From 56e3eb4c3400c5d857174c54c94f89ae7933301d Mon Sep 17 00:00:00 2001 From: Nikolay Aleksandrov Date: Sat, 20 Aug 2016 14:53:10 +0200 Subject: [PATCH 01/10] ip: route: fix multicast route dumps If we have multicast routes and do ip route show table all we'll get the following output: ... multicast ???/32 from ???/32 table default proto static iif eth0 The "???" are because the rtm_family is set to RTNL_FAMILY_IPMR instead (or RTNL_FAMILY_IP6MR for ipv6). Add a simple workaround that returns the real family based on the rtm_type (always RTN_MULTICAST for ipmr routes) and the rtm_family. Similar workaround is already used in ipmroute, and we can use this helper there as well. After the patch the output is: multicast 239.10.10.10/32 from 0.0.0.0/32 table default proto static iif eth0 Also fix a minor whitespace error and switch to tabs. Reported-by: Satish Ashok Signed-off-by: Nikolay Aleksandrov --- include/utils.h | 1 + ip/ipmroute.c | 2 +- ip/iproute.c | 12 +++++++----- lib/utils.c | 9 +++++++++ 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/include/utils.h b/include/utils.h index 82f1aa7d..1b4f939c 100644 --- a/include/utils.h +++ b/include/utils.h @@ -249,5 +249,6 @@ int do_each_netns(int (*func)(char *nsname, void *arg), void *arg, char *int_to_str(int val, char *buf); int get_guid(__u64 *guid, const char *arg); +int get_real_family(int rtm_type, int rtm_family); #endif /* __UTILS_H__ */ diff --git a/ip/ipmroute.c b/ip/ipmroute.c index 5d6922a2..133367a2 100644 --- a/ip/ipmroute.c +++ b/ip/ipmroute.c @@ -112,7 +112,7 @@ int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) return 0; } - family = r->rtm_family == RTNL_FAMILY_IPMR ? AF_INET : AF_INET6; + family = get_real_family(r->rtm_type, r->rtm_family); if (n->nlmsg_type == RTM_DELROUTE) fprintf(fp, "Deleted "); diff --git a/ip/iproute.c b/ip/iproute.c index 4d7da023..0bc01368 100644 --- a/ip/iproute.c +++ b/ip/iproute.c @@ -311,7 +311,7 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) struct rtmsg *r = NLMSG_DATA(n); int len = n->nlmsg_len; struct rtattr *tb[RTA_MAX+1]; - int host_len; + int host_len, family; __u32 table; SPRINT_BUF(b1); @@ -363,13 +363,14 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) fprintf(fp, "%s ", rtnl_rtntype_n2a(r->rtm_type, b1, sizeof(b1))); if (tb[RTA_DST]) { + family = get_real_family(r->rtm_type, r->rtm_family); if (r->rtm_dst_len != host_len) { fprintf(fp, "%s/%u ", - rt_addr_n2a_rta(r->rtm_family, tb[RTA_DST]), + rt_addr_n2a_rta(family, tb[RTA_DST]), r->rtm_dst_len); } else { fprintf(fp, "%s ", - format_host_rta(r->rtm_family, tb[RTA_DST])); + format_host_rta(family, tb[RTA_DST])); } } else if (r->rtm_dst_len) { fprintf(fp, "0/%d ", r->rtm_dst_len); @@ -377,13 +378,14 @@ int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) fprintf(fp, "default "); } if (tb[RTA_SRC]) { + family = get_real_family(r->rtm_type, r->rtm_family); if (r->rtm_src_len != host_len) { fprintf(fp, "from %s/%u ", - rt_addr_n2a_rta(r->rtm_family, tb[RTA_SRC]), + rt_addr_n2a_rta(family, tb[RTA_SRC]), r->rtm_src_len); } else { fprintf(fp, "from %s ", - format_host_rta(r->rtm_family, tb[RTA_SRC])); + format_host_rta(family, tb[RTA_SRC])); } } else if (r->rtm_src_len) { fprintf(fp, "from 0/%u ", r->rtm_src_len); diff --git a/lib/utils.c b/lib/utils.c index 96604746..9ada7737 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1156,3 +1156,12 @@ int get_guid(__u64 *guid, const char *arg) return 0; } + +/* This is a necessary workaround for multicast route dumps */ +int get_real_family(int rtm_type, int rtm_family) +{ + if (rtm_type != RTN_MULTICAST) + return rtm_family; + + return rtm_family == RTNL_FAMILY_IPMR ? AF_INET : AF_INET6; +} From 567e6960721b7e3b78cae7a46f8cd057b505ad9a Mon Sep 17 00:00:00 2001 From: Hannes Frederic Sowa Date: Wed, 24 Aug 2016 20:08:25 +0200 Subject: [PATCH 02/10] iptuntap: show processes using tuntap interface Show which processes are using which tun/tap devices, e.g.: $ ip -d tuntap tun0: tun Attached to processes: vpnc(9531) vnet0: tap vnet_hdr Attached to processes: qemu-system-x86(10442) virbr0-nic: tap UNKNOWN_FLAGS:800 Attached to processes: Signed-off-by: Hannes Frederic Sowa --- ip/iptuntap.c | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) diff --git a/ip/iptuntap.c b/ip/iptuntap.c index 43774f96..b5aa0542 100644 --- a/ip/iptuntap.c +++ b/ip/iptuntap.c @@ -25,6 +25,7 @@ #include #include #include +#include #include "rt_names.h" #include "utils.h" @@ -273,6 +274,109 @@ static void print_flags(long flags) printf(" UNKNOWN_FLAGS:%lx", flags); } +static char *pid_name(pid_t pid) +{ + char *comm; + FILE *f; + int err; + + err = asprintf(&comm, "/proc/%d/comm", pid); + if (err < 0) + return NULL; + + f = fopen(comm, "r"); + free(comm); + if (!f) { + perror("fopen"); + return NULL; + } + + if (fscanf(f, "%ms\n", &comm) != 1) { + perror("fscanf"); + comm = NULL; + } + + + if (fclose(f)) + perror("fclose"); + + return comm; +} + +static void show_processes(const char *name) +{ + glob_t globbuf = { }; + char **fd_path; + int err; + + err = glob("/proc/[0-9]*/fd/[0-9]*", GLOB_NOSORT, + NULL, &globbuf); + if (err) + return; + + fd_path = globbuf.gl_pathv; + while (*fd_path) { + const char *dev_net_tun = "/dev/net/tun"; + const size_t linkbuf_len = strlen(dev_net_tun) + 2; + char linkbuf[linkbuf_len], *fdinfo; + int pid, fd; + FILE *f; + + if (sscanf(*fd_path, "/proc/%d/fd/%d", &pid, &fd) != 2) + goto next; + + if (pid == getpid()) + goto next; + + err = readlink(*fd_path, linkbuf, linkbuf_len - 1); + if (err < 0) { + perror("readlink"); + goto next; + } + linkbuf[err] = '\0'; + if (strcmp(dev_net_tun, linkbuf)) + goto next; + + if (asprintf(&fdinfo, "/proc/%d/fdinfo/%d", pid, fd) < 0) + goto next; + + f = fopen(fdinfo, "r"); + free(fdinfo); + if (!f) { + perror("fopen"); + goto next; + } + + while (!feof(f)) { + char *key = NULL, *value = NULL; + + err = fscanf(f, "%m[^:]: %ms\n", &key, &value); + if (err == EOF) { + if (ferror(f)) + perror("fscanf"); + break; + } else if (err == 2 && + !strcmp("iff", key) && !strcmp(name, value)) { + char *pname = pid_name(pid); + printf(" %s(%d)", pname ? pname : "", pid); + free(pname); + } + + free(key); + free(value); + } + if (fclose(f)) + perror("fclose"); + +next: + ++fd_path; + } + + globfree(&globbuf); + return; +} + + static int do_show(int argc, char **argv) { DIR *dir; @@ -302,6 +406,11 @@ static int do_show(int argc, char **argv) if (group != -1) printf(" group %ld", group); printf("\n"); + if (show_details) { + printf("\tAttached to processes:"); + show_processes(d->d_name); + printf("\n"); + } } closedir(dir); return 0; From 67a990b8112611e5e4b64f2a5f6ee890422d7695 Mon Sep 17 00:00:00 2001 From: "Andrey Jr. Melnikov" Date: Wed, 24 Aug 2016 23:43:00 +0300 Subject: [PATCH 03/10] iproute: disallow ip rule del without parameters Disallow run `ip rule del` without any parameter to avoid delete any first rule from table. Signed-off-by: Andrey Jr. Melnikov --- ip/iprule.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ip/iprule.c b/ip/iprule.c index 8f242067..70562c55 100644 --- a/ip/iprule.c +++ b/ip/iprule.c @@ -346,6 +346,11 @@ static int iprule_modify(int cmd, int argc, char **argv) req.r.rtm_type = RTN_UNICAST; } + if (cmd == RTM_DELRULE && argc == 0) { + fprintf(stderr, "\"ip rule del\" requires arguments.\n"); + return -1; + } + while (argc > 0) { if (strcmp(*argv, "not") == 0) { req.r.rtm_flags |= FIB_RULE_INVERT; From 4a564d914d8a4e8d5a4b0f0c00aa44813ba62db4 Mon Sep 17 00:00:00 2001 From: Iskren Chernev Date: Tue, 30 Aug 2016 17:08:54 -0700 Subject: [PATCH 04/10] iproute: fix documentation for ip rule scan order --- man/man8/ip-rule.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8 index 1774ae3e..3508d809 100644 --- a/man/man8/ip-rule.8 +++ b/man/man8/ip-rule.8 @@ -93,7 +93,7 @@ Each policy routing rule consists of a .B selector and an .B action predicate. -The RPDB is scanned in order of decreasing priority. The selector +The RPDB is scanned in order of increasing priority. The selector of each rule is applied to {source address, destination address, incoming interface, tos, fwmark} and, if the selector matches the packet, the action is performed. The action predicate may return with success. From ae810982ccd012e8566aca18b73842019806f872 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 1 Sep 2016 08:44:20 -0700 Subject: [PATCH 05/10] remove useless return statement Get rid of: void foo() { ... return; } --- ip/iptuntap.c | 1 - tc/tc_class.c | 1 - tc/tc_stab.c | 1 - 3 files changed, 3 deletions(-) diff --git a/ip/iptuntap.c b/ip/iptuntap.c index b5aa0542..11db794f 100644 --- a/ip/iptuntap.c +++ b/ip/iptuntap.c @@ -373,7 +373,6 @@ next: } globfree(&globbuf); - return; } diff --git a/tc/tc_class.c b/tc/tc_class.c index f3864d22..1a1f1fa2 100644 --- a/tc/tc_class.c +++ b/tc/tc_class.c @@ -52,7 +52,6 @@ static void usage(void) fprintf(stderr, "Where:\n"); fprintf(stderr, "QDISC_KIND := { prio | cbq | etc. }\n"); fprintf(stderr, "OPTIONS := ... try tc class add help\n"); - return; } static int tc_class_modify(int cmd, unsigned int flags, int argc, char **argv) diff --git a/tc/tc_stab.c b/tc/tc_stab.c index dc20dd19..1a0a3e3f 100644 --- a/tc/tc_stab.c +++ b/tc/tc_stab.c @@ -40,7 +40,6 @@ static void stab_help(void) " linklayer : adapting to a linklayer e.g. atm\n" "Example: ... stab overhead 20 linklayer atm\n"); - return; } int check_size_table_opts(struct tc_sizespec *s) From cc28aad1e6d4f1a5b9e2ba79342bd7fb769a8df3 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 1 Sep 2016 09:03:40 -0700 Subject: [PATCH 06/10] ip: iptuntap cleanup Minor whitespace changes --- ip/iptuntap.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/ip/iptuntap.c b/ip/iptuntap.c index 11db794f..34fb0cf3 100644 --- a/ip/iptuntap.c +++ b/ip/iptuntap.c @@ -105,7 +105,8 @@ static int tap_del_ioctl(struct ifreq *ifr) return ret; } -static int parse_args(int argc, char **argv, struct ifreq *ifr, uid_t *uid, gid_t *gid) +static int parse_args(int argc, char **argv, + struct ifreq *ifr, uid_t *uid, gid_t *gid) { int count = 0; @@ -356,9 +357,11 @@ static void show_processes(const char *name) perror("fscanf"); break; } else if (err == 2 && - !strcmp("iff", key) && !strcmp(name, value)) { + !strcmp("iff", key) && + !strcmp(name, value)) { char *pname = pid_name(pid); - printf(" %s(%d)", pname ? pname : "", pid); + + printf(" %s(%d)", pname ? : "", pid); free(pname); } From 5898bd667a483c12ba0ca53aa0ef39f9b98d2fc9 Mon Sep 17 00:00:00 2001 From: Davide Caratti Date: Tue, 30 Aug 2016 13:23:12 +0200 Subject: [PATCH 07/10] macsec: fix input of 'port', improve documentation of 'address' remove hardcoded base 10 parsing of 'port' parameter, update man page and fix usage() functions as well. Fix misleading line in man page that theoretically allowed specifying 'port' keyword right after 'sci' keyword. Provide documentation of 'address' parameter in man pages and in usage() functions as well. Signed-off-by: Davide Caratti --- ip/ipmacsec.c | 6 +++--- man/man8/ip-link.8.in | 14 +++++++++++--- man/man8/ip-macsec.8 | 12 +++++++++--- 3 files changed, 23 insertions(+), 9 deletions(-) diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c index 6bd1f54f..c75e9d3c 100644 --- a/ip/ipmacsec.c +++ b/ip/ipmacsec.c @@ -95,7 +95,7 @@ static void ipmacsec_usage(void) fprintf(stderr, "where OPTS := [ pn ] [ on | off ]\n"); fprintf(stderr, " ID := 128-bit hex string\n"); fprintf(stderr, " KEY := 128-bit hex string\n"); - fprintf(stderr, " SCI := { sci | port address }\n"); + fprintf(stderr, " SCI := { sci | port { 1..2^16-1 } address }\n"); exit(-1); } @@ -139,7 +139,7 @@ static int get_sci(__u64 *sci, const char *arg) static int get_port(__be16 *port, const char *arg) { - return get_be16(port, arg, 10); + return get_be16(port, arg, 0); } #define _STR(a) #a @@ -1069,7 +1069,7 @@ static bool check_txsc_flags(bool es, bool scb, bool sci) static void usage(FILE *f) { fprintf(f, - "Usage: ... macsec [ port PORT | sci SCI ]\n" + "Usage: ... macsec [ [ address ] port { 1..2^16-1 } | sci ]\n" " [ cipher { default | gcm-aes-128 } ]\n" " [ icvlen { 8..16 } ]\n" " [ encrypt { on | off } ]\n" diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 58247ced..6fb5ad6c 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -952,7 +952,9 @@ For a link of type the following additional arguments are supported: .BI "ip link add link " DEVICE " name " NAME " type macsec" -[ +[ [ +.BI address " " +] .BI port " PORT" | .BI sci " SCI" @@ -976,8 +978,14 @@ the following additional arguments are supported: .in +8 .sp -.BI port " PORT " -- sets the port number for this MACsec device. +.BI address " " +- sets the system identifier component of secure channel for this MACsec device. + +.sp +.BI port " PORT " +- sets the port number component of secure channel for this MACsec device, in a +range from 1 to 65535 inclusive. Numbers with a leading " 0 " or " 0x " are +interpreted as octal and hexadecimal, respectively. .sp .BI sci " SCI " diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 index 105aeecd..1aca3bdc 100644 --- a/man/man8/ip-macsec.8 +++ b/man/man8/ip-macsec.8 @@ -3,10 +3,12 @@ ip-macsec \- MACsec device configuration .SH "SYNOPSIS" .BI "ip link add link " DEVICE " name " NAME " type macsec " -[ +[ [ +.BI address " " +] .BI port " PORT" | -.BI sci " SCI" +.BI sci " " ] [ .BR cipher " { " default " | " gcm-aes-128 " } ] [" .BI icvlen " ICVLEN" @@ -62,8 +64,12 @@ ip-macsec \- MACsec device configuration .IR SCI " := { " .B sci .IR " | " -.BI port " " address " " +.BI port +.IR PORT +.BI address " " } +.br +.IR PORT " := { " 1..2^16-1 " } " .SH DESCRIPTION From d0baa1389f3a5d216f8f7085ae579c2e6e4bfcce Mon Sep 17 00:00:00 2001 From: Davide Caratti Date: Tue, 30 Aug 2016 13:23:13 +0200 Subject: [PATCH 08/10] man: ip.8: add missing 'macsec' item to OBJECT list Signed-off-by: Davide Caratti --- man/man8/ip.8 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/man/man8/ip.8 b/man/man8/ip.8 index f11fc0b9..8ecb1996 100644 --- a/man/man8/ip.8 +++ b/man/man8/ip.8 @@ -21,7 +21,8 @@ ip \- show / manipulate routing, devices, policy routing and tunnels .IR OBJECT " := { " .BR link " | " address " | " addrlabel " | " route " | " rule " | " neigh " | "\ ntable " | " tunnel " | " tuntap " | " maddress " | " mroute " | " mrule " | "\ - monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " | " token " }" + monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " | " token " | "\ + macsec " }" .sp .ti -8 From 0330f49ea06eed134b51a6924faf64ec6b1bb3ed Mon Sep 17 00:00:00 2001 From: Davide Caratti Date: Tue, 30 Aug 2016 13:23:14 +0200 Subject: [PATCH 09/10] macsec: fix byte ordering on input/display of 'sci' use get_be64() in place of get_u64() when parsing input 'sci' parameter, so that 'sci' can be entered using network byte order regardless the endianness of target system; use ntohll() when printing out 'sci'. While at it, improve documentation of 'sci' in ip-link.8. Signed-off-by: Davide Caratti --- ip/ipmacsec.c | 8 ++++---- man/man8/ip-link.8.in | 4 +++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c index c75e9d3c..2e670e9e 100644 --- a/ip/ipmacsec.c +++ b/ip/ipmacsec.c @@ -134,7 +134,7 @@ static int get_an(__u8 *val, const char *arg) static int get_sci(__u64 *sci, const char *arg) { - return get_u64(sci, arg, 16); + return get_be64(sci, arg, 16); } static int get_port(__be16 *port, const char *arg) @@ -776,7 +776,7 @@ static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa, struct rtattr *a; int rem; - printf("%sTXSC: %016llx on SA %d\n", prefix, sci, encoding_sa); + printf("%sTXSC: %016llx on SA %d\n", prefix, ntohll(sci), encoding_sa); print_secy_stats(prefix, secy_stats); print_txsc_stats(prefix, txsc_stats); @@ -845,7 +845,7 @@ static void print_rx_sc(const char *prefix, __u64 sci, __u8 active, struct rtattr *a; int rem; - printf("%sRXSC: %016llx, state %s\n", prefix, sci, + printf("%sRXSC: %016llx, state %s\n", prefix, ntohll(sci), values_on_off[!!active]); print_rxsc_stats(prefix, rxsc_stats); @@ -1018,7 +1018,7 @@ static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) if (tb[IFLA_MACSEC_SCI]) { fprintf(f, "sci %016llx ", - rta_getattr_u64(tb[IFLA_MACSEC_SCI])); + ntohll(rta_getattr_u64(tb[IFLA_MACSEC_SCI]))); } print_flag(f, tb, "protect", IFLA_MACSEC_PROTECT); diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 6fb5ad6c..ffc4160a 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -989,7 +989,9 @@ interpreted as octal and hexadecimal, respectively. .sp .BI sci " SCI " -- sets the SCI for this MACsec device. +- sets the secure channel identifier for this MACsec device. +.I SCI +is a 64bit wide number in hexadecimal format. .sp .BI cipher " CIPHER_SUITE " From 3cad6e5f2576cdf903311e964efa2cced1b24c6c Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 1 Sep 2016 09:10:43 -0700 Subject: [PATCH 10/10] update kernel headers from 4.8-rc4 --- include/linux/if_tunnel.h | 3 +++ include/linux/libc-compat.h | 26 ++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/include/linux/if_tunnel.h b/include/linux/if_tunnel.h index 1fa343db..24aa1753 100644 --- a/include/linux/if_tunnel.h +++ b/include/linux/if_tunnel.h @@ -2,6 +2,9 @@ #define _IF_TUNNEL_H_ #include +#include +#include +#include #include diff --git a/include/linux/libc-compat.h b/include/linux/libc-compat.h index 2280d3f1..f38571da 100644 --- a/include/linux/libc-compat.h +++ b/include/linux/libc-compat.h @@ -139,6 +139,25 @@ #endif /* _NETINET_IN_H */ +/* Coordinate with glibc netipx/ipx.h header. */ +#if defined(__NETIPX_IPX_H) + +#define __UAPI_DEF_SOCKADDR_IPX 0 +#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0 +#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0 +#define __UAPI_DEF_IPX_CONFIG_DATA 0 +#define __UAPI_DEF_IPX_ROUTE_DEF 0 + +#else /* defined(__NETIPX_IPX_H) */ + +#define __UAPI_DEF_SOCKADDR_IPX 1 +#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1 +#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1 +#define __UAPI_DEF_IPX_CONFIG_DATA 1 +#define __UAPI_DEF_IPX_ROUTE_DEF 1 + +#endif /* defined(__NETIPX_IPX_H) */ + /* Definitions for xattr.h */ #if defined(_SYS_XATTR_H) #define __UAPI_DEF_XATTR 0 @@ -179,6 +198,13 @@ #define __UAPI_DEF_IN6_PKTINFO 1 #define __UAPI_DEF_IP6_MTUINFO 1 +/* Definitions for ipx.h */ +#define __UAPI_DEF_SOCKADDR_IPX 1 +#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1 +#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1 +#define __UAPI_DEF_IPX_CONFIG_DATA 1 +#define __UAPI_DEF_IPX_ROUTE_DEF 1 + /* Definitions for xattr.h */ #define __UAPI_DEF_XATTR 1