The MPLS statistics did not support oneline or JSON
in current code.
Fixes: 837552b445 ("iplink: add support for afstats subcommand")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
ip-link-add supports netns argument just like ip-link-set. This commit
documents the existence of netns in help text and man page.
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If `__rtnl_talk_iov` fails then callers are not expected to free `answer`.
Currently if `NLMSG_ERROR` was received with an error then the netlink
buffer was stored in `answer`, while still returning an error
This leak can be observed by running this snippet over time.
This triggers an `NLMSG_ERROR` because for each neighbour update, `ip`
will try to query for the name of interface 9999 in the wrong netns.
(which in itself is a separate bug)
set -e
ip netns del test-a || true
ip netns add test-a
ip netns del test-b || true
ip netns add test-b
ip -n test-a netns set test-b auto
ip -n test-a link add veth_a index 9999 type veth \
peer name veth_b netns test-b
ip -n test-b link set veth_b up
ip -n test-a monitor link address prefix neigh nsid label all-nsid \
> /dev/null &
monitor_pid=$!
clean() {
kill $monitor_pid
ip netns del test-a
ip netns del test-b
}
trap clean EXIT
while true; do
ip -n test-b neigh add dev veth_b 1.2.3.4 lladdr AA:AA:AA:AA:AA:AA
ip -n test-b neigh del dev veth_b 1.2.3.4
done
Fixes: 55870dfe7f ("Improve batch and dump times by caching link lookups")
Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
Signed-off-by: Gilad Naaman <gnaaman@drivenets.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Using macro NEXT_ARG_FWD does not validate argc.
Use macro NEXT_ARG which validates argc while parsing args
in the same loop iteration.
Fixes: c8a494314c ("tc: Introduce tc ct action")
Signed-off-by: Roi Dayan <roid@nvidia.com>
Reviewed-by: Paul Blakey <paulb@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Setting a parent during creation of the node doesn't work, despite
documentation [1] clearly saying that it should.
[1] man/man8/devlink-rate.8
Example:
$ devlink port function rate add pci/0000:4b:00.0/node_custom parent node_0
Unknown option "parent"
Fix this by passing DL_OPT_PORT_FN_RATE_PARENT as an argument to
dl_argv_parse() when it gets called from cmd_port_fn_rate_add().
Fixes: 6c70aca76e ("devlink: Add port func rate support")
Signed-off-by: Michal Wilczynski <michal.wilczynski@intel.com>
Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The flowid and handle in basic were not using JSON routines to print.
To reproduce the issue:
$ tc qdisc add dev eth1 handle ffff: ingress
$ tc filter add dev eth1 parent ffff: prio 20 protocol all u32 match ip dport 22 \
0xffff action police conform-exceed drop/ok rate 100000 burst 15k flowid ffff:1
$ tc filter add dev eth1 parent ffff: prio 255 protocol all basic action police \
conform-exceed drop/ok rate 100000 burst 15k flowid ffff:3
Reported-by: Christian Pössinger <christian@poessinger.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Since my last commit "rtnetlink: add new function rtnl_echo_talk()" we
return the kernel rtnl exit code directly, which breaks some kernel
selftest checking. As there are still a lot of tests checking -2 as the
error return value, to keep backward compatibility, let's keep using
-2 for all the rtnl return values.
Reported-by: Ido Schimmel <idosch@idosch.org>
Fixes: 6c09257f1b ("rtnetlink: add new function rtnl_echo_talk()")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Commit 5cddbb274e ("devlink: load port-ifname map on demand") changed
the ifname map to be loaded on demand from ifname_map_lookup(). However,
it didn't put this on-demand loading into ifname_map_rev_lookup() which
causes ifname_map_rev_lookup() to return -ENOENT all the time.
Fix this by triggering on-demand ifname map load
from ifname_map_rev_lookup() as well.
Fixes: 5cddbb274e ("devlink: load port-ifname map on demand")
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Missed this part from earlier change.
Fixes: 6af6f02cce ("tc: add json support to size table")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The return value by stroul() is unsigned long int. Hence the datatype
for maj should defined as unsigned long to avoid overflow issue.
Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
Signed-off-by: Lai Peter Jun Ann <jun.ann.lai@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This patch is to fix the issue where there is no error return
when large value of parent ID is being used. The return value by
stroul() is unsigned long int. Hence the datatype for maj and min
should defined as unsigned long to avoid overflow issue.
Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
Signed-off-by: Lai Peter Jun Ann <jun.ann.lai@intel.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Let's not keep unused code. The YAGNI means that this dead
code doesn't work now, and if it did it would have to change.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
ECMA-404 standard does not include single quote character among the json
escape sequences. This means single quotes does not need to be escaped.
Indeed the single quote escape produces an invalid json output:
$ ip link add "john's" type dummy
$ ip link show "john's"
9: john's: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether c6:8e:53:f6:a3:4b brd ff:ff:ff:ff:ff:ff
$ ip -j link | jq .
parse error: Invalid escape at line 1, column 765
This can be fixed removing the single quote escape in jsonw_puts.
With this patch in place:
$ ip -j link | jq .[].ifname
"lo"
"john's"
Fixes: fcc16c2287 ("provide common json output formatter")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Following commit 4e8a9914c4 ("ip-monitor: Include stats events in default
and "all" cases"), `ip monitor` fails to start on kernels which do not
contain linux.git commit 5fd0b838efac ("net: rtnetlink: Add UAPI toggle for
IFLA_OFFLOAD_XSTATS_L3_STATS") because the netlink group RTNLGRP_STATS
doesn't exist:
$ ip monitor
Failed to add stats group to list
When "stats" is not explicitly requested, ignore the error so that `ip
monitor` and `ip monitor all` continue to work on older kernels.
Note that the same change is not done for RTNLGRP_NEXTHOP because its value
is 32 and group numbers <= 32 are always supported; see the comment above
netlink_change_ngroups() in the kernel source. Therefore
NETLINK_ADD_MEMBERSHIP 32 does not error out even on kernels which do not
support RTNLGRP_NEXTHOP.
v2:
* Silently ignore a failure to implicitly add the stats group, instead of
printing a warning.
Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: 4e8a9914c4 ("ip-monitor: Include stats events in default and "all" cases")
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Both GENLLIB and LIBUTIL are not used in genl Makefile, let's get rid of
them.
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
After commit 6c09257f1b ("rtnetlink: add new function
rtnl_echo_talk()") "make check" results in:
$ make check
make -C testsuite
make -C iproute2 configure
make -C testsuite alltests
make -C tools
CC generate_nlmsg
/usr/bin/ld: /tmp/cc6YaGBM.o: in function `rtnl_echo_talk':
libnetlink.c:(.text+0x25bd): undefined reference to `new_json_obj'
/usr/bin/ld: libnetlink.c:(.text+0x25c7): undefined reference to `open_json_object'
/usr/bin/ld: libnetlink.c:(.text+0x25e3): undefined reference to `close_json_object'
/usr/bin/ld: libnetlink.c:(.text+0x25e8): undefined reference to `delete_json_obj'
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:6: generate_nlmsg] Error 1
make[1]: *** [Makefile:40: generate_nlmsg] Error 2
make: *** [Makefile:130: check] Error 2
This is due to json function calls included in libutil and not in
libnetlink. Fix this adding libutil.a to the tools Makefile, and linking
against libcap as required by libutil itself.
Fixes: 6c09257f1b ("rtnetlink: add new function rtnl_echo_talk()")
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Acked-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
TIPC support has been introduced in 'iproute-master' (not -next) in
commit 5caf79a0 ("ss: Add support for TIPC socket diag in ss tool"), at
the same time a refactoring introducing filter_db_parse() was done, see
commit 67d5fd55 ("ss: Put filter DB parsing into a separate function")
from iproute2-next.
When the two commits got merged, the support for TIPC has been
apparently accidentally dropped.
This simply adds the missing entry for TIPC.
Fixes: 2c62a64d ("Merge branch 'iproute2-master' into iproute2-next")
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
These query entries were in the man page but not in 'ss -h':
- packet_raw
- packet_dgram
- dccp
- sctp
- xdp (+ the --xdp option)
I only created one commit with all: this fixes multiple commits but all
on the same line.
The only exception is with '--xdp' parameter which is linked to
commit 2abc3d76 ("ss: add AF_XDP support").
Fixes: aba5acdf ("(Logical change 1.3)") # packet raw/dgram
Fixes: 351efcde ("Update header files to 2.6.14") # dccp
Fixes: f89d46ad ("ss: Add support for SCTP protocol") # sctp
Fixes: 2abc3d76 ("ss: add AF_XDP support") # xdp
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
'ss -h' was mentioning TIPC but not the man page.
Fixes: 5caf79a0 ("ss: Add support for TIPC socket diag in ss tool")
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
'ss -h' was mentioning MPTCP but not the man page.
While at it, also add the missing '.' at the end of the list, before the
new sentence.
Fixes: 9c3be2c0 ("ss: mptcp: add msk diag interface support")
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Currently, the dcb command sinks to the kernel through the netlink
to obtain information. However, if the kernel fails to obtain infor-
mation or is not processed, the dcb command is suspended.
For example, if we don't implement dcbnl_ops->ieee_getpfc in the
kernel, the command "dcb pfc show dev eth1" will be stuck and subsequent
commands cannot be executed.
This patch adds the NLM_F_ACK flag to the netlink in mnlu_msg_prepare
to ensure that the kernel responds to user requests.
After the problem is solved, the execution result is as follows:
$ dcb pfc show dev eth1
Attribute not found: Success
Fixes: 67033d1c1c ("Add skeleton of a new tool, dcb")
Signed-off-by: Junxin Chen <chenjunxin1@huawei.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The command "ip --details link show canX" misses the closing bracket
`]' of the bitrate, the dbitrate and the termination arrays. The --json
output is not impacted.
Change the first argument of close_json_array() from PRINT_JSON to
PRINT_ANY to fix the problem. The second argument was already set
correctly.
Fixes: 67f3c7a5cc ("iplink_can: use PRINT_ANY to factorize code and fix signedness")
Reported-by: Marc Kleine-Budde <mkl@pengutronix.de>
Acked-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The code to print json was not done for the flow id.
This would lead to incorrect JSON format output.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fixes: f76ad635f2 ("man: break long lines in man page sources")
Reported-by: Prijesh Patel <prpatel@redhat.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
No need to include rt_names.h twice.
Fixes: 31f45088c9 ("build: fix build failure with -fno-common")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Support for xfrm metadata as lwtunnel metadata was added in kernel commit
2c2493b9da91 ("xfrm: lwtunnel: add lwtunnel support for xfrm interfaces in collect_md mode")
This commit adds the respective support in lwt routes.
Example use (consider ipsec1 as an xfrm interface in "external" mode):
ip route add 10.1.0.0/24 dev ipsec1 encap xfrm if_id 1
Or in the context of vrf, one can also specify the "link" property:
ip route add 10.1.0.0/24 dev ipsec1 encap xfrm if_id 1 link_dev eth15
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Support for collect metadata mode was introduced in kernel commit
abc340b38ba2 ("xfrm: interface: support collect metadata mode")
This commit adds support for creating xfrm interfaces in this
mode.
Example use:
ip link add ipsec1 type xfrm external
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Kernel commit 70e4272b4c81 ("net: bridge: add no_linklocal_learn bool
option") added the no_linklocal_learn bridge option that can be set via
sysfs or netlink.
Add iproute2 support, allowing it to query and set the option via
netlink.
The option is useful, for example, in scenarios where we want the bridge
to be able to refresh dynamic FDB entries that were added by user space
and are pointing to locked bridge ports, but do not want the bridge to
populate its FDB from EAPOL frames used for authentication.
Example:
$ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]"
0
$ cat /sys/class/net/br0/bridge/no_linklocal_learn
0
# ip link set dev br0 type bridge no_linklocal_learn 1
$ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]"
1
$ cat /sys/class/net/br0/bridge/no_linklocal_learn
1
# ip link set dev br0 type bridge no_linklocal_learn 0
$ ip -j -d link show dev br0 | jq ".[][\"linkinfo\"][\"info_data\"][\"no_linklocal_learn\"]"
0
$ cat /sys/class/net/br0/bridge/no_linklocal_learn
0
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Doing make check on iproute2 runs several checks including man page
checks for common errors. Recent addition of linecard support to
devlink introduced this error.
Checking manpages for syntax errors...
an-old.tmac: <standard input>: line 31: 'R' is a string (producing the registered sign), not a macro.
Error in devlink-lc.8
Fixes: 4cb0bec374 ("devlink: add support for linecard show and type set")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Currently, when using `ip monitor`, family-specific rtnl multicast groups
(ex. RTNLGRP_IPV4_IFADDR) are used when specifying the '-family' option (or
one of its short forms) and an object type is specified (ex. `ip -4 monitor
addr`) but not when listening for changes to all object types (ex. `ip -4
monitor`). In that case, multicast groups for all families, regardless of
the '-family' option, are used. Depending on the object type, this leads to
ignoring the '-family' selection (MROUTE, ADDR, NETCONF), or printing stray
prefix headers with no event (ROUTE, RULE).
Rewrite the parameter parsing code so that per-family rtnl multicast groups
are selected in all cases.
The issue can be witnessed while running `ip -4 monitor label` at the same
time as the following command:
ip link add dummy0 address 02:00:00:00:00:01 up type dummy
The output includes:
[ROUTE][ROUTE][ADDR]9: dummy0 inet6 fe80::ff:fe00:1/64 scope link
valid_lft forever preferred_lft forever
Notice the stray "[ROUTE]" labels (related to filtered out ipv6 routes) and
the ipv6 ADDR entry. Those do not appear if using `ip -4 monitor label
route address`.
Fixes: aba5acdfdb ("(Logical change 1.3)")
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
It seems that stats were omitted from `ip monitor` and `ip monitor all`.
Since all other event types are included, include stats as well. Use the
same logic as for nexthops.
Fixes: a05a27c07c ("ipmonitor: Add monitoring support for stats events")
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
`ip monitor stats` listens for changes to nexthops and stats. It should
listen for stats only.
Fixes: a05a27c07c ("ipmonitor: Add monitoring support for stats events")
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
When using `bridge monitor` with the '-timestamp' option or the "all"
parameter, prefixes are printed before the actual event descriptions.
Currently, those prefixes are printed for each netlink message that's
received. However, some netlink messages do not lead to an event
description being printed. That's usually because a message is not related
to AF_BRIDGE. This results in stray prefixes being printed.
Restructure accept_msg() and its callees such that prefixes are only
printed after a message has been checked for eligibility.
The issue can be witnessed using the following commands:
ip link add dummy0 type dummy
# Start `bridge monitor all` now in another terminal.
# Cause a stray "[LINK]" to be printed (family 10).
# It does not appear yet because the output is line buffered.
ip link set dev dummy0 up
# Cause a stray "[NEIGH]" to be printed (family 2).
ip neigh add 10.0.0.1 lladdr 02:00:00:00:00:01 dev dummy0
# Cause a genuine entry to be printed, which flushes the previous
# output.
bridge fdb add 02:00:00:00:00:01 dev dummy0
# We now see:
# [LINK][NEIGH][NEIGH]02:00:00:00:00:01 dev dummy0 self permanent
Fixes: d04bc300c3 ("Add bridge command")
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add a new function rtnl_echo_talk() that could be used when the
sub-component supports NLM_F_ECHO flag. With this function we can
remove the redundant code added by commit b264b4c656 ("ip: add
NLM_F_ECHO support").
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Similar to other bool opts that could be set by the user, move the
global variable use_iec to be part of struct dl.
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Upstream commit "sched: add extack for tfilter_notify" will make
tc event contain extack message, which could be used for logging
offloading failures. Let's print the extack message in tc monitor.
e.g.
# tc monitor
added chain dev enp3s0f1np1 parent ffff: chain 0
added filter dev enp3s0f1np1 ingress protocol all pref 49152 flower chain 0 handle 0x1
ct_state +trk+new
not_in_hw
action order 1: gact action drop
random type none pass val 0
index 1 ref 1 bind 1
Warning: mlx5_core: matching on ct_state +new isn't supported.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
There is no rule to have an error code after NLMSG_DONE msg. The only reason
we has this offset is that kernel function netlink_dump_done() has an error
code followed by the netlink message header.
Making nl_dump_ext_ack_done() has an offset parameter. So we can adjust
this for NLMSG_DONE message without error code.
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
