Phil Sutter [Tue, 22 Mar 2016 18:35:13 +0000 (19:35 +0100)]
color: introduce color helpers and COLOR_CLEAR
This adds two helper functions which map a given data field to a color,
so color_fprintf() statements don't have to be duplicated with only a
different color value depending on that data field's value. In order for
this to work in a generic way, COLOR_CLEAR has been added to serve as a
fallback default of uncolored output.
Phil Sutter [Tue, 22 Mar 2016 14:48:39 +0000 (15:48 +0100)]
man: tc-vlan.8: Describe CONTROL option
This should be made generic and part of a common tc-actions man page.
Though leave it here for now to not confuse readers of the example which
uses it.
Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Tue, 22 Mar 2016 14:48:36 +0000 (15:48 +0100)]
man: tc-police.8: Emphasize on the two rate control mechanisms
As Jamal pointed out, there are two different approaches to bandwidth
measurement. Try to make this clear by separating them in synopsis and
also documenting the way to fine-tune avrate.
Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Tue, 22 Mar 2016 14:48:33 +0000 (15:48 +0100)]
tc: connmark, pedit: Rename BRANCH to CONTROL
As Jamal suggested, BRANCH is the wrong name, as these keywords go
beyond simple branch control - e.g. loops are possible, too. Therefore
rename the non-terminal to CONTROL instead which should be more
appropriate.
Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Tue, 22 Mar 2016 14:16:24 +0000 (15:16 +0100)]
testsuite: add a test for tc pedit action
This is not a full test, since kernel functionality is not actually
tested. It only compares that the kernel returned values when listing
the action are what one expects them to be.
Since this test succeeded on both a little-endian and a big-endian
system, it shows that any endianness issues have been resolved in
tc/p_ip.c at least.
Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Tue, 22 Mar 2016 14:16:22 +0000 (15:16 +0100)]
tc: pedit: Fix for big-endian systems
This was tricky to get right:
- The 'stride' value used for 8 and 16 bit values must behave inverse to
the value's intra word offset to work correctly with big-endian data
act_pedit is editing.
- The 'm' array's values are in host byte order, so they have to be
converted as well (and the ordering was just inverse, for some
reason).
- The only sane way of getting this right is to manipulate value/mask in
host byte order and convert the output.
- TIPV4 (i.e. 'munge ip src/dst') had it's own pitfall: the address
parser converts to network byte order automatically. This patch fixes
this by converting it back before calling pack_key32, which is a hack
but at least does not require to implement a completely separate code
flow.
Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
bridge: mdb: add support for extended router port information
Recently a new temp router port mode was added and with it the dumped
information was extended similar to how mdb entries were done. This
patch adds support to dump the new information by using the "-s" switch.
Example:
$ bridge -d -s mdb show
dev br0 port eth1 grp ff02::1:ffbf:5716 temp 234.39
dev br0 port eth1 grp 239.0.0.2 temp 97.17
dev br0 port eth1 grp 239.0.0.3 temp 105.36
router ports on br0: eth1 0.00 permanent
router ports on br0: eth2 254.87 temp
It also updates the bridge man page.
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Phil Sutter [Wed, 2 Mar 2016 11:20:30 +0000 (12:20 +0100)]
tc: pedit: Fix parse_cmd()
This was horribly broken:
* pack_key8() and pack_key16() ...
* missed to invert retain value when applying it to the mask,
* did not sanitize val by ANDing it with retain,
* and ignored the mask which is necessary for 'invert' command.
* pack_key16() did not convert mask to network byte order.
* Changing the retain value for 'invert' or 'retain' operation seems
just plain wrong.
* While here, also got rid of unnecessary offset sanitization in
pack_key32().
* Simplify code a bit by always assigning the local mask variable to
tkey->mask before calling any of the pack_key*() variants.
Phil Sutter [Wed, 2 Mar 2016 11:20:29 +0000 (12:20 +0100)]
tc: pedit: Fix layered op parsing
After lookup of the layered op submodule, pedit would pass argv and argc
including the layered op identifier at first position which confused the
submodule parser. Fix this by calling NEXT_ARG() before calling the
parse_peopt() callback.
Phil Sutter [Fri, 4 Mar 2016 18:57:28 +0000 (19:57 +0100)]
libnetlink: Double the dump buffer size
There have been reports about 'ip addr' printing "Message truncated" on
systems with large numbers of VFs. Although I haven't been able to get
my hands on hardware suitable to reproduce this, increasing the dump
buffer has been reported to resolve the issue. For want of a better
idea, just double the buffer size to 32k.
Feels like this opportunistic buffer size selection is rather
workarounding a design flaw in libnetlink or maybe even the netlink
protocol itself.
Phil Sutter [Wed, 2 Mar 2016 15:56:27 +0000 (16:56 +0100)]
ifstat, nstat: fix daemon mode
Since the relevant code (and it's bugs) is identical in both files, fix
them in one go. This patch fixes multiple issues:
* Using 'int' for the 'tdiff' variable does not suffice on 64bit
systems, the assigned initial time difference makes it wrap and
contain a negative value afterwards. Instead use the more appropriate
'time_t' type.
* As far as I understood the code, poll() is supposed to time out just
at the right time to trigger update_db() in the configured interval.
Therefore it's timeout must be set to the desired interval *minus* the
time that has already passed since then.
* With the last change to the algorithm in place, it does not make sense
to call update_db() before returning data to the connected client.
Actually, it never does otherwise we could skip the periodic updates
in the first place.
Phil Sutter [Fri, 4 Mar 2016 19:07:21 +0000 (20:07 +0100)]
ipneigh: List all nud states in help output
To not make the output overly confusing, list them in a definition of
the STATE placeholder which is already used in the show/flush syntax but
wasn't explained before.
Phil Sutter [Fri, 4 Mar 2016 11:52:40 +0000 (12:52 +0100)]
man: ip-route: Make synopsis consistent with description
While the synopsis section contains 'ip route list', it is later
described as 'ip route show'. Make this consistent by replacing 'list'
with 'show' in synopsis.
Phil Sutter [Wed, 2 Mar 2016 18:20:08 +0000 (19:20 +0100)]
man: ip-*.8: drop any reference to generic ip options
Listing generic 'ip' options in subcommand man pages is redundant and
error-prone, as they won't be kept in sync anyway. Since many other man
pages don't list them either, drop references to them in the remaining
ones.
Phil Sutter [Wed, 2 Mar 2016 18:20:07 +0000 (19:20 +0100)]
man: ip-l2tp.8: Fix BNF syntax
The 'ADDR' part of 'local' and 'remote' parameters is not optional, but
may also consist of the word 'any'. While at it, add missing whitespace
and fix fonts.
Phil Sutter [Wed, 2 Mar 2016 18:20:03 +0000 (19:20 +0100)]
man: ip-token.8: Review synopsis section
Drop unnecessary curly braces around single action keywords, point out
that 'dev' parameter to 'ip token get' is optional and clarify that 'ip
token' defaults to 'list' action.
Phil Sutter [Wed, 2 Mar 2016 18:20:02 +0000 (19:20 +0100)]
man: ip-rule.8: Review synopsis section
Clarify that 'ip rule' defaults to action 'list', that 'flush' and
'save' actions don't accept additional parameters, add missing 'not' and
'goto' keywords and finally fix fonts used in 'fwmark' and 'realms'
parameters.
Phil Sutter [Wed, 2 Mar 2016 18:20:01 +0000 (19:20 +0100)]
man: ip-ntable.8: Review synopsis section
The first line contained a c'n'p error, incorrectly listing 'ip address'
syntax. Since PARAMS is used just once and there are not many other
parameters to 'ip ntable change', state them inline and in addition to
that clarify the possibility to pass multiple parameters at once.
Phil Sutter [Wed, 2 Mar 2016 18:19:58 +0000 (19:19 +0100)]
man: ip-link.8: Fix and improve synopsis
Reflect that it is possible to pass multiple parameters at the same
time, also use the same trick the help text uses to emphasize vf
specific parameters.
Phil Sutter [Wed, 2 Mar 2016 18:19:56 +0000 (19:19 +0100)]
man: ip-address.8: Minor syntax fixes
Clarify that the optional '-' prefix of the 'tentative', 'deprecated'
and 'dadfailed' keywords has to be put right in front of them, no
whitespace is allowed in between.
In addition to that, clarify that it is valid to pass both 'valid_lft'
and 'preferred_lft' at the same time to 'ip address'.
Phil Sutter [Wed, 2 Mar 2016 18:19:54 +0000 (19:19 +0100)]
iproute: TYPE keyword is not optional, fix help text accordingly
This is a bit pedantic, but brackets ([]) show optional values and since
TYPE must not become empty, they're not suited to surround the type
keyword choices. Use curly braces instead.
Also add some missing whitespace to the parameter list above.
Phil Sutter [Wed, 2 Mar 2016 18:19:49 +0000 (19:19 +0100)]
ip: align help text with manpage
Although the ip command accepts both "neighbor" and "neighbour" as
subcommand, I assume it's sufficient to list it in help text as just
"neigh" like ip.8 does.
bridge: mdb: add user-space support for extended attributes
Recently support was added to the kernel to be able to add more per-mdb
entry attributes via standard netlink attributes of type MDBA_MDB_EATTR_.
This patch adds support to iproute2 to parse and output these
attributes. The first exported attribute is the mdb "timer" value which
is shown only when the "-s" iproute2 arg is used.
Example:
$ bridge -s mdb show
dev br0 port eth1 grp 239.0.0.11 permanent 0.00
dev br0 port eth1 grp 239.0.0.10 temp 244.15
dev br0 port eth1 grp 239.0.0.1 temp 245.21
dev br0 port eth1 grp 239.0.0.5 temp 246.43
dev br0 port eth2 grp 239.0.0.5 temp 248.44
dev br0 port eth1 grp 239.0.0.2 temp 245.32
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Phil Sutter [Thu, 25 Feb 2016 12:07:35 +0000 (13:07 +0100)]
iprule: Align help text with man page synopsis
The help text was misleading: One could think it is possible to list
rules by selector, which would be nice but isn't. This change also
clarifies that 'ip rule' defaults to 'list' if no further arguments are
given.
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0 vf 1 trust on
To untrust VF.
# ip link set dev eth0 vf 1 trust off
Roopa Prabhu [Sat, 20 Feb 2016 05:34:52 +0000 (21:34 -0800)]
bridge: add support for dynamic fdb entries
This patch is a follow up to the recently added
'static' fdb option.
It introduces a new option 'dynamic' which adds
dynamic fdb entries with NUD_REACHABLE.
$bridge fdb add 00:01:02:03:04:06 dev eth0 master dynamic
$bridge fdb show
00:01:02:03:04:06 dev eth0
This patch also documents all fdb types. Removes 'temp'
from usage message since it is now replaced by 'static'.
'temp' still works and is synonymous with static.
Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
htb: remove printing of a deprecated overhead value
Remove printing according to the previously used encoding of mpu and
overhead values within the tc_ratespec's mpu field. This encoding is
no longer being used as a separate 'overhead' field in the ratespec
structure has been introduced.
Export all the read-only values that get returned about a bridge port
such as the timers, the ids, designated_port and cost,
topology_change_ack and config_pending. For the bridge ids the
br_dump_bridge_id function is exported from iplink_bridge.
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
netns: Fix an off-by-one strcpy() in netns_map_add().
netns_map_add() does a malloc of (sizeof (struct nsid_cache) +
strlen(name)) and then proceed with strcpy() of name into the
zero-length member at the end of the nsid_cache structure. The
nul-terminator is written outside of the allocated memory and may
overwrite the allocator's internal structure.
This can trigger a segmentation fault on i386 uclibc with names of size 8:
after the corruption occurs, the call to closedir() on netns_map_init()
crashes while freeing the DIR structure.
Here is the relevant valgrind output:
==1251== Memcheck, a memory error detector
==1251== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1251== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright
info
==1251== Command: ./ip netns
==1251==
==1251== Invalid write of size 1
==1251== at 0x4011975: strcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1251== by 0x8058B00: netns_map_add (ipnetns.c:181)
==1251== by 0x8058E2A: netns_map_init (ipnetns.c:226)
==1251== by 0x8058E79: do_netns (ipnetns.c:776)
==1251== by 0x804D9FF: do_cmd (ip.c:110)
==1251== by 0x804D814: main (ip.c:300)
Support for the new rx_nohandler statistic.
This code is designed to handle the case where the kernel reported statistic
structure is smaller than the larger structure in later releases (and vice versa).
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>