Andrea Claudi [Fri, 11 Dec 2020 18:53:03 +0000 (19:53 +0100)]
tc: pedit: fix memory leak in print_pedit
keys_ex is dinamically allocated with calloc on line 770, but
is not freed in case of error at line 823.
Fixes: 081d6c310d3a ("tc: pedit: Support JSON dumping") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Fri, 11 Dec 2020 18:53:02 +0000 (19:53 +0100)]
devlink: fix memory leak in cmd_dev_flash()
nlg_ntf is dinamically allocated in mnlg_socket_open(), and is freed on
the out: return path. However, some error paths do not free it,
resulting in memory leak.
This commit fix this using mnlg_socket_close(), and reporting the
correct error number when required.
Fixes: 9b13cddfe268 ("devlink: implement flash status monitoring") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Fri, 11 Dec 2020 18:26:40 +0000 (19:26 +0100)]
man: tc-flower: fix manpage
Commit 924c43778a84 ("man: tc-ct.8: Add manual page for ct tc action")
add man page for tc-ct, but it brings with it a bogus block of text
in the benning of tc-flower man page.
This commit simply removes it.
Fixes: 924c43778a84 ("man: tc-ct.8: Add manual page for ct tc action") Reported-by: Paolo Valerio <pvalerio@redhat.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Luca Boccassi [Fri, 27 Nov 2020 18:06:51 +0000 (18:06 +0000)]
ip/netns: use flock when setting up /run/netns
If multiple ip processes are ran at the same time to set up
separate network namespaces, and it is the first time so /run/netns
has to be set up first, and they end up doing it at the same time,
the processes might enter a recursive loop creating thousands of
mount points, which might crash the system depending on resources
available.
Try to take a flock on /run/netns before doing the mount() dance, to
ensure this cannot happen. But do not try too hard, and if it fails
continue after printing a warning, to avoid introducing regressions.
First reported on Debian: https://bugs.debian.org/949235
To reproduce (WARNING: run in a VM to avoid system lockups):
for i in {0..9}
do
strace -e trace=mount -e inject=mount:delay_exit=1000000 ip \
netns add "testnetns$i" 2>&1 | tee "$i.log" &
done
wait
The strace is to ensure the problem always reproduces, to add an
artificial synchronization point after the first mount().
With gcc-10 it complains about array subscript error.
f_u32.c: In function ‘u32_parse_opt’:
f_u32.c:1113:24: warning: array subscript 0 is outside the bounds of an interior zero-length array ‘struct tc_u32_key[0]’ [-Wzero-length-bounds]
1113 | hash = sel2.sel.keys[0].val & sel2.sel.keys[0].mask;
| ~~~~~~~~~~~~~^~~
In file included from tc_util.h:11,
from f_u32.c:26:
../include/uapi/linux/pkt_cls.h:253:20: note: while referencing ‘keys’
253 | struct tc_u32_key keys[0];
|
This is because the keys are actually allocated in the second element
of the parent structure.
Simplest way to address the warning is to assign directly to the keys
in the containing structure.
This has always been in iproute2 (pre-git) so no Fixes.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The code here was doing strncpy() in a way that causes gcc 10
warning about possible string overflow. Just use strlcpy() which
will null terminate and bound the string as expected.
This has existed since start of git era so no Fixes tag.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Gcc-10 complains about referencing a zero size array.
This occurs because the array of keys is actually in the following
structure which is part of the overall selector.
The original code was safe, but better to just use the key
array directly.
Fixes: 2d9a8dc439ee ("tc: p_ip6: Support pedit of IPv6 dsfield") Cc: petrm@mellanox.com Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Gcc-10 complains about possible string length overflow.
This can't happen Ethernet address format is always limited to
18 characters or less. Just resize the temp buffer.
Fixes: 70dfb0b8836d ("iplink: bridge: export bridge_id and designated_root") Cc: nikolay@cumulusnetworks.com Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
devlink.c: In function ‘cmd_dev’:
devlink.c:2803:12: warning: ‘val_u32’ may be used uninitialized in this function [-Wmaybe-uninitialized]
2803 | val_u16 = val_u32;
| ~~~~~~~~^~~~~~~~~
devlink.c:2747:11: note: ‘val_u32’ was declared here
2747 | uint32_t val_u32;
| ^~~~~~~
This is a false positive because it can't figure out the control flow
when the parse returns error.
Fixes: 2557dca2b028 ("devlink: Add string to uint{8,16,32} conversion for generic parameters") Cc: shalomt@mellanox.com Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Johannes Berg [Mon, 26 Oct 2020 11:32:52 +0000 (12:32 +0100)]
libnetlink: define __aligned conditionally
On some systems (e.g. current Debian/stable) the inclusion
of utils.h pulled in some other things that may end up
defining __aligned, in a possibly different way than what
we had here.
Use our own definition only if there isn't one already.
Fixes: d5acae244f9d ("libnetlink: add nl_print_policy() helper") Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Guillaume Nault [Thu, 22 Oct 2020 09:11:44 +0000 (11:11 +0200)]
m_mpls: test the 'mac_push' action after 'modify'
Commit 02a261b5ba1c ("m_mpls: add mac_push action") added a matches()
test for the "mac_push" string before the test for "modify".
This changes the previous behaviour as 'action m' used to match
"modify" while it now matches "mac_push".
Revert to the original behaviour by moving the "mac_push" test after
"modify".
David Ahern [Tue, 20 Oct 2020 15:05:00 +0000 (09:05 -0600)]
Merge branch 'tipc-encryption' into next
Tuong Lien says:
====================
This series adds two new options in the 'iproute2/tipc' command, enabling users
to use the new TIPC encryption features, i.e. the master key and rekeying which
have been recently merged in kernel.
The help menu of the "tipc node set key" command is also updated accordingly:
# tipc node set key --help
Usage: tipc node set key KEY [algname ALGNAME] [PROPERTIES]
tipc node set key rekeying REKEYING
KEY
Symmetric KEY & SALT as a composite ASCII or hex string (0x...) in form:
[KEY: 16, 24 or 32 octets][SALT: 4 octets]
ALGNAME
Cipher algorithm [default: "gcm(aes)"]
PROPERTIES
master - Set KEY as a cluster master key
<empty> - Set KEY as a cluster key
nodeid NODEID - Set KEY as a per-node key for own or peer
REKEYING
INTERVAL - Set rekeying interval (in minutes) [0: disable]
now - Trigger one (first) rekeying immediately
EXAMPLES
tipc node set key this_is_a_master_key master
tipc node set key 0x746869735F69735F615F6B657931365F73616C74
tipc node set key this_is_a_key16_salt algname "gcm(aes)" nodeid 1001002
tipc node set key rekeying 600
Tuong Lien [Fri, 16 Oct 2020 16:02:01 +0000 (23:02 +0700)]
tipc: add option to set rekeying for encryption
As supported in kernel, the TIPC encryption rekeying can be tuned using
the netlink attribute - 'TIPC_NLA_NODE_REKEYING'. Now we add the
'rekeying' option correspondingly to the 'tipc node set key' command so
that user will be able to perform that tuning:
tipc node set key rekeying REKEYING
where the 'REKEYING' value can be:
INTERVAL - Set rekeying interval (in minutes) [0: disable]
now - Trigger one (first) rekeying immediately
For example:
$ tipc node set key rekeying 60
$ tipc node set key rekeying now
The command's help menu is also updated with these descriptions for the
new command option.
Acked-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au> Signed-off-by: David Ahern <dsahern@gmail.com>
Tuong Lien [Fri, 16 Oct 2020 16:02:00 +0000 (23:02 +0700)]
tipc: add option to set master key for encryption
In addition to the support of master key in kernel, we add the 'master'
option to the 'tipc node set key' command for user to be able to
specify a key as master key during the key setting. This is carried out
by turning on the new netlink flag - 'TIPC_NLA_NODE_KEY_MASTER'.
For example:
$ tipc node set key "this_is_a_master_key" master
The command's help menu is also updated to give a better description of
all the available options.
Acked-by: Jon Maloy <jmaloy@redhat.com> Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au> Signed-off-by: David Ahern <dsahern@gmail.com>
David Ahern [Tue, 20 Oct 2020 14:57:47 +0000 (08:57 -0600)]
Merge branch 'tc-mpls-l2-vpn' into next
Guillaume Nault says:
====================
This patch series adds the possibility for TC to tunnel Ethernet frames
over MPLS.
Patch 1 allows adding or removing the Ethernet header.
Patch 2 allows pushing an MPLS LSE before the MAC header.
By combining these actions, it becomes possible to encapsulate an
entire Ethernet frame into MPLS, then add an outer Ethernet header
and send the resulting frame to the next hop.
Guillaume Nault [Mon, 19 Oct 2020 15:23:08 +0000 (17:23 +0200)]
m_mpls: add mac_push action
Add support for the new TCA_MPLS_ACT_MAC_PUSH action (kernel commit a45294af9e96 ("net/sched: act_mpls: Add action to push MPLS LSE before
Ethernet header")). This action let TC push an MPLS header before the
MAC header of a frame.
Example (encapsulate all outgoing frames with label 20, then add an
outer Ethernet header):
# tc filter add dev ethX matchall \
action mpls mac_push label 20 ttl 64 \
action vlan push_eth dst_mac 0a:00:00:00:00:02 \
src_mac 0a:00:00:00:00:01
This patch also adds an alias for ETH_P_TEB, since it is useful when
decapsulating MPLS packets that contain an Ethernet frame.
With MAC_PUSH, there's no previous Ethertype to modify. However, the
"protocol" option is still needed, because the kernel uses it to set
skb->protocol. So rename can_modify_ethtype() to can_set_ethtype().
Also add a test suite for m_mpls, which covers the new action and the
pre-existing ones.
Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Guillaume Nault [Mon, 19 Oct 2020 15:23:01 +0000 (17:23 +0200)]
m_vlan: add pop_eth and push_eth actions
Add support for the new TCA_VLAN_ACT_POP_ETH and TCA_VLAN_ACT_PUSH_ETH
actions (kernel commit 19fbcb36a39e ("net/sched: act_vlan:
Add {POP,PUSH}_ETH actions"). These action let TC remove or add the
Ethernet at the head of a frame.
Drop an Ethernet header:
# tc filter add dev ethX matchall action vlan pop_eth
Push an Ethernet header (the original frame must have no MAC header):
# tc filter add dev ethX matchall action vlan \
push_eth dst_mac 0a:00:00:00:00:02 src_mac 0a:00:00:00:00:01
Also add a test suite for m_vlan, which covers these new actions and
the pre-existing ones.
Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Jacob Keller [Wed, 14 Oct 2020 22:31:04 +0000 (15:31 -0700)]
devlink: display elapsed time during flash update
For some devices, updating the flash can take significant time during
operations where no status can meaningfully be reported. This can be
somewhat confusing to a user who sees devlink appear to hang on the
terminal waiting for the device to update.
Recent changes to the kernel interface allow such long running commands
to provide a timeout value indicating some upper bound on how long the
relevant action could take.
Provide a ticking counter of the time elapsed since the previous status
message in order to make it clear that the program is not simply stuck.
Display this message whenever the status message from the kernel
indicates a timeout value. Additionally also display the message if
we've received no status for more than couple of seconds. If we elapse
more than the timeout provided by the status message, replace the
timeout display with "timeout reached".
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Jan Engelhardt [Mon, 12 Oct 2020 13:55:55 +0000 (15:55 +0200)]
ip: add error reporting when RTM_GETNSID failed
`ip addr` when run under qemu-user-riscv64, fails. This likely is due
to qemu-5.1 not doing translation of RTM_GETNSID calls. Aborting ip
completely is not helpful for the user however. This patch reworks
the error handling.
Before:
rtest:/ # ip a
2: host0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
request send failed: Operation not supported
link/ether 46:3f:2d:88:3d:db brd ff:ff:ff:ff:ff:ffrtest:/ #
Afterwards:
rtest:/ # ip a
2: host0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
rtnl_send(RTM_GETNSID): Operation not supported. Continuing anyway.
link/ether 46:3f:2d:88:3d:db brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.72.147/28 brd 192.168.72.159 scope global host0
valid_lft forever preferred_lft forever
inet6 fe80::443f:2dff:fe88:3ddb/64 scope link
valid_lft forever preferred_lft forever
Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
David Ahern [Mon, 12 Oct 2020 02:09:14 +0000 (20:09 -0600)]
Merge branch 'bridge-igmpv3-mldv2' into next
Nikolay Aleksandrov says:
====================
This set adds support for IGMPv3/MLDv2 attributes, they're mostly
read-only at the moment. The only new "set" option is the source address
for S,G entries. It is added in patch 01 (see the patch commit message for
an example). Patch 02 shows a missing flag (fast_leave) for
completeness, then patch 03 shows the new IGMPv3/MLDv2 flags:
added_by_star_ex and blocked. Patches 04-06 show the new extra
information about the entry's state when IGMPv3/MLDv2 are enabled. That
includes its filter mode (include/exclude), source list with timers and
origin protocol (currently only static/kernel), in order to show the new
information the user must use "-d"/show_details.
Here's the output of a few IGMPv3 entries:
dev bridge port ens12 grp 239.0.0.1 src 20.21.22.23 temp filter_mode include proto kernel blocked 0.00
dev bridge port ens12 grp 239.0.0.1 src 8.9.10.11 temp filter_mode include proto kernel blocked 0.00
dev bridge port ens12 grp 239.0.0.1 src 1.2.3.1 temp filter_mode include proto kernel blocked 0.00
dev bridge port ens12 grp 239.0.0.1 temp filter_mode exclude source_list 20.21.22.23/0.00,8.9.10.11/0.00,1.2.3.1/0.00 proto kernel 26.65
Print the mdb entry's protocol (i.e. who added it) when it's available if
the user requested to show details (-d). Currently the only possible
values are RTPROT_STATIC (user-space added) or RTPROT_KERNEL
(automatically added by kernel). The value is kernel controlled.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Print the mdb entry's source list when it's available if the user
requested to show details (-d). Each source has an associated timer
which controls if traffic should be forwarded to that S,G entry (if the
timer is non-zero traffic is forwarded, otherwise it's not).
Currently the source list is kernel controlled and can't be changed by
user-space.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Print the mdb entry's filter mode when it's available if the user
requested to show details (-d). It can be either include or exclude.
Currently it's kernel controlled and can't be changed by user-space.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
With IGMPv3/MLDv2 support we have 2 new flags:
- added_by_star_ex: set when the S,G entry was automatically created
because of a *,G entry in EXCLUDE mode
- blocked: set when traffic for the S,G entry for that port has to be
blocked
Both flags are used only on the new S,G entries and are currently kernel
managed, i.e. similar to other flags which can't be set from user-space.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
We're not showing the fast_leave flag when it's set. Currently that can
be only when an mdb entry is being deleted due to fast leave, so it will
only affect mdb monitor.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
This patch adds the user-space control and dump of mdb entry source
address. When setting the new MDBA_SET_ENTRY_ATTRS nested attribute is
used and inside is added MDBE_ATTR_SOURCE based on the address family.
When dumping we look for MDBA_MDB_EATTR_SOURCE and if present we add the
"src x.x.x.x" output. The source address will be always shown as it's
needed to match the entry to modify it from user-space.
Example:
$ bridge mdb add dev bridge port ens13 grp 239.0.0.1 src 1.2.3.4 permanent vid 100
$ bridge mdb show
dev bridge port ens13 grp 239.0.0.1 src 1.2.3.4 permanent vid 100
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Antony Antony [Fri, 2 Oct 2020 13:22:38 +0000 (15:22 +0200)]
ip xfrm: support setting XFRMA_SET_MARK_MASK attribute in states
The XFRMA_SET_MARK_MASK attribute can be set in states (4.19+)
It is optional and the kernel default is 0xffffffff
It is the mask of XFRMA_SET_MARK(a.k.a. XFRMA_OUTPUT_MARK in 4.18)
e.g.
./ip/ip xfrm state add output-mark 0x6 mask 0xab proto esp \
auth digest_null 0 enc cipher_null ''
ip xfrm state
src 0.0.0.0 dst 0.0.0.0
proto esp spi 0x00000000 reqid 0 mode transport
replay-window 0
output-mark 0x6/0xab
auth-trunc digest_null 0x30 0
enc ecb(cipher_null)
anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000
sel src 0.0.0.0/0 dst 0.0.0.0/0
Signed-off-by: Antony Antony <antony@phenome.org> Signed-off-by: David Ahern <dsahern@gmail.com>
Jacob Keller [Wed, 30 Sep 2020 21:05:47 +0000 (14:05 -0700)]
devlink: support setting the overwrite mask attribute
The recently added DEVLINK_ATTR_FLASH_UPDATE_OVERWRITE_MASK allows
userspace to indicate how a device should handle subsections of a flash
component when updating. For example, a flash component might contain
vital data such as PCIe serial number or configuration fields such as
settings that control device bootup.
The overwrite mask allows specifying whether the device should overwrite
these subsections when updating from the provided image. If nothing is
specified, then the update is expected to preserve all vital fields and
configuration.
Add support for specifying the overwrite mask using the new "overwrite"
option to the flash command line.
By specifying "overwrite identifiers", the user request that the flash
update should overwrite any settings in the updated flash component with
settings from the provided flash image
$devlink dev flash pci/0000:af:00.0 file flash_image.bin overwrite identifiers
By specifying "overwrite settings" the user requests that the flash update
should overwrite any settings in the updated flash component with setting
values from the provided flash image.
$devlink dev flash pci/0000:af:00.0 file flash_image.bin overwrite settings
These options may be combined, in which case both subsections will be sent
in the overwrite mask, resulting in a request to overwrite all settings and
identifiers stored in the updated flash components.
$devlink dev flash pci/0000:af:00.0 file flash_image.bin overwrite settings overwrite identifiers
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Signed-off-by: David Ahern <dsahern@gmail.com>
# ip address add 192.0.2.2/24 dev dummy5 noprefixroute
Warning: noprefixroute option can be set only for IPv6 addresses
# ip address add 224.1.1.10/24 dev dummy5 autojoin
Warning: autojoin option can be set only for IPv6 addresses
This enables them back for IPv4.
Fixes: 9d59c86e575b5 ("iproute2: ip addr: Organize flag properties structurally") Signed-off-by: Adel Belhouane <bugs.a.b@free.fr> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Kamal Heib [Sun, 27 Sep 2020 12:06:56 +0000 (15:06 +0300)]
ip: iplink_ipoib.c: Remove extra spaces
Remove the extra space between the reported ipoib attrs - use only one
space instead of two.
Fixes: de0389935f8c ("iplink: Added support for the kernel IPoIB RTNL ops") Signed-off-by: Kamal Heib <kamalheib1@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Jan Engelhardt [Mon, 28 Sep 2020 19:08:01 +0000 (21:08 +0200)]
build: avoid make jobserver warnings
I observe:
» make -j8 CCOPTS=-ggdb3
lib
make[1]: warning: -j8 forced in submake: resetting jobserver mode.
make[1]: Nothing to be done for 'all'.
ip
make[1]: warning: -j8 forced in submake: resetting jobserver mode.
CC ipntable.o
MFLAGS is a historic variable of some kind; removing it fixes the
jobserver issue.
Signed-off-by: Jan Engelhardt <jengelh@inai.de> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Plus those drivers are generally more modern than those
using rx_over_errors.
Since recently merged kernel documentation makes this
preference official, let's make ip -s output more informative
and let rx_missed_errors take the place of rx_over_errors.
David Ahern [Wed, 23 Sep 2020 02:17:48 +0000 (20:17 -0600)]
Merge branch 'devlink-controller-external-info' into next
Parav Pandit says:
====================
For certain devlink port flavours controller number and optionally external=
attributes are reported by the kernel.
(a) controller number indicates that a given port belong to which local or =
external controller.
(b) external port attribute indicates that if a given port is for external =
or local controller.
Wei Wang [Wed, 19 Aug 2020 21:13:54 +0000 (14:13 -0700)]
iproute2: ss: add support to expose various inet sockopts
This commit adds support to expose the following inet socket options:
-- recverr
-- is_icsk
-- freebind
-- hdrincl
-- mc_loop
-- transparent
-- mc_all
-- nodefrag
-- bind_address_no_port
-- recverr_rfc4884
-- defer_connect
with the option --inet-sockopt. The individual option is only shown
when set.
Signed-off-by: Wei Wang <weiwan@google.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Hoang Le [Thu, 27 Aug 2020 02:30:37 +0000 (09:30 +0700)]
tipc: support 128bit node identity for peer removing
Problem:
In kernel upstream, we add the support to set node identity with
128bit. However, we are still using legacy format in command tipc
peer removing. Then, we got a problem when trying to remove
offline node i.e:
Roopa Prabhu [Sat, 29 Aug 2020 03:42:56 +0000 (20:42 -0700)]
iplink: add support for protodown reason
This patch adds support for recently
added link IFLA_PROTO_DOWN_REASON attribute.
IFLA_PROTO_DOWN_REASON enumerates reasons
for the already existing IFLA_PROTO_DOWN link
attribute.
$ ip link set dev vx10 protodown on protodown_reason vrrp on
$ip link show dev vx10
14: vx10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 1000
link/ether f2:32:28:b8:35:ff brd ff:ff:ff:ff:ff:ff protodown on
protodown_reason <vrrp>
$ip -p -j link show dev vx10
[ {
<snip>
"proto_down": true,
"proto_down_reason": [ "vrrp" ]
} ]
$ip link set dev vx10 protodown_reason mlag on
$ip link show dev vx10
14: vx10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode
DEFAULT group default qlen 1000
link/ether f2:32:28:b8:35:ff brd ff:ff:ff:ff:ff:ff protodown on
protodown_reason <mlag,vrrp>
$ip -p -j link show dev vx10
[ {
<snip>
"proto_down": true,
"protodown_reason": [ "mlag","vrrp" ]
} ]
$ip -p -j link show dev vx10
$ip link set dev vx10 protodown off protodown_reason vrrp off
Error: Cannot clear protodown, active reasons.
$ip link set dev vx10 protodown off protodown_reason mlag off
$
Note: for somereason the json and non-json key for protodown
are different (protodown and proto_down). I have kept the
same for protodown reason for consistency (protodown_reason and
proto_down_reason).
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David Ahern <dsahern@gmail.com>
Phil Sutter [Sat, 29 Aug 2020 10:18:35 +0000 (12:18 +0200)]
ip link: Fix indenting in help text
Indenting of 'ip link set' options below 'link-netns' was wrong, they
should be on the same level as the above.
While being at it, fix closing brackets in vf-specific options. Also
write node/port_guid parameters in upper-case without curly braces: They
are supposed to be replaced by values, not put literally.
Fixes: 8589eb4efdf2a ("treewide: refactor help messages") Fixes: 5a3ec4ba64783 ("iplink: Update usage in help message") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Johannes Berg [Mon, 24 Aug 2020 17:51:08 +0000 (19:51 +0200)]
genl: ctrl: support dumping netlink policy
Support dumping the netlink policy of a given generic netlink
family, the policy (with any sub-policies if appropriate) is
exported by the kernel in a general fashion.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David Ahern <dsahern@gmail.com>
Johannes Berg [Mon, 24 Aug 2020 17:51:07 +0000 (19:51 +0200)]
libnetlink: add nl_print_policy() helper
This prints out the data from the given nested attribute
to the given FILE pointer, interpreting the firmware that
the kernel has for showing netlink policies.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: David Ahern <dsahern@gmail.com>
Murali Karicheri [Mon, 17 Aug 2020 21:17:36 +0000 (17:17 -0400)]
iplink: hsr: add support for creating PRP device similar to HSR
This patch enhances the iplink command to add a proto parameters to
create PRP device/interface similar to HSR. Both protocols are
quite similar and requires a pair of Ethernet interfaces. So re-use
the existing HSR iplink command to create PRP device/interface as
well. Use proto parameter to differentiate the two protocols.
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Sascha Hauer [Mon, 17 Aug 2020 11:25:19 +0000 (13:25 +0200)]
iproute2: ip maddress: Check multiaddr length
ip maddress add|del takes a MAC address as argument, so insist on
getting a length of ETH_ALEN bytes. This makes sure the passed argument
is actually a MAC address and especially not an IPv4 address which
was previously accepted and silently taken as a MAC address.
While at it, do not print *argv in the error path as this has been
modified by ll_addr_a2n() and doesn't contain the full string anymore,
which can lead to misleading error messages.
Also while at it, replace the hardcoded buffer size with the actual
buffer size using sizeof().
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Leon Romanovsky [Tue, 11 Aug 2020 07:32:01 +0000 (10:32 +0300)]
rdma: Properly print device and link names in CLI output
The citied commit broke the CLI output and printed ifindex/ifname
instead of dev/link.
Before:
[leonro@vm ~]$ rdma res show qp
link mlx5_0/lqpn 1 type GSI state RTS sq-psn 0 comm ib_core
[leonro@vm ~]$ rdma res show cq
ifindex 0 ifname rocep0s9 cqn 0 cqe 1023 users 2 poll-ctx WORKQUEUE adaptive-moderation on comm ib_core
After:
[leonro@vm ~]$ rdma res show qp
link mlx5_0/- lqpn 1 type GSI state RTS sq-psn 0 comm [ib_core]
[leonro@vm ~]$ rdma res show cq
dev rocep0s9 cqn 0 cqe 1023 users 2 poll-ctx WORKQUEUE adaptive-moderation on comm [ib_core]
It was missed because rdmatool mostly used in JSON mode.
Fixes: b0a688a542cd ("rdma: Rewrite custom JSON and prints logic to use common API") Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Leon Romanovsky [Tue, 11 Aug 2020 07:32:00 +0000 (10:32 +0300)]
rdma: Fix owner name for the kernel resources
Owner of kernel resources is printed in different format than user
resources to easy with the reader by simply looking on the name.
The kernel owner will have "[ ]" around the name.
Before this change:
[leonro@vm ~]$ rdma res show qp
link rocep0s9/1 lqpn 1 type GSI state RTS sq-psn 58 comm ib_core
After this change:
[leonro@vm ~]$ rdma res show qp
link rocep0s9/1 lqpn 1 type GSI state RTS sq-psn 58 comm [ib_core]
Fixes: b0a688a542cd ("rdma: Rewrite custom JSON and prints logic to use common API") Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Mark Zhang [Tue, 4 Aug 2020 08:49:09 +0000 (11:49 +0300)]
rdma: Document the new "pid" criteria for auto mode
Document the new supported criteria of auto mode. Examples:
$ rdma statistic qp set link mlx5_2/1 auto pid on
$ rdma statistic qp set link mlx5_2/1 auto pid,type on
Signed-off-by: Mark Zhang <markz@mellanox.com> Reviewed-by: Ido Kalir <idok@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Mark Zhang [Tue, 4 Aug 2020 08:49:08 +0000 (11:49 +0300)]
rdma: Add "PID" criteria support for statistic counter auto mode
With this new criteria, QPs have different PIDs will be bound to
different counters in auto mode. This can be used in combination with
other criteria like "type". Examples:
$ rdma statistic qp set link mlx5_2/1 auto pid on
$ rdma statistic qp set link mlx5_2/1 auto type,pid on
$ rdma statistic qp set link mlx5_2/1 auto off
$ rdma statistic qp show link mlx5_0 qp-type UD
Signed-off-by: Mark Zhang <markz@mellanox.com> Reviewed-by: Ido Kalir <idok@mellanox.com> Signed-off-by: Leon Romanovsky <leonro@mellanox.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: fdb show: fix fdb entry state output for json context
bridge json fdb show is printing an incorrect / non-machine readable
value, when using -j (json output) we are expecting machine readable
data that shouldn't require special handling/parsing.
Add space after format specifier in print_string call. Fixes broken
qdisc tests within tdc testing suite. Per suggestion from Petr Machata,
remove a space and change spacing in tc/q_event.c to complete the fix.
Tested fix in tdc using:
./tdc.py -c qdisc
All qdisc RED tests return ok.
Fixes: d0e450438571("tc: q_red: Add support for qevents "mark" and "early_drop") Signed-off-by: Briana Oursler <briana.oursler@gmail.com> Tested-by: Petr Machata <petrm@mellanox.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Anton Danilov [Mon, 27 Jul 2020 13:26:07 +0000 (16:26 +0300)]
bridge: fdb: the 'dynamic' option in the show/get commands
In most of cases a user wants to see only the dynamic mac addresses
in the fdb output. But currently the 'fdb show' displays tons of
various self entries, those only waste the output without any useful
goal.
New option 'dynamic' for 'show' and 'get' commands forces display
only relevant records.
Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
projects / mirror_iproute2.git / log