ss: show extra info when '--processes' is not used
A recent modification broke "extra" options for all protocols showing
info about the processes when '-p' / '--processes' option was not used
as well. In other words, all the additional bits displayed at the end or
at the next line were no longer printed if the user didn't ask to show
info about processes as well.
The reason is that, the "current_field" pointer never switched to the
"Ext" column. If the user didn't ask to display the processes, nothing
happened when trying to print extra bits using the "out()" function,
because the current field was still pointing to the "Process" one, now
marked as disabled.
Before the commit mentioned below, it was not an issue not to switch to
the "Ext" or "Process" columns because they were never marked as
"disabled".
Here is a quick list of options that were no longer displayed if '-p' /
'--processes' was not set:
That was just by quickly reading the code, I probably missed some. But
this shows that the impact can be quite important for all scripts using
'ss' to monitor connections or to report info.
Fixes: 1607bf53 ("ss: prevent "Process" column from being printed unless requested") Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
wenglianfa [Fri, 29 Dec 2023 06:52:41 +0000 (14:52 +0800)]
rdma: Fix the error of accessing string variable outside the lifecycle
All these SPRINT_BUF(b) definitions are inside the 'if' block, but
accessed outside the 'if' block through the pointers 'comm'. This
leads to empty 'comm' attribute when querying resource information.
So move the definitions to the beginning of the functions to extend
their life cycle.
Before:
$ rdma res show srq
dev hns_0 srqn 0 type BASIC lqpn 18 pdn 5 pid 7775 comm
After:
$ rdma res show srq
dev hns_0 srqn 0 type BASIC lqpn 18 pdn 5 pid 7775 comm ib_send_bw
Fixes: 1808f002dfdd ("lib/fs: fix memory leak in get_task_name()") Signed-off-by: wenglianfa <wenglianfa@huawei.com> Signed-off-by: Junxian Huang <huangjunxian6@hisilicon.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Acked-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
There is an open upstream kernel patch to remove ipt action from
kernel. This is corresponding iproute2 change.
- Remove support fot ipt and xt in tc.
- Remove no longer used header files.
- Update man pages.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Mixing the semantics of ending lines with the json object
leads to several bugs where json object is closed twice, etc.
Replace by breaking the meaning of newline() function into
two parts.
Now, lots of functions were taking the rdma data structure as
argument but never using it.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Eli Schwartz [Fri, 29 Dec 2023 06:00:09 +0000 (01:00 -0500)]
configure: avoid un-recommended command substitution form
The use of backticks to surround commands instead of "$(cmd)" is a
legacy of the oldest pre-POSIX shells. It is confusing, unreliable, and
hard to read. Its use is not recommended in new programs.
Link: http://mywiki.wooledge.org/BashFAQ/082 Signed-off-by: Eli Schwartz <eschwartz93@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The rdma utility should be using same code pattern as rest of
iproute2. When printing, color should only be requested when
desired; if no color wanted, use the simpler print_XXX instead.
Fixes: b0a688a542cd ("rdma: Rewrite custom JSON and prints logic to use common API") Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:32 +0000 (09:07 -0500)]
bridge: Provide rta_type()
Factor out the repeated code pattern
rta_type = attr->rta_type & NLA_TYPE_MASK
into a helper which is similar to the existing kernel function nla_type().
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:29 +0000 (09:07 -0500)]
bridge: Deduplicate print_range()
The two implementations are now identical so keep only one instance and
move it to json_print.c where there are already a few other specialized
printing functions.
The string that's formatted in the "end" buffer is only needed when
outputting a range so move the snprintf() call within the condition.
The second argument's purpose is better conveyed by calling it "end" rather
than "id" so rename it.
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:28 +0000 (09:07 -0500)]
bridge: vni: Indent statistics with 2 spaces
`bridge -s vlan` indents statistics with 2 spaces compared to the vlan id
column while `bridge -s vni` indents them with 1 space. Change `bridge vni`
to match the behavior of `bridge vlan` since that second command predates
`bridge vni`.
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:26 +0000 (09:07 -0500)]
bridge: vni: Remove unused argument in open_vni_port()
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:25 +0000 (09:07 -0500)]
bridge: vni: Replace open-coded instance of print_nl()
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:24 +0000 (09:07 -0500)]
bridge: vni: Remove stray newlines after each interface
Currently, `bridge vni` outputs an empty line after each interface. This is
not consistent with the output style of other iproute2 commands, in
particular `bridge vlan`. Therefore, remove the empty lines.
If there are scripts that parse the normal text output of `bridge vni`,
those scripts might be broken by the removal of the empty lines. This is a
secondary concern because those scripts should consume the JSON output
instead.
Before:
$ bridge vni
dev vni group/remote
vxlan1 4001
5000-5010
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:23 +0000 (09:07 -0500)]
bridge: vni: Reverse the logic in print_vnifilter_rtm()
print_vnifilter_rtm() is structured similarly to print_vlan_tunnel_info()
except that in the former, the open_vni_port() call is guarded by a "if
(first)" check whereas in the latter, the open_vlan_port() call is guarded
by a "if (!opened)" check.
Reverse the logic in one of the functions to have the same structure in
both. Since the calls being guarded are "open_...()", "close_...()", use
the "opened" logic structure.
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:22 +0000 (09:07 -0500)]
bridge: vni: Guard close_vni_port() call
Currently, the call to open_vni_port() within print_vnifilter_rtm() is
written in a way that is safe if there is a RTM_{NEW,DEL,GET}TUNNEL message
without any VXLAN_VNIFILTER_ENTRY attribute. However the close_vni_port()
call is written in a way that assumes there is always at least one
VXLAN_VNIFILTER_ENTRY attribute within every RTM_*TUNNEL message. At this
time, this assumption is correct. However, the code should be consistent in
its assumptions. Choose the safe approach and fix the asymmetry between the
open_vni_port() and close_vni_port() calls by guarding the latter call with
a check.
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:21 +0000 (09:07 -0500)]
bridge: vni: Move open_json_object() within print_vni()
print_vni() is used to output one vni or vni range which, in json output
mode, looks like
{
"vni": 100
}
Currently, the closing bracket is handled within the function but the
opening bracket is handled by open_json_object() before calling the
function. For consistency, move the call to open_json_object() within
print_vni().
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:20 +0000 (09:07 -0500)]
bridge: vni: Remove print_vnifilter_rtm_filter()
print_vnifilter_rtm_filter() adds an unnecessary level of indirection so
remove it to simplify the code.
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:19 +0000 (09:07 -0500)]
bridge: vlan: Remove paranoid check
To make the code lighter, remove the check on the actual print_range()
output width. In the odd case that an out-of-range, wide vlan id is
printed, printf() will treat the negative field width as positive and the
output will simply be further misaligned.
Suggested-by: Petr Machata <petrm@nvidia.com> Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:18 +0000 (09:07 -0500)]
bridge: vlan: Use printf() to avoid temporary buffer
Currently, print_vlan_tunnel_info() is first outputting a formatted string
to a temporary buffer in order to use print_string() which can handle json
or normal text mode. Since this specific string is only output in normal
text mode, by calling printf() directly, we can avoid the need to first
output to a temporary string buffer.
Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:17 +0000 (09:07 -0500)]
bridge: vni: Fix vni filter help strings
Add the missing 'vni' subcommand to the top level `bridge help`.
For `bridge vni { add | del } ...`, 'dev' is a mandatory argument.
For `bridge vni show`, 'dev' is an optional argument.
Fixes: 45cd32f9f7d5 ("bridge: vxlan device vnifilter support") Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:15 +0000 (09:07 -0500)]
bridge: vni: Fix duplicate group and remote error messages
Consider the following command with a duplicated "remote" argument:
$ bridge vni add vni 150 remote 10.0.0.1 remote 10.0.0.2 dev vxlan2
Error: argument "remote" is wrong: duplicate group
The error message is misleading because there is no "group" argument. Both
of the "group" and "remote" options specify a destination address and are
mutually exclusive so change the variable name and error messages
accordingly.
The result is:
$ ./bridge/bridge vni add vni 150 remote 10.0.0.1 remote 10.0.0.2 dev vxlan2
Error: duplicate "destination": "10.0.0.2" is the second value.
Fixes: 45cd32f9f7d5 ("bridge: vxlan device vnifilter support") Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Acked-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:14 +0000 (09:07 -0500)]
bridge: vni: Remove dead code in group argument parsing
is_addrtype_inet_not_multi(&daddr) may read an uninitialized "daddr". Even
if that is fixed, the error message that follows cannot be reached because
the situation would be caught by the previous test (group_present).
Therefore, remove this test on daddr.
Fixes: 45cd32f9f7d5 ("bridge: vxlan device vnifilter support") Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Reviewed-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Mon, 11 Dec 2023 14:07:13 +0000 (09:07 -0500)]
bridge: vni: Accept 'del' command
`bridge vni help` shows "bridge vni { add | del } ..." but currently
`bridge vni del ...` errors out unexpectedly:
# bridge vni del
Command "del" is unknown, try "bridge vni help".
Recognize 'del' as a synonym of the original 'delete' command.
Fixes: 45cd32f9f7d5 ("bridge: vxlan device vnifilter support") Reviewed-by: Petr Machata <petrm@nvidia.com> Tested-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Phil Sutter [Fri, 15 Dec 2023 22:19:23 +0000 (23:19 +0100)]
man: Fix malformatted database file locations
The .BR macro does not put spaces in between its arguments. Also it will
apply to all arguments.
Fixes: 0a0a8f12fa1b ("Read configuration files from /etc and /usr") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: 0a0a8f12fa1b ("Read configuration files from /etc and /usr") Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Guillaume Nault [Tue, 19 Dec 2023 13:18:13 +0000 (14:18 +0100)]
ss: Add support for dumping TCP bound-inactive sockets.
Make ss aware of the new "bound-inactive" pseudo-state for TCP (see
Linux commit 91051f003948 ("tcp: Dump bound-only sockets in inet_diag.")).
These are TCP sockets that have been bound, but are neither listening nor
connecting.
With this patch, these sockets can now be dumped with:
* the existing -a (--all) option, to dump all sockets, including
bound-inactive ones,
* the new -B (--bound-inactive) option, to dump them exclusively,
* the new "bound-inactive" state, to be used in a STATE-FILTER.
Note that the SS_BOUND_INACTIVE state is a pseudo-state used for queries
only. The kernel returns them as SS_CLOSE.
The SS_NEW_SYN_RECV pseudo-state is added in this patch only because we
have to set its entry in the sstate_namel array (in scan_state()). Care
is taken not to make it visible by users.
Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Jiri Pirko [Thu, 7 Dec 2023 12:53:51 +0000 (13:53 +0100)]
mnl_utils: sanitize incoming netlink payload size in callbacks
Don't trust the kernel to send payload of certain size. Sanitize that by
checking the payload length in mnlu_cb_stop() and mnlu_cb_error() and
only access the payload if it is of required size.
Note that for mnlu_cb_stop(), this is happening already for example
with devlink resource. Kernel sends NLMSG_DONE with zero size payload.
Fixes: 049c58539f5d ("devlink: mnlg: Add support for extended ack") Fixes: c934da8aaacb ("devlink: mnlg: Catch returned error value of dumpit commands") Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
ss: prevent "Process" column from being printed unless requested
Commit 5883c6eba517 ("ss: show header for --processes/-p") added
"Process" to the list of columns printed by ss. However, the "Process"
header is now printed even if --processes/-p is not used.
This change aims to fix this by moving the COL_PROC column ID to the same
index as the corresponding column structure in the columns array, and
enabling it if --processes/-p is used.
Fixes: 5883c6eba517 ("ss: show header for --processes/-p") Signed-off-by: Quentin Deslandes <qde@naccy.de> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Geliang Tang [Thu, 30 Nov 2023 11:40:36 +0000 (19:40 +0800)]
ss: mptcp: print out subflows_total counter
A new counter mptcpi_subflows_total has been added in mptcpi_flags
to count the total amount of subflows from mptcp_info including the
initial one into kernel in this commit:
Sam James [Sat, 2 Dec 2023 02:47:04 +0000 (02:47 +0000)]
configure: Add _GNU_SOURCE to strlcpy configure test
>=glibc-2.38 adds strlcpy but it's guarded under a feature-test macro. Just
add _GNU_SOURCE to the configure test because we already pass _GNU_SOURCE unconditionally
in the Makefiles when building iproute2.
Signed-off-by: Sam James <sam@gentoo.org> Signed-off-by: David Ahern <dsahern@kernel.org>
The kernel support for creating network devices was added back
in 2007 and iproute2 has been carrying backward compatability
support since then. After 16 years, it is enough time to
drop the code.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Eric Dumazet [Mon, 4 Dec 2023 09:19:11 +0000 (09:19 +0000)]
tc: fq: reports stats added in linux-6.7
Report new fields added in linux-6.7:
- fastpath : Number of packets that have used the fast path.
- band[012]_pkts : Number of packets currently queued per band.
- band[012]_drops : Counters of dropped packets, per band
(only printed if not zero)
Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David Ahern <dsahern@kernel.org>
The kernel support for creating network devices was added back
in 2007 and iproute2 has been carrying backward compatability
support since then. After 16 years, it is enough time to
drop the code.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
David Ahern [Wed, 22 Nov 2023 19:34:01 +0000 (19:34 +0000)]
Merge branch 'parsing-cleanup' into next
Petr Machata says:
====================
Library functions parse_one_of() and parse_on_off() were added about three
years ago to unify all the disparate reimplementations of the same basic
idea. It used the matches() function to determine whether a string under
consideration corresponds to one of the keywords. This reflected many,
though not all cases of on/off parsing at the time.
This decision has some odd consequences. In particular, "o" can be used as
a shorthand for "off", which is not obvious, because "o" is the prefix of
both. By sheer luck, the end result actually makes some sense: "on" means
on, anything else either means off or errors out. Similar issues are in
principle also possible for parse_one_of() uses, though currently this does
not come up.
Ideally parse_on_off() would accept the strings "on" and "off" and no
others.
Patch #1 is a cleanup. Patch #2 is shaping the code for the next patches.
Patch #3 converts parse_on_off() to strcmp(). See the commit message for
the rationale of why the change should be considered acceptable.
We'd ideally do parse_one_of() likewise. But the strings this function
parses tend to be longer, which means more opportunities for typos and more
of a reason to abbreviate things.
So instead, patch #4 adds a function parse_one_of_deprecated() for ip
macsec to use in one place, where these typos are to be expected, and
converts that site to the new function.
Then patch #5 changes the behavior of parse_one_of() to accept prefixes
like it has so far, but to warn that they are deprecated:
# dcb ets set dev swp1 tc-tsa 0:s
WARNING: 's' matches 'strict' by prefix.
Matching by prefix is deprecated in this context, please use the full string.
The idea is that several releases down the line, we might consider
switching over to strcmp(), as presumably enough advance warning will have
been given.
Petr Machata [Wed, 22 Nov 2023 15:23:32 +0000 (16:23 +0100)]
lib: utils: Have parse_one_of() warn about prefix matches
The function parse_one_of() currently uses matches() for string comparison
under the hood. Extending matches()-based parsers is tricky, because newly
added matches might change the way strings are parsed, if the newly-added
string shares a prefix with a string that is matched later in the code.
Therefore in this patch, add a twist to parse_one_of() that partial prefix
matches yield a warning. This will not disturb standard output or the
overall behavior, but will make it obvious that the usage is discouraged
and prompt users to update their scripts and habits.
An example of output:
# dcb ets set dev swp1 tc-tsa 0:s
WARNING: 's' matches 'strict' by prefix.
Matching by prefix is deprecated in this context, please use the full string.
Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Petr Machata [Wed, 22 Nov 2023 15:23:31 +0000 (16:23 +0100)]
lib: utils: Introduce parse_one_of_deprecated()
The function parse_one_of() currently uses matches() for string comparison
under the hood. Extending matches()-based parsers is tricky, because newly
added matches might change the way strings are parsed, if the newly-added
string shares a prefix with a string that is matched later in the code.
In this patch, introduce a new function, parse_one_of_deprecated(). This
will be currently synonymous with parse_one_of(), however the latter will
change behavior in the next patch.
Use the new function for parsing of the macsec "validate" option. The
reason is that the valid strings for that option are "disabled", "check"
and "strict". It is not hard to see how "disabled" could be misspelled as
"disable", and be baked in some script in this form.
Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Petr Machata [Wed, 22 Nov 2023 15:23:30 +0000 (16:23 +0100)]
lib: utils: Convert parse_on_off() to strcmp()
The function parse_on_off() currently uses matches() for string comparison
under the hood. This has some odd consequences. In particular, "o" can be
used as a shorthand for "off", which is not obvious, because "o" is the
prefix of both. In this patch, change parsing to strcmp(). This is a
breaking change. The following paragraphs give arguments for why it should
be considered acceptable.
First and foremost: on/off are very short strings that it makes practically
no sense to shorten. Since "o" is the universal prefix, the only
unambiguous shortening is "of" for "off". It is doubtful that anyone would
intentionally decide to save typing of the second "f" when they already
typed the first. It also seems unlikely that the typo of "of" for "off"
would not be caught immediately, as missing a third of the word length
would likely be noticed. In other words, it seems improbable that the
abbreviated variants are used, intentionally or by mistake.
Commit 9262ccc3ed32 ("bridge: link: Port over to parse_on_off()") and
commit 3e0d2a73ba06 ("ip: iplink_bridge_slave: Port over to
parse_on_off()") converted several sites from open-coding strcmp()-based
on/off parsing to parse_on_off(), which is itself based on matches(). This
made the list of permissible strings more generic, but the behavior was
exact match to begin with, and this patch restores it.
Commit 5f685d064b03 ("ip: iplink: Convert to use parse_on_off()") has
changed from matches()-based parsing, which however had branches in the
other order, and "o" would parse to mean on. This indicates that at least
in this context, people were not using the shorthand of "o" or the commit
would have broken their use case. This supports the thesis that the
abbreviations are not really used for on/off parsing.
For completeness, commit 82604d28525a ("lib: Add parse_one_of(),
parse_on_off()") introduced parse_on_off(), converting several users in the
ip link macsec code in the process. Those users have always used matches(),
and had branches in the same order as the newly-introduced parse_on_off().
A survey of selftests and documentation of Linux kernel (by way of git
grep), has not discovered any cases of the involved options getting
arguments other than the exact strings on and off.
Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Petr Machata [Wed, 22 Nov 2023 15:23:29 +0000 (16:23 +0100)]
lib: utils: Generalize parse_one_of()
The following patch will change the way parse_one_of() and parse_on_off()
parse the strings they are given. To prepare for this change, extract from
parse_one_of() the functional core, which express in terms of a
configurable matcher, a pointer to a function that does the string
comparison. Then rewrite parse_one_of() and parse_on_off() as wrappers that
just pass matches() as the matcher, thereby maintaining the same behavior
as they currently have.
Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Petr Machata [Wed, 22 Nov 2023 15:23:28 +0000 (16:23 +0100)]
lib: utils: Switch matches() to returning int again
Since commit 1f420318bda3 ("utils: don't match empty strings as prefixes")
the function has pretended to return a boolean. But every user expects it
to return zero on success and a non-zero value on failure, like strcmp().
Even the function itself actually returns "true" to mean "no match". This
only makes sense if one considers a boolean to be a one-bit unsigned
integer with no inherent meaning, which I do not think is reasonable.
Switch the prototype back to int, and return 1 instead of true.
Cc: Matteo Croce <mcroce@redhat.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Daniel Borkmann [Mon, 20 Nov 2023 23:33:41 +0000 (00:33 +0100)]
ip, link: Add support for netkit
Add base support for creating/dumping netkit devices.
Minimal example usage:
# ip link add type netkit
# ip -d a
[...]
7: nk0@nk1: <BROADCAST,MULTICAST,NOARP,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
netkit mode l3 type peer policy forward numtxqueues 1 numrxqueues 1 [...]
8: nk1@nk0: <BROADCAST,MULTICAST,NOARP,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
netkit mode l3 type primary policy forward numtxqueues 1 numrxqueues 1 [...]
Example usage with netns (for BPF examples, see BPF selftests linked below):
# ip netns add blue
# ip link add nk0 type netkit peer nk1 netns blue
# ip link set up nk0
# ip addr add 10.0.0.1/24 dev nk0
# ip -n blue link set up nk1
# ip -n blue addr add 10.0.0.2/24 dev nk1
# ping -c1 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.021 ms
Example usage with L2 mode and peer blackholing when no BPF is attached:
# ip link add foo type netkit mode l2 forward peer blackhole bar
# ip -d a
[...]
13: bar@foo: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 5e:5b:81:17:02:27 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
netkit mode l2 type peer policy blackhole numtxqueues 1 numrxqueues 1 [...]
14: foo@bar: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether de:01:a5:88:9e:99 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
netkit mode l2 type primary policy forward numtxqueues 1 numrxqueues 1 [...]
Debian is now more picky about man pages.
Need to tell man command that tbl is being used on a man page now.
Also, font macros need to have proper font.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Rather than doing goto back into the middle of an earlier
if() statement. Move the error returns to the end of the functions
to follow kernel coding practice.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
heminhong [Thu, 16 Nov 2023 03:13:08 +0000 (11:13 +0800)]
iproute2: prevent memory leak
When the return value of rtnl_talk() is not less than 0,
'answer' will be allocated. The 'answer' should be free
after using, otherwise it will cause memory leak.
Fixes: a066cc6623e1 ("gre/gre6: Unify local/remote endpoint address parsing") Signed-off-by: heminhong <heminhong@kylinos.cn> Reviewed-by: Andrea Claudi <aclaudi@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Wed, 15 Nov 2023 17:25:35 +0000 (18:25 +0100)]
Makefile: use /usr/share/iproute2 for config files
According to FHS:
"/usr/lib includes object files and libraries. On some systems, it may
also include internal binaries that are not intended to be executed
directly by users or shell scripts."
A better directory to store config files is /usr/share:
"The /usr/share hierarchy is for all read-only architecture independent
data files.
This hierarchy is intended to be shareable among all architecture
platforms of a given OS; thus, for example, a site with i386, Alpha, and
PPC platforms might maintain a single /usr/share directory that is
centrally-mounted."
Accordingly, move configuration files to $(DATADIR)/iproute2.
Fixes: 946753a4459b ("Makefile: ensure CONF_USR_DIR honours the libdir config") Reported-by: Luca Boccassi <luca.boccassi@gmail.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Luca Boccassi <bluca@debian.org> Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
David Ahern [Sat, 11 Nov 2023 17:33:34 +0000 (17:33 +0000)]
Merge branch 'devlink-instances' into next
Jiri Pirko says:
====================
Print out recently added attributes that expose relationships between
devlink instances. This patchset extends the outputs by
"nested_devlink" attributes.
Jiri Pirko [Tue, 7 Nov 2023 08:06:05 +0000 (09:06 +0100)]
devlink: introduce support for netns id for nested handle
Nested handle may contain DEVLINK_ATTR_NETNS_ID attribute that indicates
the network namespace where the nested devlink instance resides. Process
this converting to netns name if possible and print to user.
Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Jiri Pirko [Tue, 7 Nov 2023 08:06:04 +0000 (09:06 +0100)]
devlink: extend pr_out_nested_handle() to print object
For existing pr_out_nested_handle() user (line card), the output stays
the same. For the new users, introduce __pr_out_nested_handle()
to allow to print devlink instance as object allowing to carry
attributes in it (like netns).
Note that as __pr_out_handle_start() and pr_out_handle_end() are newly
used, the function is moved below the definitions.
Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Jiri Pirko [Tue, 7 Nov 2023 08:06:01 +0000 (09:06 +0100)]
ip/ipnetns: move internals of get_netnsid_from_name() into namespace.c
In order to be able to reuse get_netnsid_from_name() function outside of
ip code, move the internals to lib/namespace.c to a new function called
netns_id_from_name().
Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Luca Boccassi [Mon, 6 Nov 2023 00:14:10 +0000 (00:14 +0000)]
Revert "Makefile: ensure CONF_USR_DIR honours the libdir config"
LIBDIR in Debian and derivatives is not /usr/lib/, it's
/usr/lib/<architecture triplet>/, which is different, and it's the
wrong location where to install architecture-independent default
configuration files, which should always go to /usr/lib/ instead.
Installing these files to the per-architecture directory is not
the right thing, hence revert the change.
Ido Schimmel [Wed, 1 Nov 2023 07:45:10 +0000 (09:45 +0200)]
bridge: mdb: Add get support
Implement MDB get functionality, allowing user space to query a single
MDB entry from the kernel instead of dumping all the entries. Example
usage:
# bridge mdb add dev br0 port swp1 grp 239.1.1.1 vid 10
# bridge mdb add dev br0 port swp2 grp 239.1.1.1 vid 10
# bridge mdb add dev br0 port swp2 grp 239.1.1.5 vid 10
# bridge mdb get dev br0 grp 239.1.1.1 vid 10
dev br0 port swp1 grp 239.1.1.1 temp vid 10
dev br0 port swp2 grp 239.1.1.1 temp vid 10
# bridge -j -p mdb get dev br0 grp 239.1.1.1 vid 10
[ {
"index": 10,
"dev": "br0",
"port": "swp1",
"grp": "239.1.1.1",
"state": "temp",
"flags": [ ],
"vid": 10
},{
"index": 10,
"dev": "br0",
"port": "swp2",
"grp": "239.1.1.1",
"state": "temp",
"flags": [ ],
"vid": 10
} ]
# bridge mdb get dev br0 grp 239.1.1.1 vid 20
Error: bridge: MDB entry not found.
# bridge mdb get dev br0 grp 239.1.1.2 vid 10
Error: bridge: MDB entry not found.
Signed-off-by: Ido Schimmel <idosch@nvidia.com> Acked-by: Nikolay Aleksandrov <razor@blackwall.org> Signed-off-by: David Ahern <dsahern@kernel.org>