It's now possible to filter SA directly into the kernel by specifying
XFRMA_PROTO and/or XFRMA_ADDRESS_FILTER.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
In "ip route show" output unicast type, main table, boot protocol and
universe scope are hidden as default labels.
Sometimes it is helpful to show the hidden label for people not enough
familiar with routing subsystem to map the output of "ip route show" and
kernel source code.
With this patch "ip route show" with -d option shows the default labels.
Example of difference of output with -d option:
$ ./ip/ip -4 route show table all dev virbr1
...
192.168.121.0/28 proto kernel scope link src 192.168.121.1
...
$ ./ip/ip -4 -d route show table all dev virbr1
...
unicast 192.168.121.0/28 table main proto kernel scope link src 192.168.121.1
...
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
With "ip -d link show", bonding slave mii status is displayed
twice, once as a number and once as a name.
Fixes: 730d3f61 ("iplink: add support for bonding slave")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Lookup function get_index() compares argument with table entries
only up to the length of the table entry so that if an entry
with lower index is a substring of a later one, earlier entry is
used even if the argument is equal to the other. For example,
ip link set bond0 type bond xmit_hash_policy layer2+3
sets xmit_hash_policy to 0 (layer2) as this is found before
"layer2+3" can be checked.
Use strcmp() to compare whole strings instead.
v2: look for an exact match only
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Name of arp_all_targets parameter in output of "ip -d link show"
is missing trailing "s".
Fixes: 63d127b0 ("iproute2: finish support for bonding attributes")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
This patch allows to display the source-IP.
stype will be used in the next patch that allows to remove based on the
source-IP.
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Renaming addr to daddr, because we will introduce saddr later.
The local variable is necessary to store RTA_PAYLOAD(a) temporarily.
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Add support for bonding attributes just added to net-next.
On set, allow string or number value for enumerated attributes.
On show, use always use string value for attribute.
Signed-off-by: Scott Feldman <sfeldma@cumulusnetworks.com>
The vti interface will use GRE_KEY to match the right policy in kernel. So we
can not return fail when the tunnel is vti.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
The RTM_NEWLINK message accepts ifi_index non-zero value and lets
creation of links with given index (if it's free, or course). This
functionality is available since linux-v3.5.
This patch makes this API available via ip tool.
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>
Currently ip-link(8) parses, but ignores "group" argument to
peer interface on veth creation.
Insert IFLA_GROUP attribute for peer interface when present.
Signed-off-by: Sergey Popovich <popovich_sergei@mail.ru>
Based on patch by Sergey Popovich <popovich_sergei@mail.ru>
This fixes crash when ip-link(8) invoced with command:
ip link add dev veth1a type veth peer
Use warn_unused_result to enforce checking return value of rtnl_send,
and fix where the errors are.
Suggested by initial patch from Petr Písař <ppisar@redhat.com>
As a system admin I occasionally want to be able to check that all
interfaces has a name in DNS or /etc/hosts file.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
As both linux kernel and function ipaddrlabel_modify use unsigned int for
label. We should also use unsigned int value when print addrlabel in case of
misunderstanding.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
The kernel already supports it, so add the support
to iproute2 as well.
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
ip xfrm considers that the user-defined mark is "any" as soon as
(mark.v & mark.m == 0), which prevents from specifying non-wildcard
marks that include the value 0 (typically 0/0xffffffff).
Yet, matching exactly mark 0 is useful for instance to separate
vti policies from global policies.
Always configure the user mark if mark.m != 0.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
This bug is reported from below link:
https://bugzilla.redhat.com/show_bug.cgi?id=982761
An simplified command from its original reproducing method in bugzilla:
ip xfrm state add src 10.0.0.2 dst 10.0.0.1 proto ah spi 0x12345678 auth md5 12
will cause below spew from gcc.
Reported-by: Sohny Thomas <sthomas@linux.vnet.ibm.com>
Since commit a05f6511f5, ip batch mode is broken when using 'netns exec' cmd.
When WIFEXITED() returns true, it means that the child exited normally, hence
we must not call exit() but just returns the status. If we call exit, the next
commands in the file file are not executed.
If WIFEXITED() returns false, we can call exit() because it means that the
child failed.
This patch partially reverts commit a05f6511f5.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
The git-commit dc8867d0, that added support for displaying the
extra-flags of a state, introduced a potential segfault.
Trying to show a state without the extra-flag attribute and show_stats
enabled, would cause the NULL pointer in tb[XFRMA_SA_EXTRA_FLAGS] to be
dereferenced.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
The mode information is contained in IFLA_MACVLAN_MODE instead
of IFLA_VLAN_ID (both evaluating to "1" in their enums).
Signed-off-by: Lutz Jaenicke <ljaenicke@innominate.com>
Prefix labelling is currently only activated when monitoring "all"
objects. However, the output can still be confusing when monitoring
more than 1 object, so add an option to always print prefix labels.
Signed-off-by: Martin Schwenke <martin@meltin.net>
When configuring a system with multiple network uplinks and default routes, it
is often convenient to reference a routing table multiple times - but reject
its routing decision if certain constraints are not met by it.
Consider this setup:
$ ip route add table secuplink default via 10.42.23.1
$ ip rule add pref 100 table main suppress_prefixlength 0
$ ip rule add pref 150 fwmark 0xA table secuplink
With this setup, packets marked 0xA will be processed by the additional routing
table "secuplink", but only if no suitable route in the main routing table can
be found. By suppressing entries with a prefixlength of 0 (or less), the
default route (/0) of the table "main" is hidden to packets processed by rule
100; packets traveling to destinations via more specific routes are processed
as usual.
It is also possible to suppress a routing entry if a device belonging to
a specific interface group is to be used:
$ ip rule add pref 150 table main suppress_group 1
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This change adds the interface group to the output of "ip link show".
It also makes "ip link" print _all_ devices if no group filter is specified;
previously, only interfaces of the default group (0) were shown.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
This patch allows setting VXLAN destination to unicast address.
It allows that VXLAN can be used as peer-to-peer tunnel without
multicast.
v6: change back to the v3 except for using new attribute because
replacing command-line parameters breaks existing scripts,
based by Cong Wang's comments.
v5: rebase on the latest.
v4: replace "group" with "remote" based by David Stevens's comments.
v3: move a new attribute REMOTE into the last of an enum list
based by Stephen Hemminger's comments.
fix the usage to show explicitly that both "remote" and "group"
cannot be specified, based by Ben Hutchings's comments.
v2: use a new argument "remote" instead of "group" based by
Stephen Hemminger's comments.
Signed-off-by: Atzm Watanabe <atzm@stratosphere.co.jp>
Nicolas Dichtel
Masatake YAMATO
Michal Kubeček
Stephen Hemminger
Jiri Pirko
Christoph Paasch
Thomas Haller
sfeldma@cumulusnetworks.com
Hangbin Liu
Pavel Emelyanov
Arvid Brodin
Sergey Popovich
Sami Kerola
WANG Cong
Christophe Gouault
xeb@mail.ru
Fan Du
Thomas Egerer
Lutz Jaenicke
Richard Godbee
Martin Schwenke
Stefan Tomanek
Atzm Watanabe