From e5faf729cb647c0c3d69e4e968b72e8fdad1e662 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 27 Jul 2018 13:30:19 -0700 Subject: [PATCH 1/5] ip: show min and max mtu Add min/max MTU to the link details Signed-off-by: Stephen Hemminger --- include/uapi/linux/if_link.h | 2 ++ ip/ipaddress.c | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 26e8cf8b..8456ff25 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -164,6 +164,8 @@ enum { IFLA_CARRIER_UP_COUNT, IFLA_CARRIER_DOWN_COUNT, IFLA_NEW_IFINDEX, + IFLA_MIN_MTU, + IFLA_MAX_MTU, __IFLA_MAX }; diff --git a/ip/ipaddress.c b/ip/ipaddress.c index bcee9ab7..85958e1a 100644 --- a/ip/ipaddress.c +++ b/ip/ipaddress.c @@ -1012,6 +1012,16 @@ int print_linkinfo(const struct sockaddr_nl *who, " promiscuity %u ", rta_getattr_u32(tb[IFLA_PROMISCUITY])); + if (tb[IFLA_MIN_MTU]) + print_uint(PRINT_ANY, + "min_mtu", "minmtu %u ", + rta_getattr_u32(tb[IFLA_MIN_MTU])); + + if (tb[IFLA_MAX_MTU]) + print_uint(PRINT_ANY, + "max_mtu", "maxmtu %u ", + rta_getattr_u32(tb[IFLA_MAX_MTU])); + if (tb[IFLA_LINKINFO]) print_linktype(fp, tb[IFLA_LINKINFO]); From 8a03a2f36f767bd36b22929c78a370bd43059aee Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 15 Aug 2018 11:18:26 +0200 Subject: [PATCH 2/5] man: ip-route: Clarify referenced versions are Linux ones Versioning scheme of Linux and iproute2 is similar, therefore the referenced kernel versions are likely to confuse readers. Clarify this by prefixing each kernel version by 'Linux' prefix. Signed-off-by: Phil Sutter Signed-off-by: Stephen Hemminger --- man/man8/ip-route.8.in | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in index b21a8472..a33ce1f0 100644 --- a/man/man8/ip-route.8.in +++ b/man/man8/ip-route.8.in @@ -483,43 +483,43 @@ seconds and ms, msec or msecs to specify milliseconds. .TP -.BI rttvar " TIME " "(2.3.15+ only)" +.BI rttvar " TIME " "(Linux 2.3.15+ only)" the initial RTT variance estimate. Values are specified as with .BI rtt above. .TP -.BI rto_min " TIME " "(2.6.23+ only)" +.BI rto_min " TIME " "(Linux 2.6.23+ only)" the minimum TCP Retransmission TimeOut to use when communicating with this destination. Values are specified as with .BI rtt above. .TP -.BI ssthresh " NUMBER " "(2.3.15+ only)" +.BI ssthresh " NUMBER " "(Linux 2.3.15+ only)" an estimate for the initial slow start threshold. .TP -.BI cwnd " NUMBER " "(2.3.15+ only)" +.BI cwnd " NUMBER " "(Linux 2.3.15+ only)" the clamp for congestion window. It is ignored if the .B lock flag is not used. .TP -.BI initcwnd " NUMBER " "(2.5.70+ only)" +.BI initcwnd " NUMBER " "(Linux 2.5.70+ only)" the initial congestion window size for connections to this destination. Actual window size is this value multiplied by the MSS (``Maximal Segment Size'') for same connection. The default is zero, meaning to use the values specified in RFC2414. .TP -.BI initrwnd " NUMBER " "(2.6.33+ only)" +.BI initrwnd " NUMBER " "(Linux 2.6.33+ only)" the initial receive window size for connections to this destination. Actual window size is this value multiplied by the MSS of the connection. The default value is zero, meaning to use Slow Start value. .TP -.BI features " FEATURES " (3.18+ only) +.BI features " FEATURES " (Linux 3.18+ only) Enable or disable per-route features. Only available feature at this time is .B ecn @@ -531,17 +531,17 @@ also be used even if the sysctl is set to 0. .TP -.BI quickack " BOOL " "(3.11+ only)" +.BI quickack " BOOL " "(Linux 3.11+ only)" Enable or disable quick ack for connections to this destination. .TP -.BI fastopen_no_cookie " BOOL " "(4.15+ only)" +.BI fastopen_no_cookie " BOOL " "(Linux 4.15+ only)" Enable TCP Fastopen without a cookie for connections to this destination. .TP -.BI congctl " NAME " "(3.20+ only)" +.BI congctl " NAME " "(Linux 3.20+ only)" .TP -.BI "congctl lock" " NAME " "(3.20+ only)" +.BI "congctl lock" " NAME " "(Linux 3.20+ only)" Sets a specific TCP congestion control algorithm only for a given destination. If not specified, Linux keeps the current global default TCP congestion control algorithm, or the one set from the application. If the modifier @@ -554,14 +554,14 @@ control algorithm for that destination, thus it will be enforced/guaranteed to use the proposed algorithm. .TP -.BI advmss " NUMBER " "(2.3.15+ only)" +.BI advmss " NUMBER " "(Linux 2.3.15+ only)" the MSS ('Maximal Segment Size') to advertise to these destinations when establishing TCP connections. If it is not given, Linux uses a default value calculated from the first hop device MTU. (If the path to these destination is asymmetric, this guess may be wrong.) .TP -.BI reordering " NUMBER " "(2.3.15+ only)" +.BI reordering " NUMBER " "(Linux 2.3.15+ only)" Maximal reordering on the path to this destination. If it is not given, Linux uses the value selected with .B sysctl @@ -782,7 +782,7 @@ is a set of encapsulation attributes specific to the .IR SEG6_ACTION " [ " .IR SEG6_ACTION_PARAM " ] " - Operation to perform on matching packets. -The following actions are currently supported (\fB4.14+ only\fR). +The following actions are currently supported (\fBLinux 4.14+ only\fR). .in +2 .B End @@ -830,7 +830,7 @@ address is set as described in \fBip-sr\fR(8). .in -8 .TP -.BI expires " TIME " "(4.4+ only)" +.BI expires " TIME " "(Linux 4.4+ only)" the route will be deleted after the expires time. .B Only support IPv6 at present. From 38d209ecf2ae966b9b25de4acb60cdffb0e06ced Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 14 Aug 2018 14:18:06 +0200 Subject: [PATCH 3/5] ss: Review ssfilter The original problem was ssfilter rejecting single expressions if enclosed in braces, such as: | sport = 22 or ( dport = 22 ) This is fixed by allowing 'expr' to be an 'exprlist' enclosed in braces. The no longer required recursion in 'exprlist' being an 'exprlist' enclosed in braces is dropped. In addition to that, a few other things are changed: * Remove pointless 'null' prefix in 'appled' before 'exprlist'. * For simple equals matches, '=' operator was required for ports but not allowed for hosts. Make this consistent by making '=' operator optional in both cases. Reported-by: Samuel Mannehed Fixes: b2038cc0b2403 ("ssfilter: Eliminate shift/reduce conflicts") Signed-off-by: Phil Sutter Signed-off-by: Stephen Hemminger --- misc/ssfilter.y | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/misc/ssfilter.y b/misc/ssfilter.y index 88d4229a..0413ddda 100644 --- a/misc/ssfilter.y +++ b/misc/ssfilter.y @@ -42,24 +42,22 @@ static void yyerror(char *s) %nonassoc '!' %% -applet: null exprlist +applet: exprlist { - *yy_ret = $2; - $$ = $2; + *yy_ret = $1; + $$ = $1; } | null ; + null: /* NOTHING */ { $$ = NULL; } ; + exprlist: expr | '!' expr { $$ = alloc_node(SSF_NOT, $2); } - | '(' exprlist ')' - { - $$ = $2; - } | exprlist '|' expr { $$ = alloc_node(SSF_OR, $1); @@ -77,13 +75,21 @@ exprlist: expr } ; -expr: DCOND HOSTCOND +eq: '=' + | /* nothing */ + ; + +expr: '(' exprlist ')' + { + $$ = $2; + } + | DCOND eq HOSTCOND { - $$ = alloc_node(SSF_DCOND, $2); + $$ = alloc_node(SSF_DCOND, $3); } - | SCOND HOSTCOND + | SCOND eq HOSTCOND { - $$ = alloc_node(SSF_SCOND, $2); + $$ = alloc_node(SSF_SCOND, $3); } | DPORT GEQ HOSTCOND { @@ -101,7 +107,7 @@ expr: DCOND HOSTCOND { $$ = alloc_node(SSF_NOT, alloc_node(SSF_D_GE, $3)); } - | DPORT '=' HOSTCOND + | DPORT eq HOSTCOND { $$ = alloc_node(SSF_DCOND, $3); } @@ -126,7 +132,7 @@ expr: DCOND HOSTCOND { $$ = alloc_node(SSF_NOT, alloc_node(SSF_S_GE, $3)); } - | SPORT '=' HOSTCOND + | SPORT eq HOSTCOND { $$ = alloc_node(SSF_SCOND, $3); } @@ -134,7 +140,7 @@ expr: DCOND HOSTCOND { $$ = alloc_node(SSF_NOT, alloc_node(SSF_SCOND, $3)); } - | DEVNAME '=' DEVCOND + | DEVNAME eq DEVCOND { $$ = alloc_node(SSF_DEVCOND, $3); } @@ -142,7 +148,7 @@ expr: DCOND HOSTCOND { $$ = alloc_node(SSF_NOT, alloc_node(SSF_DEVCOND, $3)); } - | FWMARK '=' MARKMASK + | FWMARK eq MARKMASK { $$ = alloc_node(SSF_MARKMASK, $3); } From 744bd07662c09db406be79c0be7ec7698be5283e Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 14 Aug 2018 14:18:07 +0200 Subject: [PATCH 4/5] testsuite: Prepare for ss tests This merges the shared bits from ts_tc() and ts_ip() into a common function for being wrapped by the first ones and adds a third ts_ss() for testing ss commands. Signed-off-by: Phil Sutter Signed-off-by: Stephen Hemminger --- testsuite/Makefile | 2 +- testsuite/lib/generic.sh | 37 ++++++++++++++----------------------- 2 files changed, 15 insertions(+), 24 deletions(-) diff --git a/testsuite/Makefile b/testsuite/Makefile index 2a54e5c8..8fcbc557 100644 --- a/testsuite/Makefile +++ b/testsuite/Makefile @@ -65,7 +65,7 @@ endif TMP_ERR=`mktemp /tmp/tc_testsuite.XXXXXX`; \ TMP_OUT=`mktemp /tmp/tc_testsuite.XXXXXX`; \ STD_ERR="$$TMP_ERR" STD_OUT="$$TMP_OUT" \ - TC="$$i/tc/tc" IP="$$i/ip/ip" DEV="$(DEV)" IPVER="$@" SNAME="$$i" \ + TC="$$i/tc/tc" IP="$$i/ip/ip" SS=$$i/misc/ss DEV="$(DEV)" IPVER="$@" SNAME="$$i" \ ERRF="$(RESULTS_DIR)/$@.$$o.err" $(KENV) $(PREFIX) tests/$@ > $(RESULTS_DIR)/$@.$$o.out; \ if [ "$$?" = "127" ]; then \ echo "SKIPPED"; \ diff --git a/testsuite/lib/generic.sh b/testsuite/lib/generic.sh index 8cef20fa..f92260fc 100644 --- a/testsuite/lib/generic.sh +++ b/testsuite/lib/generic.sh @@ -26,16 +26,17 @@ ts_skip() exit 127 } -ts_tc() +__ts_cmd() { + CMD=$1; shift SCRIPT=$1; shift DESC=$1; shift - $TC $@ 2> $STD_ERR > $STD_OUT + $CMD $@ 2> $STD_ERR > $STD_OUT if [ -s $STD_ERR ]; then ts_err "${SCRIPT}: ${DESC} failed:" - ts_err "command: $TC $@" + ts_err "command: $CMD $@" ts_err "stderr output:" ts_err_cat $STD_ERR if [ -s $STD_OUT ]; then @@ -50,29 +51,19 @@ ts_tc() fi } +ts_tc() +{ + __ts_cmd "$TC" "$@" +} + ts_ip() { - SCRIPT=$1; shift - DESC=$1; shift + __ts_cmd "$IP" "$@" +} - $IP $@ 2> $STD_ERR > $STD_OUT - RET=$? - - if [ -s $STD_ERR ] || [ "$RET" != "0" ]; then - ts_err "${SCRIPT}: ${DESC} failed:" - ts_err "command: $IP $@" - ts_err "stderr output:" - ts_err_cat $STD_ERR - if [ -s $STD_OUT ]; then - ts_err "stdout output:" - ts_err_cat $STD_OUT - fi - elif [ -s $STD_OUT ]; then - echo "${SCRIPT}: ${DESC} succeeded with output:" - cat $STD_OUT - else - echo "${SCRIPT}: ${DESC} succeeded" - fi +ts_ss() +{ + __ts_cmd "$SS" "$@" } ts_qdisc_available() From d67eb4fbf89eb6d9a037dea1b691b449a07d898c Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Tue, 14 Aug 2018 14:18:08 +0200 Subject: [PATCH 5/5] testsuite: Add a first ss test validating ssfilter This tests a few ssfilter expressions by selecting sockets from a TCP dump file. The dump was created using the following command: | ss -ntaD testsuite/tests/ss/ss1.dump It is fed into ss via TCPDIAG_FILE environment variable. Signed-off-by: Phil Sutter Signed-off-by: Stephen Hemminger --- testsuite/tests/ss/ss1.dump | Bin 0 -> 720 bytes testsuite/tests/ss/ssfilter.t | 48 ++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 testsuite/tests/ss/ss1.dump create mode 100755 testsuite/tests/ss/ssfilter.t diff --git a/testsuite/tests/ss/ss1.dump b/testsuite/tests/ss/ss1.dump new file mode 100644 index 0000000000000000000000000000000000000000..9c273231c78418593cabda324ca20d5a6d41e1aa GIT binary patch literal 720 zcmYdbU|Nin11kdun3n(~QOsv#0-E2u z3TO>b6#}61K{9Mm>1mU45ek8<2e$al?_I?phHf4@A7mgq)YMKS^IrfxbkZgGJtnxD>cjP}t=IBMn#FbAjW2%?&j3 Wu$m7G%#dh=`5=oj%@O8f3p)VpCN7Tv literal 0 HcmV?d00001 diff --git a/testsuite/tests/ss/ssfilter.t b/testsuite/tests/ss/ssfilter.t new file mode 100755 index 00000000..e74f1765 --- /dev/null +++ b/testsuite/tests/ss/ssfilter.t @@ -0,0 +1,48 @@ +#!/bin/sh + +. lib/generic.sh + +# % ./misc/ss -Htna +# LISTEN 0 128 0.0.0.0:22 0.0.0.0:* +# ESTAB 0 0 10.0.0.1:22 10.0.0.1:36266 +# ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22 +# ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312 +export TCPDIAG_FILE="$(dirname $0)/ss1.dump" + +ts_log "[Testing ssfilter]" + +ts_ss "$0" "Match dport = 22" -Htna dport = 22 +test_on "ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22" + +ts_ss "$0" "Match dport 22" -Htna dport 22 +test_on "ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22" + +ts_ss "$0" "Match (dport)" -Htna '( dport = 22 )' +test_on "ESTAB 0 0 10.0.0.1:36266 10.0.0.1:22" + +ts_ss "$0" "Match src = 0.0.0.0" -Htna src = 0.0.0.0 +test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*" + +ts_ss "$0" "Match src 0.0.0.0" -Htna src 0.0.0.0 +test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*" + +ts_ss "$0" "Match src sport" -Htna src 0.0.0.0 sport = 22 +test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*" + +ts_ss "$0" "Match src and sport" -Htna src 0.0.0.0 and sport = 22 +test_on "LISTEN 0 128 0.0.0.0:22 0.0.0.0:*" + +ts_ss "$0" "Match src and sport and dport" -Htna src 10.0.0.1 and sport = 22 and dport = 50312 +test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312" + +ts_ss "$0" "Match src and sport and (dport)" -Htna 'src 10.0.0.1 and sport = 22 and ( dport = 50312 )' +test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312" + +ts_ss "$0" "Match src and (sport and dport)" -Htna 'src 10.0.0.1 and ( sport = 22 and dport = 50312 )' +test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312" + +ts_ss "$0" "Match (src and sport) and dport" -Htna '( src 10.0.0.1 and sport = 22 ) and dport = 50312' +test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312" + +ts_ss "$0" "Match (src or src) and dst" -Htna '( src 0.0.0.0 or src 10.0.0.1 ) and dst 10.0.0.2' +test_on "ESTAB 0 0 10.0.0.1:22 10.0.0.2:50312"