Fixes following error. We currently provide garbage data to kernel, that
can abort the validation process or produce unexpected results.

$ ss -a autobound
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port
TCPDIAG answers: Invalid argument

After patch:

$ misc/ss -a autobound
State      Recv-Q Send-Q      Local Address:Port          Peer Address:Port
LISTEN     0      128                     *:44624                    *:*
ESTAB      0      0            192.168.1.21:47141        74.125.79.109:imaps
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>

Problem reported by Peter Lebbing on Debian.
The decode of source and destination port filters in pretty print
mode was backwards.

Eric Dumazet a écrit :
> We currently use an expensive ioctl() to get device txqueuelen, while
> rtnetlink gave it to us for free. This patch speeds up ip link operation
> when many devices are registered.
>

Here is a 2nd version od this patch, not displaying "qlen 0" useless info

[PATCH iproute2] ip: Support IFLA_TXQLEN in ip link show command

We currently use an expensive ioctl() to get device txqueuelen, while
rtnetlink gave it to us for free. This patch speeds up ip link operation
when many devices are registered.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>

This changes mqprio input format to be more user friendly.

Old usage,

 # ./tc/tc qdisc add dev eth3 root mqprio help
Usage: ... mqprio [num_tc NUMBER] [map P0 P1...]
                  [offset txq0 txq1 ...] [count cnt0 cnt1 ...] [hw 1|0]

New usage,

 # ./tc/tc qdisc add dev eth3 root mqprio help
Usage: ... mqprio [num_tc NUMBER] [map P0 P1 ...]
                  [queues count1@offset1 count2@offset2 ...] [hw 1|0]
Suggested-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>

Conflicts:
	include/linux/xfrm.h
	ip/iplink.c

Now that headers are sanitized, use the define.

parse flag XFRM_POLICY_ICMP
Signed-off-by: Ulrich Weber <uweber@astaro.com>

Change url's and describe current kernel header values.

Add mqprio qdisc support. Output matches the following,

qdisc mq 0: dev eth1 root
qdisc mq 0: dev eth2 root
qdisc mqprio 8001: dev eth3 root  tc 8 map 0 1 2 3 4 5 6 7 1 1 1 1 1 1 1 1
             queues:(0:7) (8:15) (16:23) (24:31) (32:39) (40:47) (48:55) (56:63)

And usage is,

Usage: ... mclass [num_tc NUMBER] [map P0 P1...]
                  [offset txq0 txq1 ...] [count cnt0 cnt1 ...] [hw 1|0]
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>

Hello Stephen-

Here is one more patch that SUSE has been carrying.

Cheers, Brandon

Supports SFB qdisc (included in linux-2.6.39)

1) Setup phase : accept non default parameters

2) dump information

qdisc sfb 11: parent 1:11 limit 1 max 25 target 20
  increment 0.00050 decrement 0.00005 penalty rate 10 burst 20 (600000ms 60000ms)
 Sent 47991616 bytes 521648 pkt (dropped 549245, overlimits 549245 requeues 0)
 rate 7193Kbit 9774pps backlog 0b 0p requeues 0
  earlydrop 0 penaltydrop 0 bucketdrop 0 queuedrop 549245 childdrop 0 marked 0
  maxqlen 0 maxprob 0.00000 avgprob 0.00000
Signed-off-by: Juliusz Chroboczek <Juliusz.Chroboczek@pps.jussieu.fr>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>

If the continue is taken, then there is a memory leak.

https://bugzilla.novell.com/show_bug.cgi?id=538996Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Brandon Philips <bphilips@suse.de>

snprintf was being called with environment variable.
If variable had format string (like %s) then program would crash.

If expected proc headers are missing, catch and print error.

The genl code uses constructs which violate the strict aliasing
constraints of gcc 4.4. Disable the optimization to avoid warnings
and potential breakage.

User can specify device group to list by using the group keyword:

	ip link show group test

If no group is specified, 0 (default) is implied.
Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>

Hi,

here is a patch against iproute2 to allow user to set a state with a specific
auth length.

Example:
$ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000
auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel
$ ip xfrm state
src 10.16.0.72 dst 10.16.0.121
         proto ah spi 0x10000000 reqid 0 mode tunnel
         replay-window 0
         auth-trunc hmac(sha256)
0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96
         sel src 0.0.0.0/0 dst 0.0.0.0/0

Regards,
Nicolas

>From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Thu, 23 Dec 2010 06:48:12 -0500
Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo

Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify
truncation bits, so we add a new algo type: auth-trunc.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>

The get_jiffies() function retrieves rtt-type values in units of
milliseconds. This patch updates the function name accordingly,
following the pattern given by dst_metric() <=> dst_metric_rtt().

Since July 2008 (2.6.27, c1e20f7c8b9), the kernel stores the values for
RTAX_{RTT{,VAR},RTO_MIN} in milliseconds. When using a kernel > 2.6.27 with
the current iproute2, conversion of these values is broken in either way.

This patch
 * updates the code to pass and retrieve milliseconds;
 * since values < 1msec would be rounded up, also drops the usec/nsec variants;
 * since there is no way to query kernel HZ, also drops the jiffies variant.

Arguments such as
	rtt		3.23sec
	rto_min		0xff
	rto_min		0.200s
	rttvar		25ms
now all work as expected when reading back previously set values.

get_jiffies() is in all places called in the same manner, with base=0;
simplify argument list by putting the constant value into the function.

Adds security context support to ip xfrm state.
Signed-off-by: Joy Latten <latten@austin.ibm.com>

Adds security context support to ip xfrm policy.
Signed-off-by: Joy Latten <latten@austin.ibm.com>

In the Linux kernel, ipsec policy and SAs can include a
security context to support MAC networking. This feature
is often referred to as "labeled ipsec".

This patchset adds security context support into ip xfrm
such that a security context can be included when
add/delete/display SAs and policies with the ip command.
The user provides the security context when adding
SAs and policies. If a policy or SA contains a security
context, the changes allow the security context to be displayed.

For example,
ip xfrm state
src 10.1.1.6 dst 10.1.1.2
	proto esp spi 0x00000301 reqid 0 mode transport
	replay-window 0
	auth hmac(digest_null) 0x3078
	enc cbc(des3_ede) 0x6970763672656164796c6f676f33646573636263696e3031
	security context root:system_r:unconfined_t:s0

Please  let me know if all is ok with the patchset.
Thanks!!

regards,
Joy
Signed-off-by: Joy Latten <latten@austin.ibm.com>

Add support for 'passthru' mode when creating a macvlan/macvtap device
which allows takeover of the underlying device and passing it to a KVM
guest using virtio with macvtap backend.

Only one macvlan device is allowed in passthru mode and it inherits
the mac address from the underlying device and sets it in promiscuous
mode to receive and forward all the packets.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>

While the previous code was supposed to work nonetheless, it could be
messed up if further -L were used in LDFLAGS to list the path where glibc's
libutil was to be found.

References: https://bugs.gentoo.org/347489Signed-off-by: Diego Elio Pettenò <flameeyes@gmail.com>

Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

The iproute package keeps its own headers so there is no need
of polluting code with #ifdef's

Hi,

here is a patch against iproute2 to allow user to set a state with a specific
auth length.

Example:
$ ip xfrm state add src 10.16.0.72 dst 10.16.0.121 proto ah spi 0x10000000
auth-trunc "sha256" "azertyuiopqsdfghjklmwxcvbn123456" 96 mode tunnel
$ ip xfrm state
src 10.16.0.72 dst 10.16.0.121
         proto ah spi 0x10000000 reqid 0 mode tunnel
         replay-window 0
         auth-trunc hmac(sha256)
0x617a6572747975696f707173646667686a6b6c6d77786376626e313233343536 96
         sel src 0.0.0.0/0 dst 0.0.0.0/0

Regards,
Nicolas

>From 522ed7348cdf3b6f501af2a5a5d989de1696565a Mon Sep 17 00:00:00 2001
From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Thu, 23 Dec 2010 06:48:12 -0500
Subject: [PATCH] iproute2: allow to specify truncation bits on auth algo

Attribute XFRMA_ALG_AUTH_TRUNC can be used to specify
truncation bits, so we add a new algo type: auth-trunc.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>

Signed-off-by: Vlad Dogaru <ddvlad@rosedu.org>

In 2.6.39, we can build SFQ queues with a given hash table size,

The get_jiffies() function retrieves rtt-type values in units of
milliseconds. This patch updates the function name accordingly,
following the pattern given by dst_metric() <=> dst_metric_rtt().