Implement basic commands to:
- manipulate MPTCP endpoints list
- manipulate MPTCP connection limits
Examples:
1. Allows multiple subflows per MPTCP connection
$ ip mptcp limits set subflows 2
2. Accept ADD_ADDR announcement from the peer (server):
$ ip mptcp limits set add_addr_accepted 2
3. Add a ipv4 address to be annunced for backup subflows:
$ ip mptcp endpoint add 10.99.1.2 signal backup
4. Add an ipv6 address used as source for additional subflows:
$ ip mptcp endpoint add 2001::2 subflow
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Update kernel headers to commit
790ab249b55d ("net: ethernet: fec: Prevent MII event after MII_SPEED write")
and import mptcp.h
Signed-off-by: David Ahern <dsahern@gmail.com>
Commit 583396f4ca4d ("net_sched: sch_fq: enable use of hrtimer slack")
added TCA_FQ_TIMER_SLACK parameter, with a default value of 10 usec.
Add the corresponding tc support to get/set this tunable.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Commit 9d18562a2278 ("fq_codel: add batch ability to fq_codel_drop()")
added the new TCA_FQ_CODEL_DROP_BATCH_SIZE parameter, set by default to 64.
Add to tc command the ability to get/set the drop_batch
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
As commit f9d696cf41 ("xfrm: not try to delete ipcomp states when using
deleteall") does, this patch is to fix the same issue for ip6 state where
xsinfo->id.proto == IPPROTO_IPV6.
# ip xfrm state add src 2000::1 dst 2000::2 spi 0x1000 \
proto comp comp deflate mode tunnel sel src 2000::1 dst \
2000::2 proto gre
# ip xfrm sta deleteall
Failed to send delete-all request
: Operation not permitted
Note that the xsinfo->proto in common states can never be IPPROTO_IPV6.
Fixes: f9d696cf41 ("xfrm: not try to delete ipcomp states when using deleteall")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Check the cookie hex string len is dividable by 2 as the valid hex
string always should be.
Reported-by: Alex Kushnarov <alexanderk@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Igor Russkikh says:
====================
From: Mark Starovoytov <mstarovoitov@marvell.com>
This series adds support for selecting the offloading mode of a MACsec
interface at link creation time.
Available modes are for now 'off', 'phy' and 'mac', 'off' being the default
when an interface is created.
First patch adds support for MAC offloading.
Last patch allows a user to change the offloading mode at runtime
through a new attribute, `ip link add link ... offload`:
# ip link add link enp1s0 type macsec encrypt on offload off
# ip link add link enp1s0 type macsec encrypt on offload phy
# ip link add link enp1s0 type macsec encrypt on offload mac
====================
Signed-off-by: David Ahern <dsahern@gmail.com>
This patch adds support for configuring offload mode upon MACsec
device creation.
If offload mode is not specified, then netlink attribute is not
added. Default behavior on the kernel side in this case is
backward-compatible (offloading is disabled by default).
Example:
$ ip link add link eth0 macsec0 type macsec port 11 encrypt on offload mac
Signed-off-by: Mark Starovoytov <mstarovoitov@marvell.com>
Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
This patch enables MAC HW offload usage in iproute, since MACSec
implementation supports it now.
Signed-off-by: Mark Starovoytov <mstarovoitov@marvell.com>
Signed-off-by: Igor Russkikh <irusskikh@marvell.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Root_block is also called root port guard, document it.
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Document that guard disable the port and how to reenable it
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This option is useful for Wifi bridge but need some tweak.
Document it from kernel patches documentation
Signed-off-by: Bastien Roucariès <rouca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
These can be configured to different paths. Reflect that in the
generated documentation.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Prepare for adding new variable substitutions. Unify the sed rules while
we're at it, since there's no need to write this out 4 times.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The fq_codel class stat deficit is a signed int. This is a regression
from when JSON output was added.
Fixes: 997f2dc193 ("tc: Add JSON output of fq_codel stats")
Signed-off-by: Benjamin Lee <ben@b1c1l1.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Load memlimit so that it will be printed if it isn't set to zero.
Also add a space to properly print it.
Signed-off-by: Odin Ugedal <odin@ugedal.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This will help avoid overflow, since setting it to 0xffffffff would
result in -1 when converted to integer, resulting in being "-1", setting
the fwmark to 0x00.
Signed-off-by: Odin Ugedal <odin@ugedal.com>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This detects overflow during parsing of value using get_size:
eg. running:
$ tc qdisc add dev lo root cake memlimit 11gb
currently gives a memlimit of "3072Mb", while with this patch it errors
with 'illegal value for "memlimit": "11gb"', since memlinit is an
unsigned integer.
Signed-off-by: Odin Ugedal <odin@ugedal.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add support for configuring auto_dump attribute per reporter.
With this attribute, one can indicate whether the devlink kernel core
should execute automatic dump on error.
The change will be reflected in show, set and man commands.
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Aya Levin <ayal@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Fix description for htb class prio parameter to indicate it's not
mandatory.
Signed-off-by: Benjamin Lee <ben@b1c1l1.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add description for htb class parameter quantum.
Signed-off-by: Benjamin Lee <ben@b1c1l1.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add description for htb qdisc parameter r2q.
Signed-off-by: Benjamin Lee <ben@b1c1l1.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
In the commit referenced below, ip link started sending ERSPAN-specific
attributes even for GRE and gretap tunnels. Fix by more carefully
distinguishing between the GRE/tap and ERSPAN modes. Do not show
ERSPAN-related help in GRE/tap mode, likewise do not accept ERSPAN
arguments, or send ERSPAN attributes.
Fixes: 83c543af87 ("erspan: set erspan_ver to 1 by default")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This sentence predates addition of extended pedit for IPv6 packets.
Reported-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Describe a way to update just the DSCP and just the ECN part of the
dsfield. That is useful on its own, but also it shows how retain works.
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Support keywords dsfield, traffic_class and tos in the IPv6 context.
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Fix error from make check.
n-old.tmac: <standard input>: line 86: 'R' is a string (producing the registered sign), not a macro.
Error in tc-actions.8
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Remove duplicate sub help messages for "dev" object and have them all
show help message for "dev".
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Have one help message for all dpipe commands, as it is done for the rest
of the devlink object. Possible and required options to the help.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
To be consistent with the rest of the code and name of netlink
attribute, rename the dpipe_counters_enable struct fielt
to dpipe_counters_enabled.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
To be consistent with netlink attribute name and also with the
"dpipe table show" output, add "counters_enabled" for "counters" in
"dpipe table set" command.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
DEVLINK_ATTR_ESWITCH_ENCAP_MODE netlink attribute carries enum. But the
code assumes bool value. Fix this by treating the encap mode in the same
way as other eswitch mode attributes, switching from "enable"/"disable"
to "basic"/"none", according to the enum. Maintain the backward
compatibility to allow user to pass "enable"/"disable" too. Also to be
in-sync with the rest of the "mode" commands, rename to "encap-mode".
Adjust the help and man page accordingly.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix the help and man page of "devlink health set" command to be aligned
with the rest of helps and man pages.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Change the code that is doing custom processing of boolean command line
options to use dl_argv_bool(). Extend strtobool() to accept
"enable"/"disable" to maintain current behavior.
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Extend bash-completion for two new commands:
devlink trap policer set DEV policer POLICER [ rate RATE ] [ burst BURST ]
devlink trap policer show DEV policer POLICER
And for "policer" / "nopolicer" parameters in existing command:
devlink trap group set DEV group GROUP [ action { trap | drop } ]
[ policer POLICER ] [ nopolicer ]
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Add ability to associate a policer with a trap group. The policer can be
unbound by using the 'nopolicer' keyword. In which case, the value
encoded in the 'DEVLINK_ATTR_TRAP_POLICER_ID' attribute will be '0'.
This is consistent with ip-link 'nomaster' keyword and the 'IFLA_MASTER'
attribute.
Example:
# devlink trap group set netdevsim/netdevsim10 group l3_drops policer 2
# devlink -jp trap group show netdevsim/netdevsim10 group l3_drops
{
"trap_group": {
"netdevsim/netdevsim10": [ {
"name": "l3_drops",
"generic": true,
"policer": 2
} ]
}
}
# devlink trap group set netdevsim/netdevsim10 group l3_drops nopolicer
# devlink -jp trap group show netdevsim/netdevsim10 group l3_drops
{
"trap_group": {
"netdevsim/netdevsim10": [ {
"name": "l3_drops",
"generic": true
} ]
}
}
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
The trap policer set command allows the user to set the parameters of
the packet trap policer, such as rate and burst size. Example:
# devlink trap policer set netdevsim/netdevsim10 policer 1 rate 1000 burst 32
The trap policer show command allows the user to get the current
parameters of an individual policer or a dump of all policers in case
one is not specified. When '-s' is specified the policer's statistics
are shown. Example:
# devlink -jps trap policer show netdevsim/netdevsim10 policer 1
{
"trap_policer": {
"netdevsim/netdevsim10": [ {
"policer": 1,
"rate": 1000,
"burst": 32,
"stats": {
"rx": {
"dropped": 53
}
}
} ]
}
}
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Paolo Abeni
Davide Caratti
David Ahern
Eric Dumazet
Xin Long
Jiri Pirko
Mark Starovoytov
Stephen Hemminger
Bastien Roucariès
Brian Norris
Benjamin Lee
Odin Ugedal
Eran Ben Elisha
Petr Machata
Ido Schimmel