From 9414cd6d380c3a9317b6912c14e571fb5b5a4f62 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Sat, 8 Mar 2008 13:29:35 -0800 Subject: [PATCH 01/14] revert earlier mistake ALGO_NAME is okay Revert "I found out when I was writing manual page, that options ALGO_NAME and" This reverts commit 8a1485bb21bf84a7932ca849e29300853e647afc. --- ip/xfrm_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c index 93b4a2a1..0e212033 100644 --- a/ip/xfrm_state.c +++ b/ip/xfrm_state.c @@ -88,7 +88,7 @@ static void usage(void) fprintf(stderr, "ENCAP-TYPE := espinudp | espinudp-nonike\n"); fprintf(stderr, "ALGO-LIST := [ ALGO-LIST ] | [ ALGO ]\n"); - fprintf(stderr, "ALGO := ALGO_TYPE\n"); + fprintf(stderr, "ALGO := ALGO_TYPE ALGO_NAME ALGO_KEY\n"); fprintf(stderr, "ALGO_TYPE := [ "); fprintf(stderr, "%s | ", strxf_algotype(XFRMA_ALG_CRYPT)); fprintf(stderr, "%s | ", strxf_algotype(XFRMA_ALG_AUTH)); From bccd5f28a65e9c85b45bf9692361890d4e2f23c6 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Sat, 8 Mar 2008 13:31:03 -0800 Subject: [PATCH 02/14] Update address of FSF in license The COPYING file had out of date FSF address. --- COPYING | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/COPYING b/COPYING index 2b7b643f..3912109b 100644 --- a/COPYING +++ b/COPYING @@ -2,7 +2,7 @@ Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -11,7 +11,7 @@ The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This +software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by @@ -19,7 +19,7 @@ the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you +price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it @@ -201,7 +201,7 @@ otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent +may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to @@ -239,7 +239,7 @@ of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. -Each version is given a distinguishing version number. If the Program +Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free @@ -249,7 +249,7 @@ Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free +to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and @@ -291,7 +291,7 @@ convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. - Copyright (C) 19yy + Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -305,7 +305,7 @@ the "copyright" line and a pointer to where the full notice is found. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. @@ -313,7 +313,7 @@ Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: - Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. From 3d866ba2650d424faca3ea1c3fc89ba519019998 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Fri, 14 Mar 2008 15:30:03 -0700 Subject: [PATCH 03/14] IP link state show enhancements Show operational state (carrier), as well as fixing functions to be static and use similar API. --- ip/ipaddress.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/ip/ipaddress.c b/ip/ipaddress.c index 0a34ace2..59c71c83 100644 --- a/ip/ipaddress.c +++ b/ip/ipaddress.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #include @@ -114,7 +115,20 @@ void print_link_flags(FILE *fp, unsigned flags, unsigned mdown) fprintf(fp, "> "); } -void print_queuelen(char *name) +static const char *oper_states[] = { + "UNKNOWN", "NOTPRESENT", "DOWN", "LOWERLAYERDOWN", + "TESTING", "DORMANT", "UP" +}; + +static void print_operstate(FILE *f, __u8 state) +{ + if (state >= sizeof(oper_states)/sizeof(oper_states[0])) + fprintf(f, "state %#x ", state); + else + fprintf(f, "state %s ", oper_states[state]); +} + +static void print_queuelen(FILE *f, const char *name) { struct ifreq ifr; int s; @@ -126,14 +140,14 @@ void print_queuelen(char *name) memset(&ifr, 0, sizeof(ifr)); strcpy(ifr.ifr_name, name); if (ioctl(s, SIOCGIFTXQLEN, &ifr) < 0) { - perror("SIOCGIFXQLEN"); + fprintf(f, "ioctl(SIOCGIFXQLEN) failed: %s\n", strerror(errno)); close(s); return; } close(s); if (ifr.ifr_qlen) - printf("qlen %d", ifr.ifr_qlen); + fprintf(f, "qlen %d", ifr.ifr_qlen); } static void print_linktype(FILE *fp, struct rtattr *tb) @@ -233,8 +247,11 @@ int print_linkinfo(const struct sockaddr_nl *who, fprintf(fp, "master %s ", ll_idx_n2a(*(int*)RTA_DATA(tb[IFLA_MASTER]), b1)); } #endif + if (tb[IFLA_OPERSTATE]) + print_operstate(fp, *(__u8 *)RTA_DATA(tb[IFLA_OPERSTATE])); + if (filter.showqueue) - print_queuelen((char*)RTA_DATA(tb[IFLA_IFNAME])); + print_queuelen(fp, (char*)RTA_DATA(tb[IFLA_IFNAME])); if (!filter.family || filter.family == AF_PACKET) { SPRINT_BUF(b1); @@ -514,7 +531,7 @@ struct nlmsg_list struct nlmsghdr h; }; -int print_selected_addrinfo(int ifindex, struct nlmsg_list *ainfo, FILE *fp) +static int print_selected_addrinfo(int ifindex, struct nlmsg_list *ainfo, FILE *fp) { for ( ;ainfo ; ainfo = ainfo->next) { struct nlmsghdr *n = &ainfo->h; @@ -557,7 +574,7 @@ static int store_nlmsg(const struct sockaddr_nl *who, struct nlmsghdr *n, return 0; } -int ipaddr_list_or_flush(int argc, char **argv, int flush) +static int ipaddr_list_or_flush(int argc, char **argv, int flush) { struct nlmsg_list *linfo = NULL; struct nlmsg_list *ainfo = NULL; @@ -795,7 +812,7 @@ void ipaddr_reset_filter(int oneline) filter.oneline = oneline; } -int default_scope(inet_prefix *lcl) +static int default_scope(inet_prefix *lcl) { if (lcl->family == AF_INET) { if (lcl->bytelen >= 1 && *(__u8*)&lcl->data == 127) @@ -804,7 +821,7 @@ int default_scope(inet_prefix *lcl) return 0; } -int ipaddr_modify(int cmd, int flags, int argc, char **argv) +static int ipaddr_modify(int cmd, int flags, int argc, char **argv) { struct { struct nlmsghdr n; From eddde1101c6f906b61011bbf787c4006c9ca5b30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?YOSHIFUJI=20Hideaki=20/=20=E5=90=89=E8=97=A4=E8=8B=B1?= =?UTF-8?q?=E6=98=8E?= Date: Thu, 13 Mar 2008 11:17:54 -0400 Subject: [PATCH 04/14] Add more aliases for tunnel subcommand. Add more aliases to synchronize IPv4 and IPv6 tunnel command, e.g., IPv4: hoplimit (alias to ttl), tclass (alias to tos) IPv6: dsfield, tos (alias to tc, or tclass), ttl (alias to hoplimit) Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: Stephen Hemminger --- ip/ip6tunnel.c | 42 ++++++++++++++++++++++++------------------ ip/iptunnel.c | 4 +++- 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c index cbbdf9d2..8421983b 100644 --- a/ip/ip6tunnel.c +++ b/ip/ip6tunnel.c @@ -55,17 +55,17 @@ static void usage(void) fprintf(stderr, " [ mode { ip6ip6 | ipip6 | any } ]\n"); fprintf(stderr, " [ remote ADDR local ADDR ] [ dev PHYS_DEV ]\n"); fprintf(stderr, " [ encaplimit ELIM ]\n"); - fprintf(stderr ," [ hoplimit HLIM ] [ tc TC ] [ fl FL ]\n"); + fprintf(stderr ," [ hoplimit TTL ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n"); fprintf(stderr, " [ dscp inherit ]\n"); fprintf(stderr, "\n"); - fprintf(stderr, "Where: NAME := STRING\n"); - fprintf(stderr, " ADDR := IPV6_ADDRESS\n"); - fprintf(stderr, " ELIM := { none | 0..255 }(default=%d)\n", + fprintf(stderr, "Where: NAME := STRING\n"); + fprintf(stderr, " ADDR := IPV6_ADDRESS\n"); + fprintf(stderr, " ELIM := { none | 0..255 }(default=%d)\n", IPV6_DEFAULT_TNL_ENCAP_LIMIT); - fprintf(stderr, " HLIM := 0..255 (default=%d)\n", + fprintf(stderr, " TTL := 0..255 (default=%d)\n", DEFAULT_TNL_HOP_LIMIT); - fprintf(stderr, " TC := { 0x0..0xff | inherit }\n"); - fprintf(stderr, " FL := { 0x0..0xfffff | inherit }\n"); + fprintf(stderr, " TOS := { 0x0..0xff | inherit }\n"); + fprintf(stderr, " FLOWLABEL := { 0x0..0xfffff | inherit }\n"); exit(-1); } @@ -93,16 +93,16 @@ static void print_tunnel(struct ip6_tnl_parm *p) printf(" hoplimit %u", p->hop_limit); if (p->flags & IP6_TNL_F_USE_ORIG_TCLASS) - printf(" tc inherit"); + printf(" tclass inherit"); else { __u32 val = ntohl(p->flowinfo & IP6_FLOWINFO_TCLASS); - printf(" tc 0x%02x", (__u8)(val >> 20)); + printf(" tclass 0x%02x", (__u8)(val >> 20)); } if (p->flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) - printf(" fl inherit"); + printf(" flowlabel inherit"); else - printf(" fl 0x%05x", ntohl(p->flowinfo & IP6_FLOWINFO_FLOWLABEL)); + printf(" flowlabel 0x%05x", ntohl(p->flowinfo & IP6_FLOWINFO_FLOWLABEL)); printf(" (flowinfo 0x%08x)", ntohl(p->flowinfo)); @@ -161,33 +161,39 @@ static int parse_args(int argc, char **argv, struct ip6_tnl_parm *p) invarg("invalid ELIM", *argv); p->encap_limit = uval; } - } else if (strcmp(*argv, "hoplimit") == 0) { + } else if (strcmp(*argv, "hoplimit") == 0 || + strcmp(*argv, "ttl") == 0 || + strcmp(*argv, "hlim") == 0) { __u8 uval; NEXT_ARG(); if (get_u8(&uval, *argv, 0)) - invarg("invalid HLIM", *argv); + invarg("invalid TTL", *argv); p->hop_limit = uval; - } else if (strcmp(*argv, "tc") == 0) { + } else if (strcmp(*argv, "tclass") == 0 || + strcmp(*argv, "tc") == 0 || + strcmp(*argv, "tos") == 0 || + matches(*argv, "dsfield") == 0) { __u8 uval; NEXT_ARG(); if (strcmp(*argv, "inherit") == 0) p->flags |= IP6_TNL_F_USE_ORIG_TCLASS; else { if (get_u8(&uval, *argv, 16)) - invarg("invalid TC", *argv); + invarg("invalid TClass", *argv); p->flowinfo |= htonl((__u32)uval << 20) & IP6_FLOWINFO_TCLASS; p->flags &= ~IP6_TNL_F_USE_ORIG_TCLASS; } - } else if (strcmp(*argv, "fl") == 0) { + } else if (strcmp(*argv, "flowlabel") == 0 || + strcmp(*argv, "fl") == 0) { __u32 uval; NEXT_ARG(); if (strcmp(*argv, "inherit") == 0) p->flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL; else { if (get_u32(&uval, *argv, 16)) - invarg("invalid FL", *argv); + invarg("invalid Flowlabel", *argv); if (uval > 0xFFFFF) - invarg("invalid FL", *argv); + invarg("invalid Flowlabel", *argv); p->flowinfo |= htonl(uval) & IP6_FLOWINFO_FLOWLABEL; p->flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL; } diff --git a/ip/iptunnel.c b/ip/iptunnel.c index 3b466bfc..769e8455 100644 --- a/ip/iptunnel.c +++ b/ip/iptunnel.c @@ -171,7 +171,8 @@ static int parse_args(int argc, char **argv, int cmd, struct ip_tunnel_parm *p) } else if (strcmp(*argv, "dev") == 0) { NEXT_ARG(); strncpy(medium, *argv, IFNAMSIZ-1); - } else if (strcmp(*argv, "ttl") == 0) { + } else if (strcmp(*argv, "ttl") == 0 || + strcmp(*argv, "hoplimit") == 0) { unsigned uval; NEXT_ARG(); if (strcmp(*argv, "inherit") != 0) { @@ -182,6 +183,7 @@ static int parse_args(int argc, char **argv, int cmd, struct ip_tunnel_parm *p) p->iph.ttl = uval; } } else if (strcmp(*argv, "tos") == 0 || + strcmp(*argv, "tclass") == 0 || matches(*argv, "dsfield") == 0) { __u32 uval; NEXT_ARG(); From 8a10d3111e4cbe7e45fb03bfdd44a22114ecaa9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?YOSHIFUJI=20Hideaki=20/=20=E5=90=89=E8=97=A4=E8=8B=B1?= =?UTF-8?q?=E6=98=8E?= Date: Thu, 13 Mar 2008 11:19:00 -0400 Subject: [PATCH 05/14] Add missing description about ISATAP and IPv6 tunnels in ip(8) manpage. Signed-off-by: YOSHIFUJI Hideaki Signed-off-by: Stephen Hemminger --- man/man8/ip.8 | 71 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 59 insertions(+), 12 deletions(-) diff --git a/man/man8/ip.8 b/man/man8/ip.8 index 7dae5af5..14303841 100644 --- a/man/man8/ip.8 +++ b/man/man8/ip.8 @@ -278,9 +278,9 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .BR "ip tunnel" " { " add " | " change " | " del " | " show " }" .RI "[ " NAME " ]" .br -.RB "[ " mode " { " ipip " | " gre " | " sit " } ]" -.br -.RB "[ " remote +.RB "[ " mode +.IR MODE " ] [ " +.B remote .IR ADDR " ] [ " .B local .IR ADDR " ]" @@ -289,14 +289,24 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .IR KEY " ] [ " .RB "[" i "|" o "]" csum " ] ]" .br +.RB "[ " encaplimit +.IR ELIM " ]" .RB "[ " ttl -.IR TTL " ] [ " -.B tos -.IR TOS " ] [ " -.RB "[" no "]" pmtudisc " ]" +.IR TTL " ]" .br +.RB "[ " tos +.IR TOS " ] [ " +.B flowlabel +.IR FLOWLABEL " ]" +.br +.RB "[ [" no "]" pmtudisc " ]" .RB "[ " dev .IR PHYS_DEV " ]" +.RB "[ " "dscp inherit" " ]" + +.ti -8 +.IR MODE " := " +.RB " { " ipip " | " gre " | " sit " | " isatap " | " ip6ip6 " | " ipip6 " | " any " }" .ti -8 .IR ADDR " := { " IP_ADDRESS " |" @@ -306,6 +316,12 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .IR TOS " := { " NUMBER " |" .BR inherit " }" +.ti -8 +.IR ELIM " := { +.BR none " | " +.IR 0 ".." 255 " }" + +.ti -8 .ti -8 .IR TTL " := { " 1 ".." 255 " | " .BR inherit " }" @@ -1706,8 +1722,11 @@ the prefix selecting the IP source addresses of the multicast route. .SH ip tunnel - tunnel configuration .B tunnel -objects are tunnels, encapsulating packets in IPv4 packets and then +objects are tunnels, encapsulating packets in IP packets and then sending them over the IP infrastructure. +The encapulating (or outer) address family is specified by the +.B -f +option. The default is IPv4. .SS ip tunnel add - add a new tunnel .SS ip tunnel change - change an existing tunnel @@ -1719,8 +1738,13 @@ select the tunnel device name. .TP .BI mode " MODE" -set the tunnel mode. Three modes are currently available: -.BR ipip ", " sit " and " gre "." +set the tunnel mode. Available modes depend on the encapsulating address family. +.br +Modes for IPv4 encapsulation available: +.BR ipip ", " sit ", " isatap " and " gre "." +.br +Modes for IPv6 encapsulation available: +.BR ip6ip6 ", " ipip6 " and " any "." .TP .BI remote " ADDRESS" @@ -1739,14 +1763,19 @@ on tunneled packets. .I N is a number in the range 1--255. 0 is a special value meaning that packets inherit the TTL value. -The default value is: +The default value for IPv4 tunnels is: .BR "inherit" . +The default value for IPv6 tunnels is: +.BR "64" . + .TP .BI tos " T" .TP .BI dsfield " T" -set a fixed TOS +.TP +.BI tclass " T" +set a fixed TOS (or traffic class in IPv6) .I T on tunneled packets. The default value is: @@ -1815,6 +1844,24 @@ flag is equivalent to the combination .BR "iseq oseq" . .B It isn't work. Don't use it. +.TP +.RP +.BI dscp inherit +.RB ( " only IPv6 tunnels " ) +Inherit DS field between inner and outer header. + +.TP +.RP +.BI encaplim " ELIM" +.RB ( " only IPv6 tunnels " ) +set a fixed encapsulation limit. Default is 4. + +.TP +.RP +.BI flowlabel " FLOWLABEL" +.RB ( " only IPv6 tunnels " ) +set a fixed flowlabel. + .SS ip tunnel show - list tunnels This command has no arguments. From 418a217ad9cea86db79a618465d2a2cc2a08e46a Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 16 Mar 2008 04:27:01 -0400 Subject: [PATCH 06/14] Do not strip binaries with `install` Signed-off-by: Mike Frysinger Signed-off-by: Stephen Hemminger --- ip/Makefile | 2 +- misc/Makefile | 2 +- tc/Makefile | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ip/Makefile b/ip/Makefile index d908817d..73978ffc 100644 --- a/ip/Makefile +++ b/ip/Makefile @@ -17,7 +17,7 @@ ip: $(IPOBJ) $(LIBNETLINK) $(LIBUTIL) rtmon: $(RTMONOBJ) $(LIBNETLINK) install: all - install -m 0755 -s $(TARGETS) $(DESTDIR)$(SBINDIR) + install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR) install -m 0755 $(SCRIPTS) $(DESTDIR)$(SBINDIR) clean: diff --git a/misc/Makefile b/misc/Makefile index bda37e5d..8c253815 100644 --- a/misc/Makefile +++ b/misc/Makefile @@ -27,7 +27,7 @@ ssfilter.c: ssfilter.y lnstat: $(LNSTATOBJ) install: all - install -m 0755 -s $(TARGETS) $(DESTDIR)$(SBINDIR) + install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR) ln -sf lnstat $(DESTDIR)$(SBINDIR)/rtstat ln -sf lnstat $(DESTDIR)$(SBINDIR)/ctstat diff --git a/tc/Makefile b/tc/Makefile index 7ece9588..bf2df007 100644 --- a/tc/Makefile +++ b/tc/Makefile @@ -73,9 +73,9 @@ libtc.a: $(TCLIB) install: all mkdir -p $(DESTDIR)/usr/lib/tc - install -m 0755 -s tc $(DESTDIR)$(SBINDIR) + install -m 0755 tc $(DESTDIR)$(SBINDIR) for i in $(TCSO); \ - do install -m 755 -s $$i $(DESTDIR)/usr/lib/tc; \ + do install -m 755 $$i $(DESTDIR)/usr/lib/tc; \ done clean: From 2c42579f9c15bdd9d0fdd5e6571c382bfa31399a Mon Sep 17 00:00:00 2001 From: Jesper Dangaard Brouer Date: Sun, 23 Mar 2008 23:47:49 +0100 Subject: [PATCH 07/14] TBF overhead parameter parsing. For TBF, implement overhead parameter parsing. The change is ABI (Application Binary Interface) backward compatible with older kernels, but will first have effect from kernel 2.6.24. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Stephen Hemminger --- tc/q_tbf.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/tc/q_tbf.c b/tc/q_tbf.c index c7b4f0f4..3bdce5a4 100644 --- a/tc/q_tbf.c +++ b/tc/q_tbf.c @@ -26,7 +26,8 @@ static void explain(void) { fprintf(stderr, "Usage: ... tbf limit BYTES burst BYTES[/BYTES] rate KBPS [ mtu BYTES[/BYTES] ]\n"); - fprintf(stderr, " [ peakrate KBPS ] [ latency TIME ]\n"); + fprintf(stderr, " [ peakrate KBPS ] [ latency TIME ] "); + fprintf(stderr, "[ overhead BYTES ]\n"); } static void explain1(char *arg) @@ -45,6 +46,7 @@ static int tbf_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl __u32 ptab[256]; unsigned buffer=0, mtu=0, mpu=0, latency=0; int Rcell_log=-1, Pcell_log = -1; + unsigned short overhead=0; struct rtattr *tail; memset(&opt, 0, sizeof(opt)); @@ -130,6 +132,15 @@ static int tbf_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl return -1; } ok++; + } else if (matches(*argv, "overhead") == 0) { + NEXT_ARG(); + if (overhead) { + fprintf(stderr, "Double \"overhead\" spec\n"); + return -1; + } + if (get_u16(&overhead, *argv, 10)) { + explain1("overhead"); return -1; + } } else if (strcmp(*argv, "help") == 0) { explain(); return -1; @@ -170,7 +181,8 @@ static int tbf_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl opt.limit = lim; } - opt.rate.mpu = mpu; + opt.rate.mpu = mpu; + opt.rate.overhead = overhead; if (tc_calc_rtable(&opt.rate, rtab, Rcell_log, mtu) < 0) { fprintf(stderr, "TBF: failed to calculate rate table.\n"); return -1; @@ -178,7 +190,8 @@ static int tbf_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl opt.buffer = tc_calc_xmittime(opt.rate.rate, buffer); if (opt.peakrate.rate) { - opt.peakrate.mpu = mpu; + opt.peakrate.mpu = mpu; + opt.peakrate.overhead = overhead; if (tc_calc_rtable(&opt.peakrate, ptab, Pcell_log, mtu) < 0) { fprintf(stderr, "TBF: failed to calculate peak rate table.\n"); return -1; @@ -252,6 +265,10 @@ static int tbf_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt) } fprintf(f, "lat %s ", sprint_time(latency, b1)); + if (qopt->rate.overhead) { + fprintf(f, "overhead %d", qopt->rate.overhead); + } + return 0; } From 1db5e2ec13402a54aa40b518a5d07dc4a45746ca Mon Sep 17 00:00:00 2001 From: Jesper Dangaard Brouer Date: Sun, 23 Mar 2008 23:49:11 +0100 Subject: [PATCH 08/14] CBQ use matches() function instead of strcmp(). Change CBQ to use matches() function instead of strcmp(). This resembels the usage in other parse functions, and allows partial command parameter matching. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Stephen Hemminger --- tc/q_cbq.c | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/tc/q_cbq.c b/tc/q_cbq.c index df98312e..8e6bd40c 100644 --- a/tc/q_cbq.c +++ b/tc/q_cbq.c @@ -61,14 +61,14 @@ static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl memset(&r, 0, sizeof(r)); while (argc > 0) { - if (strcmp(*argv, "bandwidth") == 0 || - strcmp(*argv, "rate") == 0) { + if (matches(*argv, "bandwidth") == 0 || + matches(*argv, "rate") == 0) { NEXT_ARG(); if (get_rate(&r.rate, *argv)) { explain1("bandwidth"); return -1; } - } else if (strcmp(*argv, "ewma") == 0) { + } else if (matches(*argv, "ewma") == 0) { NEXT_ARG(); if (get_integer(&ewma_log, *argv, 0)) { explain1("ewma"); @@ -78,7 +78,7 @@ static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl fprintf(stderr, "ewma_log must be < 32\n"); return -1; } - } else if (strcmp(*argv, "cell") == 0) { + } else if (matches(*argv, "cell") == 0) { unsigned cell; int i; NEXT_ARG(); @@ -94,26 +94,26 @@ static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl return -1; } cell_log = i; - } else if (strcmp(*argv, "avpkt") == 0) { + } else if (matches(*argv, "avpkt") == 0) { NEXT_ARG(); if (get_size(&avpkt, *argv)) { explain1("avpkt"); return -1; } - } else if (strcmp(*argv, "mpu") == 0) { + } else if (matches(*argv, "mpu") == 0) { NEXT_ARG(); if (get_size(&mpu, *argv)) { explain1("mpu"); return -1; } - } else if (strcmp(*argv, "allot") == 0) { + } else if (matches(*argv, "allot") == 0) { NEXT_ARG(); /* Accept and ignore "allot" for backward compatibility */ if (get_size(&allot, *argv)) { explain1("allot"); return -1; } - } else if (strcmp(*argv, "help") == 0) { + } else if (matches(*argv, "help") == 0) { explain(); return -1; } else { @@ -188,52 +188,52 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str memset(&ovl, 0, sizeof(ovl)); while (argc > 0) { - if (strcmp(*argv, "rate") == 0) { + if (matches(*argv, "rate") == 0) { NEXT_ARG(); if (get_rate(&r.rate, *argv)) { explain1("rate"); return -1; } - } else if (strcmp(*argv, "bandwidth") == 0) { + } else if (matches(*argv, "bandwidth") == 0) { NEXT_ARG(); if (get_rate(&bndw, *argv)) { explain1("bandwidth"); return -1; } - } else if (strcmp(*argv, "minidle") == 0) { + } else if (matches(*argv, "minidle") == 0) { NEXT_ARG(); if (get_u32(&lss.minidle, *argv, 0)) { explain1("minidle"); return -1; } lss.change |= TCF_CBQ_LSS_MINIDLE; - } else if (strcmp(*argv, "minburst") == 0) { + } else if (matches(*argv, "minburst") == 0) { NEXT_ARG(); if (get_u32(&minburst, *argv, 0)) { explain1("minburst"); return -1; } lss.change |= TCF_CBQ_LSS_OFFTIME; - } else if (strcmp(*argv, "maxburst") == 0) { + } else if (matches(*argv, "maxburst") == 0) { NEXT_ARG(); if (get_u32(&maxburst, *argv, 0)) { explain1("maxburst"); return -1; } lss.change |= TCF_CBQ_LSS_MAXIDLE; - } else if (strcmp(*argv, "bounded") == 0) { + } else if (matches(*argv, "bounded") == 0) { lss.flags |= TCF_CBQ_LSS_BOUNDED; lss.change |= TCF_CBQ_LSS_FLAGS; - } else if (strcmp(*argv, "borrow") == 0) { + } else if (matches(*argv, "borrow") == 0) { lss.flags &= ~TCF_CBQ_LSS_BOUNDED; lss.change |= TCF_CBQ_LSS_FLAGS; - } else if (strcmp(*argv, "isolated") == 0) { + } else if (matches(*argv, "isolated") == 0) { lss.flags |= TCF_CBQ_LSS_ISOLATED; lss.change |= TCF_CBQ_LSS_FLAGS; - } else if (strcmp(*argv, "sharing") == 0) { + } else if (matches(*argv, "sharing") == 0) { lss.flags &= ~TCF_CBQ_LSS_ISOLATED; lss.change |= TCF_CBQ_LSS_FLAGS; - } else if (strcmp(*argv, "ewma") == 0) { + } else if (matches(*argv, "ewma") == 0) { NEXT_ARG(); if (get_integer(&ewma_log, *argv, 0)) { explain1("ewma"); @@ -244,7 +244,7 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str return -1; } lss.change |= TCF_CBQ_LSS_EWMA; - } else if (strcmp(*argv, "cell") == 0) { + } else if (matches(*argv, "cell") == 0) { unsigned cell; int i; NEXT_ARG(); @@ -260,7 +260,7 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str return -1; } cell_log = i; - } else if (strcmp(*argv, "prio") == 0) { + } else if (matches(*argv, "prio") == 0) { unsigned prio; NEXT_ARG(); if (get_u32(&prio, *argv, 0)) { @@ -273,40 +273,40 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str } wrr.priority = prio; wrr_ok++; - } else if (strcmp(*argv, "allot") == 0) { + } else if (matches(*argv, "allot") == 0) { NEXT_ARG(); if (get_size(&wrr.allot, *argv)) { explain1("allot"); return -1; } - } else if (strcmp(*argv, "avpkt") == 0) { + } else if (matches(*argv, "avpkt") == 0) { NEXT_ARG(); if (get_size(&lss.avpkt, *argv)) { explain1("avpkt"); return -1; } lss.change |= TCF_CBQ_LSS_AVPKT; - } else if (strcmp(*argv, "mpu") == 0) { + } else if (matches(*argv, "mpu") == 0) { NEXT_ARG(); if (get_size(&mpu, *argv)) { explain1("mpu"); return -1; } - } else if (strcmp(*argv, "weight") == 0) { + } else if (matches(*argv, "weight") == 0) { NEXT_ARG(); if (get_size(&wrr.weight, *argv)) { explain1("weight"); return -1; } wrr_ok++; - } else if (strcmp(*argv, "split") == 0) { + } else if (matches(*argv, "split") == 0) { NEXT_ARG(); if (get_tc_classid(&fopt.split, *argv)) { fprintf(stderr, "Invalid split node ID.\n"); usage(); } fopt_ok++; - } else if (strcmp(*argv, "defmap") == 0) { + } else if (matches(*argv, "defmap") == 0) { int err; NEXT_ARG(); err = sscanf(*argv, "%08x/%08x", &fopt.defmap, &fopt.defchange); @@ -317,7 +317,7 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str if (err == 1) fopt.defchange = ~0; fopt_ok++; - } else if (strcmp(*argv, "help") == 0) { + } else if (matches(*argv, "help") == 0) { explain_class(); return -1; } else { From 08fd01843f26beccc734bbd4d8b103327b7be39e Mon Sep 17 00:00:00 2001 From: Jesper Dangaard Brouer Date: Sun, 23 Mar 2008 23:50:49 +0100 Subject: [PATCH 09/14] CBQ, implement overhead parameter parsing. For CBQ, implement overhead parameter parsing. The change is ABI (Application Binary Interface) backward compatible with older kernels, but will first have effect from kernel 2.6.24. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Stephen Hemminger --- tc/q_cbq.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tc/q_cbq.c b/tc/q_cbq.c index 8e6bd40c..c891ac5c 100644 --- a/tc/q_cbq.c +++ b/tc/q_cbq.c @@ -53,6 +53,7 @@ static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl struct tc_cbq_lssopt lss; __u32 rtab[256]; unsigned mpu=0, avpkt=0, allot=0; + unsigned short overhead=0; int cell_log=-1; int ewma_log=-1; struct rtattr *tail; @@ -113,6 +114,11 @@ static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl explain1("allot"); return -1; } + } else if (matches(*argv, "overhead") == 0) { + NEXT_ARG(); + if (get_u16(&overhead, *argv, 10)) { + explain1("overhead"); return -1; + } } else if (matches(*argv, "help") == 0) { explain(); return -1; @@ -138,6 +144,7 @@ static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nl allot = (avpkt*3)/2; r.mpu = mpu; + r.overhead = overhead; if (tc_calc_rtable(&r, rtab, cell_log, allot) < 0) { fprintf(stderr, "CBQ: failed to calculate rate table.\n"); return -1; @@ -179,6 +186,7 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str int ewma_log=-1; unsigned bndw = 0; unsigned minburst=0, maxburst=0; + unsigned short overhead=0; struct rtattr *tail; memset(&r, 0, sizeof(r)); @@ -317,6 +325,11 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str if (err == 1) fopt.defchange = ~0; fopt_ok++; + } else if (matches(*argv, "overhead") == 0) { + NEXT_ARG(); + if (get_u16(&overhead, *argv, 10)) { + explain1("overhead"); return -1; + } } else if (matches(*argv, "help") == 0) { explain_class(); return -1; @@ -336,6 +349,7 @@ static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, str if (wrr.allot < (lss.avpkt*3)/2) wrr.allot = (lss.avpkt*3)/2; r.mpu = mpu; + r.overhead = overhead; if (tc_calc_rtable(&r, rtab, cell_log, pktsize) < 0) { fprintf(stderr, "CBQ: failed to calculate rate table.\n"); return -1; @@ -464,6 +478,8 @@ static int cbq_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt) fprintf(f, "cell %ub ", 1<cell_log); if (r->mpu) fprintf(f, "mpu %ub ", r->mpu); + if (r->overhead) + fprintf(f, "overhead %ub ", r->overhead); } } if (lss && lss->flags) { From 2a1f78b376cc81ba8eb19f6bacc38aad4f09fc62 Mon Sep 17 00:00:00 2001 From: Jesper Dangaard Brouer Date: Sun, 23 Mar 2008 23:52:12 +0100 Subject: [PATCH 10/14] CBQ, doc usage of overhead parameter. CBQ remember to doc usage of overhead parameter. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Stephen Hemminger --- tc/q_cbq.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tc/q_cbq.c b/tc/q_cbq.c index c891ac5c..e53d1673 100644 --- a/tc/q_cbq.c +++ b/tc/q_cbq.c @@ -32,6 +32,7 @@ static void explain_class(void) fprintf(stderr, " [ prio NUMBER ] [ cell BYTES ] [ ewma LOG ]\n"); fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n"); fprintf(stderr, " [ split CLASSID ] [ defmap MASK/CHANGE ]\n"); + fprintf(stderr, " [ overhead BYTES ]\n"); } static void explain(void) From f71f75f39b240b4306ad500e7f50cfc138458192 Mon Sep 17 00:00:00 2001 From: Jesper Dangaard Brouer Date: Sun, 23 Mar 2008 23:53:57 +0100 Subject: [PATCH 11/14] police, implement overhead parameter parsing. For police, implement overhead parameter parsing. The change is ABI (Application Binary Interface) backward compatible with older kernels, but will first have effect from kernel 2.6.24. Signed-off-by: Jesper Dangaard Brouer Signed-off-by: Stephen Hemminger --- tc/m_police.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tc/m_police.c b/tc/m_police.c index 46c785b6..8fa63ad6 100644 --- a/tc/m_police.c +++ b/tc/m_police.c @@ -35,7 +35,7 @@ struct action_util police_action_util = { static void usage(void) { fprintf(stderr, "Usage: ... police rate BPS burst BYTES[/BYTES] [ mtu BYTES[/BYTES] ]\n"); - fprintf(stderr, " [ peakrate BPS ] [ avrate BPS ]\n"); + fprintf(stderr, " [ peakrate BPS ] [ avrate BPS ] [ overhead BYTES ]\n"); fprintf(stderr, " [ ACTIONTERM ]\n"); fprintf(stderr, "Old Syntax ACTIONTERM := action [/NOTEXCEEDACT] \n"); fprintf(stderr, "New Syntax ACTIONTERM := conform-exceed [/NOTEXCEEDACT] \n"); @@ -133,6 +133,7 @@ int act_parse_police(struct action_util *a,int *argc_p, char ***argv_p, int tca_ __u32 avrate = 0; int presult = 0; unsigned buffer=0, mtu=0, mpu=0; + unsigned short overhead; int Rcell_log=-1, Pcell_log = -1; struct rtattr *tail; @@ -234,6 +235,11 @@ int act_parse_police(struct action_util *a,int *argc_p, char ***argv_p, int tca_ fprintf(stderr, "Illegal \"action\"\n"); return -1; } + } else if (matches(*argv, "overhead") == 0) { + NEXT_ARG(); + if (get_u16(&overhead, *argv, 10)) { + explain1("overhead"); return -1; + } } else if (strcmp(*argv, "help") == 0) { usage(); } else { @@ -263,6 +269,7 @@ int act_parse_police(struct action_util *a,int *argc_p, char ***argv_p, int tca_ if (p.rate.rate) { p.rate.mpu = mpu; + p.rate.overhead = overhead; if (tc_calc_rtable(&p.rate, rtab, Rcell_log, mtu) < 0) { fprintf(stderr, "TBF: failed to calculate rate table.\n"); return -1; @@ -272,6 +279,7 @@ int act_parse_police(struct action_util *a,int *argc_p, char ***argv_p, int tca_ p.mtu = mtu; if (p.peakrate.rate) { p.peakrate.mpu = mpu; + p.peakrate.overhead = overhead; if (tc_calc_rtable(&p.peakrate, ptab, Pcell_log, mtu) < 0) { fprintf(stderr, "POLICE: failed to calculate peak rate table.\n"); return -1; @@ -344,6 +352,7 @@ print_police(struct action_util *a, FILE *f, struct rtattr *arg) fprintf(f, "/%s ", police_action_n2a(*(int*)RTA_DATA(tb[TCA_POLICE_RESULT]), b1, sizeof(b1))); } else fprintf(f, " "); + fprintf(f, "overhead %ub ", p->rate.overhead); fprintf(f, "\nref %d bind %d\n",p->refcnt, p->bindcnt); return 0; From 5344bb287cbf6bb68741a19c2dc66b3fd33e9258 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 1 Apr 2008 11:37:35 -0700 Subject: [PATCH 12/14] Update kernel headers to 2.6.25-rc7 Copy sanitized kernel headers from 2.6.25-rc7 to ensure proper compatiability. --- include/linux/netfilter.h | 4 ++-- include/linux/pkt_cls.h | 8 ++++---- include/linux/types.h | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 2e4dd9d3..4196a511 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -19,7 +19,7 @@ #define NF_VERDICT_QMASK 0xffff0000 #define NF_VERDICT_QBITS 16 -#define NF_QUEUE_NR(x) (((x << NF_VERDICT_QBITS) & NF_VERDICT_QMASK) | NF_QUEUE) +#define NF_QUEUE_NR(x) ((((x) << NF_VERDICT_BITS) & NF_VERDICT_QMASK) | NF_QUEUE) /* only for userspace compatibility */ /* Generic cache responses from hook functions. @@ -37,7 +37,7 @@ enum nf_inet_hooks { }; union nf_inet_addr { - u_int32_t all[4]; + __u32 all[4]; __be32 ip; __be32 ip6[4]; struct in_addr in; diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index 28dfc61c..99efbed8 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h @@ -201,8 +201,8 @@ enum struct tc_u32_key { - __u32 mask; - __u32 val; + __be32 mask; + __be32 val; int off; int offmask; }; @@ -213,12 +213,12 @@ struct tc_u32_sel unsigned char offshift; unsigned char nkeys; - __u16 offmask; + __be16 offmask; __u16 off; short offoff; short hoff; - __u32 hmask; + __be32 hmask; struct tc_u32_key keys[0]; }; diff --git a/include/linux/types.h b/include/linux/types.h index 92a5a7d8..d9e8c4f2 100644 --- a/include/linux/types.h +++ b/include/linux/types.h @@ -26,7 +26,7 @@ typedef __kernel_mqd_t mqd_t; typedef __kernel_uid_t uid_t; typedef __kernel_gid_t gid_t; -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#if defined(__GNUC__) typedef __kernel_loff_t loff_t; #endif @@ -92,7 +92,7 @@ typedef __u8 uint8_t; typedef __u16 uint16_t; typedef __u32 uint32_t; -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#if defined(__GNUC__) typedef __u64 uint64_t; typedef __u64 u_int64_t; typedef __s64 int64_t; @@ -154,7 +154,7 @@ typedef __u16 __bitwise __le16; typedef __u16 __bitwise __be16; typedef __u32 __bitwise __le32; typedef __u32 __bitwise __be32; -#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#if defined(__GNUC__) typedef __u64 __bitwise __le64; typedef __u64 __bitwise __be64; #endif From 69cae645b28edbba53c8601ddeba01430e5e9da0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Steinbrink?= Date: Thu, 3 Apr 2008 11:42:41 +0200 Subject: [PATCH 13/14] ss: Fix return value checks for net_*_open MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In ss.c, generic_proc_open(), for which the net_*_open functions are just convenient wrappers, uses fopen, so errors are signalled by a NULL return value. Some checks were expecting negative values instead, fix them. Signed-off-by: Björn Steinbrink Signed-off-by: Stephen Hemminger --- misc/ss.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/misc/ss.c b/misc/ss.c index 53558515..79193e54 100644 --- a/misc/ss.c +++ b/misc/ss.c @@ -1641,7 +1641,7 @@ static int tcp_show(struct filter *f, int socktype) } if (f->families & (1<families & (1<= 0) { + (fp = net_tcp6_open()) != NULL) { setbuffer(fp, buf, bufsize); if (generic_record_read(fp, tcp_show_line, f, AF_INET6)) goto outerr; @@ -1773,7 +1773,7 @@ int udp_show(struct filter *f) dg_proto = UDP_PROTO; if (f->families&(1<families&(1<= 0) { + (fp = net_udp6_open()) != NULL) { if (generic_record_read(fp, dgram_show_line, f, AF_INET6)) goto outerr; fclose(fp); @@ -1805,7 +1805,7 @@ int raw_show(struct filter *f) dg_proto = RAW_PROTO; if (f->families&(1<families&(1<= 0) { + (fp = net_raw6_open()) != NULL) { if (generic_record_read(fp, dgram_show_line, f, AF_INET6)) goto outerr; fclose(fp); From ae9b671d518ab950fa7f5126b430f939e0d8d55a Mon Sep 17 00:00:00 2001 From: Marcela Maslanova Date: Fri, 22 Feb 2008 16:16:03 +0100 Subject: [PATCH 14/14] man ip.8 miss xfrm option I was asked to at least mention the xfrm option in ip manual. I added all usage into ip.8 and try to write some basic information about xfrm. If someone want complete it, I'll be happy. Marcela Maslanova a16304c0cdbdbc8926b112743b4bd49069a50cd7 man/man8/ip.8 | 474 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 474 insertions(+), 0 deletions(-) Signed-off-by: Stephen Hemminger --- man/man8/ip.8 | 524 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 499 insertions(+), 25 deletions(-) diff --git a/man/man8/ip.8 b/man/man8/ip.8 index 14303841..976b34b9 100644 --- a/man/man8/ip.8 +++ b/man/man8/ip.8 @@ -18,7 +18,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels .sp .ti -8 -.IR OPTIONS " := { " +.IR OPTIONS " := { " \fB\-V\fR[\fIersion\fR] | \fB\-s\fR[\fItatistics\fR] | \fB\-r\fR[\fIesolve\fR] | @@ -46,7 +46,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels .br .B address .IR LLADDR " |" -.B broadcast +.B broadcast .IR LLADDR " |" .br .B mtu @@ -57,7 +57,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels .RI "[ " DEVICE " ]" .ti -8 -.BR "ip addr" " { " add " | " del " } " +.BR "ip addr" " { " add " | " del " } " .IB IFADDR " dev " STRING .ti -8 @@ -65,7 +65,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels .IR STRING " ] [ " .B scope .IR SCOPE-ID " ] [ " -.B to +.B to .IR PREFIX " ] [ " FLAG-LIST " ] [ " .B label .IR PATTERN " ]" @@ -97,7 +97,7 @@ ip \- show / manipulate routing, devices, policy routing and tunnels tentative " | " deprecated " ]" .ti -8 -.BR "ip addrlabel" " { " add " | " del " } " prefix +.BR "ip addrlabel" " { " add " | " del " } " prefix .BR PREFIX " [ " .B dev .IR DEV " ] [ " @@ -113,10 +113,10 @@ tentative " | " deprecated " ]" .I SELECTOR .ti -8 -.B ip route get +.B ip route get .IR ADDRESS " [ " .BI from " ADDRESS " iif " STRING" -.RB " ] [ " oif +.RB " ] [ " oif .IR STRING " ] [ " .B tos .IR TOS " ]" @@ -317,7 +317,7 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .BR inherit " }" .ti -8 -.IR ELIM " := { +.IR ELIM " := { .BR none " | " .IR 0 ".." 255 " }" @@ -351,6 +351,313 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" .ti -8 .BR "ip monitor" " [ " all " |" .IR LISTofOBJECTS " ]" + +.ti -8 +.BR "ip xfrm" +.IR XFRM_OBJECT " { " COMMAND " }" + +.ti -8 +.IR XFRM_OBJECT " := { " state " | " policy " | " monitor " } " + +.ti -8 +.BR "ip xfrm state " { " add " | " update " } " +.IR ID " [ " +.IR XFRM_OPT " ] " +.RB " [ " mode +.IR MODE " ] " +.br +.RB " [ " reqid +.IR REQID " ] " +.RB " [ " seq +.IR SEQ " ] " +.RB " [ " replay-window +.IR SIZE " ] " +.br +.RB " [ " flag +.IR FLAG-LIST " ] " +.RB " [ " encap +.IR ENCAP " ] " +.RB " [ " sel +.IR SELECTOR " ] " +.br +.RB " [ " +.IR LIMIT-LIST " ] " + +.ti -8 +.BR "ip xfrm state allocspi " +.IR ID +.RB " [ " mode +.IR MODE " ] " +.RB " [ " reqid +.IR REQID " ] " +.RB " [ " seq +.IR SEQ " ] " +.RB " [ " min +.IR SPI +.B max +.IR SPI " ] " + +.ti -8 +.BR "ip xfrm state" " { " delete " | " get " } " +.IR ID + +.ti -8 +.BR "ip xfrm state" " { " deleteall " | " list " } [ " +.IR ID " ] " +.RB " [ " mode +.IR MODE " ] " +.br +.RB " [ " reqid +.IR REQID " ] " +.RB " [ " flag +.IR FLAG_LIST " ] " + +.ti -8 +.BR "ip xfrm state flush" " [ " proto +.IR XFRM_PROTO " ] " + +.ti -8 +.BR "ip xfrm state count" + +.ti -8 +.IR ID " := " +.RB " [ " src +.IR ADDR " ] " +.RB " [ " dst +.IR ADDR " ] " +.RB " [ " proto +.IR XFRM_PROTO " ] " +.RB " [ " spi +.IR SPI " ] " + +.ti -8 +.IR XFRM_PROTO " := " +.RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] " + +.ti -8 +.IR MODE " := " +.RB " [ " transport " | " tunnel " | " ro " | " beet " ] " +.b (default=transport) + +.ti -8 +.IR FLAG-LIST " := " +.RI " [ " FLAG-LIST " ] " FLAG + +.ti -8 +.IR FLAG " := " +.RB " [ " noecn " | " decap-dscp " | " wildrecv " ] " + +.ti -8 +.IR ENCAP " := " ENCAP-TYPE " " SPORT " " DPORT " " OADDR + +.ti -8 +.IR ENCAP-TYPE " := " +.B espinudp +.RB " | " +.B espinudp-nonike + +.ti -8 +.IR ALGO-LIST " := [ " +.IR ALGO-LIST " ] | [ " +.IR ALGO " ] " + +.ti -8 +.IR ALGO " := " +.IR ALGO_TYPE +.IR ALGO_NAME +.IR ALGO_KEY + +.ti -8 +.IR ALGO_TYPE " := " +.RB " [ " enc " | " auth " | " comp " ] " + +.ti -8 +.IR SELECTOR " := " +.B src +.IR ADDR "[/" PLEN "]" +.B dst +.IR ADDR "[/" PLEN "]" +.RI " [ " UPSPEC " ] " +.RB " [ " dev +.IR DEV " ] " + +.ti -8 +.IR UPSPEC " := " +.B proto +.IR PROTO " [[ " +.B sport +.IR PORT " ] " +.RB " [ " dport +.IR PORT " ] | " +.br +.RB " [ " type +.IR NUMBER " ] " +.RB " [ " code +.IR NUMBER " ]] " + +.ti -8 +.IR LIMIT-LIST " := [ " LIMIT-LIST " ] |" +.RB " [ "limit +.IR LIMIT " ] " + +.ti -8 +.IR LIMIT " := " +.RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]" +.IR SECONDS " ] | " +.RB "[ ["byte-soft "|" byte-hard "]" +.IR SIZE " ] | " +.br +.RB " [ ["packet-soft "|" packet-hard "]" +.IR COUNT " ] " + +.ti -8 +.BR "ip xfrm policy" " { " add " | " update " } " " dir " +.IR DIR +.IR SELECTOR " [ " +.BR index +.IR INDEX " ] " +.br +.RB " [ " ptype +.IR PTYPE " ] " +.RB " [ " action +.IR ACTION " ] " +.RB " [ " priority +.IR PRIORITY " ] " +.br +.RI " [ " LIMIT-LIST " ] [ " +.IR TMPL-LIST " ] " + +.ti -8 +.BR "ip xfrm policy" " { " delete " | " get " } " " dir " +.IR DIR " [ " SELECTOR " | " +.BR index +.IR INDEX +.RB " ] " +.br +.RB " [ " ptype +.IR PTYPE " ] " + +.ti -8 +.BR "ip xfrm policy" " { " deleteall " | " list " } " +.RB " [ " dir +.IR DIR " ] [ " +.IR SELECTOR " ] " +.br +.RB " [ " index +.IR INDEX " ] " +.RB " [ " action +.IR ACTION " ] " +.RB " [ " priority +.IR PRIORITY " ] " + +.ti -8 +.B "ip xfrm policy flush" +.RB " [ " ptype +.IR PTYPE " ] " + +.ti -8 +.B "ip xfrm count" + +.ti -8 +.IR PTYPE " := " +.RB " [ " main " | " sub " ] " +.b (default=main) + +.ti -8 +.IR DIR " := " +.RB " [ " in " | " out " | " fwd " ] " + +.ti -8 +.IR SELECTOR " := " +.B src +.IR ADDR "[/" PLEN "]" +.B dst +.IR ADDR "[/" PLEN] " [ " UPSPEC +.RB " ] [ " dev +.IR DEV " ] " + +.ti -8 +.IR UPSPEC " := " +.B proto +.IR PROTO " [ " +.RB " [ " sport +.IR PORT " ] " +.RB " [ " dport +.IR PORT " ] | " +.br +.RB " [ " type +.IR NUMBER " ] " +.RB " [ " code +.IR NUMBER " ] ] " + +.ti -8 +.IR ACTION " := " +.RB " [ " allow " | " block " ]" +.b (default=allow) + +.ti -8 +.IR LIMIT-LIST " := " +.RB " [ " +.IR LIMIT-LIST " ] | " +.RB " [ " limit +.IR LIMIT " ] " + +.ti -8 +.IR LIMIT " := " +.RB " [ [" time-soft "|" time-hard "|" time-use-soft "|" time-use-hard "]" +.IR SECONDS " ] | " +.RB " [ [" byte-soft "|" byte-hard "]" +.IR SIZE " ] | " +.br [ " +.RB "[" packet-soft "|" packet-hard "]" +.IR NUMBER " ] " + +.ti -8 +.IR TMPL-LIST " := " +.b " [ " +.IR TMPL-LIST " ] | " +.RB " [ " tmpl +.IR TMPL " ] " + +.ti -8 +.IR TMPL " := " +.IR ID " [ " +.B mode +.IR MODE " ] " +.RB " [ " reqid +.IR REQID " ] " +.RB " [ " level +.IR LEVEL " ] " + +.ti -8 +.IR ID " := " +.RB " [ " src +.IR ADDR " ] " +.RB " [ " dst +.IR ADDR " ] " +.RB " [ " proto +.IR XFRM_PROTO " ] " +.RB " [ " spi +.IR SPI " ] " + +.ti -8 +.IR XFRM_PROTO " := " +.RB " [ " esp " | " ah " | " comp " | " route2 " | " hao " ] " + +.ti -8 +.IR MODE " := " +.RB " [ " transport " | " tunnel " | " beet " ] " +.b (default=transport) + +.ti -8 +.IR LEVEL " := " +.RB " [ " required " | " use " ] " +.b (default=required) + +.ti -8 +.BR "ip xfrm monitor" " [ " all " | " +.IR LISTofOBJECTS " ] " + .in -8 .ad b @@ -375,7 +682,7 @@ followed by protocol family identifier: or .B link ,enforce the protocol family to use. If the option is not present, -the protocol family is guessed from other arguments. If the rest +the protocol family is guessed from other arguments. If the rest of the command line does not give enough information to guess the family, .B ip @@ -407,7 +714,7 @@ shortcut for output each record on a single line, replacing line feeds with the .B '\e\' -character. This is convenient when you want to count records +character. This is convenient when you want to count records with .BR wc (1) or to @@ -460,6 +767,10 @@ host addresses. .B tunnel - tunnel over IP. +.TP +.B xfrm +- framework for IPsec protocol. + .PP The names of all objects may be written in full or abbreviated form, f.e. @@ -538,13 +849,13 @@ already configured. .TP .BI txqueuelen " NUMBER" -.TP +.TP .BI txqlen " NUMBER" change the transmit queue length of the device. .TP .BI mtu " NUMBER" -change the +change the .I MTU of the device. @@ -1131,15 +1442,15 @@ the initial RTT ('Round Trip Time') estimate. If no suffix is specified the units are raw values passed directly to the routing code to maintain compatability with previous releases. Otherwise if a suffix of s, sec or secs is used to specify -seconds; ms, msec or msecs to specify milliseconds; us, usec -or usecs to specify microseconds; ns, nsec or nsecs to specify -nanoseconds; j, hz or jiffies to specify jiffies, the value is +seconds; ms, msec or msecs to specify milliseconds; us, usec +or usecs to specify microseconds; ns, nsec or nsecs to specify +nanoseconds; j, hz or jiffies to specify jiffies, the value is converted to what the routing code expects. .TP .BI rttvar " TIME " "(2.3.15+ only)" -the initial RTT variance estimate. Values are specified as with +the initial RTT variance estimate. Values are specified as with .BI rtt above. @@ -1448,7 +1759,7 @@ force the output device on which this packet will be routed. .TP .B connected -if no source address +if no source address .RB "(option " from ")" was given, relookup the route with the source set to the preferred address received from the first lookup. @@ -1637,14 +1948,14 @@ It is also possible to use lookup instead of table. .TP .BI realms " FROM/TO" Realms to select if the rule matched and the routing table lookup -succeeded. Realm +succeeded. Realm .I TO is only used if the route did not select any realm. .TP .BI nat " ADDRESS" The base of the IP address block to translate (for source addresses). -The +The .I ADDRESS may be either the start of the block of NAT addresses (selected by NAT routes) or a local host address (or even zero). @@ -1757,12 +2068,12 @@ It must be an address on another interface of this host. .TP .BI ttl " N" -set a fixed TTL +set a fixed TTL .I N on tunneled packets. .I N is a number in the range 1--255. 0 is a special value -meaning that packets inherit the TTL value. +meaning that packets inherit the TTL value. The default value for IPv4 tunnels is: .BR "inherit" . The default value for IPv6 tunnels is: @@ -1782,7 +2093,7 @@ The default value is: .BR "inherit" . .TP -.BI dev " NAME" +.BI dev " NAME" bind the tunnel to the device .I NAME so that tunneled packets will only be routed via this device and will @@ -1812,12 +2123,12 @@ parameter sets the key to use in both directions. The .BR ikey " and " okey parameters set different keys for input and output. - + .TP .BR csum ", " icsum ", " ocsum .RB ( " only GRE tunnels " ) generate/require checksums for tunneled packets. -The +The .B ocsum flag calculates checksums for outgoing packets. The @@ -1840,7 +2151,7 @@ The flag requires that all input packets are serialized. The .B seq -flag is equivalent to the combination +flag is equivalent to the combination .BR "iseq oseq" . .B It isn't work. Don't use it. @@ -1915,6 +2226,169 @@ at any time. It prepends the history with the state snapshot dumped at the moment of starting. +.SH ip xfrm - setting xfrm +xfrm is an IP framework, which can transform format of the datagrams, +.br +i.e. encrypt the packets with some algorithm. xfrm policy and xfrm state +are associated through templates +.IR TMPL_LIST "." +This framework is used as a part of IPsec protocol. + +.SS ip xfrm state add - add new state into xfrm + +.SS ip xfrm state update - update existing xfrm state + +.SS ip xfrm state allocspi - allocate SPI value + +.TP +.I MODE +is set as default to +.BR transport "," +but it could be set to +.BR tunnel "," ro " or " beet "." + +.TP +.I FLAG-LIST +contains one or more flags. + +.TP +.I FLAG +could be set to +.BR noecn ", " decap-dscp " or " wildrecv "." + +.TP +.I ENCAP +encapsulation is set to encapsulation type +.IR ENCAP-TYPE ", source port " SPORT ", destination port " DPORT " and " OADDR "." + +.TP +.I ENCAP-TYPE +could be set to +.BR espinudp " or " espinudp-nonike "." + +.TP +.I ALGO-LIST +contains one or more algorithms +.I ALGO +which depend on the type of algorithm set by +.IR ALGO_TYPE "." +It can be used these algoritms +.BR enc ", " auth " or " comp "." + +.SS ip xfrm policy add - add a new policy + +.SS ip xfrm policy update - update an existing policy + +.SS ip xfrm policy delete - delete existing policy + +.SS ip xfrm policy get - get existing policy + +.SS ip xfrm policy deleteall - delete all existing xfrm policy + +.SS ip xfrm policy list - print out the list of xfrm policy + +.SS ip xfrm policy flush - flush policies +It can be flush +.BR all +policies or only those specified with +.BR ptype "." + +.TP +.BI dir " DIR " +directory could be one of these: +.BR "inp", " out " or " fwd". + +.TP +.IR SELECTOR +selects for which addresses will be set up the policy. The selector +is defined by source and destination address. + +.TP +.IR UPSPEC +is defined by source port +.BR sport ", " +destination port +.BR dport ", " type +as number and +.B code +also number. + +.TP +.BI dev " DEV " +specify network device. + +.TP +.BI index " INDEX " +the number of indexed policy. + +.TP +.BI ptype " PTYPE " +type is set as default on +.BR "main" , +could be switch on +.BR "sub" . + +.TP +.BI action " ACTION " +is set as default on +.BR "allow". +It could be switch on +.BR "block". + +.TP +.BI priority " PRIORITY " +priority is a number. Default priority is set on zero. + +.TP +.IR LIMIT-LIST +limits are set in seconds, bytes or numbers of packets. + +.TP +.IR TMPL-LIST +template list is based on +.IR ID "," +.BR mode ", " reqid " and " level ". " + +.TP +.IR ID +is specified by source address, destination address, +.I proto +and value of +.IR spi "." + +.TP +.IR XFRM_PROTO +values: +.BR esp ", " ah ", " comp ", " route2 " or " hao "." + +.TP +.IR MODE +is set as default on +.BR transport "," +but it could be set on +.BR tunnel " or " beet "." + +.TP +.IR LEVEL +is set as default on +.BR required +and the other choice is +.BR use "." + +.TP +.IR UPSPEC +is specified by +.BR sport ", " +.BR dport ", " type +and +.B code +(NUMBER). + +.SS ip xfrm monitor - is used for listing all objects or defined group of them. +The +.B xfrm monitor +can monitor the policies for all objects or defined group of them. + .SH HISTORY .B ip was written by Alexey N. Kuznetsov and added in Linux 2.2.