Add support for parsing TCA_FLOWER_KEY_ENC_OPTS_GTP.
Options are as follows: PDU_TYPE:QFI where each
option is represented as 8-bit hexadecimal value.
e.g.
# ip link add gtp_dev type gtp role sgsn
# tc qdisc add dev gtp_dev ingress
# tc filter add dev gtp_dev protocol ip parent ffff: \
flower \
enc_key_id 11 \
gtp_opts 1:8/ff:ff \
action mirred egress redirect dev eth0
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Support for creating GTP devices through ip link. Two arguments
can be specified by the user when adding device of the GTP type.
- role (sgsn or ggsn) - indicates whether we are on the GGSN or SGSN
- hsize - indicates the size of the hash table where PDP sessions
are stored
IFLA_GTP_FD0 and IFLA_GTP_FD1 arguments would not be provided. Those
are file descriptores to the sockets created in the userspace. Since
we are not going to create sockets in ip link, we don't have to
provide them.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Reviewed-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
The bridge vlan command supports setting mcast_router per-port and
per-vlan, what's however missing is the ability to set the per-port
mcast_router options, e.g. when VLAN filtering is disabled.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Update kernel headers to commit:
092d992b76ed ("Merge tag 'mlx5-updates-2022-03-18' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux")
Signed-off-by: David Ahern <dsahern@kernel.org>
Update man page to include information how to configure the max
virtqueue pairs for a vdpa device when creating one.
Signed-off-by: Eli Cohen <elic@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
When showing the available management devices, check if
VDPA_ATTR_DEV_SUPPORTED_FEATURES feature is available and print the
supported features for a management device.
Examples:
$ vdpa mgmtdev show
auxiliary/mlx5_core.sf.1:
supported_classes net
max_supported_vqs 257
dev_features CSUM GUEST_CSUM MTU HOST_TSO4 HOST_TSO6 STATUS CTRL_VQ MQ \
CTRL_MAC_ADDR VERSION_1 ACCESS_PLATFORM
$ vdpa -jp mgmtdev show
{
"mgmtdev": {
"auxiliary/mlx5_core.sf.1": {
"supported_classes": [ "net" ],
"max_supported_vqs": 257,
"dev_features": [
"CSUM","GUEST_CSUM","MTU","HOST_TSO4","HOST_TSO6","STATUS","CTRL_VQ","MQ",\
"CTRL_MAC_ADDR","VERSION_1","ACCESS_PLATFORM" ]
}
}
}
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eli Cohen <elic@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Use VDPA_ATTR_DEV_MGMTDEV_MAX_VQS to specify max number of virtqueue
pairs to configure for a vdpa device when adding a device.
Examples:
1. Create a device with 3 virtqueue pairs:
$ vdpa dev add name vdpa-a mgmtdev auxiliary/mlx5_core.sf.1 max_vqp 3
2. Read the configuration of a vdpa device
$ vdpa dev config show vdpa-a
vdpa-a: mac 00:00:00:00:88:88 link up link_announce false max_vq_pairs 3 \
mtu 1500
negotiated_features CSUM GUEST_CSUM MTU MAC HOST_TSO4 HOST_TSO6 STATUS \
CTRL_VQ MQ CTRL_MAC_ADDR VERSION_1 ACCESS_PLATFORM
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eli Cohen <elic@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
When reading the configuration of a vdpa device, check if the
VDPA_ATTR_DEV_NEGOTIATED_FEATURES is available. If it is, parse the
feature bits and print a string representation of each of the feature
bits.
We keep the strings in two different arrays. One for net device related
devices and one for generic feature bits.
In this patch we parse only net device specific features. Support for
other devices can be added later. If the device queried is not a net
device, we print its bit number only.
Examples:
1. Standard presentation
$ vdpa dev config show vdpa-a
vdpa-a: mac 00:00:00:00:88:88 link up link_announce false max_vq_pairs 2 mtu 9000
negotiated_features CSUM GUEST_CSUM MTU MAC HOST_TSO4 HOST_TSO6 STATUS \
CTRL_VQ MQ CTRL_MAC_ADDR VERSION_1 ACCESS_PLATFORM
2. json output
$ vdpa -j dev config show vdpa-a
{"config":{"vdpa-a":{"mac":"00:00:00:00:88:88","link":"up","link_announce":false,\
"max_vq_pairs":2,"mtu":9000,"negotiated_features":["CSUM","GUEST_CSUM",\
"MTU","MAC","HOST_TSO4","HOST_TSO6","STATUS","CTRL_VQ","MQ","CTRL_MAC_ADDR",\
"VERSION_1","ACCESS_PLATFORM"]}}}
3. Pretty json
$ vdpa -jp dev config show vdpa-a
{
"config": {
"vdpa-a": {
"mac": "00:00:00:00:88:88",
"link ": "up",
"link_announce ": false,
"max_vq_pairs": 2,
"mtu": 9000,
"negotiated_features": [
"CSUM","GUEST_CSUM","MTU","MAC","HOST_TSO4","HOST_TSO6","STATUS","CTRL_VQ",\
"MQ","CTRL_MAC_ADDR","VERSION_1","ACCESS_PLATFORM" ]
}
}
}
Reviewed-by: Si-Wei Liu<si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eli Cohen <elic@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
"-v[erbose]" option is not supported.
Remove it.
Reviewed-by: Parav Pandit <parav@nvidia.com>
Reviewed-by: Jianbo Liu <jianbol@mellanox.com>
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Eli Cohen <elic@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
dcb, devlink, rdma, tipc and vdpa rely on libmnl to compile, so they
check for libmnl to be installed on their Makefiles.
This moves HAVE_MNL check from the tools to top-level Makefile, thus
avoiding to call their Makefiles if libmnl is not present.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Joachim Wiberg says:
====================
this patch set address a slight omission in controlling broadcast
flooding per bridge port, which the bridge has had support for a good
while now.
v3:
- Move bcast_flood option in manual files to before the mcast_flood
option, instead of breaking the two mcast options. Unfortunately
the other options are not alphabetically sorted, so this was the
least worst option. (Stephen)
- Add missing closing " for 'bridge mdb show' in bridge(8) SYNOPSIS
v2:
- Add bcast_flood also to ip/iplink_bridge_slave.c (Nik)
- Update man page for ip-link(8) with new bcast_flood flag
- Update mcast_flood in same man page slightly
- Fix minor weird whitespace issues causing sudden line breaks
v1:
- Add bcast_flood to bridge/link.c
- Update man page for bridge(8) with bcast_flood for brports
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
Some options, spread across the man page, were accidentally (?) space
indented (possible bullet list auto-indent in editors), causing odd line
breaks in presentation mode (emacs, nroff, etc.). This patch aligns the
multi-line descriptions to column zero, in line with other such option
descriptions.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
The options are not alphabetically sorted, so placing bcast_flood right
before mcast_flood for now.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add per-port support for controlling flooding of broadcast traffic.
Similar to unicast and multcast flooding that already exist.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
The bridge link options are not alphabetically sorted, so placing
bcast_flood right before mcast_flood for now.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add per-port support for controlling flooding of broadcast traffic.
Similar to unicast and multcast flooding that already exist.
Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
Reviewed-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
RDMA_NLDEV_ATTR_RES_PID and RDMA_NLDEV_ATTR_RES_KERN_NAME cannot be set
together, as evident for the fill_res_name_pid() function in the kernel
infiniband driver. This commit makes this clear at first glance, using
an else branch for the RDMA_NLDEV_ATTR_RES_KERN_NAME case.
This also helps coverity to better understand this code and avoid
producing a bogus warning complaining about mnl_attr_get_str overwriting
comme, and thus leaking the storage that comm points to.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
As Linux-2.0 is getting old and systemd allows non Linux-2.0 compatible
aliases to be set, I think iproute2 should be able to manage such
aliases.
Signed-off-by: Maxime de Roucy <maxime.deroucy@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
asprintf() allocates memory which is not freed on the error path of
get_task_name(), thus potentially leading to memory leaks.
%m specifier on fscanf allocates memory, too, which needs to be freed by
the caller.
This reworks get_task_name() to avoid memory allocation.
- Pass a buffer and its length to the function, similarly to what
get_command_name() does, thus avoiding to allocate memory for
the string to be returned;
- Use snprintf() instead of asprintf();
- Use fgets() instead of fscanf() to limit string length.
Fixes: 81bfd01a4c ("lib: move get_task_name() from rdma")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch adds the possibility to specify batadv specific options when
creating a new batman link. The only option available on link creation
is IFLA_BATADV_ALGO_NAME which specifies the routing algorithm.
Note there is no batadv specific attr to be handled on link dump.
Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
We need to separate action print for filter and action dump since
in action dump, we need to print hardware status and flags. But in
filter dump, we do not need to print action hardware status and
hardware related flags.
In filter dump, actions hardware status should be same with filter.
so we will not print action hardware status in this case.
Action print for action dump:
action order 0: police 0xff000100 rate 0bit burst 0b mtu 64Kb pkts_rate 50000 pkts_burst 10000 action drop/pipe overhead 0b linklayer unspec
ref 4 bind 3 installed 666 sec used 0 sec firstused 106 sec
Action statistics:
Sent 7634140154 bytes 5109889 pkt (dropped 0, overlimits 0 requeues 0)
Sent software 84 bytes 3 pkt
Sent hardware 7634140070 bytes 5109886 pkt
backlog 0b 0p requeues 0
in_hw in_hw_count 1
used_hw_stats delayed
Action print for filter dump:
action order 1: police 0xff000100 rate 0bit burst 0b mtu 64Kb pkts_rate 50000 pkts_burst 10000 action drop/pipe overhead 0b linklayer unspec
ref 4 bind 3 installed 680 sec used 0 sec firstused 119 sec
Action statistics:
Sent 8627975846 bytes 5775107 pkt (dropped 0, overlimits 0 requeues 0)
Sent software 84 bytes 3 pkt
Sent hardware 8627975762 bytes 5775104 pkt
backlog 0b 0p requeues 0
used_hw_stats delayed
Signed-off-by: Baowen Zheng <baowen.zheng@corigine.com>
Signed-off-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Use the corresponding function and fmt string to print unsigned int32
and int64.
Signed-off-by: Shangyan Zhou <sy.zhou@hotmail.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
bpf_create_map_xattr is deprecated in v0.7 in favor of bpf_map_create.
bpf_map_create and its bpf_map_create_opts are not available across the
range of v0.1 and up versions of libbpf, so change create_map to use
the bpf syscall directly.
Signed-off-by: David Ahern <dsahern@kernel.org>
bpf_load_program is deprecated starting in v0.7. The preferred
bpf_prog_load requires bpf_prog_load_opts from v0.6. This creates an
ugly scenario for iproute2 to work across libbpf versions from v0.1
and up.
Since bpf_program_load is only used to load the builtin vrf program,
just remove the libbpf call and use the legacy code.
Signed-off-by: David Ahern <dsahern@kernel.org>
Use the corresponding function and fmt string to print unsigned int32
and int64.
Signed-off-by: Shangyan Zhou <sy.zhou@hotmail.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
these members of TCP_INFO have been included in v5.4.
tested with:
# ss -nti
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Daniel Braunwarth says:
====================
Update the llproto_names array to allow users to reference the PROFINET
and EtherCAT protocols with the names 'profinet' and 'ethercat'.
These patches depends on the below referenced patch, which extends if_ether.h
with the used ETH_P_xxx defines.
Link: https://lore.kernel.org/netdev/20220228133029.100913-1-daniel@braunwarth.dev/
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
Update the llproto_names array to allow users to reference the PROFINET
and EtherCAT protocols with the names 'profinet' and 'ethercat'.
Signed-off-by: Daniel Braunwarth <daniel@braunwarth.dev>
Hans Schultz says:
====================
This patch set is to complement the kernel locked port patches, such
that iproute2 can be used to lock/unlock a port and check if a port
is locked or not. To lock or unlock a port use the command:
bridge link set dev DEV locked {on | off}
To show the detailed setting of a port, including if the locked flag is
enabled for the port(s), use the command:
bridge -d link show [dev DEV]
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
Syntax: ip link set dev DEV type bridge_slave locked {on | off}
Signed-off-by: Hans Schultz <schultz.hans+netdev@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add support for setting a bridge port in locked mode to use with 802.1X,
so that only authorized clients are allowed access through the port.
Syntax: bridge link set dev DEV locked {on, off}
Signed-off-by: Hans Schultz <schultz.hans+netdev@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This patch updated the port keyword check for the setting flags, allow
to use the port keyword with the non-signal flags. Don't allow to use
the port keyword with the id number.
With this patch, we can use setting flags in two forms, using the address
and port number directly or the id number of the address:
ip mptcp endpoint change id 1 fullmesh
ip mptcp endpoint change 10.0.2.1 fullmesh
ip mptcp endpoint change 10.0.2.1 port 10100 fullmesh
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
A pair of new flags, fullmesh and nofullmesh, had been added in the
setting flags of MPTCP PM netlink in kernel space recently by the commit
73c762c1f07d ("mptcp: set fullmesh flag in pm_netlink").
This patch added the corresponding logic to pass these two flags to the
netlink in user space.
These new flags can be used like this:
ip mptcp endpoint change id 1 fullmesh
ip mptcp endpoint change id 1 nofullmesh
ip mptcp endpoint change id 1 backup fullmesh
ip mptcp endpoint change id 1 nobackup nofullmesh
Here's an example of setting fullmesh flags:
> sudo ip mptcp endpoint add 10.0.2.1 subflow
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow
> sudo ip mptcp endpoint change id 1 fullmesh
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow fullmesh
> sudo ip mptcp endpoint change id 1 nofullmesh
> sudo ip mptcp endpoint show
10.0.2.1 id 1 subflow
It can be seen that 'ip mptcp endpoint show' already supports showing
the fullmesh flag.
Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
