From 4ee770eec965835bc44d21eb7d07f73a1a45e697 Mon Sep 17 00:00:00 2001 From: Leon Romanovsky Date: Thu, 1 Nov 2018 10:35:05 +0200 Subject: [PATCH 01/10] rdma: Refresh help section of resource information After commit 4060e4c0d257 ("rdma: Add PD resource tracking information"), the resource information shows PDs and MRs, but help pages didn't fully reflect it. Signed-off-by: Leon Romanovsky Reviewed-by: Steve Wise Signed-off-by: Stephen Hemminger --- rdma/res.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/rdma/res.c b/rdma/res.c index 0d8c1c38..cbb2efe6 100644 --- a/rdma/res.c +++ b/rdma/res.c @@ -16,13 +16,17 @@ static int res_help(struct rd *rd) { pr_out("Usage: %s resource\n", rd->filename); pr_out(" resource show [DEV]\n"); - pr_out(" resource show [qp|cm_id]\n"); + pr_out(" resource show [qp|cm_id|pd|mr|cq]\n"); pr_out(" resource show qp link [DEV/PORT]\n"); pr_out(" resource show qp link [DEV/PORT] [FILTER-NAME FILTER-VALUE]\n"); pr_out(" resource show cm_id link [DEV/PORT]\n"); pr_out(" resource show cm_id link [DEV/PORT] [FILTER-NAME FILTER-VALUE]\n"); pr_out(" resource show cq link [DEV/PORT]\n"); pr_out(" resource show cq link [DEV/PORT] [FILTER-NAME FILTER-VALUE]\n"); + pr_out(" resource show pd dev [DEV]\n"); + pr_out(" resource show pd dev [DEV] [FILTER-NAME FILTER-VALUE]\n"); + pr_out(" resource show mr dev [DEV]\n"); + pr_out(" resource show mr dev [DEV] [FILTER-NAME FILTER-VALUE]\n"); return 0; } From 39776a8665f2db1255ebed1f7cc992f69437bc36 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 5 Nov 2018 08:37:41 -0800 Subject: [PATCH 02/10] uapi: update headers to 4.20-rc1 Signed-off-by: Stephen Hemminger --- include/uapi/linux/bpf.h | 142 ++++++++++++++++++++++++++++++++++- include/uapi/linux/elf-em.h | 1 + include/uapi/linux/if_link.h | 1 + include/uapi/linux/magic.h | 1 + include/uapi/linux/netlink.h | 1 + include/uapi/linux/sctp.h | 1 + 6 files changed, 145 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index abb7f774..2bbe33db 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -103,6 +103,7 @@ enum bpf_cmd { BPF_BTF_LOAD, BPF_BTF_GET_FD_BY_ID, BPF_TASK_FD_QUERY, + BPF_MAP_LOOKUP_AND_DELETE_ELEM, }; enum bpf_map_type { @@ -127,6 +128,9 @@ enum bpf_map_type { BPF_MAP_TYPE_SOCKHASH, BPF_MAP_TYPE_CGROUP_STORAGE, BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, + BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE, + BPF_MAP_TYPE_QUEUE, + BPF_MAP_TYPE_STACK, }; enum bpf_prog_type { @@ -461,6 +465,28 @@ union bpf_attr { * Return * 0 on success, or a negative error in case of failure. * + * int bpf_map_push_elem(struct bpf_map *map, const void *value, u64 flags) + * Description + * Push an element *value* in *map*. *flags* is one of: + * + * **BPF_EXIST** + * If the queue/stack is full, the oldest element is removed to + * make room for this. + * Return + * 0 on success, or a negative error in case of failure. + * + * int bpf_map_pop_elem(struct bpf_map *map, void *value) + * Description + * Pop an element from *map*. + * Return + * 0 on success, or a negative error in case of failure. + * + * int bpf_map_peek_elem(struct bpf_map *map, void *value) + * Description + * Get an element from *map* without removing it. + * Return + * 0 on success, or a negative error in case of failure. + * * int bpf_probe_read(void *dst, u32 size, const void *src) * Description * For tracing programs, safely attempt to read *size* bytes from @@ -1432,7 +1458,7 @@ union bpf_attr { * Return * 0 on success, or a negative error in case of failure. * - * int bpf_skb_adjust_room(struct sk_buff *skb, u32 len_diff, u32 mode, u64 flags) + * int bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags) * Description * Grow or shrink the room for data in the packet associated to * *skb* by *len_diff*, and according to the selected *mode*. @@ -2143,6 +2169,94 @@ union bpf_attr { * request in the skb. * Return * 0 on success, or a negative error in case of failure. + * + * struct bpf_sock *bpf_sk_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u32 netns, u64 flags) + * Description + * Look for TCP socket matching *tuple*, optionally in a child + * network namespace *netns*. The return value must be checked, + * and if non-NULL, released via **bpf_sk_release**\ (). + * + * The *ctx* should point to the context of the program, such as + * the skb or socket (depending on the hook in use). This is used + * to determine the base network namespace for the lookup. + * + * *tuple_size* must be one of: + * + * **sizeof**\ (*tuple*\ **->ipv4**) + * Look for an IPv4 socket. + * **sizeof**\ (*tuple*\ **->ipv6**) + * Look for an IPv6 socket. + * + * If the *netns* is zero, then the socket lookup table in the + * netns associated with the *ctx* will be used. For the TC hooks, + * this in the netns of the device in the skb. For socket hooks, + * this in the netns of the socket. If *netns* is non-zero, then + * it specifies the ID of the netns relative to the netns + * associated with the *ctx*. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_NET** configuration option. + * Return + * Pointer to *struct bpf_sock*, or NULL in case of failure. + * + * struct bpf_sock *bpf_sk_lookup_udp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u32 netns, u64 flags) + * Description + * Look for UDP socket matching *tuple*, optionally in a child + * network namespace *netns*. The return value must be checked, + * and if non-NULL, released via **bpf_sk_release**\ (). + * + * The *ctx* should point to the context of the program, such as + * the skb or socket (depending on the hook in use). This is used + * to determine the base network namespace for the lookup. + * + * *tuple_size* must be one of: + * + * **sizeof**\ (*tuple*\ **->ipv4**) + * Look for an IPv4 socket. + * **sizeof**\ (*tuple*\ **->ipv6**) + * Look for an IPv6 socket. + * + * If the *netns* is zero, then the socket lookup table in the + * netns associated with the *ctx* will be used. For the TC hooks, + * this in the netns of the device in the skb. For socket hooks, + * this in the netns of the socket. If *netns* is non-zero, then + * it specifies the ID of the netns relative to the netns + * associated with the *ctx*. + * + * All values for *flags* are reserved for future usage, and must + * be left at zero. + * + * This helper is available only if the kernel was compiled with + * **CONFIG_NET** configuration option. + * Return + * Pointer to *struct bpf_sock*, or NULL in case of failure. + * + * int bpf_sk_release(struct bpf_sock *sk) + * Description + * Release the reference held by *sock*. *sock* must be a non-NULL + * pointer that was returned from bpf_sk_lookup_xxx\ (). + * Return + * 0 on success, or a negative error in case of failure. + * + * int bpf_msg_push_data(struct sk_buff *skb, u32 start, u32 len, u64 flags) + * Description + * For socket policies, insert *len* bytes into msg at offset + * *start*. + * + * If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a + * *msg* it may want to insert metadata or options into the msg. + * This can later be read and used by any of the lower layer BPF + * hooks. + * + * This helper may fail if under memory pressure (a malloc + * fails) in these cases BPF programs will get an appropriate + * error and BPF programs will need to handle them. + * + * Return + * 0 on success, or a negative error in case of failure. */ #define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -2228,7 +2342,14 @@ union bpf_attr { FN(get_current_cgroup_id), \ FN(get_local_storage), \ FN(sk_select_reuseport), \ - FN(skb_ancestor_cgroup_id), + FN(skb_ancestor_cgroup_id), \ + FN(sk_lookup_tcp), \ + FN(sk_lookup_udp), \ + FN(sk_release), \ + FN(map_push_elem), \ + FN(map_pop_elem), \ + FN(map_peek_elem), \ + FN(msg_push_data), /* integer value in 'imm' field of BPF_CALL instruction selects which helper * function eBPF program intends to call @@ -2398,6 +2519,23 @@ struct bpf_sock { */ }; +struct bpf_sock_tuple { + union { + struct { + __be32 saddr; + __be32 daddr; + __be16 sport; + __be16 dport; + } ipv4; + struct { + __be32 saddr[4]; + __be32 daddr[4]; + __be16 sport; + __be16 dport; + } ipv6; + }; +}; + #define XDP_PACKET_HEADROOM 256 /* User return codes for XDP prog type. diff --git a/include/uapi/linux/elf-em.h b/include/uapi/linux/elf-em.h index 31aa1017..93722e60 100644 --- a/include/uapi/linux/elf-em.h +++ b/include/uapi/linux/elf-em.h @@ -41,6 +41,7 @@ #define EM_TILEPRO 188 /* Tilera TILEPro */ #define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */ #define EM_TILEGX 191 /* Tilera TILE-Gx */ +#define EM_RISCV 243 /* RISC-V */ #define EM_BPF 247 /* Linux BPF - in-kernel virtual machine */ #define EM_FRV 0x5441 /* Fujitsu FR-V */ diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 9c254603..52e95197 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -285,6 +285,7 @@ enum { IFLA_BR_MCAST_STATS_ENABLED, IFLA_BR_MCAST_IGMP_VERSION, IFLA_BR_MCAST_MLD_VERSION, + IFLA_BR_VLAN_STATS_PER_PORT, __IFLA_BR_MAX, }; diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h index 1a6fee97..96c24478 100644 --- a/include/uapi/linux/magic.h +++ b/include/uapi/linux/magic.h @@ -29,6 +29,7 @@ #define HPFS_SUPER_MAGIC 0xf995e849 #define ISOFS_SUPER_MAGIC 0x9660 #define JFFS2_SUPER_MAGIC 0x72b6 +#define XFS_SUPER_MAGIC 0x58465342 /* "XFSB" */ #define PSTOREFS_MAGIC 0x6165676C #define EFIVARFS_MAGIC 0xde5e81e4 #define HOSTFS_SUPER_MAGIC 0x00c0ffee diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h index 0b2c29bd..2966171b 100644 --- a/include/uapi/linux/netlink.h +++ b/include/uapi/linux/netlink.h @@ -153,6 +153,7 @@ enum nlmsgerr_attrs { #define NETLINK_LIST_MEMBERSHIPS 9 #define NETLINK_CAP_ACK 10 #define NETLINK_EXT_ACK 11 +#define NETLINK_DUMP_STRICT_CHK 12 struct nl_pktinfo { __u32 group; diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h index dd164d7f..626480b6 100644 --- a/include/uapi/linux/sctp.h +++ b/include/uapi/linux/sctp.h @@ -301,6 +301,7 @@ enum sctp_sinfo_flags { SCTP_SACK_IMMEDIATELY = (1 << 3), /* SACK should be sent without delay. */ /* 2 bits here have been used by SCTP_PR_SCTP_MASK */ SCTP_SENDALL = (1 << 6), + SCTP_PR_SCTP_ALL = (1 << 7), SCTP_NOTIFICATION = MSG_NOTIFICATION, /* Next message is not user msg but notification. */ SCTP_EOF = MSG_FIN, /* Initiate graceful shutdown process. */ }; From 6d2fd4a53f63bd20667b1a8f2ec8fde1fc3a54d4 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Thu, 1 Nov 2018 22:25:27 +0000 Subject: [PATCH 03/10] Include bsd/string.h only in include/utils.h This is simpler and cleaner, and avoids having to include the header from every file where the functions are used. The prototypes of the internal implementation are in this header, so utils.h will have to be included anyway for those. Fixes: 508f3c231efb ("Use libbsd for strlcpy if available") Signed-off-by: Luca Boccassi Signed-off-by: Stephen Hemminger --- genl/ctrl.c | 3 --- include/utils.h | 4 ++++ ip/iplink.c | 3 --- ip/ipnetns.c | 3 --- ip/iproute_lwtunnel.c | 3 --- ip/ipvrf.c | 3 --- ip/ipxfrm.c | 3 --- ip/tunnel.c | 3 --- ip/xfrm_state.c | 3 --- lib/bpf.c | 3 --- lib/fs.c | 3 --- lib/inet_proto.c | 3 --- misc/ss.c | 3 --- tc/em_ipset.c | 3 --- tc/m_pedit.c | 3 --- 15 files changed, 4 insertions(+), 42 deletions(-) diff --git a/genl/ctrl.c b/genl/ctrl.c index fef6aaa9..6133336a 100644 --- a/genl/ctrl.c +++ b/genl/ctrl.c @@ -18,9 +18,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include "utils.h" #include "genl_utils.h" diff --git a/include/utils.h b/include/utils.h index 685d2c1d..bf6dea23 100644 --- a/include/utils.h +++ b/include/utils.h @@ -9,6 +9,10 @@ #include #include +#ifdef HAVE_LIBBSD +#include +#endif + #include "libnetlink.h" #include "ll_map.h" #include "rtm_map.h" diff --git a/ip/iplink.c b/ip/iplink.c index 067f5409..b5519201 100644 --- a/ip/iplink.c +++ b/ip/iplink.c @@ -24,9 +24,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/ip/ipnetns.c b/ip/ipnetns.c index da019d76..0eac18cf 100644 --- a/ip/ipnetns.c +++ b/ip/ipnetns.c @@ -8,9 +8,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c index 2285bc1d..8f497015 100644 --- a/ip/iproute_lwtunnel.c +++ b/ip/iproute_lwtunnel.c @@ -16,9 +16,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/ip/ipvrf.c b/ip/ipvrf.c index 8572b4f2..8a6b7f97 100644 --- a/ip/ipvrf.c +++ b/ip/ipvrf.c @@ -21,9 +21,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c index b02f30a6..17ab4abe 100644 --- a/ip/ipxfrm.c +++ b/ip/ipxfrm.c @@ -28,9 +28,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/ip/tunnel.c b/ip/tunnel.c index 73abb2e2..d0d55f37 100644 --- a/ip/tunnel.c +++ b/ip/tunnel.c @@ -24,9 +24,6 @@ #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index 18e0c6fa..e8c01746 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -27,9 +27,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include "utils.h" #include "xfrm.h" diff --git a/lib/bpf.c b/lib/bpf.c index 35d7c45a..45f279fa 100644 --- a/lib/bpf.c +++ b/lib/bpf.c @@ -15,9 +15,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/lib/fs.c b/lib/fs.c index af36bea0..86efd4ed 100644 --- a/lib/fs.c +++ b/lib/fs.c @@ -20,9 +20,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include diff --git a/lib/inet_proto.c b/lib/inet_proto.c index b379d8f8..0836a4c9 100644 --- a/lib/inet_proto.c +++ b/lib/inet_proto.c @@ -18,9 +18,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include "rt_names.h" #include "utils.h" diff --git a/misc/ss.c b/misc/ss.c index c472fbd9..4d12fb5d 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -19,9 +19,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include #include diff --git a/tc/em_ipset.c b/tc/em_ipset.c index 550b2101..48b287f5 100644 --- a/tc/em_ipset.c +++ b/tc/em_ipset.c @@ -20,9 +20,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include diff --git a/tc/m_pedit.c b/tc/m_pedit.c index baacc80d..2aeb56d9 100644 --- a/tc/m_pedit.c +++ b/tc/m_pedit.c @@ -23,9 +23,6 @@ #include #include #include -#ifdef HAVE_LIBBSD -#include -#endif #include #include "utils.h" #include "tc_util.h" From a795211fe543c3238a05e58fee9c0be48f2d6986 Mon Sep 17 00:00:00 2001 From: Roopa Prabhu Date: Wed, 7 Nov 2018 15:14:09 -0800 Subject: [PATCH 04/10] bridge: fdb: remove redundant dev string in show output After commit 4abb8c723a64 ("bridge: fdb: Fix for missing keywords in non-JSON output"), I am seeing a double print for dev in bridge fdb show. eg: "44:38:39:00:6a:82 dev dev bridge vlan 1 master bridge permanent" this patch removes the redundant print. Fixes: 4abb8c723a64 ("bridge: fdb: Fix for missing keywords in non-JSON output") CC: Phil Sutter Signed-off-by: Roopa Prabhu Acked-by: Phil Sutter Signed-off-by: Stephen Hemminger --- bridge/fdb.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/bridge/fdb.c b/bridge/fdb.c index f82938f8..a5abc1b6 100644 --- a/bridge/fdb.c +++ b/bridge/fdb.c @@ -181,13 +181,10 @@ int print_fdb(struct nlmsghdr *n, void *arg) "mac", "%s ", lladdr); } - if (!filter_index && r->ndm_ifindex) { - if (!is_json_context()) - fprintf(fp, "dev "); + if (!filter_index && r->ndm_ifindex) print_color_string(PRINT_ANY, COLOR_IFNAME, "ifname", "dev %s ", ll_index_to_name(r->ndm_ifindex)); - } if (tb[NDA_DST]) { int family = AF_INET; From 7f5047524c99b5e6b45bfdfc7916c950e9c84a0a Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 2 Nov 2018 13:27:48 +0000 Subject: [PATCH 05/10] man: ss.8: break and indent long line Fixes groff warning: ss.8 92: warning [p 2, 2.8i]: can't break line And makes the line also more readable. Signed-off-by: Luca Boccassi Signed-off-by: Stephen Hemminger --- man/man8/ss.8 | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/man/man8/ss.8 b/man/man8/ss.8 index 7a6572b1..699a1271 100644 --- a/man/man8/ss.8 +++ b/man/man8/ss.8 @@ -89,7 +89,13 @@ an uuid of the socket Show socket memory usage. The output format is: .RS .P -skmem:(r,rb,t,tb,f,w,o,bl) +skmem:(r,rb,t,tb,f, +.br +.RS +.RS +w,o,bl) +.RE +.RE .P .TP .B From a6bb5b9e7c8746045fe84fe220f6462f9af9ae91 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 2 Nov 2018 15:27:31 +0000 Subject: [PATCH 06/10] Fix warning in tc-skbprio.8 manpage ". If" gets interpreted as a macro, so move the period to the previous line: 33: warning: macro `If' not defined Fixes: 141b55f8544e ("Add SKB Priority qdisc support in tc(8)") Signed-off-by: Luca Boccassi Signed-off-by: Stephen Hemminger --- man/man8/tc-skbprio.8 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/man/man8/tc-skbprio.8 b/man/man8/tc-skbprio.8 index 844bbf46..a0a316ba 100644 --- a/man/man8/tc-skbprio.8 +++ b/man/man8/tc-skbprio.8 @@ -29,8 +29,8 @@ While SKB Priority Queue is agnostic to how .B skb->priority is assigned. A typical use case is to copy the 6-bit DS field of IPv4 and IPv6 packets using -.BR tc-skbedit (8) -. If +.BR tc-skbedit (8). +If .B skb->priority is greater or equal to 64, the priority is assumed to be 63. Priorities less than 64 are taken at face value. From 995015be3147aada1a335e53f8996d2d579ca613 Mon Sep 17 00:00:00 2001 From: Alex Vesker Date: Thu, 8 Nov 2018 11:14:13 +0200 Subject: [PATCH 07/10] devlink: Add missing region option to devlink man page The region field was not added to the devlink man page. Fixes: 8b4fbf0bed8e6 ("devlink: Add support for devlink-region access") Signed-off-by: Alex Vesker Acked-by: Jiri Pirko Signed-off-by: Stephen Hemminger --- man/man8/devlink.8 | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/man/man8/devlink.8 b/man/man8/devlink.8 index 360031f7..8d527e7e 100644 --- a/man/man8/devlink.8 +++ b/man/man8/devlink.8 @@ -7,7 +7,7 @@ devlink \- Devlink tool .in +8 .ti -8 .B devlink -.RI "[ " OPTIONS " ] { " dev | port | monitor | sb | resource " } { " COMMAND " | " +.RI "[ " OPTIONS " ] { " dev | port | monitor | sb | resource | region " } { " COMMAND " | " .BR help " }" .sp @@ -74,6 +74,10 @@ Turn on verbose output. .B resource - devlink device resource configuration. +.TP +.B region +- devlink address region access + .SS .I COMMAND From 6e7d347aabbb2da631200ee0ef645454c5a529a7 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 2 Nov 2018 12:35:43 +0000 Subject: [PATCH 08/10] testsuite: build generate_nlmsg with QUIET_CC Follow the standard pattern, and respect user's verbosity setting. Signed-off-by: Luca Boccassi Signed-off-by: Stephen Hemminger --- testsuite/tools/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testsuite/tools/Makefile b/testsuite/tools/Makefile index e1d9bfef..85df69ec 100644 --- a/testsuite/tools/Makefile +++ b/testsuite/tools/Makefile @@ -3,7 +3,7 @@ CFLAGS= include ../../config.mk generate_nlmsg: generate_nlmsg.c ../../lib/libnetlink.c - $(CC) $(CPPFLAGS) $(CFLAGS) $(EXTRA_CFLAGS) -I../../include -include../../include/uapi/linux/netlink.h -o $@ $^ -lmnl + $(QUIET_CC) $(CPPFLAGS) $(CFLAGS) $(EXTRA_CFLAGS) -I../../include -include../../include/uapi/linux/netlink.h -o $@ $^ -lmnl clean: rm -f generate_nlmsg From 1a03ac6b051097d4cc648d56e2da4d11b702c686 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Fri, 2 Nov 2018 12:35:44 +0000 Subject: [PATCH 09/10] Pass CPPFLAGS to the compiler When building Debian packages pre-processor flags are passed via CPPFLAGS, as the convention indicates. Specifically, the hardening -D_FORTIFY_SOURCE=2 flag is used. Pass CPPFLAGS to all calls of QUIET_CC together with CFLAGS. Signed-off-by: Luca Boccassi Signed-off-by: Stephen Hemminger --- configure | 2 +- misc/Makefile | 8 ++++---- tc/Makefile | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/configure b/configure index c5655978..5df6082b 100755 --- a/configure +++ b/configure @@ -436,4 +436,4 @@ check_cap echo >> $CONFIG echo "%.o: %.c" >> $CONFIG -echo ' $(QUIET_CC)$(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $<' >> $CONFIG +echo ' $(QUIET_CC)$(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(CPPFLAGS) -c -o $@ $<' >> $CONFIG diff --git a/misc/Makefile b/misc/Makefile index b2dd6b26..6a849af4 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -16,16 +16,16 @@ ss: $(SSOBJ) $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@ nstat: nstat.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -o nstat nstat.c $(LDLIBS) -lm + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o nstat nstat.c $(LDLIBS) -lm ifstat: ifstat.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -o ifstat ifstat.c $(LDLIBS) -lm + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o ifstat ifstat.c $(LDLIBS) -lm rtacct: rtacct.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -o rtacct rtacct.c $(LDLIBS) -lm + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o rtacct rtacct.c $(LDLIBS) -lm arpd: arpd.c - $(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb + $(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(CPPFLAGS) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb ssfilter.c: ssfilter.y $(QUIET_YACC)bison ssfilter.y -o ssfilter.c diff --git a/tc/Makefile b/tc/Makefile index 25a28284..f8010d3c 100644 --- a/tc/Makefile +++ b/tc/Makefile @@ -128,7 +128,7 @@ CFLAGS += -DYY_NO_INPUT MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc %.so: %.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic $< -o $@ + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic $< -o $@ all: tc $(TCSO) @@ -158,13 +158,13 @@ clean: rm -f emp_ematch.yacc.* q_atm.so: q_atm.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm m_xt.so: m_xt.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs) + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs) m_xt_old.so: m_xt_old.c - $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o m_xt_old.so m_xt_old.c $$($(PKG_CONFIG) xtables --cflags --libs) + $(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o m_xt_old.so m_xt_old.c $$($(PKG_CONFIG) xtables --cflags --libs) em_ipset.o: CFLAGS += $$($(PKG_CONFIG) xtables --cflags) From 9c5f4251d61d6e2f5072b239b0102b37c11286c7 Mon Sep 17 00:00:00 2001 From: Jakub Kicinski Date: Mon, 5 Nov 2018 19:23:27 -0800 Subject: [PATCH 10/10] tc: f_u32: allow skip_hw and skip_sw flags to be last u32 uses NEXT_ARG() incorrectly when parsing skip_hw and skip_sw flags. NEXT_ARG() ensures there is another argument on the command line, and is used in handling syntax to move past and ensure there is a to read. Commit 5e5b3008d1fb ("tc: f_u32: Add support for skip_hw and skip_sw flags") seems to have copy pasted the handling from the previous command - "police", which needs an extra parameter and is kind of special due to the use of parse_police() helper. The combination of NEXT_ARG() and continue worked fine as long as skip_sw/skip_hw wasn't last, e.g.: $ tc filter add dev dummy0 ingress prio 101 protocol ipv6 \ u32 match ip6 priority 0xa0 0xe0 skip_hw action pass But would fail if it was last: $ tc filter add dev dummy0 ingress prio 101 protocol ipv6 \ u32 match ip6 priority 0xa0 0xe0 flowid :1 skip_hw Command line is not complete. Try option "help" Remove the NEXT_ARG()s and the continues, and let the argc--; argv++; at the end of the loop do its job. Fixes: 5e5b3008d1fb ("tc: f_u32: Add support for skip_hw and skip_sw flags") Signed-off-by: Jakub Kicinski Signed-off-by: Stephen Hemminger --- tc/f_u32.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tc/f_u32.c b/tc/f_u32.c index bff4be63..e0a322d5 100644 --- a/tc/f_u32.c +++ b/tc/f_u32.c @@ -1147,13 +1147,9 @@ static int u32_parse_opt(struct filter_util *qu, char *handle, terminal_ok++; continue; } else if (strcmp(*argv, "skip_hw") == 0) { - NEXT_ARG(); flags |= TCA_CLS_FLAGS_SKIP_HW; - continue; } else if (strcmp(*argv, "skip_sw") == 0) { - NEXT_ARG(); flags |= TCA_CLS_FLAGS_SKIP_SW; - continue; } else if (strcmp(*argv, "help") == 0) { explain(); return -1;