To improve the usability better use case-insensitive pattern-matching
in ifstat, nstat and ss tools.
Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
While looking at the estimator code, I noticed an incorrect interval
number printed in raw for the handles. This patch fixes the formatting.
Before patch:
root@bytecenter.fr:~# tc -r filter add dev eth0 ingress estimator
250ms 999ms matchall action police avrate 12mbit conform-exceed drop
[estimator i=4294967294 e=2]
After patch:
root@bytecenter.fr:~# tc -r filter add dev eth0 ingress estimator
250ms 999ms matchall action police avrate 12mbit conform-exceed drop
[estimator i=-2 e=2]
Signed-off-by: Jamie Gloudon <jamie.gloudon@gmx.fr>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The XFRMA_IF_ID attribute is set in policies for them to be
associated with an XFRM interface (4.19+).
Add support for getting/deleting policies with this attribute.
For supporting 'deleteall' the XFRMA_IF_ID attribute needs to be
explicitly copied.
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
In commit aed63ae1ac ("ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies")
I added the ability to set/print the xfrm interface ID without updating
the man page.
Fixes: aed63ae1ac ("ip xfrm: support setting/printing XFRMA_IF_ID attribute in states/policies")
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: 5027f233e3 ("tipc: add link broadcast get")
Signed-off-by: Hoang Huu Le <hoang.h.le@dektech.com.au>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
'bridge fdb get' has json support but the json object is never initialized
before patch:
$ bridge -j fdb get 56:23:28:4f:4f:e5 dev vx0
56:23:28:4f:4f:e5 dev vx0 master br0 permanent
$
after patch:
$ bridge -j fdb get 56:23:28:4f:4f:e5 dev vx0 | \
python -c \
'import sys,json;print(json.dumps(json.loads(sys.stdin.read()),indent=4))'
[
{
"master": "br0",
"mac": "56:23:28:4f:4f:e5",
"flags": [],
"ifname": "vx0",
"state": "permanent"
}
]
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The configure script checks for ipset v6 availability but doesn't test
for v7, which is backward compatible and used on kernel v5.x systems.
Update the script to test for both ipset versions. Without this change,
the tc ematch function em_ipset will be disabled.
Signed-off-by: Tony Ambardar <Tony.Ambardar@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
utils.h is included two times in ipaddress.c, there is no need for that.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Follow the precedent of other parts of iproute2 follow the example of:
Standard libc headers
Linux headers
Iproute2 support headers
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The 'fw_load_policy' devlink parameter supports the 'disk' value
since kernel v5.4, seems like there was some oversight in adding
this to iproute, fixed by this patch.
Signed-off-by: Louis Peens <louis.peens@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
When setting a policer to a trap group, a value of "0" will unbind the
currently bound policer from the group.
The behavior is intentional and tested in kernel selftests, so document
it.
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Suggested-by: Alex Kushnarov <alexanderk@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add the new "mpls" keyword that can be used to match MPLS fields in
arbitrary Label Stack Entries.
LSEs are introduced by the "lse" keyword and followed by LSE options:
"depth", "label", "tc", "bos" and "ttl". The depth is manadtory, the
other options are optionals.
For example, the following filter drops MPLS packets having two labels,
where the first label is 21 and has TTL 64 and the second label is 22:
$ tc filter add dev ethX ingress proto mpls_uc flower mpls \
lse depth 1 label 21 ttl 64 \
lse depth 2 label 22 bos 1 \
action drop
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Bareudp devices provide a generic L3 encapsulation for tunnelling
different protocols like MPLS, IP, NSH, etc. inside a UDP tunnel.
This patch is based on original work from Martin Varghese:
https://lore.kernel.org/netdev/1570532361-15163-1-git-send-email-martinvarghesenokia@gmail.com/
Examples:
- ip link add dev bareudp0 type bareudp dstport 6635 ethertype mpls_uc
This creates a bareudp tunnel device which tunnels L3 traffic with
ethertype 0x8847 (unicast MPLS traffic). The destination port of the
UDP header will be set to 6635. The device will listen on UDP port 6635
to receive traffic.
- ip link add dev bareudp0 type bareudp dstport 6635 ethertype ipv4 multiproto
Same as the MPLS example, but for IPv4. The "multiproto" keyword allows
the device to also tunnel IPv6 traffic.
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Before this patch check is happened only in case when we try to find
cgroup at cgroup2 mount point.
v2:
- add Fixes line before Signed-off-by (David Ahern)
Fixes: d5e6ee0dac ("ss: introduce cgroup2 cache and helper functions")
Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
ip(8) accepts -family ipv6 (-6) option at the toplevel. It is
straightforward to support the existing option for modifying listener
on IPv6 addresses.
Maintain the backward compatibility by leaving ip fou -6 flag
implemented, while it's removed from the usage message.
Signed-off-by: Sorah Fukumori <her@sorah.jp>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Before can be possible show only all qeueue disciplines on an interface.
There wasn't a way to get the qdisc info by handle or parent, only full
dump of the disciplines with a following grep/sed usage.
Now new and old options work as expected to filter a qdisc by handle or
parent.
Full syntax of the qdisc show command:
tc qdisc { show | list } [ dev STRING ] [ QDISC_ID ] [ invisible ]
QDISC_ID := { root | ingress | handle QHANDLE | parent CLASSID }
This change doesn't require any changes in the kernel.
Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Use a single font macro for a single argument.
Remove unnecessary quotes for a single-font macro.
Join two lines into one.
The output of "nroff" and "groff" is unchanged.
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Use a single-font macro for one argument.
Remove unnecessary quotes for a single font macro.
Join some lines into one.
The output of "nroff" and "groff" is unchanged, except for a font
change in two lines.
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Use a single-font macro for a single argument
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Use a single-font macro for a single argument.
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Typeset section numbers in roman font, see man-pages(7).
###
Details:
Output is from: test-groff -b -mandoc -T utf8 -rF0 -t -w w -z
[ "test-groff" is a developmental version of "groff" ]
<./man/man3/libnetlink.3>:53 (macro BR): only 1 argument, but more are expected
<./man/man3/libnetlink.3>:132 (macro BR): only 1 argument, but more are expected
<./man/man3/libnetlink.3>:134 (macro BR): only 1 argument, but more are expected
<./man/man3/libnetlink.3>:197 (macro BR): only 1 argument, but more are expected
<./man/man3/libnetlink.3>:198 (macro BR): only 1 argument, but more are expected
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
On some distros, i.e. rhel 7.6, compilation fails with the following:
ipaddress.c: In function ‘lookup_flag_data_by_name’:
ipaddress.c:1260:2: error: ‘for’ loop initial declarations are only allowed in C99 mode
for (int i = 0; i < ARRAY_SIZE(ifa_flag_data); ++i) {
^
ipaddress.c:1260:2: note: use option -std=c99 or -std=gnu99 to compile your code
This commit fixes the single place needed for compilation to pass.
Fixes: 9d59c86e57 ("iproute2: ip addr: Organize flag properties structurally")
Signed-off-by: Roi Dayan <roid@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This type is used for traps that trap control packets such as ARP
request and IGMP query to the CPU.
Example:
# devlink -jp trap show netdevsim/netdevsim10 trap igmp_v1_report
{
"trap": {
"netdevsim/netdevsim10": [ {
"name": "igmp_v1_report",
"type": "control",
"generic": true,
"action": "trap",
"group": "mc_snooping"
} ]
}
}
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Use the tool iwyu to get more complete list of includes for
all the bits used by devlink.
This should also fix build with musl libc.
Fixes: c4dfddccef ("fix JSON output of mon command")
Reported-off-by: Dan Robertson <dan@dlrobertson.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Actually display that deletions are happening
when monitoring nexthops.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
optimistic DAD is controllable via sysctl for an interface
or all interfaces on the system. This would affect addresses
added by the kernel only.
Recent kernels, however, have enabled support for adding optimistic
address via userspace. This plumbs that support.
Signed-off-by: David Ahern <dsahern@gmail.com>
This creates a nice systematic way to check that the various flags are
mutable from userspace and that the address family is valid.
Mutability properties are preserved to avoid introducing any behavioral
change in this CL. However, previously, immutable flags were ignored and
fell through to this confusing error:
Error: either "local" is duplicate, or "dadfailed" is a garbage.
But now, they just warn more explicitly:
Warning: dadfailed option is not mutable from userspace
Signed-off-by: David Ahern <dsahern@gmail.com>
Have print_tm() dump firstuse value along with install, lastuse
and expires.
v2: Resubmit after 'master' merged into next
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
gcc v9.3.1 reports:
bpf.c: In function ‘bpf_get_work_dir’:
bpf.c:784:49: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
784 | snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt);
| ^
bpf.c:784:2: note: ‘snprintf’ output between 2 and 4097 bytes into a destination of size 4096
784 | snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix this simply checking snprintf return code and properly handling the error.
Fixes: e42256699c ("bpf: make tc's bpf loader generic and move into lib")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This reverts commit c0325b0638.
It introduces a segfault in bpf_make_custom_path() when custom pinning is used.
This happens because asprintf allocates exactly the space needed to hold a
string in the buffer passed as its first argument, but if this buffer is later
used in strcat() or similar we have a buffer overrun.
As the aim of commit c0325b0638 is simply to fix a compiler warning, it
seems safe and reasonable to revert it.
Fixes: c0325b0638 ("bpf: replace snprintf with asprintf when dealing with long buffers")
Reported-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This commit allows printing the statistics of a broadcast-receiver link
using the same tipc command, but with additional 'link' options:
$ tipc link stat show --help
Usage: tipc link stat show [ link { LINK | SUBSTRING | all } ]
With:
+ 'LINK' : print the stats of the specific link 'LINK';
+ 'SUBSTRING' : print the stats of all the links having the 'SUBSTRING'
in name;
+ 'all' : print all the links' stats incl. the broadcast-receiver
ones;
Also, a link stats can be reset in the usual way by specifying the link
name in command.
For example:
$ tipc l st sh l br
Link <broadcast-link>
Window:50 packets
RX packets:0 fragments:0/0 bundles:0/0
TX packets:5011125 fragments:4968774/149643 bundles:38402/307061
RX naks:781484 defs:0 dups:0
TX naks:0 acks:0 retrans:330259
Congestion link:50657 Send queue max:0 avg:0
Link <broadcast-link:1001001>
Window:50 packets
RX packets:95146 fragments:95040/1980 bundles:1/2
TX packets:0 fragments:0/0 bundles:0/0
RX naks:380938 defs:83962 dups:403
TX naks:8362 acks:0 retrans:170662
Congestion link:0 Send queue max:0 avg:0
Link <broadcast-link:1001002>
Window:50 packets
RX packets:0 fragments:0/0 bundles:0/0
TX packets:0 fragments:0/0 bundles:0/0
RX naks:400546 defs:0 dups:0
TX naks:0 acks:0 retrans:159597
Congestion link:0 Send queue max:0 avg:0
$ tipc l st sh l 1001002
Link <1001003:data0-1001002:data0>
ACTIVE MTU:1500 Priority:10 Tolerance:1500 ms Window:50 packets
RX packets:99546 fragments:0/0 bundles:33/877
TX packets:629 fragments:0/0 bundles:35/828
TX profile sample:8 packets average:390 octets
0-64:75% -256:0% -1024:0% -4096:25% -16384:0% -32768:0% -66000:0%
RX states:488714 probes:7397 naks:0 defs:4 dups:5
TX states:27734 probes:18016 naks:5 acks:2305 retrans:0
Congestion link:0 Send queue max:0 avg:0
Link <broadcast-link:1001002>
Window:50 packets
RX packets:0 fragments:0/0 bundles:0/0
TX packets:0 fragments:0/0 bundles:0/0
RX naks:400546 defs:0 dups:0
TX naks:0 acks:0 retrans:159597
Congestion link:0 Send queue max:0 avg:0
$ tipc l st re l broadcast-link:1001002
$ tipc l st sh l broadcast-link:1001002
Link <broadcast-link:1001002>
Window:50 packets
RX packets:0 fragments:0/0 bundles:0/0
TX packets:0 fragments:0/0 bundles:0/0
RX naks:0 defs:0 dups:0
TX naks:0 acks:0 retrans:0
Congestion link:0 Send queue max:0 avg:0
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Tuong Lien <tuong.t.lien@dektech.com.au>
Signed-off-by: David Ahern <dsahern@gmail.com>
This patch adds support for rpl segment routing settings.
Example:
ip -n ns0 -6 route add 2001::3 encap rpl segs \
fe80::c8fe:beef:cafe:cafe,fe80::c8fe:beef:cafe:beef dev lowpan0
Signed-off-by: Alexander Aring <alex.aring@gmail.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Report tcf_t values in seconds, not jiffies, in JSON format as it is now
for stdout.
v2: use PRINT_ANY, drop the useless casts and fix the style (Stephen Hemminger)
Fixes: 2704bd6255 ("tc: jsonify actions core")
Cc: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Roman Mashak <mrv@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Provide a sanity check that will make sure whether queues count/offset
pair count will not exceed the actual number of TCs being created.
Example command that is invalid because there are 4 count/offset pairs
whereas num_tc is only 2.
# tc qdisc add dev enp96s0f0 root mqprio num_tc 2 map 0 0 0 0 1 1 1 1
queues 4@0 4@4 4@8 4@12 hw 1 mode channel
Store the parsed count/offset pair count onto a dedicated variable that
will be compared against opt.num_tc after all of the command line
arguments were parsed. Bail out if this count is higher than opt.num_tc
and let user know about it.
Drivers were swallowing such commands as they were iterating over
count/offset pairs where num_tc was used as a delimiter, so this is not
a big deal, but better catch such misconfiguration at the command line
argument parsing level.
Signed-off-by: Maciej Fijalkowski <maciej.fijalkowski@intel.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
As noted by David Ahern, now if some bytecode filter is not supported
by running kernel printed error message is not clear. This patch is attempt to
detect such case and print correct message. This is done by providing checking
function for new filter types. As example check function for cgroup filter
is implemented. It sends correct lightweight request (idiag_states = 0)
with zero cgroup condition to the kernel and checks returned errno. If filter
is not supported EINVAL is returned. Result of checking is cached to
avoid extra checks if several same filters are specified.
Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
Signed-off-by: David Ahern <dsahern@gmail.com>
This patch introduces two new features: obtaining cgroup information and
filtering sockets by cgroups. These features work based on cgroup v2 ID
field in the socket (kernel should be compiled with CONFIG_SOCK_CGROUP_DATA).
Cgroup information can be obtained by specifying --cgroup flag and now contains
only pathname. For faster pathname lookups cgroup cache is implemented. This
cache is filled on ss startup and missed entries are resolved and saved
on the fly.
Cgroup filter extends EXPRESSION and allows to specify cgroup pathname
(relative or absolute) to obtain sockets attached only to this cgroup.
Filter syntax: ss [ cgroup PATHNAME ]
Examples:
ss -a cgroup /sys/fs/cgroup/unified (or ss -a cgroup .)
ss -a cgroup /sys/fs/cgroup/unified/cgroup1 (or ss -a cgroup cgroup1)
v2:
- style fixes (David Ahern)
Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
Signed-off-by: David Ahern <dsahern@gmail.com>
Anton Danilov
Jamie Gloudon
Eyal Birger
Hoang Huu Le
Julien Fortin
Tony Ambardar
Andrea Claudi
Stephen Hemminger
Louis Peens
Ido Schimmel
Guillaume Nault
Dmitry Yakunin
Sorah Fukumori
Bjarni Ingi Gislason
Roi Dayan
Donald Sharp
Ian K. Coolidge
Roman Mashak
David Ahern
Tuong Lien
Alexander Aring
Eric Dumazet
Paul Blakey
Maciej Fijalkowski