korg/iproute2
0
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/iproute2/iproute2.git synced 2024-11-15 14:05:22 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,323 Commits 3 Branches 124 Tags 13 MiB
2a12e61a4a
Commit Graph

6323 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stephen Hemminger
2a12e61a4a uapi: update headers from 6.6-rc4 
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-10-02 14:29:10 -07:00
Stephen Hemminger
015d8e7fb8 Add security policy 
Iproute2 security policy is minimal since the security
domain is controlled by the kernel. But it should be documented
before some new security related bug arises at some future time.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-29 16:06:42 -07:00
Stephen Hemminger
e8a3fca81c ila: fix potential snprintf buffer overflow 
The code to print 64 bit address has a theoretical overflow
of snprintf buffer found by CodeQL scan.
Address by checking result.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-18 11:45:24 -07:00
Stephen Hemminger
4d80122ae8 bridge: fix potential snprintf overflow 
There is a theoretical snprintf overflow in bridge slave bitmask
print code found by CodeQL scan.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-18 11:44:55 -07:00
Andrea Claudi
946753a445 Makefile: ensure CONF_USR_DIR honours the libdir config 
Following commit cee0cf84bd ("configure: add the --libdir option"),
iproute2 lib directory is configurable using the --libdir option on the
configure script. However, CONF_USR_DIR does not honour the configured
lib path in its default value.

This fixes the issue simply using $(LIBDIR) instead of $(PREFIX)/lib.
Please note that the default value for $(LIBDIR) is exactly
$(PREFIX)/lib, so this does not change the default value for
CONF_USR_DIR.

Fixes: 0a0a8f12fa ("Read configuration files from /etc and /usr")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-18 09:25:24 -07:00
Stephen Hemminger
3427614348 fix set-not-used warnings 
Building with clang and warnings enabled finds several
places where variable was set but not used.

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-17 10:07:54 -07:00
Stephen Hemminger
61b3433abb uapi: headers update from 6.6-rc2 
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-15 10:26:11 -07:00
Stephen Hemminger
5fc9a870d6 tc: add missing space before else 
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-15 09:46:21 -07:00
Allen Hubbe
af0ea2cd0b vdpa: consume device_features parameter 
Consume the parameter to device_features when parsing command line
options.  Otherwise the parameter may be used again as an option name.

 # vdpa dev add ... device_features 0xdeadbeef mac 00:11:22:33:44:55
 Unknown option "0xdeadbeef"

Fixes: a4442ce58e ("vdpa: allow provisioning device features")
Signed-off-by: Allen Hubbe <allen.hubbe@amd.com>
Reviewed-by: Shannon Nelson <shannon.nelson@amd.com>
Reviewed-by: Si-Wei Liu <si-wei.liu@oracle.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-12 06:17:15 -07:00
David Ahern
9e6ca8d0d6 Merge branch 'devlink-dump-selector' into next 
Jiri Pirko  says:

====================

From: Jiri Pirko <jiri@nvidia.com>

First 5 patches are preparations for the last one.

Motivation:

For SFs, one devlink instance per SF is created. There might be
thousands of these on a single host. When a user needs to know port
handle for specific SF, he needs to dump all devlink ports on the host
which does not scale good.

Solution:

Allow user to pass devlink handle (and possibly other attributes)
alongside the dump command and dump only objects which are matching
the selection.

Example:
$ devlink port show
auxiliary/mlx5_core.eth.0/65535: type eth netdev eth2 flavour physical port 0 splittable false
auxiliary/mlx5_core.eth.1/131071: type eth netdev eth3 flavour physical port 1 splittable false

$ devlink port show auxiliary/mlx5_core.eth.0
auxiliary/mlx5_core.eth.0/65535: type eth netdev eth2 flavour physical port 0 splittable false

$ devlink port show auxiliary/mlx5_core.eth.1
auxiliary/mlx5_core.eth.1/131071: type eth netdev eth3 flavour physical port 1 splittable false

====================

Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:19:48 -06:00
Jiri Pirko
70faecdca8 devlink: implement dump selector for devlink objects show commands 
Introduce a new helper dl_argv_parse_with_selector() to be used
by show() functions instead of dl_argv().

Implement it to check if all needed options got get commands are
specified. In case they are not, ask kernel for dump passing only
the options (attributes) that are present, creating sort of partial
key to instruct kernel to do partial dump.

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:16:51 -06:00
Jiri Pirko
20b299a3ec mnl_utils: introduce a helper to check if dump policy exists for command 
Benefit from GET_POLICY command of ctrl netlink and introduce a helper
that dumps policies and finds out, if there is a separate policy
specified for dump op of specified command.

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:16:45 -06:00
Jiri Pirko
fd1c2af8cb devlink: return -ENOENT if argument is missing 
In preparation to the follow-up dump selector patch, make sure that the
command line arguments parsing function returns -ENOENT in case the
option is missing so the caller can distinguish.

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:16:39 -06:00
Jiri Pirko
8eb894eda6 devlink: implement command line args dry parsing 
In preparation to the follow-up dump selector patch, introduce function
dl_argv_dry_parse() which allows to do dry parsing of command line
arguments without printing out any error messages to the user.

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:16:27 -06:00
Jiri Pirko
5d9f42124c devlink: make parsing of handle non-destructive to argv 
Currently, handle parsing is destructive as the "\0" string ends are
being put in certain positions during parsing. That prevents it from
being used repeatedly. This is problematic with the follow-up patch
implementing dry-parsing. Fix by making a copy of handle argv during
parsing.

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:16:16 -06:00
Jiri Pirko
158215c536 devlink: move DL_OPT_SB into required options 
This is basically a cosmetic change. The SB index is not required to be
passed by user and implicitly index 0 is used. This is ensured by
special treating at the end of dl_argv_parse(). Move this option from
optional to required options.

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:15:32 -06:00
François Michel
dd5b1f585b tc: fix several typos in netem's usage string 
Add missing brackets and surround brackets by single spaces
in the netem usage string.
Also state the P14 argument as optional.

Signed-off-by: François Michel <francois.michel@uclouvain.be>
Reviewed-by: Donald Hunter <donald.hunter@gmail.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:14:35 -06:00
David Ahern
3258a969e9 Merge remote-tracking branch 'main' into next 
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-09-11 09:14:18 -06:00
Stephen Hemminger
040325f543 v6.5.0 2023-09-06 09:26:52 -07:00
Hangbin Liu
3181d4e149 iplink_bridge: fix incorrect root id dump 
Fix the typo when dump root_id.

Fixes: 70dfb0b883 ("iplink: bridge: export bridge_id and designated_root")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-09-06 07:16:41 -07:00
François Michel
865dd3ab15 tc: fix typo in netem's usage string 
Fixes a misplaced newline in netem's usage string.

Signed-off-by: François Michel <francois.michel@uclouvain.be>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-30 12:59:52 -06:00
David Ahern
a79e2b2e54 Merge remote-tracking branch 'main' into next 
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-28 20:54:04 -06:00
François Michel
fcff3a8fe9 man: tc-netem: add section for specifying the netem seed 
Signed-off-by: François Michel <francois.michel@uclouvain.be>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-28 20:53:31 -06:00
François Michel
a67cf9a252 tc: support the netem seed parameter for loss and corruption events 
Signed-off-by: François Michel <francois.michel@uclouvain.be>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-28 20:53:17 -06:00
David Ahern
8ab5ae19da Update kernel headers 
Update kernel headers to commit:
    6c9cfb853063 ("net: ethernet: mtk_wed: minor change in wed_{tx,rx}info_show")

Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-28 20:51:44 -06:00
David Ahern
4e66b4bb2a Merge branch 'vrf-exec-selinux' into next 
Andrea Claudi  says:

====================

In order to execute a service with VRF, a user should start it using
"ip vrf exec". For example, using systemd, the user can encapsulate the
ExecStart command in ip vrf exec as shown below:

ExecStart=/usr/sbin/ip vrf exec vrf1 /usr/sbin/httpd $OPTIONS -DFOREGROUND

Assuming SELinux is in permissive mode, starting the service with the
current ip vrf implementation results in:

 # systemctl start httpd
 # ps -eafZ | grep httpd
system_u:system_r:ifconfig_t:s0 root      597448       1  1 19:22 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:ifconfig_t:s0 apache    597452  597448  0 19:22 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
[snip]

This is incorrect, as the context for httpd should be httpd_t, not
ifconfig_t.

This happens because ipvrf_exec invokes cmd_exec without setting the
correct SELinux context before. Without the correct setting, the process
is executed using ip's SELinux context.

This patch series makes "ip vrf exec" SELinux-aware using the
setexecfilecon functions, which retrieves the correct context to be used
on the next execvp() call.

After this series:
 # systemctl start httpd
 # ps -eafZ | grep httpd
system_u:system_r:httpd_t:s0    root      595805       1  0 19:01 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
system_u:system_r:httpd_t:s0    apache    595809  595805  0 19:01 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND

====================

Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-24 17:38:58 -07:00
Andrea Claudi
0d0eeaa6cb ip vrf: make ipvrf_exec SELinux-aware 
When using ip vrf and SELinux is enabled, make sure to set the exec file
context before calling cmd_exec.

This ensures that the command is executed with the right context,
falling back to the ifconfig_t context when needed.

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-24 17:34:40 -07:00
Andrea Claudi
e246ebc3b7 lib: add SELinux include and stub functions 
ss provides some selinux stub functions, useful when iproute2 is
compiled without selinux support.

Move them to lib/ so we can use them in other iproute2 tools.

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-24 17:34:31 -07:00
Andrea Claudi
61c6882ce2 ss: make SELinux stub functions conformant to API definitions 
getfilecon() and security_get_initial_context() use the const qualifier
for their first paramater in SELinux APIs.

This commit adds the const qualifier to these functions, making them
conformant to API definitions.

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-24 17:34:14 -07:00
Andrea Claudi
c8970828b6 ss: make is_selinux_enabled stub work like in SELinux 
From the is_selinux_enabled() manpage:

is_selinux_enabled() returns 1 if SELinux is running or 0 if it is not.

This makes the is_selinux_enabled() stub functions works exactly like
the SELinux function it is supposed to replace.

Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-24 17:34:07 -07:00
Matthieu Baerts
505c65aa44 ss: mptcp: print missing info counters 
These new counters have been added in different kernel versions:

- v5.12: local_addr_used, local_addr_max

- v5.13: csum_enabled

- v6.5: retransmits, bytes_retrans, bytes_sent, bytes_received,
  bytes_acked

It is interesting to display them if they are available.

Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/415
Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-23 08:10:34 -07:00
Matthieu Baerts
cfa70237d6 ss: mptcp: display seq related counters as decimal 
This is aligned with what is printed for TCP sockets.

The main difference here is that these counters can be larger (u32 vs
u64) but WireShark and TCPDump are also printing these MPTCP counters as
decimal and they look fine.

So it sounds better to do the same here with ss for those who want to
easily count how many bytes have been exchanged between two runs without
having to think in hexa.

Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-23 08:10:34 -07:00
Matthieu Baerts
0c3f1582d5 ss: mptcp: display info counters as unsigned 
Some counters from mptcp_info structure were stored as an unsigned
number (u8) but displayed as a signed one.

Even if it is unlikely these u8 counters -- number of subflows and
ADD_ADDR -- have a value bigger than 2^7, it still sounds better to
display them as unsigned.

Fixes: 9c3be2c0 ("ss: mptcp: add msk diag interface support")
Acked-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-23 08:10:34 -07:00
Maximilian Bosch
df210e83e0 ip-vrf: recommend using CAP_BPF rather than CAP_SYS_ADMIN 
The CAP_SYS_ADMIN capability allows far too much, to quote
`capabilities(7)`:

    Note: this capability is overloaded; see Notes to kernel developers, below.

In the case of `ip-vrf(8)` this is needed to load a BPF program.
According to the same section of the same man-page, using `CAP_BPF` is
preferred if that's the reason for `CAP_SYS_ADMIN`;

    perform  the  same BPF operations as are governed by CAP_BPF (but the latter, weaker capability is preferred for accessing
    that functionality).

Local testing revealed that `ip vrf exec` for an unprivileged user is
sufficient if the `CAP_BPF` capability is given rather than
`CAP_SYS_ADMIN`.

In a previous version of the patch[1] it was mentioned that
CAP_SYS_ADMIN was still required for Linux <5.8, however it was
suggested to not make man-pages dependent on the kernel version. Also,
it was suggested to improve the wording and the formatting of the entire
paragraph mentioning capabilities which was also done.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>

[1] https://lore.kernel.org/netdev/e6t4ucjdrcitzneh2imygsaxyb2aasxfn2q2a4zh5yqdx3vold@kutwh5kwixva/T/#m628a1900a7e5012bb87e6cb3c94af6c7281cf2bf

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-23 08:06:30 -07:00
Phil Sutter
92e9915c36 ss: Fix socket type check in packet_show_line() 
The field is accessed before being assigned a meaningful value,
effectively disabling the checks.

Fixes: 4a0053b606 ("ss: Unify packet stats output from netlink and proc")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-23 08:05:49 -07:00
David Ahern
ce67bbcccb Merge remote-tracking branch 'main' into next 
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-20 10:42:35 -06:00
Pedro Tammela
877f8149d2 utils: fix get_integer() logic 
After 3a463c15, get_integer() doesn't return the converted value and
always writes 0 in 'val' in case of success.
Fix the logic so it writes the converted value in 'val'.

Fixes: 3a463c15 ("Add get_long utility and adapt get_integer accordingly"
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-20 10:41:05 -06:00
Jiri Pirko
872148f54e devlink: spell out STATE in devlink port function help 
Be in-sync with port help and port man page and spell out the possible
states instead of "STATE".

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-19 09:13:36 -07:00
Mathieu Schroeter
e12d0c929c ss: print unix socket "ports" as unsigned int (inode) 
Signed-off-by: Mathieu Schroeter <mathieu@schroetersa.ch>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-13 10:24:42 -06:00
Mathieu Schroeter
012cb5152d ss: change aafilter port from int to long (inode support) 
The aafilter struct considers the port as (usually) 32 bit signed
integer. In case of a unix socket, the port is used with an inode
number which is an unsigned int. In this case, the 'ss' command
fails because it assumes that the value does not look like a port
(<0).

Here an example of command call where the inode is passed and
is larger than a signed integer:

ss -H -A unix_stream src :2259952798

Signed-off-by: Mathieu Schroeter <mathieu@schroetersa.ch>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-13 10:24:36 -06:00
Mathieu Schroeter
db7fb3f196 Add utility to convert an unsigned int to string 
Signed-off-by: Mathieu Schroeter <mathieu@schroetersa.ch>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-13 10:24:32 -06:00
Mathieu Schroeter
3a463c152a Add get_long utility and adapt get_integer accordingly 
Signed-off-by: Mathieu Schroeter <mathieu@schroetersa.ch>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-13 10:24:27 -06:00
Jiri Pirko
27724f3cbb devlink: accept "name" command line option instead of "trap"/"group" 
It is common for all iproute2 apps to have command line option
names matching with show command outputs. However, that is not true
in case of trap and trap group devlink objects.

Correct would be to have "trap" and "group" in the outputs, but that is
not possible to change now. Instead of that, accept "name" instead of
"trap" and "group" options.

Examples:

$ devlink trap show netdevsim/netdevsim1
netdevsim/netdevsim1:
  name source_mac_is_multicast type drop generic true action drop group l2_drops
  name vlan_tag_mismatch type drop generic true action drop group l2_drops
  name ingress_vlan_filter type drop generic true action drop group l2_drops
  name ingress_spanning_tree_filter type drop generic true action drop group l2_drops
  name port_list_is_empty type drop generic true action drop group l2_drops
  name port_loopback_filter type drop generic true action drop group l2_drops
  name fid_miss type exception generic false action trap group l2_drops
  name blackhole_route type drop generic true action drop group l3_drops
  name ttl_value_is_too_small type exception generic true action trap group l3_exceptions
  name tail_drop type drop generic true action drop group buffer_drops
  name ingress_flow_action_drop type drop generic true action drop group acl_drops
  name egress_flow_action_drop type drop generic true action drop group acl_drops
  name igmp_query type control generic true action mirror group mc_snooping
  name igmp_v1_report type control generic true action trap group mc_snooping
$ devlink trap show netdevsim/netdevsim1 trap source_mac_is_multicast
netdevsim/netdevsim1:
  name source_mac_is_multicast type drop generic true action drop group l2_drops
$ devlink trap show netdevsim/netdevsim1 name source_mac_is_multicast
netdevsim/netdevsim1:
  name source_mac_is_multicast type drop generic true action drop group l2_drops

$ devlink trap group
netdevsim/netdevsim1:
  name l2_drops generic true
  name l3_drops generic true policer 1
  name l3_exceptions generic true policer 1
  name buffer_drops generic true policer 2
  name acl_drops generic true policer 3
  name mc_snooping generic true policer 3
$ devlink trap group show netdevsim/netdevsim1 group l2_drops
netdevsim/netdevsim1:
  name l2_drops generic true
$ devlink trap group show netdevsim/netdevsim1 name l2_drops
  name l2_drops generic true

Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-13 10:22:12 -06:00
Vladimir Oltean
f848310a72 tc/taprio: fix JSON output when TCA_TAPRIO_ATTR_ADMIN_SCHED is present 
When the kernel reports that a configuration change is pending
(and that the schedule is still in the administrative state and
not yet operational), we (tc -j -p qdisc show) produce the following
output:

[ {
        "kind": "taprio",
        "handle": "8001:",
        "root": true,
        "refcnt": 9,
        "options": {
            "tc": 8,
            "map": [ 0,1,2,3,4,5,6,7,0,0,0,0,0,0,0,0 ],
            "queues": [ {
                    "offset": 0,
                    "count": 1
                },{
                    "offset": 1,
                    "count": 1
                },{
                    "offset": 2,
                    "count": 1
                },{
                    "offset": 3,
                    "count": 1
                },{
                    "offset": 4,
                    "count": 1
                },{
                    "offset": 5,
                    "count": 1
                },{
                    "offset": 6,
                    "count": 1
                },{
                    "offset": 7,
                    "count": 1
                } ],
            "clockid": "TAI",
            "base_time": 0,
            "cycle_time": 20000000,
            "cycle_time_extension": 0,
            "schedule": [ {
                    "index": 0,
                    "cmd": "S",
                    "gatemask": "0xff",
                    "interval": 20000000
                } ],{
                "base_time": 1691160103110424418,
                "cycle_time": 20000000,
                "cycle_time_extension": 0,
                "schedule": [ {
                        "index": 0,
                        "cmd": "S",
                        "gatemask": "0xff",
                        "interval": 20000000
                    } ]
            },
            "max-sdu": [ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ],
            "fp": [ "E","E","E","E","E","E","E","E","E","E","E","E","E","E","E","E" ]
        }
    } ]

which is invalid json, because the second group of "base_time",
"cycle_time", etc etc is placed in an unlabeled sub-object. If we pipe
it into jq, it complains:

parse error: Objects must consist of key:value pairs at line 53, column 14

Since it represents the administrative schedule, give this unnamed JSON
object the "admin" name. We now print valid JSON which looks like this:

[ {
        "kind": "taprio",
        "handle": "8001:",
        "root": true,
        "refcnt": 9,
        "options": {
            "tc": 8,
            "map": [ 0,1,2,3,4,5,6,7,0,0,0,0,0,0,0,0 ],
            "queues": [ {
                    "offset": 0,
                    "count": 1
                },{
                    "offset": 1,
                    "count": 1
                },{
                    "offset": 2,
                    "count": 1
                },{
                    "offset": 3,
                    "count": 1
                },{
                    "offset": 4,
                    "count": 1
                },{
                    "offset": 5,
                    "count": 1
                },{
                    "offset": 6,
                    "count": 1
                },{
                    "offset": 7,
                    "count": 1
                } ],
            "clockid": "TAI",
            "base_time": 0,
            "cycle_time": 20000000,
            "cycle_time_extension": 0,
            "schedule": [ {
                    "index": 0,
                    "cmd": "S",
                    "gatemask": "0xff",
                    "interval": 20000000
                } ],
            "admin": {
                "base_time": 1691160511783528178,
                "cycle_time": 20000000,
                "cycle_time_extension": 0,
                "schedule": [ {
                        "index": 0,
                        "cmd": "S",
                        "gatemask": "0xff",
                        "interval": 20000000
                    } ]
            },
            "max-sdu": [ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 ],
            "fp": [ "E","E","E","E","E","E","E","E","E","E","E","E","E","E","E","E" ]
        }
    } ]

Fixes: 602fae856d ("taprio: Add support for changing schedules")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-09 13:40:08 -07:00
Vladimir Oltean
a5f695cbb1 tc/taprio: don't print netlink attributes which weren't reported by the kernel 
When an admin schedule is pending and hasn't yet become operational, the
kernel will report only the parameters of the admin schedule in a nested
TCA_TAPRIO_ATTR_ADMIN_SCHED attribute.

However, we default to printing zeroes even for the parameters of the
operational base time, when that doesn't exist.

Fixes: 0dd1644935 ("tc: Add support for configuring the taprio scheduler")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-09 13:40:00 -07:00
Nicolas Escande
cb93753e10 man: bridge: update bridge link show 
Add missing man page documentation for bridge link show features added in
commit 13a5d8fcb4 ("bridge: link: allow filtering on bridge name") and
commit 64108901b7 ("bridge: Add support for setting bridge port attributes")

Signed-off-by: Nicolas Escande <nico.escande@gmail.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-09 13:32:59 -07:00
Stephen Hemminger
6e43b962bf uapi: update headers 
Based off ov 6.5-rc5

Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-09 13:21:20 -07:00
Ratheesh Kannoth
8cff77fdca tc: Classifier support for SPI field 
tc flower support for SPI field in ESP and AH packets.

Signed-off-by: Ratheesh Kannoth <rkannoth@marvell.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-04 09:10:32 -06:00
Ido Schimmel
77430db000 bridge: Add backup nexthop ID support 
Extend the bridge and ip utilities to set and show the backup nexthop ID
bridge port attribute. A value of 0 (default) disables the feature, in
which case the attribute is not printed since it is not emitted by the
kernel.

Example:

 # bridge -d link show dev swp1 | grep -o "backup_nhid [0-9]*"
 # bridge -d -j -p link show dev swp1 | jq '.[]["backup_nhid"]'
 null

 # bridge link set dev swp1 backup_nhid 10
 # bridge -d link show dev swp1 | grep -o "backup_nhid [0-9]*"
 backup_nhid 10
 # bridge -d -j -p link show dev swp1 | jq '.[]["backup_nhid"]'
 10

 # bridge link set dev swp1 backup_nhid 0
 # bridge -d link show dev swp1 | grep -o "backup_nhid [0-9]*"
 # bridge -d -j -p link show dev swp1 | jq '.[]["backup_nhid"]'
 null

 # ip -d link show dev swp1 | grep -o "backup_nhid [0-9]*"
 # ip -d -j -p lin show dev swp1 | jq '.[]["linkinfo"]["info_slave_data"]["backup_nhid"]'
 null

 # ip link set dev swp1 type bridge_slave backup_nhid 10
 # ip -d link show dev swp1 | grep -o "backup_nhid [0-9]*"
 backup_nhid 10
 # ip -d -j -p lin show dev swp1 | jq '.[]["linkinfo"]["info_slave_data"]["backup_nhid"]'
 10

 # ip link set dev swp1 type bridge_slave backup_nhid 0
 # ip -d link show dev swp1 | grep -o "backup_nhid [0-9]*"
 # ip -d -j -p lin show dev swp1 | jq '.[]["linkinfo"]["info_slave_data"]["backup_nhid"]'
 null

Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
 2023-08-04 09:09:43 -06:00
Paolo Lungaroni
64e8c4b674 seg6: man: ip-link.8: add description of NEXT-C-SID flavor for SRv6 End.X behavior 
This patch extends the manpage by providing the description of NEXT-C-SID
support for the SRv6 End.X behavior as defined in RFC 8986 [1].

The code/logic required to handle the "flavors" framework has already been
merged into iproute2 by commit:
    04a6b456bf ("seg6: add support for flavors in SRv6 End* behaviors").

Some examples:
ip -6 route add 2001:db8::1 encap seg6local action End.X nh6 fc00::1 flavors next-csid dev eth0

Standard Output:
ip -6 route show 2001:db8::1
2001:db8::1  encap seg6local action End.X nh6 fc00::1 flavors next-csid lblen 32 nflen 16 dev eth0 metric 1024 pref medium

JSON Output:
ip -6 -j -p route show 2001:db8::1
[ {
	"dst": "2001:db8::1",
	"encap": "seg6local",
        "action": "End.X",
        "nh6": "fc00::1",
        "flavors": [ "next-csid" ],
        "lblen": 32,
        "nflen": 16,
	"dev": "eth0",
	"metric": 1024,
	"flags": [ ],
	"pref": "medium"
} ]

[1] - https://datatracker.ietf.org/doc/html/rfc8986

Signed-off-by: Paolo Lungaroni <paolo.lungaroni@uniroma2.it>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
 2023-08-03 13:01:38 -07:00