From a05b9557f48e23e69a4c1a597f2f288f133ef170 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Fri, 13 Jan 2017 13:06:19 +0100 Subject: [PATCH 1/9] tc: m_xt: Drop needless parentheses from #if checks Signed-off-by: Phil Sutter --- tc/m_xt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tc/m_xt.c b/tc/m_xt.c index 57ed40d7..e59df8e1 100644 --- a/tc/m_xt.c +++ b/tc/m_xt.c @@ -77,7 +77,7 @@ static struct xtables_globals tcipt_globals = { .orig_opts = original_opts, .opts = original_opts, .exit_err = NULL, -#if (XTABLES_VERSION_CODE >= 11) +#if XTABLES_VERSION_CODE >= 11 .compat_rev = xtables_compatible_revision, #endif }; @@ -126,7 +126,7 @@ static int get_xtables_target_opts(struct xtables_globals *globals, { struct option *opts; -#if (XTABLES_VERSION_CODE >= 6) +#if XTABLES_VERSION_CODE >= 6 opts = xtables_options_xfrm(globals->orig_opts, globals->opts, m->x6_options, @@ -204,7 +204,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, break; default: -#if (XTABLES_VERSION_CODE >= 6) +#if XTABLES_VERSION_CODE >= 6 if (m != NULL && m->x6_parse != NULL) { xtables_option_tpcall(c, argv, 0, m, NULL); #else @@ -242,7 +242,7 @@ static int parse_ipt(struct action_util *a, int *argc_p, } /* check that we passed the correct parameters to the target */ -#if (XTABLES_VERSION_CODE >= 6) +#if XTABLES_VERSION_CODE >= 6 if (m) xtables_option_tfcall(m); #else From 530903dd9003492edb0714e937ad4a5d1219e376 Mon Sep 17 00:00:00 2001 From: Petr Vorel Date: Tue, 17 Jan 2017 00:25:50 +0100 Subject: [PATCH 2/9] ip: fix igmp parsing when iface is long Entries with long vhost names in /proc/net/igmp have no whitespace between name and colon, so sscanf() adds it to vhost and 'ip maddr show iface' doesn't include inet result. Signed-off-by: Petr Vorel --- ip/ipmaddr.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c index 22eb407b..4f726fdd 100644 --- a/ip/ipmaddr.c +++ b/ip/ipmaddr.c @@ -136,13 +136,17 @@ static void read_igmp(struct ma_info **result_p) while (fgets(buf, sizeof(buf), fp)) { struct ma_info *ma; + size_t len; if (buf[0] != '\t') { sscanf(buf, "%d%s", &m.index, m.name); + len = strlen(m.name); + if (m.name[len - 1] == ':') + len--; continue; } - if (filter.dev && strcmp(filter.dev, m.name)) + if (filter.dev && strncmp(filter.dev, m.name, len)) continue; sscanf(buf, "%08x%d", (__u32 *)&m.addr.data, &m.users); From 1c570c50a362bd0cdf1c08874137d485fae3f5e4 Mon Sep 17 00:00:00 2001 From: Jamal Hadi Salim Date: Sat, 14 Jan 2017 17:04:43 -0500 Subject: [PATCH 3/9] utils: make hex2mem available to all users hex2mem() api is useful for parsing hexstrings which are then packed in a stream of chars. Signed-off-by: Jamal Hadi Salim --- include/utils.h | 1 + ip/ipl2tp.c | 25 ------------------------- lib/utils.c | 25 +++++++++++++++++++++++++ 3 files changed, 26 insertions(+), 25 deletions(-) diff --git a/include/utils.h b/include/utils.h index dc1d6b96..22369e0b 100644 --- a/include/utils.h +++ b/include/utils.h @@ -118,6 +118,7 @@ int get_be32(__be32 *val, const char *arg, int base); int get_be16(__be16 *val, const char *arg, int base); int get_addr64(__u64 *ap, const char *cp); +int hex2mem(const char *buf, uint8_t *mem, int count); char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen); __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len); #define ADDR64_BUF_SIZE sizeof("xxxx:xxxx:xxxx:xxxx") diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c index 0f91aebf..88664c90 100644 --- a/ip/ipl2tp.c +++ b/ip/ipl2tp.c @@ -485,31 +485,6 @@ static int get_tunnel(struct l2tp_data *p) * Command parser *****************************************************************************/ -static int hex2mem(const char *buf, uint8_t *mem, int count) -{ - int i, j; - int c; - - for (i = 0, j = 0; i < count; i++, j += 2) { - c = get_hex(buf[j]); - if (c < 0) - goto err; - - mem[i] = c << 4; - - c = get_hex(buf[j + 1]); - if (c < 0) - goto err; - - mem[i] |= c; - } - - return 0; - -err: - return -1; -} - static void usage(void) __attribute__((noreturn)); static void usage(void) diff --git a/lib/utils.c b/lib/utils.c index 83c9d097..870c4f1b 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -962,6 +962,31 @@ __u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len) return buf; } +int hex2mem(const char *buf, uint8_t *mem, int count) +{ + int i, j; + int c; + + for (i = 0, j = 0; i < count; i++, j += 2) { + c = get_hex(buf[j]); + if (c < 0) + goto err; + + mem[i] = c << 4; + + c = get_hex(buf[j + 1]); + if (c < 0) + goto err; + + mem[i] |= c; + } + + return 0; + +err: + return -1; +} + int addr64_n2a(__u64 addr, char *buff, size_t len) { __u16 *words = (__u16 *)&addr; From b2141de1ad98517ffecc1feb99800cd36a26fd22 Mon Sep 17 00:00:00 2001 From: Roi Dayan Date: Sun, 15 Jan 2017 16:23:49 +0200 Subject: [PATCH 4/9] tc: flower: Fix flower output for src and dst ports This fix a missing use case after the introduction of enum flower_endpoint. Fixes: 6910d65661a3 ("tc: flower: introduce enum flower_endpoint") Signed-off-by: Roi Dayan Signed-off-by: Paul Blakey --- tc/f_flower.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tc/f_flower.c b/tc/f_flower.c index 71e9515f..1dbc5320 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -744,10 +744,10 @@ static int flower_print_opt(struct filter_util *qu, FILE *f, tb[TCA_FLOWER_KEY_IPV6_SRC], tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]); - nl_type = flower_port_attr_type(ip_proto, false); + nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST); if (nl_type >= 0) flower_print_port(f, "dst_port", tb[nl_type]); - nl_type = flower_port_attr_type(ip_proto, true); + nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC); if (nl_type >= 0) flower_print_port(f, "src_port", tb[nl_type]); From c3d09fba935857e9464fc18039b4d80b4f3f4a09 Mon Sep 17 00:00:00 2001 From: Jiri Benc Date: Wed, 18 Jan 2017 13:37:25 +0100 Subject: [PATCH 5/9] Revert "man pages: add man page for skbmod action" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit a40995d1c79e5a1b8711f6cd26eca9807fc4dd50. The patch is missing the actual tc-skbmod.8 file which causes 'make install' to fail: install -m 0755 -d /tmp/ip/usr/share/man/man8 install -m 0644 ip-address.8 ip-link.8 ip-route.8 ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.8 tc.8 tc-bfifo.8 tc-bpf.8 tc-cbq.8 tc-cbq-details.8 tc-choke.8 tc-codel.8 tc-fq.8 tc-drr.8 tc-ematch.8 tc-fq_codel.8 tc-hfsc.8 tc-htb.8 tc-pie.8 tc-mqprio.8 tc-netem.8 tc-pfifo.8 tc-pfifo_fast.8 tc-prio.8 tc-red.8 tc-sfb.8 tc-sfq.8 tc-stab.8 tc-tbf.8 bridge.8 rtstat.8 ctstat.8 nstat.8 routef.8 ip-addrlabel.8 ip-fou.8 ip-gue.8 ip-l2tp.8 ip-macsec.8 ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8 ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 ip-tcp_metrics.8 ip-netconf.8 ip-token.8 tipc.8 tipc-bearer.8 tipc-link.8 tipc-media.8 tipc-nametable.8 tipc-node.8 tipc-socket.8 tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 tc-tcindex.8 tc-u32.8 tc-matchall.8 tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 tc-skbmod.8 tc-tunnel_key.8 devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8 /tmp/ip/usr/share/man/man8 install: cannot stat ‘tc-skbmod.8’: No such file or directory make[2]: *** [install] Error 1 make[1]: *** [install] Error 2 Signed-off-by: Jiri Benc --- man/man8/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/man8/Makefile b/man/man8/Makefile index d4cb01ac..77d347ca 100644 --- a/man/man8/Makefile +++ b/man/man8/Makefile @@ -16,7 +16,7 @@ MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss. tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \ tc-tcindex.8 tc-u32.8 tc-matchall.8 \ tc-connmark.8 tc-csum.8 tc-mirred.8 tc-nat.8 tc-pedit.8 tc-police.8 \ - tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 tc-skbmod.8 \ + tc-simple.8 tc-skbedit.8 tc-vlan.8 tc-xt.8 tc-ife.8 \ tc-tunnel_key.8 \ devlink.8 devlink-dev.8 devlink-monitor.8 devlink-port.8 devlink-sb.8 From d5eb0564da494e618ad4654abd93461e5e8bbae0 Mon Sep 17 00:00:00 2001 From: Alexander Heinlein Date: Mon, 16 Jan 2017 14:48:25 +0100 Subject: [PATCH 6/9] ip/xfrm: Fix deleteall when having many policies installed Fix "Policy buffer overflow" when trying to use deleteall with many policies installed. Signed-off-by: Alexander Heinlein Signed-off-by: Stephen Hemminger --- ip/xfrm_policy.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c index cc9c0f1f..451b9822 100644 --- a/ip/xfrm_policy.c +++ b/ip/xfrm_policy.c @@ -732,10 +732,8 @@ static int xfrm_policy_keep(const struct sockaddr_nl *who, if (!xfrm_policy_filter_match(xpinfo, ptype)) return 0; - if (xb->offset > xb->size) { - fprintf(stderr, "Policy buffer overflow\n"); - return -1; - } + if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size) + return 0; new_n = (struct nlmsghdr *)(xb->buf + xb->offset); new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid)); From 6166cc35be0fc8124c4232397e27759170c6b0f7 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 20 Jan 2017 09:26:27 -0800 Subject: [PATCH 7/9] update kernel headers (from 4.10-rc4) Signed-off-by: Stephen Hemminger --- include/linux/pkt_cls.h | 2 +- include/linux/tc_act/tc_bpf.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index fef68c4c..af17f3c7 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h @@ -343,7 +343,7 @@ enum { TCA_BPF_NAME, TCA_BPF_FLAGS, TCA_BPF_FLAGS_GEN, - TCA_BPF_DIGEST, + TCA_BPF_TAG, __TCA_BPF_MAX, }; diff --git a/include/linux/tc_act/tc_bpf.h b/include/linux/tc_act/tc_bpf.h index a6b88a6f..975b50dc 100644 --- a/include/linux/tc_act/tc_bpf.h +++ b/include/linux/tc_act/tc_bpf.h @@ -27,7 +27,7 @@ enum { TCA_ACT_BPF_FD, TCA_ACT_BPF_NAME, TCA_ACT_BPF_PAD, - TCA_ACT_BPF_DIGEST, + TCA_ACT_BPF_TAG, __TCA_ACT_BPF_MAX, }; #define TCA_ACT_BPF_MAX (__TCA_ACT_BPF_MAX - 1) From c85609b25faff034d450b0106fac7932d6acf124 Mon Sep 17 00:00:00 2001 From: Roi Dayan Date: Thu, 19 Jan 2017 14:31:19 +0200 Subject: [PATCH 8/9] tc: flower: Add missing err check when parsing flower options addattr32 may return an error. Fixes: cfcabf18d84a ("tc: flower: Add skip_{hw|sw} support") Signed-off-by: Roi Dayan Reviewed-by: Paul Blakey --- tc/f_flower.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tc/f_flower.c b/tc/f_flower.c index 1dbc5320..1272a471 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -525,7 +525,9 @@ static int flower_parse_opt(struct filter_util *qu, char *handle, } parse_done: - addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); + ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags); + if (ret) + return ret; ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); if (ret) { From 00697ca19ae3e1118f2af82c3b41ac4335fe918b Mon Sep 17 00:00:00 2001 From: Roi Dayan Date: Thu, 19 Jan 2017 14:31:20 +0200 Subject: [PATCH 9/9] tc: flower: Fix incorrect error msg about eth type addattr16 may return an error about the nl msg size but not about incorrect eth type. Fixes: 488b41d020fb ("tc: flower no need to specify the ethertype") Signed-off-by: Roi Dayan Reviewed-by: Paul Blakey --- tc/f_flower.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tc/f_flower.c b/tc/f_flower.c index 1272a471..314c2dd1 100644 --- a/tc/f_flower.c +++ b/tc/f_flower.c @@ -530,11 +530,8 @@ parse_done: return ret; ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type); - if (ret) { - fprintf(stderr, "Illegal \"eth_type\"(0x%x)\n", - ntohs(eth_type)); - return -1; - } + if (ret) + return ret; tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;