This patch allows setting VXLAN destination to unicast address.
It allows that VXLAN can be used as peer-to-peer tunnel without
multicast.
v6: change back to the v3 except for using new attribute because
replacing command-line parameters breaks existing scripts,
based by Cong Wang's comments.
v5: rebase on the latest.
v4: replace "group" with "remote" based by David Stevens's comments.
v3: move a new attribute REMOTE into the last of an enum list
based by Stephen Hemminger's comments.
fix the usage to show explicitly that both "remote" and "group"
cannot be specified, based by Ben Hutchings's comments.
v2: use a new argument "remote" instead of "group" based by
Stephen Hemminger's comments.
Signed-off-by: Atzm Watanabe <atzm@stratosphere.co.jp>
The netns code was using EXIT_SUCCESS/EXIT_FAILURE but the rest of the ip
code used -1 explictly, so change to follow convention. Also, certain types
of errors like fork failure should abort a batch operation, rather than just
returning an error.
These do nothing on an 80-column display. They were clearly somebody's
boilerplate way of setting up hanging indents, but the syntax lines
are way too short to require them. And since most were argumentless
they would have been no-ops on any sized display.
The ip link command line help and the ip-link.8.in
man page are outdated in regards to the vxlan support.
The patch updates both the command line help for the
ip command and its man page.
Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
The bridge fdb command line help and the bridge.8
man page are outdated in regards to the vxlan support.
The patch updates both the command line help for the
bridge command and its man page.
Signed-off-by: Thomas Richter <tmricht@linux.vnet.ibm.com>
execvp() does not return when the command succeed, hence all commands in the
batch file after the line 'ip netns exec' are not executed.
Let's fork before calling execvp() if batch mode is used..
Example:
$ cat test.batch
netns add netns1
netns exec netns1 ip l
netns
$ ip -b test.batch
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT
link/sit 0.0.0.0 brd 0.0.0.0
All command after 'netns exec' are never executed.
With the patch:
$ ip -b test.batch
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: sit0: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT
link/sit 0.0.0.0 brd 0.0.0.0
netns1
Now, existing netns are displayed.
Signed-off-by: JunweiZhang <junwei.zhang@6wind.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Without patch, I got:
# ./ip/ip tunnel show
ip_vti0: ioctl 89f4 failed: Invalid argument
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
this is due to VTI_ISVTI has the same numeric value with SIT_ISATAP,
but only sit tunnel has SIOCGETPRL, therefore it should check for SIT
tunnel first.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <amwang@redhat.com>
The command synopsis is regularized and part of it split off into an
OPTIONS section. This allows the page to lift to XML-DocBook.
An invalid \p escape was removed.
This page was written by someone who didn't understand the use of
definite and indefinite articles in English, nor its punctuation rules.
I've fixed these mistakes, and some glitches in punctuation and
capitalization.
Allow ss -i to display more TCP informations :
unacked:N Number of un-acked packets
retrans:X/Y X: number of outstanding retransmit packets
Y: total number of retransmits for the session
lost:N Number of lost packets (tcpi_lost)
sacked:N Number of sacked packets (tcpi_sacked)
facked:N Number of facked packets (tcpi_facked)
reordering:N Reordering level (if different of 3)
Example :
$ ss -emoi dst 10.7.7.83
tcp ESTAB 0 1154056 10.7.7.84:54127 10.7.7.83:34342
timer:(on,200ms,0) ino:57003 sk:ffff88063c51d0c0 <->
skmem:(r0,rb89280,t0,tb2097152,f726504,w1436184,o0,bl0) ts sack cubic
wscale:7,6 rto:310 rtt:107.375/1 mss:1448 cwnd:568 ssthresh:108 send
61.3Mbps unacked:568 retrans:0/21 reordering:127 rcv_space:29200
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Enclosed patch fixes inappropriate uses of the .SS macro. Fuller explanation
in the change comment.
There are other problems in these pages that block lifting to
XML-DocBook, most notably in the command synopses. They will take
some creativity to fix. I'm working on it
>From 75745adba4b45b87577b61a2daa886dd444f44da Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Fri, 21 Jun 2013 15:27:38 -0400
Subject: [PATCH] Abolish presentation-level misuse of the .SS macro.
This change fixes most (but not all) fatal errors in attempts to lift
the iproute2 manual pages to XML-DocBook. Where .SS is still used it
is a real subsection header, not just a way to outdent and bold text.
Presentation-level instances are turned into .TP calls and tables.
This patch adds quickack option to enable/disable TCP quick ack
mode for per-route.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Cong Wang <amwang@redhat.com>
On Mon, 2013-06-03 at 16:36 +0100, Ben Hutchings wrote:
> Oops, I read this as being strtol() currently, not strtod(). Currently
> '1.5gbit' will work, but this change will break that. So I think you
> need to keep bps as a double.
Arg
> Then here I think the check should be *rate != floor(bps), i.e. accept
> rounding down of a non-integer number of bytes but any other change is
> assumed to be overflow.
Thanks Ben, here is v4 then ;)
[PATCH v4] get_rate: detect 32bit overflows
Current rate limit is 34.359.738.360 bit per second, and
unfortunately 40Gbps links are above it.
overflows in get_rate() are currently not detected, and some
users are confused. Let's detect this and complain.
Note that some qdisc are ready to get extended range, but this will
need additional attributes and new iproute2
With help from Ben Hutchings
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Ben Hutchings <bhutchings@solarflare.com>
"tc class show dev ..." omits the overhead attribute for HTB.
After patch I have :
tc class add dev $DEV parent 1: classid 1:1 est 1sec 4sec htb \
rate 12Mbit mtu 1500 quantum 1514 overhead 20
tc class show dev $DEV
class htb 1:1 root prio 0 rate 12000Kbit overhead 20 ceil 12000Kbit
burst 1500b cburst 1500b
Signed-off-by: Eric Dumazet <edumazet@google.com>
A netlink socket may be connected to a specific group.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
It will be reused for printing info about netlink sockets, when
socket diag is used for retrieving information.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Andrey Vagin <avagin@openvz.org>
tv_usec is "suseconds_t" which is apparently usually
a signed long, but sometimes not....
Change the printf modifier to use signed and
cast the tv_usec to long in case it's not already long.
gcc -Wall -Wstrict-prototypes -Werror -Wmissing-prototypes -Wmissing-declarations -Wold-style-definition -O2 -I../include -DRESOLVE_HOSTNAMES -DLIBDIR=\"/usr/lib\" -DCONFDIR=\"/etc/iproute2\" -D_GNU_SOURCE -fPIC -c -o utils.o utils.c
utils.c: In function 'print_timestamp':
utils.c:802:2: error: format '%lu' expects argument of type 'long unsigned int', but argument 4 has type '__suseconds_t' [-Werror=format]
cc1: all warnings being treated as errors
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Use IFLA_AF_SPEC nested attributes to lookup bridge mode and when
doing strcmp() check for equality.
These appear to be typos from the original commit,
commit 64108901b7
Author: Vlad Yasevich <vyasevic@redhat.com>
Date: Fri Mar 15 10:01:28 2013 -0700
bridge: Add support for setting bridge port attributes
Also set flags to BRIDGE_FLAGS_SELF instead of using OR operation.
This allows setting the bridge mode when not being used with a
master device.
To allow setting both master and self devices simultaneously we
will need to add a {self|master} field similar to fdb commands.
For now the command sets are mutually exclusive as noted in the
original commit.
With this patch 'bridge link set' works now,
# ./bridge/bridge link set dev veth1 cost 3
# ./bridge/bridge link show
10: veth1 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 3 cost 3
CC: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
This patch adds multi_queue option to ip tuntap.
This allows IFF_MULTI_QUEUE flag to be specified during
tun/tap device creation enabling multi-queue support in tun/tap
device.
Example: ip tuntap add dev tap0 mode tap multi_queue
Signed-off-by: Sriram Narasimhan <sriram.narasimhan@hp.com>
When extended info is requested (-e option) one will be able to observe
arrows in the output, like this:
ESTAB 0 0 127.0.0.1:41705 127.0.0.1:12345 ino:143321 sk:ffff88003a8cea00 -->
ESTAB 0 0 127.0.0.1:46925 127.0.0.1:12346 ino:143322 sk:ffff88003a8ce4c0 <--
ESTAB 0 0 127.0.0.1:51678 127.0.0.1:12347 ino:143323 sk:ffff88003a8cdf80 ---
ESTAB 0 0 127.0.0.1:46911 127.0.0.1:12348 ino:143324 sk:ffff88003b7f05c0 <->
for SHUT_RD, SHUT_WR, SHUT_RDWR and non-shutdown sockets respectively.
The respective nlattrs in *_diag messages has appeared in Linux v3.7 and
are already present in ss's headers.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
This patch add support of netlink messages for AF_PACKET and thus it allows
to get filter information of this kind of sockets.
To dump these filters info the option --bfp must be specified and the user
must have admin rights.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This is now possible, because the dump function has been added in kernel.
Note that IPv4 and IPv6 entries are displayed.
Before this patch, only all entries were displayed.
Example:
$ ip netconf
ipv4 dev lo forwarding on rp_filter off mc_forwarding 0
ipv4 dev eth0 forwarding on rp_filter off mc_forwarding 1
ipv4 all forwarding on rp_filter off mc_forwarding 1
ipv4 default forwarding on rp_filter off mc_forwarding 0
ipv6 dev lo forwarding on mc_forwarding 0
ipv6 dev eth0 forwarding on mc_forwarding 0
ipv6 all forwarding on mc_forwarding 0
ipv6 default forwarding on mc_forwarding 0
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
For the display part, we print extra-flags only if show_stats is set, like for
standard flags.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This change shifts burden onto the users to choose the UDP port value.
Kernel default value is incorrect UDP port 5287 but now there is
an official assigned port for VXLAN.
The kernel can't change because of legacy compatibility
but new deployments should not use the legacy port value.
This patch allows setting the "NTF_ROUTER" flag in VXLAN forwarding table
entries to enable L3 switching for router destinations while still allowing
L2 redirection appliances for non-router MAC destinations.
Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>
ss -i can output "fastopen" attribute if socket used Fast Open
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
iproute2 patch to generalize VXLAN forwarding tables
This is the iproute2 support allowing an administrator to specify alternate
ports, vnis and outgoing interfaces for VXLAN device forwarding tables.
Changes since v3: changed NDA_PORT to be 16-bit network byte order to match
changed byte-order/size in the VXLAN driver.
Signed-Off-By: David L Stevens <dlstevens@us.ibm.com>
Add ability to set UDP destination port on a per device basis.
If no port is assigned, the default IANA assigned port will be used.
If you want the kernel default value, then use port 0.
Source port range option is now called 'srcport', to avoid
confusion. The old option syntax is accepted for compatiablity.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds support for tokenized IIDs, that enable
administrators to assign well-known host-part addresses
to nodes whilst still obtaining global network prefix
from Router Advertisements. This is the iproute2 part for
the kernel patch f53adae4eae5 (``net: ipv6: add tokenized
interface identifier support'').
Example commands with iproute2:
Setting a device token:
# ip token set ::1a:2b:3c:4d/64 dev eth1
Getting a device token:
# ip token get dev eth1
token ::1a:2b:3c:4d dev eth1
Listing all tokens:
# ip token list (or: ip token)
token :: dev eth0
token ::1a:2b:3c:4d dev eth1
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
