| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
behavior
This patch extends the manpage by providing the description of NEXT-C-SID
support for the SRv6 End.X behavior as defined in RFC 8986 [1].
The code/logic required to handle the "flavors" framework has already been
merged into iproute2 by commit:
04a6b456bf74 ("seg6: add support for flavors in SRv6 End* behaviors").
Some examples:
ip -6 route add 2001:db8::1 encap seg6local action End.X nh6 fc00::1 flavors next-csid dev eth0
Standard Output:
ip -6 route show 2001:db8::1
2001:db8::1 encap seg6local action End.X nh6 fc00::1 flavors next-csid lblen 32 nflen 16 dev eth0 metric 1024 pref medium
JSON Output:
ip -6 -j -p route show 2001:db8::1
[ {
"dst": "2001:db8::1",
"encap": "seg6local",
"action": "End.X",
"nh6": "fc00::1",
"flavors": [ "next-csid" ],
"lblen": 32,
"nflen": 16,
"dev": "eth0",
"metric": 1024,
"flags": [ ],
"pref": "medium"
} ]
[1] - https://datatracker.ietf.org/doc/html/rfc8986
Signed-off-by: Paolo Lungaroni <paolo.lungaroni@uniroma2.it>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Similarly to RO ZC report when RxNoPad is set.
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
dummy does not define .parse_opt, which make ip ignore all
trailing arguments, for example:
# ip link add type dummy a b c d e f name cheese
will work just fine (and won't call the device "cheese").
Error out in this case with a clear error message:
# ip link add type dummy a b c d e f name cheese
Garbage instead of arguments "a ...". Try "ip link help".
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
When using 'brige link show' we can either dump all links enslaved to any bridge
(called without arg ) or display a single link (called with dev arg).
However there is no way to dummp all links of a single bridge.
To do so, this adds new optional 'master XXX' arg to 'bridge link show' command.
usage: bridge link show master br0
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add support for the so called "stateless" configuration pattern (read
from /etc, fall back to /usr), giving system administrators a way to
define local configuration without changing any distro-provided files.
In practice this means that each configuration file FOO is loaded
from /usr/lib/iproute2/FOO unless /etc/iproute2/FOO exists.
Signed-off-by: Gioele Barabucci <gioele@svario.it>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
While building iproute2 6.4.0 with musl using Yocto Project, errors such
as the following were encountered:
| mdb.c: In function 'mdb_parse_vni':
| mdb.c:666:47: error: 'ULONG_MAX' undeclared (first use in this function)
| 666 | if ((endptr && *endptr) || vni_num == ULONG_MAX)
| | ^~~~~~~~~
| mdb.c:666:47: note: 'ULONG_MAX' is defined in header '<limits.h>'; did you forget to '#include <limits.h>'?
Include limits.h in bridge/mdb.c to fix this issue. This change is based
on one in Alpine Linux, but the author there had no plans to submit:
https://git.alpinelinux.org/aports/commit/main/iproute2/include.patch?id=bd46efb8a8da54948639cebcfa5b37bd608f1069
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Due to this bug, in json mode (with the -j flag), the output was
always in absolute mode (as if passing in the -a flag) and not in
relative mode.
Signed-off-by: Chander Govindarajan <mail@chandergovind.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
All headers and source in iproute2 should be using SPDX license info.
Add a couple that were missed, and take off boilerplate.
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The files bpf_api.h and bpf_elf.h are useful for TC BPF programs
to use. And there is no requirement that those be GPL only;
we intend to allow BSD licensed BPF helpers as well.
This makes the file license same as libbpf.
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Due to this bug, in json mode (with the -j flag), the output was
always in absolute mode (as if passing in the -a flag) and not in
relative mode.
Signed-off-by: Chander Govindarajan <mail@chandergovind.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
It is not currently possible to add a filter matching on port 0 despite
it being a valid port number. This is caused by cited commit which
treats a value of 0 as an indication that the port was not specified.
Instead of inferring that a port range was specified by checking that both
the minimum and the maximum ports are non-zero, simply add a boolean
argument to parse_range() and set it after parsing a port range.
Before:
# tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 0 action pass
Illegal "src_port"
# tc filter add dev swp1 ingress pref 2 proto ip flower ip_proto udp dst_port 0 action pass
Illegal "dst_port"
# tc filter add dev swp1 ingress pref 3 proto ip flower ip_proto udp src_port 0-100 action pass
Illegal "src_port"
# tc filter add dev swp1 ingress pref 4 proto ip flower ip_proto udp dst_port 0-100 action pass
Illegal "dst_port"
After:
# tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 0 action pass
# tc filter add dev swp1 ingress pref 2 proto ip flower ip_proto udp dst_port 0 action pass
# tc filter add dev swp1 ingress pref 3 proto ip flower ip_proto udp src_port 0-100 action pass
# tc filter add dev swp1 ingress pref 4 proto ip flower ip_proto udp dst_port 0-100 action pass
# tc filter show dev swp1 ingress | grep _port
src_port 0
dst_port 0
src_port 0-100
dst_port 0-100
Fixes: 767b6fd620dd ("tc: flower: fix port value truncation")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
When installing a Qdisc this way:
tc qdisc replace dev $ifname handle 8001: parent root stab overhead 24 taprio \
num_tc 8 \
map 0 1 2 3 4 5 6 7 \
queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 \
base-time 0 \
sched-entry S 01 1216 \
sched-entry S fe 12368 \
fp P E E E E E E E \
flags 0x2
the parser will error out when it tries to parse the "fp" array and it
finds "flags" as one of the elements, expecting it to be one of "P" or
"E".
The way this is handled in the parsing of other array arguments of
variable size (max-sdu, map, queues etc) is to not fail, call PREV_ARG()
and attempt re-parsing the argument as something else. Do that for "fp"
as well.
Apparently mqprio handles this case correctly, so I must have forgotten
to apply the same treatment for taprio as well, during development.
Fixes: 5fbca3b469ec ("tc/taprio: add support for preemptible traffic classes")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The standard print function can be used to print the cfm attributes in
both standard and json use cases. In this way no string buffer is needed
which simplifies the code.
Signed-off-by: Zahari Doychev <zdoychev@maxlinear.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Gcc with warnings enabled complains because the conditional.
if ((long)(a - b) < 0)
could be construed as never true. Change to simple comparison.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Previously since proto was __u8 an invalid proto would
be allowed. Gcc warns about never true conditional
since __u8 can never be negative.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
With all warnings enabled gcc wants brackets around the
empty if() clause. "Yes I really want an empty clause"
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
In lib/utils.c comment for fallthrough was in wrong place
and one was missing in xfrm_state.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
And make the flag table const since only used for lookup.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
|
|
|
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add support for matching on CFM Maintenance Domain level and opcode.
# tc filter add dev ens6 ingress pref 1 proto cfm \
flower cfm op 1 mdl 5 action ok
# tc filter show dev ens6 ingress
filter protocol cfm pref 1 flower chain 0
filter protocol cfm pref 1 flower chain 0 handle 0x1
eth_type 8902
cfm mdl 5 op 1
not_in_hw
action order 1: gact action pass
random type none pass val 0
index 1 ref 1 bind 1
# tc -j -p filter show dev ens6 ingress
[ {
"protocol": "cfm",
"pref": 1,
"kind": "flower",
"chain": 0
},{
"protocol": "cfm",
"pref": 1,
"kind": "flower",
"chain": 0,
"options": {
"handle": 1,
"keys": {
"eth_type": "8902",
"cfm": {
"mdl": 5,
"op": 1
}
},
"not_in_hw": true,
"actions": [ {
"order": 1,
"kind": "gact",
"control_action": {
"type": "pass"
},
"prob": {
"random_type": "none",
"control_action": {
"type": "pass"
},
"val": 0
},
"index": 1,
"ref": 1,
"bind": 1
} ]
}
} ]
Signed-off-by: Zahari Doychev <zdoychev@maxlinear.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Don't request statistics we do not intend to render. This avoids the
possibility of a truncated IFLA_VFINFO_LIST when statistics are not
requested as well as the fetching of unnecessary data.
Signed-off-by: Edwin Peer <edwin.peer@broadcom.com>
Cc: Edwin Peer <espeer@gmail.com>
Signed-off-by: Gal Pressman <gal@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit:
cc7554954848 ("net: micrel: Change to receive timestamp in the frame for lan8841")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
When the kernel reports offload counters through TCA_STATS2 ->
TCA_STATS_APP for the taprio qdisc, decode and print them.
Usage:
# Global stats
$ tc -s qdisc show dev eth0 root
# Per-tc stats
$ tc -s class show dev eth0
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add the ability to match on packets that encountered a layer 2 miss in
bridge driver's FDB / MDB. Example:
# tc filter add dev swp2 egress pref 1 proto all flower indev swp1 l2_miss 1 action drop
# tc filter add dev swp2 egress pref 1 proto all flower indev swp1 l2_miss 0 action drop
# tc filter show dev swp2 egress
filter protocol all pref 1 flower chain 0
filter protocol all pref 1 flower chain 0 handle 0x1
indev swp1
l2_miss 1
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1
filter protocol all pref 1 flower chain 0 handle 0x2
indev swp1
l2_miss 0
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 2 ref 1 bind 1
# tc -j -p filter show dev swp2 egress
[ {
"protocol": "all",
"pref": 1,
"kind": "flower",
"chain": 0
},{
"protocol": "all",
"pref": 1,
"kind": "flower",
"chain": 0,
"options": {
"handle": 1,
"indev": "swp1",
"keys": {
"l2_miss": 1
},
"not_in_hw": true,
"actions": [ {
[...]
} ]
}
},{
"protocol": "all",
"pref": 1,
"kind": "flower",
"chain": 0,
"options": {
"handle": 2,
"indev": "swp1",
"keys": {
"l2_miss": 0
},
"not_in_hw": true,
"actions": [ {
[...]
} ]
}
} ]
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Daniel Machon says:
====================
========================================================================
Introduction:
========================================================================
This series introduces a new DCB subcommand: rewr, which is used to
configure the in-kernel DCB rewrite table [1].
Rewrite support is added as a separate DCB subcommand, rather than an
APP opt-in flag or similar. This goes in line with what we did to dcbnl,
where rewrite is a separate object. Obviously this requires a bit more
code to implement the new command, but much of the existing dcb-app code
(especially the bookkeeping code) can be reused. In some cases a little
adaptation is needed.
========================================================================
dcb-rewr parameters:
========================================================================
Initially, I have only made support for the prio-pcp and prio-dscp
parameters, as DSCP and PCP are the only selectors that currently have
a user [2] and to be honest, I am not even sure it makes sense to add
dgram, stream, ethtype rewrite support - At least the rewriter of Sparx5
does not support this. Any input here is much appreciated!
Examples:
Rewrite DSCP to 63 for packets with priority 1
$ dcb rewr add dev eth0 prio-dscp 1:63
Rewrite PCP 7 and DEI to 1 for packets with priority 1
$ dcb rewr add dev eth0 prio-pcp 1:7de
A new manpage has been added, to cover the new dcb-rewr subcommand, and
its parameters. Also I took the liberty to clean up a few things in the
dcb-app manpage.
========================================================================
Patch overview:
========================================================================
Patch #1 Adds a new field 'attr' to the dcb_app_table struct, which is
used to distinguish app and rewrite tables.
Patch #2 Replaces uses of %d with %u for unsigned int.
Patch #3 Moves colon out of callback functions.
Patch #4 Renames protocl print functions from _key to _pid
Patch #5 Modifies the _print_filtered() function for dcb-rewr reuse, by
introducing new callbacks.
Patch #6 Modifies existing dcb-app function dcb_app_table_remove_replaced
for reuse by dcb-rewr
Patch #7 Expose dcb-app functions required by dcb-rewr.
Patch #8 Adds the new dcb-rewr subcommand with initial support for
prio-pcp and prio-dscp rewrite.
Patch #9 Introduces symbol for max DSCP value and updates accordingly.
Patch #10 Adds the dcb-rewr.8 manpage
Patch #11 Adds references to dcb-apptrust and dcb-rewr in the dcb.8
manpage.
Patch #12 Cleans up the dcb-app.8 manpage.
[1] https://elixir.bootlin.com/linux/v6.4-rc1/source/net/dcb/dcbnl.c#L181
[2] https://elixir.bootlin.com/linux/v6.4-rc1/source/drivers/net/ethernet/microchip/sparx5/sparx5_dcb.c#L380
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
While referencing the dcb-app manpage, I spotted a few mistakes. Lets
fix them.
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add dcb-apptrust and dcb-rewr to the 'SEE ALSO' section of the dcb
manpage.
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add a new manpage for dcb-rewr. Most of the content is copied over from
dcb-app, as the same set of commands and parameters (in reverse) applies
to dcb-rewr.
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
A symbol, DCB_APP_PCP_MAX, for maximum PCP value, already exists. Lets
add a symbol DCB_APP_DSCP_MAX and update accordingly.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add a new subcommand 'rewr' for configuring the in-kernel DCB rewrite
table. The rewrite table of the kernel is similar to the APP table,
therefore, much of the existing bookkeeping code from dcb-app, can be
reused in the dcb-rewr implementation.
Initially, only support for configuring PCP and DSCP-based rewrite has
been added.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
In preparation for the dcb-rewr implementation, expose required
functions, and structs.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
When doing a replace command, entries are checked against selector and
protocol. Rewrite requires the check to be against selector and
priority.
Adapt the existing dcb_app_table_remove_replace function for this, by
using callback functions for selector, pid and prio checks.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Where dcb-app requires protocol to be the printed key, dcb-rewr requires
it to be the priority. Adapt existing dcb-app print functions for this.
dcb_app_print_filtered() has been modified, to take two callbacks; one
for printing the entire string (pid and prio), and one for the pid type
(dec, hex, dscp, pcp). This saves us for making one dedicated function
for each pid type for both app and rewr.
Also, printing the colon is now expected to be handled by the
print_pid_prio() callback.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
In preparation for changing the prototype of dcb_app_print_filtered(),
rename the _print_key_*() functions to _print_pid_*(), as the protocol
can both be key and value with the introduction of dcb-rewr.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
In preparation for changing the prototype of dcb_app_print_filtered(),
move the colon printing out of the callbacks, and into
dcb_app_print_filtered().
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
In preparation for changing the prototype of dcb_app_print_filtered(),
replace occurrences of %d for printing unsigned integer, with %u as it
ought to be.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add a new field 'attr' to the dcb_app_table struct, in order to inject
different dcbnl get/set attributes for APP and rewrite.
Signed-off-by: Daniel Machon <daniel.machon@microchip.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Fixes issue reported by Gcc 13 analayzer.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add userspace support for the [no]localbypass vxlan netlink
attribute. With localbypass on (default), the vxlan driver processes
the packets destined to the local machine by itself, bypassing the
userspace nework stack. With nolocalbypass the packets are always
forwarded to the userspace network stack, so userspace programs,
such as tcpdump have a chance to process them.
Signed-off-by: Vladimir Nikishkin <vladimir@nikishkin.pw>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit:
ae91f7e436f8 ("net/pppoe: fix a typo for the PPPOE_HASH_BITS_1 definition")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Remove trailing whitespace.
Make sure there is space after keywords.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace multiple whitespaces with tab where appropriate.
While at it, fix tc flower help message and remove some double
whitespaces.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Function defined and used in only one file.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
This function is only used in one file.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Function only used in one file.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Function defined and used in only one file.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Function was defined but not used in current iproute2 code.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
No need to expose these parts of command line parsing.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The function rtnl_addproto_a2n() was defined but never used.
Use it to allow for symbolic names, and fix the function signatures
so protocol value is consistently __u8.
Fixes: bdb8d8549ed9 ("ip: Support IP address protocol")
Cc: petrm@nvidia.com
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Minor addition to in.h
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add new helper function print_bool_opt() which prints
with no prefix and use it for vxlan options.
If the option matches the expected default value,
it is not printed if in non JSON mode unless the details
setting is repeated.
Use a table for the vxlan options. This will change
the order of the printing of options.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The Gbp and Gpe are presence, not booleans so use print_null()
for them
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
seg6_mode_types is made up of 5 elements, so ARRAY_SIZE(seg6_mode_types)
evaluates to 5. Thus, when mode = 5, this function returns
seg6_mode_types[5], resulting in an out-of-bound access.
Fix this bailing out when mode is equal to or greater than 5.
Fixes: cf87da417bb4 ("iproute: add support for seg6 l2encap mode")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Error potentially returned from mnlu_gen_socket_sndrcv() are propagated
for each and every invocation in vdpa. Let's do the same here.
Fixes: 6f97e9c9337b ("vdpa: Add support for reading vdpa device statistics")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Parav Pandit <parav@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
strerror() accepts any integer as arguments, but returns meaningful
error descriptions only for positive integers.
ipstats code uses strerror on a code path where either err is 0 or
-ENOMEM, thus resulting in a useless error message.
Fix this using errno and moving the error printing closer to the only
function populating it in this code path.
Fixes: df0b2c6d0098 ("ipstats: Add a shell of "show" command")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
After the (d == NULL || vni == NULL) check, vni cannot be NULL anymore.
This remove two useless conditional checks on vni value:
- the first check cannot be true, so remove the whole conditional block
- the second check is always true, so remove the check
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Current output:
$ ip -d link show vxlan0
79: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether b6:f6:12:c3:2d:52 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
Resulting output:
$ ip -d link show vxlan0
79: vxlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether b6:f6:12:c3:2d:52 brd ff:ff:ff:ff:ff:ff promiscuity 0 allmulti 0 minmtu 68 maxmtu 65535
Fixes: e98683accc28 ("link: display 'allmulti' counter")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace open coded version of array size computation.
And fix whitespace.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Kernel supports implicit flag since commit d045b9eb95a9 ("mptcp:
introduce implicit endpoints"), included in v5.18.
Let's add support for displaying it to iproute2.
Before this change:
$ ip mptcp endpoint show
10.0.2.2 id 1 rawflags 10
After this change:
$ ip mptcp endpoint show
10.0.2.2 id 1 implicit
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Record some of the historical contributors to iproute2.
Take Alexey out of README.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Reported by -fanalyzer. If kernel did not send full qdisc
info, then uninitialized or null data could be referenced.
q_prio.c: In function ‘prio_print_opt’:
q_prio.c:105:57: warning: dereference of NULL ‘0’ [CWE-476] [-Wanalyzer-null-dereference]
105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| ~~~~^~~~~~~
‘prio_print_opt’: event 1
|
| 98 | if (opt == NULL)
| | ^
| | |
| | (1) following ‘false’ branch (when ‘opt’ is non-NULL)...
|
‘prio_print_opt’: event 2
|
|../include/uapi/linux/rtnetlink.h:228:38:
| 228 | #define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
| | ~~~~~~^~~~~~~~~~
| | |
| | (2) ...to here
../include/libnetlink.h:236:19: note: in expansion of macro ‘RTA_PAYLOAD’
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
| | ^~~~~~~~~~~
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: event 3
|
|../include/libnetlink.h:236:59:
| 236 | ({ data = RTA_PAYLOAD(rta) >= len ? RTA_DATA(rta) : NULL; \
q_prio.c:101:13: note: in expansion of macro ‘parse_rtattr_nested_compat’
| 101 | if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
|
‘prio_print_opt’: events 4-5
|
| 105 | print_uint(PRINT_ANY, "bands", "bands %u ", qopt->bands);
| | ~~~~^~~~~~~
| | |
| | (4) ...to here
| | (5) dereference of NULL ‘<unknown>’
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add error checks for cases where analyzer thinks it is possible
to us a possibly NULL value.
utils.c: In function ‘get_port_from_argv’:
utils.c:76:17: warning: use of NULL where non-null expected [CWE-476] [-Wanalyzer-null-argument]
76 | slash = strchr(rd_argv(rd), '/');
| ^~~~~~~~~~~~~~~~~~~~~~~~
‘get_port_from_argv’: events 1-2
|
| 68 | static int get_port_from_argv(struct rd *rd, uint32_t *port,
| | ^~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘get_port_from_argv’
|......
| 76 | slash = strchr(rd_argv(rd), '/');
| | ~
| | |
| | (2) inlined call to ‘rd_argv’ from ‘get_port_from_argv’
|
+--> ‘rd_argv’: event 3
|
| 18 | if (!rd_argc(rd))
| | ^
| | |
| | (3) following ‘true’ branch...
|
<------+
|
‘get_port_from_argv’: events 4-5
|
| 76 | slash = strchr(rd_argv(rd), '/');
| | ^~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) argument 1 (‘<unknown>’) NULL where non-null expected
|
In file included from rdma.h:10,
from utils.c:7:
/usr/include/string.h:246:14: note: argument 1 of ‘strchr’ must be non-null
246 | extern char *strchr (const char *__s, int __c)
| ^~~~~~
Fixes: 40df8263a0f0 ("rdma: Add dev object")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Reported as:
CC nstat
nstat.c: In function ‘load_ugly_table’:
nstat.c:205:24: warning: dereference of NULL ‘p’ [CWE-476] [-Wanalyzer-null-dereference]
205 | while (*p) {
| ^~
‘main’: events 1-14
|
| 575 | int main(int argc, char *argv[])
| | ^~~~
| | |
| | (1) entry to ‘main’
|......
| 635 | if (scan_interval > 0) {
| | ~
| | |
| | (2) following ‘true’ branch...
| 636 | if (time_constant == 0)
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
|......
| 640 | if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
| | ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (4) when ‘socket’ succeeds
| | (5) following ‘false’ branch (when ‘fd >= 0’)...
|......
| 644 | if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
| | ~ ~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | (7) following ‘false’ branch... (6) ...to here
|......
| 648 | if (listen(fd, 5) < 0) {
| | ~~~~~~~~~~~~~~
| | ||
| | |(8) ...to here
| | |(9) when ‘listen’ succeeds
| | (10) following ‘false’ branch...
|......
| 652 | if (daemon(0, 0)) {
| | ~~~~~~~~~~~~~
| | ||
| | |(11) ...to here
| | (12) following ‘false’ branch...
|......
| 656 | signal(SIGPIPE, SIG_IGN);
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (13) ...to here
| 657 | signal(SIGCHLD, sigchild);
| 658 | server_loop(fd);
| | ~~~~~~~~~~~~~~~
| | |
| | (14) calling ‘server_loop’ from ‘main’
|
+--> ‘server_loop’: events 15-16
|
| 472 | static void server_loop(int fd)
| | ^~~~~~~~~~~
| | |
| | (15) entry to ‘server_loop’
|......
| 483 | load_netstat();
| | ~~~~~~~~~~~~~~
| | |
| | (16) calling ‘load_netstat’ from ‘server_loop’
|
+--> ‘load_netstat’: events 17-20
|
| 302 | static void load_netstat(void)
| | ^~~~~~~~~~~~
| | |
| | (17) entry to ‘load_netstat’
|......
| 306 | if (fp) {
| | ~
| | |
| | (18) following ‘true’ branch (when ‘fp’ is non-NULL)...
| 307 | load_ugly_table(fp);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (19) ...to here
| | (20) calling ‘load_ugly_table’ from ‘load_netstat’
|
+--> ‘load_ugly_table’: events 21-26
|
| 178 | static void load_ugly_table(FILE *fp)
| | ^~~~~~~~~~~~~~~
| | |
| | (21) entry to ‘load_ugly_table’
| 179 | {
| 180 | char *buf = NULL;
| | ~~~
| | |
| | (22) ‘buf’ is NULL
|......
| 186 | while ((nread = getline(&buf, &buflen, fp)) != -1) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (23) following ‘true’ branch...
|......
| 192 | p = strchr(buf, ':');
| | ~~~~~~~~~~~~~~~~
| | |
| | (24) ...to here
| | (25) when ‘strchr’ returns non-NULL
| 193 | if (!p) {
| | ~
| | |
| | (26) following ‘false’ branch (when ‘p’ is non-NULL)...
|
‘load_ugly_table’: event 27
|
|cc1:
| (27): ...to here
|
‘load_ugly_table’: events 28-40
|
| 205 | while (*p) {
| | ^~
| | |
| | (28) following ‘true’ branch...
| | (40) dereference of NULL ‘p’
|......
| 208 | if ((next = strchr(p, ' ')) != NULL)
| | ~ ~~~~~~~~~~~~~~
| | | |
| | | (29) ...to here
| | | (30) when ‘strchr’ returns NULL
| | (31) following ‘false’ branch (when ‘next’ is NULL)...
| 209 | *next++ = 0;
| 210 | else if ((next = strchr(p, '\n')) != NULL)
| | ~ ~~~~~~~~~~~~~~~
| | | |
| | | (32) ...to here
| | | (33) when ‘strchr’ returns NULL
| | (34) following ‘false’ branch (when ‘next’ is NULL)...
| 211 | *next++ = 0;
| 212 | if (off < sizeof(idbuf)) {
| | ~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (35) ...to here
| | (36) following ‘false’ branch...
|......
| 216 | n = malloc(sizeof(*n));
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (37) ...to here
| 217 | if (!n) {
| | ~
| | |
| | (38) following ‘false’ branch (when ‘n’ is non-NULL)...
|......
| 221 | n->id = strdup(idbuf);
| | ~~~~~~~~~~~~~
| | |
| | (39) ...to here
|
nstat.c:254:35: warning: dereference of NULL ‘n’ [CWE-476] [-Wanalyzer-null-dereference]
254 | n = n->next;
| ~~^~~~~~~~~
‘main’: events 1-14
|
| 575 | int main(int argc, char *argv[])
| | ^~~~
| | |
| | (1) entry to ‘main’
|......
| 635 | if (scan_interval > 0) {
| | ~
| | |
| | (2) following ‘true’ branch...
| 636 | if (time_constant == 0)
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
|......
| 640 | if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
| | ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (4) when ‘socket’ succeeds
| | (5) following ‘false’ branch (when ‘fd >= 0’)...
|......
| 644 | if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
| | ~ ~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | (7) following ‘false’ branch... (6) ...to here
|......
| 648 | if (listen(fd, 5) < 0) {
| | ~~~~~~~~~~~~~~
| | ||
| | |(8) ...to here
| | |(9) when ‘listen’ succeeds
| | (10) following ‘false’ branch...
|......
| 652 | if (daemon(0, 0)) {
| | ~~~~~~~~~~~~~
| | ||
| | |(11) ...to here
| | (12) following ‘false’ branch...
|......
| 656 | signal(SIGPIPE, SIG_IGN);
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (13) ...to here
| 657 | signal(SIGCHLD, sigchild);
| 658 | server_loop(fd);
| | ~~~~~~~~~~~~~~~
| | |
| | (14) calling ‘server_loop’ from ‘main’
|
+--> ‘server_loop’: events 15-16
|
| 472 | static void server_loop(int fd)
| | ^~~~~~~~~~~
| | |
| | (15) entry to ‘server_loop’
|......
| 483 | load_netstat();
| | ~~~~~~~~~~~~~~
| | |
| | (16) calling ‘load_netstat’ from ‘server_loop’
|
+--> ‘load_netstat’: events 17-20
|
| 302 | static void load_netstat(void)
| | ^~~~~~~~~~~~
| | |
| | (17) entry to ‘load_netstat’
|......
| 306 | if (fp) {
| | ~
| | |
| | (18) following ‘true’ branch (when ‘fp’ is non-NULL)...
| 307 | load_ugly_table(fp);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (19) ...to here
| | (20) calling ‘load_ugly_table’ from ‘load_netstat’
|
+--> ‘load_ugly_table’: events 21-25
|
| 178 | static void load_ugly_table(FILE *fp)
| | ^~~~~~~~~~~~~~~
| | |
| | (21) entry to ‘load_ugly_table’
|......
| 186 | while ((nread = getline(&buf, &buflen, fp)) != -1) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (22) following ‘true’ branch...
|......
| 192 | p = strchr(buf, ':');
| | ~~~~~~~~~~~~~~~~
| | |
| | (23) ...to here
| | (24) when ‘strchr’ returns non-NULL
| 193 | if (!p) {
| | ~
| | |
| | (25) following ‘false’ branch (when ‘p’ is non-NULL)...
|
‘load_ugly_table’: event 26
|
|cc1:
| (26): ...to here
|
‘load_ugly_table’: events 27-28
|
| 205 | while (*p) {
| | ^
| | |
| | (27) following ‘false’ branch...
|......
| 228 | nread = getline(&buf, &buflen, fp);
| | ~
| | |
| | (28) inlined call to ‘getline’ from ‘load_ugly_table’
|
+--> ‘getline’: event 29
|
|/usr/include/bits/stdio.h:120:10:
| 120 | return __getdelim (__lineptr, __n, '\n', __stream);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (29) ...to here
|
<------+
|
‘load_ugly_table’: events 30-36
|
|nstat.c:229:20:
| 229 | if (nread == -1) {
| | ^
| | |
| | (30) following ‘false’ branch...
|......
| 234 | count2 = count_spaces(buf);
| | ~~~~~~~~~~~~~~~~~
| | |
| | (31) ...to here
|......
| 239 | if (!p) {
| | ~
| | |
| | (32) following ‘false’ branch (when ‘p’ is non-NULL)...
|......
| 244 | *p = 0;
| | ~~~~~~
| | |
| | (33) ...to here
| 245 | if (sscanf(p+1, "%llu", &n->val) != 1) {
| | ~
| | |
| | (34) following ‘false’ branch...
|......
| 251 | if (skip)
| | ~
| | |
| | (35) ...to here
|......
| 254 | n = n->next;
| | ~~~~~~~~~~~
| | |
| | (36) dereference of NULL ‘n’
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
q_netem.c: In function ‘get_distribution’:
q_netem.c:159:35: warning: dereference of possibly-NULL ‘data’ [CWE-690] [-Wanalyzer-possible-null-dereference]
159 | data[n++] = x;
| ~~~~~~~~~~^~~
‘netem_parse_opt’: events 1-24
|
| 192 | static int netem_parse_opt(struct qdisc_util *qu, int argc, char **argv,
| | ^~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘netem_parse_opt’
|......
| 212 | for ( ; argc > 0; --argc, ++argv) {
| | ~~~~~~~~
| | |
| | (2) following ‘true’ branch (when ‘argc > 0’)...
| 213 | if (matches(*argv, "limit") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following ‘true’ branch...
|......
| 219 | } else if (matches(*argv, "latency") == 0 ||
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | || |
| | |(5) ...to here (8) following ‘true’ branch...
| | (6) following ‘true’ branch...
| 220 | matches(*argv, "delay") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) ...to here
|......
| 243 | } else if (matches(*argv, "loss") == 0 ||
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | || |
| | |(9) ...to here (12) following ‘true’ branch...
| | (10) following ‘true’ branch...
| 244 | matches(*argv, "drop") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) ...to here
|......
| 366 | } else if (matches(*argv, "ecn") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(13) ...to here
| | (14) following ‘true’ branch...
| 367 | present[TCA_NETEM_ECN] = 1;
| 368 | } else if (matches(*argv, "reorder") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(15) ...to here
| | (16) following ‘true’ branch...
|......
| 383 | } else if (matches(*argv, "corrupt") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(17) ...to here
| | (18) following ‘true’ branch...
|......
| 398 | } else if (matches(*argv, "gap") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(19) ...to here
| | (20) following ‘true’ branch...
|......
| 404 | } else if (matches(*argv, "duplicate") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(21) ...to here
| | (22) following ‘true’ branch...
|......
| 417 | } else if (matches(*argv, "distribution") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(23) ...to here
| | (24) following ‘false’ branch...
|
‘netem_parse_opt’: event 25
|
|../include/utils.h:50:29:
| 50 | #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0)
| | ~~~~^~
| | |
| | (25) ...to here
q_netem.c:418:25: note: in expansion of macro ‘NEXT_ARG’
| 418 | NEXT_ARG();
| | ^~~~~~~~
|
‘netem_parse_opt’: event 26
|
|../include/utils.h:50:36:
| 50 | #define NEXT_ARG() do { argv++; if (--argc <= 0) incomplete_command(); } while(0)
| | ^
| | |
| | (26) following ‘false’ branch (when ‘argc != 0’)...
q_netem.c:418:25: note: in expansion of macro ‘NEXT_ARG’
| 418 | NEXT_ARG();
| | ^~~~~~~~
|
‘netem_parse_opt’: events 27-29
|
| 419 | dist_data = calloc(sizeof(dist_data[0]), MAX_DIST);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (27) ...to here
| | (28) this call could return NULL
| 420 | dist_size = get_distribution(*argv, dist_data, MAX_DIST);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (29) calling ‘get_distribution’ from ‘netem_parse_opt’
|
+--> ‘get_distribution’: events 30-31
|
| 124 | static int get_distribution(const char *type, __s16 *data, int maxdata)
| | ^~~~~~~~~~~~~~~~
| | |
| | (30) entry to ‘get_distribution’
|......
| 135 | if (f == NULL) {
| | ~
| | |
| | (31) following ‘false’ branch (when ‘f’ is non-NULL)...
|
‘get_distribution’: event 32
|
|cc1:
| (32): ...to here
|
‘get_distribution’: events 33-35
|
| 142 | while (getline(&line, &len, f) != -1) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~
| | |
| | (33) following ‘true’ branch...
|......
| 145 | if (*line == '\n' || *line == '#')
| | ~~~~~~
| | ||
| | |(34) ...to here
| | (35) following ‘false’ branch...
|
‘get_distribution’: event 36
|
|cc1:
| (36): ...to here
|
‘get_distribution’: events 37-41
|
| 150 | if (endp == p)
| | ^
| | |
| | (37) following ‘false’ branch...
|......
| 153 | if (n >= maxdata) {
| | ~
| | |
| | (38) ...to here
| | (39) following ‘false’ branch (when ‘n < maxdata’)...
|......
| 159 | data[n++] = x;
| | ~~~~~~~~~~~~~
| | | |
| | | (41) ‘data + (long unsigned int)n * 2’ could be NULL: unchecked value from (28)
| | (40) ...to here
|
Fixes: c1b81cb5fe92 ("netem potential dist table overflow")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The function get_action_kind() searches first for the given
action, then rescans on failure for "gact". In the process,
it would overwrite the argument. Avoid the warning
by using a const argument and not copying.
The problem dates back to pre-git history.
m_action.c: In function ‘get_action_kind’:
m_action.c:126:17: warning: write to string literal [-Wanalyzer-write-to-string-literal]
126 | strcpy(str, "gact");
| ^~~~~~~~~~~~~~~~~~~
‘do_action’: events 1-6
|
| 853 | int do_action(int argc, char **argv)
| | ^~~~~~~~~
| | |
| | (1) entry to ‘do_action’
|......
| 858 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (2) following ‘true’ branch...
| 859 |
| 860 | if (matches(*argv, "add") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following ‘false’ branch...
| 861 | ret = tc_action_modify(RTM_NEWACTION,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| | (6) calling ‘tc_action_modify’ from ‘do_action’
| 862 | NLM_F_EXCL | NLM_F_CREATE,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~
| 863 | &argc, &argv);
| | ~~~~~~~~~~~~~
|
+--> ‘tc_action_modify’: events 7-8
|
| 715 | static int tc_action_modify(int cmd, unsigned int flags,
| | ^~~~~~~~~~~~~~~~
| | |
| | (7) entry to ‘tc_action_modify’
|......
| 735 | if (parse_action(&argc, &argv, TCA_ACT_TAB, &req.n)) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) calling ‘parse_action’ from ‘tc_action_modify’
|
+--> ‘parse_action’: events 9-18
|
| 203 | int parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
| | ^~~~~~~~~~~~
| | |
| | (9) entry to ‘parse_action’
|......
| 217 | if (argc <= 0)
| | ~
| | |
| | (10) following ‘false’ branch...
|......
| 220 | tail2 = addattr_nest(n, MAX_MSG, tca_id);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) ...to here
| 221 |
| 222 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (12) following ‘true’ branch...
| 223 |
| 224 | memset(k, 0, sizeof(k));
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (13) ...to here
| 225 |
| 226 | if (strcmp(*argv, "action") == 0) {
| | ~
| | |
| | (14) following ‘true’ branch (when the strings are equal)...
| 227 | argc--;
| | ~~~~~~
| | |
| | (15) ...to here
|......
| 231 | if (!gact_ld)
| | ~
| | |
| | (16) following ‘true’ branch...
| 232 | get_action_kind("gact");
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (17) ...to here
| | (18) calling ‘get_action_kind’ from ‘parse_action’
|
+--> ‘get_action_kind’: events 19-24
|
| 86 | static struct action_util *get_action_kind(char *str)
| | ^~~~~~~~~~~~~~~
| | |
| | (19) entry to ‘get_action_kind’
|......
| 114 | if (a == NULL)
| | ~
| | |
| | (20) following ‘true’ branch (when ‘a’ is NULL)...
| 115 | goto noexist;
| | ~~~~
| | |
| | (21) ...to here
|......
| 124 | if (!looked4gact) {
| | ~
| | |
| | (22) following ‘true’ branch (when ‘looked4gact == 0’)...
| 125 | looked4gact = 1;
| 126 | strcpy(str, "gact");
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (23) ...to here
| | (24) write to string literal here
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Reported as:
tc_exec.c: In function ‘do_exec’:
tc_exec.c:103:18: warning: dereference of NULL ‘eu’ [CWE-476] [-Wanalyzer-null-dereference]
103 | return eu->parse_eopt(eu, argc, argv);
| ~~^~~~~~~~~~~~
‘do_exec’: events 1-6
|
| 81 | int do_exec(int argc, char **argv)
| | ^~~~~~~
| | |
| | (1) entry to ‘do_exec’
|......
| 86 | if (argc < 1) {
| | ~
| | |
| | (2) following ‘false’ branch (when ‘argc > 0’)...
|......
| 91 | if (matches(*argv, "help") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following ‘true’ branch...
|......
| 96 | strncpy(kind, *argv, sizeof(kind) - 1);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| 97 |
| 98 | eu = get_exec_kind(kind);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (6) calling ‘get_exec_kind’ from ‘do_exec’
|
+--> ‘get_exec_kind’: events 7-10
|
| 40 | static struct exec_util *get_exec_kind(const char *name)
| | ^~~~~~~~~~~~~
| | |
| | (7) entry to ‘get_exec_kind’
|......
| 63 | if (eu == NULL)
| | ~
| | |
| | (8) following ‘true’ branch (when ‘eu’ is NULL)...
| 64 | goto noexist;
| | ~~~~
| | |
| | (9) ...to here
|......
| 72 | if (eu) {
| | ~
| | |
| | (10) following ‘false’ branch (when ‘eu’ is NULL)...
|
‘get_exec_kind’: event 11
|
|cc1:
| (11): ...to here
|
<------+
|
‘do_exec’: events 12-13
|
| 98 | eu = get_exec_kind(kind);
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (12) return of NULL to ‘do_exec’ from ‘get_exec_kind’
|......
| 103 | return eu->parse_eopt(eu, argc, argv);
| | ~~~~~~~~~~~~~~
| | |
| | (13) dereference of NULL ‘eu’
|
Fixes: 4bd624467bc6 ("tc: built-in eBPF exec proxy")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
tc_util.c: In function ‘parse_action_control_slash_spaces’:
tc_util.c:488:28: warning: use of uninitialized value ‘result2’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
488 | *result2_p = result2;
| ~~~~~~~~~~~^~~~~~~~~
‘parse_action_control_slash_spaces’: events 1-5
|
| 455 | static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘parse_action_control_slash_spaces’
|......
| 461 | int result1 = -1, result2;
| | ~~~~~~~
| | |
| | (2) region created on stack here
| | (3) capacity: 4 bytes
|......
| 467 | switch (ok) {
| | ~~~~~~
| | |
| | (4) following ‘case 0:’ branch...
|......
| 475 | ret = parse_action_control(&argc, &argv,
| | ~
| | |
| | (5) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
|
+--> ‘parse_action_control’: events 6-7
|
| 432 | return __parse_action_control(argc_p, argv_p, result_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
| | (7) calling ‘__parse_action_control’ from ‘parse_action_control_slash_spaces’
| 433 | allow_num, false);
| | ~~~~~~~~~~~~~~~~~
|
‘__parse_action_control’: events 8-11
|
| 371 | static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p,
| | ^~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) entry to ‘__parse_action_control’
|......
| 378 | if (!argc)
| | ~
| | |
| | (9) following ‘false’ branch (when ‘argc != 0’)...
| 379 | return -1;
| 380 | if (action_a2n(*argv, &result, allow_num) == -1) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (10) ...to here
| | (11) calling ‘action_a2n’ from ‘__parse_action_control’
|
+--> ‘action_a2n’: events 12-16
|
| 335 | int action_a2n(char *arg, int *result, bool allow_num)
| | ^~~~~~~~~~
| | |
| | (12) entry to ‘action_a2n’
|......
| 356 | for (iter = a2n; iter->a; iter++) {
| | ~~~~
| | |
| | (13) following ‘true’ branch...
| 357 | if (matches(arg, iter->a) != 0)
| | ~~~~~~~~~~~~~~~~~~~~~
| | |
| | (14) ...to here
|......
| 366 | if (result)
| | ~
| | |
| | (15) following ‘true’ branch (when ‘result’ is non-NULL)...
| 367 | *result = n;
| | ~~~~~~~~~~~
| | |
| | (16) ...to here
|
<------+
|
‘__parse_action_control’: event 17
|
| 380 | if (action_a2n(*argv, &result, allow_num) == -1) {
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (17) returning to ‘__parse_action_control’ from ‘action_a2n’
|
<------+
|
‘parse_action_control_slash_spaces’: event 18
|
| 475 | ret = parse_action_control(&argc, &argv,
| | ^
| | |
| | (18) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
|
+--> ‘parse_action_control’: event 19
|
| 432 | return __parse_action_control(argc_p, argv_p, result_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (19) returning to ‘parse_action_control_slash_spaces’ from ‘__parse_action_control’
| 433 | allow_num, false);
| | ~~~~~~~~~~~~~~~~~
|
<------+
|
‘parse_action_control_slash_spaces’: events 20-24
|
| 477 | if (ret)
| | ^
| | |
| | (20) following ‘false’ branch...
| 478 | return ret;
| 479 | ok++;
| | ~~~~
| | |
| | (21) ...to here
|......
| 487 | if (ok == 2)
| | ~
| | |
| | (22) following ‘true’ branch (when ‘ok == 2’)...
| 488 | *result2_p = result2;
| | ~~~~~~~~~~~~~~~~~~~~
| | |
| | (23) ...to here
| | (24) use of uninitialized value ‘result2’ here
|
tc_util.c:488:28: warning: use of uninitialized value ‘result2’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
488 | *result2_p = result2;
| ~~~~~~~~~~~^~~~~~~~~
‘parse_action_control_slash’: events 1-5
|
| 505 | int parse_action_control_slash(int *argc_p, char ***argv_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘parse_action_control_slash’
|......
| 510 | char *p = strchr(*argv, '/');
| | ~~~~~~~~~~~~~~~~~~
| | |
| | (2) when ‘strchr’ returns NULL
| 511 |
| 512 | if (!p)
| | ~
| | |
| | (3) following ‘true’ branch (when ‘p’ is NULL)...
| 513 | return parse_action_control_slash_spaces(argc_p, argv_p,
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) calling ‘parse_action_control_slash_spaces’ from ‘parse_action_control_slash’
| 514 | result1_p, result2_p,
| | ~~~~~~~~~~~~~~~~~~~~~
| 515 | allow_num);
| | ~~~~~~~~~~
|
+--> ‘parse_action_control_slash_spaces’: events 6-10
|
| 455 | static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) entry to ‘parse_action_control_slash_spaces’
|......
| 461 | int result1 = -1, result2;
| | ~~~~~~~
| | |
| | (7) region created on stack here
| | (8) capacity: 4 bytes
|......
| 467 | switch (ok) {
| | ~~~~~~
| | |
| | (9) following ‘case 0:’ branch...
|......
| 475 | ret = parse_action_control(&argc, &argv,
| | ~
| | |
| | (10) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
|
+--> ‘parse_action_control’: events 11-12
|
| 432 | return __parse_action_control(argc_p, argv_p, result_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (11) ...to here
| | (12) calling ‘__parse_action_control’ from ‘parse_action_control_slash_spaces’
| 433 | allow_num, false);
| | ~~~~~~~~~~~~~~~~~
|
‘__parse_action_control’: events 13-16
|
| 371 | static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p,
| | ^~~~~~~~~~~~~~~~~~~~~~
| | |
| | (13) entry to ‘__parse_action_control’
|......
| 378 | if (!argc)
| | ~
| | |
| | (14) following ‘false’ branch (when ‘argc != 0’)...
| 379 | return -1;
| 380 | if (action_a2n(*argv, &result, allow_num) == -1) {
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) ...to here
| | (16) calling ‘action_a2n’ from ‘__parse_action_control’
|
+--> ‘action_a2n’: events 17-21
|
| 335 | int action_a2n(char *arg, int *result, bool allow_num)
| | ^~~~~~~~~~
| | |
| | (17) entry to ‘action_a2n’
|......
| 356 | for (iter = a2n; iter->a; iter++) {
| | ~~~~
| | |
| | (18) following ‘true’ branch...
| 357 | if (matches(arg, iter->a) != 0)
| | ~~~~~~~~~~~~~~~~~~~~~
| | |
| | (19) ...to here
|......
| 366 | if (result)
| | ~
| | |
| | (20) following ‘true’ branch (when ‘result’ is non-NULL)...
| 367 | *result = n;
| | ~~~~~~~~~~~
| | |
| | (21) ...to here
|
<------+
|
‘__parse_action_control’: event 22
|
| 380 | if (action_a2n(*argv, &result, allow_num) == -1) {
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (22) returning to ‘__parse_action_control’ from ‘action_a2n’
|
<------+
|
‘parse_action_control_slash_spaces’: event 23
|
| 475 | ret = parse_action_control(&argc, &argv,
| | ^
| | |
| | (23) inlined call to ‘parse_action_control’ from ‘parse_action_control_slash_spaces’
|
+--> ‘parse_action_control’: event 24
|
| 432 | return __parse_action_control(argc_p, argv_p, result_p,
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (24) returning to ‘parse_action_control_slash_spaces’ from ‘__parse_action_control’
| 433 | allow_num, false);
| | ~~~~~~~~~~~~~~~~~
|
<------+
|
‘parse_action_control_slash_spaces’: events 25-29
|
| 477 | if (ret)
| | ^
| | |
| | (25) following ‘false’ branch...
| 478 | return ret;
| 479 | ok++;
| | ~~~~
| | |
| | (26) ...to here
|......
| 487 | if (ok == 2)
| | ~
| | |
| | (27) following ‘true’ branch (when ‘ok == 2’)...
| 488 | *result2_p = result2;
| | ~~~~~~~~~~~~~~~~~~~~
| | |
| | (28) ...to here
| | (29) use of uninitialized value ‘result2’ here
|
Fixes: e67aba559581 ("tc: actions: add helpers to parse and print control actions")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
When run with -fanalyzer.
tc_filter.c: In function ‘tc_filter_list’:
tc_filter.c:718:17: warning: use of uninitialized value ‘chain_index’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
‘do_chain’: events 1-4
|
| 772 | int do_chain(int argc, char **argv)
| | ^~~~~~~~
| | |
| | (1) entry to ‘do_chain’
| 773 | {
| 774 | if (argc < 1)
| | ~
| | |
| | (2) following ‘true’ branch (when ‘argc <= 0’)...
| 775 | return tc_filter_list(RTM_GETCHAIN, 0, NULL);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| | (4) calling ‘tc_filter_list’ from ‘do_chain’
|
+--> ‘tc_filter_list’: events 5-8
|
| 582 | static int tc_filter_list(int cmd, int argc, char **argv)
| | ^~~~~~~~~~~~~~
| | |
| | (5) entry to ‘tc_filter_list’
|......
| 597 | __u32 chain_index;
| | ~~~~~~~~~~~
| | |
| | (6) region created on stack here
| | (7) capacity: 4 bytes
|......
| 601 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (8) following ‘false’ branch (when ‘argc <= 0’)...
|
‘tc_filter_list’: event 9
|
|../include/uapi/linux/pkt_sched.h:72:35:
| 72 | #define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK))
| | ~~~~~~^~~~~~~~~~~~~~~
| | |
| | (9) ...to here
tc_filter.c:698:26: note: in expansion of macro ‘TC_H_MAKE’
| 698 | req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
| | ^~~~~~~~~
|
‘tc_filter_list’: events 10-16
|
| 702 | if (d[0]) {
| | ^
| | |
| | (10) following ‘false’ branch...
|......
| 707 | } else if (block_index) {
| | ~~~~~~~~~~~~
| | ||
| | |(11) ...to here
| | (12) following ‘false’ branch...
|......
| 717 | if (filter_chain_index_set)
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(13) ...to here
| | (14) following ‘true’ branch...
| 718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) ...to here
| | (16) use of uninitialized value ‘chain_index’ here
|
tc_filter.c:718:17: warning: use of uninitialized value ‘chain_index’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
‘do_filter’: events 1-4
|
| 744 | int do_filter(int argc, char **argv)
| | ^~~~~~~~~
| | |
| | (1) entry to ‘do_filter’
| 745 | {
| 746 | if (argc < 1)
| | ~
| | |
| | (2) following ‘true’ branch (when ‘argc <= 0’)...
| 747 | return tc_filter_list(RTM_GETTFILTER, 0, NULL);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| | (4) calling ‘tc_filter_list’ from ‘do_filter’
|
+--> ‘tc_filter_list’: events 5-8
|
| 582 | static int tc_filter_list(int cmd, int argc, char **argv)
| | ^~~~~~~~~~~~~~
| | |
| | (5) entry to ‘tc_filter_list’
|......
| 597 | __u32 chain_index;
| | ~~~~~~~~~~~
| | |
| | (6) region created on stack here
| | (7) capacity: 4 bytes
|......
| 601 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (8) following ‘false’ branch (when ‘argc <= 0’)...
|
‘tc_filter_list’: event 9
|
|../include/uapi/linux/pkt_sched.h:72:35:
| 72 | #define TC_H_MAKE(maj,min) (((maj)&TC_H_MAJ_MASK)|((min)&TC_H_MIN_MASK))
| | ~~~~~~^~~~~~~~~~~~~~~
| | |
| | (9) ...to here
tc_filter.c:698:26: note: in expansion of macro ‘TC_H_MAKE’
| 698 | req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
| | ^~~~~~~~~
|
‘tc_filter_list’: events 10-16
|
| 702 | if (d[0]) {
| | ^
| | |
| | (10) following ‘false’ branch...
|......
| 707 | } else if (block_index) {
| | ~~~~~~~~~~~~
| | ||
| | |(11) ...to here
| | (12) following ‘false’ branch...
|......
| 717 | if (filter_chain_index_set)
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(13) ...to here
| | (14) following ‘true’ branch...
| 718 | addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (15) ...to here
| | (16) use of uninitialized value ‘chain_index’ here
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
iproute_lwtunnel.c: In function ‘parse_srh’:
iproute_lwtunnel.c:903:9: warning: use of possibly-NULL ‘srh’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
903 | memset(srh, 0, srhlen);
| ^~~~~~~~~~~~~~~~~~~~~~
‘parse_srh’: events 1-2
|
| 902 | srh = malloc(srhlen);
| | ^~~~~~~~~~~~~~
| | |
| | (1) this call could return NULL
| 903 | memset(srh, 0, srhlen);
| | ~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) argument 1 (‘srh’) from (1) could be NULL where non-null expected
|
In file included from iproute_lwtunnel.c:13:
/usr/include/string.h:61:14: note: argument 1 of ‘memset’ must be non-null
61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1));
| ^~~~~~
iproute_lwtunnel.c: In function ‘parse_encap_seg6’:
iproute_lwtunnel.c:980:9: warning: use of possibly-NULL ‘tuninfo’ where non-null expected [CWE-690] [-Wanalyzer-possible-null-argument]
980 | memset(tuninfo, 0, sizeof(*tuninfo) + srhlen);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
‘parse_encap_seg6’: events 1-2
|
| 934 | static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp,
| | ^~~~~~~~~~~~~~~~
| | |
| | (1) entry to ‘parse_encap_seg6’
|......
| 976 | srh = parse_srh(segbuf, hmac, encap);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) calling ‘parse_srh’ from ‘parse_encap_seg6’
|
+--> ‘parse_srh’: events 3-5
|
| 882 | static struct ipv6_sr_hdr *parse_srh(char *segbuf, int hmac, bool encap)
| | ^~~~~~~~~
| | |
| | (3) entry to ‘parse_srh’
|......
| 922 | if (hmac) {
| | ~
| | |
| | (4) following ‘false’ branch (when ‘hmac == 0’)...
|......
| 931 | return srh;
| | ~~~
| | |
| | (5) ...to here
|
<------+
|
‘parse_encap_seg6’: events 6-8
|
| 976 | srh = parse_srh(segbuf, hmac, encap);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) returning to ‘parse_encap_seg6’ from ‘parse_srh’
|......
| 979 | tuninfo = malloc(sizeof(*tuninfo) + srhlen);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) this call could return NULL
| 980 | memset(tuninfo, 0, sizeof(*tuninfo) + srhlen);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) argument 1 (‘tuninfo’) from (7) could be NULL where non-null expected
|
/usr/include/string.h:61:14: note: argument 1 of ‘memset’ must be non-null
61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1));
| ^~~~~~
iproute_lwtunnel.c: In function ‘parse_rpl_srh’:
iproute_lwtunnel.c:1018:21: warning: dereference of possibly-NULL ‘srh’ [CWE-690] [-Wanalyzer-possible-null-dereference]
1018 | srh->hdrlen = (srhlen >> 3) - 1;
| ~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
‘parse_rpl_srh’: events 1-2
|
| 1016 | srh = calloc(1, srhlen);
| | ^~~~~~~~~~~~~~~~~
| | |
| | (1) this call could return NULL
| 1017 |
| 1018 | srh->hdrlen = (srhlen >> 3) - 1;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ‘srh’ could be NULL: unchecked value from (1)
|
Fixes: 00e76d4da37f ("iproute: add helper functions for SRH processing")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Found by -fanalyzer. This is a bug since beginning of initial
versions of ip multicast support (pre git).
ipmaddr.c: In function ‘read_dev_mcast’:
ipmaddr.c:105:25: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference]
105 | memcpy(ma, &m, sizeof(m));
| ^~~~~~~~~~~~~~~~~~~~~~~~~
‘do_multiaddr’: events 1-4
|
| 354 | int do_multiaddr(int argc, char **argv)
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘do_multiaddr’
| 355 | {
| 356 | if (argc < 1)
| | ~
| | |
| | (2) following ‘true’ branch (when ‘argc <= 0’)...
| 357 | return multiaddr_list(0, NULL);
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| | (4) calling ‘multiaddr_list’ from ‘do_multiaddr’
|
+--> ‘multiaddr_list’: events 5-10
|
| 255 | static int multiaddr_list(int argc, char **argv)
| | ^~~~~~~~~~~~~~
| | |
| | (5) entry to ‘multiaddr_list’
|......
| 262 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (6) following ‘false’ branch (when ‘argc <= 0’)...
|......
| 275 | if (!filter.family || filter.family == AF_PACKET)
| | ~ ~~~~~~~~~~~~~
| | | |
| | | (7) ...to here
| | (8) following ‘true’ branch...
| 276 | read_dev_mcast(&list);
| | ~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| | (10) calling ‘read_dev_mcast’ from ‘multiaddr_list’
|
+--> ‘read_dev_mcast’: events 11-12
|
| 82 | static void read_dev_mcast(struct ma_info **result_p)
| | ^~~~~~~~~~~~~~
| | |
| | (11) entry to ‘read_dev_mcast’
|......
| 87 | if (!fp)
| | ~
| | |
| | (12) following ‘false’ branch (when ‘fp’ is non-NULL)...
|
‘read_dev_mcast’: event 13
|
|cc1:
| (13): ...to here
|
‘read_dev_mcast’: events 14-17
|
| 90 | while (fgets(buf, sizeof(buf), fp)) {
| | ^~~~~
| | |
| | (14) following ‘true’ branch...
| 91 | char hexa[256];
| 92 | struct ma_info m = { .addr.family = AF_PACKET };
| | ~
| | |
| | (15) ...to here
|......
| 103 | struct ma_info *ma = malloc(sizeof(m));
| | ~~~~~~~~~~~~~~~~~
| | |
| | (16) this call could return NULL
| 104 |
| 105 | memcpy(ma, &m, sizeof(m));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (17) ‘ma’ could be NULL: unchecked value from (16)
|
ipmaddr.c: In function ‘read_igmp’:
ipmaddr.c:152:17: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference]
152 | memcpy(ma, &m, sizeof(m));
| ^~~~~~~~~~~~~~~~~~~~~~~~~
‘do_multiaddr’: events 1-4
|
| 354 | int do_multiaddr(int argc, char **argv)
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘do_multiaddr’
| 355 | {
| 356 | if (argc < 1)
| | ~
| | |
| | (2) following ‘true’ branch (when ‘argc <= 0’)...
| 357 | return multiaddr_list(0, NULL);
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| | (4) calling ‘multiaddr_list’ from ‘do_multiaddr’
|
+--> ‘multiaddr_list’: events 5-10
|
| 255 | static int multiaddr_list(int argc, char **argv)
| | ^~~~~~~~~~~~~~
| | |
| | (5) entry to ‘multiaddr_list’
|......
| 262 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (6) following ‘false’ branch (when ‘argc <= 0’)...
|......
| 275 | if (!filter.family || filter.family == AF_PACKET)
| | ~~~~~~~~~~~~~
| | |
| | (7) ...to here
| 276 | read_dev_mcast(&list);
| 277 | if (!filter.family || filter.family == AF_INET)
| | ~
| | |
| | (8) following ‘true’ branch...
| 278 | read_igmp(&list);
| | ~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| | (10) calling ‘read_igmp’ from ‘multiaddr_list’
|
+--> ‘read_igmp’: events 11-14
|
| 116 | static void read_igmp(struct ma_info **result_p)
| | ^~~~~~~~~
| | |
| | (11) entry to ‘read_igmp’
|......
| 126 | if (!fp)
| | ~
| | |
| | (12) following ‘false’ branch (when ‘fp’ is non-NULL)...
| 127 | return;
| 128 | if (!fgets(buf, sizeof(buf), fp)) {
| | ~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
| | | (13) ...to here
| | (14) following ‘false’ branch...
|
‘read_igmp’: event 15
|
|cc1:
| (15): ...to here
|
‘read_igmp’: events 16-19
|
| 133 | while (fgets(buf, sizeof(buf), fp)) {
| | ^~~~~
| | |
| | (16) following ‘true’ branch...
|......
| 136 | if (buf[0] != '\t') {
| | ~~~~~~
| | |
| | (17) ...to here
|......
| 151 | ma = malloc(sizeof(m));
| | ~~~~~~~~~~~~~~~~~
| | |
| | (18) this call could return NULL
| 152 | memcpy(ma, &m, sizeof(m));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (19) ‘ma’ could be NULL: unchecked value from (18)
|
ipmaddr.c: In function ‘read_igmp6’:
ipmaddr.c:181:25: warning: dereference of possibly-NULL ‘ma’ [CWE-690] [-Wanalyzer-possible-null-dereference]
181 | memcpy(ma, &m, sizeof(m));
| ^~~~~~~~~~~~~~~~~~~~~~~~~
‘do_multiaddr’: events 1-4
|
| 354 | int do_multiaddr(int argc, char **argv)
| | ^~~~~~~~~~~~
| | |
| | (1) entry to ‘do_multiaddr’
| 355 | {
| 356 | if (argc < 1)
| | ~
| | |
| | (2) following ‘true’ branch (when ‘argc <= 0’)...
| 357 | return multiaddr_list(0, NULL);
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (3) ...to here
| | (4) calling ‘multiaddr_list’ from ‘do_multiaddr’
|
+--> ‘multiaddr_list’: events 5-10
|
| 255 | static int multiaddr_list(int argc, char **argv)
| | ^~~~~~~~~~~~~~
| | |
| | (5) entry to ‘multiaddr_list’
|......
| 262 | while (argc > 0) {
| | ~~~~~~~~
| | |
| | (6) following ‘false’ branch (when ‘argc <= 0’)...
|......
| 275 | if (!filter.family || filter.family == AF_PACKET)
| | ~~~~~~~~~~~~~
| | |
| | (7) ...to here
|......
| 279 | if (!filter.family || filter.family == AF_INET6)
| | ~
| | |
| | (8) following ‘true’ branch...
| 280 | read_igmp6(&list);
| | ~~~~~~~~~~~~~~~~~
| | |
| | (9) ...to here
| | (10) calling ‘read_igmp6’ from ‘multiaddr_list’
|
+--> ‘read_igmp6’: events 11-12
|
| 159 | static void read_igmp6(struct ma_info **result_p)
| | ^~~~~~~~~~
| | |
| | (11) entry to ‘read_igmp6’
|......
| 164 | if (!fp)
| | ~
| | |
| | (12) following ‘false’ branch (when ‘fp’ is non-NULL)...
|
‘read_igmp6’: event 13
|
|cc1:
| (13): ...to here
|
‘read_igmp6’: events 14-17
|
| 167 | while (fgets(buf, sizeof(buf), fp)) {
| | ^~~~~
| | |
| | (14) following ‘true’ branch...
| 168 | char hexa[256];
| 169 | struct ma_info m = { .addr.family = AF_INET6 };
| | ~
| | |
| | (15) ...to here
|......
| 179 | struct ma_info *ma = malloc(sizeof(m));
| | ~~~~~~~~~~~~~~~~~
| | |
| | (16) this call could return NULL
| 180 |
| 181 | memcpy(ma, &m, sizeof(m));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (17) ‘ma’ could be NULL: unchecked value from (16)
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Fixes the problem identified -fanalyzer.
Why did rdma choose to reimplement the same function as
exiting glibc pthread_getname().
fs.c: In function ‘get_task_name’:
fs.c:355:12: warning: leak of FILE ‘f’ [CWE-775] [-Wanalyzer-file-leak]
355 | if (!fgets(name, len, f))
| ^
‘get_task_name’: events 1-9
|
| 345 | if (!pid)
| | ^
| | |
| | (1) following ‘false’ branch (when ‘pid != 0’)...
|......
| 348 | if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path))
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(2) ...to here
| | (3) following ‘false’ branch...
|......
| 351 | f = fopen(path, "r");
| | ~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) opened here
| 352 | if (!f)
| | ~
| | |
| | (6) assuming ‘f’ is non-NULL
| | (7) following ‘false’ branch (when ‘f’ is non-NULL)...
|......
| 355 | if (!fgets(name, len, f))
| | ~ ~~~~~~~~~~~~~~~~~~~
| | | |
| | | (8) ...to here
| | (9) following ‘true’ branch...
|
‘get_task_name’: event 10
|
|cc1:
| (10): ...to here
|
‘get_task_name’: event 11
|
| 355 | if (!fgets(name, len, f))
| | ^
| | |
| | (11) ‘f’ leaks here; was opened at (5)
|
fs.c:355:12: warning: leak of ‘f’ [CWE-401] [-Wanalyzer-malloc-leak]
‘get_task_name’: events 1-9
|
| 345 | if (!pid)
| | ^
| | |
| | (1) following ‘false’ branch (when ‘pid != 0’)...
|......
| 348 | if (snprintf(path, sizeof(path), "/proc/%d/comm", pid) >= sizeof(path))
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(2) ...to here
| | (3) following ‘false’ branch...
|......
| 351 | f = fopen(path, "r");
| | ~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| | (5) allocated here
| 352 | if (!f)
| | ~
| | |
| | (6) assuming ‘f’ is non-NULL
| | (7) following ‘false’ branch (when ‘f’ is non-NULL)...
|......
| 355 | if (!fgets(name, len, f))
| | ~ ~~~~~~~~~~~~~~~~~~~
| | | |
| | | (8) ...to here
| | (9) following ‘true’ branch...
|
‘get_task_name’: event 10
|
|cc1:
| (10): ...to here
|
‘get_task_name’: event 11
|
| 355 | if (!fgets(name, len, f))
| | ^
| | |
| | (11) ‘f’ leaks here; was allocated at (5)
Fixes: 81bfd01a4c9e ("lib: move get_task_name() from rdma")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Record the maintainers of subsections of iproute2.
The subtree maintainers are based off of most recent current
patches and maintainer of kernel portion of that subsystem.
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Acked-by: Petr Machata <me@pmachata.org> # For DCB
Acked-by: Parav Pandit <parav@nvidia.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: zhaoshuang <izhaoshuang@163.com>
Reviewed-by: Pawel Chmielewski <pawel.chmielewski@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
There is no reason to open this netns file. set_netnsid_from_name() uses
netns_get_fd() for this purpose and uses the returned fd.
Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: d182ee1307c7 ("ipnetns: allow to get and set netns ids")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add missing articles and replace use of passive voice.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add support for reporting the device protocol.
11: mlx5_0: node_type ca protocol roce fw 12.28.2006
node_guid 248a:0703:004b:f094 sys_image_guid 248a:0703:004b:f094
12: mlx5_1: node_type ca protocol ib fw 12.28.2006
node_guid 248a:0703:0049:d4f0 sys_image_guid 248a:0703:0049:d4f0
13: mlx5_2: node_type ca protocol ib fw 12.28.2006
node_guid 248a:0703:0049:d4f1 sys_image_guid 248a:0703:0049:d4f0
19: siw0: node_type rnic protocol iw node_guid 0200:00ff:fe00:0000
sys_image_guid 0200:00ff:fe00:0000
Signed-off-by: Kamal Heib <kheib@redhat.com>
Acked-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
The function free() handles the case wher argument is NULL
by doing nothing. So the extra checks are not needed.
Found by modified version of kernel coccinelle script.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
All kernel header files should come from local copy of sanitized
headers, rather than relying on what Linux distribution ships.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
a small grammatical error has been idenfied in the ip-rule(8) man page
Signed-off-by: Bilal Khan <bilalkhanrecovered@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
|
|
|
|
The devlink utility stores an interface map that can be used to map an
interface name to a devlink port and vice versa. The map is populated by
issuing a devlink port dump via 'DEVLINK_CMD_PORT_GET' command.
Cited commits started to populate the map only when it is actually
needed. One such case is when a dump (e.g., shared buffer dump) only
returns devlink port handles. When pretty printing is required, the
utility will consult the map to translate the devlink port handles to
the corresponding interface names.
The above is problematic as it means that the port dump response(s) will
be queued to the same receive buffer as the response(s) of the dump that
triggered the port dump, resulting in a failed dump [1].
Fix by using a different netlink socket for the population of the
interface map.
[1]
$ devlink sb tc bind show
kernel answers: Device or resource busy
Failed to create index map
//0:
sb 0 tc 4 type egress pool 4 threshold 9
kernel answers: Device or resource busy
[...]
$ echo $?
1
Fixes: 5cddbb274eab ("devlink: load port-ifname map on demand")
Fixes: 63d84b1fc98d ("devlink: load ifname map on demand from ifname_map_rev_lookup() as well")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add support for the per-port neigh_vlan_suppress option. Example:
# bridge link set dev swp1 neigh_vlan_suppress on
# bridge -d -j -p link show dev swp1
[ {
"ifindex": 62,
"ifname": "swp1",
"flags": [ "BROADCAST","NOARP","UP","LOWER_UP" ],
"mtu": 1500,
"master": "br0",
"state": "forwarding",
"priority": 32,
"cost": 100,
"hairpin": false,
"guard": false,
"root_block": false,
"fastleave": false,
"learning": true,
"flood": true,
"mcast_flood": true,
"bcast_flood": true,
"mcast_router": 1,
"mcast_to_unicast": false,
"neigh_suppress": false,
"neigh_vlan_suppress": true,
"vlan_tunnel": false,
"isolated": false,
"locked": false,
"mab": false,
"mcast_n_groups": 0,
"mcast_max_groups": 0
} ]
# bridge -d link show dev swp1
62: swp1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress on vlan_tunnel off isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
# bridge link set dev swp1 neigh_vlan_suppress off
# bridge -d -j -p link show dev swp1
[ {
"ifindex": 62,
"ifname": "swp1",
"flags": [ "BROADCAST","NOARP","UP","LOWER_UP" ],
"mtu": 1500,
"master": "br0",
"state": "forwarding",
"priority": 32,
"cost": 100,
"hairpin": false,
"guard": false,
"root_block": false,
"fastleave": false,
"learning": true,
"flood": true,
"mcast_flood": true,
"bcast_flood": true,
"mcast_router": 1,
"mcast_to_unicast": false,
"neigh_suppress": false,
"neigh_vlan_suppress": false,
"vlan_tunnel": false,
"isolated": false,
"locked": false,
"mab": false,
"mcast_n_groups": 0,
"mcast_max_groups": 0
} ]
# bridge -d link show dev swp1
62: swp1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on bcast_flood on mcast_router 1 mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off vlan_tunnel off isolated off locked off mab off mcast_n_groups 0 mcast_max_groups 0
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add support for the per-VLAN neigh_suppress option. Example:
# bridge vlan set vid 10 dev swp1 neigh_suppress on
# bridge -d -j -p vlan show dev swp1 vid 10
[ {
"ifname": "swp1",
"vlans": [ {
"vlan": 10,
"state": "forwarding",
"mcast_router": 1,
"neigh_suppress": true
} ]
} ]
# bridge -d vlan show dev swp1 vid 10
port vlan-id
swp1 10
state forwarding mcast_router 1 neigh_suppress on
# bridge vlan set vid 10 dev swp1 neigh_suppress off
# bridge -d -j -p vlan show dev swp1 vid 10
[ {
"ifname": "swp1",
"vlans": [ {
"vlan": 10,
"state": "forwarding",
"mcast_router": 1,
"neigh_suppress": false
} ]
} ]
# bridge -d vlan show dev swp1 vid 10
port vlan-id
swp1 10
state forwarding mcast_router 1 neigh_suppress off
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Vladimir Oltean says:
====================
This is the iproute2 support for the tc program to make use of the
kernel features added in commit f7d29571ab0a ("Merge branch
'add-kernel-tc-mqprio-and-tc-taprio-support-for-preemptible-traffic-classes'").
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add support for the same kind of "fp" array argument as in mqprio,
except here we already have some handling for per-tc entries (max-sdu).
We just need to expand that logic such that we also add (and parse) the
FP adminStatus property of each traffic class.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Add support for the "fp" argument in tc-mqprio, which takes an array
of letters "E" (for express) or "P" (for preemptible), one per traffic
class, and transforms them into TCA_MQPRIO_TC_ENTRY_FP u32 attributes of
the TCA_MQPRIO_TC_ENTRY nest. We also dump these new netlink attributes
when they come from the kernel.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
There is already a min() definition, add this below it.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Currently, the output of "tc qdisc add dev lo taprio help" looks
absolutely horrible, it looks better in the source code. Put new lines
in the output everywhere where the text switches to a new line in the
source code.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
tc-taprio(8) has a synopsis which is much easier to follow, because it
breaks up the command line arguments on multiple lines. Do this in
tc-mqprio(8) too.
Also, the highlighting (bold) of the keywords is all wrong. Take the
opportunity to fix that.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
bw_rlimit
It is confusing and easy to get lost in the soup of brackets when trying
to explain that min_rate and max_rate are only accepted as optional
arguments when "shaper" takes the value "bw_rlimit".
Before (synopsis):
[ shaper dcb| [ bw_rlimit min_rate min_rate1 min_rate2 ... max_rate max_rate1 max_rate2 ... ]]
After (synopsis):
[ shaper dcb|bw_rlimit ] [ min_rate min_rate1 min_rate2 ... ] [ max_rate max_rate1 max_rate2 ... ]
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The closing ] bracket doesn't close anything, it is extraneous.
Remove it.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Since kernel commit a3d91b2c6f6b ("net/sched: taprio: warn about missing
size table"), the kernel emits a warning netlink extack if the user
doesn't specify a stab. We want the user be aware of the fact that the
L1 overhead is determined by taprio exactly based on the overhead of the
stab, so we want to encourage users to add a size table to the Qdisc.
Teach them how.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Although the max-sdu argument is documented in the PARAMETERS section,
it is absent from the SYNOPSIS. Add it there too.
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit:
fbc1449d385d ("Merge tag 'mlx5-updates-2023-04-20' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
'ip link set foo netns /proc/1/ns/net' is a valid command.
Let's update the doc accordingly.
Fixes: 0dc34c7713bb ("iproute2: Add processless network namespace support")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Use NETNSNAME everywhere to ensure consistency between man pages and help
of the 'ip' command.
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Use tabs instead of spaces to be consistent with the rest of the
options.
Before:
$ ip link help bridge_slave
Usage: ... bridge_slave [ fdb_flush ]
[...]
[ vlan_tunnel {on | off} ]
[ isolated {on | off} ]
[ locked {on | off} ]
[ mab {on | off} ]
[ backup_port DEVICE ] [ nobackup_port ]
After:
$ ip link help bridge_slave
Usage: ... bridge_slave [ fdb_flush ]
[...]
[ vlan_tunnel {on | off} ]
[ isolated {on | off} ]
[ locked {on | off} ]
[ mab {on | off} ]
[ backup_port DEVICE ] [ nobackup_port ]
Fixes: 05f1164fe811 ("bridge: link: Add MAC Authentication Bypass (MAB) support")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Remove trailing blanks.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Avoid assuming that segbuf is 1024 bytes. Use sizeof() in
places where it is being updated.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The code for parsing segments in lwtunnel would trigger a warning
about strncpy if address sanitizer was enabled. Simpler to just
use strlcpy() like elsewhere.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The same tag "dst" was being used for both the route destination
and the encap destination. This made it hard for JSON parsers.
Change to put the per-encap information under a nested JSON
object (similar to ip link type info).
Original output
[ {
"dst": "192.168.11.0/24",
"encap": "ip6",
"id": 0,
"src": "::",
"dst": "fd00::c0a8:2dd",
"hoplimit": 0,
"tc": 0,
"protocol": "5",
"scope": "link",
"flags": [ ]
} ]
Revised output
[ {
"dst": "192.168.11.0/24",
"encap": {
"encap_type": "ip6",
"id": 0,
"src": "::",
"dst": "fd00::c0a8:2dd",
"hoplimit": 0,
"tc": 0
},
"protocol": "5",
"scope": "link",
"flags": [ ]
} ]
Reported-by: Lars Ekman <uablrek@gmail.com>
Fixes: 663c3cb23103 ("iproute: implement JSON and color output")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The tunnel encap type is passed as unsigned 16 bit value
in/out of kernel. Keep it unsigned in the encode/decode
logic.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
If attempt is made to change an IPv6 tunnel by using IPv4
parameters, a stack overflow would happen and garbage request
would be passed to kernel.
Example:
ip tunnel add gre1 mode ip6gre local 2001:db8::1 remote 2001:db8::2 ttl 255
ip tunnel change gre1 mode gre local 192.168.0.0 remote 192.168.0.1 ttl 255
The second command should fail because it attempting set IPv4 addresses
on a GRE tunnel that is IPv6.
Do best effort detection of this mismatch by giving a bigger buffer to get
tunnel request, and checking that the IP header is IPv4. It is still possible
but unlikely that byte would match in IPv6 tunnel paramater, but good enough
to catch the obvious cases.
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032642
Tested-by: Luca Boccassi <bluca@debian.org>
Reported-by: Robin <imer@imer.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
add control plane for setting TCA_TUNNEL_KEY_NO_FRAG flag on
act_tunnel_key actions.
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit:
e28531143b25 ("net: ethernet: mtk_eth_soc: mtk_ppe: prefer newly added l2 flows")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
The help text claims that setdefault takes ACTION values, ie block |
allow. In reality, xfrm_str_to_policy takes block | accept.
We could also fix that by changing the help text/manpage, but then
it'd be frustrating to have multiple ACTION with similar values used
in different subcommands.
I'm not changing the output in xfrm_policy_to_str because some
userspace somewhere probably depends on the "accept" value.
Fixes: 76b30805f9f6 ("xfrm: enable to manage default policies")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Petr Machata says:
====================
IPv4 and IPv6 addresses can be assigned a protocol value that indicates the
provenance of the IP address. The attribute is modeled after ip route
protocols, and essentially allows the administrator or userspace stack to
tag addresses in some way that makes sense to the actor in question.
Support for this feature was merged with commit 47f0bd503210 ("net: Add new
protocol attribute to IP addresses"), for kernel 5.18.
In this patchset, add support for setting the protocol attribute at IP
address addition, replacement, and listing requests.
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
IPv4 and IPv6 addresses can be assigned a protocol value that indicates the
provenance of the IP address. The attribute is modeled after ip route
protocols, and essentially allows the administrator or userspace stack to
tag addresses in some way that makes sense to the actor in question.
Support for this feature was merged with commit 47f0bd503210 ("net: Add new
protocol attribute to IP addresses"), for kernel 5.18.
In this patch, add support for setting the protocol attribute at IP address
addition, replacement, and listing requests.
An example session with the feature in action:
# ip address add dev d 192.0.2.1/28 proto 0xab
# ip address show dev d
26: d: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 06:29:74:fd:1f:eb brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/28 scope global proto 0xab d
valid_lft forever preferred_lft forever
# ip address replace dev d 192.0.2.1/28 proto 0x11
# ip address show dev d
26: d: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 06:29:74:fd:1f:eb brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/28 scope global proto 0x11 d
valid_lft forever preferred_lft forever
A JSON dump. The protocol value is always provided as a string, even in
numeric mode, to provide a consistent interface.
# ip -j address show dev d | jq
[
{
"ifindex": 26,
"ifname": "d",
"flags": [
"BROADCAST",
"NOARP"
],
"mtu": 1500,
"qdisc": "noop",
"operstate": "DOWN",
"group": "default",
"txqlen": 1000,
"link_type": "ether",
"address": "06:29:74:fd:1f:eb",
"broadcast": "ff:ff:ff:ff:ff:ff",
"addr_info": [
{
"family": "inet",
"local": "192.0.2.1",
"prefixlen": 28,
"scope": "global",
"protocol": "0x11",
"label": "d",
"valid_life_time": 4294967295,
"preferred_life_time": 4294967295
}
]
}
]
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
This patch adds support for setting the broadcast queueing threshold
on macvlan devices. This controls which multicast packets will be
processed in a workqueue instead of inline.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
ip/iplink_macvlan.c | 26 ++++++++++++++++++++++++--
man/man8/ip-link.8.in | 18 ++++++++++++++++++
3 files changed, 43 insertions(+), 2 deletions(-)
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit:
da617cd8d906 ("smsc911x: remove superfluous variable init")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Ido Schimmel says:
====================
Add support for new VXLAN MDB attributes.
See kernel merge commit abf36703d704 ("Merge branch
'vxlan-MDB-support'") for background and motivation.
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Document the catchall MDB entries used to transmit IPv4 and IPv6
unregistered multicast packets.
In deployments where inter-subnet multicast forwarding is used, not all
the VTEPs in a tenant domain are members in all the broadcast domains.
It is therefore advantageous to transmit BULL (broadcast, unknown
unicast and link-local multicast) and unregistered IP multicast traffic
on different tunnels. If the same tunnel was used, a VTEP only
interested in IP multicast traffic would also pull all the BULL traffic
and drop it as it is not a member in the originating broadcast domain
[1].
[1] https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast#section-2.6
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
|
|
In a similar fashion to VXLAN FDB entries, allow user space to program
and view the outgoing interface of VXLAN MDB entries. Specifically, add
support for the 'MDBE_ATTR_IFINDEX' and 'MDBA_MDB_EATTR_IFINDEX'
attributes in request and response messages, respectively.
The outgoing interface will be forced during the underlay route lookup
and is required when the underlay destination IP is multicast, as the
multicast routing tables are not consulted.
Example:
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 198.51.100.1 via dummy10
$ bridge -d -s mdb show
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 198.51.100.1 via dummy10 0.00
$ bridge -d -s -j -p mdb show
[ {
"mdb": [ {
"index": 10,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "198.51.100.1",
"via": "dummy10",
"timer": " 0.00"
} ],
"router": {}
} ]
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
|
|
In a similar fashion to VXLAN FDB entries, allow user space to program
and view the source VNI of VXLAN MDB entries. Specifically, add support
for the 'MDBE_ATTR_SRC_VNI' and 'MDBA_MDB_EATTR_SRC_VNI' attributes in
request and response messages, respectively.
The source VNI is only relevant when the VXLAN device is in external
mode, where multiple VNIs can be multiplexed over a single VXLAN device.
Example:
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 198.51.100.1 src_vni 2222
$ bridge -d -s mdb show
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 198.51.100.1 src_vni 2222 0.00
$ bridge -d -s -j -p mdb show
[ {
"mdb": [ {
"index": 16,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "198.51.100.1",
"src_vni": 2222,
"timer": " 0.00"
} ],
"router": {}
} ]
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
|
|
In a similar fashion to VXLAN FDB entries, allow user space to program
and view the destination VNI of VXLAN MDB entries. Specifically, add
support for the 'MDBE_ATTR_VNI' and 'MDBA_MDB_EATTR_VNI' attributes in
request and response messages, respectively.
This is useful when ingress replication (IR) is used and the destination
VXLAN tunnel endpoint (VTEP) is not a member of the source broadcast
domain (BD). In this case, the ingress VTEP should transmit the packet
using the VNI of the Supplementary Broadcast Domain (SBD) in which all
the VTEPs are member of [1].
Example:
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 198.51.100.1 vni 1111
$ bridge -d -s mdb show
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 198.51.100.1 vni 1111 0.00
$ bridge -d -s -j -p mdb show
[ {
"mdb": [ {
"index": 15,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "198.51.100.1",
"vni": 1111,
"timer": " 0.00"
} ],
"router": {}
} ]
[1] https://datatracker.ietf.org/doc/html/draft-ietf-bess-evpn-irb-mcast#section-3.2.2
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
|
|
In a similar fashion to VXLAN FDB entries, allow user space to program
and view the UDP destination port of VXLAN MDB entries. Specifically,
add support for the 'MDBE_ATTR_DST_PORT' and 'MDBA_MDB_EATTR_DST_PORT'
attributes in request and response messages, respectively.
Use the keyword "dst_port" instead of "port" as the latter is already
used to specify the net device associated with the MDB entry.
Example:
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 198.51.100.1 dst_port 1234
$ bridge -d -s mdb show
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 198.51.100.1 dst_port 1234 0.00
$ bridge -d -s -j -p mdb show
[ {
"mdb": [ {
"index": 15,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "198.51.100.1",
"dst_port": 1234,
"timer": " 0.00"
} ],
"router": {}
} ]
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
|
|
Allow user space to program and view VXLAN MDB entries. Specifically,
add support for the 'MDBE_ATTR_DST' and 'MDBA_MDB_EATTR_DST' attributes
in request and response messages, respectively.
The attributes encode the IP address of the destination VXLAN tunnel
endpoint where multicast receivers for the specified multicast flow
reside.
Multiple destinations can be added for each flow.
Example:
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 198.51.100.1
# bridge mdb add dev vxlan0 port vxlan0 grp 239.1.1.1 permanent dst 192.0.2.1
$ bridge -d -s mdb show
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 192.0.2.1 0.00
dev vxlan0 port vxlan0 grp 239.1.1.1 permanent filter_mode exclude proto static dst 198.51.100.1 0.00
$ bridge -d -s -j -p mdb show
[ {
"mdb": [ {
"index": 15,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "192.0.2.1",
"timer": " 0.00"
},{
"index": 15,
"dev": "vxlan0",
"port": "vxlan0",
"grp": "239.1.1.1",
"state": "permanent",
"filter_mode": "exclude",
"protocol": "static",
"flags": [ ],
"dst": "198.51.100.1",
"timer": " 0.00"
} ],
"router": {}
} ]
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
|
|
Update kernel headers to commit:
fcb3a4653bc5 ("net/sched: act_api: use the correct TCA_ACT attributes in dump")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
We can't use TCA_EXT_WARN_MSG directly in tc action as it's using different
enum with filter. Let's use a new TCA_ROOT_EXT_WARN_MSG for tc action
specifically.
Fixes: 6035995665b7 ("tc: add new attr TCA_EXT_WARN_MSG")
Reviewed-by: Andrea Claudi <aclaudi@redhat.com>
Reported-and-tested-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
This reverts commit 70b9ebae63ce7e6f9911bdfbcf47a6d18f24159a.
The TCA_EXT_WARN_MSG is not sit within the TCA_ACT_TAB hierarchy. It's
belong to the TCA_MAX namespace. I will fix the issue in another patch.
Reviewed-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Upstream 6.2-rc2
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Cleanup and rewrite netem man page.
Incorporate the examples from the old LF netem wiki
so that it can be removed/deprecated.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
'action nat index 1' is a valid cli according to TC's
architecture. Fix the grammar parsing to accept it.
tdc tests:
1..28
ok 1 7565 - Add nat action on ingress with default control action
ok 2 fd79 - Add nat action on ingress with pipe control action
ok 3 eab9 - Add nat action on ingress with continue control action
ok 4 c53a - Add nat action on ingress with reclassify control action
ok 5 76c9 - Add nat action on ingress with jump control action
ok 6 24c6 - Add nat action on ingress with drop control action
ok 7 2120 - Add nat action on ingress with maximum index value
ok 8 3e9d - Add nat action on ingress with invalid index value
ok 9 f6c9 - Add nat action on ingress with invalid IP address
ok 10 be25 - Add nat action on ingress with invalid argument
ok 11 a7bd - Add nat action on ingress with DEFAULT IP address
ok 12 ee1e - Add nat action on ingress with ANY IP address
ok 13 1de8 - Add nat action on ingress with ALL IP address
ok 14 8dba - Add nat action on egress with default control action
ok 15 19a7 - Add nat action on egress with pipe control action
ok 16 f1d9 - Add nat action on egress with continue control action
ok 17 6d4a - Add nat action on egress with reclassify control action
ok 18 b313 - Add nat action on egress with jump control action
ok 19 d9fc - Add nat action on egress with drop control action
ok 20 a895 - Add nat action on egress with DEFAULT IP address
ok 21 2572 - Add nat action on egress with ANY IP address
ok 22 37f3 - Add nat action on egress with ALL IP address
ok 23 6054 - Add nat action on egress with cookie
ok 24 79d6 - Add nat action on ingress with cookie
ok 25 4b12 - Replace nat action with invalid goto chain control
ok 26 b811 - Delete nat action with valid index
ok 27 a521 - Delete nat action with invalid index
ok 28 2c81 - Reference nat action object in filter
Fixes: fc2d02069b52 ("Add NAT action")
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
'action mpls index 1' is a valid cli according to TC's
architecture. Fix the grammar parsing to accept it.
tdc tests:
1..54
ok 1 a933 - Add MPLS dec_ttl action with pipe opcode
ok 2 08d1 - Add mpls dec_ttl action with pass opcode
ok 3 d786 - Add mpls dec_ttl action with drop opcode
ok 4 f334 - Add mpls dec_ttl action with reclassify opcode
ok 5 29bd - Add mpls dec_ttl action with continue opcode
ok 6 48df - Add mpls dec_ttl action with jump opcode
ok 7 62eb - Add mpls dec_ttl action with trap opcode
ok 8 09d2 - Add mpls dec_ttl action with opcode and cookie
ok 9 c170 - Add mpls dec_ttl action with opcode and cookie of max length
ok 10 9118 - Add mpls dec_ttl action with invalid opcode
ok 11 6ce1 - Add mpls dec_ttl action with label (invalid)
ok 12 352f - Add mpls dec_ttl action with tc (invalid)
ok 13 fa1c - Add mpls dec_ttl action with ttl (invalid)
ok 14 6b79 - Add mpls dec_ttl action with bos (invalid)
ok 15 d4c4 - Add mpls pop action with ip proto
ok 16 91fb - Add mpls pop action with ip proto and cookie
ok 17 92fe - Add mpls pop action with mpls proto
ok 18 7e23 - Add mpls pop action with no protocol (invalid)
ok 19 6182 - Add mpls pop action with label (invalid)
ok 20 6475 - Add mpls pop action with tc (invalid)
ok 21 067b - Add mpls pop action with ttl (invalid)
ok 22 7316 - Add mpls pop action with bos (invalid)
ok 23 38cc - Add mpls push action with label
ok 24 c281 - Add mpls push action with mpls_mc protocol
ok 25 5db4 - Add mpls push action with label, tc and ttl
ok 26 7c34 - Add mpls push action with label, tc ttl and cookie of max length
ok 27 16eb - Add mpls push action with label and bos
ok 28 d69d - Add mpls push action with no label (invalid)
ok 29 e8e4 - Add mpls push action with ipv4 protocol (invalid)
ok 30 ecd0 - Add mpls push action with out of range label (invalid)
ok 31 d303 - Add mpls push action with out of range tc (invalid)
ok 32 fd6e - Add mpls push action with ttl of 0 (invalid)
ok 33 19e9 - Add mpls mod action with mpls label
ok 34 1fde - Add mpls mod action with max mpls label
ok 35 0c50 - Add mpls mod action with mpls label exceeding max (invalid)
ok 36 10b6 - Add mpls mod action with mpls label of MPLS_LABEL_IMPLNULL (invalid)
ok 37 57c9 - Add mpls mod action with mpls min tc
ok 38 6872 - Add mpls mod action with mpls max tc
ok 39 a70a - Add mpls mod action with mpls tc exceeding max (invalid)
ok 40 6ed5 - Add mpls mod action with mpls ttl
ok 41 77c1 - Add mpls mod action with mpls ttl and cookie
ok 42 b80f - Add mpls mod action with mpls max ttl
ok 43 8864 - Add mpls mod action with mpls min ttl
ok 44 6c06 - Add mpls mod action with mpls ttl of 0 (invalid)
ok 45 b5d8 - Add mpls mod action with mpls ttl exceeding max (invalid)
ok 46 451f - Add mpls mod action with mpls max bos
ok 47 a1ed - Add mpls mod action with mpls min bos
ok 48 3dcf - Add mpls mod action with mpls bos exceeding max (invalid)
ok 49 db7c - Add mpls mod action with protocol (invalid)
ok 50 b070 - Replace existing mpls push action with new ID
ok 51 95a9 - Replace existing mpls push action with new label, tc, ttl and cookie
ok 52 6cce - Delete mpls pop action
ok 53 d138 - Flush mpls actions
ok 54 7a70 - Reference mpls action object in filter
Fixes: fb57b0920f06 ("tc: add mpls actions")
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
'action csum index 1' is a valid cli according to TC's
architecture. Fix the grammar parsing to accept it.
tdc tests:
1..24
ok 1 6d84 - Add csum iph action
ok 2 1862 - Add csum ip4h action
ok 3 15c6 - Add csum ipv4h action
ok 4 bf47 - Add csum icmp action
ok 5 cc1d - Add csum igmp action
ok 6 bccc - Add csum foobar action
ok 7 3bb4 - Add csum tcp action
ok 8 759c - Add csum udp action
ok 9 bdb6 - Add csum udp xor iph action
ok 10 c220 - Add csum udplite action
ok 11 8993 - Add csum sctp action
ok 12 b138 - Add csum ip & icmp action
ok 13 eeda - Add csum ip & sctp action
ok 14 0017 - Add csum udp or tcp action
ok 15 b10b - Add all 7 csum actions
ok 16 ce92 - Add csum udp action with cookie
ok 17 912f - Add csum icmp action with large cookie
ok 18 879b - Add batch of 32 csum tcp actions
ok 19 b4e9 - Delete batch of 32 csum actions
ok 20 0015 - Add batch of 32 csum tcp actions with large cookies
ok 21 989e - Delete batch of 32 csum actions with large cookies
ok 22 d128 - Replace csum action with invalid goto chain control
ok 23 eaf0 - Add csum iph action with no_percpu flag
ok 24 c619 - Reference csum action object in filter
Fixes: 3822cc986cc3 ("tc: add ACT_CSUM action support (csum)")
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Previously, the code returned directly within the switch statement in
the functions print_{ipv4, ipv6}. While this approach was functional,
after the commit 721435dc, we can no longer return directly because we
need to close the match object. To resolve this issue, replace the return
statement with break.
Fixes: 721435dcfd92 ("tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
We previously printed an asterisk if there was no 'sel' or
'TC_U32_TERMINAL' flag. However,
commit 1ff227545ce1 ("u32: fix json formatting of flowid")
changed the logic to print an asterisk only if there is a
'TC_U32_TERMINAL' flag. Therefore, we need to fix this
regression.
Before the fix, the tdc u32 test failed:
1..11
not ok 1 afa9 - Add u32 with source match
Could not match regex pattern. Verify command output:
filter protocol ip pref 1 u32 chain 0
filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
filter protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 *flowid 1:1 not_in_hw
match 7f000001/ffffffff at 12
action order 1: gact action pass
random type none pass val 0
index 1 ref 1 bind 1
After fix, the test passed:
1..11
ok 1 afa9 - Add u32 with source match
Fixes: 1ff227545ce1 ("u32: fix json formatting of flowid")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Back in 2006 kernel commit 334c29a64507 ("[GENETLINK]: Move
command capabilities to flags.") removed some attributes and
moved the capabilities to flags. Corresponding iproute2
commit 26328fc3933f ("Add controller support for new features
exposed") added the ability to print those caps.
Printing is gated on version of the family, but we're checking
the version of each individual family rather than the control
family. The format of attributes in the control family
is dictated by the version of the control family alone.
In fact the entire version check is not strictly necessary.
The code is not using the old attributes, so on older kernels
it will simply print nothing either way.
Families can't use flags for random things, because kernel core
has a fixed interpretation.
Thanks to this change caps will be shown for all families
(assuming kernel newer than 2.6.19), not just those which
by coincidence have their local version >= 2.
For instance devlink, before:
$ genl ctrl get name devlink
Name: devlink
ID: 0x15 Version: 0x1 header size: 0 max attribs: 179
commands supported:
#1: ID-0x1
#2: ID-0x5
#3: ID-0x6
...
after:
$ genl ctrl get name devlink
Name: devlink
ID: 0x15 Version: 0x1 header size: 0 max attribs: 179
commands supported:
#1: ID-0x1
Capabilities (0xe):
can doit; can dumpit; has policy
#2: ID-0x5
Capabilities (0xe):
can doit; can dumpit; has policy
#3: ID-0x6
Capabilities (0xb):
requires admin permission; can doit; has policy
Fixes: 26328fc3933f ("Add controller support for new features exposed")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The current mqprio manual is not detailed about queue mapping
and priorities, this patch adds some examples to it.
Suggested-by: Ferenc Fejes <fejes@inf.elte.hu>
Signed-off-by: Péter Antal <peti.antal99@gmail.com>
Acked-by: Ferenc Fejes <fejes@inf.elte.hu>
Acked-by: Péter Antal <peti.antal99@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
It should sit within the TCA_ACT_TAB hierarchy, otherwise the access to
tb is out of bounds:
./tc action ls action csum
total acts 1
action order 0: csum (?empty) action pass
index 1 ref 1 bind 0
not_in_hw
Segmentation fault (core dumped)
Fixes: 60359956 ("tc: add new attr TCA_EXT_WARN_MSG")
Reviewed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
This is missing a separator, that was accidently removed
when JSON was added.
Fixes: 010a8388aea1 ("tc: Add JSON output to tc-class")
Signed-off-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
|
|
This patch is to add the setup and dump for helper in tc ct action
in userspace, and the support in kernel was added in:
https://lore.kernel.org/netdev/cover.1667766782.git.lucien.xin@gmail.com/
here is an example for usage:
# ip link add dummy0 type dummy
# tc qdisc add dev dummy0 ingress
# tc filter add dev dummy0 ingress proto ip flower ip_proto \
tcp dst_port 21 ct_state -trk action ct helper ipv4-tcp-ftp
# tc filter show dev dummy0 ingress
filter protocol ip pref 49152 flower chain 0 handle 0x1
eth_type ipv4
ip_proto tcp
dst_port 21
ct_state -trk
not_in_hw
action order 1: ct zone 0 helper ipv4-tcp-ftp pipe
index 1 ref 1 bind
v1->v2:
- add dst_port 21 in the example tc flower rule in changelog
as Marcele noticed.
- use snprintf to avoid possible string overflows as Stephen
suggested in ct_print_helper().
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
This patch extends the manpage by providing a brief description of the PSP
flavor for the SRv6 End behavior as defined in RFC 8986 [1].
The code/logic required to handle the "flavors" framework has already been
merged into iproute2 by commit:
04a6b456bf74 ("seg6: add support for flavors in SRv6 End* behaviors").
Some examples:
ip -6 route add 2001:db8::1 encap seg6local action End flavors psp dev eth0
Standard Output:
ip -6 route show 2001:db8::1
2001:db8::1 encap seg6local action End flavors psp dev eth0 metric 1024 pref medium
JSON Output:
ip -6 -j -p route show 2001:db8::1
[ {
"dst": "2001:db8::1",
"encap": "seg6local",
"action": "End",
"flavors": [ "psp" ],
"dev": "eth0",
"metric": 1024,
"flags": [ ],
"pref": "medium"
} ]
[1] - https://datatracker.ietf.org/doc/html/rfc8986
Signed-off-by: Paolo Lungaroni <paolo.lungaroni@uniroma2.it>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
This patch adds two attributes gso/gro_ipv4_max_size in iplink for the
user space support of the BIG TCP for IPv4:
https://lore.kernel.org/netdev/de811bf3-e2d8-f727-72bc-c8a754a9d929@tessares.net/T/
Note that after this kernel patchset, "gso/gro_max_size" are used for IPv6
packets while "gso/gro_ipv4_max_size" are for IPv4 patckets. To not break
these old applications using "gso/gro_ipv4_max_size" for IPv4 GSO packets,
the new size will also be set on "gso/gro_ipv4_max_size" in kernel when
"gso/gro_max_size" changes to a value <= 65536.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
iproute allows to build without libcap.The testsuite will fail to
compile when libcap dose not exists.It was required in 6d68d7f85d.
Fixes: 6d68d7f85d ("testsuite: fix build failure")
Signed-off-by: gaoxingwang <gaoxingwang1@huawei.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The option names for "ip link set" should be gso/gro_max_*
instead of max_gso/gro_*. So fix them in documentation.
Fixes: e4ba36f75201 ("iplink: add ip-link documentation")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
During testing we noticed significant memory leak that is easily
reproducible and detectable with valgrind:
==2006284== 393,216 bytes in 12 blocks are definitely lost in loss record 5 of 5
==2006284== at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2006284== by 0x18C73E: rtnl_recvmsg (libnetlink.c:830)
==2006284== by 0x18CF9E: __rtnl_talk_iov (libnetlink.c:1032)
==2006284== by 0x18D3CE: __rtnl_talk (libnetlink.c:1140)
==2006284== by 0x18D4DE: rtnl_talk (libnetlink.c:1168)
==2006284== by 0x11BF04: tc_filter_modify (tc_filter.c:224)
==2006284== by 0x11DD70: do_filter (tc_filter.c:748)
==2006284== by 0x116B06: do_cmd (tc.c:210)
==2006284== by 0x116C7C: tc_batch_cmd (tc.c:231)
==2006284== by 0x1796F2: do_batch (utils.c:1701)
==2006284== by 0x116D05: batch (tc.c:246)
==2006284== by 0x117327: main (tc.c:331)
==2006284==
==2006284== LEAK SUMMARY:
==2006284== definitely lost: 884,736 bytes in 27 blocks
In case nlmsg_type == NLMSG_ERROR and if answer set to NULL, we
should free(buf) too.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Fix overlapping buffers passed to strncpy which is UB. format_host_rta_r writes
to the buffer passed to it, so hostname (derived from b1) & b1 partly overlap.
This gets worse with sys-libs/glibc-2.37 where the ip route output can be truncated,
but it was UB anyway and you can see it occurring w/ glibc-2.36.
Bug: https://lore.kernel.org/netdev/0011AC38-4823-4D0A-8580-B108D08959C2@gentoo.org/T/#u
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=30112
Thanks-to: Doug Freed <dwfreed@mtu.edu>
Signed-off-by: Sam James <sam@gentoo.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
There is an extra space after the "proto" field. Remove it.
Before:
# bridge -d mdb
dev br0 port swp1 grp 239.1.1.1 permanent proto static vid 1
After:
# bridge -d mdb
dev br0 port swp1 grp 239.1.1.1 permanent proto static vid 1
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add documentation for per-port and port-port-vlan option mcast_max_groups.
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
A total of four new bridge attributes are being added to the kernel:
mcast_n_groups and mcast_max_groups, as link and vlan attributes. Add
to the bridge tool the support code to enable setting and querying
these attributes. Example usage:
# ip link add name br up type bridge vlan_filtering 1 mcast_snooping 1 \
mcast_vlan_snooping 1 mcast_querier 1
# ip link set dev v1 master br
# bridge vlan add dev v1 vid 2
# bridge vlan set dev v1 vid 1 mcast_max_groups 1
# bridge mdb add dev br port v1 grp 230.1.2.3 temp vid 1
# bridge mdb add dev br port v1 grp 230.1.2.4 temp vid 1
Error: bridge: Port-VLAN is already in 1 groups, and mcast_max_groups=1.
# bridge link set dev v1 mcast_max_groups 1
# bridge mdb add dev br port v1 grp 230.1.2.3 temp vid 2
Error: bridge: Port is already in 1 groups, and mcast_max_groups=1.
# bridge -d link show
5: v1@v2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br [...]
[...] mcast_n_groups 1 mcast_max_groups 1
# bridge -d vlan show
port vlan-id
br 1 PVID Egress Untagged
state forwarding mcast_router 1
v1 1 PVID Egress Untagged
[...] mcast_n_groups 1 mcast_max_groups 1
2
[...] mcast_n_groups 0 mcast_max_groups 0
This is how the JSON dump looks like:
# bridge -j -d link show dev v1 | jq
[
{
"ifindex": 4,
"link": "v2",
"ifname": "v1",
"flags": [
"BROADCAST",
"MULTICAST"
],
"mtu": 1500,
"master": "br",
"state": "disabled",
"priority": 32,
"cost": 2,
"hairpin": false,
"guard": false,
"root_block": false,
"fastleave": false,
"learning": true,
"flood": true,
"mcast_flood": true,
"bcast_flood": true,
"mcast_router": 1,
"mcast_to_unicast": false,
"neigh_suppress": false,
"vlan_tunnel": false,
"isolated": false,
"locked": false,
"mab": false,
"mcast_n_groups": 0,
"mcast_max_groups": 0
}
]
# bridge -j -d vlan show dev v1 | jq
[
{
"ifname": "v1",
"vlans": [
{
"vlan": 1,
"flags": [
"PVID",
"Egress Untagged"
],
"state": "forwarding",
"mcast_router": 1,
"mcast_n_groups": 0,
"mcast_max_groups": 1
}
]
}
]
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit:
61d731e6538d ("Merge tag 'linux-can-next-for-6.3-20230206' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Bring ip-rule.8 synopsis in line with description
The parameters "show" and "priority" were listed in the synopsis using
other aliases than in the description.
Signed-off-by: Sven Neuhaus <sven-netdev@sven.de>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Currently Macsec print routines uses a 32 bit print routine
to print out the value of the packet number (PN) attribute, a
miss use of the 32 bit print routine is causing a miss print of
only the 32 least significant bit (LSB) of an extended packet
number (XPN) which is a 64 bit attribute.
Fixes: 6ce23b7c2d79 ("macsec: add Extended Packet Number support")
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Currently, when the rule is not to be exclusively executed by the
hardware, extack is not passed along and offloading failures don't
get logged. Add a new attr TCA_EXT_WARN_MSG to log the extack message
so we can monitor the HW failures. e.g.
# tc monitor
added chain dev enp3s0f1np1 parent ffff: chain 0
added filter dev enp3s0f1np1 ingress protocol all pref 49152 flower chain 0 handle 0x1
ct_state +trk+new
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1
mlx5_core: matching on ct_state +new isn't supported.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
This reverts commit 0cc5533b ("tc/tc_monitor: print netlink extack message")
as the commit mentioned is not applied to upstream.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Update kernel headers to commit
a7b87d2a31dc ("Merge branch 'mlxsw-add-support-of-latency-tlv'")
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Signed-off-by: Stefan Pietsch <stefan+linux@shellforce.org>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The style standard is to use space after keywords.
Example:
if (expr)
verus
if(expr)
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Currently when configuring macsec with replay protection,
replay protection and window gets a default value of -1,
the above is leading to passing replay protection and
replay window attributes to the kernel while replay is
explicitly set to off, leading for an invalid argument
error when configured with extended packet number (XPN).
since the default window value which is 0xFFFFFFFF is
passed to the kernel and while XPN is configured the above
value is an invalid window value.
Example:
ip link add link eth2 macsec0 type macsec sci 1 cipher
gcm-aes-xpn-128 replay off
RTNETLINK answers: Invalid argument
Fix by passing the window attribute to the kernel only if replay is on
Fixes: b26fc590ce62 ("ip: add MACsec support")
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The netem directory contains code to generate tables for netem.
This code came from NISTnet which was public domain.
Add appropriate license tag.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Use SPDX tag instead of GPL boilerplate.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace GPL boilerplate with SPDX.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace legal boilerplate with SPDX instead.
These algorithms are dual licensed.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace boilerplate GPL text with SPDX
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace boilerplate with SPDX tag.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Use SPDX instead of boilerplate text for ip and related
sub commands.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Add SPDX tag instead of GPL 2.0 or later boilerplate
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace standard GPL 2.0 or later text with SPDX tag.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace GPL 2.0 or later boilerplate.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Replace GPL 2.0 or later boilerplate text.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Jakub Wilk <jwilk@jwilk.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The Round-Robin qdisc was removed in kernel version 2.6.27.
Remove code and man page references from iproute.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
These new events have been added in kernel commit f8c9dfbd875b ("mptcp:
add pm listener events") by Geliang Tang.
Two new MPTCP Netlink event types for PM listening socket creation and
closure have been recently added. They will be available in the future
v6.2 kernel.
They have been added because MPTCP for Linux, when not using the
in-kernel PM, depends on the userspace PM to create extra listening
sockets -- called "PM listeners" -- before announcing addresses and
ports. With the existing MPTCP Netlink events, a userspace PM can create
PM listeners at startup time, or in response to an incoming connection.
Creating sockets in response to connections is not optimal: ADD_ADDRs
can't be sent until the sockets are created and listen()ed, and if all
connections are closed then it may not be clear to the userspace PM
daemon that PM listener sockets should be cleaned up. Hence these new
events: PM listening sockets can be managed based on application
activity.
Note that the maximum event string size has to be increased by 2 to be
able to display LISTENER_CREATED without truncated it.
Also, as pointed by Mat, this event doesn't have any "token" attribute
so this attribute is now printed only if it is available.
Link: https://github.com/multipath-tcp/mptcp_net-next/issues/313
Cc: Geliang Tang <geliang.tang@suse.com>
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The standard way is to use SPDX to refer to license,
instead of per-file boilerplate text.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Style guidelines is 100 characters
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
* Add JSON formatted output to the `tc class show ...` command.
* Add JSON formatted output for the htb qdisc classes.
Signed-off-by: Max Tottenham <mtottenh@akamai.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Upstream 6.2-rc3
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Originally, the dcb utility only stopped receiving messages from a
socket when it found the attribute it was looking for. Cited commit
changed that, so that the utility will also stop when seeing an ACK
(NLMSG_ERROR message), by setting the NLM_F_ACK flag on requests.
This is problematic because it means a successful request will leave an
ACK in the socket receive buffer, causing the next request to bail
before reading its response.
Fix that by not stopping when finding the required attribute in a
response. Instead, stop on the subsequent ACK.
Fixes: 84c036972659 ("dcb: unblock mnl_socket_recvfrom if not message received")
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
The check_name_to_handle_at() function in the configure script is
including sys/stat.h. This include fails with glibc 2.36 like this:
````
In file included from /linux-5.15.84/include/uapi/linux/stat.h:5,
from /toolchain-x86_64_gcc-12.2.0_glibc/include/bits/statx.h:31,
from /toolchain-x86_64_gcc-12.2.0_glibc/include/sys/stat.h:465,
from config.YExfMc/name_to_handle_at_test.c:3:
/linux-5.15.84/include/uapi/linux/types.h:10:2: warning: #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders" [-Wcpp]
10 | #warning "Attempt to use kernel headers from user space, see https://kernelnewbies.org/KernelHeaders"
| ^~~~~~~
In file included from /linux-5.15.84/include/uapi/linux/posix_types.h:5,
from /linux-5.15.84/include/uapi/linux/types.h:14:
/linux-5.15.84/include/uapi/linux/stddef.h:5:10: fatal error: linux/compiler_types.h: No such file or directory
5 | #include <linux/compiler_types.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
````
Just removing the include works, the manpage of name_to_handle_at() says
only fcntl.h is needed.
Fixes: c5b72cc56bf8 ("lib/fs: fix issue when {name,open}_to_handle_at() is not implemented")
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
There is a json footer missed for trap-policer output in "devlink mon".
So add it and fix the json output.
Fixes: a66af5569337 ("devlink: Add devlink trap policer set and show commands")
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Ido Schimmel says:
====================
Add support for new MDB attributes and replace command.
See kernel merge commit 8150f0cfb24f ("Merge branch
'bridge-mcast-extensions-for-evpn'") for background and motivation.
Patches #1-#2 are preparations.
Patches #3-#5 add support for new MDB attributes: Filter mode, source
list and routing protocol.
Patch #6 adds replace support.
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Allow user space to replace MDB port group entries by specifying the
'NLM_F_REPLACE' flag in the netlink message header.
Examples:
# bridge mdb replace dev br0 port dummy10 grp 239.1.1.1 permanent source_list 192.0.2.1,192.0.2.2 filter_mode include
# bridge -d -s mdb show
dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.2 permanent filter_mode include proto static 0.00
dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.1 permanent filter_mode include proto static 0.00
dev br0 port dummy10 grp 239.1.1.1 permanent filter_mode include source_list 192.0.2.2/0.00,192.0.2.1/0.00 proto static 0.00
# bridge mdb replace dev br0 port dummy10 grp 239.1.1.1 permanent source_list 192.0.2.1,192.0.2.3 filter_mode exclude proto zebra
# bridge -d -s mdb show
dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.3 permanent filter_mode include proto zebra blocked 0.00
dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.1 permanent filter_mode include proto zebra blocked 0.00
dev br0 port dummy10 grp 239.1.1.1 permanent filter_mode exclude source_list 192.0.2.3/0.00,192.0.2.1/0.00 proto zebra 0.00
# bridge mdb replace dev br0 port dummy10 grp 239.1.1.1 temp source_list 192.0.2.4,192.0.2.3 filter_mode include proto bgp
# bridge -d -s mdb show
dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.4 temp filter_mode include proto bgp 0.00
dev br0 port dummy10 grp 239.1.1.1 src 192.0.2.3 temp filter_mode include proto bgp 0.00
dev br0 port dummy10 grp 239.1.1.1 temp filter_mode include source_list 192.0.2.4/259.44,192.0.2.3/259.44 proto bgp 0.00
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Allow user space to specify the routing protocol of the MDB port group
entry by adding the 'MDBE_ATTR_RTPROT' attribute to the
'MDBA_SET_ENTRY_ATTRS' nest.
Examples:
# bridge mdb add dev br0 port dummy10 grp 239.1.1.1 permanent proto zebra
# bridge mdb add dev br0 port dummy10 grp 239.1.1.2 permanent
# bridge -d mdb show
dev br0 port dummy10 grp 239.1.1.2 permanent filter_mode exclude proto static
dev br0 port dummy10 grp 239.1.1.1 permanent filter_mode exclude proto zebra
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Allow user space to specify the source list of (*, G) entries by adding
the 'MDBE_ATTR_SRC_LIST' attribute to the 'MDBA_SET_ENTRY_ATTRS' nest.
Example:
# bridge mdb add dev br0 port dummy10 grp 239.1.1.1 temp source_list 198.51.100.1,198.51.100.2 filter_mode exclude
# bridge -d -s mdb show
dev br0 port dummy10 grp 239.1.1.1 src 198.51.100.2 temp filter_mode include proto static blocked 0.00
dev br0 port dummy10 grp 239.1.1.1 src 198.51.100.1 temp filter_mode include proto static blocked 0.00
dev br0 port dummy10 grp 239.1.1.1 temp filter_mode exclude source_list 198.51.100.2/0.00,198.51.100.1/0.00 proto static 256.42
# bridge -j -p -d -s mdb show
[ {
"mdb": [ {
"index": 10,
"dev": "br0",
"port": "dummy10",
"grp": "239.1.1.1",
"src": "198.51.100.2",
"state": "temp",
"filter_mode": "include",
"protocol": "static",
"flags": [ "blocked" ],
"timer": " 0.00"
},{
"index": 10,
"dev": "br0",
"port": "dummy10",
"grp": "239.1.1.1",
"src": "198.51.100.1",
"state": "temp",
"filter_mode": "include",
"protocol": "static",
"flags": [ "blocked" ],
"timer": " 0.00"
},{
},{
"index": 10,
"dev": "br0",
"port": "dummy10",
"grp": "239.1.1.1",
"state": "temp",
"filter_mode": "exclude",
"source_list": [ {
"address": "198.51.100.2",
"timer": "0.00"
},{
"address": "198.51.100.1",
"timer": "0.00"
} ],
"protocol": "static",
"flags": [ ],
"timer": " 251.19"
} ],
"router": {}
} ]
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Allow user space to specify the filter mode of (*, G) entries by adding
the 'MDBE_ATTR_GROUP_MODE' attribute to the 'MDBA_SET_ENTRY_ATTRS' nest.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Currently, the only attribute inside the 'MDBA_SET_ENTRY_ATTRS' nest is
'MDBE_ATTR_SOURCE', but subsequent patches are going to add more
attributes to the nest.
Prepare for the addition of these attributes by splitting the parsing of
individual attributes inside the nest to separate functions.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
|
Currently, the only attribute inside the 'MDBA_SET_ENTRY_ATTRS' nest is
'MDBE_ATTR_SOURCE', but subsequent patches are going to add more
attributes to the nest.
Prepare for the addition of these attributes by determining the
necessity of the nest from a boolean variable that is set whenever one
of these attributes is parsed. This avoids the need to have one long
condition that checks for the presence of one of the individual
attributes.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
|
