Extend "fdb flush" command to match entries with or without (if "no" is
prepended) router flag.
Examples:
$ bridge fdb flush dev vx10 router
This will delete all fdb entries pointing to vx10 with router flag.
$ bridge fdb flush dev vx10 norouter
This will delete all fdb entries pointing to vx10, except the ones with
router flag.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Extend "fdb flush" command to match fdb entries with a specific destination
IP.
Example:
$ bridge fdb flush dev vx10 dst 192.1.1.1
This will flush all fdb entries pointing to vx10 with destination IP
192.1.1.1
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Extend "fdb flush" command to match fdb entries with a specific destination
port.
Example:
$ bridge fdb flush dev vx10 port 1111
This will flush all fdb entries pointing to vx10 with destination port
1111.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Extend "fdb flush" command to match fdb entries with a specific destination
VNI.
Example:
$ bridge fdb flush dev vx10 vni 1000
This will flush all fdb entries pointing to vx10 with destination VNI 1000.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Extend "fdb flush" command to match fdb entries with a specific nexthop ID.
Example:
$ bridge fdb flush dev vx10 nhid 2
This will flush all fdb entries pointing to vx10 with nexthop ID 2.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Extend "fdb flush" command to match fdb entries with a specific source VNI.
Example:
$ bridge fdb flush dev vx10 src_vni 1000
This will flush all fdb entries pointing to vx10 with source VNI 1000.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Currently, the flush command supports the keyword 'brport'. To handle
this argument the variables 'port_ifidx' and 'port' are used.
A following patch will add support for 'port' keyword in flush command,
rename the existing variables to include 'brport' prefix, so then it
will be clear that they are used to parse 'brport' argument.
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Commit 6e1ca489c5 ("bridge: fdb: add new flush command") added support
for "bridge fdb flush" command. This commit did not handle unsupported
keywords, they are just ignored.
Add an error print to notify the user when a keyword which is not supported
is used. The kernel will be extended to support flush with VXLAN device,
so new attributes will be supported (e.g., vni, port). When iproute-2 does
not warn for unsupported keyword, user might think that the flush command
works, although the iproute-2 version is too old and it does not send VXLAN
attributes to the kernel.
Fixes: 6e1ca489c5 ("bridge: fdb: add new flush command")
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Print the "locked" FDB flag when it is set in the 'NDA_FLAGS_EXT'
attribute. Example output:
# bridge fdb get 00:11:22:33:44:55 br br0
00:11:22:33:44:55 dev swp1 locked master br0
# bridge -j -p fdb get 00:11:22:33:44:55 br br0
[ {
"mac": "00:11:22:33:44:55",
"ifname": "swp1",
"flags": [ "locked" ],
"master": "br0",
"state": ""
} ]
Signed-off-by: Hans Schultz <netdev@kapio-technology.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
When using `bridge monitor` with the '-timestamp' option or the "all"
parameter, prefixes are printed before the actual event descriptions.
Currently, those prefixes are printed for each netlink message that's
received. However, some netlink messages do not lead to an event
description being printed. That's usually because a message is not related
to AF_BRIDGE. This results in stray prefixes being printed.
Restructure accept_msg() and its callees such that prefixes are only
printed after a message has been checked for eligibility.
The issue can be witnessed using the following commands:
ip link add dummy0 type dummy
# Start `bridge monitor all` now in another terminal.
# Cause a stray "[LINK]" to be printed (family 10).
# It does not appear yet because the output is line buffered.
ip link set dev dummy0 up
# Cause a stray "[NEIGH]" to be printed (family 2).
ip neigh add 10.0.0.1 lladdr 02:00:00:00:00:01 dev dummy0
# Cause a genuine entry to be printed, which flushes the previous
# output.
bridge fdb add 02:00:00:00:00:01 dev dummy0
# We now see:
# [LINK][NEIGH][NEIGH]02:00:00:00:00:01 dev dummy0 self permanent
Fixes: d04bc300c3 ("Add bridge command")
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
With the following command sequence:
ip link add br0 up type bridge
ip link add dummy0 up address 02:00:00:00:00:01 master br0 type dummy
bridge fdb get 02:00:00:00:00:01 br br0
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x11C1EC: rtnl_recvmsg (libnetlink.c:838)
by 0x11C4D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x11D994: __rtnl_talk (libnetlink.c:1141)
by 0x11D994: rtnl_talk (libnetlink.c:1147)
by 0x10D336: fdb_get (fdb.c:652)
by 0x48907FC: (below main) (libc-start.c:332)
Free the answer obtained from rtnl_talk().
Fixes: 4ed5ad7bd3 ("bridge: fdb get support")
Reported-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add flush support to match entries with or without (if "no" is
prepended) offloaded flag.
Examples:
$ bridge fdb flush dev br0 offloaded
This will delete all offloaded entries in br0's fdb table.
$ bridge fdb flush dev br0 nooffloaded
This will delete all entries except the ones with offloaded flag in
br0's fdb table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match entries with or without (if "no" is
prepended) sticky flag.
Examples:
$ bridge fdb flush dev br0 sticky
This will delete all sticky entries in br0's fdb table.
$ bridge fdb flush dev br0 nosticky
This will delete all entries except the ones with sticky flag in
br0's fdb table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match entries with or without (if "no" is
prepended) extern_learn flag.
Examples:
$ bridge fdb flush dev br0 extern_learn
This will delete all extern_learn entries in br0's fdb table.
$ bridge fdb flush dev br0 noextern_learn
This will delete all entries except the ones with extern_learn flag in
br0's fdb table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match entries with or without (if "no" is
prepended) added_by_user flag. Note that NTF_USE is used internally
because there is no NTF_ flag that describes such entries.
Examples:
$ bridge fdb flush dev br0 added_by_user
This will delete all added_by_user entries in br0's fdb table.
$ bridge fdb flush dev br0 noadded_by_user
This will delete all entries except the ones with added_by_user flag in
br0's fdb table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match dynamic or non-dynamic (static or permanent)
entries if "no" is prepended respectively. Note that dynamic entries are
defined as fdbs without NUD_NOARP and NUD_PERMANENT set, and non-dynamic
entries are fdbs with NUD_NOARP set (that matches both static and
permanent entries).
Examples:
$ bridge fdb flush dev br0 dynamic
This will delete all dynamic entries in br0's fdb table.
$ bridge fdb flush dev br0 nodynamic
This will delete all entries except the dynamic ones in br0's fdb
table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match static or non-static entries if "no" is
prepended respectively. Note that static entries are only NUD_NOARP ones
without NUD_PERMANENT, also when matching non-static entries exclude
permanent entries as well (permanent entries by definition are also
static).
Examples:
$ bridge fdb flush dev br0 static
This will delete all static entries in br0's fdb table.
$ bridge fdb flush dev br0 nostatic
This will delete all entries except the static ones in br0's fdb
table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match permanent or non-permanent entries if "no" is
prepended respectively.
Examples:
$ bridge fdb flush dev br0 permanent
This will delete all permanent entries in br0's fdb table.
$ bridge fdb flush dev br0 nopermanent
This will delete all entries except the permanent ones in br0's fdb
table.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Usually we match on the device specified after "dev" but there are
special cases where we need an additional device attribute for matching
such as when matching entries specifically pointing to the bridge device
itself. We use NDA_IFINDEX for that purpose.
Example:
$ bridge fdb flush dev br0 brport br0
This will flush only entries pointing to the bridge itself.
$ bridge fdb flush dev swp1 brport swp2 master
Note this will flush entries pointing to swp2 only. The NDA_IFINDEX
attribute overrides the dev argument. This is documented in the man
page.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add flush support to match fdb entries in a specific vlan.
Example:
$ bridge fdb flush dev swp1 vlan 10 master
This will flush all fdb entries with port swp1 and vlan 10.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add support for fdb bulk delete (aka flush) command. Currently it only
supports the self and master flags with the same semantics as fdb
add/del. The device is a mandatory argument.
Example:
$ bridge fdb flush dev br0
This will delete *all* fdb entries in br0's fdb table.
$ bridge fdb flush dev swp1 master
This will delete all fdb entries pointing to swp1.
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
To be consistent with the colorized output of "ip" command and to increase
readability, stop highlighting the "dev" & "dst" keywords in the colorized
output of "bridge -c fdb" cmd.
Example: in the following "bridge -c fdb" entry, only "00:00:00:00:00:00",
"vxlan100" and "2001:db8:2::1" fields should be highlighted in color.
00:00:00:00:00:00 dev vxlan100 dst 2001:db8:2::1 self permanent
Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
bridge json fdb show is printing an incorrect / non-machine readable
value, when using -j (json output) we are expecting machine readable
data that shouldn't require special handling/parsing.
$ bridge -j fdb show | \
python -c \
'import sys,json;print(json.dumps(json.loads(sys.stdin.read()),indent=4))'
[
{
"master": "br0",
"mac": "56:23:28:4f:4f:e5",
"flags": [],
"ifname": "vx0",
"state": "state=0x80" <<<<<<<<< with the patch: "state": "0x80"
}
]
Fixes: c7c1a1ef51 ("bridge: colorize output and use JSON print library")
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
In most of cases a user wants to see only the dynamic mac addresses
in the fdb output. But currently the 'fdb show' displays tons of
various self entries, those only waste the output without any useful
goal.
New option 'dynamic' for 'show' and 'get' commands forces display
only relevant records.
Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
'bridge fdb get' has json support but the json object is never initialized
before patch:
$ bridge -j fdb get 56:23:28:4f:4f:e5 dev vx0
56:23:28:4f:4f:e5 dev vx0 master br0 permanent
$
after patch:
$ bridge -j fdb get 56:23:28:4f:4f:e5 dev vx0 | \
python -c \
'import sys,json;print(json.dumps(json.loads(sys.stdin.read()),indent=4))'
[
{
"master": "br0",
"mac": "56:23:28:4f:4f:e5",
"flags": [],
"ifname": "vx0",
"state": "permanent"
}
]
$
Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds support to assign a nexthop group
id to an fdb entry.
$bridge fdb add 02:02:00:00:00:13 dev vx10 nhid 102 self
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
This patch adds support to lookup a bridge fdb entry
using recently added support in the kernel using RTM_GETNEIGH
(and AF_BRIDGE family).
example:
$bridge fdb get 02:02:00:00:00:03 dev test-dummy0 vlan 1002
02:02:00:00:00:03 dev test-dummy0 vlan 1002 master bridge
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Tested-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
We already print src_vni for a fdb entry when present.
This patch adds the ability to set src_vni on a fdb
entry. When not specified, kernel will use vni specified
on the vxlan device. This can be used on a vxlan fdb entry
when the vxlan device is in external or collect metadata
mode.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
While iproute2 correctly uses ifinfomsg struct as the ancillary header
when requesting an FDB dump on old kernels, it sets the message type to
RTM_GETLINK. This results in wrong reply being returned.
Fix this by using RTM_GETNEIGH instead.
Before:
$ bridge fdb show brport dummy0
Not RTM_NEWNEIGH: 00000158 00000010 00000002
After:
$ bridge fdb show brport dummy0
2a:0b:41:1c:92:d3 vlan 1 master br0 permanent
2a:0b:41:1c:92:d3 master br0 permanent
33:33:00:00:00:01 self permanent
01:00:5e:00:00:01 self permanent
Fixes: 05880354c2 ("bridge: fdb: Fix filtering with strict checking disabled")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reported-by: LiLiang <liali@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Acked-by: Ivan Vecera <ivecera@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Older kernels expect an ifinfomsg struct as the ancillary header, and
after kernel commit bd961c9bc664 ("rtnetlink: fix rtnl_fdb_dump() for ndmsg
header") can handle either ifinfomsg or ndmsg. Strict data checking only
allows ndmsg.
Use the new RTNL_HANDLE_F_STRICT_CHK flag to know which header to send.
Signed-off-by: David Ahern <dsahern@gmail.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Tested-by: Ido Schimmel <idosch@mellanox.com>
Add fdb_dump_filter to set filter attributes in dump request
and convert fdb_show to use rtnl_neighdump_req.
Signed-off-by: David Ahern <dsahern@gmail.com>
Since commit aea41afcfd ("ip bridge: Set NETLINK_GET_STRICT_CHK on
socket") iproute2 uses strict checking on kernels that support it. This
causes FDB dumping to fail [1], as iproute2 uses 'struct ifinfomsg'
whereas the kernel expects 'struct ndmsg'.
Note that with this change iproute2 continues to work on old kernels
that do not support strict checking, but contain the fix introduced in
kernel commit bd961c9bc664 ("rtnetlink: fix rtnl_fdb_dump() for ndmsg
header").
[1]
# bridge fdb show
[ 5365.137224] netlink: 4 bytes leftover after parsing attributes in process `bridge'.
Error: bytes leftover after parsing attributes.
Dump terminated
Fixes: aea41afcfd ("ip bridge: Set NETLINK_GET_STRICT_CHK on socket")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
After commit 4abb8c723a ("bridge: fdb: Fix for missing
keywords in non-JSON output"), I am seeing a double print for dev
in bridge fdb show. eg:
"44:38:39:00:6a:82 dev dev bridge vlan 1 master bridge permanent"
this patch removes the redundant print.
Fixes: 4abb8c723a ("bridge: fdb: Fix for missing keywords in non-JSON output")
CC: Phil Sutter <phil@nwl.cc>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
No function, filter, or print function uses the sockaddr_nl arg,
so just drop it.
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Stephen Hemminger <stephen@networkplumber.org>
While migrating to JSON print library, some keywords were dropped from
standard output by accident. Add them back to unbreak output parsers.
Fixes: c7c1a1ef51 ("bridge: colorize output and use JSON print library")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add support for the new sticky flag that can be set on fdbs and update the
man page.
CC: David Ahern <dsahern@gmail.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
NTF_EXT_LEARNED can be set by a user on bridge fdb entry.
Provide a bridge command option to allow a user to set
NTF_EXT_LEARNED on a bridge fdb entry.
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
There is a couple of places where we report error in case of no network
device is found. In all of them we output message in the same format to
stderr and either return -1 or 1 to the caller or exit with -1.
Introduce new helper function nodev() that takes name of the network
device caused error and returns -1 to it's caller. Either call exit()
or return to the caller to preserve behaviour before change.
Use -nodev() in traffic control (tc) code to return 1.
Simplify expression for checking for argument being 0/NULL in @if
statement.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Use new functions from json_print to simplify code.
Provide standard flag for colorizing output.
The shortened -c flag is ambiguous it could mean color or
compressvlan; it is now changed to mean color for consistency
with other iproute2 commands.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Make bridge work like other iproute2 commands and accept
same json and pretty flags.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
While benefit from using ll_name_to_index() with populated
cache can potentially be exploited only in few places
(e.g. bridge fdb/mdb/vlan show routines) there is another
advantage of ll_name_to_index() over plain if_nametoindex():
in case of if_nametoindex() failure ll_name_to_index()
will attempt to get index from common name in form "if%d"
that may be returned from ll_index_to_name().
This makes output from ip(8) coherent with it's input.
Note that most of the code already switched from plain
if_nametoindex() to ll_name_to_index() to cached variant.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
There are two reasons for switching to cached variant:
1) ll_index_to_name() may return result from cache,
eliminating expensive ioctl() to the kernel.
Note that most of the code already switched from plain
if_indextoname() to ll_index_to_name() to cached variant
in print path because in most cases cache populated.
2) It always return name in the form "if%d", even if
entry is not in cache and ioctl() fails. This drops
"link_index" from JSON output.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
For all files in iproute2 which do not have an obvious license
identification, mark them with SPDK GPL-2
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
