This work adds the tc frontend for kernel commit e2e9b6541dd4 ("cls_bpf:
add initial eBPF support for programmable classifiers").

A C-like classifier program (f.e. see e2e9b6541dd4) is being compiled via
LLVM's eBPF backend into an ELF file, that is then being passed to tc. tc
then loads, if any, eBPF maps and eBPF opcodes (with fixed-up eBPF map file
descriptors) out of its dedicated sections, and via bpf(2) into the kernel
and then the resulting fd via netlink down to cls_bpf. cls_bpf allows for
annotations, currently, I've used the file name for that, so that the user
can easily identify his filter when dumping configurations back.

Example usage:

  clang -O2 -emit-llvm -c cls.c -o - | llc -march=bpf -filetype=obj -o cls.o
  tc filter add dev em1 parent 1: bpf run object-file cls.o classid x:y

  tc filter show dev em1 [...]
  filter parent 1: protocol all pref 49152 bpf handle 0x1 flowid x:y cls.o

I placed the parser bits derived from Alexei's kernel sample, into tc_bpf.c
as my next step is to also add the same support for BPF action, so we can
have a fully fledged eBPF classifier and action in tc.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>

Lastest features

Include the bpf.h uapi header file.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

Joining multicast group on ethernet level via "ip maddr" command would
not work if we have an Ethernet switch that does igmp snooping since
the switch would not replicate multicast packets on ports that did not
have IGMP reports for the multicast addresses.

Linux vxlan interfaces created via "ip link add vxlan" have the group option
that enables then to do the required join.

By extending ip address command with option "autojoin" we can get similar
functionality for openvswitch vxlan interfaces as well as other tunneling
mechanisms that need to receive multicast traffic.

example:
ip address add 224.1.1.10/24 dev eth5 autojoin
ip address del 224.1.1.10/24 dev eth5

On ip route print dump, label externally offloaded routes with "external".
Offloaded routes are flagged with RTNH_F_EXTERNAL, a recent additon to
net-next.  For example:

$ ip route
default via 192.168.0.2 dev eth0
11.0.0.0/30 dev swp1  proto kernel  scope link  src 11.0.0.2 external
11.0.0.4/30 via 11.0.0.1 dev swp1  proto zebra  metric 20 external
11.0.0.8/30 dev swp2  proto kernel  scope link  src 11.0.0.10 external
11.0.0.12/30 via 11.0.0.9 dev swp2  proto zebra  metric 20 external
12.0.0.2  proto zebra  metric 30 external
        nexthop via 11.0.0.1  dev swp1 weight 1
        nexthop via 11.0.0.9  dev swp2 weight 1
12.0.0.3 via 11.0.0.1 dev swp1  proto zebra  metric 20 external
12.0.0.4 via 11.0.0.9 dev swp2  proto zebra  metric 20 external
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.15
Signed-off-by: Scott Feldman <sfeldma@gmail.com>
Reviewed-by: Jiri Pirko <jiri@resnulli.us>

Use sanitized headers from 4.0.0-rc3

Next argument after the tc opcode/verdict is optional, using NEXT_ARG()
requires to have another argument after that one otherwise tc will bail
out. Therefore, we need to advance to the next argument manually as done
elsewhere.

Fixes: 86ab59a6 ("tc: add support for BPF based actions")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Jiri Pirko <jiri@resnulli.us>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

commit f3a2ddc1 ("lib utils: Use helpers to get AF bit/byte len")
used a wrong family or family of zero in the default case
during af_bit_len calculation causing ip route commands to
fail with below error

Error: an inet prefix is expected rather than "10.0.2.14/24".
Reported-by: Sven-Haegar Koch <haegar@sdinet.de>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>

Don't insert newline in -o (oneline) mode; print mark as hex.

Oneline mode is supposed to force all output to be on oneline and
machine-parsable, but this isn't the case for "ip xfrm" as shown:

% ip -o xfrm monitor
...
src 0.0.0.0/0 dst 0.0.0.0/0 \   dir out priority 2051 ptype main \  mark -1879048191/0xffffffff
    tmpl src 203.0.130.10 dst 198.51.130.30\        proto esp reqid 16384 mode tunnel\
...

as that's 2 lines, not one. Also, the "mark" is shown in signed
decimal, but the mask is in hex. This is confusing: let's use
hex for both.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>

This patch replaces exits with returns in several
iproute2 commands. This fixes `ip -batch -force`
to not exit but continue on errors.

$cat c.txt
route del 1.2.3.0/24 dev eth0
route del 1.2.4.0/24 dev eth0
route del 1.2.5.0/24 dev eth0
route add 1.2.3.0/24 dev eth0

$ip -force -batch c.txt
RTNETLINK answers: No such process
Command failed c.txt:2
RTNETLINK answers: No such process
Command failed c.txt:3
Reported-by: Sven-Haegar Koch <haegar@sdinet.de>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>

While looking at the manpage, I noticed a reference to 'embedded' that was
added by this commit:

	commit d611682a
	Author: John Fastabend <john.r.fastabend@intel.com>
	Date:   Thu Sep 13 23:50:36 2012 -0700

	    iproute2: bridge: finish removing replace option in man pages

I no longer see any reference to the 'embedded' option in any c- or h-files, so
it seems worthwhile to remove.
Signed-off-by: Andy Gospodarek <gospo@cumulusnetworks.com>
CC: John Fastabend <john.r.fastabend@intel.com>

Where used in the ip tool, the 'show' option always has the synonyms
'list' and 'lst', except for ip-token and ip-addrlabel, which are missing
'lst'. Add this as a synonym for these commands.
Signed-off-by: Mark Einon <mark.einon@gmail.com>

It is possible to use class names from file /etc/iproute2/cls_names
which tc will use when showing class info:

    # tc/tc -nm class show dev lo
	class htb 1:10 parent 1:1 leaf 10: prio 0 rate 5Mbit ceil 5Mbit burst 15Kb cburst 1600b
	class htb 1:1 root rate 6Mbit ceil 6Mbit burst 15Kb cburst 1599b
	class htb web#1:20 parent 1:1 leaf 20: prio 0 rate 3Mbit ceil 6Mbit burst 15Kb cburst 1599b
	class htb 1:2 root rate 6Mbit ceil 6Mbit burst 15Kb cburst 1599b
	class htb 1:30 parent 1:1 leaf 30: prio 0 rate 1Kbit ceil 6Mbit burst 15Kb cburst 1599b
	class htb voip#1:40 parent 1:2 leaf 40: prio 0 rate 5Mbit ceil 5Mbit burst 15Kb cburst 1600b
	class htb 1:50 parent 1:2 leaf 50: prio 0 rate 3Mbit ceil 6Mbit burst 15Kb cburst 1599b
	class htb 1:60 parent 1:2 leaf 60: prio 0 rate 1Kbit ceil 6Mbit burst 15Kb cburst 1599b

or to specify via file path:

    # tc/tc -nm -cf /tmp/cls_names class show dev lo

Class names file contains simple "maj:min  name" structure:

1:20    web
1:40    voip
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Observed on the Linux 3.18:

    # ip netns
    RTNETLINK answers: Operation not supported
    net0

CC: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Fixes: d182ee13 ("ipnetns: allow to get and set netns ids")
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Added funcs to get AF_XXX len in bit/bytes and replace
places where switch(AF_XXX) is used for this.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Socket cookies are 64bit, even if ss happens to be
a 32bit binary, running on a 64 bit host.
Signed-off-by: Eric Dumazet <edumazet@google.com>

Ugly change but it allows to specify sport/dport w/o ':'

    # ss dport = 80 and sport = 44862
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Also added some trivial form of the ID as "major:minor",
just for visualisation of explained words.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Added some clarification why 'ip link set netns' can not
change network namespace for some kind of devices.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Left-overs when copying this over from cls_bpf. ;) Lets remove them.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Jiri Pirko <jiri@resnulli.us>

Add missing GUE/FOU manpages to Makefile
Signed-off-by: Ebben Aries <exa@fb.com>

This patch adds support to specify 'master' keyword,
to target a bridge link command explicitly to the software
bridge driver.

Adds self/master keywords to usage and man page

v2:
	fix usage to say (self and master) and not (self or master)
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Keep ss output consistent and format DCTCP socket statistics similar to skmen
and timer where a group of logical values are grouped by brackets. This makes
parser scripts *and* humans more happy.

Current output of 'ss -inetm dst :80':
ESTAB       0      0 192.168.11.14:55511 173.194.66.189:443
        timer:(keepalive,14sec,0) uid:1000 ino:428768
        sk:ffff88020ceb5b00 <-> skmem:(r0,rb372480,t0,tb87040,f0,w0,o0,bl0)
        ts sack wscale:7,7 rto:250 rtt:49.225/20.837 ato:40 mss:1408 cwnd:10
        ce_state 23 alpha 23 ab_ecn 23 ab_tot 23 send 2.3Mbps
        lastsnd:121026 lastrcv:121026 lastack:30850 pacing_rate 4.6Mbps
        retrans:0/2 rcv_rtt:40.416 rcv_space:2920

New grouped output:
ESTAB       0      0 192.168.11.14:55511 173.194.66.189:443
        timer:(keepalive,14sec,0) uid:1000 ino:428768
        sk:ffff88020ceb5b00 <-> skmem:(r0,rb372480,t0,tb87040,f0,w0,o0,bl0)
        ts sack wscale:7,7 rto:250 rtt:49.225/20.837 ato:40 mss:1408 cwnd:10
        dctcp(ce_state:23,alpha:23,ab_ecn:23,ab_tot:23) send 2.3Mbps
        lastsnd:121026 lastrcv:121026 lastack:30850 pacing_rate 4.6Mbps
        retrans:0/2 rcv_rtt:40.416 rcv_space:2920

Cc: Stephen Hemminger <stephen@networkplumber.org>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>

Now done by default or with 'ip monitor rule'.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Detailed info can be printed if filter should not pass
the socket info.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

The existing behaviour forces one to memorize the integer constants for
STP port states.

    # bridge link set dev dummy0 state 3

This patch makes it possible to use the lowercased port state name.

    # bridge link set dev dummy0 state forwarding

Invalid non-integer inputs now cause exit with status -1.
Signed-off-by: Alex Pilon <alp@alexpilon.ca>

When this attribute is set, it means that the i/o part of the related netdevice
is in another netns.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

This new attribute is now advertised by the kernel for x-netns interfaces.
It's also possible to set it when an interface is created (and thus creating a
x-netns interface with one single message).

Example:
 $ ip netns add foo
 $ ip netns add bar
 $ ip -n foo netns set bar 15
 $ ip -n foo link add ipip1 link-netnsid 15 type ipip remote 10.16.0.121 local 10.16.0.249
 $ ip -n foo link ls ipip1
 3: ipip1@NONE: <POINTOPOINT,NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default
     link/ipip 10.16.0.249 peer 10.16.0.121 link-netnsid 15
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

The kernel now provides ids for peer netns. This patch implements a new command
'set' to assign an id.
When netns are listed, if an id is assigned, it is now displayed.

Example:
 $ ip netns add foo
 $ ip netns set foo 1
 $ ip netns
 foo (id: 1)
 init_net
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Just to be aligned with the usage output.
Signed-off-by: Vadim Kochan <vadim4j@gmail.com>

Signed-off-by: Bryton Lee <brytonlee01@gmail.com>

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>