Andrea Claudi [Thu, 14 Oct 2021 08:50:55 +0000 (10:50 +0200)]
configure: add the --libdir option
This commit allows users/packagers to choose a lib directory to store
iproute2 lib files.
At the moment iproute2 ship lib files in /usr/lib and offers no way to
modify this setting. However, according to the FHS, distros may choose
"one or more variants of the /lib directory on systems which support
more than one binary format" (e.g. /usr/lib64 on Fedora).
As Luca states in commit a3272b93725a ("configure: restore backward
compatibility"), packaging systems may assume that 'configure' is from
autotools, and try to pass it some parameters.
Allowing the '--libdir=/path/to/libdir' syntax, we can use this to our
advantage, and let the lib directory to be chosen by the distro
packaging system.
Note that LIBDIR uses "\${prefix}/lib" as default value because autoconf
allows this to be expanded to the --prefix value at configure runtime.
"\${prefix}" is replaced with the PREFIX value in check_lib_dir().
Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: David Ahern <dsahern@kernel.org>
Andrea Claudi [Thu, 14 Oct 2021 08:50:52 +0000 (10:50 +0200)]
configure: simplify options parsing
This commit simplifies options parsing moving all the code not related to
parsing out of the case statement.
- The conditional shift after the assignments is moved right after the
case, reducing code duplication.
- The semantic checks on the LIBBPF_FORCE value is moved after the loop
like we already did for INCLUDE and LIBBPF_DIR.
- Finally, the loop condition is changed to check remaining arguments, thus
making it possible to get rid of the null string case break.
As a bonus, now the help message states that on or off should follow
--libbpf_force
Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: David Ahern <dsahern@kernel.org>
Andrea Claudi [Thu, 14 Oct 2021 08:50:51 +0000 (10:50 +0200)]
configure: fix parsing issue with more than one value per option
With commit a9c3d70d902a ("configure: add options ability") users are no
more able to provide wrong command lines like:
$ ./configure --include_dir foo bar
The script simply bails out when user provides more than one value for a
single option. However, in doing so, it breaks backward compatibility with
some packaging system, which expects unknown options to be ignored.
Commit a3272b93725a ("configure: restore backward compatibility") fix this
issue, but makes it possible again for users to provide wrong command lines
such as the one above.
This fixes the issue simply ignoring autoconf-like options such as
'--opt=value'.
Fixes: a3272b93725a ("configure: restore backward compatibility") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: David Ahern <dsahern@kernel.org>
Andrea Claudi [Thu, 14 Oct 2021 08:50:50 +0000 (10:50 +0200)]
configure: fix parsing issue on libbpf_dir option
configure is stuck in an endless loop if '--libbpf_dir' option is used
without a value:
$ ./configure --libbpf_dir
./configure: line 515: shift: 2: shift count out of range
./configure: line 515: shift: 2: shift count out of range
[...]
Fix it splitting 'shift 2' into two consecutive shifts, and making the
second one conditional to the number of remaining arguments.
A check is also provided after the while loop to verify the libbpf dir
exists; also, as LIBBPF_DIR does not have a default value, configure bails
out if the user does not specify a value after --libbpf_dir, thus avoiding
to produce an erroneous configuration.
Fixes: 7ae2585b865a ("configure: convert LIBBPF environment variables to command-line options") Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: David Ahern <dsahern@kernel.org>
David reported ipmptcp breaks hard the build when updating the
relevant kernel headers.
We should be more careful in the header section, explicitly
including all the required dependencies respecting the usual order
between systems and local headers.
Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David Ahern <dsahern@kernel.org>
David Ahern [Sat, 9 Oct 2021 23:37:12 +0000 (17:37 -0600)]
Merge branch 'ioam-encap-modes' into next
Justin Iurman says:
====================
Following the series applied to net-next (see [1]), here are the corresponding
changes to iproute2.
In the current implementation, IOAM can only be inserted directly (i.e., only
inside packets generated locally) by default, to be compliant with RFC8200.
This patch adds support for in-transit packets and provides the ip6ip6
encapsulation of IOAM (RFC8200 compliant). Therefore, three ioam6 encap modes
are defined:
Since we use the cache netlink socket for each nexthop we can keep it open
instead of opening and closing it on every add call. The socket is opened
once, on the first add call and then reused for the rest.
Suggested-by: David Ahern <dsahern@gmail.com> Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
David Ahern [Mon, 4 Oct 2021 00:31:44 +0000 (18:31 -0600)]
Merge branch 'nexthop-cache' into next
Nikolay Aleksandrov says:
====================
This set tries to help with an old ask that we've had for some time
which is to print nexthop information while monitoring or dumping routes.
The core problem is that people cannot follow nexthop changes while
monitoring route changes, by the time they check the nexthop it could be
deleted or updated to something else. In order to help them out I've
added a nexthop cache which is populated (only used if -d / show_details
is specified) while decoding routes and kept up to date while monitoring.
The nexthop information is printed on its own line starting with the
"nh_info" attribute and its embedded inside it if printing JSON. To
cache the nexthop entries I parse them into structures, in order to
reuse most of the code the print helpers have been altered so they rely
on prepared structures. Nexthops are now always parsed into a structure,
even if they won't be cached, that structure is later used to print the
nexthop and destroyed if not going to be cached. New nexthops (not found
in the cache) are retrieved from the kernel using a private netlink
socket so they don't disrupt an ongoing dump, similar to how interfaces
are retrieved and cached.
I have tested the set with the kernel forwarding selftests and also by
stressing it with nexthop create/update/delete in loops while monitoring.
Comments are very welcome as usual. :)
Changes since RFC:
- reordered parse/print splits, in order to do that I have to parse
resilient groups first, then add nh entry parsing so code has been
reordered as well and patch order has changed, but there have been
no functional changes (as before refactoring of old code is done in
the first 8 patches and then patches 9-12 add the new cache and use it)
- re-run all tests above
Patch breakdown:
Patches 1-2: update current route helpers to take parsed arguments so we
can directly pass them from the nh_entry structure later
Patch 3: adds new nha_res_grp structure which describes a resilient
nexhtop group
Patch 4: splits print_nh_res_group into a parse and print parts
which use the new nha_res_grp structure
Patch 5: adds new nh_entry structure which describes a nexthop
Patch 6: factors out print_nexthop's attribute parsing into nh_entry
structure used before printing
Patch 7: factors out print_nexthop's nh_entry structure printing
Patch 8: factors out ipnh_get's rtnl talk part and allows to use a
different rt handle for the communication
Patch 9: adds nexthop cache and helpers to manage it, it uses the
new __ipnh_get to retrieve nexthops
Patch 10: adds a new helper print_cache_nexthop_id that prints nexthop
information from its id, if the nexthop is not found in the
cache it fetches it
Patch 11: the new print_cache_nexthop_id helper is used when printing
routes with show_details (-d) to output detailed nexthop
information, the format after nh_info is the same as
ip nexthop show
Patch 12: changes print_nexthop into print_cache_nexthop which always
outputs the nexthop information and can also update the cache
(based on process_cache argument), it's used to keep the
cache up to date while monitoring
Example outputs (monitor):
[NEXTHOP]id 101 via 169.254.2.22 dev veth2 scope link proto unspec
[NEXTHOP]id 102 via 169.254.3.23 dev veth4 scope link proto unspec
[NEXTHOP]id 103 group 101/102 type resilient buckets 512 idle_timer 0 unbalanced_timer 0 unbalanced_time 0 scope global proto unspec
[ROUTE]unicast 192.0.2.0/24 nhid 203 table 4 proto boot scope global
nh_info id 203 group 201/202 type resilient buckets 512 idle_timer 0 unbalanced_timer 0 unbalanced_time 0 scope global proto unspec
nexthop via 169.254.2.12 dev veth3 weight 1
nexthop via 169.254.3.13 dev veth5 weight 1
[NEXTHOP]id 204 via fe80:2::12 dev veth3 scope link proto unspec
[NEXTHOP]id 205 via fe80:3::13 dev veth5 scope link proto unspec
[NEXTHOP]id 206 group 204/205 type resilient buckets 512 idle_timer 0 unbalanced_timer 0 unbalanced_time 0 scope global proto unspec
[ROUTE]unicast 2001:db8:1::/64 nhid 206 table 4 proto boot scope global metric 1024 pref medium
nh_info id 206 group 204/205 type resilient buckets 512 idle_timer 0 unbalanced_timer 0 unbalanced_time 0 scope global proto unspec
nexthop via fe80:2::12 dev veth3 weight 1
nexthop via fe80:3::13 dev veth5 weight 1
[NEXTHOP]id 2 encap mpls 200/300 via 10.1.1.1 dev ens20 scope link proto unspec onlink
[ROUTE]unicast 2.3.4.10 nhid 2 table main proto boot scope global
nh_info id 2 encap mpls 200/300 via 10.1.1.1 dev ens20 scope link proto unspec onlink
ip: nexthop: add print_cache_nexthop which prints and manages the nh cache
Add a new helper print_cache_nexthop replacing print_nexthop which can
update the nexthop cache if the process_cache argument is true. It is
used when monitoring netlink messages to keep the nexthop cache up to
date with nexthop changes happening. For the old callers and anyone
who's just dumping nexthops its _nocache version is used which is a
wrapper for print_cache_nexthop.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
ip: route: print and cache detailed nexthop information when requested
If -d (show_details) is used when printing/monitoring routes then print
detailed nexthop information in the field "nh_info". The nexthop is also
cached for future searches.
Output looks like:
unicast 198.51.100.0/24 nhid 103 table 3 proto boot scope global
nh_info id 103 group 101/102 type resilient buckets 512 idle_timer 0 unbalanced_timer 0 unbalanced_time 0 scope global proto unspec
nexthop via 169.254.2.22 dev veth2 weight 1
nexthop via 169.254.3.23 dev veth4 weight 1
The nh_info field has the same format as ip -d nexthop show would've had
for the same nexthop id.
Add a static nexthop cache in a hash with 1024 buckets and helpers to
manage it (link, unlink, find, add nexthop, del nexthop). Adding new
nexthops is done by creating a new rtnl handle and using it to retrieve
the nexthop so the helper is safe to use while already reading a
response (i.e. using the global rth).
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
ip: nexthop: split print_nh_res_group into parse and print parts
Now that we have resilient group structure split print_nh_res_group into
a parse and print functions, print_nexthop calls the parse function
first to parse the attributes into the structure and then uses the print
function to print the parsed structure.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
David Ahern [Fri, 24 Sep 2021 02:03:11 +0000 (20:03 -0600)]
Merge branch 'ax.25-netrom-rose' into next
Ralf Baechle says:
====================
net-tools contain support for these three protocol but are deprecated and
no longer installed by default by many distributions. Iproute2 otoh has
no support at all and will dump the addresses of these protocols which
actually are pretty human readable as hex numbers:
# ip link show dev bpq0
3: bpq0: <UP,LOWER_UP> mtu 256 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ax25 88:98:60:a0:92:40:02 brd a2:a6:a8:40:40:40:00
# ip link show dev nr0
4: nr0: <NOARP,UP,LOWER_UP> mtu 236 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/netrom 88:98:60:a0:92:40:0a brd 00:00:00:00:00:00:00
# ip link show dev rose0
8: rose0: <NOARP,UP,LOWER_UP> mtu 249 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/rose 65:09:33:30:00 brd 00:00:00:00:00
This series adds basic support for the three protocols to print addresses:
# ip link show dev bpq0
3: bpq0: <UP,LOWER_UP> mtu 256 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ax25 DL0PI-1 brd QST-0
# ip link show dev nr0
4: nr0: <NOARP,UP,LOWER_UP> mtu 236 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/netrom DL0PI-5 brd *
# ip link show dev rose0
8: rose0: <NOARP,UP,LOWER_UP> mtu 249 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/rose 6509333000 brd 0000000000
ROSE: Print decoded addresses rather than hex numbers.
NETROM is a OSI layer 3 protocol sitting on top of AX.25. It uses BCD-
encoded 10 digit telephone numbers as addresses. Without this ip will
print a ROSE addresses like
link/rose 12:34:56:78:90 brd 00:00:00:00:00
which is readable but ugly. With this applied it ROSE addresses will be
printed as
AX.25 addresses are based on Amateur radio callsigns followed by an SSID
like XXXXXX-SS where the callsign is up to 6 characters which are either
letters or digits and the SSID is a decimal number in the range 0..15.
Amateur radio callsigns are assigned by a country's relevant authorities
and are 3..6 characters though a few countries have assigned callsigns
longer than that. AX.25 is not able to handle such longer callsigns.
Being based on HDLC AX.25 encodes addresses by shifting them one bit left
thus zeroing bit 0, the HDLC extension bit for all but the last bit of
a packet's address field but for our purposes here we're not considering
the HDLC extension bit that is it will always be zero.
Linux' internal representation of AX.25 addresses in Linux is very similar
to this on the on-air or on-the-wire format. The callsign is padded to
6 octets by adding spaces, followed by the SSID octet then all 7 octets
are left-shifted by one byte.
This for example turns "LINUX-1" where the callsign is LINUX and SSID is 1
into 98:92:9c:aa:b0:40:02.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David Ahern <dsahern@kernel.org>
Andrea Claudi [Tue, 21 Sep 2021 09:33:24 +0000 (11:33 +0200)]
lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists
bpf selftests using iproute2 fails with:
$ ip link set dev veth0 xdp object ../bpf/xdp_dummy.o section xdp_dummy
Continuing without mounted eBPF fs. Too old kernel?
mkdir (null)/globals failed: No such file or directory
Unable to load program
This happens when the /sys/fs/bpf directory exists. In this case, mkdir
in bpf_mnt_check_target() fails with errno == EEXIST, and the function
returns -1. Thus bpf_get_work_dir() does not call bpf_mnt_fs() and the
bpffs is not mounted.
Fix this in bpf_mnt_check_target(), returning 0 when the mountpoint
exists.
Fixes: d4fcdbbec9df ("lib/bpf: Fix and simplify bpf_mnt_check_target()") Reported-by: Mingyu Shi <mshi@redhat.com> Reported-by: Jiri Benc <jbenc@redhat.com> Suggested-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: Andrea Claudi <aclaudi@redhat.com> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Provided port range in tc rule are parsed incorrectly.
Even though range is passed as min-max. It throws an error.
$ tc filter add dev eth0 ingress handle 100 priority 10000 protocol ipv4 flower ip_proto tcp dst_port 10368-61000 action pass
max value should be greater than min value
Illegal "dst_port"
Fixes: 8930840e678b ("tc: flower: Classify packets based port ranges") Signed-off-by: Puneet Sharma <pusharma@akamai.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
lib: bpf_legacy: add prog name, load time, uid and btf id in prog info dump
The BPF program name is included when dumping the BPF program info and the
kernel only stores the first (BPF_PROG_NAME_LEN - 1) bytes for the program
name.
$ sudo ip link show dev docker0
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 xdpgeneric qdisc noqueue state UP mode DEFAULT group default
link/ether 02:42:4c:df:a4:54 brd ff:ff:ff:ff:ff:ff
prog/xdp id 789 name xdp_drop_func tag 57cd311f2e27366b jited
The BPF program load time (ns since boottime), UID of the user who loaded
the program and the BTF ID are also included when dumping the BPF program
information when the user expects a detailed ip link info output.
Commit d3432bf10f17 ("net: Support filtering interfaces on no master")
in the kernel added support for filtering interfaces/neighbours that
have no master interface.
This patch completes it and adds this support to iproute2:
1. ip link show nomaster
2. ip address show nomaster
3. ip neighbour {show | flush} nomaster
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com> Signed-off-by: David Ahern <dsahern@gmail.com>
The 'ip link add' invocation template at the top of the ip-macsec man
page formats with a pair of extra double quotes:
ip link add link DEVICE name NAME type macsec [ [ address <lladdr> ]
port PORT | sci <u64> ] [ cipher { default | gcm-aes-128 | gcm-
aes-256"}][" icvlen ICVLEN ] [ encrypt { on | off } ] [ send_sci { on |
This is due to missing whitespace around the gcm-aes-256 identifier
in the source file.
Fixes: b16f525323357 ("Add support for configuring MACsec gcm-aes-256 cipher type.") Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: David Ahern <dsahern@gmail.com>
David Ahern [Mon, 6 Sep 2021 23:03:58 +0000 (17:03 -0600)]
Merge branch 'bridge-mcast_router' into next
Nikolay Aleksandrov says:
====================
This set adds support for vlan port/bridge multicast router option. It is
similar to the already existing bridge-wide mcast_router control. Patch 01
moves attribute adding and parsing together for vlan option setting,
similar to global vlan option setting. It simplifies adding new options
because we can avoid reserved values and additional checks. Patch 02
adds the new mcast_router option and updates the related man page.
Example:
# mark port ens16 as a permanent mcast router for vlan 100
$ bridge vlan set dev ens16 vid 100 mcast_router 2
# disable mcast router for port ens16 and vlan 200
$ bridge vlan set dev ens16 vid 200 mcast_router 0
$ bridge -d vlan show
port vlan-id
ens16 1 PVID Egress Untagged
state forwarding mcast_router 1
100
state forwarding mcast_router 2
200
state forwarding mcast_router 0
Note that this set depends on the latest kernel uapi headers.
Add support for setting and dumping per-vlan/interface mcast_router
option. It controls the mcast router mode of a vlan/interface pair.
For bridge devices only modes 0 - 2 are allowed. The possible modes
are:
0 - disabled
1 - automatic router presence detection (default)
2 - permanent router
3 - temporary router (available only for ports)
Example:
# mark port ens16 as a permanent mcast router for vlan 100
$ bridge vlan set dev ens16 vid 100 mcast_router 2
# disable mcast router for port ens16 and vlan 200
$ bridge vlan set dev ens16 vid 200 mcast_router 0
$ bridge -d vlan show
port vlan-id
ens16 1 PVID Egress Untagged
state forwarding mcast_router 1
100
state forwarding mcast_router 2
200
state forwarding mcast_router 0
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: set vlan option attributes while parsing
Set vlan option attributes immediately while parsing to simplify the
checks, avoid having reserved values (e.g. -1 for unset var) and have
more limited scope for the variables. This is also similar to how global
vlan options are set. The attribute setting and checks are moved with
option parsing, no functional changes intended.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
David Ahern [Mon, 6 Sep 2021 22:59:38 +0000 (16:59 -0600)]
Update kernel headers
Update kernel headers to commit: 27151f177827 ("Merge tag 'perf-tools-for-v5.15-2021-09-04' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux")
Not sure if anyone uses the routel script. The script was
a combination of ip route, shell and awk doing command scraping.
It is now possible to do this much better using the JSON
output formats and python.
Rewriting also fixes the bug where the old script could not parse
the current output format. At the end was getting:
/usr/bin/routel: 48: shift: can't shift that many
The new script also has IPv6 as option.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David Ahern <dsahern@kernel.org>
Commit a9c3d70d902a0473ee5c13336317006a52ce8242 broke backward compatibility
by making 'configure' error out if parameters are passed, instead of
ignoring them.
Sometimes packaging systems detect 'configure' and assume it's from
autotools, and pass a bunch of options. Eg:
Hangbin Liu [Mon, 9 Aug 2021 03:01:53 +0000 (11:01 +0800)]
ip/bond: add lacp active support
lacp_active specifies whether to send LACPDU frames periodically.
If set on, the LACPDU frames are sent along with the configured lacp_rate
setting. If set off, the LACPDU frames acts as "speak when spoken to".
Presently, if a Geneve or VXLAN interface was created with 'external',
it's not possible for a user to determine e.g. the value of 'dstport'
after creation. This change fixes that by avoiding early returns.
This change partly reverts commit 00ff4b8e31af ("ip/tunnel: Be consistent
when printing tunnel collect metadata").
Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David Ahern <dsahern@kernel.org>
Only one of "set", "swap" or "ecn" shall be used in a single tc-skbmod
command. Trying to use more than one of them at a time is considered
undefined behavior; pipe multiple tc-skbmod commands together instead.
"set" and "swap" only affect Ethernet packets, while "ecn" only affects
IP packets.
Depends on kernel patch "net/sched: act_skbmod: Add SKBMOD_F_ECN option
support", as well as iproute2 patch "tc/skbmod: Remove misinformation
about the swap action".
Justin Iurman [Sun, 1 Aug 2021 12:45:51 +0000 (14:45 +0200)]
New IOAM6 encap type for routes
This patch provides a new encap type for routes to insert an IOAM pre-allocated
trace:
$ ip -6 ro ad fc00::1/128 encap ioam6 trace prealloc type 0x800000 ns 1 size 12 dev eth0
where:
- "trace" and "prealloc" may appear as useless but just anticipate for future
implementations of other ioam option types.
- "type" is a bitfield (=u32) defining the IOAM pre-allocated trace type (see
the corresponding uapi).
- "ns" is an IOAM namespace ID attached to the pre-allocated trace.
- "size" is the trace pre-allocated size in bytes; must be a 4-octet multiple;
limited size (see IOAM6_TRACE_DATA_SIZE_MAX).
Signed-off-by: Justin Iurman <justin.iurman@uliege.be> Signed-off-by: David Ahern <dsahern@kernel.org>
Justin Iurman [Sun, 1 Aug 2021 12:45:50 +0000 (14:45 +0200)]
Add, show, link, remove IOAM namespaces and schemas
This patch provides support for adding, listing and removing IOAM namespaces
and schemas with iproute2. When adding an IOAM namespace, both "data" (=u32)
and "wide" (=u64) are optional. Therefore, you can either have none, one of
them, or both at the same time. When adding an IOAM schema, there is no
restriction on "DATA" except its size (see IOAM6_MAX_SCHEMA_DATA_LEN). By
default, an IOAM namespace has no active IOAM schema (meaning an IOAM namespace
is not linked to an IOAM schema), and an IOAM schema is not considered
as "active" (meaning an IOAM schema is not linked to an IOAM namespace). It is
possible to link an IOAM namespace with an IOAM schema, thanks to the last
command below (meaning the IOAM schema will be considered as "active" for the
specific IOAM namespace).
$ ip ioam
Usage: ip ioam { COMMAND | help }
ip ioam namespace show
ip ioam namespace add ID [ data DATA32 ] [ wide DATA64 ]
ip ioam namespace del ID
ip ioam schema show
ip ioam schema add ID DATA
ip ioam schema del ID
ip ioam namespace set ID schema { ID | none }
Signed-off-by: Justin Iurman <justin.iurman@uliege.be> Signed-off-by: David Ahern <dsahern@kernel.org>
ipneigh: add support to print brief output of neigh cache in tabular format
Make use of the already available brief flag and print the basic details of
the IPv4 or IPv6 neighbour cache in a tabular format for better readability
when the brief output is expected.
David Ahern [Wed, 1 Sep 2021 03:32:31 +0000 (21:32 -0600)]
Merge branch 'bridge-vlan-global-mcast' into next
Nikolay Aleksandrov says:
====================
This set adds support for vlan multicast options. The feature is
globally controlled by a new bridge option called mcast_vlan_snooping
which is added by patch 01. Then patches 2-5 add support for dumping
global vlan options and filtering on vlan id. Patch 06 adds support for
setting global vlan options and then patches 07-18 add all the new
global vlan options, finally patch 19 adds support for dumping vlan
multicast router ports. These options are identical in meaning, names and
functionality as the bridge-wide ones.
All the new vlan global commands are under the global keyword:
$ bridge vlan global show [ vid VID dev DEVICE ]
$ bridge vlan global set vid VID dev DEVICE ...
I've added command examples in each commit message. The patch-set is a
bit bigger but the global options follow the same pattern so I don't see
a point in breaking them. All man page descriptions have been taken from
the same current bridge-wide mcast options. The only additional iproute2
change which is left to do is the per-vlan mcast router control which
I'll send separately. Note to properly use this set you'll need the
updated kernel headers where mcast router was moved from a global option
to per-vlan/per-device one (changed uapi enum which was in net-next).
Example:
# enable vlan mcast snooping globally
$ ip link set dev bridge type bridge mcast_vlan_snooping 1
# enable mcast querier on vlan 100
$ bridge vlan global set dev bridge vid 100 mcast_querier 1
# show vlan 100's global options
$ bridge -s vlan global show vid 100
port vlan-id
bridge 100
mcast_snooping 1 mcast_querier 1 mcast_igmp_version 2 mcast_mld_version 1 mcast_last_member_count 2 mcast_last_member_interval 100 mcast_startup_query_count 2 mcast_startup_query_interval 3125 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000
A following kernel patch-set will add selftests which use these commands.
bridge: vlan: add support for dumping router ports
Add dump support for vlan multicast router ports and their details if
requested. If details are requested we print 1 entry per line, otherwise
we print all router ports on a single line similar to how mdb prints
them.
Add control and dump support for the global mcast_querier option which
controls if the bridge will act as a multicast querier for that vlan.
Syntax: $ bridge vlan global set dev bridge vid 1 mcast_querier 1
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_startup_query_interval option
Add control and dump support for the global mcast_startup_query_interval
option which controls the interval between queries in the startup phase.
To be consistent with the same bridge-wide option the value is reported
with USER_HZ granularity and the same granularity is expected when setting
it.
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_startup_query_interval 15000
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_query_response_interval option
Add control and dump support for the global mcast_query_response_interval
option which sets the Max Response Time/Maximum Response Delay for IGMP/MLD
queries sent by the bridge. To be consistent with the same bridge-wide
option the value is reported with USER_HZ granularity and the same
granularity is expected when setting it.
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_query_response_interval 13000
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_query_interval option
Add control and dump support for the global mcast_query_interval
option which controls the interval between queries sent by the bridge
after the end of the startup phase. To be consistent with the same
bridge-wide option the value is reported with USER_HZ granularity and
the same granularity is expected when setting it.
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_query_interval 13000
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_querier_interval option
Add control and dump support for the global mcast_querier_interval
option which controls the interval after which if no other router
queries are seen the bridge will start sending its own queries.
To be consistent with the same bridge-wide option the value is reported
with USER_HZ granularity and the same granularity is expected when
setting it.
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_querier_interval 13000
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_membership_interval option
Add control and dump support for the global mcast_membership_interval
option which controls the interval after which the bridge will leave a
group if no reports have been received for it. To be consistent with the
same bridge-wide option the value is reported with USER_HZ granularity and
the same granularity is expected when setting it.
The default is 26000 (260 seconds).
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_membership_interval 13000
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_last_member_interval option
Add control and dump support for the global mcast_last_member_interval
option which controls the interval between queries to find remaining
members of a group after a leave message. To be consistent with the same
bridge-wide option the value is reported with USER_HZ granularity and
the same granularity is expected when setting it.
The default is 100 (1 second).
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_last_member_interval 200
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_startup_query_count option
Add control and dump support for the global mcast_startup_query_count
option which controls the number of queries the bridge will send on the
vlan during startup phase (default 2).
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_startup_query_count 5
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_last_member_count option
Add control and dump support for the global mcast_last_member_count option
which controls the number of queries the bridge will send on the vlan after
a leave is received (default 2).
Syntax:
$ bridge vlan global set dev bridge vid 1 mcast_last_member_count 10
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Add control and dump support for the global mcast_mld_version option
which controls the MLD version on the vlan (default 1).
Syntax: $ bridge vlan global set dev bridge vid 1 mcast_mld_version 2
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add global mcast_igmp_version option
Add control and dump support for the global mcast_igmp_version option
which controls the IGMP version on the vlan (default 2).
Syntax: $ bridge vlan global set dev bridge vid 1 mcast_igmp_version 3
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Add control and dump support for the global mcast_snooping option which
controls if multicast snooping is enabled or disabled for a single vlan.
Syntax: $ bridge vlan global set dev bridge vid 1 mcast_snooping 1
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add support to set global vlan options
Add support to change global vlan options via a new vlan global
set subcommand similar to the current vlan set subcommand. The man page
and help are updated accordingly. The command works only with bridge
devices. It doesn't support any options yet.
Syntax: $ bridge vlan global set vid VID dev DEV
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add support for vlan filtering when dumping options
In order to allow vlan filtering when dumping options we need to move
all print operations into the option dumping functions and add the
filtering after we've parsed the nested attributes so we can extract the
start and end vlan ids.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: add support to show global vlan options
Add support for new bridge vlan command grouping called global which
operates on global options. The first command it supports is "show".
To do that we update print_vlan_rtm to recognize the global vlan options
attribute and parse it properly.
Man page and help are also updated with the new command.
Syntax is: $ bridge vlan global show [ vid VID ] [ dev DEV ]
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
bridge: vlan: skip unknown attributes when printing options
Skip unknown attributes when printing vlan options in print_vlan_rtm.
Make sure print_vlan_opts doesn't accept attributes it doesn't understand.
Currently we print only one type, later global vlan options support will
be added.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Factor out the code which prints current per-vlan options from
print_vlan_rtm without any changes, later we'll filter based on the vlan
attribute and add support for global vlan option printing.
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Add support for mcast_vlan_snooping option which controls per-vlan
multicast snooping, also update the man page.
Syntax: $ ip link set dev bridge type bridge mcast_vlan_snooping 0/1
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com> Signed-off-by: David Ahern <dsahern@kernel.org>
Jakub Kicinski [Wed, 18 Aug 2021 21:29:46 +0000 (14:29 -0700)]
ss: fix fallback to procfs for raw sockets
Jonas reports that ss -awp does not display any RAW sockets
on a Knoppix 4.4 kernel.
sockdiag_send() diverts to tcpdiag_send() to try the older
netlink interface. tcpdiag_send() works for TCP and DCCP
but not other protocols. Instead of rejecting unsupported
protocols (and missing RAW and SCTP) match on supported ones.
Link: https://lore.kernel.org/netdev/20210815231738.7b42bad4@mmluhan/ Reported-and-tested-by: Jonas Bechtel <post@jbechtel.de> Fixes: 41fe6c34de50 ("ss: Add inet raw sockets information gathering via netlink diag interface") Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Gokul Sivakumar [Tue, 17 Aug 2021 17:28:07 +0000 (22:58 +0530)]
man: bridge: fix the typo to change "-c[lor]" into "-c[olor]" in man page
Fixes: 3a1ca9a5b ("bridge: update man page for new color and json changes") Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Gokul Sivakumar [Tue, 17 Aug 2021 17:28:06 +0000 (22:58 +0530)]
bridge: fdb: don't colorize the "dev" & "dst" keywords in "bridge -c fdb"
To be consistent with the colorized output of "ip" command and to increase
readability, stop highlighting the "dev" & "dst" keywords in the colorized
output of "bridge -c fdb" cmd.
Example: in the following "bridge -c fdb" entry, only "00:00:00:00:00:00",
"vxlan100" and "2001:db8:2::1" fields should be highlighted in color.
00:00:00:00:00:00 dev vxlan100 dst 2001:db8:2::1 self permanent
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Gokul Sivakumar [Tue, 17 Aug 2021 17:28:05 +0000 (22:58 +0530)]
bridge: reorder cmd line arg parsing to let "-c" detected as "color" option
As per the man/man8/bridge.8 page, the shorthand cmd line arg "-c" can be
used to colorize the bridge cmd output. But while parsing the args in while
loop, matches() detects "-c" as "-compressedvlans" instead of "-color", so
fix this by doing the check for "-color" option first before checking for
"-compressedvlans".
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Hangbin Liu [Mon, 16 Aug 2021 07:49:05 +0000 (15:49 +0800)]
ip/bond: add arp_validate filter support
Add arp_validate filter support based on kernel commit 896149ff1b2c
("bonding: extend arp_validate to be able to receive unvalidated arp-only traffic")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
devlink: Show port state values in man page and in the help command
Port function state can have either of the two values - active or
inactive. Update the documentation and help command for these two
values to tell user about it.
With the introduction of state, hw_addr and state are optional.
Hence mark them as optional in man page that also aligns with the help
command output.
Fixes: bdfb9f1bd61a ("devlink: Support set of port function state") Signed-off-by: Parav Pandit <parav@nvidia.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Hangbin Liu [Mon, 9 Aug 2021 03:01:53 +0000 (11:01 +0800)]
ip/bond: add lacp active support
lacp_active specifies whether to send LACPDU frames periodically.
If set on, the LACPDU frames are sent along with the configured lacp_rate
setting. If set off, the LACPDU frames acts as "speak when spoken to".
projects / thirdparty / iproute2.git / log
