Phil Sutter [Fri, 4 Mar 2016 19:07:21 +0000 (20:07 +0100)]
ipneigh: List all nud states in help output
To not make the output overly confusing, list them in a definition of
the STATE placeholder which is already used in the show/flush syntax but
wasn't explained before.
Phil Sutter [Fri, 4 Mar 2016 11:52:40 +0000 (12:52 +0100)]
man: ip-route: Make synopsis consistent with description
While the synopsis section contains 'ip route list', it is later
described as 'ip route show'. Make this consistent by replacing 'list'
with 'show' in synopsis.
Phil Sutter [Wed, 2 Mar 2016 18:20:08 +0000 (19:20 +0100)]
man: ip-*.8: drop any reference to generic ip options
Listing generic 'ip' options in subcommand man pages is redundant and
error-prone, as they won't be kept in sync anyway. Since many other man
pages don't list them either, drop references to them in the remaining
ones.
Phil Sutter [Wed, 2 Mar 2016 18:20:07 +0000 (19:20 +0100)]
man: ip-l2tp.8: Fix BNF syntax
The 'ADDR' part of 'local' and 'remote' parameters is not optional, but
may also consist of the word 'any'. While at it, add missing whitespace
and fix fonts.
Phil Sutter [Wed, 2 Mar 2016 18:20:03 +0000 (19:20 +0100)]
man: ip-token.8: Review synopsis section
Drop unnecessary curly braces around single action keywords, point out
that 'dev' parameter to 'ip token get' is optional and clarify that 'ip
token' defaults to 'list' action.
Phil Sutter [Wed, 2 Mar 2016 18:20:02 +0000 (19:20 +0100)]
man: ip-rule.8: Review synopsis section
Clarify that 'ip rule' defaults to action 'list', that 'flush' and
'save' actions don't accept additional parameters, add missing 'not' and
'goto' keywords and finally fix fonts used in 'fwmark' and 'realms'
parameters.
Phil Sutter [Wed, 2 Mar 2016 18:20:01 +0000 (19:20 +0100)]
man: ip-ntable.8: Review synopsis section
The first line contained a c'n'p error, incorrectly listing 'ip address'
syntax. Since PARAMS is used just once and there are not many other
parameters to 'ip ntable change', state them inline and in addition to
that clarify the possibility to pass multiple parameters at once.
Phil Sutter [Wed, 2 Mar 2016 18:19:58 +0000 (19:19 +0100)]
man: ip-link.8: Fix and improve synopsis
Reflect that it is possible to pass multiple parameters at the same
time, also use the same trick the help text uses to emphasize vf
specific parameters.
Phil Sutter [Wed, 2 Mar 2016 18:19:56 +0000 (19:19 +0100)]
man: ip-address.8: Minor syntax fixes
Clarify that the optional '-' prefix of the 'tentative', 'deprecated'
and 'dadfailed' keywords has to be put right in front of them, no
whitespace is allowed in between.
In addition to that, clarify that it is valid to pass both 'valid_lft'
and 'preferred_lft' at the same time to 'ip address'.
Phil Sutter [Wed, 2 Mar 2016 18:19:54 +0000 (19:19 +0100)]
iproute: TYPE keyword is not optional, fix help text accordingly
This is a bit pedantic, but brackets ([]) show optional values and since
TYPE must not become empty, they're not suited to surround the type
keyword choices. Use curly braces instead.
Also add some missing whitespace to the parameter list above.
Phil Sutter [Wed, 2 Mar 2016 18:19:49 +0000 (19:19 +0100)]
ip: align help text with manpage
Although the ip command accepts both "neighbor" and "neighbour" as
subcommand, I assume it's sufficient to list it in help text as just
"neigh" like ip.8 does.
bridge: mdb: add user-space support for extended attributes
Recently support was added to the kernel to be able to add more per-mdb
entry attributes via standard netlink attributes of type MDBA_MDB_EATTR_.
This patch adds support to iproute2 to parse and output these
attributes. The first exported attribute is the mdb "timer" value which
is shown only when the "-s" iproute2 arg is used.
Example:
$ bridge -s mdb show
dev br0 port eth1 grp 239.0.0.11 permanent 0.00
dev br0 port eth1 grp 239.0.0.10 temp 244.15
dev br0 port eth1 grp 239.0.0.1 temp 245.21
dev br0 port eth1 grp 239.0.0.5 temp 246.43
dev br0 port eth2 grp 239.0.0.5 temp 248.44
dev br0 port eth1 grp 239.0.0.2 temp 245.32
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Phil Sutter [Thu, 25 Feb 2016 12:07:35 +0000 (13:07 +0100)]
iprule: Align help text with man page synopsis
The help text was misleading: One could think it is possible to list
rules by selector, which would be nice but isn't. This change also
clarifies that 'ip rule' defaults to 'list' if no further arguments are
given.
Add IFLA_VF_TRUST message to trust the VF.
PF can accept some privileged operation from the trusted VF.
For example, ixgbe PF doesn't allow to enable VF promiscuous mode until
the VF is trusted because it may hurt performance.
To trust VF.
# ip link set dev eth0 vf 1 trust on
To untrust VF.
# ip link set dev eth0 vf 1 trust off
Roopa Prabhu [Sat, 20 Feb 2016 05:34:52 +0000 (21:34 -0800)]
bridge: add support for dynamic fdb entries
This patch is a follow up to the recently added
'static' fdb option.
It introduces a new option 'dynamic' which adds
dynamic fdb entries with NUD_REACHABLE.
$bridge fdb add 00:01:02:03:04:06 dev eth0 master dynamic
$bridge fdb show
00:01:02:03:04:06 dev eth0
This patch also documents all fdb types. Removes 'temp'
from usage message since it is now replaced by 'static'.
'temp' still works and is synonymous with static.
Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
htb: remove printing of a deprecated overhead value
Remove printing according to the previously used encoding of mpu and
overhead values within the tc_ratespec's mpu field. This encoding is
no longer being used as a separate 'overhead' field in the ratespec
structure has been introduced.
Export all the read-only values that get returned about a bridge port
such as the timers, the ids, designated_port and cost,
topology_change_ack and config_pending. For the bridge ids the
br_dump_bridge_id function is exported from iplink_bridge.
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
netns: Fix an off-by-one strcpy() in netns_map_add().
netns_map_add() does a malloc of (sizeof (struct nsid_cache) +
strlen(name)) and then proceed with strcpy() of name into the
zero-length member at the end of the nsid_cache structure. The
nul-terminator is written outside of the allocated memory and may
overwrite the allocator's internal structure.
This can trigger a segmentation fault on i386 uclibc with names of size 8:
after the corruption occurs, the call to closedir() on netns_map_init()
crashes while freeing the DIR structure.
Here is the relevant valgrind output:
==1251== Memcheck, a memory error detector
==1251== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==1251== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright
info
==1251== Command: ./ip netns
==1251==
==1251== Invalid write of size 1
==1251== at 0x4011975: strcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==1251== by 0x8058B00: netns_map_add (ipnetns.c:181)
==1251== by 0x8058E2A: netns_map_init (ipnetns.c:226)
==1251== by 0x8058E79: do_netns (ipnetns.c:776)
==1251== by 0x804D9FF: do_cmd (ip.c:110)
==1251== by 0x804D814: main (ip.c:300)
Support for the new rx_nohandler statistic.
This code is designed to handle the case where the kernel reported statistic
structure is smaller than the larger structure in later releases (and vice versa).
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
It seems that I've made a mistake when I exported these, instead of a
space in the end I've put a newline character which is wrong and breaks
the single line output.
Fixes: 7d6bc3b87abad ("bonding: export 3ad actor and partner port state") Reported-by: Sam Tannous <stannous@cumulusnetworks.com> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Roopa Prabhu [Wed, 27 Jan 2016 17:09:37 +0000 (09:09 -0800)]
bridge: support for static fdb entries
There is no intuitive option to add static fdb entries today.
'temp' seems to have a side effect of adding
'static' fdb entries. But the name and intent
of 'temp' does not say anything about it being static.
example:
bridge fdb add operates as follows:
$bridge fdb add 00:01:02:03:04:05 dev eth0 master
$bridge fdb add 00:01:02:03:04:06 dev eth0 master temp
$bridge fdb add 00:01:02:03:04:07 dev eth0 master local
$bridge fdb show
00:01:02:03:04:05 dev eth0 permanent
00:01:02:03:04:06 dev eth0 static
00:01:02:03:04:07 dev eth0 permanent
00:01:02:03:04:08 dev eth0 <<== dynamic, ageable learned mac
This patch adds a new bridge fdb type 'static' which
makes sure NUD_NOARP and NUD_REACHABLE is set for static
entries. This effectively is nothing but what 'temp'
does today. But the name 'temp' is misleading.
After the patch:
$bridge fdb add 00:01:02:03:04:06 dev eth0 master static
$bridge fdb show
00:01:02:03:04:06 dev eth0 static
'temp' could ideally be a dynamic mac that can age (ie just
NUD_REACHABLE). But, 'temp' sets 'NUD_NOARP' and 'NUD_REACHABLE'.
Too late to change 'temp' now. But, we are thinking of introduing a
'dynamic' keyword after this patch that only sets NUD_REACHABLE.
Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Daniel Borkmann [Sun, 7 Feb 2016 01:11:52 +0000 (02:11 +0100)]
tc, bpf: give some more hints wrt false relos
Provide some more hints to the user/developer when relos have been found
that don't point to ld64 imm instruction. Ran couple of times into relos
generated by clang [1], where the compiler tried to uninline inlined
functions with eBPF and emitted BPF_JMP | BPF_CALL opcodes. If this seems
the case, give a hint that the user should do a work-around to use
always_inline annotation.
Daniel Borkmann [Sun, 7 Feb 2016 01:11:51 +0000 (02:11 +0100)]
tc, bpf: improve verifier logging
With a bit larger, branchy eBPF programs f.e. already ~BPF_MAXINSNS/7 in
size, it happens rather quickly that bpf(2) rejects also valid programs
when only the verifier log buffer size we have in tc is too small.
Change that, so by default we don't do any logging, and only in error
case we retry with logging enabled. If we should fail providing a
reasonable dump of the verifier analysis, retry few times with a larger
log buffer so that we can at least give the user a chance to debug the
program.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: John Fastabend <john.r.fastabend@intel.com>
Paolo Abeni [Thu, 28 Jan 2016 13:48:55 +0000 (14:48 +0100)]
geneve: add support for lwt tunnel creation and dst port selection
This change add the ability to create lwt/flow based/externally
controlled geneve device and to select the udp destination port used
by a full geneve tunnel.
Roopa Prabhu [Wed, 3 Feb 2016 00:53:40 +0000 (16:53 -0800)]
ipmonitor: match user option 'all' before 'all-nsid'
'ip monitor all' is broken on older kernels.
This patch fixes 'ip monitor all' to match
'all' and not 'all-nsid'.
It moves parsing arg 'all-nsid' to after parsing
'all'.
Before:
$ip monitor all
NETLINK_LISTEN_ALL_NSID: Protocol not available
After:
$ip monitor all
[NEIGH]Deleted 10.0.0.1 dev eth1 lladdr c4:54:44:4f:b2:dd STALE
Fixes: 449b824ad196 ("ipmonitor: allows to monitor in several netns") Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Daniel Borkmann [Thu, 21 Jan 2016 23:46:28 +0000 (00:46 +0100)]
tc, bpf: make sure relo is in relation with map section
Add a test that symbol from relocation entry is actually related
to map section and bail out with an error message if it's not the
case; in relation to [1].
[1] https://llvm.org/bugs/show_bug.cgi?id=26243
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
projects / thirdparty / iproute2.git / log
