Kernel is being extended to support flag IFA_F_MANAGETEMPADDR also for
deletion of addresses. This will allow a userspace application to indicate
that for a global address the kernel should delete all related temporary
addresses as well.
"ip addr del" internally calls ipaddr_modify which silently accepts
any flag provided on the command line already, independent of the
actual command.
Therefore only the usage documentation needs to be extended.
Signed-off-by: Heiner Kallweit <heiner.kallweit@web.de>
commit 37c9b94ed2 (add support for extended ifa_flags)
introduced a regression:
# ./ip/ip addr add 192.168.0.1/24 dev eth0
RTNETLINK answers: Invalid argument
This is due to old kernels don't support IFA_FLAGS flag, we should not
use it if we don't use the flags beyond old .ifa_flags.
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Flags for a peer override flags for the other and not used for the
peer.
before:
# ip link add up type veth peer down multicast off
# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: veth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 2e:5c:cd:f5:63:d2 brd ff:ff:ff:ff:ff:ff
3: veth1: <BROADCAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 72:b0:fa:1e:76:7a brd ff:ff:ff:ff:ff:ff
after:
# ip link add up type veth peer down multicast off
# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: veth0: <BROADCAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 6e:db:03:b3:bd:ff brd ff:ff:ff:ff:ff:ff
3: veth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether a6:62:d9:84:f0:73 brd ff:ff:ff:ff:ff:ff
Signed-off-by: Kusanagi Kouichi <slash@ac.auone-net.jp>
It's now possible to filter SA directly into the kernel by specifying
XFRMA_PROTO and/or XFRMA_ADDRESS_FILTER.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
In "ip route show" output unicast type, main table, boot protocol and
universe scope are hidden as default labels.
Sometimes it is helpful to show the hidden label for people not enough
familiar with routing subsystem to map the output of "ip route show" and
kernel source code.
With this patch "ip route show" with -d option shows the default labels.
Example of difference of output with -d option:
$ ./ip/ip -4 route show table all dev virbr1
...
192.168.121.0/28 proto kernel scope link src 192.168.121.1
...
$ ./ip/ip -4 -d route show table all dev virbr1
...
unicast 192.168.121.0/28 table main proto kernel scope link src 192.168.121.1
...
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
With "ip -d link show", bonding slave mii status is displayed
twice, once as a number and once as a name.
Fixes: 730d3f61 ("iplink: add support for bonding slave")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Lookup function get_index() compares argument with table entries
only up to the length of the table entry so that if an entry
with lower index is a substring of a later one, earlier entry is
used even if the argument is equal to the other. For example,
ip link set bond0 type bond xmit_hash_policy layer2+3
sets xmit_hash_policy to 0 (layer2) as this is found before
"layer2+3" can be checked.
Use strcmp() to compare whole strings instead.
v2: look for an exact match only
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Name of arp_all_targets parameter in output of "ip -d link show"
is missing trailing "s".
Fixes: 63d127b0 ("iproute2: finish support for bonding attributes")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
This patch allows to display the source-IP.
stype will be used in the next patch that allows to remove based on the
source-IP.
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Renaming addr to daddr, because we will introduce saddr later.
The local variable is necessary to store RTA_PAYLOAD(a) temporarily.
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Add support for bonding attributes just added to net-next.
On set, allow string or number value for enumerated attributes.
On show, use always use string value for attribute.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
The vti interface will use GRE_KEY to match the right policy in kernel. So we
can not return fail when the tunnel is vti.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
The RTM_NEWLINK message accepts ifi_index non-zero value and lets
creation of links with given index (if it's free, or course). This
functionality is available since linux-v3.5.
This patch makes this API available via ip tool.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently ip-link(8) parses, but ignores "group" argument to
peer interface on veth creation.
Insert IFLA_GROUP attribute for peer interface when present.
Signed-off-by: Sergey Popovich <popovich_sergei@mail.ru>
Based on patch by Sergey Popovich <popovich_sergei@mail.ru>
This fixes crash when ip-link(8) invoced with command:
ip link add dev veth1a type veth peer
Use warn_unused_result to enforce checking return value of rtnl_send,
and fix where the errors are.
Suggested by initial patch from Petr Písař <ppisar@redhat.com>
As a system admin I occasionally want to be able to check that all
interfaces has a name in DNS or /etc/hosts file.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
As both linux kernel and function ipaddrlabel_modify use unsigned int for
label. We should also use unsigned int value when print addrlabel in case of
misunderstanding.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
The kernel already supports it, so add the support
to iproute2 as well.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
ip xfrm considers that the user-defined mark is "any" as soon as
(mark.v & mark.m == 0), which prevents from specifying non-wildcard
marks that include the value 0 (typically 0/0xffffffff).
Yet, matching exactly mark 0 is useful for instance to separate
vti policies from global policies.
Always configure the user mark if mark.m != 0.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
This bug is reported from below link:
https://bugzilla.redhat.com/show_bug.cgi?id=982761
An simplified command from its original reproducing method in bugzilla:
ip xfrm state add src 10.0.0.2 dst 10.0.0.1 proto ah spi 0x12345678 auth md5 12
will cause below spew from gcc.
Reported-by: Sohny Thomas <sthomas@linux.vnet.ibm.com>
Since commit a05f6511f5, ip batch mode is broken when using 'netns exec' cmd.
When WIFEXITED() returns true, it means that the child exited normally, hence
we must not call exit() but just returns the status. If we call exit, the next
commands in the file file are not executed.
If WIFEXITED() returns false, we can call exit() because it means that the
child failed.
This patch partially reverts commit a05f6511f5.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
The git-commit dc8867d0, that added support for displaying the
extra-flags of a state, introduced a potential segfault.
Trying to show a state without the extra-flag attribute and show_stats
enabled, would cause the NULL pointer in tb[XFRMA_SA_EXTRA_FLAGS] to be
dereferenced.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
The mode information is contained in IFLA_MACVLAN_MODE instead
of IFLA_VLAN_ID (both evaluating to "1" in their enums).
Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com>
Prefix labelling is currently only activated when monitoring "all"
objects. However, the output can still be confusing when monitoring
more than 1 object, so add an option to always print prefix labels.
Signed-off-by: Martin Schwenke <martin@meltin.net>
When configuring a system with multiple network uplinks and default routes, it
is often convenient to reference a routing table multiple times - but reject
its routing decision if certain constraints are not met by it.
Consider this setup:
$ ip route add table secuplink default via 10.42.23.1
$ ip rule add pref 100 table main suppress_prefixlength 0
$ ip rule add pref 150 fwmark 0xA table secuplink
With this setup, packets marked 0xA will be processed by the additional routing
table "secuplink", but only if no suitable route in the main routing table can
be found. By suppressing entries with a prefixlength of 0 (or less), the
default route (/0) of the table "main" is hidden to packets processed by rule
100; packets traveling to destinations via more specific routes are processed
as usual.
It is also possible to suppress a routing entry if a device belonging to
a specific interface group is to be used:
$ ip rule add pref 150 table main suppress_group 1
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This change adds the interface group to the output of "ip link show".
It also makes "ip link" print _all_ devices if no group filter is specified;
previously, only interfaces of the default group (0) were shown.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This patch allows setting VXLAN destination to unicast address.
It allows that VXLAN can be used as peer-to-peer tunnel without
multicast.
v6: change back to the v3 except for using new attribute because
replacing command-line parameters breaks existing scripts,
based by Cong Wang's comments.
v5: rebase on the latest.
v4: replace "group" with "remote" based by David Stevens's comments.
v3: move a new attribute REMOTE into the last of an enum list
based by Stephen Hemminger's comments.
fix the usage to show explicitly that both "remote" and "group"
cannot be specified, based by Ben Hutchings's comments.
v2: use a new argument "remote" instead of "group" based by
Stephen Hemminger's comments.
Signed-off-by: Atzm Watanabe <atzm@stratosphere.co.jp>
The netns code was using EXIT_SUCCESS/EXIT_FAILURE but the rest of the ip
code used -1 explictly, so change to follow convention. Also, certain types
of errors like fork failure should abort a batch operation, rather than just
returning an error.
execvp() does not return when the command succeed, hence all commands in the
batch file after the line 'ip netns exec' are not executed.
Let's fork before calling execvp() if batch mode is used..
Example:
$ cat test.batch
netns add netns1
netns exec netns1 ip l
netns
$ ip -b test.batch
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT
link/sit 0.0.0.0 brd 0.0.0.0
All command after 'netns exec' are never executed.
With the patch:
$ ip -b test.batch
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT
link/sit 0.0.0.0 brd 0.0.0.0
netns1
Now, existing netns are displayed.
Signed-off-by: JunweiZhang <junwei.zhang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Without patch, I got:
# ./ip/ip tunnel show
ip_vti0: ioctl 89f4 failed: Invalid argument
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
this is due to VTI_ISVTI has the same numeric value with SIT_ISATAP,
but only sit tunnel has SIOCGETPRL, therefore it should check for SIT
tunnel first.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <amwang@redhat.com>
This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Cong Wang <amwang@redhat.com>
This patch adds multi_queue option to ip tuntap.
This allows IFF_MULTI_QUEUE flag to be specified during
tun/tap device creation enabling multi-queue support in tun/tap
device.
Example: ip tuntap add dev tap0 mode tap multi_queue
Signed-off-by: Sriram Narasimhan <sriram.narasimhan@hp.com>
This is now possible, because the dump function has been added in kernel.
Note that IPv4 and IPv6 entries are displayed.
Before this patch, only all entries were displayed.
Example:
$ ip netconf
ipv4 dev lo forwarding on rp_filter off mc_forwarding 0
ipv4 dev eth0 forwarding on rp_filter off mc_forwarding 1
ipv4 all forwarding on rp_filter off mc_forwarding 1
ipv4 default forwarding on rp_filter off mc_forwarding 0
ipv6 dev lo forwarding on mc_forwarding 0
ipv6 dev eth0 forwarding on mc_forwarding 0
ipv6 all forwarding on mc_forwarding 0
ipv6 default forwarding on mc_forwarding 0
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
For the display part, we print extra-flags only if show_stats is set, like for
standard flags.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This change shifts burden onto the users to choose the UDP port value.
Kernel default value is incorrect UDP port 5287 but now there is
an official assigned port for VXLAN.
The kernel can't change because of legacy compatibility
but new deployments should not use the legacy port value.
Add ability to set UDP destination port on a per device basis.
If no port is assigned, the default IANA assigned port will be used.
If you want the kernel default value, then use port 0.
Source port range option is now called 'srcport', to avoid
confusion. The old option syntax is accepted for compatiablity.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds support for tokenized IIDs, that enable
administrators to assign well-known host-part addresses
to nodes whilst still obtaining global network prefix
from Router Advertisements. This is the iproute2 part for
the kernel patch f53adae4eae5 (``net: ipv6: add tokenized
interface identifier support'').
Example commands with iproute2:
Setting a device token:
# ip token set ::1a:2b:3c:4d/64 dev eth1
Getting a device token:
# ip token get dev eth1
token ::1a:2b:3c:4d dev eth1
Listing all tokens:
# ip token list (or: ip token)
token :: dev eth0
token ::1a:2b:3c:4d dev eth1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Change ALGO-KEY to ALGO-KEYMAT to make it more obvious that the
keying material might need to contain more than just the key (such
as a salt or nonce value).
List the algorithm names that currently exist in the kernel.
Indicate that for IPComp, the Compression Parameter Index (CPI) is
used as the SPI.
Group the list of mode values by transform protocol.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Ensure that only algorithms and modes supported by the transform
protocol are specified (so that errors are more obvious).
Signed-off-by: David Ward <david.ward@ll.mit.edu>
AEAD algorithms perform both encryption and authentication; they are
not combined with separate encryption or authentication algorithms.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
A Security Policy Index (SPI) is not used with Mobile IPv6. IPComp
uses a smaller 16-bit Compression Parameter Index (CPI) which is
passed as the SPI value. Perform checks whenever specifying an ID.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
When unmanaged L2TP sessions are created using "ip l2tp add session",
there is no option to allow the session's Layer2SpecificHeader type to
be selected - the kernel's default setting is always used. For
interopability with some vendor equipment, it might be necessary to
use a different setting. So add a new l2spec_type parameter to the "ip
l2tp add session" parameter list, allowing operators to set a specific
Layer2SpecificHeader type. The kernel already exposes the setting as a
netlink attribute so it is straightforward to add support for it in
iproute2.
This change allows unmanaged L2TP sessions to be configured between
Linux and some Cisco equipment by specifying "l2spec_type none" in "ip
l2tp add session" command parameters.
Signed-off-by: James Chapman <jchapman@katalix.com>
My previous commit introduced a patch to allow for states with different
ip address families for selector and id. The must have somehow been a
mixup of the patch I tested and the one I send, so the patch sent breaks
the iproute2 build. This patch fixes this. My apologies.
Signed-off-by: Thomas Egerer <hakke_007@gmx.de>
Do not enforce the selector of a state to have the same address family
as the id. This makes it possible to configure inter family states.
Signed-off-by: Thomas Egerer <hakke_007@gmx.de>
Both ip-link and ip-address support the 'up' argument, however this
isn't documented in neither their help outputs or ip-address' manpage.
This patch fixes that.
Signed-off-by: Petr Šabata <contyk@redhat.com>
Reported-by: Jiří Popelka <jpopelka@redhat.com>
While looking into a sysctl regression in decnet on old kernels I
discovered this omission in the iproute2 documentation.
I can't imagine anyone's muscle memory remembering the longer forms.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Some platforms like ppc64 have unsigned long long as 128 bits, and
the printf format string would cause errors. Resolve this by using
unsigned long long where necessary (or unsigned long).
Fixes Debian bug #700434
Need to table id in filter to be unsigned to avoid conversion to -1
The documentation for "ip" suggests that, when using multiple routing tables, the table ID can be an arbitrary 32 bit number. I've been writing a script that calculates a table Id based on an IP addresses and sets up tables accordingly based on it. This seems to work for everything I've tried except "ip route flush". If you specify a table to flush with an ID over 2^31, it flushes all IPv4 routing tables. For example:
Will delete all routing tables, including the default one. Needless to say, this is quite annoying. I think this is an upstream bug, but your opinions will be greatly appreciated.
This patch improves many error messages as follows:
- For incorrect parameters, show the value of the offending parameter, rather than just say that it is incorrect
- Rephrased messages for clarity
- Rephrased to more `mainstream' english
Signed-off-by: Kees van Reeuwijk <reeuwijk@few.vu.nl>
Since do_help() has to return an int to fit in the table of commands,
it should actually return an int. This patch lets it do so.
Signed-off-by: Kees van Reeuwijk <reeuwijk@few.vu.nl>
This is useful to know the 'real' status of an interface (the flag IFF_PROMISC
is exported by the kernel only when the user set it explicitly, for example it
will not be exported when a tcpdump is running).
This information will be displayed when '-details' is provided by the user.
Example:
$ ip -d l l tun10
6: tun10: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT
link/sit 10.16.0.249 peer 10.16.0.121
sit remote 10.16.0.121 local 10.16.0.249 ttl inherit pmtudisc 6rd-prefix 2002::/16
promiscuity 2
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
The 'inherit/STRING' or 'inherit/00..ff' syntax indicates that the
TOS field of tunneled packets should be copied from the original IP
header, but for non-IP packets the value STRING or 00..ff should be
used instead. (This syntax is already used by 'ip tunnel show'.)
Also clarify the man page and the command usage text (particularly
that the TOS is not specified as a decimal number).
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Add command that go between network namespace names and process
identifiers. The code builds and runs agains older kernels but
only works on Linux 3.8+ kernels where I have fixed stat to work
properly.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Sometimes "ip netns delete" fails because it can not delete the file a
network namespace was mounted on. If this only happened when a
network namespace was really in use this would be fine, but today it
is possible to pin all network namespaces by simply having a long
running process started with "ip netns exec".
Every mount is copied when a network namespace is created so it is
impossible to prevent the mounts from getting into other mount
namespaces. Modify all mounts in the files and subdirectories of
/var/run/netns to be shared mount points so that unmount events can
propogate, making it unlikely that "ip netns delete" will fail because
a directory is mounted in another mount namespace.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Ben Hutchings pointed out that the return value of do_netns is passed
to exit and the current convention of returning -1 for failure is
inconsitent with that reality.
Return EXIT_FAILURE instead of -1 and EXIT_SUCCESS instead of 0. To make
it clear that the return codes are expected to be passed to exit.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Some systems are now following the advice in
linux/Documentation/sharedsubtrees.txt and running with all mount
points shared between all mount namespaces by default.
After creating the mount namespace call mount on / with
MS_SLAVE|MS_REC to modify all mounts in the new mount namespace to
slave mounts if they are shared or private mounts otherwise.
Guarnateeing that changes to the mount namespace created with
"ip netns exec" don't propgate to other namespaces.
Reported-by: Petr Šabata <contyk@redhat.com>
Tested-by: Petr Šabata <contyk@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Clang doesn't support the gcc extension for embeddeding flexible arrays
inside of structures. Use the slightly more portable alloca().
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
mroute was using /proc/net/ip_mr_[vif|cache] to display mroute entries. Hence,
only RT_TABLE_DEFAULT was displayed and only IPv4.
With rtnetlink, it is possible to display all tables for IPv4 and IPv6. The output
format is kept. Also, like before the patch, statistics are displayed when user specify
the '-s' argument.
The patch also adds the support of 'ip monitor mroute', which is now possible.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This patch adds a new flag to iproute2 for vxlan devices to enable
DOVE features. It also adds support for L2 and L3 switch lookup miss
netlink messages to "ip monitor".
Changes since v2: fix merge conflict
Changes since v1:
- split "dove" flag into separate feature flags:
- "proxy" for ARP reduction
- "rsc" for route short circuiting
- "l2miss" for L2 switch miss notifications
- "l3miss" for L3 switch miss notifications
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
This patch allows to manage ip tunnels via the interface ip link.
The syntax for parameters is the same that 'ip tunnel'.
It also allows to display tunnels parameters with 'ip -details link' or
'ip -details monitor link'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This patch allows to manage ip6 tunnels via the interface ip link.
The syntax for parameters is the same that 'ip -6 tunnel'.
It also allows to display tunnels parameters with 'ip -details link' or
'ip -details monitor link'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Example of the output:
$ ip monitor netconf&
[1] 24901
$ echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
ipv6 dev lo forwarding off
ipv6 dev eth0 forwarding off
ipv6 all forwarding off
$ echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
ipv4 dev eth0 forwarding on
$ ip -6 netconf
ipv6 all forwarding on mc_forwarding 0
$ ip netconf show dev eth0
ipv4 dev eth0 forwarding on rp_filter off mc_forwarding 1
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Minor cleanup of original patch, made sure netconf.h matched
result of santized kernel headers
When tclass or flowlabel field were updated, we only performed an OR with the
new value. For example, it was not possible to reset tclass:
ip -6 tunnel change ip6tnl2 tclass 0
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Flag IP6_TNL_F_IGN_ENCAP_LIMIT is set when encaplimit is none, but it was not
removed if encaplimit was set on update (ip tunnel change).
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
IPv6 multipath routes were not accepted by "ip route" because an IPv4
address was expected for each gateway. Use `get_addr()` instead of
`get_addr32()`.
Signed-off-by: Vincent Bernat <bernat@luffy.cx>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Added support to ipoib rtnl ops through which one can create, configure,
query and delete IPoIB devices, for example
$ ip link add link ib0.8001 name ib0.8001 type ipoib pkey 0x8001
$ ip link add link ib0.1 name ib0.1 type ipoib mode connected
$ ip --details link show dev ib0.1
Cc: Patrick McHardy <kaber@trash.net>
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
ip tcp_metrics/tcpmetrics
We support get/del for single entry and dump for
show/flush.
v3:
- fix rtt/rttvar shifts as suggested by Eric Dumazet
- show rtt/rttvar usecs as suggested by David Laight
Signed-off-by: Julian Anastasov <ja@ssi.bg>
When running 'ip monitor neigh', there is no hint to tell if a neighbor is
updated or deleted.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Both macros are used together, so better to have
single define. Update all requests in ipl2tp.c to use the
new macro.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
This functionality is required by checkpoint-restore project. Since the
dump and restore for routes is already done in ip tool it's naturally to
dump and restore addresses in the ip tool as well.
The implementation logic is the same as for the respective one for routes.
The magic number digits are taken from the Seattle coordinates.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Some time ago the save+restore commands were added to ip route (git
id f4ff11e3, Add ip route save/restore). These two save the raw rtnl
stream into a file and restore one (reading it from stdin).
The problem is that there's no way to get the contents of the dump
file in a human readable form. The proposal is to add a command that
reads the rtnl stream from stdin and prints the data in a way the
usual "ip route list" does?
changes since v1:
* Take the magic at the beginning of the dump file into account
* Check for stdin (the dump is taken from) is not a tty
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
In order to somehow verify that a blob contains route dump a
4-bytes magic is put at the head of the data and is checked
on restore.
Magic digits are taken from Portland (OR) coordinates :) Is
there any more reliable way of generating such?
Signed-of-by: Pavel Emelyanov <xemul@parallels.com>
`ip a s` no longer shows addresses since 3.4.0 works, but 3.5.0,
the simple test case:
make clean && make -j -s && ./ip/ip a s lo
before that change, i would get:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
but after, i now get:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
seems like the bug was introduced in the middle of that patch:
- if (filter.family != AF_PACKET) {
+ if (filter.family && filter.family != AF_PACKET) {
+ if (filter.oneline)
+ no_link = 1;
+
if (rtnl_wilddump_request(&rth, filter.family, RTM_GETADDR) < 0) {
perror("Cannot send dump request");
exit(1);
if i revert the change to the if statement there, `ip a s` works for me again.
Alternative solution to problem reported by Pravin B Shelar <pshelar@nicira.com>
Split large function ipaddr_list_or_flush into components.
Fix memory leak of address and link nlmsg info.
Avoid fetching address info if only flushing.
ip link has quadratic behavior because store_nlmsg()
has a head list pointer and search the end of list.
Provides a head/tail to cut time.
Time with 128000 net devices, to do "ip link show dev xxx"
Before: 2m3.594s
After: 0m2.830s
Signed-off-by: Eric Dumazet <edumazet@google.com>
Adds support for parsing IPv6 addresses to the parameters local and
remote in the l2tp commands. Requires netlink attributes L2TP_ATTR_IP6_SADDR
and L2TP_ATTR_IP6_DADDR, added in a required kernel patch already submitted
to netdev.
Also enables printing of IPv6 addresses returned by the L2TP_CMD_TUNNEL_GET
request.
Signed-off-by: Chris Elston <celston@katalix.com>
Signed-off-by: James Chapman <jchapman@katalix.com>
Reported by Robert Henney:
> the 'ip' man page does not mention the command "del" at all but does
> claim, "As a rule, it is possible to add, delete and show (or list ) objects".
> however, 'ip' does not always recognize "delete" as a commend.
>
> robh@debian:~$ ip tunnel delete
> Command "delete" is unknown, try "ip tunnel help".
Lets use "delete" in all calls to matches() for consistency. This will
make both "del" and "delete" work everywhere.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Adds support for parsing IPv6 addresses to the parameters local and
remote in the l2tp commands. Requires netlink attributes L2TP_ATTR_IP6_SADDR
and L2TP_ATTR_IP6_DADDR, added in a required kernel patch already submitted
to netdev.
Also enables printing of IPv6 addresses returned by the L2TP_CMD_TUNNEL_GET
request.
Signed-off-by: Chris Elston <celston@katalix.com>
Signed-off-by: James Chapman <jchapman@katalix.com>
Define where is the are located the iproute2 config files.
Get rid of trailing slashes for paths in several file.
Signed-off-by: Christoph J. Thompson <cjsthompson@gmail.com>
Hi,
I've attached a trivial patch for iproute2 to allow naming interfaces
created with "ip l2tp add session".
I believe patches should go through the netdev mailing list but this
patch is so small I figured that would just add noise. Hope that's OK.
Originally I thought I would need a bigger patch and was going to take a
stab at implementing something like
ip l2tp add tunnel L2TP_TUNNEL_ARGS
ip link add name NAME [ LINK_OPTS ] type l2tp L2TP_SESSION_ARGS
(a better interface IMHO) but all the code was there already, all that I
needed to add was option parsing.
Thanks,
João Valverde
From fd8c3b712527d2e959aeabc6f6b71a9910e7be7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Valverde?= <joao.valverde@ist.utl.pt>
Date: Mon, 26 Mar 2012 18:30:56 +0100
Subject: [PATCH] ipl2tp: allow setting session interface name
The kernel supports a link mode attribute (which can be dormant or default).
This attribute is used to control how the link watch engine
handles operstate transistion.
This adds a new parameter to ip link command to allow setting and
displaying the value.
---
There is nothing in the standard that says 0 can't be used as a key.
It makes sense to allow it. Also fix typo where ikey was printed for
when printing okey.
Change the order of evaluation of ip link type arguements to allow
changing parameters of gre tunnels.
The following wouldn't work:
# ip li add mytunnel type gretap remote 1.1.1.1 key 3
# ip li set mytunnel type gretap key 9
LIBNETLINK will be defined in the main Makefile, so
both ../lib/libnetlink.a ../lib/libutil.a will be
automatically appended during linking. Otherwise
../lib/libnetlink.a ../lib/libutil.a will appear
twice during linking.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
New "ip neigh show proxy" command now can show proxies which
were added with "ip neigh add proxy" command. Kernel code to
support this feature sent a bit earlier to netdev.
Signed-off-by: Tony Zelenoff <antonz@parallels.com>
Both rtnl_talk and rtnl_dump had a callback for handling portions
of netlink message that do not match the correct pid or seq.
But this callback was never used by any part of iproute2 so remove
it.
Add ip link command parsing for VF spoof checking enable/disable
V2 - Fixed problem with parsing of dump info on kernels that don't
support the spoof checking option and also wrapped the ifla_vf_info
structure in #ifdef __KERNEL__ to prevent user space from directly
accessing the structure
V3 - Improved parsing of vfinfo
V4 - Put Makefile back to proper list of subdirs
V5 - Remove struct ifla_vf_info, it is only used by the kernel
V6 - Make sure spoof check is reported by the driver - rtnl will set
it to -1 to indicate driver didn't report a value.
Signed-off-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Alternative fix to problem reported by: Bin Li
The issue is came from https://bugzilla.novell.com/show_bug.cgi?id=681952.
In any previous version (since suse ... 10.0?), ip addr add always returned
the error code 2 in case the ip address is already set on the interface:
inet 172.16.2.3/24 brd 172.16.2.255 scope global bond0
RTNETLINK answers: File exists
2
On 11.4, it returns the exit code 254:
inet 172.16.1.1/24 brd 172.16.1.255 scope global eth0
RTNETLINK answers: File exists
254
This of course causes ifup to return an error in this quite common case..
When changing ip6ip6 parameters (ip -6 tun change), ip passes zeroed
struct ip6_tnl_parm to the kernel. The kernel then tries to change all of
the tunnel parameters to the passed values, including zeroing of local and
remote address. This fails (-EEXIST in net/ipv6/ip6_tunnel.c:ip6_tnl_ioctl).
For other tunnel types, ip fetches the current parameters first and applies
the required changes on top of them. This patch applies the same code as in
ip/iptunnel.c to ip/ip6tunnel.c.
See http://bugzilla.redhat.com/730627 for the original bug report.
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Add bridge as a supported type with 'ip link' in usage and all the missing
types in 'ip' man page. Also fixed some typos.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Use O_EXCL so that we only create and mount a new network namespace
if there is no chance an existing network namespace is present.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
If libc has setns present use that version instead of
rolling the syscall wrapper by hand.
Dan McGee found the following compile error:
gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include
-DRESOLVE_HOSTNAMES -DLIBDIR=\"/usr/lib/\" -c -o ipnetns.o ipnetns.c
ipnetns.c:31:12: error: static declaration of ‘setns’ follows non-static
declaration
/usr/include/bits/sched.h:93:12: note: previous declaration of ‘setns’
was here
make[1]: *** [ipnetns.o] Error 1
Reported-by: Dan McGee <dan@archlinux.org>
Tested-by: Dan McGee <dan@archlinux.org>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
$ ip route help 2>&1 | grep monitor
ip route { add | del | change | append | replace | monitor } ROUTE
$ ip route monitor
Command "monitor" is unknown, try "ip route help".
(I guess what was really intended is "ip monitor route", so just remove
the argument from the help output.)
Originally reported by martin f krafft at http://bugs.debian.org/537681
While at it, also drop all non-existant (route,link,netns) monitor
arguments from the ip(8) man page.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
The goal of this code change is to implement a mechanism such that it is
simple to work with a kernel that is using multiple network namespaces
at once.
This comes in handy for interacting with vpns where there may be rfc1918
address overlaps, and different policies default routes, name servers
and the like.
Configuration specific to a network namespace that would ordinarily be
stored under /etc/ is stored under /etc/netns/<name>. For example if
the dns server configuration is different for your vpn you would create
a file /etc/netns/myvpn/resolv.conf.
File descriptors that can be used to manipulate a network namespace can
be created by opening /var/run/netns/<NAME>.
This adds the following commands to iproute.
ip netns add NAME
ip netns delete NAME
ip netns monitor
ip netns list
ip netns exec NAME cmd ....
ip link set DEV netns NAME
ip netns exec exists to cater the vast majority of programs that only
know how to operate in a single network namespace. ip netns exec
changes the default network namespace, creates a new mount namespace,
remounts /sys and bind mounts netns specific configuration files to
their standard locations.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
The ip(8) man page and the "ip xfrm [ XFRM-OBJECT ] help" command output
are updated to include missing options, fix errors, and improve grammar.
There are no functional changes made.
The documentation for the ip command has many different meanings for the
same formatting symbols (which really needs to be fixed). This patch makes
consistent use of brackets [ ] to indicate optional parameters, pipes | to
mean "OR", braces { } to group things together, and dashes - instead of
underscores _ inside of parameter names. The parameters are listed in the
order in which they are parsed in the source code.
There are several parameters and options that are still not mentioned or
need to be described more thoroughly in the "COMMAND SYNTAX" section of
the ip(8) man page. I would appreciate help from the developers with this.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Eric Dumazet a écrit :
> We currently use an expensive ioctl() to get device txqueuelen, while
> rtnetlink gave it to us for free. This patch speeds up ip link operation
> when many devices are registered.
>
Here is a 2nd version od this patch, not displaying "qlen 0" useless info
[PATCH iproute2] ip: Support IFLA_TXQLEN in ip link show command
We currently use an expensive ioctl() to get device txqueuelen, while
rtnetlink gave it to us for free. This patch speeds up ip link operation
when many devices are registered.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
If the continue is taken, then there is a memory leak.
https://bugzilla.novell.com/show_bug.cgi?id=538996
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Brandon Philips <bphilips@suse.de>
User can specify device group to list by using the group keyword:
ip link show group test
If no group is specified, 0 (default) is implied.
Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>
Hi,
here is a patch against iproute2 to allow user to set a state with a specific
auth length.
Example:
$ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000
auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel
$ ip xfrm state
src 10.16.0.72 dst 10.16.0.121
proto ah spi 0x10000000 reqid 0 mode tunnel
replay-window 0
auth-trunc hmac(sha256)
0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96
sel src 0.0.0.0/0 dst 0.0.0.0/0
Regards,
Nicolas
>From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Thu, 23 Dec 2010 06:48:12 -0500
Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo
Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify
truncation bits, so we add a new algo type: auth-trunc.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
The get_jiffies() function retrieves rtt-type values in units of
milliseconds. This patch updates the function name accordingly,
following the pattern given by dst_metric() <=> dst_metric_rtt().
Since July 2008 (2.6.27, c1e20f7c8b9), the kernel stores the values for
RTAX_{RTT{,VAR},RTO_MIN} in milliseconds. When using a kernel > 2.6.27 with
the current iproute2, conversion of these values is broken in either way.
This patch
* updates the code to pass and retrieve milliseconds;
* since values < 1msec would be rounded up, also drops the usec/nsec variants;
* since there is no way to query kernel HZ, also drops the jiffies variant.
Arguments such as
rtt 3.23sec
rto_min 0xff
rto_min 0.200s
rttvar 25ms
now all work as expected when reading back previously set values.
In the Linux kernel, ipsec policy and SAs can include a
security context to support MAC networking. This feature
is often referred to as "labeled ipsec".
This patchset adds security context support into ip xfrm
such that a security context can be included when
add/delete/display SAs and policies with the ip command.
The user provides the security context when adding
SAs and policies. If a policy or SA contains a security
context, the changes allow the security context to be displayed.
For example,
ip xfrm state
src 10.1.1.6 dst 10.1.1.2
proto esp spi 0x00000301 reqid 0 mode transport
replay-window 0
auth hmac(digest_null) 0x3078
enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
security context root:system_r:unconfined_t:s0
Please let me know if all is ok with the patchset.
Thanks!!
regards,
Joy
Signed-off-by: Joy Latten <latten@austin.ibm.com>
Add support for 'passthru' mode when creating a macvlan/macvtap device
which allows takeover of the underlying device and passing it to a KVM
guest using virtio with macvtap backend.
Only one macvlan device is allowed in passthru mode and it inherits
the mac address from the underlying device and sets it in promiscuous
mode to receive and forward all the packets.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Hi,
here is a patch against iproute2 to allow user to set a state with a specific
auth length.
Example:
$ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000
auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel
$ ip xfrm state
src 10.16.0.72 dst 10.16.0.121
proto ah spi 0x10000000 reqid 0 mode tunnel
replay-window 0
auth-trunc hmac(sha256)
0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96
sel src 0.0.0.0/0 dst 0.0.0.0/0
Regards,
Nicolas
>From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Thu, 23 Dec 2010 06:48:12 -0500
Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo
Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify
truncation bits, so we add a new algo type: auth-trunc.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
The get_jiffies() function retrieves rtt-type values in units of
milliseconds. This patch updates the function name accordingly,
following the pattern given by dst_metric() <=> dst_metric_rtt().
Since July 2008 (2.6.27, c1e20f7c8b9), the kernel stores the values for
RTAX_{RTT{,VAR},RTO_MIN} in milliseconds. When using a kernel > 2.6.27 with
the current iproute2, conversion of these values is broken in either way.
This patch
* updates the code to pass and retrieve milliseconds;
* since values < 1msec would be rounded up, also drops the usec/nsec variants;
* since there is no way to query kernel HZ, also drops the jiffies variant.
Arguments such as
rtt 3.23sec
rto_min 0xff
rto_min 0.200s
rttvar 25ms
now all work as expected when reading back previously set values.
In the Linux kernel, ipsec policy and SAs can include a
security context to support MAC networking. This feature
is often referred to as "labeled ipsec".
This patchset adds security context support into ip xfrm
such that a security context can be included when
add/delete/display SAs and policies with the ip command.
The user provides the security context when adding
SAs and policies. If a policy or SA contains a security
context, the changes allow the security context to be displayed.
For example,
ip xfrm state
src 10.1.1.6 dst 10.1.1.2
proto esp spi 0x00000301 reqid 0 mode transport
replay-window 0
auth hmac(digest_null) 0x3078
enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
security context root:system_r:unconfined_t:s0
Please let me know if all is ok with the patchset.
Thanks!!
regards,
Joy
Signed-off-by: Joy Latten <latten@austin.ibm.com>
Add the group keyword to ip link set, which has the following meaning:
If both a group and a device name are pressent, we change the device's
group to the specified one. If only a group is present, then the
operation specified by the rest of the command should apply on an entire
group, not a single device.
So, to set eth0 to the default group, one would use
ip link set dev eth0 group default
Conversely, to set all the devices in the default group down, use
ip link set group default down
Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>
Add the group keyword to ip link set, which has the following meaning:
If both a group and a device name are pressent, we change the device's
group to the specified one. If only a group is present, then the
operation specified by the rest of the command should apply on an entire
group, not a single device.
So, to set eth0 to the default group, one would use
ip link set dev eth0 group default
Conversely, to set all the devices in the default group down, use
ip link set group default down
Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>
User can specify device group to list by using the group keyword:
ip link show group test
If no group is specified, 0 (default) is implied.
Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>
This reverts commit 632110aa0d.
There seem to be some recent changes in the 802.1Qbh/bg specs which may
result in changes to this patch in the near future. It seems like its best
to ignore this patch for now.
I will re-spin at a later time when the changes in the specs converge.
BTW, Please let me know if I should CC netdev list and others on the
original email. I can resend this email.
Thanks,
Roopa
Resubmitting Scott Feldmans original patch with below changes
- Fix port profile strlen which was off by 1
- Added function to convert IFLA_PORT_RESPONSE codes to string
Add support for IFLA_VF_PORTS. VF port netlink msg layout is
[IFLA_NUM_VF]
[IFLA_VF_PORTS]
[IFLA_VF_PORT]
[IFLA_PORT_*], ...
[IFLA_VF_PORT]
[IFLA_PORT_*], ...
...
[IFLA_PORT_SELF]
[IFLA_PORT_*], ...
The iproute2 cmd line for link set is now:
Usage: ip link add link DEV [ name ] NAME
[ txqueuelen PACKETS ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
type TYPE [ ARGS ]
ip link delete DEV type TYPE [ ARGS ]
ip link set DEVICE [ { up | down } ]
[ arp { on | off } ]
[ dynamic { on | off } ]
[ multicast { on | off } ]
[ allmulticast { on | off } ]
[ promisc { on | off } ]
[ trailers { on | off } ]
[ txqueuelen PACKETS ]
[ name NEWNAME ]
[ address LLADDR ]
[ broadcast LLADDR ]
[ mtu MTU ]
[ netns PID ]
[ alias NAME ]
[ port MODE { PROFILE | VSI } ]
[ vf NUM [ mac LLADDR ]
[ vlan VLANID [ qos VLAN-QOS ] ]
[ rate TXRATE ]
[ port MODE { PROFILE | VSI } ] ]
ip link show [ DEVICE ]
TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | can }
MODE := { assoc | preassoc | preassocrr | disassoc }
PROFILE := profile PROFILE
[ instance UUID ]
[ host UUID ]
VSI := vsi mgr MGRID type VTID ver VER
[ instance UUID ]
Signed-off-by: Scott Feldman <scofeldm@cisco.com>
Signed-off-by: Roopa Prabhu <roprabhu@cisco.com>
This patch adds save and restore commands to "ip route". Save dumps
the RTNL stream to stdout which can then be passed to restore later.
This may be helpful in some normal situations, and will allow C/R to
migrate the routing information in userspace. Tweaking of the stream
can be done by userspace helpers to convert between versions and adjust
things like device indexes when restoring routes in a different
environment.
By factoring out some of the common bits of print_route() into
filter_nlmsg(), the "save" command can use the same selection logic
as "list," allowing the caller to save only specific routes as
necessary.
The only change since the RFC is the addition of manpage and doc
material.
Signed-off-by: Dan Smith <danms@us.ibm.com>
The default remains at 10 for backwards compatibility.
For instance:
# ip addr flush dev eth2
*** Flush remains incomplete after 10 rounds. ***
# ip -l 20 addr flush dev eth2
*** Flush remains incomplete after 20 rounds. ***
# ip -loops 0 addr flush dev eth2
#
This is useful for getting rid of large numbers of IP
addresses in scripts.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Add support for 'mode' parameter when creating a macvtap device.
This allows a macvtap device to be created in bridge, private or
the default vepa modes.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
-------------------------------------------------------------------
Acked-by: Arnd Bergmann <arnd@arndb.de>
Print GRE key as a regular number. It is not really an IPv4 address
and this is also how Cisco and Juniper treats GRE keys. Do keep the
parsing of dotted-quad format for backwards compatibility.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
Adds support for RTA_MARK rt attribute added in linux-2.6.36
$ ip route get ADDR mark 4
192.168.20.110 dev eth1 src 192.168.20.108 mark 4
cache mtu 1500 advmss 1460 hoplimit 64
$ ip route get 192.168.20.108 from ADDR iif STRING mark 256
local 192.168.20.108 from 192.168.20.110 dev lo src 192.168.20.108 mark 0x100
cache <local,src-direct> iif eth1
$ ip route list cache [ADDR] mark NUMBER
Hexadecimal output if mark >= 16
null marks are not displayed.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
iproute_get will return cloned routes for IPv4
and cloned as well non-cloned routes for IPv6.
Therefore RTM_F_CLONED flag should not be checked
for iproute_get routes. Check in print_route will
always fail because valid values are 0 and 1.
Signed-off-by: Ulrich Weber <uweber@astaro.com>
The old 'ip addr flush' logic had several flaws:
* It reversed logic for primary v/s secondary flags
(though, it sort of worked right anyway)
* The code tried to remove secondaries and then primaries,
but in practice, it always removed one primary per loop,
which not at all efficient.
* The filter logic in the core would run only the first
filter in most cases.
* If you used '-s -s', the ifa_flags member would be
modified, which could make future filters fail
to function fine.
This patch attempts to fix all of these issues.
Tested-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
The do_multirule logic was broken in batch mode because
it expected the preferred_family to be AF_INET or AF_INET6,
but it then assigned it to RTNL_FAMILY_IPMR or RTNL_FAMILY_IP6MR.
So, the next iteration of the batch processing, it failed
the check for AF_INET or AF_INET6.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Before IPv6 routing cache entries were always displayed
if additional tables beside MAIN and LOCAL are installed.
Signed-off-by: Ulrich Weber <uweber@astaro.com>
`ip -s link` shows interface counters truncated to 32 bit. This is
because interface statistics are transported only in 32-bit quantity
to userspace. This commit adds recognition for the new IFLA_STATS64
attribute that exports them in full 64 bit.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
The kernel interface changed just before 2.6.34 was released. This brings
iproute2 in line with the current changes. The VF portion of setlink is
comprised of a set of nested attributes.
IFLA_VFINFO_LIST (NESTED)
IFLA_VF_INFO (NESTED)
IFLA_VF_MAC
IFLA_VF_VLAN
IFLA_VF_TX_RATE
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
ip addrlabel outputs if%d names due to missing init call:
$ ip addrlabel s
prefix a::42/128 dev if4 label 1000
Also, ip did not accept "if%d" interfaces on input.
Signed-off-by: Florian Westphal <fw@strlen.de>
This patch fix two issues:
* If kernel is not supporting 6rd then ioctl() call
will return EINVAL, if so just skip perror call.
* 6rd scope is ipv6/ip tunnels. Dont try to fetch
6rd tunnel parms if tunnel protocol != IPPROTO_IPV6.
Signed-off-by: Alexandre Cassen <acassen@freebox.fr>
Allow ip to process all the file passed with the -batch argument when
is passed also the -force switch
Signed-off-by: Michele Petrazzo <michele.petrazzo@unipex.it>
This patch uses the new features of the kernel's netlink CAN interface
making the bus-error reporting configurable and allowing to retrieve
the CAN TX and RX bus error counters via netlink interface. Here is the
output of my test session showing how to use them:
# ip link set can0 up type can bitrate 500000 berr-reporting on
# ip -d -s link show can0
2: can0: <NOARP,UP,LOWER_UP,ECHO> mtu 16 qdisc pfifo_fast state UNKNOWN qlen 10
link/can
can <BERR-REPORTING> state ERROR-PASSIVE (berr-counter tx 128 rx 0) restart-ms 0
CAN bus error counter values ^^^^^^^^^^^
bitrate 500000 sample-point 0.875
tq 125 prop-seg 6 phase-seg1 7 phase-seg2 2 sjw 1
sja1000: tseg1 1..16 tseg2 1..8 sjw 1..4 brp 1..64 brp-inc 1
clock 8000000
re-started bus-errors arbit-lost error-warn error-pass bus-off
0 54101 0 1 1 0
RX: bytes packets errors dropped overrun mcast
432808 54101 54101 0 0 0
TX: bytes packets errors dropped carrier collsns
0 0 0 0 0 0
# ifconfig can0 down
# ip link set can0 up type can berr-reporting off
# candump -t d any,0:0,#FFFFFFFF
(0.000000) can0 20000004 [8] 00 08 00 00 00 00 60 00 ERRORFRAME
(0.000474) can0 20000004 [8] 00 20 00 00 00 00 80 00 ERRORFRAME
^^ ^^
\ \___ rxerr
\_____ txerr
Furthermore, the missing support for one-shot mode has been added.
Signed-off-by: Wolfgang Grandegger <wg@grandegger.com>
Add support to 'ip' for setting and showing SR-IOV virtual function
link parameters.
Signed-off-by: Mitch Williams <mitch.a.williams@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Add initrwnd option parsing to iproute. This option uses the new
rtnetlink init_rcvwnd to set the TCP initial receive window size
advertised by passive and active TCP connections.
Signed-off-by: Laurent Chavey <chavey@google.com>
This patch provides iproute2 facilities to configure 6rd tunnel. To
configure a 6rd tunnel, you need to configure a sit tunnel and set
6rd prefix as following :
ip tunnel add sit1 mode sit local a.b.c.d ttl 64
ip tunnel 6rd dev sit1 6rd-prefix xxxx:yyyy::/z
Optionally you can provide a relay prefix :
ip tunnel 6rd dev sit1 6rd-relay_prefix e.f.g.h/i
Finally you can reset previous tunnel settings :
ip tunnel 6rd dev sit1 6rd-reset
Signed-off-by: Alexandre Cassen <acassen@freebox.fr>
IPv6 addresses that have IFA_F_SECONDARY set are actually temporary addresses,
hence the IFA_F_TEMPORARY equivalent. Change the output in this case and
allow filtering on the word "temporary".
Signed-off-by: Brian Haley <brian.haley@hp.com>
Currently you can configure "equalize" and it looks all fine and dandy.
The kernel has the interface defined, but apparently there's never actually
been any implementation for it (only a never merged patch in the 2.4 era).
I'm suggesting to drop the code to give any potential users of this feature
the benefit of receiving a proper error message. I see it unlikely that
this will be implemented in the near future, but if it ever happens
reviving the iproute2 side should be as easy as git revert this patch.
For more details see http://bugs.debian.org/149897
Allow tmpl IP addresses to have a different family than
selector addresses. This is useful in conjunction with
XFRM_STATE_AF_UNSPEC.
Signed-off-by: Alex Badea <abadea@ixiacom.com>
Macvlan can now optionally support forwarding between its
ports, if they are in "bridge" mode. This adds support
for this option to "ip link add", "ip link set" and "ip
-d link show".
The default mode in the kernel is now "vepa" mode, meaning
"virtual ethernet port aggregator". This mode is used
together with the "hairpin" mode of an ethernet bridge
that the parent of the macvlan device is connected to.
All frames still get sent out to the external interface,
but the adjacent bridge is able to send them back on
the same wire in hairpin mode, so the macvlan ports
are able to see each other, which the bridge can be
configured to monitor and control traffic between
all macvlan instances. Multicast traffic coming in
from the external interface is checked for the source
MAC address and only delivered to ports that have not
yet seen it.
In bridge mode, macvlan will send all multicast traffic
to other interfaces that are also in bridge mode but
not to those in vepa mode, which get them on the way
back from the hairpin.
The third supported mode is "private", which prevents
communication between macvlans even if the adjacent
bridge is in hairpin mode. This behavior is closer to
the original implementation of macvlan but stricly
maintains isolation.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
David Miller wrote:
> From: Patrick McHardy <kaber@trash.net>
> Date: Mon, 30 Nov 2009 19:00:14 +0100
>
>> This patch contains iproute support for iprule oif classification
>> for the send-to-self RFC I just sent out.
>
> Patrick, you need to submit a new version of this patch with
> the FIB_RULE_* macro fixed, just like the kernel version got
> fixed.
Thanks for reminind me of this. New patch attached.
commit 0fe5164cbaa1d65dda341075710be71bf1f32d10
Author: Patrick McHardy <kaber@trash.net>
Date: Fri Dec 4 07:06:18 2009 +0100
iprule: add oif classification support
Signed-off-by: Patrick McHardy <kaber@trash.net>
This patch adds support for the VLAN loose binding flag that is
supported in net-next to iplink_vlan.
commit 870970deb6cbea7a5d4881bdd717304d5284d315
Author: Patrick McHardy <kaber@trash.net>
Date: Tue Dec 1 12:21:15 2009 +0100
iplink_vlan: add support for VLAN loose binding flag
Signed-off-by: Patrick McHardy <kaber@trash.net>
Unless promote_secondaries has been active deleting the primary address of
an interface will automatically delete all the secondary addresses.
In the case where ip flush requests the primary then secondary addresses to
be removed - which is the order the addresses are returned by the kernel -
this will cause an error as by the time the request to remove a secondary
address is made it will be missing as it will have been deleted in the
course of deleting the primary address.
This approach to solving this problem orders requests for the
deletion of secondary addresses before primary ones providing
rtnl_dump_filter_l(), a version of rtnl_dump_filter() that
iterates over a list of filters. And by providing two specialised
filters print_addrinfo_secondary() and print_addrinfo_primary().
rtnl_dump_filter_l() first iterates over all addresses using
print_addrinfo_secondary(), which appends secondary addresses to the
request buffer. Then again using print_addrinfo_primary() which appends
primary addresses.
This approach should work regardless of it promote_secondaries is
active or not. And regardless of if any primary of secondary addresses
are present or not.
Signed-off-by: Simon Horman <horms@verge.net.au>
The command "ip mroute show" will only show the first Oif.
mark@flappie:~$ ip mroute show
(192.168.1.1, 224.0.0.123) Iif: _rename Oifs: eth1
mark@flappie:~$ cat /proc/net/ip_mr_cache
Group Origin Iif Pkts Bytes Wrong Oifs
7B0000E0 0101A8C0 2 0 0 0 0:1 1:1
This shows 2 Oifs here. However, ipmroute.c, function read_mroute_list(), uses sscanf() with a %s mask for oiflist, which stops after the first whitespace (i.e. after Oif 0:1). The patch below fixes this to read until the newline (though I'm not sure whether this is the proper way to fix it).
After this patch:
mark@flappie:~/iproute-20090324/ip$ ./ip mroute show
(192.168.1.1, 224.0.0.123) Iif: _rename Oifs: eth1 eth0
This patch originally submitted as http://bugs.debian.org/550097
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Add IFA_F_DADFAILED flag to denote an IPv6 address that has
failed Duplicate Address Detection, that way tools like
/sbin/ip can be more informative.
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:db8::1/64 scope global tentative dadfailed
valid_lft forever preferred_lft forever
Signed-off-by: Brian Haley <brian.haley@hp.com>
- Parse and handle the hoplimit ip route option and add it to the usage
line and documentation.
- Add the missing reordering ip route option to the usage line.
- Add documentation for initcwnd ip route option.
Tested by setting hoplimit and retreiving it via "show".
Signed-off-by: Gilad Ben-Yossef <gilad@codefidence.com>
[ported to HEAD, fixed a bug with hoplimit lock handling, added documentation]
Signed-off-by: Ori Finkelman <ori@comsleep.com>
Signed-off-by: Yony Amit <yony@comsleep.com>
The iptables code supports a "no shared libs" mode where it can be used
without requiring dlfcn related functionality. This adds similar support
to iproute2 so that it can easily be used on systems like nommu Linux (but
obviously with a few limitations -- no dynamic plugins).
Rather than modify every location that uses dlfcn.h, I hooked the dlfcn.h
header with stub functions when shared library support is disabled. Then
symbol lookup is done via a local static lookup table (which is generated
automatically at build time) so that internal symbols can be found.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
It uses 1MB as receive buf limit by default (without
increasing /proc/sys/net/core/rmem_max it will be limited by less
however) and allows to specify the size manually using "-rcvbuf X"
(-r is already used, so you need to specify at least -rc).
Additionally rtnl_listen() continues on ENOBUFS after printing the
error message.
--Boundary-01=_wxi/JRaNdLkbr7g
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hi Stephen,
please review attached patch to add support for in-kernel potential router=
=20
lists for ISATAP tunnels.
Usage:
ip tunnel add name isatap0 mode isatap local 192.168.1.100
ip tunnel prl dev isatap0 prl-default 192.168.1.1
ip tunnel prl dev isatap0 prl-nodefault 192.168.1.2
ip tunnel prl dev isatap0 prl-delete 192.168.1.1
ip tunnel show # pr and pdr will be listed as well
Patch based on http://osprey67.com/seal/iproute2_diff.v0_3.txt by Fred L.=20
Templin.
Thanks,
Sascha
On tor, 2009-04-30 at 14:32 +0100, Timothy Baldwin wrote:
> Package: iproute
> Version: 20090324-1
> Severity: minor
>
>
> $ ip link set eth0 address help
> "help" is invalid lladdr.
> Segmentation fault
>
> Desipte the invalid command line arguments it shouldn't crash.
>
Callers need to check return value from ll_addr_a2n(). Patch below.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
When using iproute2 to display information on policies installed in kernel
(ip x p s) output is incorrect: IPv6 addresses printed as IPv4 addresses.
In case I am dealing with inter protocol policies where the template's address
family differs from those of the policy itself.
The patch attached solves this problem.
Hello Stephen,
thanks für the commit of my last CAN patch.
Today i got a hint, that the help text of 'ip link' can be improved also.
Many thanks!
Oliver
Signed-Off-By: Oliver Hartkopp <oliver@hartkopp.net>
t's not a big problem, but it makes a better show in 'ip link show' on
CAN interfaces :-)
I also moved __PF(CAN,can) in ll_proto.c to the same position where it
can be found in if_ether.h .
The only thing i did not know if the __PF(CAN,can) in ll_types.c needs
to be put in #ifdef ARPHDR_CAN like __PF(HWX25,hwx25) is or not. You
definitely know that better than me.
"ip -6 tunnel show" displays only ip6ip6 tunnels not ip4ip6 tunnels
- it should display all irrespective of proto.
This is because the default tunnel proto is initialized to IPPROTO_IPV6 in ip6_tnl_parm_init() which is fine for a 'add' command but not for 'show'. This patch overrides proto with 0 signifying 'mode any' as the default in case of a 'show'.
please commit my patch below to the iproutes package. It just an incorrect
check so that adding an isatap tunnel with remote works, since it's needed if
one wants to use stateless autoconf. The current check makes tunnel mode
isatap unusable for all client users.
Hello Stephen and netdev people!
Currently you can configure "equalize" and it looks all fine and dandy.
The kernel has the interface defined, but apparently there's never actually
been any implementation for it (only a never merged patch in the 2.4 era).
I'm suggesting to drop the code to give any potential users of this feature
the benefit of receiving a proper error message. I see it unlikely that
this will be implemented in the near future, but if it ever happens
reviving the iproute2 side should be as easy as git revert this patch.
For more details see http://bugs.debian.org/149897
Regards,
Andreas Henriksson
This patch adds prefix lables for "ip monitor all" command to simplfy
understanding of the output.
Signed-off-by: Varun Chandramohan <varunc@linux.vnet.ibm.com>
This patch adds exclusive support to enable monitoring
neighbour table entries in ip command.
Signed-off-by: Varun Chandramohan <varunc@linux.vnet.ibm.com>
patch attached this time..
On Fri, 2008-08-08 at 10:01 -0400, jamal wrote:
> wireless drivers using wext is a prime example if you need a test case.
>
> cheers,
> jamal
ip: Allow for easier debug of buggy devices that dont send their names
With the old message couldnt tell which device had the bug.
This patch provides at least an ifindex to narrow it down.
Theres also no point in bailing out because of one bug; we
allow it to go on so we could dump as much info as we can
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
(router solicitation) becomes negative
How reproducible:
Always.
Steps to Reproduce:
1. Configure an IPv6 router to advertise a prefix with a short preferred
lifetime, e.g. 0.
2. Wait for the IPv6 autoconfiguration process to complete for an interface
<if> connected to a link where that router advertises.
3. Run ip -6 show dev <if>.
Actual results:
The preferred lifetime will have become negative, but it is printed as an
unsigned integer. The preferred lifetime to be displayed will therefore be
close to UINT_MAX.
“ip maddr show” on an infiniband address causes a stack corruption
because the length of the address for Infiniband (20 bytes, as
described in kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.
The proposed patch increases the size of the hardware address from 4
__u32 to 8 and also adds a check to avoid overriding the available
size while parsing the hardware address.
This bug affects current upstream code AFAICT.
Hope this helps,
Cheers,
Olivier.
“ip maddr show ib0” causes a stack corruption because the length of the address
for Infiniband (20 see kernel doc Documentation/infiniband/ipoib.txt) does not
fit on the 16 bytes of the field in which it gets stored.
The proposed patch increases the size of the hardware address from 4 u32 to 8
and adds a check to avoid overriding the available size while parsing the
hardware address.
This patch adds support for configuring GRE tunnels using the
new rtnl_link interface. This only works on kernels that have
the new GRE configuration interface.
This is accessed through the "ip link" command. The previous
tunnel configuration interface "ip tunnel" remains as it is
and should be retained for compatibility with old kernels.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This patch adds support for configuring GRE tunnels using the
new rtnl_link interface. This only works on kernels that have
the new GRE configuration interface.
This is accessed through the "ip link" command. The previous
tunnel configuration interface "ip tunnel" remains as it is
and should be retained for compatibility with old kernels.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This is a variant of Patrick McHardy patch for help text.
Add help for ip link add and ip link delete.
The help conditional on what the kernel supports.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Fix confusing error message noticed by Martin Josefsson:
Fix typo noticed by Phil Oester: information vs. informatin
# ip link add
RTNETLINK answers: Operation not supported
The reason is missing device type information, refuse this and print a message.
Signed-off-by: Patrick McHardy <kaber@trash.net>
For some reason "ip link add help" is currently not supported when using
the new rtnl_link API. Fix that.
Signed-off-by: Patrick McHardy <kaber@trash.net>
This patch allows the user to create/manage AEAD algorithms with
the ip xfrm command. AEAD algorithms are also known as combined-
mode algorithms. They provide the functionality of encryption
algorithms as well as authentication algorithms.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Hello Rafael Almeida.
I noticed your patch adding DESTDIR support in the latest iproute2 release.
Much appreciated! Soon the debian packages might be able to move to actually
using "make install" rather then it's own installation procedure when
building packages. I've noticed something that will break though....
Debian packages usually sets DESTDIR=debian/tmp/ and packages the contents
of that directory as if it where the root file system. This will break
the /usr/lib/{tc,ip}/ module loading, because they DESTDIR (/usr) will be
/whatever-the-build-path-was/debian/tmp/lib/{tc,ip}/.
I beleive others usually call this the LIBDIR to make the separation between
DISTDIR being the (possibly temporary) place things are put when build is
done, and LIBDIR (and others) are used for actual runtime paths.
I'm attaching a patch that I think fixes this, but would be really happy if
you could have a look at to verify I'm not screwing something up.
--
Regards,
Andreas Henriksson
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
This is the patch for iproute for configuring GVRP.
commit 32143eed8b706e5c6554ab42903533b3bccdc060
Author: Patrick McHardy <kaber@trash.net>
Date: Thu Jul 3 19:05:09 2008 +0200
[IPROUTE]: iflink_vlan: support GVRP flag
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
On tis, 2008-07-22 at 20:21 +0200, martin f krafft wrote:
> piper:~|master|% sudo ip a flush dev eth0 >/dev/null
> Nothing to flush.
>
> It should just shut up, shouldn't it? :)
The patch below makes the "Nothing to flush" only visible when show
statistics flag is given, and then only to stdout rather then stderr.
$ sudo ./ip/ip -s addr flush dev skif
Nothing to flush.
$ sudo ./ip/ip addr flush dev skif
$
(See http://bugs.debian.org/492196 )
After changing the DESTDIR the installated binaries have some issues
due to hard coded paths. For example, using distributions on NetEm
would segfault.
I've changed iplink.c and tc_util.c so they are now aware of DESTDIR.
Along with that change I needed to change the main Makefile so it
defines the DESTDIR macro when calling gcc.
I also changed the paths so that during the installation sbin, etc,
share and lib directories are created directly inside of the DESTDIR,
instead of creating a usr directory inside that. That's the behaviour
of most packages out there, so I think most users will be expecting
that to happen.
The command "ip addrlabel add/del" displays incorrect error message when provided with insufficient inputs. This patch fixes it in par with "ip addr add/del".
Currently:
# ./ip addrlabel add
RTNETLINK answers: Numerical result out of range
# ./ip addr add
Not enough information: "dev" argument is required.
After patch:
# ./ip addrlabel add
Not enough information: "prefix" argument is required.
Signed-off-by: Varun Chandramohan <varunc@linux.vnet.ibm.com>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Hi Stephen,
I resend you this patch once more. This time I updated the documentation
too (may be that was the reason why you didn't take it before?).
Please tell me if there are other things missing in this patch
It applies on iproute2 git tree.
Regards,
Benjamin
Description:
------------
This patch adds support for the IFLA_NET_NS_PID type. It is used to
move network devices between network namespaces.
The syntax is:
ip link set DEVICE netns PID
PID is the pid of a process in the target network namespace.
(Daniel Lezcano is the original author).
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Benjamin Thery <benjamin.thery@bull.net>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Hi Stephen:
[IP] xfrm: Allow replay setting
For certain applications there is a requirement to start the
sequence number from a point other than the default. As it
is the kernel provides an interface to do that but it isn't
available through the ip(8) command. Since we're encouraging
people to migrate over to ip(8) for manual keying, it is useful
to have this ability there.
This patch adds support for setting replay sequence numbers
through ip(8).
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Thanks,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Add more aliases to synchronize IPv4 and IPv6 tunnel command, e.g.,
IPv4: hoplimit (alias to ttl), tclass (alias to tos)
IPv6: dsfield, tos (alias to tc, or tclass), ttl (alias to hoplimit)
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
The prefix bit lenght value was not updated, resulting in incorrect addrlabel
entry. This patch fixes that issue.
Signed-off-by: Varun Chandramohan <varunc@linux.vnet.ibm.com>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Some usages of rtnl_send could cause errors (ie flush requests)
others do a listen afterwards.
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Sorry. The pref and prio options are actually synonyms.
This reverts part of commit 576c63ee59.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Sorry. The pref and prio options are actually synonyms.
This reverts part of commit 576c63ee59.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Use santized kernel header for veth.h and put in correct place
to prevent possible future problems with API.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
This routine parses CLI attributes, describing generic link
parameters such as name, address, etc.
This is mostly copy-pasted from iplink_modify().
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Reported by: Satoru SATOH <satoru.satoh@gmail.com>
"ip route show" does not print correct value when larger rto_min is
set (e.g. 3sec).
This problem is because of overflow in print_route() and
the patch below is a workaround fix for that.
[root test]# ./iproute2.git.org/ip/ip route show dev eth1
192.168.140.0/24 proto kernel scope link src 192.168.140.130
169.254.0.0/16 scope link
[root test]# ./iproute2.git.org/ip/ip route change 192.168.140.0/24
dev eth1 rto_min 3s
[root test]# ./iproute2.git.org/ip/ip route show dev eth1
192.168.140.0/24 scope link rto_min lock 2ms <-- wrong
169.254.0.0/16 scope link
[root test]# ./iproute2.git/ip/ip route show dev eth1 # patched version
192.168.140.0/24 scope link rto_min lock 3000ms <-- correct
169.254.0.0/16 scope link
This is a simpler fix.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
This patch includes support for the Intra-Site Automatic Tunnel
Addressing Protocol (ISATAP) per RFC4214.
The following diffs are specific to the iproute2-2.6.23
software distribution. This message includes the full and
patchable diff text; please use this version to apply patches.
Signed-off-by: Fred L. Templin <fred.l.templin@boeing.com>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Arkadiusz Miskiewicz wrote:
> People are reporting that
>> ip link set multicast on dev eth0 (Invalid argument)
>> no longer works when using iproute 2.6.23 on kernel 2.6.21.
>>
>> On my testing machine it also fails:
>> # ./ip link set eth0 multicast on
>> RTNETLINK answers: Invalid argument
It seems it fails to properly detect that your kernel is missing
RTM_NEWLINK support. Apparently the reason is that the kernels
I tested with return a different error in this situation.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
If a dotted quad ikey is specified for GRE tunnels, it gets set as the
okey instead. This patch fixes it. (http://bugs.debian.org/200714)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Add src option to route help text (http://bugs.debian.org/226142).
Add prio option to rule prio help text (http://bugs.debian.org/213673).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Fix typo in ss manpage.
Make the backslash visible in ip manpage (http://bugs.debian.org/285507).
Strict syntax for ip addr advice in error message.
Fix typo in libnetlink(3) manpage (writen -> written).
Fix typos in tc-prio(8) manpage.
Fix typo in tc-htb(8) manpage (mininum -> minimum).
Fix typo in tc-cbq-details(8) manpage (occured -> occurred).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Andreas Henriksson wrote:
> From: Alexander Wirt <formorer@debian.org>
>
>
> Signed-off-by: Andreas Henriksson <andreas@fatal.se>
> ---
> ip/iplink.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/ip/iplink.c b/ip/iplink.c
> index 4060845..da1f64e 100644
> --- a/ip/iplink.c
> +++ b/ip/iplink.c
> @@ -670,6 +670,10 @@ static int do_set(int argc, char **argv)
> }
>
> if (newname && strcmp(dev, newname)) {
> + if (strlen(newname) == 0) {
> + printf("\"\" is not valid device identifier\n");
> + return -1;
> + }
Indentation fixed, same change for the non-ioctl case, use invarg.
While I'm at it I also fixed the error message for "name too long",
*argv is NULL at this point.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Spotted by Aleš Kozumplík <al_es@seznam.cz>
(http://bugs.debian.org/289225)
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
If a zero-length string is given, it is not rejected by
netlink in kernel so catch it at command line.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Based on patch from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>.
Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Enable users of ip to specify the times for rtt, rttvar and rto_min
in human-friendly terms a la "tc" while maintaining backwards
compatability with the previous "raw" mechanism. Builds upon
David Miller's uncommited patch to set rto_min.
Signed-off-by: Rick Jones <rick.jones2@hp.com>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Making veth a shared library for ip caused build problems (not PIC)
and is unneeded.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Fix xfrm state or policy flush message.
And minor updates are included:
o Use static buffer to show unknown value as string.
o Show policy type (ptype) only when kernel specified it.
o Clean-up xfrm_monitor.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
o Support policy flag with string format.
Note that kernel defines only one name "localok" for the flag
and it has not had any effect currently.
o Support state flag value XFRM_STATE_NOPMTUDISC.
o Fix to show detailed flags value when "-s" option is used.
o Fix minor typo.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Remove unused or redundant usage for xfrm_filter.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
The usage is
# ip link add [name] type veth [peer <name>] [mac <mac>] [peer_mac <mac>]
This version doesn't include the fix for ip/iplink.c as Patrick
said that he had included it into his patches already.
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
This is a resend of the iproute VLAN patch with the if_link.h changes
edited out since the headers are already synced.
[IPROUTE]: VLAN support
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
This patch fixes a bug in the 'ip' command to display
IPv6 cloned routes.
ip -6 route ls cache
returns empty even when there are cloned routes because of
of a missing else in print_route() routine.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Add support for using netlink for link configuration. Kernel-support is
probed, when not available it falls back to using ioctls.
Signed-off-by: Patrick McHardy <kaber@trash.net>
The new command is called "veth" with the following syntax:
* ip veth add <dev1> <dev2>
creates interconnected pair of veth devices.
* ip veth del <dev>
destroys the pair of veth devices, where <dev> is either
<dev1> or <dev2> used to create the pair.
One question that is to be solved is whether or not to create
a hard-coded netlink family for veth driver. Without it the
family resolution code has to be moved to general place in ip
utility (by now it is copy-paste-ed from one file to another
till final decision).
Signed-off-by: Pavel Emelianov <xemul@openvz.org>
Use the FRA attributes for routing rules, with exception of RTA_GATEWAY
(used for route-NAT) which isn't supported by current kernels anymore
and thus doesn't exist as FRA attribute.
Signed-off-by: Patrick McHardy <kaber@trash.net>
keep people from screwing their systems with routef
minor patch here ... if you run `routef --help`,
it'll turn around and flush your routing tables anyways :)
so patch will have routef output usage if any arguments are given,
otherwise it'll flush the tables ... idea is from Lars Strojny
In order to support these new flags add current
linux/if.h into the directory with the local copies.
This caused troubles with outdated redefinitions from net/if.h
so I've removed the dependency on it.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Need to use correct XFRMA_ constants.
Get rid of bogus casts. Fix case where no attribute returned.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
and heres the SPD version ...
cheers,
jamal
[XFRM] see SPD info
i.e instead of something like ip xfrm policy ls | grep -i src | wc -l
do:
ip xfrm policy count
And you get the count; you can also pass -s or -s -s to see more
details
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Stephen,
Use this patch instead of the one i sent yesterday.
As before, you will need to pull include/linux/xfrm.h from
net-2.6 once Dave applies the kernel patch.
cheers,
jamal
[XFRM] see SAD info
i.e instead of something like ip xfrm state ls | grep -i src | wc -l
do:
ip xfrm state count
And you get the count; you can also pass -s to the command line and
get the hash info.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
cheers,
jamal
[ALL] update rest to use nl_mgrp
Signed-off-by: J Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Hi,
This patch enables ip command to add IFA_F_HOMEADDRESS and
IFA_F_NODAD flags while adding the IPv6 address.
Signed-off-by: Noriaki TAKAMIYA<takamiya@po.ntts.co.jp>
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Stephen,
I will wait until you sync all these patches ive sent; then send a
couple more then i will be done.
cheers,
jamal
[XFRM] update xfrm monitoring to use nl_mgrp
Signed-off-by: J Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
To support Mobile IPv6 RO, the following extension is included:
o Use XFRM_MODE_XXX macro instead of magic number
o New attribute option for all state: source address for
deleting or getting message
o New attribute options for RO: care-of address, last-used timestamp
and wild-receive flag
Note:
Flush command like `ip xfrm state flush` is to remove all XFRM state.
It has been effected for IPsec SAD but with this patch it flushes both
IPsec SAD and Mobile IPv6 RO states.
To make only IPsec SA flush, it is recommanded to specify each XFRM
protocol like below:
`ip x s f proto esp ; ip x s f proto ah ; ip x s f proto comp`
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Fix ip6tunnel.c to be fit with current ip command style.
Unlike other modules currently iptunnel (and ip6tunnel) is not
designed as protocol-independent because of unarranged structure
between IPv4 and IPv6.
Usage: ip -f inet6 tunnel { add | change | del | show } [ NAME ]
[ remote ADDR local ADDR ] [ dev PHYS_DEV ]
[ encaplimit ELIM ]
[ hoplimit HLIM ] [ tc TC ] [ fl FL ]
[ dscp inherit ]
Where: NAME := STRING
ADDR := IPV6_ADDRESS
ELIM := { none | 0..255 }(default=4)
HLIM := 0..255 (default=64)
TC := { 0x0..0xff | inherit }
FL := { 0x0..0xfffff | inherit }
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
This file (ip6tunnel.c) is renamed from ipv6tunnel.c which is imported
from usagi cvs tree. It is originally ported by MIPL to work on their
2.4 kernel patch (MIPL1).
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Split common functions like ioctl to export them.
This is a preparation to support to configure IPv6-over-IPv6 tunnel.
This patch also includes minor improvemen:
o to stop to include unused headers
o to change function static if it is not needed to be exported
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Patch which allows for setting SA and SP also for
new IPSec mode BEET, beside tunnel and transport, according to the latest
changes in the kernel you can find at the following link:
Signed-off-by: Diego Beltrami <diego.beltrami@gmail.com>
Signed-off-by: Miika Komu <miika@iki.fi>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
[IPROUTE]: Fix struct alignment with cris architecture
gcc for the cris arch does not pad structures to the next multiple of 4
bytes, as the i386 gcc does.
This causes errors like this when displaying xfrm policies:
# ip x p
!!!Deficit 3, rta_len=300
src 192.168.251.32/29 dst 192.168.251.32/29
dir in priority 0
!!!Deficit 3, rta_len=180
src 0.0.0.0/0 dst 192.168.251.32/29
dir in priority 2208
....
Similar errors are seen from ip x s.
This patch fixes the errors when printing. I'm not sure whether we
should worry about other uses of the affected structs, I've not seen any
other bad effects from this though, so hopefully this is enough.
(Thanks to Herbert Xu for pointing out that NLMSG_SPACE is the correct
macro to use here.)
Tested against 2.6.17.6 kernel on i386, and 2.6.16.1 kernel on cris.
Signed-off-by: Andy Gay <andy@andynet.net>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
[IPROUTE]: Add support for larger number of routing tables
Support support for 2^32 routing tables by using the new RTA_TABLE
attribute for specifying tables > 255 and intepreting it if it is
sent by the kernel.
When tables > 255 are used on a kernel not supporting it an error will
occur because of the unknown netlink attribute.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
[IPROUTE]: Preparation for 32 bit table IDs
The route table filter uses an integer for the table number and the value
-1 to represent cloned routes. For 32 bit table IDs it needs to become an
unsigned, so this won't work anymore. Introduce a new filter flag "cloned"
and use instead of filter.tb = -1.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
table from the route type. This doesn't really work anymore now that IPv6
supports multiple tables. Add detection for IPv6 multiple table support
(relying on the fact that the first routes dumped belong to the local table
and have rtm_table == RT_TABLE_LOCAL with multiple tables) and handle it
like other protocols.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Vince Worthington wrote:
> Hello,
>
> We've been working with a customer of ours who was experiencing some
> latency issues, and in the process of helping them solve their problem
> we found that adding the ability to adjust the Initial Max Congestion
> Window size on a route, they were able to tune their routes to perform
> more favorably in their mixed Linux and Solaris environment. There
> were a couple of other tuning steps necessary as well but we did find
> that the ability to set a larger initial max congestion window size
> was helpful in making Linux behave more like Solaris in low-latency
> situations.
>
> The kernel already supports this route attribute, this patch simply
> adds the option to iproute.c to provide a means to set it from userspace.
>
> I've attached the patch we used in test builds of the iproute packages
> we distribute in RHEL3 and RHEL4 for your consideration for possible
> acceptance and inclusion in iproute. Please let us know if there is
> any further information you would need or if there is a more
> appropriate venue to submit this patch.
>
> Thanks,
> Vince Worthington
> Red Hat, Inc.
Stephen,
I apologize for the last patch I sent not applying cleanly to the latest
iproute2 sources. I realized that this might impede any
review/acceptance of the patch and created a separate patch against the
20060323 build of iproute2, which seems to be the latest (by looking at
the website).
The previous patch wouldn't apply cleanly due to the label of the
ssthresh argument being corrected from REALMS to NUMBER.
Please let us know if there is any other information or assistance we
can be with this patch submission.
Thanks
Vince
/sbin/ifcfg: line 25: [: too many arguments
/sbin/ifcfg: line 26: [: -ge: unary operator expected
/sbin/ifcfg: line 27: [: -ge: unary operator expected
/sbin/ifcfg: line 28: [: -ge: unary operator expected
might i suggest the attached patch
-mike
addresses. Specifically it does not correctly handle the addition of
new entries in the neighbor/arp table. For example, this command will
fail:
ip neigh add 192.168.0.138 lladdr
00:00:04:04:fe:80:00:00:00:00:00:00:00:01:73:00:00:00:8a:91 nud
permanent dev ib0
An IPoIB link layer address is 20-bytes (see
http://www.ietf.org/internet-drafts/draft-ietf-ipoib-ip-over-infiniband-09.txt,
section 9.1.1).
The command line parsing code expects link layer addresses to be a
maximum of 16-bytes. Addresses over 16-bytes are truncated.
It fixes flush feature for IPsec(ip xfrm).
Jamal gave me comment about it. I've tested it on 2.6.11.7.
Please find the log below, check code and pull it:
bk://bk.skbuff.net:38000/iproute2-xfrm-flush
ChangeSet@1.182, 2005-04-13 21:19:44+09:00, nakam@linux-ipv6.org
[ip] add "deleteall" command for xfrm;
"flush" uses kernel's flush interface and
"deleteall" uses legacy iproute2's flush feature like
getting-and-deleting-for-each.
