Andrea Claudi [Sun, 23 Oct 2022 15:37:11 +0000 (17:37 +0200)]
testsuite: fix build failure
After commit 6c09257f1bf6 ("rtnetlink: add new function
rtnl_echo_talk()") "make check" results in:
$ make check
make -C testsuite
make -C iproute2 configure
make -C testsuite alltests
make -C tools
CC generate_nlmsg
/usr/bin/ld: /tmp/cc6YaGBM.o: in function `rtnl_echo_talk':
libnetlink.c:(.text+0x25bd): undefined reference to `new_json_obj'
/usr/bin/ld: libnetlink.c:(.text+0x25c7): undefined reference to `open_json_object'
/usr/bin/ld: libnetlink.c:(.text+0x25e3): undefined reference to `close_json_object'
/usr/bin/ld: libnetlink.c:(.text+0x25e8): undefined reference to `delete_json_obj'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:6: generate_nlmsg] Error 1
make[1]: *** [Makefile:40: generate_nlmsg] Error 2
make: *** [Makefile:130: check] Error 2
This is due to json function calls included in libutil and not in
libnetlink. Fix this adding libutil.a to the tools Makefile, and linking
against libcap as required by libutil itself.
Fixes: 6c09257f1bf6 ("rtnetlink: add new function rtnl_echo_talk()") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Matthieu Baerts [Mon, 17 Oct 2022 17:03:08 +0000 (19:03 +0200)]
ss: re-add TIPC query support
TIPC support has been introduced in 'iproute-master' (not -next) in
commit 5caf79a0 ("ss: Add support for TIPC socket diag in ss tool"), at
the same time a refactoring introducing filter_db_parse() was done, see
commit 67d5fd55 ("ss: Put filter DB parsing into a separate function")
from iproute2-next.
When the two commits got merged, the support for TIPC has been
apparently accidentally dropped.
This simply adds the missing entry for TIPC.
Fixes: 2c62a64d ("Merge branch 'iproute2-master' into iproute2-next") Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Matthieu Baerts [Mon, 17 Oct 2022 17:03:06 +0000 (19:03 +0200)]
ss: man: add missing entries for TIPC
'ss -h' was mentioning TIPC but not the man page.
Fixes: 5caf79a0 ("ss: Add support for TIPC socket diag in ss tool") Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Junxin Chen [Wed, 19 Oct 2022 01:20:08 +0000 (09:20 +0800)]
dcb: unblock mnl_socket_recvfrom if not message received
Currently, the dcb command sinks to the kernel through the netlink
to obtain information. However, if the kernel fails to obtain infor-
mation or is not processed, the dcb command is suspended.
For example, if we don't implement dcbnl_ops->ieee_getpfc in the
kernel, the command "dcb pfc show dev eth1" will be stuck and subsequent
commands cannot be executed.
This patch adds the NLM_F_ACK flag to the netlink in mnlu_msg_prepare
to ensure that the kernel responds to user requests.
After the problem is solved, the execution result is as follows:
$ dcb pfc show dev eth1
Attribute not found: Success
Fixes: 67033d1c1c8a ("Add skeleton of a new tool, dcb") Signed-off-by: Junxin Chen <chenjunxin1@huawei.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Vincent Mailhol [Mon, 10 Oct 2022 14:16:38 +0000 (23:16 +0900)]
iplink_can: add missing `]' of the bitrate, dbitrate and termination arrays
The command "ip --details link show canX" misses the closing bracket
`]' of the bitrate, the dbitrate and the termination arrays. The --json
output is not impacted.
Change the first argument of close_json_array() from PRINT_JSON to
PRINT_ANY to fix the problem. The second argument was already set
correctly.
Fixes: 67f3c7a5cc0d ("iplink_can: use PRINT_ANY to factorize code and fix signedness") Reported-by: Marc Kleine-Budde <mkl@pengutronix.de> Acked-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Andrea Claudi [Tue, 4 Oct 2022 14:25:03 +0000 (16:25 +0200)]
man: ss.8: fix a typo
Fixes: f76ad635f21d ("man: break long lines in man page sources") Reported-by: Prijesh Patel <prpatel@redhat.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Eyal Birger [Mon, 3 Oct 2022 09:12:12 +0000 (12:12 +0300)]
ip: xfrm: support adding xfrm metadata as lwtunnel info in routes
Support for xfrm metadata as lwtunnel metadata was added in kernel commit 2c2493b9da91 ("xfrm: lwtunnel: add lwtunnel support for xfrm interfaces in collect_md mode")
This commit adds the respective support in lwt routes.
Example use (consider ipsec1 as an xfrm interface in "external" mode):
ip route add 10.1.0.0/24 dev ipsec1 encap xfrm if_id 1
Or in the context of vrf, one can also specify the "link" property:
ip route add 10.1.0.0/24 dev ipsec1 encap xfrm if_id 1 link_dev eth15
Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Ido Schimmel [Sat, 1 Oct 2022 14:35:51 +0000 (17:35 +0300)]
iplink_bridge: Add no_linklocal_learn option support
Kernel commit 70e4272b4c81 ("net: bridge: add no_linklocal_learn bool
option") added the no_linklocal_learn bridge option that can be set via
sysfs or netlink.
Add iproute2 support, allowing it to query and set the option via
netlink.
The option is useful, for example, in scenarios where we want the bridge
to be able to refresh dynamic FDB entries that were added by user space
and are pointing to locked bridge ports, but do not want the bridge to
populate its FDB from EAPOL frames used for authentication.
Example:
$ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]"
0
$ cat /sys/class/net/br0/bridge/no_linklocal_learn
0
# ip link set dev br0 type bridge no_linklocal_learn 1
$ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]"
1
$ cat /sys/class/net/br0/bridge/no_linklocal_learn
1
# ip link set dev br0 type bridge no_linklocal_learn 0
$ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]"
0
$ cat /sys/class/net/br0/bridge/no_linklocal_learn
0
Signed-off-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Doing make check on iproute2 runs several checks including man page
checks for common errors. Recent addition of linecard support to
devlink introduced this error.
Checking manpages for syntax errors...
an-old.tmac: <standard input>: line 31: 'R' is a string (producing the registered sign), not a macro.
Error in devlink-lc.8
Fixes: 4cb0bec3744a ("devlink: add support for linecard show and type set") Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Thu, 22 Sep 2022 06:19:38 +0000 (15:19 +0900)]
ip-monitor: Fix the selection of rtnl groups when listening for all object types
Currently, when using `ip monitor`, family-specific rtnl multicast groups
(ex. RTNLGRP_IPV4_IFADDR) are used when specifying the '-family' option (or
one of its short forms) and an object type is specified (ex. `ip -4 monitor
addr`) but not when listening for changes to all object types (ex. `ip -4
monitor`). In that case, multicast groups for all families, regardless of
the '-family' option, are used. Depending on the object type, this leads to
ignoring the '-family' selection (MROUTE, ADDR, NETCONF), or printing stray
prefix headers with no event (ROUTE, RULE).
Rewrite the parameter parsing code so that per-family rtnl multicast groups
are selected in all cases.
The issue can be witnessed while running `ip -4 monitor label` at the same
time as the following command:
ip link add dummy0 address 02:00:00:00:00:01 up type dummy
The output includes:
[ROUTE][ROUTE][ADDR]9: dummy0 inet6 fe80::ff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
Notice the stray "[ROUTE]" labels (related to filtered out ipv6 routes) and
the ipv6 ADDR entry. Those do not appear if using `ip -4 monitor label
route address`.
Fixes: aba5acdfdb34 ("(Logical change 1.3)") Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Thu, 22 Sep 2022 06:19:37 +0000 (15:19 +0900)]
ip-monitor: Include stats events in default and "all" cases
It seems that stats were omitted from `ip monitor` and `ip monitor all`.
Since all other event types are included, include stats as well. Use the
same logic as for nexthops.
Fixes: a05a27c07cbf ("ipmonitor: Add monitoring support for stats events") Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Thu, 22 Sep 2022 06:19:35 +0000 (15:19 +0900)]
bridge: Do not print stray prefixes in monitor mode
When using `bridge monitor` with the '-timestamp' option or the "all"
parameter, prefixes are printed before the actual event descriptions.
Currently, those prefixes are printed for each netlink message that's
received. However, some netlink messages do not lead to an event
description being printed. That's usually because a message is not related
to AF_BRIDGE. This results in stray prefixes being printed.
Restructure accept_msg() and its callees such that prefixes are only
printed after a message has been checked for eligibility.
The issue can be witnessed using the following commands:
ip link add dummy0 type dummy
# Start `bridge monitor all` now in another terminal.
# Cause a stray "[LINK]" to be printed (family 10).
# It does not appear yet because the output is line buffered.
ip link set dev dummy0 up
# Cause a stray "[NEIGH]" to be printed (family 2).
ip neigh add 10.0.0.1 lladdr 02:00:00:00:00:01 dev dummy0
# Cause a genuine entry to be printed, which flushes the previous
# output.
bridge fdb add 02:00:00:00:00:01 dev dummy0
# We now see:
# [LINK][NEIGH][NEIGH]02:00:00:00:00:01 dev dummy0 self permanent
Fixes: d04bc300c3e3 ("Add bridge command") Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Hangbin Liu [Thu, 29 Sep 2022 08:10:16 +0000 (16:10 +0800)]
rtnetlink: add new function rtnl_echo_talk()
Add a new function rtnl_echo_talk() that could be used when the
sub-component supports NLM_F_ECHO flag. With this function we can
remove the redundant code added by commit b264b4c6568c7 ("ip: add
NLM_F_ECHO support").
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Hangbin Liu [Tue, 27 Sep 2022 10:21:07 +0000 (18:21 +0800)]
tc/tc_monitor: print netlink extack message
Upstream commit "sched: add extack for tfilter_notify" will make
tc event contain extack message, which could be used for logging
offloading failures. Let's print the extack message in tc monitor.
e.g.
# tc monitor
added chain dev enp3s0f1np1 parent ffff: chain 0
added filter dev enp3s0f1np1 ingress protocol all pref 49152 flower chain 0 handle 0x1
ct_state +trk+new
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1
Warning: mlx5_core: matching on ct_state +new isn't supported.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Hangbin Liu [Tue, 27 Sep 2022 10:21:06 +0000 (18:21 +0800)]
libnetlink: add offset for nl_dump_ext_ack_done
There is no rule to have an error code after NLMSG_DONE msg. The only reason
we has this offset is that kernel function netlink_dump_done() has an error
code followed by the netlink message header.
Making nl_dump_ext_ack_done() has an offset parameter. So we can adjust
this for NLMSG_DONE message without error code.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Vladimir Oltean [Thu, 22 Sep 2022 22:06:55 +0000 (01:06 +0300)]
ip link: add sub-command to view and change DSA conduit interface
Support the "dsa" kind of rtnl_link_ops exported by the kernel, and
export reads/writes to IFLA_DSA_MASTER.
Examples:
$ ip link set swp0 type dsa conduit eth1
$ ip -d link show dev swp0
(...)
dsa conduit eth0
$ ip -d -j link show swp0
[
{
"link": "eth1",
"linkinfo": {
"info_kind": "dsa",
"info_data": {
"conduit": "eth1"
}
},
}
]
Note that by construction and as shown in the example, the IFLA_LINK
reported by a DSA user port is identical to what is reported through
IFLA_DSA_MASTER. However IFLA_LINK is not writable, and overloading its
meaning to make it writable would clash with other users of IFLA_LINK
(vlan etc) for which writing this property does not make sense.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Nicolas Dichtel [Mon, 19 Sep 2022 08:31:36 +0000 (10:31 +0200)]
link: display 'allmulti' counter
This counter is based on the same principle that the 'promiscuity' counter:
the flag ALLMULTI is displayed only when it is explicitly requested by the
userland. This counter enables to know if 'allmulti' is configured on an
interface.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Hangbin Liu [Fri, 16 Sep 2022 03:34:28 +0000 (11:34 +0800)]
ip: add NLM_F_ECHO support
When user space configures the kernel with netlink messages, it can set the
NLM_F_ECHO flag to request the kernel to send the applied configuration back
to the caller. This allows user space to retrieve configuration information
that are filled by the kernel (either because these parameters can only be
set by the kernel or because user space let the kernel choose a default
value).
NLM_F_ACK is also supplied incase the kernel doesn't support NLM_F_ECHO
and we will wait for the reply forever. Just like the update in
iplink.c, which I plan to post a patch to kernel later.
A new parameter -echo is added when user want to get feedback from kernel.
e.g.
# ip -echo addr add 192.168.0.1/24 dev eth1
3: eth1 inet 192.168.0.1/24 scope global eth1
valid_lft forever preferred_lft forever
# ip -j -p -echo addr del 192.168.0.1/24 dev eth1
[ {
"deleted": true,
"index": 3,
"dev": "eth1",
"family": "inet",
"local": "192.168.0.1",
"prefixlen": 24,
"scope": "global",
"label": "eth1",
"valid_life_time": 4294967295,
"preferred_life_time": 4294967295
} ]
Suggested-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Paolo Lungaroni [Mon, 12 Sep 2022 17:39:23 +0000 (19:39 +0200)]
seg6: add support for flavors in SRv6 End* behaviors
As described in RFC 8986 [1], processing operations carried out by SRv6
End, End.X and End.T (End* for short) behaviors can be modified or
extended using the "flavors" mechanism. This patch adds the support for
PSP,USP,USD flavors (defined in [1]) and for NEXT-C-SID flavor (defined
in [2]) in SRv6 End* behaviors. Specifically, we add a new optional
attribute named "flavors" that can be leveraged by the user to enable
specific flavors while creating an SRv6 End* behavior instance.
Multiple flavors can be specified together by separating them using
commas.
If a specific flavor (or a combination of flavors) is not supported by the
underlying Linux kernel, an error message is reported to the user and the
creation of the specific behavior instance is aborted.
When the flavors attribute is omitted, the regular SRv6 End* behavior is
performed.
Flavors such as PSP, USP and USD do not accept additional configuration
attributes. Conversely, the NEXT-C-SID flavor can be configured to support
user-provided Locator-Block and Locator-Node Function lengths using,
respectively, the lblen and the nflen attributes.
Both lblen and nflen values must be evenly divisible by 8 and their sum
must not exceed 128 bit (i.e. the C-SID container size).
If the lblen attribute is omitted, the default value chosen by the Linux
kernel is 32-bit. If the nflen attribute is omitted, the default value
chosen by the Linux kernel is 16-bit.
Some examples:
ip -6 route add 2001:db8::1 encap seg6local action End flavors next-csid dev eth0
ip -6 route add 2001:db8::2 encap seg6local action End flavors next-csid lblen 48 nflen 16 dev eth0
Standard Output:
ip -6 route show 2001:db8::2
2001:db8::2 encap seg6local action End flavors next-csid lblen 48 nflen 16 dev eth0 metric 1024 pref medium
Emeel Hakim [Sun, 11 Sep 2022 09:26:56 +0000 (12:26 +0300)]
macsec: add user manual description for extended packet number feature
Update the user manual describing how to use extended packet number (XPN)
feature for macsec. As part of configuring XPN, providing ssci and salt is
required hence update user manual on how to provide the above as part of
the ip macsec command.
Signed-off-by: Emeel Hakim <ehakim@nvidia.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David Ahern <dsahern@kernel.org>
Emeel Hakim [Sun, 11 Sep 2022 09:26:55 +0000 (12:26 +0300)]
macsec: add Extended Packet Number support
This patch adds support for extended packet number (XPN).
XPN can be configured by passing 'cipher gcm-aes-xpn-128' as part of
the ip link add command using macsec type.
In addition, using 'xpn' keyword instead of the 'pn', passing a 12
bytes salt using the 'salt' keyword and passing short secure channel
id (ssci) using the 'ssci' keyword as part of the ip macsec command
is required (see example).
e.g:
create a MACsec device on link eth0 with enabled xpn
# ip link add link eth0 macsec0 type macsec port 11
encrypt on cipher gcm-aes-xpn-128
Jacob Keller [Fri, 26 Aug 2022 18:17:41 +0000 (11:17 -0700)]
utils: extract CTRL_ATTR_MAXATTR and save it
mnlu_gen_socket_open opens a socket and configures it for use with a
generic netlink family. As part of this process it sends a
CTRL_CMD_GETFAMILY to get the ID for the family name requested.
In addition to the family id, this command reports a few other useful
values including the maximum attribute. The maximum attribute is useful in
order to know whether a given attribute is supported and for knowing the
necessary size to allocate for other operations such as policy dumping.
Since we already have to issue a CTRL_CMD_GETFAMILY to get the id, we can
also store the maximum attribute as well. Modify the callback functions to
parse the maximum attribute NLA and store it in the mnlu_gen_socket
structure.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Jacob Keller [Fri, 26 Aug 2022 18:17:40 +0000 (11:17 -0700)]
mnlg: remove unnused mnlg_socket structure
Commit 62ff25e51bb6 ("devlink: Use generic socket helpers from library")
removed all of the users of struct mnlg_socket, but didn't remove the
structure itself. Fix that.
Fixes: 62ff25e51bb6 ("devlink: Use generic socket helpers from library") Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Now that it is possible to flash multiple devlink instances in parallel,
the notification processing callback needs to count in the fact that it
receives message that belongs to different devlink instance. So handle
the it gracefully and don't error out.
Jiri Pirko [Thu, 25 Aug 2022 08:04:19 +0000 (10:04 +0200)]
devlink: load port-ifname map on demand
So far, the port-ifname map was loaded during devlink init
no matter if actually needed or not. Port dump cmd which is utilized
for this in kernel takes lock for every devlink instance.
That may lead to unnecessary blockage of command.
Load the map only in time it is needed to lookup ifname.
Signed-off-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
David Ahern [Wed, 24 Aug 2022 15:54:16 +0000 (08:54 -0700)]
Merge branch 'devlink-rm-dl_argv_parse_put' into next
Jacob Keller says:
====================
This series removes the dl_argv_parse_put function which both parses the
command line arguments and places them into the netlink header.
This was originally sent as an RFC at
https://lore.kernel.org/netdev/20220805234155.2878160-1-jacob.e.keller@intel.com/
Since there is some ongoing work around policy code being generated from
YAML, I thought it best to wait on the devlink policy portion of this series
for now.
Jiri mentioned he wanted to base some work on top of this, so I am sending
just the cleanup patches.
The primary motivation for this is due to the fact that dl_argv_parse_put
requires a netlink header, meaning a command must have already been
prepared. This prevents addition of a different netlink command to get the
policy data, and thus prevents us from using this variant while checking
netlink policy.
Jacob Keller [Thu, 18 Aug 2022 21:15:21 +0000 (14:15 -0700)]
devlink: remove dl_argv_parse_put
The dl_argv_parse_put function is used to extract arguments from the
command line and convert them to the appropriate netlink attributes. This
function is a combination of calling dl_argv_parse and dl_put_opts.
A future change is going to refactor dl_argv_parse to check the kernel's
netlink policy for the command. This requires issuing another netlink
message which requires calling dl_argv_parse before
mnlu_gen_socket_cmd_prepare. Otherwise, the get policy command issued in
dl_argv_parse would overwrite the prepared buffer.
This conflicts with dl_argv_parse_put which requires being called after
mnlu_gen_socket_cmd_prepare.
Remove dl_argv_parse_put and replace it with appropriate calls to
dl_argv_parse and dl_put_opts. This allows us to ensure dl_argv_parse is
called before mnlu_gen_socket_cmd_prepare while dl_put_opts is called
afterwards.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Jiri Pirko [Tue, 9 Aug 2022 13:17:30 +0000 (15:17 +0200)]
devlink: expose nested devlink for a line card object
If line card object contains a nested devlink, expose it.
Example:
$ devlink lc show pci/0000:01:00.0 lc 1
pci/0000:01:00.0:
lc 1 state active type 16x100G nested_devlink auxiliary/mlxsw_core.lc.0
supported_types:
16x100G
$ devlink dev show auxiliary/mlxsw_core.lc.0
auxiliary/mlxsw_core.lc.0
Vikas Gupta [Thu, 4 Aug 2022 09:18:02 +0000 (14:48 +0530)]
devlink: add support for running selftests
Add commands and helper APIs to run selftests.
Include a selftest id for a non volatile memory i.e. flash.
Also, update the man page and bash-completion for selftests
commands.
Examples:
$ devlink dev selftests run pci/0000:03:00.0 id flash
pci/0000:03:00.0:
flash:
status passed
$ devlink dev selftests show pci/0000:03:00.0
pci/0000:03:00.0
flash
$ devlink dev selftests show pci/0000:03:00.0 -j
{"selftests":{"pci/0000:03:00.0":["flash"]}}
$ devlink dev selftests run pci/0000:03:00.0 id flash -j
{"selftests":{"pci/0000:03:00.0":{"flash":{"status":"passed"}}}}
Paolo Lungaroni [Wed, 27 Jul 2022 18:59:15 +0000 (20:59 +0200)]
seg6: add support for SRv6 Headend Reduced Encapsulation
This patch adds the support for the reduced version of the H.Encaps and
H.L2Encaps behaviors as defined in RFC 8986 [1].
H.Encaps.Red and H.L2Encaps.Red SRv6 behaviors are an optimization of the
H.Encaps and H.L2Encaps aiming to reduce the length of the SID List carried
in the pushed SRH. Specifically, the reduced version of the behaviors
removes the first SID contained in the SID List (i.e. SRv6 Policy) by
storing it into the IPv6 Destination Address. When SRv6 Policy is made of
only one SID, the reduced version of the behaviors omits the SRH at all and
pushes that SID directly into the IPv6 DA.
Some examples:
ip -6 route add 2001:db8::1 encap seg6 mode encap.red segs fcf0:1::e,fcf0:2::d6 dev eth0
ip -6 route add 2001:db8::2 encap seg6 mode l2encap.red segs fcf0:1::d2 dev eth0
Standard Output:
ip -6 route show 2001:db8::1
2001:db8::1 encap seg6 mode encap.red segs 2 [ fcf0:1::e fcf0:2::d6 ] dev eth0 metric 1024 pref medium
David Ahern [Fri, 29 Jul 2022 17:25:14 +0000 (11:25 -0600)]
Merge branch 'pppoe-in-flower' into next
Wojciech Drewek says:
====================
This patchset implements support for matching
on PPPoE specific fields using tc-flower.
First patch introduces small refactor which allows
to use same mechanism of finding protocol for
both ppp and ether protocols. Second patch
adds support for parsing ppp protocols.
Last patch is about parsing PPPoE fields.
Wojciech Drewek [Fri, 29 Jul 2022 08:50:35 +0000 (10:50 +0200)]
f_flower: Introduce PPPoE support
Introduce PPPoE specific fields in tc-flower:
- session id (16 bits)
- ppp protocol (16 bits)
Those fields can be provided only when protocol was set to
ETH_P_PPP_SES. ppp_proto works similar to vlan_ethtype, i.e.
ppp_proto overwrites eth_type. Thanks to that, fields from
encapsulated protocols (such as src_ip) can be specified.
e.g.
# tc filter add dev ens6f0 ingress prio 1 protocol ppp_ses \
flower \
pppoe_sid 1234 \
ppp_proto ip \
dst_ip 127.0.0.1 \
src_ip 127.0.0.2 \
action drop
Vlan and cvlan is also supported, in this case cvlan_ethtype
or vlan_ethtype has to be set to ETH_P_PPP_SES.
e.g.
# tc filter add dev ens6f0 ingress prio 1 protocol 802.1Q \
flower \
vlan_id 2 \
vlan_ethtype ppp_ses \
pppoe_sid 1234 \
ppp_proto ip \
dst_ip 127.0.0.1 \
src_ip 127.0.0.2 \
action drop
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com> Acked-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Wojciech Drewek [Fri, 29 Jul 2022 08:50:34 +0000 (10:50 +0200)]
lib: Introduce ppp protocols
PPP protocol field uses different values than ethertype. Introduce
utilities for translating PPP protocols from strings to values
and vice versa. Use generic API from utils in order to get
proto id and name.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com> Acked-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Wojciech Drewek [Fri, 29 Jul 2022 08:50:33 +0000 (10:50 +0200)]
lib: refactor ll_proto functions
Move core logic of ll_proto_n2a and ll_proto_a2n
to utils.c and make it more generic by allowing to
pass table of protocols as argument (proto_tb).
Introduce struct proto with protocol ID and name to
allow this. This wil allow to use those functions by
other use cases.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com> Acked-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David Ahern <dsahern@kernel.org>
devlink: add support for linecard show and type set
Introduce a new object "lc" to add devlink support for line cards with
two commands:
show - to get the info about the line card state, list of supported
types as reported by kernel/driver.
set - to set/clear the line card type.
Example:
$ devlink lc
pci/0000:01:00.0:
lc 1 state unprovisioned
supported_types:
16x100G
lc 2 state unprovisioned
supported_types:
16x100G
lc 3 state unprovisioned
supported_types:
16x100G
lc 4 state unprovisioned
supported_types:
16x100G
lc 5 state unprovisioned
supported_types:
16x100G
lc 6 state unprovisioned
supported_types:
16x100G
lc 7 state unprovisioned
supported_types:
16x100G
lc 8 state unprovisioned
supported_types:
16x100G
To provision the slot #8:
$ devlink lc set pci/0000:01:00.0 lc 8 type 16x100G
$ devlink lc show pci/0000:01:00.0 lc 8
pci/0000:01:00.0:
lc 8 state active type 16x100G
supported_types:
16x100G
Benjamin Poirier [Sun, 10 Jul 2022 23:52:54 +0000 (08:52 +0900)]
ip neigh: Fix memory leak when doing 'get'
With the following command sequence:
ip link add dummy0 type dummy
ip neigh add 192.168.0.1 dev dummy0
ip neigh get 192.168.0.1 dev dummy0
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x17A0EC: rtnl_recvmsg (libnetlink.c:838)
by 0x17A3D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x17B894: __rtnl_talk (libnetlink.c:1141)
by 0x17B894: rtnl_talk (libnetlink.c:1147)
by 0x12E49B: ipneigh_get (ipneigh.c:728)
by 0x1174CB: do_cmd (ip.c:136)
by 0x116F7C: main (ip.c:324)
Free the answer obtained from rtnl_talk().
Fixes: 62842362370b ("ipneigh: neigh get support") Suggested-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Sun, 10 Jul 2022 23:52:53 +0000 (08:52 +0900)]
mptcp: Fix memory leak when getting limits
When running the command `ip mptcp limits` under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 1 of 1
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x17A0BC: rtnl_recvmsg (libnetlink.c:838)
by 0x17A3A1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x17B864: __rtnl_talk (libnetlink.c:1141)
by 0x17B864: rtnl_talk (libnetlink.c:1147)
by 0x16837D: mptcp_limit_get_set (ipmptcp.c:436)
by 0x1174CB: do_cmd (ip.c:136)
by 0x116F7C: main (ip.c:324)
Free the answer obtained from rtnl_talk().
Fixes: 7e0767cd862b ("add support for mptcp netlink interface") Suggested-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Sun, 10 Jul 2022 23:52:52 +0000 (08:52 +0900)]
mptcp: Fix memory leak when doing 'endpoint show'
With the following command sequence:
ip mptcp endpoint add 127.0.0.1 id 1
ip mptcp endpoint show id 1
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x17A0AC: rtnl_recvmsg (libnetlink.c:838)
by 0x17A391: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x17B854: __rtnl_talk (libnetlink.c:1141)
by 0x17B854: rtnl_talk (libnetlink.c:1147)
by 0x168A56: mptcp_addr_show (ipmptcp.c:334)
by 0x1174CB: do_cmd (ip.c:136)
by 0x116F7C: main (ip.c:324)
Free the answer obtained from rtnl_talk().
Fixes: 7e0767cd862b ("add support for mptcp netlink interface") Suggested-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Sun, 10 Jul 2022 23:52:51 +0000 (08:52 +0900)]
bridge: Fix memory leak when doing 'fdb get'
With the following command sequence:
ip link add br0 up type bridge
ip link add dummy0 up address 02:00:00:00:00:01 master br0 type dummy
bridge fdb get 02:00:00:00:00:01 br br0
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x11C1EC: rtnl_recvmsg (libnetlink.c:838)
by 0x11C4D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x11D994: __rtnl_talk (libnetlink.c:1141)
by 0x11D994: rtnl_talk (libnetlink.c:1147)
by 0x10D336: fdb_get (fdb.c:652)
by 0x48907FC: (below main) (libc-start.c:332)
Free the answer obtained from rtnl_talk().
Fixes: 4ed5ad7bd3c6 ("bridge: fdb get support") Reported-by: Ido Schimmel <idosch@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Benjamin Poirier [Sun, 10 Jul 2022 23:52:50 +0000 (08:52 +0900)]
ip address: Fix memory leak when specifying device
Running a command like `ip addr show dev lo` under valgrind informs us that
32,768 bytes in 1 blocks are definitely lost in loss record 4 of 4
at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x16CBE2: rtnl_recvmsg (libnetlink.c:775)
by 0x16CF04: __rtnl_talk_iov (libnetlink.c:954)
by 0x16E257: __rtnl_talk (libnetlink.c:1059)
by 0x16E257: rtnl_talk (libnetlink.c:1065)
by 0x115CB1: ipaddr_link_get (ipaddress.c:1833)
by 0x11A0D1: ipaddr_list_flush_or_save (ipaddress.c:2030)
by 0x1152EB: do_cmd (ip.c:115)
by 0x114D6F: main (ip.c:321)
After calling store_nlmsg(), the original buffer should be freed. That is
the pattern used elsewhere through the rtnl_dump_filter() call chain.
Fixes: 884709785057 ("ip address: Set device index in dump request") Reported-by: Binu Gopalakrishnapillai <binug@nvidia.com> Reviewed-by: Ido Schimmel <idosch@nvidia.com> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Hangbin Liu [Tue, 5 Jul 2022 04:25:01 +0000 (12:25 +0800)]
libbpf: add xdp program name support
In bpf program, only the program name is unique. Before this patch, if there
are multiple programs with the same section name, only the first program
will be attached. With program name support, users could specify the exact
program they want to attach.
Note this feature is only supported when iproute2 build with libbpf.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Petr Machata [Tue, 28 Jun 2022 10:19:11 +0000 (12:19 +0200)]
ip: Fix rx_otherhost_dropped support
The commit cited below added a new column to print_stats64(). However it
then updated only one size_columns() call site, neglecting to update the
remaining three. As a result, in those not-updated invocations,
size_columns() now accesses a vararg argument that is not being passed,
which is undefined behavior.
Fixes: cebf67a35d8a ("show rx_otherehost_dropped stat in ip link show") CC: Tariq Toukan <tariqt@nvidia.com> CC: Itay Aveksis <itayav@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Petr Machata [Tue, 28 Jun 2022 10:17:31 +0000 (12:17 +0200)]
ip: Fix size_columns() invocation that passes a 32-bit quantity
In print_stats64(), the last size_columns() invocation passes number of
carrier changes as one of the arguments. The value is decoded as a 32-bit
quantity, but size_columns() expects a 64-bit one. This is undefined
behavior.
The reason valgrind does not cite this is that the previous size_columns()
invocations prime the ABI area used for the value transfer. When these
other invocations are commented away, valgrind does complain that
"conditional jump or move depends on uninitialised value", as would be
expected.
Fixes: 49437375b6c1 ("ip: dynamically size columns when printing stats") Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Petr Machata [Mon, 27 Jun 2022 13:18:21 +0000 (15:18 +0200)]
ip: Fix size_columns() for very large values
For values near the 64-bit boundary, the iterative application of
powi *= 10 causes powi to overflow without the termination condition of
powi >= val having ever been satisfied. Instead, when determining the
length of the number, iterate val /= 10 and terminate when it's a single
digit.
Fixes: 49437375b6c1 ("ip: dynamically size columns when printing stats") CC: Tariq Toukan <tariqt@nvidia.com> CC: Itay Aveksis <itayav@nvidia.com> Signed-off-by: Petr Machata <petrm@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Eli Cohen [Wed, 15 Jun 2022 03:46:16 +0000 (06:46 +0300)]
vdpa: Add support for reading vdpa device statistics
Read statistics of a vdpa device. The specific data is a received as a
pair of attribute name and attribute value.
Examples:
1. Read statistics for the virtqueue at index 1
$ vdpa dev vstats show vdpa-a qidx 1
vdpa-a:
vdpa-a: queue_type tx received_desc 321812 completed_desc 321812
2. Read statistics for the virtqueue at index 16
$ vdpa dev vstats show vdpa-a qidx 16
vdpa-a: queue_type control_vq received_desc 17 completed_desc 17
3. Read statisitics for the virtqueue at index 0 with json output
$ vdpa -j dev vstats show vdpa-a qidx 0
{"vstats":{"vdpa-a":{"queue_type":"rx","received_desc":114855,"completed_desc":114617}}}
4. Read statistics for the virtqueue at index 0 with preety json
output
$ vdpa -jp dev vstats show vdpa-a qidx 0
vdpa -jp dev vstats show vdpa-a qidx 0
{
"vstats": {
"vdpa-a": {
"queue_type": "rx",
"received_desc": 114855,
"completed_desc": 114617
}
}
}
Signed-off-by: Eli Cohen <elic@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
projects / thirdparty / iproute2.git / log
