ipmonitor: fix ip monitor can't work when NET_NS is not enabled
In ip monitor, netns_map_init will check getnsid is supported or not.
But when /proc/self/ns/net does not exist, we just print out error
messages and exit. So user cannot use ip monitor anymore when
CONFIG_NET_NS is disabled:
# ip monitor
open("/proc/self/ns/net"): No such file or directory
If open "/proc/self/ns/net" failed, set have_rtnl_getnsid to false.
Fixes: d652ccbf8195 ("netns: allow to dump and monitor nsid") Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Hangbin Liu [Thu, 8 Sep 2016 02:26:57 +0000 (10:26 +0800)]
ip route: check ftell, fseek return value
ftell() may return -1 in error case, which is not handled and
therefore pass a negative offset to fseek(). The return code of
fseek() is also not checked.
Reported-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
the maximum possible ICV length in a MACsec frame is 16 octects, not 32:
fix get_icvlen() accordingly, so that a proper error message is displayed
in case input 'icvlen' is greater than 16.
since get_qdisc_handle() truncates the input value to 16 bit, return an
error and prompt "invalid qdisc ID" in case input 'handle' parameter needs
more than 16 bit to be stored.
Signed-off-by: Davide Caratti <dcaratti@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc>
Hangbin Liu [Mon, 5 Sep 2016 03:35:02 +0000 (11:35 +0800)]
nstat: add sctp snmp support
SCTP module was not load by default. But this should be OK since we will not
load table if fdopen() failed, also opening the proc file won't load SCTP
kernel module.
Davide Caratti [Tue, 30 Aug 2016 11:23:14 +0000 (13:23 +0200)]
macsec: fix byte ordering on input/display of 'sci'
use get_be64() in place of get_u64() when parsing input 'sci' parameter,
so that 'sci' can be entered using network byte order regardless the
endianness of target system; use ntohll() when printing out 'sci'. While
at it, improve documentation of 'sci' in ip-link.8.
Davide Caratti [Tue, 30 Aug 2016 11:23:12 +0000 (13:23 +0200)]
macsec: fix input of 'port', improve documentation of 'address'
remove hardcoded base 10 parsing of 'port' parameter, update man page
and fix usage() functions as well. Fix misleading line in man page that
theoretically allowed specifying 'port' keyword right after 'sci' keyword.
Provide documentation of 'address' parameter in man pages and in usage()
functions as well.
Show which processes are using which tun/tap devices, e.g.:
$ ip -d tuntap
tun0: tun
Attached to processes: vpnc(9531)
vnet0: tap vnet_hdr
Attached to processes: qemu-system-x86(10442)
virbr0-nic: tap UNKNOWN_FLAGS:800
Attached to processes:
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
If we have multicast routes and do ip route show table all we'll get the
following output:
...
multicast ???/32 from ???/32 table default proto static iif eth0
The "???" are because the rtm_family is set to RTNL_FAMILY_IPMR instead
(or RTNL_FAMILY_IP6MR for ipv6). Add a simple workaround that returns the
real family based on the rtm_type (always RTN_MULTICAST for ipmr routes)
and the rtm_family. Similar workaround is already used in ipmroute, and
we can use this helper there as well.
After the patch the output is:
multicast 239.10.10.10/32 from 0.0.0.0/32 table default proto static iif eth0
Also fix a minor whitespace error and switch to tabs.
Reported-by: Satish Ashok <sashok@cumulusnetworks.com> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Yotam Gigi [Wed, 31 Aug 2016 07:28:27 +0000 (09:28 +0200)]
tc: man: Add man entry for the matchall classifier.
In addition to providing information about the mathcall filter and its
configurations, the man entry contains examples for creating port
mirorring entries.
Yotam Gigi [Wed, 31 Aug 2016 07:28:26 +0000 (09:28 +0200)]
tc: Add support for the matchall traffic classifier.
The matchall classifier matches every packet and allows the user to apply
actions on it. In addition, it supports the skip_sw and skip_hw (as can
be found on u32 and flower filter) that direct the kernel to skip the
software/hardware processing of the actions.
This filter is very useful in usecases where every packet should be
matched. For example, packet mirroring (SPAN) can be setup very easily
using that filter.
Phil Sutter [Tue, 23 Aug 2016 09:52:45 +0000 (11:52 +0200)]
ip-route: Prevent some double spaces in output
The code is a bit messy, as it starts with space after text and at some
point switches to space before text. But either way, printing space
before *and* after text almost certainly leads to printing more
whitespace than necessary.
Xin Long [Sun, 7 Aug 2016 09:12:30 +0000 (17:12 +0800)]
ip route: restore_handler should check tb[RTA_PREFSRC] for local networks
Prior to this patch, If one route entry's RTA_PREFSRC and RTA_GATEWAY
both were NULL, it was supposed to be restored ONLY as a local address.
But as it didn't check tb[RTA_PREFSRC] when restoring local networks,
rtattr_cmp would return a success if it was NULL, this route entry would
be restored again as a local network.
This patch is to add tb[RTA_PREFSRC] check when restoring local networks.
Fixes: 74af8dd9620e ("ip route: restore route entries in correct order") Signed-off-by: Xin Long <lucien.xin@gmail.com> Tested-by: Phil Sutter <phil@nwl.cc>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:58 +0000 (16:26 +0200)]
ila: show usage even if the module is not available
Currently, the `ip ila` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: ec71cae0bb7b ("ila: Support for configuring ila to use netfilter hook") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:57 +0000 (16:26 +0200)]
fou: show usage even if the module is not available
Currently, the `ip fou` command tries to initialize a genl context even
when we just want to see the help for the command, which doesn't require
to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Fixes: 6928747b6e79 ("ip fou: Support to configure foo-over-udp RX") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:56 +0000 (16:26 +0200)]
macsec: show usage even if the module is not available
Currently, the `ip macsec` command tries to initialize a genl context
even when we just want to see the help for the command, which doesn't
require to talk to the kernel at all.
Delay genl initialization, which can fail if the module isn't loaded,
until the point where we will actually need it.
Sabrina Dubroca [Tue, 16 Aug 2016 14:26:55 +0000 (16:26 +0200)]
libgenl: introduce genl_init_handle
All users of genl have the same code to open a genl socket and resolve
the family for their specific protocol. Introduce a helper to initialize
the handle, and use it in all the genl code.
Richard Alpe [Mon, 15 Aug 2016 08:24:32 +0000 (10:24 +0200)]
tipc: refactor bearer identification
Introduce a generic function (nl_add_bearer_name()) that identifies a
bearer and adds it to an existing netlink message. This reduces code
complexity and makes the code a little bit easier to maintain.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
Richard Alpe [Mon, 15 Aug 2016 08:24:31 +0000 (10:24 +0200)]
tipc: fix UDP bearer synopsis
Local ip is not required to identify a UDP bearer and shouldn't be
passed to bearer disable, set or get. In this patch we remove the
localip entry from the synopsis of these functions.
Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
WANG Cong [Mon, 8 Aug 2016 23:24:45 +0000 (16:24 -0700)]
tc: fix a misleading failure
Before this patch:
# ./tc/tc actions add action drop index 11
RTNETLINK answers: File exists
We have an error talking to the kernel
Command "(null)" is unknown, try "tc actions help".
After this patch:
# ./tc/tc actions add action drop index 11
RTNETLINK answers: File exists
We have an error talking to the kernel
Cc: Stephen Hemminger <shemming@brocade.com> Cc: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Phil Sutter [Wed, 3 Aug 2016 09:43:45 +0000 (11:43 +0200)]
tc: Fix for missing estimator initialization
When switching to C99 initializers, I forgot to add this one. This means
that when trying to set an estimator value, tc would complain about
spurious duplicate estimator parameter. But much worse, the random
variable content is sent to the kernel regardless of whether an
estimator was given or not.
since kernel driver has valid default values for 'cipher' and 'icvlen',
there is no need for requiring users to specify both of them when a new
link is added. Also, prompt an error message and exit with appropriate
exit status in case of unsupported cipher suite.
- ip-macsec.8: fix wrong 'device' keyword in 'ip link add device eth0';
add missing description of 'validate' keyword; remove spurious bracket
near 'encrypt' keyword; add missing reference to configuration of 'port'
and 'sci'
- ip-link.8 fix wrong 'es' and 'encoding' keywords in MACsec section
Phil Sutter [Sat, 23 Jul 2016 11:28:08 +0000 (13:28 +0200)]
tc: util: bore up action_a2n()
It's a pitty this function is used nowhere, so let's polish it for use:
* Loop over branch names, makes it clear that every former conditional
was exactly identical.
* Support 'pipe' branch name, too.
* Make number parsing optional.
Phil Sutter [Sat, 23 Jul 2016 11:28:07 +0000 (13:28 +0200)]
tc: Reformat tc_util.h
* Drop 'extern' keyword before function declarations.
* Add parameter names where they were missing for matters of
consistency.
* Drop fancy indenting (e.g. tab between type and name).
* Break long lines to not exceed 80 columns.
Phil Sutter [Mon, 18 Jul 2016 14:48:43 +0000 (16:48 +0200)]
Replace malloc && memset by calloc
This only replaces occurrences where the newly allocated memory is
cleared completely afterwards, as in other cases it is a theoretical
performance hit although code would be cleaner this way.
Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: David Ahern <dsa@cumulusnetworks.com>
Phil Sutter [Mon, 18 Jul 2016 14:48:42 +0000 (16:48 +0200)]
Use C99 style initializers everywhere
This big patch was compiled by vimgrepping for memset calls and changing
to C99 initializer if applicable. One notable exception is the
initialization of union bpf_attr in tc/tc_bpf.c: changing it would break
for older gcc versions (at least <=3.4.6).
Calls to memset for struct rtattr pointer fields for parse_rtattr*()
were just dropped since they are not needed.
The changes here allowed the compiler to discover some unused variables,
so get rid of them, too.
Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: David Ahern <dsa@cumulusnetworks.com>
Phil Sutter [Mon, 18 Jul 2016 14:48:41 +0000 (16:48 +0200)]
tc: m_action: Improve conversion to C99 style initializers
This improves my initial change in the following points:
- Flatten embedded struct's initializers.
- No need to initialize variables to zero as the key feature of C99
initializers is to do this implicitly.
- By relocating the declaration of struct rtattr *tail, it can be
initialized at the same time.
Fixes: a0a73b298a579 ("tc: m_action: Use C99 style initializers for struct req") Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: David Ahern <dsa@cumulusnetworks.com>
Storing the schema file for the json format will be useful for doc
purposes as optional paramaters are typically suppressed in the json
sample outputs.
David Ahern [Fri, 15 Jul 2016 22:41:35 +0000 (15:41 -0700)]
ss: Fix support for device filter by index
Support was recently added for device filters. The intent was to allow
the device to be specified by name or index, and using the if%u format
(dev == if5) or the simpler and more intuitive index alone (dev == 5).
The latter case is broken since the index is not saved to the filter
after the strtoul conversion. Further, the tmp variable used for the
conversion shadows another variable used in the function. Fix both.
With this change all 3 variants work as expected:
$ ss -t 'dev == 62'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 224 10.0.1.3%mgmt:ssh 192.168.0.50:58442
$ ss -t 'dev == mgmt'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 224 10.0.1.3%mgmt:ssh 192.168.0.50:58442
$ ss -t 'dev == if62'
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 36 10.0.1.3%mgmt:ssh 192.168.0.50:58442
Fixes: 2d2932125616 ("ss: Add support to filter on device") Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Daniel Borkmann [Mon, 18 Jul 2016 23:09:52 +0000 (01:09 +0200)]
bpf: also check elf for official e_machine value
Use the official BPF ELF e_machine value that was assigned recently [1]
and will be propagated to glibc, libelf et al. LLVM will switch to it
in 3.9 release, therefore we need to prepare tc to check for EM_ELF as
well, older version still have the EM_NONE.
projects / thirdparty / iproute2.git / log
