- 06 Jan, 2016 3 commits
-
-
Bjørn Mork authored
"random" is a new IPv6 addrgenmode, enabling "stable_secret" type addresses with an auto-generated secret. $ ip link set eth0 addrgenmode random $ ip -d link show dev eth0 2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000 link/ether 00:21:86:a3:25:7d brd ff:ff:ff:ff:ff:ff promiscuity 0 addrgenmode random Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Bjørn Mork <bjorn@mork.no>
-
Bjørn Mork authored
It is possible to switch to another addrgenmode after setting a valid secret. Allow switching back without reconfiguring the secret for completeness. Cc: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Bjørn Mork <bjorn@mork.no>
-
Stephen Hemminger authored
still have issues with xtables
-
- 03 Jan, 2016 1 commit
-
-
Stephen Hemminger authored
Keep in sync with current iptables upstream
-
- 31 Dec, 2015 4 commits
-
-
Stephen Hemminger authored
Track any coverity overrides for this project. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-
Stephen Hemminger authored
Error handling was silent and had leaks. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-
Stephen Hemminger authored
In some cases passing file to monitor left file open. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-
Stephen Hemminger authored
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
-
- 30 Dec, 2015 2 commits
-
-
Hangbin Liu authored
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
-
Hangbin Liu authored
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
-
- 22 Dec, 2015 3 commits
-
-
Hangbin Liu authored
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
-
Stephen Hemminger authored
-
Phil Sutter authored
I repeatedly failed to get this right, so now I have to clean up my mess afterwards. Fixes: 7d6aadcd ("ip{,6}tunnel: have a shared stats parser/printer") Signed-off-by: Phil Sutter <phil@nwl.cc>
-
- 18 Dec, 2015 12 commits
-
-
Phil Sutter authored
This has a slight side-effect of not aborting when /proc/net/dev is malformed, but OTOH stats are not parsed for uninteresting interfaces. Signed-off-by: Phil Sutter <phil@nwl.cc>
-
Paolo Abeni authored
Currently ip6 encap support for lwtunnel is missing. This patch implement it, mostly duplicating the ipv4 parts. Also be sure to insert a space after the encap type, when showing lwtunnel, to avoid the tunnel type and the following argument being merged into a single word. Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
This patch add support for IFLA_GRE_COLLECT_METADATA via the 'external' keyword to the gre link. Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Paolo Abeni authored
This patch add support for IFLA_VXLAN_COLLECT_METADATA via the 'external' keyword to the vxlan link. Also enforce mutual exclusion between 'vni' and 'external'. Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Hannes Frederic Sowa authored
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
-
Daniel Borkmann authored
Fix a whitespace in bpf_dump_error() usage, and also a missing closing bracket in ntohl() macro for eBPF programs. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-
Stephen Hemminger authored
Current headers for net-next
-
Stephen Hemminger authored
-
Paolo Abeni authored
Currently parse_encap_ip() does not update correctly argv/argc; if multiple lwtunnel arguments are provided, the parsing fails after the first one, i.e. ip route add 172.16.101.0/24 dev vxlan1 encap ip id 42 dst 192.168.255.1 fails with: Error: either "to" is duplicate, or "dst" is a garbage. This commit addresses the issue, stepping to next argument at each iteration of the parsing loop. Fixes: 1e529305 ("lwtunnel: Add encapsulation support to ip route") Signed-off-by: Paolo Abeni <pabeni@redhat.com>
-
Phil Sutter authored
Commit 0f754332 ("route: ignore RTAX_HOPLIMIT of value -1") accidentally reordered fprintf statements. This patch restores the original ordering. Fixes: 0f754332 ("route: ignore RTAX_HOPLIMIT of value -1") Signed-off-by: Phil Sutter <phil@nwl.cc>
-
Konstantin Khlebnikov authored
Though dumping such entries crashes present kernels. Signed-off-by: Konstantin Khlebnikov <koct9i@gmail.com>
-
Tom Herbert authored
This patch: - Adds a utility function for parsing a 64 bit address - Adds a utility function for converting a 64 bit address to ASCII - Adds and ILA encap type in lwt tunnels Signed-off-by: Tom Herbert <tom@herbertland.com>
-
- 10 Dec, 2015 7 commits
-
-
Daniel Borkmann authored
Improve example files further and add a more generic set of possible helpers for them that can be used. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Stephen Hemminger authored
-
Stephen Hemminger authored
The tunnel code was doing sscanf(buf, "%ld", &x) where x was unsigned long.
-
Phil Sutter authored
Just a typo there, it's spelled correctly in SEE ALSO section.. Signed-off-by: Phil Sutter <phil@nwl.cc>
-
David Ahern authored
Currently, the table id for VRF devices requires an integer. Convert it to use rtnl_rttable_a2n which handles table names from the iproute2 directory. This also fixes a bug in the original commit where table name are not properly handled. Fixes: 15faa0a3 ("add support for VRF device") Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
-
Nicolas Dichtel authored
There is two variables named 'len' in rtnl_talk. In fact, commit c079e121 didn't work. For example, it was possible to trigger a seg fault with this command: $ ip link set gre2 type ip6gre hoplimit 32 Let's rename the argument len to maxlen. Fixes: c079e121 ("libnetlink: add size argument to rtnl_talk") Reported-by: Thomas Faivre <thomas.faivre@6wind.com> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
-
Phil Sutter authored
Older kernels use -1 internally as indicator to use the sysctl default, but they still export the setting. Newer kernels use 0 to indicate that (which is why the conversion from -1 to 0 was done here), but they also stopped exporting the value. Since the meaning of -1 is clear, treat it equally like default on newer kernels (which is to not print anything). Signed-off-by: Phil Sutter <phil@nwl.cc>
-
- 29 Nov, 2015 8 commits
-
-
Stephen Hemminger authored
Make iptunnel pass checkpatch (mostly).
-
Konstantin Shemyak authored
On 24.11.2015 02:26, Stephen Hemminger wrote: > On Thu, 12 Nov 2015 21:10:08 +0000 > Konstantin Shemyak <konstantin@shemyak.com> wrote: > >> When creating an IP tunnel over IPv6, the address family must be passed in >> the option, e.g. >> >> ip -6 tunnel add mode ip6gre local 1::1 remote 2::2 >> >> This makes it impossible to create both IPv4 and IPv6 tunnels in one batch. >> >> In fact the address family option is redundant here, as each tunnel mode is >> relevant for only one address family. >> The patch determines whether the applicable address family is AF_INET6 >> instead of the default AF_INET and makes the "-6" option unnecessary for >> "ip tunnel add". >> >> Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com> >> --- >> ip/iptunnel.c | 26 ++++++++++++++++++++++++++ >> testsuite/tests/ip/tunnel/add_tunnel.t | 14 ++++++++++++++ >> 2 files changed, 40 insertions(+) >> create mode 100755 testsuite/tests/ip/tunnel/add_tunnel.t >> >> diff --git a/ip/iptunnel.c b/ip/iptunnel.c >> index 78fa988..7826a37 100644 >> --- a/ip/iptunnel.c >> +++ b/ip/iptunnel.c >> @@ -629,8 +629,34 @@ static int do_6rd(int argc, char **argv) >> return tnl_6rd_ioctl(cmd, medium, &ip6rd); >> } >> >> +static int tunnel_mode_is_ipv6(char *tunnel_mode) { >> + char *ipv6_modes[] = { >> + "ipv6/ipv6", "ip6ip6", >> + "vti6", >> + "ip/ipv6", "ipv4/ipv6", "ipip6", "ip4ip6", >> + "ip6gre", "gre/ipv6", >> + "any/ipv6", "any" >> + }; >> + int i; >> + >> + for (i = 0; i < sizeof(ipv6_modes) / sizeof(char *); i++) { >> + if (strcmp(ipv6_modes[i], tunnel_mode) == 0) >> + return 1; >> + } >> + return 0; >> +} >> + > > The ipv6_modes table should be static const. Thank you for the note! attached the corrected patch. > Also is it possible to use strstr for ipv6 and ip6 or even strchr(tunnel_mode, '6') > to simplify this? There is IPv6 tunnel mode 'any', and IPv4 tunnel mode 'ipv6/ip' (aka 'sit'). It looks to me that attempts to find some substring match would not make the code much shorter, but definitely less readable. Konstantin Shemyak. >From 42d27db0055c3a114fe6eb86d680bef9ec098ad4 Mon Sep 17 00:00:00 2001 From: Konstantin Shemyak <konstantin@shemyak.com> Date: Thu, 12 Nov 2015 20:52:02 +0200 Subject: [PATCH] Tunnel address family is determined from the tunnel mode When the tunnel mode already tells the IP address family, "ip tunnel" command determines it and does not require option "-4"/"-6" to be passed. This makes possible creating both IPv4 and IPv6 tunnels in one batch. Signed-off-by: Konstantin Shemyak <konstantin@shemyak.com>
-
Daniel Borkmann authored
I've added three examples to examples/bpf/ that demonstrate how one can implement eBPF tail calls in tc with f.e. multiple levels of nesting. That should act as a good starting point, but also as test cases for the ELF loader and kernel. A real test suite for {f,m,e}_bpf is still to be developed in future work. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Daniel Borkmann authored
Since we have all infrastructure in place now, allow atomic live updates on program arrays. This can be very useful e.g. in case programs that are being tail-called need to be replaced, f.e. when classifier functionality needs to be changed, new protocols added/removed during runtime, etc. Thus, provide a way for in-place code updates, minimal example: Given is an object file cls.o that contains the entry point in section 'classifier', has a globally pinned program array 'jmp' with 2 slots and id of 0, and two tail called programs under section '0/0' (prog array key 0) and '0/1' (prog array key 1), the section encoding for the loader is <id/key>. Adding the filter loads everything into cls_bpf: tc filter add dev foo parent ffff: bpf da obj cls.o Now, the program under section '0/1' needs to be replaced with an updated version that resides in the same section (also full path to tc's subfolder of the mount point can be passed, e.g. /sys/fs/bpf/tc/globals/jmp): tc exec bpf graft m:globals/jmp obj cls.o sec 0/1 In case the program resides under a different section 'foo', it can also be injected into the program array like: tc exec bpf graft m:globals/jmp key 1 obj cls.o sec foo If the new tail called classifier program is already available as a pinned object somewhere (here: /sys/fs/bpf/tc/progs/parser), it can be injected into the prog array like: tc exec bpf graft m:globals/jmp key 1 fd m:progs/parser In the kernel, the program on key 1 is being atomically replaced and the old one's refcount dropped. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Daniel Borkmann authored
The recently introduced object pinning can be further extended in order to allow sharing maps beyond tc namespace. F.e. maps that are being pinned from tracing side, can be accessed through this facility as well. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Daniel Borkmann authored
Make use of the new show_fdinfo() facility and verify that when a pinned map is being fetched that its basic attributes are the same as the map we declared from the ELF file. I.e. when placed into the globalns, collisions could occur. In such a case warn the user and bail out. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Daniel Borkmann authored
Now that we have the possibility of sharing maps, it's time we get the ELF loader fully working with regards to tail calls. Since program array maps are pinned, we can keep them finally alive. I've noticed two bugs that are being fixed in bpf_fill_prog_arrays() with this patch. Example code comes as follow-up. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
-
Stephen Hemminger authored
-