- 09 Feb, 2016 1 commit
-
-
Nikolay Aleksandrov authored
Netlink returns the bridge_id and designated_root, we just need to make them visible. Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
-
- 07 Feb, 2016 5 commits
-
-
Roopa Prabhu authored
There is no intuitive option to add static fdb entries today. 'temp' seems to have a side effect of adding 'static' fdb entries. But the name and intent of 'temp' does not say anything about it being static. example: bridge fdb add operates as follows: $bridge fdb add 00:01:02:03:04:05 dev eth0 master $bridge fdb add 00:01:02:03:04:06 dev eth0 master temp $bridge fdb add 00:01:02:03:04:07 dev eth0 master local $bridge fdb show 00:01:02:03:04:05 dev eth0 permanent 00:01:02:03:04:06 dev eth0 static 00:01:02:03:04:07 dev eth0 permanent 00:01:02:03:04:08 dev eth0 <<== dynamic, ageable learned mac This patch adds a new bridge fdb type 'static' which makes sure NUD_NOARP and NUD_REACHABLE is set for static entries. This effectively is nothing but what 'temp' does today. But the name 'temp' is misleading. After the patch: $bridge fdb add 00:01:02:03:04:06 dev eth0 master static $bridge fdb show 00:01:02:03:04:06 dev eth0 static 'temp' could ideally be a dynamic mac that can age (ie just NUD_REACHABLE). But, 'temp' sets 'NUD_NOARP' and 'NUD_REACHABLE'. Too late to change 'temp' now. But, we are thinking of introduing a 'dynamic' keyword after this patch that only sets NUD_REACHABLE. Signed-off-by: Wilson Kok <wkok@cumulusnetworks.com> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
-
Daniel Borkmann authored
Don't reimplement them and rather use the macros from the gelf header, that is, GELF_ST_BIND()/GELF_ST_TYPE(). Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
Daniel Borkmann authored
Provide some more hints to the user/developer when relos have been found that don't point to ld64 imm instruction. Ran couple of times into relos generated by clang [1], where the compiler tried to uninline inlined functions with eBPF and emitted BPF_JMP | BPF_CALL opcodes. If this seems the case, give a hint that the user should do a work-around to use always_inline annotation. [1] https://llvm.org/bugs/show_bug.cgi?id=26243#c3Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
Daniel Borkmann authored
With a bit larger, branchy eBPF programs f.e. already ~BPF_MAXINSNS/7 in size, it happens rather quickly that bpf(2) rejects also valid programs when only the verifier log buffer size we have in tc is too small. Change that, so by default we don't do any logging, and only in error case we retry with logging enabled. If we should fail providing a reasonable dump of the verifier analysis, retry few times with a larger log buffer so that we can at least give the user a chance to debug the program. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: John Fastabend <john.r.fastabend@intel.com>
-
Daniel Borkmann authored
Add a couple of improvements to tc's BPF api, that facilitate program development. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
- 05 Feb, 2016 3 commits
-
-
Paolo Abeni authored
This change add the ability to create lwt/flow based/externally controlled geneve device and to select the udp destination port used by a full geneve tunnel. Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Nicolas Dichtel authored
Commit 8f80d450 ("tc: fix compilation with old gcc (< 4.6)") was reverted to ease the merge of the net-next branch. Here is the new version. Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
Roopa Prabhu authored
'ip monitor all' is broken on older kernels. This patch fixes 'ip monitor all' to match 'all' and not 'all-nsid'. It moves parsing arg 'all-nsid' to after parsing 'all'. Before: $ip monitor all NETLINK_LISTEN_ALL_NSID: Protocol not available After: $ip monitor all [NEIGH]Deleted 10.0.0.1 dev eth1 lladdr c4:54:44:4f:b2:dd STALE Fixes: 449b824a ("ipmonitor: allows to monitor in several netns") Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
-
- 02 Feb, 2016 4 commits
-
-
Daniel Borkmann authored
Add a test that symbol from relocation entry is actually related to map section and bail out with an error message if it's not the case; in relation to [1]. [1] https://llvm.org/bugs/show_bug.cgi?id=26243Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Gustavo Zacarias authored
We need limits.h for PATH_MAX, fixes: rt_names.c:364:13: error: ‘PATH_MAX’ undeclared (first use in this function) Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
Zhang Shengju authored
the warning was: iproute.c:301:12: warning: 'val' may be used uninitialized in this function [-Wmaybe-uninitialized] features &= ~RTAX_FEATURE_ECN; ^ iproute.c:575:10: note: 'val' was declared here __u32 val; ^ Signed-off-by: Zhang Shengju <zhangshengju@cmss.chinamobile.com>
-
- 18 Jan, 2016 11 commits
-
-
Lorenzo Colitti authored
This patch adds a -K / --kill option to ss that attempts to forcibly close matching sockets using SOCK_DESTROY. Because ss typically prints sockets instead of acting on them, and because the kernel only supports forcibly closing some types of sockets, the output of -K is as follows: - If closing the socket succeeds, the socket is printed. - If the kernel does not support forcibly closing this type of socket (e.g., if it's a UDP socket, or a TIME_WAIT socket), the socket is silently skipped. - If an error occurs (e.g., permission denied), the error is reported and ss exits. Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
-
Lorenzo Colitti authored
This change is a no-op, as currently no code uses rtnl_talk on NETLINK_SOCK_DIAG_BY_FAMILY sockets. It is needed to suppress spurious errors when using SOCK_DESTROY via rtnl_talk. Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
-
Thomas Faivre authored
grff wrapper returns warnings when parsing the ip-link.8.in file. How to reproduce: $ man --warnings ip-link > /dev/null `R' is a string (producing the registered sign), not a macro. [...] Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
-
Thomas Faivre authored
Options 'group' and 'remote' cannot take 'any' as value but 'local' can. Signed-off-by: Thomas Faivre <thomas.faivre@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
-
Daniel Borkmann authored
eBPF llvm backend can support different BPF formats, make sure the object we're trying to load matches with regards to endiannes and while at it, also check for other attributes related to BPF ELFs. # llc --version LLVM (http://llvm.org/): LLVM version 3.8.0svn Optimized build. Built Jan 9 2016 (02:08:10). Default target: x86_64-unknown-linux-gnu Host CPU: ivybridge Registered Targets: bpf - BPF (host endian) bpfeb - BPF (big endian) bpfel - BPF (little endian) [...] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Daniel Borkmann authored
When extracting sections, we better check for name and type. Noticed that some llvm versions emit .strtab and .shstrtab (e.g. saw it on pre 3.7), while more recent ones only seem to emit .strtab. Thus, make sure we get the right sections. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Daniel Borkmann authored
Add the tc part for the kernel commit 1f211a1b929c ("net, sched: add clsact qdisc"). Quoting example usage from that commit description: Example, adding qdisc: # tc qdisc add dev foo clsact # tc qdisc show dev foo qdisc mq 0: root qdisc pfifo_fast 0: parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: parent :2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: parent :3 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc pfifo_fast 0: parent :4 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 qdisc clsact ffff: parent ffff:fff1 Adding filters (deleting, etc works analogous by specifying ingress/egress): # tc filter add dev foo ingress bpf da obj bar.o sec ingress # tc filter add dev foo egress bpf da obj bar.o sec egress # tc filter show dev foo ingress filter protocol all pref 49152 bpf filter protocol all pref 49152 bpf handle 0x1 bar.o:[ingress] direct-action # tc filter show dev foo egress filter protocol all pref 49152 bpf filter protocol all pref 49152 bpf handle 0x1 bar.o:[egress] direct-action The ingress parent alias can also be used with ingress qdisc. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
Daniel Borkmann authored
Clean it up a bit, we can also get rid of some ugly ifdefs as in our case TC_H_INGRESS is always defined. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
Stephen Hemminger authored
-
Stephen Hemminger authored
-
Stephen Hemminger authored
This reverts commit 8f80d450.
-
- 11 Jan, 2016 6 commits
-
-
Richard Alpe authored
This enables a user to remove an offline peer from the kernel data structures. This could for example be useful when deliberately scaling in peer nodes in a cloud environment. Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com> Reviewed-by: Ying Xue <ying.xue@windriver.com>
-
Stephen Hemminger authored
-
Stephen Hemminger authored
This reverts commit d4585a4b. This commit is meant for later kernel.
-
Jamal Hadi Salim authored
since all tc classifiers are required to specify ethertype as part of grammar By not allowing eth_type to be specified we remove contradiction for example when a user specifies: tc filter add ... priority xxx protocol ip flower eth_type ipv6 This patch removes that contradiction Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
-
Julien Floret authored
gcc < 4.6 does not handle C11 syntax for the static initialization of anonymous struct/union, hence the following error: tc_bpf.c:260: error: unknown field map_type specified in initializer Signed-off-by: Julien Floret <julien.floret@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net>
-
Roopa Prabhu authored
This patch replaces exits with returns in iplink command. Helps to continue on errors when invoked with ip -force -batch. Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
-
- 07 Jan, 2016 1 commit
-
-
Phil Sutter authored
When specifying a conntrack zone, the 'zone' keyword has to be used before the actual zone index. Signed-off-by: Phil Sutter <phil@nwl.cc>
-
- 06 Jan, 2016 7 commits
-
-
Stephen Hemminger authored
The FQ man page was not following whatis formatting rules.
-
Richard Alpe authored
This enables a user to remove an offline peer from the kernel data structures. This could for example be useful when deliberately scaling in peer nodes in a cloud environment. Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Reviewed-by: Jon Maloy <jon.maloy@ericsson.com> Reviewed-by: Ying Xue <ying.xue@windriver.com>
-
Richard Alpe authored
-
Bjørn Mork authored
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Bjørn Mork <bjorn@mork.no>
-
Bjørn Mork authored
"random" is a new IPv6 addrgenmode, enabling "stable_secret" type addresses with an auto-generated secret. $ ip link set eth0 addrgenmode random $ ip -d link show dev eth0 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 00:21:86:a3:25:7d brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode random Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Bjørn Mork <bjorn@mork.no>
-
Bjørn Mork authored
It is possible to switch to another addrgenmode after setting a valid secret. Allow switching back without reconfiguring the secret for completeness. Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Bjørn Mork <bjorn@mork.no>
-
Stephen Hemminger authored
still have issues with xtables
-
- 03 Jan, 2016 1 commit
-
-
Stephen Hemminger authored
Keep in sync with current iptables upstream
-
- 31 Dec, 2015 1 commit
-
-
Stephen Hemminger authored
Track any coverity overrides for this project. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-