1. 29 Aug, 2014 1 commit
  2. 04 Aug, 2014 9 commits
    • Stephen Hemminger's avatar
      Merge branch 'net-next' · cd635074
      Stephen Hemminger authored
      cd635074
    • Stephen Hemminger's avatar
      v3.16.0 · a9ae4224
      Stephen Hemminger authored
      a9ae4224
    • Jiri Pirko's avatar
      ff7c2084
    • Stephen Hemminger's avatar
      Update kernel headers to net-next · 945eaebd
      Stephen Hemminger authored
      945eaebd
    • Stephen Hemminger's avatar
      cleanup warnings · 656111b2
      Stephen Hemminger authored
      ll_index can return -1 but was declared unsigned.
      rt_addr_n2a had unused length parameter
      656111b2
    • Jay Vosburgh's avatar
      tc/netem: loss gemodel options fixes · 3757185b
      Jay Vosburgh authored
      First, the default value for 1-k is documented as being 0, but is
      currently being set to 1. (100%).  This causes all packets to be dropped
      in the good state if 1-k is not explicitly specified.  Fix this by setting
      the default to 0.
      
      	Second, the 1-h option is parsed correctly, however, the kernel is
      expecting "h", not 1-h.  Fix this by inverting the "1-h" percentage before
      sending to and after receiving from the kernel.  This does change the
      behavior, but makes it consistent with the netem documentation and the
      literature on the Gilbert-Elliot model, which refer to "1-h" and "1-k,"
      not "h" or "k" directly.
      
      	Last, fix a minor formatting issue for the options reporting.
      Signed-off-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      3757185b
    • Jamal Hadi Salim's avatar
      iproute2 bridge: bring to above par with brctl show macs · aeb14eb0
      Jamal Hadi Salim authored
      root@moja-mojo:bridge# ./bridge fdb help
      Usage: bridge fdb { add | append | del | replace } ADDR dev DEV {self|master} [ temp ]
                    [router] [ dst IPADDR] [ vlan VID ]
                    [ port PORT] [ vni VNI ] [via DEV]
             bridge fdb {show} [ br BRDEV ] [ brport DEV ]
      
       Lets start with two bridges each with a port...
      
      root@moja-mojo:bridge# ./bridge link
      10: sw1-p1 state DOWN : <BROADCAST,NOARP> mtu 1500 master sw1 state disabled priority 32 cost 100
      11: eth1 state DOWN : <BROADCAST,NOARP> mtu 1500 master br0 state disabled priority 32 cost 100
      
      show all...
      root@moja-mojo:bridge# ./bridge fdb show
      33:33:00:00:00:01 dev ifb0 self permanent
      33:33:00:00:00:01 dev ifb1 self permanent
      33:33:00:00:00:01 dev eth0 self permanent
      01:00:5e:00:00:01 dev eth0 self permanent
      33:33:ff:92:c0:60 dev eth0 self permanent
      33:33:00:00:00:fb dev eth0 self permanent
      01:00:5e:00:00:fb dev eth0 self permanent
      01:00:5e:7f:ff:fd dev eth0 self permanent
      01:00:5e:00:00:01 dev wlan0 self permanent
      33:33:00:00:00:01 dev wlan0 self permanent
      33:33:ff:c2:84:3b dev wlan0 self permanent
      33:33:00:00:00:fb dev wlan0 self permanent
      01:00:5e:00:00:01 dev virbr0 self permanent
      01:00:5e:00:00:fb dev virbr0 self permanent
      33:33:00:00:00:01 dev br0 self permanent
      33:33:00:00:00:01 dev sw1 self permanent
      33:33:00:00:00:01 dev dummy0 self permanent
      5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent
      33:33:00:00:00:01 dev sw1-p1 self permanent
      b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
      33:33:00:00:00:01 dev eth1 self permanent
      
      Lets see a netdev that is *not* attached to a bridge
      
      root@moja-mojo:bridge# ./bridge fdb show brport eth0
      33:33:00:00:00:01 self permanent
      01:00:5e:00:00:01 self permanent
      33:33:ff:92:c0:60 self permanent
      33:33:00:00:00:fb self permanent
      01:00:5e:00:00:fb self permanent
      01:00:5e:7f:ff:fd self permanent
      
      Lets see a netdev that is bridge port
      root@moja-mojo:bridge# ./bridge fdb show brport eth1
      hadi@jhs-1:/media/MT1/other-gits/iproute-jul04/bridge$ ./bridge fdb show brport eth1
      b6:5e:dd:ce:d7:5e vlan 0 master br0 permanent
      33:33:00:00:00:01 self permanent
      
      Specify the correct bridge and you get good stuff
      root@moja-mojo:bridge# ./bridge fdb show brport eth1 br br0
      6:5e:dd:ce:d7:5e vlan 0 master br0 permanent
      33:33:00:00:00:01 self permanent
      
      Specify the wrong bridge and you get good nada
      root@moja-mojo:bridge# ./bridge fdb show brport eth1 br sw1
      
      dump br0
      root@moja-mojo:bridge# ./bridge fdb show br br0
      33:33:00:00:00:01 dev br0 self permanent
      b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
      33:33:00:00:00:01 dev eth1 self permanent
      
      dump sw1
      root@moja-mojo:bridge# ./bridge fdb show br sw1
      33:33:00:00:00:01 dev sw1 self permanent
      5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master sw1 permanent
      33:33:00:00:00:01 dev sw1-p1 self permanent
      
      Lets move a port from one bridge to another for shits-and-giggles
      (as the New Brunswickians like to say)
      root@moja-mojo:bridge# ip link set sw1-p1 master br0
      
      Now dump again br0
      root@moja-mojo:bridge# ./bridge fdb show br br0
      33:33:00:00:00:01 dev br0 self permanent
      5e:f4:03:44:da:9a dev sw1-p1 vlan 0 master br0 permanent
      33:33:00:00:00:01 dev sw1-p1 self permanent
      b6:5e:dd:ce:d7:5e dev eth1 vlan 0 master br0 permanent
      33:33:00:00:00:01 dev eth1 self permanent
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      aeb14eb0
    • Roopa Prabhu's avatar
      link dump filter · 50b9950d
      Roopa Prabhu authored
      This patch avoids a full link wildump request when the user has specified
      a single link. Uses RTM_GETLINK without the NLM_F_DUMP flag.
      
      This helps on a system with large number of interfaces.
      
      This patch currently only uses the link ifindex in the filter.
      Hoping to provide a subsequent kernel patch to do link dump filtering on
      other attributes in the kernel.
      
      In iplink_get, to be safe, this patch currently sets the answer buffer
      size to the max size that libnetlink rtnl_talk can copy. The current api
      does not seem to provide a way to indicate the answer buf size.
      
      changelog from RFC to v1:
          - incorporated comments from stephen (fixed comment and fixed if/else block)
      
      changelog from v1 to v2:
          - fix whitespaces error
      Signed-off-by: default avatarRoopa Prabhu <roopa@cumulusnetworks.com>
      50b9950d
    • Rami Rosen's avatar
      iplink: macvtap: fix man page · e4c35682
      Rami Rosen authored
      This patch adds description about macvtap to ip-link.8 man page.
      Signed-off-by: default avatarRami Rosen <ramirose@gmail.com>
      e4c35682
  3. 15 Jul, 2014 5 commits
    • Dmitry Popov's avatar
      fix ip tunnel for vti tunnels with ikey · 23d526c4
      Dmitry Popov authored
      Consider the following command:
      
      ip tunnel add mode vti remote 12.0.0.1 local 12.0.0.3 ikey 15
      
      i_flags will be GRE_KEY|VTI_ISVTI. So, in order to distinguish between ipip and
      vti we have to check just VTI_ISVTI bit, not the equality of i_flags and
      VTI_ISVTI.
      
      * Note, that there also was a bug in ip_tunnel/ip_vti, see
      commit 7c8e6b9c281(ip_vti: Fix 'ip tunnel add' with 'key' parameters),
      https://lkml.org/lkml/2014/6/7/125.
      Even patched iproute could be unable to create vti tunnels with non-zero keys.
      
      1) Unpatched iproute2:
      [root@vm ~]# ip tunnel show
      [root@vm ~]# lsmod | egrep '(ipip|vti)'
      [root@vm ~]# ip tunnel add mode vti ikey 1
      [root@vm ~]# lsmod | egrep '(ipip|vti)'
      ipip                    4197  0 
      tunnel4                 1659  1 ipip
      ip_tunnel               9295  1 ipip
      [root@vm ~]# ip tunnel show
      tunl0: ip/ip  remote any  local any  ttl inherit
      [root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
      [root@vm ~]# ip tunnel show
      ipip0: ip/ip  remote 1.2.3.4  local any  ttl inherit 
      tunl0: ip/ip  remote any  local any  ttl inherit 
      [root@vm ~]# lsmod | egrep '(ipip|vti)'
      ipip                    4197  0 
      tunnel4                 1659  1 ipip
      ip_tunnel               9295  1 ipip
      
      # ipip tunnels are created instead of vti
      
      2) Patched iproute2:
      [root@vm ~]# ip tunnel show
      [root@vm ~]# lsmod | egrep '(ipip|vti)'
      [root@vm ~]# ip tunnel add mode vti ikey 1
      [root@vm ~]# lsmod | egrep '(ipip|vti)'
      ip_vti                  5258  0 
      ip_tunnel               9295  1 ip_vti
      [root@vm ~]# ip tunnel show
      vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0 
      ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0
      [root@vm ~]# ip tunnel add mode vti remote 1.2.3.4 ikey 2
      [root@vm ~]# ip tunnel show
      vti0: ip/ip  remote any  local any  ttl inherit  ikey 1  okey 0
      vti1: ip/ip  remote 1.2.3.4  local any  ttl inherit  ikey 2  okey 0 
      ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0
      
      # Vti tunnels are created as expected
      # * If you have unpatched kernel your vti tunnels will have ikey == okey == 0
      
      Same story exists with ip tunnel show/del with non-zero [io]key: requests are 
      routed to tunl0 instead of ip_vti0.
      Signed-off-by: default avatarDmitry Popov <ixaphire@qrator.net>
      23d526c4
    • Vasily Averin's avatar
      ipnetns: fixed typo "seting" -> "setTing" · 31962449
      Vasily Averin authored
      Signed-off-by: default avatarVasily Averin <vvs@openvz.org>
      31962449
    • Daniel Borkmann's avatar
      man: token: fix couple of typos · cd509528
      Daniel Borkmann authored
      Not sure how these typos slipped in back then, I suspect
      too much coffee. ;) So lets fix them up properly.
      Signed-off-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      cd509528
    • vadimk's avatar
      ip: Added missing usage for netconf object · cfea8b35
      vadimk authored
      cfea8b35
    • Masatake YAMATO's avatar
      ip: add nlmon as a device type to help message · 7968262d
      Masatake YAMATO authored
      Though nlmon device can be added, it was not listed
      in the output of "ip link help".
      Signed-off-by: default avatarMasatake YAMATO <yamato@redhat.com>
      Acked-by: default avatarDaniel Borkmann <dborkman@redhat.com>
      7968262d
  4. 14 Jul, 2014 3 commits
  5. 10 Jun, 2014 2 commits
  6. 09 Jun, 2014 9 commits
    • Roopa Prabhu's avatar
      bridge: Add master device name to bridge fdb show · cc273a51
      Roopa Prabhu authored
      This patch adds master dev name from NDA_MASTER netlink attribute
       to bridge fdb show output
      
      current iproute2 tries to print 'master' in the output if NTF_MASTER
      is present. But, kernel today does not set NTF_MASTER during dump
      requests. Which means I have not seen iproute2 bridge cmd print 'master' atall.
      This patch overrides the NTF_MASTER flag if NDA_MASTER attribute is present.
      
      Example output:
      
      before this patch:
      # bridge fdb show
      44:38:39:00:27:ba dev bond2.2003 permanent
      44:38:39:00:27:bb dev bond4.2003 permanent
      44:38:39:00:27:bc dev bond2.2004 permanent
      
      After this patch:
      # bridge fdb show
      44:38:39:00:27:ba dev bond2.2003 master br-2003 permanent
      44:38:39:00:27:bb dev bond4.2003 master br-2003 permanent
      44:38:39:00:27:bc dev bond2.2004 master br-2004 permanent
      
      For comparision with the above, below is the output for NTF_SELF today,
      # bridge fdb show
      33:33:00:00:00:01 dev eth0 self permanent
      01:00:5e:00:00:01 dev eth0 self permanent
      33:33:ff:00:01:cc dev eth0 self permanent
      
      If change in output is a concern, 'master' can be put at the end of the fdb
      output line or made optional with -d[etails] option.
      
      change from v1 to v2:
          use 'bridge' instead of 'master' in fdb show output
      
      change from v2 to v3:
          use 'master' instead of 'bridge' in fdb show output
          (master could also be a vxlan device)
      Signed-off-by: default avatarWilson Kok <wkok@cumulusnetworks.com>
      Signed-off-by: default avatarRoopa Prabhu <roopa@cumulusnetworks.com>
      cc273a51
    • Sucheta Chakraborty's avatar
      Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool · f89a2a05
      Sucheta Chakraborty authored
      o "min_tx_rate" option has been added for minimum Tx rate. Hence, for
        consistent naming, "max_tx_rate" option has been introduced for maximum
        Tx rate.
      
      o Change in v2: "rate" can be used along with "max_tx_rate".
        When both are specified, "max_tx_rate" should override.
      
      o Change in v3:
        * IFLA_VF_RATE: When IFLA_VF_RATE is used, and user has given only one of
          min_tx_rate or max_tx_rate, reading of previous rate limits is done in
          userspace instead of in kernel space before ndo_set_vf_rate.
      
        * IFLA_VF_TX_RATE: When IFLA_VF_TX_RATE is used, min_tx_rate is always read
          in kernel space. This takes care of below scenarios:
          (1) when old tool sends "rate" but kernel is new (expects min and max)
          (2) when new tool sends only "rate" but kernel is old (expects only "rate")
      
      o Change in v4 as suggested by Stephen Hemminger:
        * As per iproute policy, input and output formats should match. Changing display
          of max_tx_rate and min_tx_rate options accordingly.
      	./ip/ip link show p3p1
      	8: p3p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000
              link/ether 00:0e:1e:16:ce:40 brd ff:ff:ff:ff:ff:ff
              vf 0 MAC 2a:18:8f:4d:3d:d4, tx rate 700 (Mbps), max_tx_rate 700Mbps, min_tx_rate 200Mbps
              vf 1 MAC 72:dc:ba:f9:df:fd
      Signed-off-by: default avatarSucheta Chakraborty <sucheta.chakraborty@qlogic.com>
      f89a2a05
    • Stephen Hemminger's avatar
      Update to current net-next kernel headers · fd5c1d43
      Stephen Hemminger authored
      Update sanitized headers
      fd5c1d43
    • Jiri Pirko's avatar
    • Jiri Pirko's avatar
      iproute2: arpd: use ll_addr_a2n and ll_addr_n2a · dd50247d
      Jiri Pirko authored
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      dd50247d
    • Yang Yingliang's avatar
      fq: allow options of fair queue set to ~0U · aeb199d5
      Yang Yingliang authored
      Some options of fair queue cannot be (~0U). It leads to maxrate
      cannot be reset to unlimited because it cannot be (~0U). Allow
      the options being ~0U.
      
      Tested by the following command:
       # tc qdisc add dev eth4 root handle 1: fq limit 2000 flow_limit 200 maxrate 100mbit quantum 2000 initial_quantum 1600
       # tc -s -d qdisc show
      qdisc fq 1: dev eth4 root refcnt 2 limit 2000p flow_limit 200p buckets 1024 quantum 2000 initial_quantum 1600 maxrate 100Mbit
       Sent 1492 bytes 10 pkt (dropped 0, overlimits 0 requeues 0)
       backlog 0b 0p requeues 0
        1 flows (0 inactive, 0 throttled)
        0 gc, 0 highprio, 0 throttled
      
       # tc qdisc change dev eth4 root handle 1: fq limit 4294967295 flow_limit 4294967295 maxrate 34359738360 quantum 4294967295 initial_quantum 4294967295
       # tc -s -d qdisc show
      qdisc fq 1: dev eth4 root refcnt 2 limit 4294967295p flow_limit 4294967295p buckets 1024 quantum 4294967295 initial_quantum 4294967295
       Sent 38372 bytes 216 pkt (dropped 0, overlimits 0 requeues 0)
       backlog 0b 0p requeues 0
        2 flows (1 inactive, 0 throttled)
        0 gc, 2 highprio, 7 throttled
      Suggested-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      aeb199d5
    • Andreas Henriksson's avatar
      bridge: Make filter_index match in signedness · 9dca899b
      Andreas Henriksson authored
      Michael Tautschnig wrote:
      
      During a rebuild [...]. Please note that we use our research
      compiler tool-chain (using tools from the cbmc package), which permits extended
      reporting on type inconsistencies at link time.
      
      [...]
      gcc   bridge.o fdb.o monitor.o link.o mdb.o vlan.o ../lib/libnetlink.a ../lib/libutil.a  ../lib/libnetlink.a ../lib/libutil.a -o bridge
      file link.c line 18: error: conflicting types for variable "filter_index"
      old definition in module fdb file fdb.c line 29
      signed int
      new definition in module link file link.c line 18
      unsigned int
      <builtin>: recipe for target 'bridge' failed
      make[3]: *** [bridge] Error 64
      make[3]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-iproute2/iproute2-3.14.0/bridge'
      Makefile:45: recipe for target 'all' failed
      
      While practical constraints may limit the value of filter_index to remain within
      the bounds of a positive signed int, there is certainly no such guarantee here.
      Also, a plain majority vote suggests that this really just a wrong declaration
      in link.c as several declarations of filter_index as signed int exist.
      
      [...]
      
      My followup on this was:
      
      I think the majority is wrong.
      
      filter_index is assigned exclusively from if_nametoindex or ll_name_to_index
      which both return unsigned int.
      
      Changing it to unsigned everywhere seems better.
      
      This has been minimally tested by using the bridge tool
      to add vids and showing available vids on different devices.
      Reported-by: default avatarMichael Tautschnig <mt@debian.org>
      Signed-off-by: default avatarAndreas Henriksson <andreas@fatal.se>
      9dca899b
    • Cong Wang's avatar
      do not exit silently when link is not found · 0cb6bb51
      Cong Wang authored
      When we create a tunnel on top of a link and the link specified
      in cmdline doesn't exist, an error message should be shown.
      
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      0cb6bb51
    • Eric Dumazet's avatar
      ss: display pacing_rate/max_pacing_rate · eb6028b2
      Eric Dumazet authored
      Since linux-3.15, kernel exports tcpi_pacing_rate and
      tcpi_max_pacing_rate in tcp_info
      
      Add TCP pacing_rate information on ss -i output :
      
      lpaa23:~# ./ss -ti dst 10.246.7.151
      State      Recv-Q Send-Q   Local Address:Port       Peer Address:Port
      ESTAB      0      325800    10.246.7.151:57614
      10.246.7.152:46811
      	 cubic wscale:7,7 rto:201 rtt:0.081/0.006 mss:1448 cwnd:90 ssthresh:63
      send 12871.1Mbps pacing_rate 15397.8Mbps unacked:90 retrans:0/305
      rcv_space:29200
      
      If SO_MAX_PACING_RATE is set on the socket, we add /max_pacing_rate as
      in :
      
      ... pacing_rate 1570.5Mbps/2.0Gbps ...
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      eb6028b2
  7. 29 May, 2014 4 commits
  8. 28 May, 2014 6 commits
    • Oliver Hartkopp's avatar
      iplink: can: fix help text and man page · 2b70fe15
      Oliver Hartkopp authored
      Controller Area Network (CAN) interfaces are physical network interfaces.
      They can't be 'created' like software devices by 'ip link add type can'.
      Signed-off-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
      2b70fe15
    • Jiri Pirko's avatar
      iproute2: ipa: show port id · c8970674
      Jiri Pirko authored
      Signed-off-by: default avatarJiri Pirko <jiri@resnulli.us>
      c8970674
    • Jamal Hadi Salim's avatar
      actions: correctly report the number of actions flushed · 288abf51
      Jamal Hadi Salim authored
      This also fixes a long standing bug of not sanely reporting the
      action chain ordering
      
      Sample scenario test
      
      on window 1(event window):
      run "tc monitor" and observe events
      
      on window 2:
      sudo tc actions add action drop index 10
      sudo tc actions add action ok index 12
      sudo tc actions ls action gact
      sudo tc actions flush action gact
      
      See the event window reporting two entries
      (doing another listing should show empty generic actions)
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      288abf51
    • Jamal Hadi Salim's avatar
      actions: keyword flowid or classid terminates action pipeline · 9282d08d
      Jamal Hadi Salim authored
      scenario testcase:
      
      TC="sudo ./tc/tc"
      DEV="dev eth0"
      $TC qdisc del $DEV ingress
      $TC qdisc add $DEV ingress
      $TC filter add $DEV parent ffff: protocol ip u32 match ip src 10.0.0.0/24 action police rate 6Mbit burst 6Mbit drop flowid :1
      $TC filter add $DEV parent ffff: protocol ip u32 match ip dst 10.0.0.0/24 action police rate 1Gbit burst 1Gbit pass flowid :1
      $TC -s filter ls $DEV parent ffff: protocol ip
      $TC qdisc del $DEV ingress
      $TC qdisc add $DEV ingress
      $TC filter add $DEV parent ffff: protocol ip u32 match ip src 10.0.0.0/24 flowid 1:1 action police rate 6Mbit burst 6Mbit drop
      $TC filter add $DEV parent ffff: protocol ip u32 match ip dst 10.0.0.0/24 flowid 1:2 action police rate 1Gbit burst 1Gbit pass
      
      $TC -s filter ls $DEV parent ffff: protocol ip
      $TC qdisc del $DEV ingress
      $TC qdisc add $DEV ingress
      $TC filter add $DEV parent ffff: protocol ip pref 10 \
      u32 match ip protocol 1 0xff \
      flowid 1:10 \
      action skbedit mark 11 \
      action police rate 10kbit burst 10k pipe index 1 \
      action skbedit mark 12 \
      action police rate 20kbit burst 20k pipe index 2 \
      action mirred egress mirror dev dummy0
      
      $TC -s filter ls $DEV parent ffff: protocol ip
      $TC qdisc del $DEV ingress
      $TC qdisc add $DEV ingress
      $TC filter add $DEV parent ffff: protocol ip pref 10 \
      u32 match ip protocol 1 0xff \
      action skbedit mark 11 \
      action police rate 10kbit burst 10k pipe index 1 \
      action skbedit mark 12 \
      action police rate 20kbit burst 20k pipe index 2 \
      action mirred egress mirror dev dummy0 \
      flowid 1:10
      
      $TC -s filter ls $DEV parent ffff: protocol ip
      Reported-by: default avatarSeann Herdejurgen <seann@herdejurgen.com>
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      9282d08d
    • Jamal Hadi Salim's avatar
      cacba03b
    • Natanael Copa's avatar
      iproute2: various header include fixes for compiling with musl libc · dd9cc0ee
      Natanael Copa authored
      We need limits.h for LONG_MIN and LONG_MAX, sys/param.h for MIN and
      sys/select for struct timeval.
      
      This fixes the following compile errors with musl libc:
      
      f_bpf.c: In function 'bpf_parse_opt':
      f_bpf.c:181:12: error: 'LONG_MIN' undeclared (first use in this function)
         if (h == LONG_MIN || h == LONG_MAX) {
                  ^
      ...
      
      tc_util.o: In function `print_tcstats2_attr':
      tc_util.c:(.text+0x13fe): undefined reference to `MIN'
      tc_util.c:(.text+0x1465): undefined reference to `MIN'
      tc_util.c:(.text+0x14ce): undefined reference to `MIN'
      tc_util.c:(.text+0x154c): undefined reference to `MIN'
      tc_util.c:(.text+0x160a): undefined reference to `MIN'
      tc_util.o:tc_util.c:(.text+0x174e): more undefined references to `MIN' follow
      ...
      
      tc_stab.o: In function `print_size_table':
      tc_stab.c:(.text+0x40f): undefined reference to `MIN'
      ...
      
      fdb.c:247:30: error: 'ULONG_MAX' undeclared (first use in this function)
              (vni >> 24) || vni == ULONG_MAX)
                                    ^
      
      lnstat.h:28:17: error: field 'last_read' has incomplete type
        struct timeval last_read;  /* last time of read */
                       ^
      Signed-off-by: default avatarNatanael Copa <ncopa@alpinelinux.org>
      dd9cc0ee
  9. 13 May, 2014 1 commit
    • Andreas Greve's avatar
      fix print_ipt: segfault if more then one filter with action -j MARK. · 6e2e5ec2
      Andreas Greve authored
      BUG: tc filter show ... produce a segmentation fault if more than one
      filter rule with action -j MARK exists.
      
      Reason: In print_ipt(...) xtables will be initialzed with a
      pointer to the static struct tcipt_globals at xtables_init_all().
      Later on the fields .opts and .options_offset of tcipt_globals are
      modified. The call of xtables_free_opts(1) at the end of print(...)
      does not restore the original values of tcipt_globals for the
      modified fields. It only frees some allocated memory and sets
      .opts to NULL. This leads to a segmentation fault when print_ipt()
      is called for the next filter rule with action -j MARK.
      
      Fix: Cloneing tcipt_globals on the stack as tmp_tcipt_globals and
      use it instead of tcipt_globals, so tcipt_globals will be not
      modified.
      Signed-off-by: default avatarAndreas Greve <andreas.greve@a-greve.de>
      6e2e5ec2