The two implementations are now identical so keep only one instance and
move it to json_print.c where there are already a few other specialized
printing functions.
The string that's formatted in the "end" buffer is only needed when
outputting a range so move the snprintf() call within the condition.
The second argument's purpose is better conveyed by calling it "end" rather
than "id" so rename it.
Reviewed-by: Petr Machata <petrm@nvidia.com>
Tested-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Don't trust the kernel to send payload of certain size. Sanitize that by
checking the payload length in mnlu_cb_stop() and mnlu_cb_error() and
only access the payload if it is of required size.
Note that for mnlu_cb_stop(), this is happening already for example
with devlink resource. Kernel sends NLMSG_DONE with zero size payload.
Fixes: 049c58539f ("devlink: mnlg: Add support for extended ack")
Fixes: c934da8aaa ("devlink: mnlg: Catch returned error value of dumpit commands")
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Validate the nlmsg header length before accessing the nlmsg payload
length.
Fixes: 892a25e286 ("libnetlink: break up dump function")
Signed-off-by: Max Kunzelmann <maxdev@posteo.de>
Reviewed-by: Benny Baumann <BenBE@geshi.org>
Reviewed-by: Robert Geislinger <github@crpykng.de>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The BPF verifier allows setting a higher verbosity level, which is
helpful when it comes to debugging verifier issue, specially when used
on BPF program that loads successfully (but should not have passed the
verifier in the first place). Increase the BPF verifier log level when
in verbose mode to help with such cases.
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
libbpf allows setting the log_level in struct bpf_object_open_opts
through the kernel_log_level field since v0.7, use it to set log level
to align with bpf_prog_load_dev() and bpf_btf_load().
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Benefit from GET_POLICY command of ctrl netlink and introduce a helper
that dumps policies and finds out, if there is a separate policy
specified for dump op of specified command.
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
When using ip vrf and SELinux is enabled, make sure to set the exec file
context before calling cmd_exec.
This ensures that the command is executed with the right context,
falling back to the ifconfig_t context when needed.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
ss provides some selinux stub functions, useful when iproute2 is
compiled without selinux support.
Move them to lib/ so we can use them in other iproute2 tools.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
After 3a463c15, get_integer() doesn't return the converted value and
always writes 0 in 'val' in case of success.
Fix the logic so it writes the converted value in 'val'.
Fixes: 3a463c15 ("Add get_long utility and adapt get_integer accordingly"
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Add support for the so called "stateless" configuration pattern (read
from /etc, fall back to /usr), giving system administrators a way to
define local configuration without changing any distro-provided files.
In practice this means that each configuration file FOO is loaded
from /usr/lib/iproute2/FOO unless /etc/iproute2/FOO exists.
Signed-off-by: Gioele Barabucci <gioele@svario.it>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
In lib/utils.c comment for fallthrough was in wrong place
and one was missing in xfrm_state.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Replace multiple whitespaces with tab where appropriate.
While at it, fix tc flower help message and remove some double
whitespaces.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
The function rtnl_addproto_a2n() was defined but never used.
Use it to allow for symbolic names, and fix the function signatures
so protocol value is consistently __u8.
Fixes: bdb8d8549e ("ip: Support IP address protocol")
Cc: petrm@nvidia.com
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add new helper function print_bool_opt() which prints
with no prefix and use it for vxlan options.
If the option matches the expected default value,
it is not printed if in non JSON mode unless the details
setting is repeated.
Use a table for the vxlan options. This will change
the order of the printing of options.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The function free() handles the case wher argument is NULL
by doing nothing. So the extra checks are not needed.
Found by modified version of kernel coccinelle script.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
IPv4 and IPv6 addresses can be assigned a protocol value that indicates the
provenance of the IP address. The attribute is modeled after ip route
protocols, and essentially allows the administrator or userspace stack to
tag addresses in some way that makes sense to the actor in question.
Support for this feature was merged with commit 47f0bd503210 ("net: Add new
protocol attribute to IP addresses"), for kernel 5.18.
In this patch, add support for setting the protocol attribute at IP address
addition, replacement, and listing requests.
An example session with the feature in action:
# ip address add dev d 192.0.2.1/28 proto 0xab
# ip address show dev d
26: d: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 06:29:74:fd:1f:eb brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/28 scope global proto 0xab d
valid_lft forever preferred_lft forever
# ip address replace dev d 192.0.2.1/28 proto 0x11
# ip address show dev d
26: d: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 06:29:74:fd:1f:eb brd ff:ff:ff:ff:ff:ff
inet 192.0.2.1/28 scope global proto 0x11 d
valid_lft forever preferred_lft forever
A JSON dump. The protocol value is always provided as a string, even in
numeric mode, to provide a consistent interface.
# ip -j address show dev d | jq
[
{
"ifindex": 26,
"ifname": "d",
"flags": [
"BROADCAST",
"NOARP"
],
"mtu": 1500,
"qdisc": "noop",
"operstate": "DOWN",
"group": "default",
"txqlen": 1000,
"link_type": "ether",
"address": "06:29:74:fd:1f:eb",
"broadcast": "ff:ff:ff:ff:ff:ff",
"addr_info": [
{
"family": "inet",
"local": "192.0.2.1",
"prefixlen": 28,
"scope": "global",
"protocol": "0x11",
"label": "d",
"valid_life_time": 4294967295,
"preferred_life_time": 4294967295
}
]
}
]
Signed-off-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
During testing we noticed significant memory leak that is easily
reproducible and detectable with valgrind:
==2006284== 393,216 bytes in 12 blocks are definitely lost in loss record 5 of 5
==2006284== at 0x4848899: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==2006284== by 0x18C73E: rtnl_recvmsg (libnetlink.c:830)
==2006284== by 0x18CF9E: __rtnl_talk_iov (libnetlink.c:1032)
==2006284== by 0x18D3CE: __rtnl_talk (libnetlink.c:1140)
==2006284== by 0x18D4DE: rtnl_talk (libnetlink.c:1168)
==2006284== by 0x11BF04: tc_filter_modify (tc_filter.c:224)
==2006284== by 0x11DD70: do_filter (tc_filter.c:748)
==2006284== by 0x116B06: do_cmd (tc.c:210)
==2006284== by 0x116C7C: tc_batch_cmd (tc.c:231)
==2006284== by 0x1796F2: do_batch (utils.c:1701)
==2006284== by 0x116D05: batch (tc.c:246)
==2006284== by 0x117327: main (tc.c:331)
==2006284==
==2006284== LEAK SUMMARY:
==2006284== definitely lost: 884,736 bytes in 27 blocks
In case nlmsg_type == NLMSG_ERROR and if answer set to NULL, we
should free(buf) too.
Signed-off-by: Denys Fedoryshchenko <denys.f@collabora.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If `__rtnl_talk_iov` fails then callers are not expected to free `answer`.
Currently if `NLMSG_ERROR` was received with an error then the netlink
buffer was stored in `answer`, while still returning an error
This leak can be observed by running this snippet over time.
This triggers an `NLMSG_ERROR` because for each neighbour update, `ip`
will try to query for the name of interface 9999 in the wrong netns.
(which in itself is a separate bug)
set -e
ip netns del test-a || true
ip netns add test-a
ip netns del test-b || true
ip netns add test-b
ip -n test-a netns set test-b auto
ip -n test-a link add veth_a index 9999 type veth \
peer name veth_b netns test-b
ip -n test-b link set veth_b up
ip -n test-a monitor link address prefix neigh nsid label all-nsid \
> /dev/null &
monitor_pid=$!
clean() {
kill $monitor_pid
ip netns del test-a
ip netns del test-b
}
trap clean EXIT
while true; do
ip -n test-b neigh add dev veth_b 1.2.3.4 lladdr AA:AA:AA:AA:AA:AA
ip -n test-b neigh del dev veth_b 1.2.3.4
done
Fixes: 55870dfe7f ("Improve batch and dump times by caching link lookups")
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
Signed-off-by: Gilad Naaman <gnaaman@drivenets.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
ECMA-404 standard does not include single quote character among the json
escape sequences. This means single quotes does not need to be escaped.
Indeed the single quote escape produces an invalid json output:
$ ip link add "john's" type dummy
$ ip link show "john's"
9: john's: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether c6:8e:53:f6:a3:4b brd ff:ff:ff:ff:ff:ff
$ ip -j link | jq .
parse error: Invalid escape at line 1, column 765
This can be fixed removing the single quote escape in jsonw_puts.
With this patch in place:
$ ip -j link | jq .[].ifname
"lo"
"john's"
Fixes: fcc16c2287 ("provide common json output formatter")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Add a new function rtnl_echo_talk() that could be used when the
sub-component supports NLM_F_ECHO flag. With this function we can
remove the redundant code added by commit b264b4c656 ("ip: add
NLM_F_ECHO support").
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
There is no rule to have an error code after NLMSG_DONE msg. The only reason
we has this offset is that kernel function netlink_dump_done() has an error
code followed by the netlink message header.
Making nl_dump_ext_ack_done() has an offset parameter. So we can adjust
this for NLMSG_DONE message without error code.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
mnlu_gen_socket_open opens a socket and configures it for use with a
generic netlink family. As part of this process it sends a
CTRL_CMD_GETFAMILY to get the ID for the family name requested.
In addition to the family id, this command reports a few other useful
values including the maximum attribute. The maximum attribute is useful in
order to know whether a given attribute is supported and for knowing the
necessary size to allocate for other operations such as policy dumping.
Since we already have to issue a CTRL_CMD_GETFAMILY to get the id, we can
also store the maximum attribute as well. Modify the callback functions to
parse the maximum attribute NLA and store it in the mnlu_gen_socket
structure.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
PPP protocol field uses different values than ethertype. Introduce
utilities for translating PPP protocols from strings to values
and vice versa. Use generic API from utils in order to get
proto id and name.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Move core logic of ll_proto_n2a and ll_proto_a2n
to utils.c and make it more generic by allowing to
pass table of protocols as argument (proto_tb).
Introduce struct proto with protocol ID and name to
allow this. This wil allow to use those functions by
other use cases.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
If __NR_bpf is not enabled, bpf() function set errno and return -1. Thus,
this patch includes the header.
Fixes: ac4e0913be ("bpf: Export bpf syscall wrapper")
Signed-off-by: Juhee Kang <claudiajkang@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
In bpf program, only the program name is unique. Before this patch, if there
are multiple programs with the same section name, only the first program
will be attached. With program name support, users could specify the exact
program they want to attach.
Note this feature is only supported when iproute2 build with libbpf.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This patch adds bridge command to manage
recently added vnifilter on a collect metadata
vxlan device.
examples:
$bridge vni add dev vxlan0 vni 400
$bridge vni add dev vxlan0 vni 200 group 239.1.1.101
$bridge vni del dev vxlan0 vni 400
$bridge vni show
$bridge -s vni show
Signed-off-by: Roopa Prabhu <roopa@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
bpf_map_is_offload_neutral is deprecated as of v0.8+;
import definition to maintain backwards compatibility.
Signed-off-by: David Ahern <dsahern@kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
bpf_program__set_priv and bpf_program__priv are deprecated as of
libbpf v0.7+. Rather than store the map as priv on the program,
change find_legacy_tail_calls to take an argument to return a reference
to the map.
find_legacy_tail_calls is invoked twice from load_bpf_object - the
first time to check for programs that should be loaded. In this case
a reference to the map is not needed, but it does validate the map
exists. The second is invoked from update_legacy_tail_call_maps where
the map pointer is needed.
Signed-off-by: David Ahern <dsahern@kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
bpf_object__load_xattr is deprecated as of v0.8+; remove it
in favor of bpf_object__load.
Signed-off-by: David Ahern <dsahern@kernel.org>
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
A number of functions in the rtnl_*_req family accept a caller-provided
callback to set up arbitrary filtering. rtnl_statsdump_req_filter()
currently only allows setting a field in the IFSM header, not custom
attributes. So far these were not necessary, but with introduction of more
detailed filtering settings, the callback becomes necessary.
To that end, add a filter_fn and filter_data arguments to the function.
Unlike the other filters, this one is typed to expect an IFSM pointer, to
permit tweaking the header itself as well.
Pass NULLs in the existing callers.
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
asprintf() allocates memory which is not freed on the error path of
get_task_name(), thus potentially leading to memory leaks.
%m specifier on fscanf allocates memory, too, which needs to be freed by
the caller.
This reworks get_task_name() to avoid memory allocation.
- Pass a buffer and its length to the function, similarly to what
get_command_name() does, thus avoiding to allocate memory for
the string to be returned;
- Use snprintf() instead of asprintf();
- Use fgets() instead of fscanf() to limit string length.
Fixes: 81bfd01a4c ("lib: move get_task_name() from rdma")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
bpf_create_map_xattr is deprecated in v0.7 in favor of bpf_map_create.
bpf_map_create and its bpf_map_create_opts are not available across the
range of v0.1 and up versions of libbpf, so change create_map to use
the bpf syscall directly.
Signed-off-by: David Ahern <dsahern@kernel.org>
bpf_load_program is deprecated starting in v0.7. The preferred
bpf_prog_load requires bpf_prog_load_opts from v0.6. This creates an
ugly scenario for iproute2 to work across libbpf versions from v0.1
and up.
Since bpf_program_load is only used to load the builtin vrf program,
just remove the libbpf call and use the legacy code.
Signed-off-by: David Ahern <dsahern@kernel.org>
Update the llproto_names array to allow users to reference the PROFINET
and EtherCAT protocols with the names 'profinet' and 'ethercat'.
Signed-off-by: Daniel Braunwarth <daniel@braunwarth.dev>
