Ben Hutchings pointed out that the return value of do_netns is passed
to exit and the current convention of returning -1 for failure is
inconsitent with that reality.
Return EXIT_FAILURE instead of -1 and EXIT_SUCCESS instead of 0. To make
it clear that the return codes are expected to be passed to exit.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Some systems are now following the advice in
linux/Documentation/sharedsubtrees.txt and running with all mount
points shared between all mount namespaces by default.
After creating the mount namespace call mount on / with
MS_SLAVE|MS_REC to modify all mounts in the new mount namespace to
slave mounts if they are shared or private mounts otherwise.
Guarnateeing that changes to the mount namespace created with
"ip netns exec" don't propgate to other namespaces.
Reported-by: Petr Šabata <contyk@redhat.com>
Tested-by: Petr Šabata <contyk@redhat.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Clang doesn't support the gcc extension for embeddeding flexible arrays
inside of structures. Use the slightly more portable alloca().
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Fixes breakage with xtables API starting with version 1.4.10
Signed-off-by: Hasan Chowdhury <shemonc@gmail.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
If an error occurs in a man subdir, make sure we propagate it back up.
While we're here, merge the duplicate rules into one.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The man dir misses the man7 as a subdir which means none of the pages
get installed.
URL: https://bugs.gentoo.org/451166
Reported-by: Marcin Mirosław <bug@mejor.pl>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Commit v3.7.0~10 caused the variable new PKG_CONFIG variable never
to be present at the time of calling make, leading to tc/m_xt.so
not linked with -lxtables (result from pkg-config xtables --libs),
that in turn leading to
tc: symbol lookup error: /usr/lib64/tc//m_xt.so: undefined symbol:
xtables_init_all
Fixing that.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
The lib makefile doesn't include Config which means it misses
setting up toolchain vars that it includes.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
The layout of this file uses functions to update Config. Move the
toolchain logic to the same style to fix setting the vars in Config.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
mroute was using /proc/net/ip_mr_[vif|cache] to display mroute entries. Hence,
only RT_TABLE_DEFAULT was displayed and only IPv4.
With rtnetlink, it is possible to display all tables for IPv4 and IPv6. The output
format is kept. Also, like before the patch, statistics are displayed when user specify
the '-s' argument.
The patch also adds the support of 'ip monitor mroute', which is now possible.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This patch implements `bridge monitor mdb`.
Cc: Stephen Hemminger <shemminger@vyatta.com>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Cong Wang <amwang@redhat.com>
This patch implements:
bridge mdb { add | del } dev DEV port PORT grp GROUP
Cc: Stephen Hemminger <shemminger@vyatta.com>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Cong Wang <amwang@redhat.com>
This patch adds a new flag to iproute2 for vxlan devices to enable
DOVE features. It also adds support for L2 and L3 switch lookup miss
netlink messages to "ip monitor".
Changes since v2: fix merge conflict
Changes since v1:
- split "dove" flag into separate feature flags:
- "proxy" for ARP reduction
- "rsc" for route short circuiting
- "l2miss" for L2 switch miss notifications
- "l3miss" for L3 switch miss notifications
Signed-off-by: David L Stevens <dlstevens@us.ibm.com>
This patch allows to manage ip tunnels via the interface ip link.
The syntax for parameters is the same that 'ip tunnel'.
It also allows to display tunnels parameters with 'ip -details link' or
'ip -details monitor link'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
This patch allows to manage ip6 tunnels via the interface ip link.
The syntax for parameters is the same that 'ip -6 tunnel'.
It also allows to display tunnels parameters with 'ip -details link' or
'ip -details monitor link'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Example of the output:
$ ip monitor netconf&
[1] 24901
$ echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
ipv6 dev lo forwarding off
ipv6 dev eth0 forwarding off
ipv6 all forwarding off
$ echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
ipv4 dev eth0 forwarding on
$ ip -6 netconf
ipv6 all forwarding on mc_forwarding 0
$ ip netconf show dev eth0
ipv4 dev eth0 forwarding on rp_filter off mc_forwarding 1
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Minor cleanup of original patch, made sure netconf.h matched
result of santized kernel headers
The debian package checking tool, lintian, spotted that the
tc ematch manpage seems to have an error in the specified section.
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Sample output:
# ./bridge/bridge mdb show dev br0
bridge br0 port eth1 group 224.8.8.9
bridge br0 port eth0 group 224.8.8.8
# ./bridge/bridge -d mdb show dev br0
bridge br0 port eth1 group 224.8.8.9
bridge br0 port eth0 group 224.8.8.8
router ports on br0: eth0
Signed-off-by: Cong Wang <amwang@redhat.com>
Currently the default filter lists TCP sockets only which is
rather confusing especially when the '-a/--all' flag is used.
This patch changes the default to include all sockets, imitating
netstat(8) behavior.
Signed-off-by: Petr Šabata <contyk@redhat.com>
Acked-by: David S. Miller <davem@davemloft.net>
The canid ematch has been added in commit:
7b5f30e Ematch used to classify CAN frames according to their identifiers
But the corresponding entry in etc/iproute2/ematch_map was lost. This patch
adds the missing entry in ematch_map, otherweise tc would complain:
Error: Unable to find ematch "canid" in /etc/iproute2/ematch_map
Please assign a unique ID to the ematch kind the suggested entry is:
7 canid
Signed-off-by: Rostislav Lisovy <lisovy@gmail.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
When tclass or flowlabel field were updated, we only performed an OR with the
new value. For example, it was not possible to reset tclass:
ip -6 tunnel change ip6tnl2 tclass 0
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Flag IP6_TNL_F_IGN_ENCAP_LIMIT is set when encaplimit is none, but it was not
removed if encaplimit was set on update (ip tunnel change).
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
When tclass or flowlabel field were updated, we only performed an OR with the
new value. For example, it was not possible to reset tclass:
ip -6 tunnel change ip6tnl2 tclass 0
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Flag IP6_TNL_F_IGN_ENCAP_LIMIT is set when encaplimit is none, but it was not
removed if encaplimit was set on update (ip tunnel change).
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Hello!
While building the iproute package in Debian I get warnings from
package helpers like this:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/iproute/sbin/tc debian/iproute/usr/bin/lnstat debian/iproute/bin/ip debian/iproute/bin/ss debian/iproute/sbin/bridge debian/iproute/sbin/rtmon were not linked against libresolv.so.2 (they use none of the library's symbols)
The -lresolv in ./Makefile seems to come from pre-historic times (before
iproute2 git history, possibly from libc5/pre-glibc days).
I couldn't find out if/why there was any reason for linking to libresolv.
Does anyone know if there are any valid reasons for keeping it still?
If not, I'd be happy to see it go.... while at it I also removed includes
of <resolv.h> which I also couldn't find any reason for, but this is
just an added bonus of the patch (and there are probably more unneeded
includes that could be dropped in the same sources).
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
