Add missing usage help for devlink dev eswitch subcommand.
Signed-off-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Or Gerlitz <ogerlitz@mellanox.com>
In case of an older kernel that doesn't set L2TP_ATTR_UDP_ZERO_CSUM6_{RX,TX}
the old hard-coded value is being preserved, since the attribute flag will be
missing.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@asbjorn.st>
L2TP_ATTR_UDP_CSUM is read by the kernel as a NLA_FLAG value,
but is validated as a NLA_U8, so we will write it as an u8,
but the value isn't actually being read by the kernel.
It is written by the kernel as a NLA_U8, so we will read as
such.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@asbjorn.st>
L2TP_ATTR_RECV_SEQ and L2TP_ATTR_SEND_SEQ are declared as NLA_U8
attributes in the kernel, so let's threat them accordingly.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@asbjorn.st>
udp6_csum_{tx,rx}, tunnel and session are the only ones
currently used.
recv_seq, send_seq, lns_mode and data_seq are partially
implemented in a useless way.
Signed-off-by: Asbjørn Sloth Tønnesen <asbjorn@asbjorn.st>
Fixes commit 246f57c4086d99fa ("ip link: Add support for kernel
side filtering").
This patch reduce the size of message sent to kernel space. Before this
patch, for command: 'ip link show', we will sent 1056 bytes. With this
patch, we only need to send 40 bytes.
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
In the situation where more than one entry live in the same hash bucket,
loop to get the correct one.
Before:
$ cat /etc/iproute2/group
0 default
256 test
$ sudo ip link set group test dummy1
$ ip link show type dummy
11: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group 0 qlen 1000
link/ether 4e:3b:d3:6c:f0:e6 brd ff:ff:ff:ff:ff:ff
12: dummy1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group test qlen 1000
link/ether d6:9c:a4:1f:e7:e5 brd ff:ff:ff:ff:ff:ff
After:
$ ip link show type dummy
11: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 4e:3b:d3:6c:f0:e6 brd ff:ff:ff:ff:ff:ff
12: dummy1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group test qlen 1000
link/ether d6:9c:a4:1f:e7:e5 brd ff:ff:ff:ff:ff:ff
Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
Adjusting iproute2 utility to support new macvlan link type mode called
"source".
Example of commands that can be applied:
ip link add link eth0 name macvlan0 type macvlan mode source
ip link set link dev macvlan0 type macvlan macaddr add 00:11:11:11:11:11
ip link set link dev macvlan0 type macvlan macaddr del 00:11:11:11:11:11
ip link set link dev macvlan0 type macvlan macaddr flush
ip -details link show dev macvlan0
Based on previous work of Stefan Gula <steweg@gmail.com>
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Cc: steweg@gmail.com
v5:
- rebase and fix checkpatch
v4:
- add MACADDR_SET support
- skip FLAG_UNICAST / FLAG_UNICAST_ALL as this is not upstream
- fix man page
Commit 7b8179c780 ("iproute2: Add new command to ip link to
enable/disable VF spoof check") tried to add support for
IFLA_VF_SPOOFCHK in a backwards-compatible manner, but aparently overdid
it: parse_rtattr_nested() handles missing attributes perfectly fine in
that it will leave the relevant field unassigned so calling code can
just compare against NULL. There is no need to layback from the previous
(IFLA_VF_TX_RATE) attribute to the next to check if IFLA_VF_SPOOFCHK is
present or not. To the contrary, it establishes a potentially incorrect
assumption of these two attributes directly following each other which
may not be the case (although up to now, kernel aligns them this way).
This patch cleans up the code to adhere to the common way of checking
for attribute existence. It has been tested to return correct results
regardless of whether the kernel exports IFLA_VF_SPOOFCHK or not.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Greg Rose <grose@lightfleet.com>
This makes use of the sctp_diag interface recently added to the kernel.
Joint work with Xin Long who provided the PoC implementation which I
merely polished up a bit.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Remove left over usage from removal of eth_type argument.
Fixes: 488b41d020 ('tc: flower no need to specify the ethertype')
Signed-off-by: Paul Blakey <paulb@mellanox.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Abstract unix domain socket may embed null characters,
these should be translated to '@' when printed by ss the
same way the null prefix is currently being translated.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Both types have been missing here and thus ip always showed
only the numbers.
Based on a suggestion from Alexander Aring.
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Since 5cd1adba79 ("Update to current iptables headers") compilation
of iproute2 broke for systems without iptables-devel package [1].
Reason is that even though we fall back to build m_ipt.c, the include
depends on a xtables-version.h header, which only ships with
iptables-devel. Machines not having this package fail compilation with:
[...]
CC m_ipt.o
In file included from ../include/iptables.h:5:0,
from m_ipt.c:17:
../include/xtables.h:34:29: fatal error: xtables-version.h: No such file or directory
compilation terminated.
../Config:31: recipe for target 'm_ipt.o' failed
make[1]: *** [m_ipt.o] Error 1
The configure script only barks that package xtables was not found in
the pkg-config search path. The generated Config then only contains f.e.
TC_CONFIG_IPSET. In tc's Makefile we thus fall back to adding m_ipt.o
to TCMODULES. m_ipt.c then includes the local include/iptables.h header
copy, which includes the include/xtables.h copy. Latter then includes
xtables-version.h, which only ships with iptables-devel.
One way to resolve this is to skip this whole mess when pkg-config has
no xtables config available. I've carried something along these lines
locally for a while now, but it's just too annyoing. :/ Build works fine
now also when xtables.pc is not available.
[1] http://www.spinics.net/lists/netdev/msg366162.html
Fixes: 5cd1adba79 ("Update to current iptables headers")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Discovered by Phil's covscan. The final return statement is never reached.
This is not inherently clear from looking at the code, so change the
conditional to a switch() statement which should clarify this.
CC: Phil Sutter <phil@nwl.cc>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Phil Sutter <phil@nwl.cc>
Recently a new per-port flag was added which controls the flooding of
unknown multicast, this patch adds support for controlling it via iproute2.
It also updates the man pages with information about the new flag.
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Add support for controling hardware offload using (now standard)
skip_sw and skip_hw flags in cls_bpf.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
When I did the per-vlan stats iproute2 support, I left out a hunk from a
previous version of the patch that was using a special subcommand "stats".
Since the latest version uses the -s switch remove the help for the stats
subcommand.
Fixes: 7abf5de677 ("bridge: vlan: add support to display per-vlan statistics")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Adjusting iproute2 utility to support new macvlan link type mode called
"source".
Example of commands that can be applied:
ip link add link eth0 name macvlan0 type macvlan mode source
ip link set link dev macvlan0 type macvlan macaddr add 00:11:11:11:11:11
ip link set link dev macvlan0 type macvlan macaddr del 00:11:11:11:11:11
ip link set link dev macvlan0 type macvlan macaddr flush
ip -details link show dev macvlan0
Based on previous work of Stefan Gula <steweg@gmail.com>
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Cc: steweg@gmail.com
sudo $TC filter add dev $ETH parent ffff: prio 2 protocol ip \
u32 match u32 0 0 flowid 1:1 \
action ok
sudo $TC filter add dev $ETH parent ffff: prio 1 protocol ip \
u32 match ip protocol 1 0xff flowid 1:10 \
action ok
now dump to see all rules..
$TC -s filter ls dev $ETH parent ffff: protocol ip
....
filter pref 1 u32
filter pref 1 u32 fh 801: ht divisor 1
filter pref 1 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:10 (rule hit 0 success 0)
match 00010000/00ff0000 at 8 (success 0 )
action order 1: gact action drop
random type none pass val 0
index 6 ref 1 bind 1 installed 4 sec used 4 sec
Action statistics:
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
filter pref 2 u32
filter pref 2 u32 fh 800: ht divisor 1
filter pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 (rule hit 336 success 336)
match 00000000/00000000 at 0 (success 336 )
action order 1: gact action pass
random type none pass val 0
index 5 ref 1 bind 1 installed 38 sec used 4 sec
Action statistics:
Sent 24864 bytes 336 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
....
..get filter 801::800
$TC -s filter get dev $ETH parent ffff: protocol ip \
handle 801:0:800 prio 2 u32
....
filter parent ffff: protocol ip pref 1 u32 fh 801::800 order 2048 key ht 801 bkt 0 flowid 1:10 (rule hit 260 success 130)
match 00010000/00ff0000 at 8 (success 130 )
action order 1: gact action drop
random type none pass val 0
index 6 ref 1 bind 1 installed 348 sec used 0 sec
Action statistics:
Sent 11440 bytes 130 pkt (dropped 130, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
....
..get other one
$TC -s filter get dev $ETH parent ffff: protocol ip \
handle 800:0:800 prio 2 u32
....
filter parent ffff: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1 (rule hit 514 success 514)
match 00000000/00000000 at 0 (success 514 )
action order 1: gact action pass
random type none pass val 0
index 5 ref 1 bind 1 installed 506 sec used 4 sec
Action statistics:
Sent 35544 bytes 514 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
....
..try something that doesnt exist
$TC -s filter get dev $ETH parent ffff: protocol ip handle 800:0:803 prio 2 u32
.....
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
.....
Note, added NLM_F_ECHO is for backward compatibility. old kernels never
before Eric's patch will not respond without it and newer kernels (after Erics patch)
will ignore it.
In old kernels there is a side effect:
In addition to a response to the GET you will receive an event (if you do tc mon).
But this is still better than what it was before (not working at all).
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
