Vivien Didelot [Wed, 20 Feb 2019 16:33:57 +0000 (11:33 -0500)]
bridge: make mcast_flood description consistent
This patch simply changes the description of the mcast_flood flag
with "flood" instead of "be flooded with" to avoid confusion, and be
consistent with the description of the flooding flag, which "Controls
whether a given port will *flood* unicast traffic for which there is
no FDB entry."
At the same time, fix the documentation for the "flood" flag which
is incorrectly described as "flooding on" or "flooding off".
Signed-off-by: Vivien Didelot <vivien.didelot@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Jiri Pirko [Thu, 21 Feb 2019 10:55:56 +0000 (11:55 +0100)]
devlink: relax dpipe table show dependency on resources
Dpipe table show command has a depencency on getting resources.
If resource get command is not supported by the driver, dpipe table
show fails. However, resource is only additional information
in dpipe table show output. So relax the dependency and let
the dpipe tables be shown even if resources get command fails.
Fixes: ead180274caf ("devlink: Add support for resource/dpipe relation") Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Matteo Croce [Wed, 13 Feb 2019 14:40:30 +0000 (15:40 +0100)]
iplink: document XDP subcommand to force the XDP mode.
When attaching an eBPF program to a device, ip link can force the XDP mode
by using the xdp{generic,drv,offload} keyword instead of just 'xdp'.
Document this behaviour also in the help output.
ss: add option --tos for requesting ipv4 tos and ipv6 tclass
Also show socket class_id/priority used by classful qdisc.
Kernel report this together with tclass since commit
("inet_diag: fix reporting cgroup classid and fallback to priority")
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Eric Dumazet [Wed, 13 Feb 2019 01:58:41 +0000 (17:58 -0800)]
lib/libnetlink: ensure a minimum of 32KB for the buffer used in rtnl_recvmsg()
In the past, we tried to increase the buffer size up to 32 KB in order
to reduce number of syscalls per dump.
Commit 2d34851cd341 ("lib/libnetlink: re malloc buff if size is not enough")
brought the size back to 4KB because the kernel can not know the application
is ready to receive bigger requests.
See kernel commits 9063e21fb026 ("netlink: autosize skb lengthes") and d35c99ff77ec ("netlink: do not enter direct reclaim from netlink_dump()")
for more details.
Fixes: 2d34851cd341 ("lib/libnetlink: re malloc buff if size is not enough") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Hangbin Liu <liuhangbin@gmail.com> Cc: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
As /sys/class/net/<iface>/speed indicates a value in Mbits/sec, the
conversion is necessary to create the correct limits.
This guarantees the same result for the following commands in an
1000Mbit/sec device:
tc class add ... htb rate 500Mbit
tc class add ... htb rate 50%
Fixes: 927e3cfb52b5 ("tc: B.W limits can now be specified in %.") Signed-off-by: Marcos Antonio Moraes <marcos.antonio@digirati.com.br> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Yonghong Song [Fri, 25 Jan 2019 00:41:07 +0000 (16:41 -0800)]
bpf: add btf func and func_proto kind support
The issue is discovered for bpf selftest test_skb_cgroup.sh.
Currently we have,
$ ./test_skb_cgroup_id.sh
Wait for testing link-local IP to become available ... OK
Object has unknown BTF type: 13!
[PASS]
In the above the BTF type 13 refers to BTF kind
BTF_KIND_FUNC_PROTO.
This patch added support of BTF_KIND_FUNC_PROTO and
BTF_KIND_FUNC during type parsing.
With this patch, I got
$ ./test_skb_cgroup_id.sh
Wait for testing link-local IP to become available ... OK
[PASS]
Signed-off-by: Yonghong Song <yhs@fb.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Ido Schimmel [Fri, 25 Jan 2019 17:09:17 +0000 (17:09 +0000)]
bridge: fdb: Fix FDB dump with strict checking disabled
While iproute2 correctly uses ifinfomsg struct as the ancillary header
when requesting an FDB dump on old kernels, it sets the message type to
RTM_GETLINK. This results in wrong reply being returned.
Chris Mi [Fri, 25 Jan 2019 10:37:07 +0000 (10:37 +0000)]
libnetlink: linkdump_req: AF_PACKET family also expects ext_filter_mask
Without this fix, the VF info can't be showed using command
"ip link".
146: ens1f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 24:8a:07:ad:78:52 brd ff:ff:ff:ff:ff:ff
vf 0 MAC 02:25:d0:12:01:01, spoof checking off, link-state auto, trust off, query_rss off
vf 1 MAC 02:25:d0:12:01:02, spoof checking off, link-state auto, trust off, query_rss off
Fixes: d97b16b2c906 ("libnetlink: linkdump_req: Only AF_UNSPEC family expects an ext_filter_mask") Signed-off-by: Chris Mi <chrism@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Luca Boccassi [Sat, 12 Jan 2019 12:28:56 +0000 (12:28 +0000)]
Makefile: check manpages for syntax errors
Pass the same parameters Lintian uses in Debian.
$ make check
<...>
Checking manpages for syntax errors...
<standard input>:48: warning: macro `Q' not defined
Error in tc-taprio.8
Makefile:27: recipe for target 'check' failed
Signed-off-by: Luca Boccassi <bluca@debian.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Dmitry V. Levin [Mon, 7 Jan 2019 22:37:15 +0000 (01:37 +0300)]
configure: fix typo in check_xt_old_internal_h
Fixes: 377a09902a57 ("configure: Minor code cleanup") Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Tobias Jungel [Sat, 5 Jan 2019 12:36:43 +0000 (13:36 +0100)]
ipneigh: print dst for AF_BRIDGE
In case a neighbour message is of family AF_BRIDE the NDA_DST attribute
was not printed so far. With this patch the family is evaluated to pass
the correct family to format_host_rta.
David Ahern [Mon, 7 Jan 2019 00:17:13 +0000 (16:17 -0800)]
libnetlink: linkdump_req is done for AF_BRIDGE as well
The bridge command 'vlan show' calls rtnl_linkdump_req_filter for
family AF_BRIDGE. Update rtnl_linkdump_req_filter to send the filter
for that family as well.
Fixes: d97b16b2c906 ("libnetlink: linkdump_req: Only AF_UNSPEC family expects an ext_filter_mask") Reported-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com> Tested-by: Ido Schimmel <idosch@mellanox.com>
David Ahern [Thu, 3 Jan 2019 00:33:42 +0000 (16:33 -0800)]
bridge: fdb: Fix filtering with strict checking disabled
Older kernels expect an ifinfomsg struct as the ancillary header, and
after kernel commit bd961c9bc664 ("rtnetlink: fix rtnl_fdb_dump() for ndmsg
header") can handle either ifinfomsg or ndmsg. Strict data checking only
allows ndmsg.
Use the new RTNL_HANDLE_F_STRICT_CHK flag to know which header to send.
Leon Romanovsky [Sun, 30 Dec 2018 13:34:09 +0000 (15:34 +0200)]
rdma: Fix incorrectly handled NLA validation
mnl_attr_type_valid() receives maximum attribute type, which means that
we were supposed to supply the latest valid netlink attribute and not
the number of attributes. Such coding mistake caused to failures while
NLA attributes were extended.
Fixes: 74bd75c2b68d ("rdma: Add basic infrastructure for RDMA tool") Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Eric Dumazet [Sat, 22 Dec 2018 06:53:35 +0000 (22:53 -0800)]
nstat: fix load_ugly_table() limits
A recent change reduced max line length from 4096 to 2048 bytes,
but we already have lines above the 2048 threshold, and we keep
adding more SNMP counters in linux.
Switch to getline() and do not worry about future kernel changes.
Fixes: da8034a01904 ("misc: avoid snprintf warnings in ss and nstat") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Ido Schimmel [Sun, 30 Dec 2018 17:14:54 +0000 (17:14 +0000)]
bridge: fdb: Use 'struct ndmsg' for FDB dumping
Since commit aea41afcfd6d ("ip bridge: Set NETLINK_GET_STRICT_CHK on
socket") iproute2 uses strict checking on kernels that support it. This
causes FDB dumping to fail [1], as iproute2 uses 'struct ifinfomsg'
whereas the kernel expects 'struct ndmsg'.
Note that with this change iproute2 continues to work on old kernels
that do not support strict checking, but contain the fix introduced in
kernel commit bd961c9bc664 ("rtnetlink: fix rtnl_fdb_dump() for ndmsg
header").
[1]
# bridge fdb show
[ 5365.137224] netlink: 4 bytes leftover after parsing attributes in process `bridge'.
Error: bytes leftover after parsing attributes.
Dump terminated
Fixes: aea41afcfd6d ("ip bridge: Set NETLINK_GET_STRICT_CHK on socket") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Michael Guralnik [Sun, 23 Dec 2018 11:24:19 +0000 (13:24 +0200)]
rdma: Add print of link CapabilityMask2 flags
CapabilityMask2 is defined in IBTA spec as a member of PortInfo.
Add translation to string of new CapabilityMask2 expansion of link caps.
The flags are concatenated to current caps print as seen in this example
printing EXT_INFO flag:
root@server-22 $ rdma -d link
1/1: mlx5_0/1: subnet_prefix fe80:0000:0000:0000 lid 2 sm_lid 2 lmc 0
state ACTIVE physical_state LINK_UP
caps: <SM, TRAP, SL_MAP, SYS_IMAGE_GUID, CABLE_INFO, EXTENDED_SPEEDS,
CAP_MASK2, CM, DEVICE_MGMT, VENDOR_CLASS, CAP_MASK_NOTICE,
CLIENT_REG, OTHER_LOCAL_CHANGES, MULT_PKER_TRAP, EXT_INFO>
Signed-off-by: Michael Guralnik <michaelgur@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: David Ahern <dsahern@gmail.com>
David Ahern [Fri, 5 Oct 2018 20:49:41 +0000 (13:49 -0700)]
ip bridge: Set NETLINK_GET_STRICT_CHK on socket
iproute2 has been updated for the new strict policy in the kernel. Add a
helper to call setsockopt to enable the feature. Add a call to ip.c and
bridge.c
The setsockopt fails on older kernels and the error can be safely ignored
- any new fields or attributes are ignored by the older kernel.
David Ahern [Wed, 19 Dec 2018 21:30:44 +0000 (13:30 -0800)]
ip address: Set device index in dump request
Add a filter function to rtnl_addrdump_req to set device index in the
address dump request if the user is filtering addresses by device. In
addition, add a new ipaddr_link_get to do a single RTM_GETLINK request
instead of a device dump yet still store the data in the linfo list.
David Ahern [Fri, 19 Oct 2018 22:41:39 +0000 (15:41 -0700)]
ip route: Add protocol, table id and device to dump request
Add protocol, table id and device to dump request if set in filter. If
kernel side filtering is supported it is used to reduce the amount of
data sent to userspace.
Older kernels do not parse attributes on a route dump request, so these
are silently ignored and ip will do the filtering in userspace.
David Ahern [Thu, 4 Oct 2018 21:12:39 +0000 (14:12 -0700)]
libnetlink: linkdump_req: Only AF_UNSPEC family expects an ext_filter_mask
Only AF_UNSPEC handled by rtnl_dump_ifinfo expects an ext_filter_mask
on a dump request. Update the linkdump request functions to only set
and send ext_filter_mask for AF_UNSPEC.
David Ahern [Fri, 19 Oct 2018 22:34:44 +0000 (15:34 -0700)]
libnetlink: Use NLMSG_LENGTH to set nlmsg_len
Change nlmsg_len from sizeof(req) to use NLMSG_LENGTH on the header.
2 of the inner headers are not 4-byte aligned, so add a 0-length buf
after the header with the __aligned(NLMSG_ALIGNTO) to ensure the size
of the request is large enough. Use NLMSG_ALIGN in NLMSG_LENGTH to set
nlmsg_len.
Petr Vorel [Tue, 18 Dec 2018 19:29:04 +0000 (20:29 +0100)]
testsuite: Fix colorize
bash and dash require for escape sequence to use 'echo -e' or printf
(but working on zsh). Choosing printf as it's implementation is IMHO
more portable than echo implementations.
dash also require to use \033[0; as escape sequence instead of \e[0;
NOTE: \e[0; kept in lib/color.c as it's not problematic for C code
(working when run ip on various shells).
Fixes: 7e2f71b4 ("testsuite: colorize test result output") Signed-off-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
While most distributions long ago switched to the iproute2 suite
of utilities, which allow class-e (240.0.0.0/4) address assignment,
distributions relying on busybox, toybox and other forms of
ifconfig cannot assign class-e addresses without this kernel patch.
While CIDR has been obsolete for 2 decades, and a survey of all the
open source code in the world shows the IN_whatever macros are also
obsolete... rather than obsolete CIDR from this ioctl entirely, this
patch merely enables class-e assignment, sanely.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The classifier testbed test never worked and was always being
skipped. It depended on some files it tests/cls which never made
it into the iproute2 git repository.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David Ahern <dsahern@gmail.com>
Luca Boccassi [Sun, 16 Dec 2018 20:55:40 +0000 (20:55 +0000)]
testsuite: remove gre kmods if the test loads them
The tunnel test leaves behind link devices created by the GRE kernel
modules:
$ ip -br link
...
gre0@NONE DOWN 0.0.0.0 <NOARP>
gretap0@NONE DOWN 00:00:00:00:00:00 <BROADCAST,MULTICAST>
erspan0@NONE DOWN 00:00:00:00:00:00 <BROADCAST,MULTICAST>
ip6tnl0@NONE DOWN :: <NOARP>
ip6gre0@NONE DOWN 00:00:00:00:
Check beforehand if the gre kernel module is loaded, and if not unload
them all at the end of the test. This should avoid causing problems if
a user is already using GRE for other purposes.
Signed-off-by: Luca Boccassi <bluca@debian.org> Reviewed-by: Petr Vorel <pvorel@suse.cz> Tested-by: Petr Vorel <pvorel@suse.cz> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Luca Boccassi [Sun, 16 Dec 2018 20:55:38 +0000 (20:55 +0000)]
testsuite: declare dependency between $(TESTS) and generate_nlmsg
Parallel make from the top level directory fails since tests are at the
same time as generate_nlmsg:
$ make check -j4
...
cd testsuite && make && make alltests
echo "Entering iproute2" && cd iproute2 && make configure && cd ..;
Entering iproute2
make -C tools
Removing results dir ...
make[1]: ./tools/generate_nlmsg: Command not found
make[1]: ./tools/generate_nlmsg: Command not found
Makefile:64: recipe for target 'ip/netns/set_nsid_batch.t' failed
make[1]: *** [ip/netns/set_nsid_batch.t] Error 127
make[1]: ./tools/generate_nlmsg: Command not found
make[1]: *** Waiting for unfinished jobs....
Makefile:64: recipe for target 'ip/netns/set_nsid.t' failed
make[1]: *** [ip/netns/set_nsid.t] Error 127
Makefile:64: recipe for target 'ip/link/show_dev_wo_vf_rate.t' failed
make[1]: *** [ip/link/show_dev_wo_vf_rate.t] Error 127
CC generate_nlmsg
Makefile:123: recipe for target 'check' failed
make: *** [check] Error 2
Add an explicit dependency in testuite/Makefile's $(TESTS) rule so
that the tool correctly gets compiled before any test runs.
Fixes: 3537633dcf44 ("testsuite: Generate generate_nlmsg when needed") Signed-off-by: Luca Boccassi <bluca@debian.org> Reviewed-by: Petr Vorel <petr.vorel@gmail.com> Tested-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Luca Boccassi [Sun, 16 Dec 2018 20:55:37 +0000 (20:55 +0000)]
Makefile: have check target depend on all
Otherwise it will simply fail immediately from a just-cleaned
workspace:
$ make check -j1
cd testsuite && make && make alltests
echo "Entering iproute2" && cd iproute2 && make configure && cd ..;
Entering iproute2
make -C tools
Makefile:3: ../../config.mk: No such file or directory
make[2]: *** No rule to make target '../../config.mk'. Stop.
Fixes: 8804a8c0d387 ("Makefile: Add check target") Signed-off-by: Luca Boccassi <bluca@debian.org> Reviewed-by: Petr Vorel <petr.vorel@gmail.com> Tested-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Syrone Wong [Wed, 12 Dec 2018 11:35:08 +0000 (19:35 +0800)]
tc: fix xtables incorrect usage of LDFLAGS
The incorrect setting of LDFLAGS causes error below:
> em_ipt.o: In function `em_ipt_print_epot':
> em_ipt.c:(.text.em_ipt_print_epot+0x2e): undefined reference to
> `xtables_init_all'
em_ipt.c gets involved when TC_CONFIG_XT=y, which requires xtables,
while tc/Makefile doesn't pass flags correctly. It adds '-lxtables'
to LDFLAGS instead of LDLIBS.
Fixes: dd296215 ("tc: add em_ipt ematch for calling xtables matches from tc matching context") Signed-off-by: Syrone Wong <wong.syrone@gmail.com> Acked-by: Eyal Birger <eyal.birger@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Leon Romanovsky [Tue, 11 Dec 2018 18:14:28 +0000 (20:14 +0200)]
rdma: Fix broken 32-bit compilation
Allow compilation of rdmatool on 32-bits platforms.
rdma
CC rdma.o
CC utils.o
CC dev.o
CC link.o
In file included from rdma.h:26:0,
from dev.c:12:
dev.c: In function 'dev_caps_tostr':
../include/utils.h:269:38: warning: left shift count >= width of type [-Wshift-count-overflow]
#define BIT(nr) (1UL << (nr))
^
rdma.h:32:61: note: in expansion of macro 'BIT'
#define RDMA_BITMAP_ENUM(name, bit_no) RDMA_BITMAP_##name = BIT(bit_no),
^~~
Fixes: 40df8263a0f0 ("rdma: Add dev object") Reported-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The argument to print_0xhex is converted to unsigned long long
so the format string give for normal printout has to be some
variant of %llx. Otherwise, bogus values will be printed on
32 bit platforms.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
On some 32 bit platforms, the printf was causing warning:
ipmacsec.c: In function ‘getattr_u64’:
ipmacsec.c:655:47: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘unsigned int’ [-Wformat=]
fprintf(stderr, "invalid attribute length %lu\n",
Resolve by computing length as size_t first.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Hoang Le [Thu, 6 Dec 2018 01:40:06 +0000 (08:40 +0700)]
tipc: fix misalignment printout in non-JSON output
In the commit 1304f50a5be0ed ("tipc: JSON support for showing nametable"),
introduced misalignment in the columns of the printout in non-JSON mode
compare to the list header. Add one space per column to make alignment
with the list header.
before:
$tipc name show
Type Lower Upper Scope Port Node
1 1 1 node 4071367628
after:
$tipc name show
Type Lower Upper Scope Port Node
1 1 1 node 4071367628
Reported-by: Jon Maloy <jon.maloy@ericsson.com> Acked-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Petr Machata [Tue, 4 Dec 2018 16:07:41 +0000 (16:07 +0000)]
libnetlink: Process further iovs on no error
When no error is reported in the first iov, do not prematurely return,
but process further iovs. This fixes batch processing.
Fixes: c60389e4f9ea ("libnetlink: fix leak and using unused memory on error") Signed-off-by: Petr Machata <petrm@mellanox.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Emeric Dupont [Mon, 3 Dec 2018 11:13:06 +0000 (12:13 +0100)]
iproute2: Installation errors without libmnl
When performing make install in iproute2 (current git master),
if $(HAVE_MNL) is not selected, some Makefiles try to call
install with an empty target, which causes a non-critical make error.
Signed-off-by: Emeric Dupont <emeric.dupont@zii.aero> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Amritha Nambiar [Tue, 27 Nov 2018 22:40:03 +0000 (14:40 -0800)]
tc: flower: Classify packets based port ranges
Added support for filtering based on port ranges.
UAPI changes have been accepted into net-next.
Example:
1. Match on a port range:
-------------------------
$ tc filter add dev enp4s0 protocol ip parent ffff:\
prio 1 flower ip_proto tcp dst_port 20-30 skip_hw\
action drop
$ tc -s filter show dev enp4s0 parent ffff:
filter protocol ip pref 1 flower chain 0
filter protocol ip pref 1 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
dst_port 20-30
skip_hw
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1 installed 85 sec used 3 sec
Action statistics:
Sent 460 bytes 10 pkt (dropped 10, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
2. Match on IP address and port range:
--------------------------------------
$ tc filter add dev enp4s0 protocol ip parent ffff:\
prio 1 flower dst_ip 192.168.1.1 ip_proto tcp dst_port 100-200\
skip_hw action drop
$ tc -s filter show dev enp4s0 parent ffff:
filter protocol ip pref 1 flower chain 0 handle 0x2
eth_type ipv4
ip_proto tcp
dst_ip 192.168.1.1
dst_port 100-200
skip_hw
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 2 ref 1 bind 1 installed 58 sec used 2 sec
Action statistics:
Sent 920 bytes 20 pkt (dropped 20, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
v6:
Modified to change json output format as object for sport/dport.
projects / mirror_iproute2.git / log