Pull in the latest rdma_netlink.h which has support for
the rdma nldev resource tracking objects being added
with this patch series.
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Add initial support for oneline mode in tc; actions, filters and qdiscs
will be gradually updated in the follow-up patches.
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Jon Maloy says:
====================
1: We introduce ability to set/get 128-bit node identities
2: We rename 'net id' to 'cluster id' in the command API,
of course in a compatible way.
3: We print out all 32-bit node addresses as an integer in hex format,
i.e., we remove the assumption about an internal structure.
====================
Signed-off-by: David Ahern <dsahern@gmail.com>
A problem was reported with parsing of prefixes all/any/default.
Commit 7696f1097f fixes the problem,
but there were also other pathces applied:
00b31a6b2e, which were intended to
fix the same problem. And they became redundant now. This patch
reverts changes introduced by those redundant patches.
Signed-off-by: Alexander Zubkov <green@msu.ru>
Use strlcpy to avoid cases where sizeof(buf) == strlen(buf)
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Fixes warnings about strncpy size by using strlcpy.
tunnel.c: In function ‘tnl_gen_ioctl’:
tunnel.c:145:2: warning: ‘strncpy’ specified bound
16 equals destination size [-Wstringop-truncation]
strncpy(ifr.ifr_name, name, IFNAMSIZ);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This fixes new gcc warning about possible string overflow.
mdb.c: In function ‘__print_router_port_stats’:
mdb.c:61:11: warning: ‘%.2i’ directive output may be truncated
writing between 2 and 7 bytes into a region of size
between 0 and 4 [-Wformat-truncation=]
"%4i.%.2i", (int)tv.tv_sec,
^~~~
Note: already fixed in iproute2-next.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Since a node address now per definition is only an unstructured 32-bit
integer it makes no sense print it out as a structured string.
In this commit, we replace all occurrences of "<Z.C.N>" printouts with
just an "%x".
Acked-by: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
We add the possibility to set and get a 128 bit node identifier, as
an alternative to the legacy 32-bit node address we are using now.
We also add an option to set and get 'clusterid' in the node. This
is the same as what we have so far called 'netid' and performs the
same operations. For compatibility the old 'netid' commands are
retained, -we just remove them from the help texts.
Acked-by: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Convert ip l2tp to use JSON output routines.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
GhantaKrishnamurthy MohanKrishna
says:
====================
The following patchset add user space TIPC socket diagnostics support
in ss tool of iproute2. It requires the sock_diag framework
for AF_TIPC support in the kernel, commit id: c30b70deb5f
(tipc: implement socket diagnostics for AF_TIPC).
tipc socket stats are requested with the "--tipc" option. Additional
tipc specific info are requested with "--tipcinfo" option.
This patchset is based on top of iproute2 v4.15.0-100-g4f63187
commitid: f85adc6. It has been co-authored by
Parthasarathy Bhuvaragan.
Example output (the first socket is the internal topology server)
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 16781313:2809484547 - ino:13348 sk:4 users:(("tipc-pipe",pid=292,fd=3))
LISTEN 0 0 16781313:4117673024 - ino:13346 sk:5 users:(("tipc-pipe",pid=291,fd=3))
ESTAB 0 0 16781313:484097386 16781313:3203149317 ino:13345 sk:6 users:(("tipc-pipe",pid=294,fd=4))
LISTEN 0 0 16781313:2438310591 - ino:13344 sk:7 users:(("tipc-pipe",pid=294,fd=3),("tipc-pipe",pid=290,fd=3))
LISTEN 0 0 16781313:2658440413 - ino:12368 sk:3
ESTAB 0 0 16781313:3203149317 16781313:484097386 ino:13349 sk:8 users:(("tipc-pipe",pid=293,fd=3))
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 16781313:2809484547 -
type:RDM cong:none drop:0 publ
LISTEN 0 0 16781313:4117673024 -
type:SEQPACKET cong:none drop:0 publ
ESTAB 0 0 16781313:484097386 16781313:3203149317
type:STREAM cong:none drop:0 via {1000,1000}
LISTEN 0 0 16781313:2438310591 -
type:STREAM cong:none drop:0 publ
LISTEN 0 0 16781313:2658440413 -
type:SEQPACKET cong:none drop:0 publ
ESTAB 0 0 16781313:3203149317 16781313:484097386
type:STREAM cong:none drop:0 via {1000,1000}
====================
Signed-off-by: David Ahern <dsahern@gmail.com>
For iproute 4.x
Allow TIPC socket statistics to be dumped with --tipc
and tipc specific info with --tipcinfo.
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: GhantaKrishnamurthy MohanKrishna <mohan.krishna.ghanta.krishnamurthy@ericsson.com>
Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Use a table for database name parsing. The tricky bit is to allow for
association of a (nearly) arbitrary number of DBs with each name.
Luckily the number is not fully arbitrary as there is an upper bound of
MAX_DB items. Since it is not possible to have a variable length
array inside a variable length array, use this knowledge to make the
inner array of fixed length. But since DB values start from zero, an
explicit end entry needs to be present as well, so the inner array has
to be MAX_DB + 1 in size.
Signed-off-by: Phil Sutter <phil@nwl.cc>
The original problem was that a simple call to 'ss' leads to loading of
sctp_diag kernel module which might not be desired. While searching for
a workaround, it became clear how inconvenient it is to exclude a single
socket table from being queried.
This patch allows to prefix an item passed to '-A' parameter with an
exclamation mark to inverse its meaning.
Signed-off-by: Phil Sutter <phil@nwl.cc>
ip vrf exec requires root or CAP_NET_ADMIN, CAP_SYS_ADMIN and
CAP_DAC_OVERRIDE. It is not possible to run unprivileged commands like
ping as non-root or non-cap-enabled due to this requirement.
To allow users and administrators to safely add the required
capabilities to the binary, drop all capabilities on start if not
invoked with "vrf exec".
Update the manpage with the requirements.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The problematic bit was the 'expr: expr expr' rule. Fix this by making
'expr' token represent a single filter only and introduce a new token
'exprlist' to represent a combination of filters.
Signed-off-by: Phil Sutter <phil@nwl.cc>
This has to be a second match statement to the same u32 filter, not a
second one (which tc-filter doesn't support at all).
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Roman Mashak reported that ss currently shows no output when it
should continuously report information about terminated sockets
(-E, --events switch).
This happens because I missed this case in 691bd854bf ("ss:
Buffer raw fields first, then render them as a table") and the
rendering function is simply not called.
To fix this, we need to:
- call render() every time we need to display new socket events
from generic_show_sock(), which is only used to follow events.
Always call it even if specific socket display functions
return errors to ensure we clean up buffers
- get the screen width every time we have new events to display,
thus factor out getting the screen width from main() into a
function we'll call whenever we calculate columns width
- reset the current field pointer after rendering, more output
might come after render() is called
Reported-by: Roman Mashak <mrv@mojatatu.com>
Fixes: 691bd854bf ("ss: Buffer raw fields first, then render them as a table")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.
Recently behavior of "default" prefix parameter was corrected. But at
the same time behavior of "all"/"any" was altered too, because they
were the same branch of the code. As those parameters mean different,
they need to be treated differently in code too. This patch reflects
the difference.
Also after mentioned change, address parsing code was changed more
and address family was set explicitly even for "all"/"any" addresses.
And that broke matching conditions further. This patch fixes that too
and returns AF_UNSPEC to "all"/"any" address.
Now "default" is treated as top-level prefix (for example 0.0.0.0/0 in
IPv4) and "all"/"any" always matches anything in exact, root and match
modes.
Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Alexander Zubkov <green@msu.ru>
The compat_rev field does not exists in old versions of iptables.
e.g. iptables 1.4.
Fixes: dd29621578 ("tc: add em_ipt ematch for calling xtables matches from tc matching context")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
In iproute2 package, the updates of UAPIs files are performed
after the needed feature lands in kernel's net-next tree.
Such development flow created delays to the rdma tool developers,
who uses rdma-next tree as a basis for their work.
Move RDMA UAPI file to be under rdma/ folder, so whole responsibility
of syncing this file will be on them.
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Reviewed-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
NTF_EXT_LEARNED can be set by a user on bridge fdb entry.
Provide a bridge command option to allow a user to set
NTF_EXT_LEARNED on a bridge fdb entry.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.
Recently behavior of "default" prefix parameter was corrected. But at
the same time behavior of "all"/"any" was altered too, because they
were the same branch of the code. As those parameters mean different,
they need to be treated differently in code too. This patch reflects
the difference.
Also after mentioned change, address parsing code was changed more
and address family was set explicitly even for "all"/"any" addresses.
And that broke matching conditions further. This patch fixes that too
and returns AF_UNSPEC to "all"/"any" address.
Now "default" is treated as top-level prefix (for example 0.0.0.0/0 in
IPv4) and "all"/"any" always matches anything in exact, root and match
modes.
Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Alexander Zubkov <green@msu.ru>
Enable proper JSON output support for fq_codel in `tc -s qdisc` output.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David Ahern <dsahern@gmail.com>
Add missing documentation of the memory_limit fq_codel parameter and the
ce_threshold codel and fq_codel parameters.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: David Ahern <dsahern@gmail.com>
Conflicts:
bridge/mdb.c
Updated bridge/bridge.c per removal of check_if_color_enabled by commit
1ca4341d2c ("color: disable color when json output is requested")
Signed-off-by: David Ahern <dsahern@gmail.com>
This reverts commit 9135c4d603.
Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.
Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Stephen Hemminger says:
====================
From: Stephen Hemminger <sthemmin@microsoft.com>
Some more JSON support and report better error if kernel
is configured without multicast.
====================
Signed-off-by: David Ahern <dsahern@gmail.com>
