From f443565f8df65e7d3b3e7cb5f4e94aec1e12d067 Mon Sep 17 00:00:00 2001 From: David Ahern Date: Fri, 14 Apr 2017 16:09:56 -0700 Subject: [PATCH 1/3] ip vrf: Add command name next to pid 'ip vrf pids' is used to list processes bound to a vrf, but it only shows the pid leaving a lot of work for the user. Add the command name to the output. With this patch you get the more user friendly: $ ip vrf pids mgmt 1121 ntpd 1418 gdm-session-wor 1488 gnome-session 1491 dbus-launch 1492 dbus-daemon 1565 sshd ... Signed-off-by: David Ahern --- include/utils.h | 1 + ip/ipvrf.c | 24 ++++++++++++++---------- lib/fs.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 57 insertions(+), 10 deletions(-) diff --git a/include/utils.h b/include/utils.h index 22369e0b..8c12e1e2 100644 --- a/include/utils.h +++ b/include/utils.h @@ -260,5 +260,6 @@ int get_real_family(int rtm_type, int rtm_family); int cmd_exec(const char *cmd, char **argv, bool do_fork); int make_path(const char *path, mode_t mode); char *find_cgroup2_mount(void); +int get_command_name(const char *pid, char *comm, size_t len); #endif /* __UTILS_H__ */ diff --git a/ip/ipvrf.c b/ip/ipvrf.c index 5e204a9e..0f611b44 100644 --- a/ip/ipvrf.c +++ b/ip/ipvrf.c @@ -111,27 +111,31 @@ static void read_cgroup_pids(const char *base_path, char *name) { char path[PATH_MAX]; char buf[4096]; - ssize_t n; - int fd; + FILE *fp; if (snprintf(path, sizeof(path), "%s/vrf/%s%s", base_path, name, CGRP_PROC_FILE) >= sizeof(path)) return; - fd = open(path, O_RDONLY); - if (fd < 0) + fp = fopen(path, "r"); + if (!fp) return; /* no cgroup file, nothing to show */ /* dump contents (pids) of cgroup.procs */ - while (1) { - n = read(fd, buf, sizeof(buf) - 1); - if (n <= 0) - break; + while (fgets(buf, sizeof(buf), fp)) { + char *nl, comm[32]; - printf("%s", buf); + nl = strchr(buf, '\n'); + if (nl) + *nl = '\0'; + + if (get_command_name(buf, comm, sizeof(comm))) + strcpy(comm, ""); + + printf("%5s %s\n", buf, comm); } - close(fd); + fclose(fp); } /* recurse path looking for PATH[/NETNS]/vrf/NAME */ diff --git a/lib/fs.c b/lib/fs.c index 12a4657a..c59ac564 100644 --- a/lib/fs.c +++ b/lib/fs.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -149,3 +150,44 @@ out: return rc; } + +int get_command_name(const char *pid, char *comm, size_t len) +{ + char path[PATH_MAX]; + char line[128]; + FILE *fp; + + if (snprintf(path, sizeof(path), + "/proc/%s/status", pid) >= sizeof(path)) { + return -1; + } + + fp = fopen(path, "r"); + if (!fp) + return -1; + + comm[0] = '\0'; + while (fgets(line, sizeof(line), fp)) { + char *nl, *name; + + name = strstr(line, "Name:"); + if (!name) + continue; + + name += 5; + while (isspace(*name)) + name++; + + nl = strchr(name, '\n'); + if (nl) + *nl = '\0'; + + strncpy(comm, name, len - 1); + comm[len - 1] = '\0'; + break; + } + + fclose(fp); + + return 0; +} From fd8b3d2c1b9b6dde3adf88662d1d72a68e5d3c63 Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Sat, 22 Apr 2017 08:36:23 -0400 Subject: [PATCH 2/3] actions: Add support for user cookies Make use of 128b user cookies Introduce optional 128-bit action cookie. Like all other cookie schemes in the networking world (eg in protocols like http or existing kernel fib protocol field, etc) the idea is to save user state that when retrieved serves as a correlator. The kernel _should not_ intepret it. The user can store whatever they wish in the 128 bits. Sample exercise(showing variable length use of cookie) .. create an accept action with cookie a1b2c3d4 sudo $TC actions add action ok index 1 cookie a1b2c3d4 .. dump all gact actions.. sudo $TC -s actions ls action gact action order 0: gact action pass random type none pass val 0 index 1 ref 1 bind 0 installed 5 sec used 5 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 cookie a1b2c3d4 .. bind the accept action to a filter.. sudo $TC filter add dev lo parent ffff: protocol ip prio 1 \ u32 match ip dst 127.0.0.1/32 flowid 1:1 action gact index 1 ... send some traffic.. $ ping 127.0.0.1 -c 3 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.020 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.027 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.038 ms Signed-off-by: Jamal Hadi Salim --- tc/m_action.c | 49 +++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/tc/m_action.c b/tc/m_action.c index 05ef07e0..6ebe85e1 100644 --- a/tc/m_action.c +++ b/tc/m_action.c @@ -150,18 +150,19 @@ new_cmd(char **argv) } -int -parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) +int parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) { int argc = *argc_p; char **argv = *argv_p; struct rtattr *tail, *tail2; char k[16]; + int act_ck_len = 0; int ok = 0; int eap = 0; /* expect action parameters */ int ret = 0; int prio = 0; + unsigned char act_ck[TC_COOKIE_MAX_SIZE]; if (argc <= 0) return -1; @@ -215,16 +216,44 @@ done0: addattr_l(n, MAX_MSG, ++prio, NULL, 0); addattr_l(n, MAX_MSG, TCA_ACT_KIND, k, strlen(k) + 1); - ret = a->parse_aopt(a, &argc, &argv, TCA_ACT_OPTIONS, n); + ret = a->parse_aopt(a, &argc, &argv, TCA_ACT_OPTIONS, + n); if (ret < 0) { fprintf(stderr, "bad action parsing\n"); goto bad_val; } + + if (*argv && strcmp(*argv, "cookie") == 0) { + size_t slen; + + NEXT_ARG(); + slen = strlen(*argv); + if (slen > TC_COOKIE_MAX_SIZE * 2) { + char cookie_err_m[128]; + + snprintf(cookie_err_m, 128, + "%zd Max allowed size %d", + slen, TC_COOKIE_MAX_SIZE*2); + invarg(cookie_err_m, *argv); + } + + if (hex2mem(*argv, act_ck, slen / 2) < 0) + invarg("cookie must be a hex string\n", + *argv); + + act_ck_len = slen; + argc--; + argv++; + } + + if (act_ck_len) + addattr_l(n, MAX_MSG, TCA_ACT_COOKIE, + &act_ck, act_ck_len); + tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; ok++; } - } if (eap > 0) { @@ -245,8 +274,7 @@ bad_val: return -1; } -static int -tc_print_one_action(FILE *f, struct rtattr *arg) +static int tc_print_one_action(FILE *f, struct rtattr *arg) { struct rtattr *tb[TCA_ACT_MAX + 1]; @@ -274,8 +302,17 @@ tc_print_one_action(FILE *f, struct rtattr *arg) return err; if (show_stats && tb[TCA_ACT_STATS]) { + fprintf(f, "\tAction statistics:\n"); print_tcstats2_attr(f, tb[TCA_ACT_STATS], "\t", NULL); + if (tb[TCA_ACT_COOKIE]) { + int strsz = RTA_PAYLOAD(tb[TCA_ACT_COOKIE]); + char b1[strsz+1]; + + fprintf(f, "\n\tcookie len %d %s ", strsz, + hexstring_n2a(RTA_DATA(tb[TCA_ACT_COOKIE]), + strsz, b1, sizeof(b1))); + } fprintf(f, "\n"); } From 35893864c87bb87884e75d39fe9a3d24584f70a0 Mon Sep 17 00:00:00 2001 From: Craig Gallek Date: Fri, 21 Apr 2017 14:14:25 -0400 Subject: [PATCH 3/3] gre6: fix copy/paste bugs in GREv6 attribute manipulation Fixes: af89576d7a8c("iproute2: GRE over IPv6 tunnel support.") Signed-off-by: Craig Gallek --- ip/link_gre6.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ip/link_gre6.c b/ip/link_gre6.c index a91f6357..1b4fb051 100644 --- a/ip/link_gre6.c +++ b/ip/link_gre6.c @@ -355,7 +355,7 @@ get_failed: addattr_l(n, 1024, IFLA_GRE_TTL, &hop_limit, 1); addattr_l(n, 1024, IFLA_GRE_ENCAP_LIMIT, &encap_limit, 1); addattr_l(n, 1024, IFLA_GRE_FLOWINFO, &flowinfo, 4); - addattr_l(n, 1024, IFLA_GRE_FLAGS, &flowinfo, 4); + addattr32(n, 1024, IFLA_GRE_FLAGS, flags); addattr16(n, 1024, IFLA_GRE_ENCAP_TYPE, encaptype); addattr16(n, 1024, IFLA_GRE_ENCAP_FLAGS, encapflags); @@ -383,7 +383,7 @@ static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) flags = rta_getattr_u32(tb[IFLA_GRE_FLAGS]); if (tb[IFLA_GRE_FLOWINFO]) - flags = rta_getattr_u32(tb[IFLA_GRE_FLOWINFO]); + flowinfo = rta_getattr_u32(tb[IFLA_GRE_FLOWINFO]); if (tb[IFLA_GRE_REMOTE]) { struct in6_addr addr;