)]
dnet: fix strict aliasing warnings
Recent gcc doesn't like it when you cast char pointers to uint16_t
pointers and then dereference it. So use memcpy() instead and let
gcc take care of optimizing things away (when appropriate). This
should also fix alignment issues on arches where gcc packs the char
pointer tighter than 16bits.
Petr Lautrbach [Mon, 14 Jun 2010 03:36:28 +0000 (03:36 +0000)]
iproute: fix tc generating ipv6 priority filter
This patch adds ipv6 filter priority/traffic class function
static int parse_ip6_class(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
shifting filter value to 5th bit and ignoring "at" as header position
is exactly given.
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Mike Frysinger [Wed, 9 Jun 2010 14:52:03 +0000 (14:52 +0000)]
tc: revert "echo" in install target
The recent commit "iproute2: add option to build m_xt as a tc module"
(ab814d635529787) looks like it wrongly included debug changes in the
install target. So drop the `echo` so the tc binary actually gets
installed again.
Ben Greear [Thu, 15 Jul 2010 22:48:10 +0000 (15:48 -0700)]
iproute2: Fix batch-mode for mrules.
The do_multirule logic was broken in batch mode because
it expected the preferred_family to be AF_INET or AF_INET6,
but it then assigned it to RTNL_FAMILY_IPMR or RTNL_FAMILY_IP6MR.
So, the next iteration of the batch processing, it failed
the check for AF_INET or AF_INET6.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Jan Engelhardt [Thu, 11 Mar 2010 10:00:34 +0000 (10:00 +0000)]
Add IFLA_STATS64 support
`ip -s link` shows interface counters truncated to 32 bit. This is
because interface statistics are transported only in 32-bit quantity
to userspace. This commit adds recognition for the new IFLA_STATS64
attribute that exports them in full 64 bit.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Chris Wright [Tue, 18 May 2010 07:57:00 +0000 (00:57 -0700)]
iproute2: rework SR-IOV VF support
The kernel interface changed just before 2.6.34 was released. This brings
iproute2 in line with the current changes. The VF portion of setlink is
comprised of a set of nested attributes.
When building on an old environment, the flex generated
tc/emp_ematch.lex.c file would not compile. The error given was:
emp_ematch.lex.c:1686: error: expected â\80\98;â\80\99, â\80\98,â\80\99 or â\80\98)â\80\99 before numeric constant
The emp_ematch.l uses 'str' as a start symbol name, and flex would create
a '#define str 1' statement. This particular version of flex,
unfortunately, used 'str' as names of string variables in the generated
parser functions. This is line 1686 in the generated file:
iproute2: detect iptables modules dir in configure.
Try to automatically detect iptables modules directory.
Make the configure script look for iptables modules.
This also makes it possible to specify it on the
command line while building via "make IPT_LIB_DIR=/foo/bar".
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
iproute2: netlink support for bus-error reporting and counters
This patch uses the new features of the kernel's netlink CAN interface
making the bus-error reporting configurable and allowing to retrieve
the CAN TX and RX bus error counters via netlink interface. Here is the
output of my test session showing how to use them:
# ip link set can0 up type can bitrate 500000 berr-reporting on
# ip -d -s link show can0
2: can0: <NOARP,UP,LOWER_UP,ECHO> mtu 16 qdisc pfifo_fast state UNKNOWN qlen 10
link/can
can <BERR-REPORTING> state ERROR-PASSIVE (berr-counter tx 128 rx 0) restart-ms 0
CAN bus error counter values ^^^^^^^^^^^
bitrate 500000 sample-point 0.875
tq 125 prop-seg 6 phase-seg1 7 phase-seg2 2 sjw 1
sja1000: tseg1 1..16 tseg2 1..8 sjw 1..4 brp 1..64 brp-inc 1
clock 8000000
re-started bus-errors arbit-lost error-warn error-pass bus-off
0 54101 0 1 1 0
RX: bytes packets errors dropped overrun mcast
432808 54101 54101 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
# ifconfig can0 down
# ip link set can0 up type can berr-reporting off
# candump -t d any,0:0,#FFFFFFFF
(0.000000) can0 20000004 [8] 00 08 00 00 00 00 60 00 ERRORFRAME
(0.000474) can0 20000004 [8] 00 20 00 00 00 00 80 00 ERRORFRAME
^^ ^^
\ \___ rxerr
\_____ txerr
Furthermore, the missing support for one-shot mode has been added.
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
libnetlink: Modify the parser to track first duplicated attributes
Modify the parser to keep track of the first of any duplicated attributes,
instead of the last. This is required for VF configuration reporting, where
multiple attributes of the same type are added sequentially.
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
laurent chavey [Tue, 15 Dec 2009 13:05:15 +0000 (13:05 +0000)]
Add initrwnd to iproute2
Add initrwnd option parsing to iproute. This option uses the new
rtnetlink init_rcvwnd to set the TCP initial receive window size
advertised by passive and active TCP connections.
This adds the required changes to gain access to
the head drop classfull queuing discipline named
pfifo_head_drop. In difference to pfifo or pfifo_fast
this queuing discipline will drop the first packet
in the case of queue congestion. As a result the queue
contain always the freshest packets.
To replace the current a root queueing discipline
for eth0:
$ tc qdisc replace dev eth0 root pfifo_head_drop
And show statistics:
$ tc -s qdisc show dev eth0
Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Alexandre Cassen [Wed, 16 Dec 2009 02:38:29 +0000 (02:38 +0000)]
IPv6: 6rd iproute2 support
This patch provides iproute2 facilities to configure 6rd tunnel. To
configure a 6rd tunnel, you need to configure a sit tunnel and set
6rd prefix as following :
ip tunnel add sit1 mode sit local a.b.c.d ttl 64
ip tunnel 6rd dev sit1 6rd-prefix xxxx:yyyy::/z
Brian Haley [Mon, 14 Sep 2009 21:01:43 +0000 (17:01 -0400)]
ip: print "temporary" for IPv6 temp addresses
IPv6 addresses that have IFA_F_SECONDARY set are actually temporary addresses,
hence the IFA_F_TEMPORARY equivalent. Change the output in this case and
allow filtering on the word "temporary".
Currently you can configure "equalize" and it looks all fine and dandy.
The kernel has the interface defined, but apparently there's never actually
been any implementation for it (only a never merged patch in the 2.4 era).
I'm suggesting to drop the code to give any potential users of this feature
the benefit of receiving a proper error message. I see it unlikely that
this will be implemented in the near future, but if it ever happens
reviving the iproute2 side should be as easy as git revert this patch.
For more details see http://bugs.debian.org/149897
Arnd Bergmann [Sat, 26 Dec 2009 19:22:57 +0000 (11:22 -0800)]
iproute2/iplink: add macvlan options for bridge mode
Macvlan can now optionally support forwarding between its
ports, if they are in "bridge" mode. This adds support
for this option to "ip link add", "ip link set" and "ip
-d link show".
The default mode in the kernel is now "vepa" mode, meaning
"virtual ethernet port aggregator". This mode is used
together with the "hairpin" mode of an ethernet bridge
that the parent of the macvlan device is connected to.
All frames still get sent out to the external interface,
but the adjacent bridge is able to send them back on
the same wire in hairpin mode, so the macvlan ports
are able to see each other, which the bridge can be
configured to monitor and control traffic between
all macvlan instances. Multicast traffic coming in
from the external interface is checked for the source
MAC address and only delivered to ports that have not
yet seen it.
In bridge mode, macvlan will send all multicast traffic
to other interfaces that are also in bridge mode but
not to those in vepa mode, which get them on the way
back from the hairpin.
The third supported mode is "private", which prevents
communication between macvlans even if the adjacent
bridge is in hairpin mode. This behavior is closer to
the original implementation of macvlan but stricly
maintains isolation.
Patrick McHardy [Thu, 3 Dec 2009 20:07:14 +0000 (20:07 +0000)]
iprule: add oif classification support
David Miller wrote:
> From: Patrick McHardy <kaber@trash.net>
> Date: Mon, 30 Nov 2009 19:00:14 +0100
>
>> This patch contains iproute support for iprule oif classification
>> for the send-to-self RFC I just sent out.
>
> Patrick, you need to submit a new version of this patch with
> the FIB_RULE_* macro fixed, just like the kernel version got
> fixed.
Thanks for reminind me of this. New patch attached.
Split up in functions. Make XT checks bail if previous XT check
was successful.
This result improves the output of the configure script to not indicate
using iptables only because the last test failed (when previous ones could
have already succeded).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Simon Horman [Thu, 3 Dec 2009 01:08:27 +0000 (12:08 +1100)]
flush secondary addresses before primary ones
Unless promote_secondaries has been active deleting the primary address of
an interface will automatically delete all the secondary addresses.
In the case where ip flush requests the primary then secondary addresses to
be removed - which is the order the addresses are returned by the kernel -
this will cause an error as by the time the request to remove a secondary
address is made it will be missing as it will have been deleted in the
course of deleting the primary address.
This approach to solving this problem orders requests for the
deletion of secondary addresses before primary ones providing
rtnl_dump_filter_l(), a version of rtnl_dump_filter() that
iterates over a list of filters. And by providing two specialised
filters print_addrinfo_secondary() and print_addrinfo_primary().
rtnl_dump_filter_l() first iterates over all addresses using
print_addrinfo_secondary(), which appends secondary addresses to the
request buffer. Then again using print_addrinfo_primary() which appends
primary addresses.
This approach should work regardless of it promote_secondaries is
active or not. And regardless of if any primary of secondary addresses
are present or not.
Add new (iptables 1.4.5 compatible) tc/ipt/xt module.
Add a new cleaned up m_xt.c based on m_xt_old.c
The new m_xt.c has been updated to use the new names and new api
that xtables exposes in iptables 1.4.5.
All the old internal api cruft has also been dropped.
Additionally, a configure script test is added to check for
the new xtables api and set the TC_CONFIG_XT flag in Config.
(tc/Makefile already handles this flag in previous commit.)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Peter Palfrader said in http://bugs.debian.org/545008 that
"--help output, if explicitly requested, should go to stdout, not stderr."
which this patch fixes.
Additionally, the exit code was adjusted to success if help was
explicitly requested.
(Syntax error still outputs to stderr and has the same exit code.)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Patrick McHardy [Mon, 23 Nov 2009 11:03:41 +0000 (12:03 +0100)]
f_fw: fix compat mode
The kernel takes a lack of options as indication that the fw classifier
should operate in compatibility mode, where marks are mapped directly to
classids.
Commit e22b42a (tc mask patch) broke this by adding an empty TCA_OPTIONS
attribute even if no handle is specified. Restore the old behaviour.
The static libnetlink.a library is exposed to other users in Debian via the
"iproute-dev" package. Apparently people are interested in using it in their
shared libraries and would like to see the code be position independent.
Patch below makes the code under lib/ build with -fPIC.
See http://bugs.debian.org/547602
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
This shows 2 Oifs here. However, ipmroute.c, function read_mroute_list(), uses sscanf() with a %s mask for oiflist, which stops after the first whitespace (i.e. after Oif 0:1). The patch below fixes this to read until the newline (though I'm not sure whether this is the proper way to fix it).
After this patch:
mark@flappie:~/iproute-20090324/ip$ ./ip mroute show
(192.168.1.1, 224.0.0.123) Iif: _rename Oifs: eth1 eth0
This patch originally submitted as http://bugs.debian.org/550097
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
David Ward [Thu, 15 Oct 2009 18:53:13 +0000 (14:53 -0400)]
iproute2: Add ll_index_to_addr function
After calling ll_init_map, all of the information stored in the link-layer map
can be retrieved by function calls (ll_index_to_*), except for the link-layer
address. This patch fills the gap by adding a ll_index_to_addr function.
Changes welcome.
iproute2 add hoplimit parsing and update usage and documentation
- Parse and handle the hoplimit ip route option and add it to the usage
line and documentation.
- Add the missing reordering ip route option to the usage line.
- Add documentation for initcwnd ip route option.
Tested by setting hoplimit and retreiving it via "show".
Signed-off-by: Gilad Ben-Yossef <gilad@codefidence.com>
[ported to HEAD, fixed a bug with hoplimit lock handling, added documentation] Signed-off-by: Ori Finkelman <ori@comsleep.com> Signed-off-by: Yony Amit <yony@comsleep.com>
Mike Frysinger [Wed, 4 Nov 2009 04:26:34 +0000 (04:26 +0000)]
tc: remove dlfcn.h from files that dont need it
A bunch of source files look like they're copy & pasted from other files,
and some include header files that they don't actually need. Since dlfcn
has very specific usage (and is a pain on a static-only system), drop it
where it isn't really needed.
Mike Frysinger [Fri, 6 Nov 2009 11:09:22 +0000 (06:09 -0500)]
support static-only systems
The iptables code supports a "no shared libs" mode where it can be used
without requiring dlfcn related functionality. This adds similar support
to iproute2 so that it can easily be used on systems like nommu Linux (but
obviously with a few limitations -- no dynamic plugins).
Rather than modify every location that uses dlfcn.h, I hooked the dlfcn.h
header with stub functions when shared library support is disabled. Then
symbol lookup is done via a local static lookup table (which is generated
automatically at build time) so that internal symbols can be found.
Mike Frysinger [Fri, 6 Nov 2009 11:04:39 +0000 (06:04 -0500)]
arpd/ifstat/nstat/rtacct: use daemon()
A bunch of misc utils basically reimplement the daemon() function (the
whole fork/close/chdir/etc...). Rather than do that, use daemon() as
that will work under nommu Linux systems that lack fork().