vadimk [Thu, 16 Oct 2014 08:19:29 +0000 (11:19 +0300)]
ss: Remove checking SS_CLOSE state for packet and netlink
I dont see a reason that packet and netlink states will be
printed only if SS_CLOSE state is set in filter, in that case
to print states of netlink or packet sockets it is needed to run:
Tom Herbert [Fri, 7 Nov 2014 16:05:34 +0000 (08:05 -0800)]
vxlan: Add support for enabling UDP checksums
Add udpcsum option to enable transmitting UDP checksums when doing
VXLAN/IPv4. Add udp6zerocsumtx, and udp6zerocsumrx options to enable
sending zero checksums and receiving zero checksums in VXLAN/IPv6.
Tom Herbert [Wed, 5 Nov 2014 18:06:26 +0000 (10:06 -0800)]
ip link gre: Add support to configure FOU and GUE
This patch adds support to configure foo-over-udp (FOU) and Generic
UDP Encapsulation for GRE tunnels. This configuration allows selection
of FOU or GUE for the tunnel, specification of the source and
destination ports for UDP tunnel, and enabling TX checksum. This
configuration only affects the transmit side of a tunnel.
Example:
ip link add name tun1 type gre remote 192.168.1.1 local 192.168.1.2 \
ttl 225 encap fou encap-sport auto encap-dport 7777 encap-csum
This would create an GRE tunnel in GUE encapsulation where the source
port is automatically selected (based on hash of inner packet) and
checksums in the encapsulating UDP header are enabled.
Tom Herbert [Wed, 5 Nov 2014 18:06:25 +0000 (10:06 -0800)]
ip link ipip: Add support to configure FOU and GUE
This patch adds support to configure foo-over-udp (FOU) and Generic
UDP Encapsulation for IPIP and sit tunnels. This configuration allows
selection of FOU or GUE for the tunnel, specification of the source and
destination ports for UDP tunnel, and enabling TX checksum. This
configuration only affects the transmit side of a tunnel.
Example:
ip link add name tun1 type ipip remote 192.168.1.1 local 192.168.1.2 \
ttl 225 encap gue encap-sport auto encap-dport 9999 encap-csum
This would create an IPIP tunnel in GUE encapsulation where the source
port is automatically selected (based on hash of inner packet) and
checksums in the encapsulating UDP header are enabled.
Tom Herbert [Wed, 5 Nov 2014 18:06:24 +0000 (10:06 -0800)]
ip fou: Support to configure foo-over-udp RX
Added 'ip fou...' commands to enable/disable UDP ports for doing
foo-over-udp and Generic UDP Encapsulation variant. Arguments are port
number to bind to and IP protocol to map to port (for direct FOU).
Examples:
ip fou add port 7777 gue
ip fou add port 8888 ipproto 4
The first command creates a GUE port, the second creates a direct FOU
port for IPIP (receive payload is a assumed to be an IPv4 packet).
- any ipv6 tunnel mode (proto == 0) could not be set
due to incomplete set of cases in do_add, do_del.
- vti6 logic was inverted: it was using "ip6_vti0" basedev
UNLESS mode is set to vti6.
We don't need a switch by p.proto in do_add()/do_del(): it
already exists in parse_args(). So if parse_args() call
was successful, no need to check tunnel mode again.
vadimk [Fri, 10 Oct 2014 06:27:19 +0000 (09:27 +0300)]
tests: Allow to run tests recursively
Such approach allows to run *.t scripts from any
tests/ subdirectories.
One point is that tests from tests/cls/*.t (which are needed
by tests/cls-testbed.t but does not exist yet) will also
be ran aside with tests/cls-testbed.t which is not good
because in such case they will be ran twice, so renamed these
tests path to tests/cls/*.c in tests/cls-testbed.t
Dmitry Popov [Sat, 4 Oct 2014 15:00:25 +0000 (19:00 +0400)]
ip tunnel: fix 'ip -oneline tunnel show' for some GRE tunnels
'ip -oneline tunnel show' was not "oneline" for GRE tunnels with iseq:
# ip tun add gre_test remote 1.1.1.1 local 2.2.2.2 mode gre iseq oseq
# ip -oneline tun show gre_test | wc -l
2
The problem existed because of a typo: '\n' was printed when it shouldn't be.
Fixed.
Jiri Benc [Fri, 3 Oct 2014 13:25:02 +0000 (15:25 +0200)]
ip address: print stats with -s
Make ip address show accept the -s option similarly to ip link. This creates
an one command replacement for "ifconfig -a" useful for people who still
stay with ifconfig because of this feature.
Print the stats as the last thing for the interface. This requires some code
shuffling.
Eric Dumazet [Wed, 1 Oct 2014 11:17:18 +0000 (04:17 -0700)]
ss: add more tcp socket diagnostics
Display 4 additional tcp socket info fields :
backoff : exponential backoff
lastsnd : time in milli second since last send
lastrcv : time in milli second since last receive
lastack : time in milli second since last acknowledgement
Tests were not allowed to be ran, the following
issues were fixed:
- creating the results folder before test running
- sudo $PREFIX moved before variables definition which
allow to pass them through the sudo to test script.
Broken looks like:
root@moja-1:~# tc actions add action drop index 4
root@moja-1:~# tc -s actions ls action gact
action order 0: gact action drop
random type none pass val 0
index 4 ref 1 bind 0 installed 9 sec used 4 sec
The fixed version looks like:
action order 0: gact action drop
random type none pass val 0
index 4 ref 1 bind 0 installed 9 sec used 4 sec
Sent 108948 bytes 1297 pkts (dropped 1297, overlimits 0)
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
iproute2: allow to change slave options via type_slave
This patch adds the necessary changes to allow altering a slave device's
options via ip link set <device> type <master type>_slave specific-option.
It also adds support to set the bonding slaves' queue_id.
Example:
ip link set eth0 type bond_slave queue_id 10
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com> Acked-by: Jiri Pirko <jiri@resnulli.us>
ip monitor: Dont print timestamp or banner-label for cloned routes
This is ugly fix but solves the case when timestamp
or banner-label is printed before the cloned route will be skipped
by iproute filter which filters out all cached routes by default.
In such case timestamp will be printed twice:
Update the rt_dsfield file to contain values defined in current RFC.
The days of TOS precedence are gone, even Cisco doesn't refer
to these in the documents.
vadimk [Sat, 30 Aug 2014 12:06:00 +0000 (15:06 +0300)]
ip link: Remove unnecessary device checking
The real checking is performed later in iplink_modify(..) func which
checks device existence if NLM_F_CREATE flag is set.
Also it fixes the case when impossible to add veth link which was
caused by 9a02651a87 (ip: check for missing dev arg when doing VF rate)
because these devices are not exist yet.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
vadimk [Thu, 28 Aug 2014 13:56:03 +0000 (16:56 +0300)]
ip netns: Show error message if mkdir failed to create /var/run/netns
Currently if mkdir failed with "Permission denied" error then "mount --make-shared ..."
error message will be showed because /var/run/netns does not exist.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Jay Vosburgh [Sat, 10 May 2014 20:34:58 +0000 (13:34 -0700)]
tc/netem: loss gemodel options fixes
First, the default value for 1-k is documented as being 0, but is
currently being set to 1. (100%). This causes all packets to be dropped
in the good state if 1-k is not explicitly specified. Fix this by setting
the default to 0.
Second, the 1-h option is parsed correctly, however, the kernel is
expecting "h", not 1-h. Fix this by inverting the "1-h" percentage before
sending to and after receiving from the kernel. This does change the
behavior, but makes it consistent with the netem documentation and the
literature on the Gilbert-Elliot model, which refer to "1-h" and "1-k,"
not "h" or "k" directly.
Last, fix a minor formatting issue for the options reporting.
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
iproute2 bridge: bring to above par with brctl show macs
root@moja-mojo:bridge# ./bridge fdb help
Usage: bridge fdb { add | append | del | replace } ADDR dev DEV {self|master} [ temp ]
[router] [ dst IPADDR] [ vlan VID ]
[ port PORT] [ vni VNI ] [via DEV]
bridge fdb {show} [ br BRDEV ] [ brport DEV ]
Lets start with two bridges each with a port...
root@moja-mojo:bridge# ./bridge link
10: sw1-p1 state DOWN : <BROADCAST,NOARP> mtu 1500 master sw1 state disabled priority 32 cost 100
11: eth1 state DOWN : <BROADCAST,NOARP> mtu 1500 master br0 state disabled priority 32 cost 100
show all...
root@moja-mojo:bridge# ./bridge fdb show
33:33:00:00:00:01 dev ifb0 self permanent
33:33:00:00:00:01 dev ifb1 self permanent
33:33:00:00:00:01 dev eth0 self permanent
01:00:5e:00:00:01 dev eth0 self permanent
33:33:ff:92:c0:60 dev eth0 self permanent
33:33:00:00:00:fb dev eth0 self permanent
01:00:5e:00:00:fb dev eth0 self permanent
01:00:5e:7f:ff:fd dev eth0 self permanent
01:00:5e:00:00:01 dev wlan0 self permanent
33:33:00:00:00:01 dev wlan0 self permanent
33:33:ff:c2:84:3b dev wlan0 self permanent
33:33:00:00:00:fb dev wlan0 self permanent
01:00:5e:00:00:01 dev virbr0 self permanent
01:00:5e:00:00:fb dev virbr0 self permanent
33:33:00:00:00:01 dev br0 self permanent
33:33:00:00:00:01 dev sw1 self permanent
33:33:00:00:00:01 dev dummy0 self permanent
5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent
33:33:00:00:00:01 dev sw1-p1 self permanent
b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev eth1 self permanent
Lets see a netdev that is *not* attached to a bridge
Lets see a netdev that is bridge port
root@moja-mojo:bridge# ./bridge fdb show brport eth1
hadi@jhs-1:/media/MT1/other-gits/iproute-jul04/bridge$ ./bridge fdb show brport eth1
b6:5e:dd:ce:d7:5e vlan 0 master br0 permanent
33:33:00:00:00:01 self permanent
Specify the correct bridge and you get good stuff
root@moja-mojo:bridge# ./bridge fdb show brport eth1 br br0
6:5e:dd:ce:d7:5e vlan 0 master br0 permanent
33:33:00:00:00:01 self permanent
Specify the wrong bridge and you get good nada
root@moja-mojo:bridge# ./bridge fdb show brport eth1 br sw1
dump br0
root@moja-mojo:bridge# ./bridge fdb show br br0
33:33:00:00:00:01 dev br0 self permanent
b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev eth1 self permanent
dump sw1
root@moja-mojo:bridge# ./bridge fdb show br sw1
33:33:00:00:00:01 dev sw1 self permanent
5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent
33:33:00:00:00:01 dev sw1-p1 self permanent
Lets move a port from one bridge to another for shits-and-giggles
(as the New Brunswickians like to say)
root@moja-mojo:bridge# ip link set sw1-p1 master br0
Now dump again br0
root@moja-mojo:bridge# ./bridge fdb show br br0
33:33:00:00:00:01 dev br0 self permanent
5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev sw1-p1 self permanent
b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
33:33:00:00:00:01 dev eth1 self permanent
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
This patch avoids a full link wildump request when the user has specified
a single link. Uses RTM_GETLINK without the NLM_F_DUMP flag.
This helps on a system with large number of interfaces.
This patch currently only uses the link ifindex in the filter.
Hoping to provide a subsequent kernel patch to do link dump filtering on
other attributes in the kernel.
In iplink_get, to be safe, this patch currently sets the answer buffer
size to the max size that libnetlink rtnl_talk can copy. The current api
does not seem to provide a way to indicate the answer buf size.
changelog from RFC to v1:
- incorporated comments from stephen (fixed comment and fixed if/else block)
Dmitry Popov [Fri, 6 Jun 2014 20:33:49 +0000 (00:33 +0400)]
fix ip tunnel for vti tunnels with ikey
Consider the following command:
ip tunnel add mode vti remote 12.0.0.1 local 12.0.0.3 ikey 15
i_flags will be GRE_KEY|VTI_ISVTI. So, in order to distinguish between ipip and
vti we have to check just VTI_ISVTI bit, not the equality of i_flags and
VTI_ISVTI.
* Note, that there also was a bug in ip_tunnel/ip_vti, see
commit 7c8e6b9c281(ip_vti: Fix 'ip tunnel add' with 'key' parameters),
https://lkml.org/lkml/2014/6/7/125.
Even patched iproute could be unable to create vti tunnels with non-zero keys.
1) Unpatched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip 4197 0
tunnel4 1659 1 ipip
ip_tunnel 9295 1 ipip
[root@vm ~]# ip tunnel show
tunl0: ip/ip remote any local any ttl inherit
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
ipip0: ip/ip remote 1.2.3.4 local any ttl inherit
tunl0: ip/ip remote any local any ttl inherit
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ipip 4197 0
tunnel4 1659 1 ipip
ip_tunnel 9295 1 ipip
# ipip tunnels are created instead of vti
2) Patched iproute2:
[root@vm ~]# ip tunnel show
[root@vm ~]# lsmod | egrep '(ipip|vti)'
[root@vm ~]# ip tunnel add mode vti ikey 1
[root@vm ~]# lsmod | egrep '(ipip|vti)'
ip_vti 5258 0
ip_tunnel 9295 1 ip_vti
[root@vm ~]# ip tunnel show
vti0: ip/ip remote any local any ttl inherit ikey 1 okey 0
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
[root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
[root@vm ~]# ip tunnel show
vti0: ip/ip remote any local any ttl inherit ikey 1 okey 0
vti1: ip/ip remote 1.2.3.4 local any ttl inherit ikey 2 okey 0
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
# Vti tunnels are created as expected
# * If you have unpatched kernel your vti tunnels will have ikey == okey == 0
Same story exists with ip tunnel show/del with non-zero [io]key: requests are
routed to tunl0 instead of ip_vti0.
Roopa Prabhu [Sun, 8 Jun 2014 05:23:42 +0000 (22:23 -0700)]
bridge: Add master device name to bridge fdb show
This patch adds master dev name from NDA_MASTER netlink attribute
to bridge fdb show output
current iproute2 tries to print 'master' in the output if NTF_MASTER
is present. But, kernel today does not set NTF_MASTER during dump
requests. Which means I have not seen iproute2 bridge cmd print 'master' atall.
This patch overrides the NTF_MASTER flag if NDA_MASTER attribute is present.
Example output:
before this patch:
# bridge fdb show
44:38:39:00:27:ba dev bond2.2003 permanent
44:38:39:00:27:bb dev bond4.2003 permanent
44:38:39:00:27:bc dev bond2.2004 permanent
After this patch:
# bridge fdb show
44:38:39:00:27:ba dev bond2.2003 master br-2003 permanent
44:38:39:00:27:bb dev bond4.2003 master br-2003 permanent
44:38:39:00:27:bc dev bond2.2004 master br-2004 permanent
For comparision with the above, below is the output for NTF_SELF today,
# bridge fdb show
33:33:00:00:00:01 dev eth0 self permanent
01:00:5e:00:00:01 dev eth0 self permanent
33:33:ff:00:01:cc dev eth0 self permanent
If change in output is a concern, 'master' can be put at the end of the fdb
output line or made optional with -d[etails] option.
change from v1 to v2:
use 'bridge' instead of 'master' in fdb show output
change from v2 to v3:
use 'master' instead of 'bridge' in fdb show output
(master could also be a vxlan device)
Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool
o "min_tx_rate" option has been added for minimum Tx rate. Hence, for
consistent naming, "max_tx_rate" option has been introduced for maximum
Tx rate.
o Change in v2: "rate" can be used along with "max_tx_rate".
When both are specified, "max_tx_rate" should override.
o Change in v3:
* IFLA_VF_RATE: When IFLA_VF_RATE is used, and user has given only one of
min_tx_rate or max_tx_rate, reading of previous rate limits is done in
userspace instead of in kernel space before ndo_set_vf_rate.
* IFLA_VF_TX_RATE: When IFLA_VF_TX_RATE is used, min_tx_rate is always read
in kernel space. This takes care of below scenarios:
(1) when old tool sends "rate" but kernel is new (expects min and max)
(2) when new tool sends only "rate" but kernel is old (expects only "rate")
o Change in v4 as suggested by Stephen Hemminger:
* As per iproute policy, input and output formats should match. Changing display
of max_tx_rate and min_tx_rate options accordingly.
./ip/ip link show p3p1
8: p3p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
link/ether 00:0e:1e:16:ce:40 brd ff:ff:ff:ff:ff:ff
vf 0 MAC 2a:18:8f:4d:3d:d4, tx rate 700 (Mbps), max_tx_rate 700Mbps, min_tx_rate 200Mbps
vf 1 MAC 72:dc:ba:f9:df:fd
During a rebuild [...]. Please note that we use our research
compiler tool-chain (using tools from the cbmc package), which permits extended
reporting on type inconsistencies at link time.
[...]
gcc bridge.o fdb.o monitor.o link.o mdb.o vlan.o ../lib/libnetlink.a ../lib/libutil.a ../lib/libnetlink.a ../lib/libutil.a -o bridge
file link.c line 18: error: conflicting types for variable "filter_index"
old definition in module fdb file fdb.c line 29
signed int
new definition in module link file link.c line 18
unsigned int
<builtin>: recipe for target 'bridge' failed
make[3]: *** [bridge] Error 64
make[3]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-iproute2/iproute2-3.14.0/bridge'
Makefile:45: recipe for target 'all' failed
While practical constraints may limit the value of filter_index to remain within
the bounds of a positive signed int, there is certainly no such guarantee here.
Also, a plain majority vote suggests that this really just a wrong declaration
in link.c as several declarations of filter_index as signed int exist.
[...]
My followup on this was:
I think the majority is wrong.
filter_index is assigned exclusively from if_nametoindex or ll_name_to_index
which both return unsigned int.
Changing it to unsigned everywhere seems better.
This has been minimally tested by using the bridge tool
to add vids and showing available vids on different devices.
Reported-by: Michael Tautschnig <mt@debian.org> Signed-off-by: Andreas Henriksson <andreas@fatal.se>
projects / thirdparty / iproute2.git / log
