Update the user manual describing how to use extended packet number (XPN)
feature for macsec. As part of configuring XPN, providing ssci and salt is
required hence update user manual on how to provide the above as part of
the ip macsec command.
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David Ahern <dsahern@kernel.org>
This patch adds support for extended packet number (XPN).
XPN can be configured by passing 'cipher gcm-aes-xpn-128' as part of
the ip link add command using macsec type.
In addition, using 'xpn' keyword instead of the 'pn', passing a 12
bytes salt using the 'salt' keyword and passing short secure channel
id (ssci) using the 'ssci' keyword as part of the ip macsec command
is required (see example).
e.g:
create a MACsec device on link eth0 with enabled xpn
# ip link add link eth0 macsec0 type macsec port 11
encrypt on cipher gcm-aes-xpn-128
configure a secure association on the device
# ip macsec add macsec0 tx sa 0 xpn 1024 on ssci 5
salt 838383838383838383838383
key 01 81818181818181818181818181818181
configure a secure association on the device with ssci = 5
# ip macsec add macsec0 tx sa 0 xpn 1024 on ssci 5
salt 838383838383838383838383
key 01 82828282828282828282828282828282
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David Ahern <dsahern@kernel.org>
Some driver provide no region snapshot unless created first with the
'new' operation. Add documentation and example.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
mnlu_gen_socket_open opens a socket and configures it for use with a
generic netlink family. As part of this process it sends a
CTRL_CMD_GETFAMILY to get the ID for the family name requested.
In addition to the family id, this command reports a few other useful
values including the maximum attribute. The maximum attribute is useful in
order to know whether a given attribute is supported and for knowing the
necessary size to allocate for other operations such as policy dumping.
Since we already have to issue a CTRL_CMD_GETFAMILY to get the id, we can
also store the maximum attribute as well. Modify the callback functions to
parse the maximum attribute NLA and store it in the mnlu_gen_socket
structure.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Commit 62ff25e51b ("devlink: Use generic socket helpers from library")
removed all of the users of struct mnlg_socket, but didn't remove the
structure itself. Fix that.
Fixes: 62ff25e51b ("devlink: Use generic socket helpers from library")
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Now that it is possible to flash multiple devlink instances in parallel,
the notification processing callback needs to count in the fact that it
receives message that belongs to different devlink instance. So handle
the it gracefully and don't error out.
Reported-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
So far, the port-ifname map was loaded during devlink init
no matter if actually needed or not. Port dump cmd which is utilized
for this in kernel takes lock for every devlink instance.
That may lead to unnecessary blockage of command.
Load the map only in time it is needed to lookup ifname.
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Jacob Keller says:
====================
This series removes the dl_argv_parse_put function which both parses the
command line arguments and places them into the netlink header.
This was originally sent as an RFC at
https://lore.kernel.org/netdev/20220805234155.2878160-1-jacob.e.keller@intel.com/
Since there is some ongoing work around policy code being generated from
YAML, I thought it best to wait on the devlink policy portion of this series
for now.
Jiri mentioned he wanted to base some work on top of this, so I am sending
just the cleanup patches.
The primary motivation for this is due to the fact that dl_argv_parse_put
requires a netlink header, meaning a command must have already been
prepared. This prevents addition of a different netlink command to get the
policy data, and thus prevents us from using this variant while checking
netlink policy.
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
The dl_argv_parse_put function is used to extract arguments from the
command line and convert them to the appropriate netlink attributes. This
function is a combination of calling dl_argv_parse and dl_put_opts.
A future change is going to refactor dl_argv_parse to check the kernel's
netlink policy for the command. This requires issuing another netlink
message which requires calling dl_argv_parse before
mnlu_gen_socket_cmd_prepare. Otherwise, the get policy command issued in
dl_argv_parse would overwrite the prepared buffer.
This conflicts with dl_argv_parse_put which requires being called after
mnlu_gen_socket_cmd_prepare.
Remove dl_argv_parse_put and replace it with appropriate calls to
dl_argv_parse and dl_put_opts. This allows us to ensure dl_argv_parse is
called before mnlu_gen_socket_cmd_prepare while dl_put_opts is called
afterwards.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Use the helper dl_no_arg function to check for whether the command has any
arguments.
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
These are the post-merge of netwoking user headers.
Note: this fixes compilation with gcc-12
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The final vdpa.h header from upstream has slightly different
definition of VDPA stats get.
Fixes: 6f97e9c933 ("vdpa: Add support for reading vdpa device statistics")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If line card object contains a nested devlink, expose it.
Example:
$ devlink lc show pci/0000:01:00.0 lc 1
pci/0000:01:00.0:
lc 1 state active type 16x100G nested_devlink auxiliary/mlxsw_core.lc.0
supported_types:
16x100G
$ devlink dev show auxiliary/mlxsw_core.lc.0
auxiliary/mlxsw_core.lc.0
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
glibc defines this function only as gnu extention
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add commands and helper APIs to run selftests.
Include a selftest id for a non volatile memory i.e. flash.
Also, update the man page and bash-completion for selftests
commands.
Examples:
$ devlink dev selftests run pci/0000:03:00.0 id flash
pci/0000:03:00.0:
flash:
status passed
$ devlink dev selftests show pci/0000:03:00.0
pci/0000:03:00.0
flash
$ devlink dev selftests show pci/0000:03:00.0 -j
{"selftests":{"pci/0000:03:00.0":["flash"]}}
$ devlink dev selftests run pci/0000:03:00.0 id flash -j
{"selftests":{"pci/0000:03:00.0":{"flash":{"status":"passed"}}}}
Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This patch adds the support for the reduced version of the H.Encaps and
H.L2Encaps behaviors as defined in RFC 8986 [1].
H.Encaps.Red and H.L2Encaps.Red SRv6 behaviors are an optimization of the
H.Encaps and H.L2Encaps aiming to reduce the length of the SID List carried
in the pushed SRH. Specifically, the reduced version of the behaviors
removes the first SID contained in the SID List (i.e. SRv6 Policy) by
storing it into the IPv6 Destination Address. When SRv6 Policy is made of
only one SID, the reduced version of the behaviors omits the SRH at all and
pushes that SID directly into the IPv6 DA.
Some examples:
ip -6 route add 2001:db8::1 encap seg6 mode encap.red segs fcf0:1::e,fcf0:2::d6 dev eth0
ip -6 route add 2001:db8::2 encap seg6 mode l2encap.red segs fcf0:1::d2 dev eth0
Standard Output:
ip -6 route show 2001:db8::1
2001:db8::1 encap seg6 mode encap.red segs 2 [ fcf0:1::e fcf0:2::d6 ] dev eth0 metric 1024 pref medium
JSON Output:
ip -6 -j -p route show 2001:db8::1
[ {
"dst": "2001:db8::1",
"encap": "seg6",
"mode": "encap.red",
"segs": [ "fcf0:1::e","fcf0:2::d6" ],
"dev": "eth0",
"metric": 1024,
"flags": [ ],
"pref": "medium"
} ]
[1] - https://datatracker.ietf.org/doc/html/rfc8986
Signed-off-by: Paolo Lungaroni <paolo.lungaroni@uniroma2.it>
Signed-off-by: David Ahern <dsahern@kernel.org>
Update kernel headers to commit
63757225a933 ("Merge tag 'mlx5-updates-2022-07-28' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux")
Signed-off-by: David Ahern <dsahern@kernel.org>
Wojciech Drewek says:
====================
This patchset implements support for matching
on PPPoE specific fields using tc-flower.
First patch introduces small refactor which allows
to use same mechanism of finding protocol for
both ppp and ether protocols. Second patch
adds support for parsing ppp protocols.
Last patch is about parsing PPPoE fields.
Kernel changes (merged):
https://lore.kernel.org/netdev/20220726203133.2171332-1-anthony.l.nguyen@intel.com/T/#t
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
Introduce PPPoE specific fields in tc-flower:
- session id (16 bits)
- ppp protocol (16 bits)
Those fields can be provided only when protocol was set to
ETH_P_PPP_SES. ppp_proto works similar to vlan_ethtype, i.e.
ppp_proto overwrites eth_type. Thanks to that, fields from
encapsulated protocols (such as src_ip) can be specified.
e.g.
# tc filter add dev ens6f0 ingress prio 1 protocol ppp_ses \
flower \
pppoe_sid 1234 \
ppp_proto ip \
dst_ip 127.0.0.1 \
src_ip 127.0.0.2 \
action drop
Vlan and cvlan is also supported, in this case cvlan_ethtype
or vlan_ethtype has to be set to ETH_P_PPP_SES.
e.g.
# tc filter add dev ens6f0 ingress prio 1 protocol 802.1Q \
flower \
vlan_id 2 \
vlan_ethtype ppp_ses \
pppoe_sid 1234 \
ppp_proto ip \
dst_ip 127.0.0.1 \
src_ip 127.0.0.2 \
action drop
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
PPP protocol field uses different values than ethertype. Introduce
utilities for translating PPP protocols from strings to values
and vice versa. Use generic API from utils in order to get
proto id and name.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Move core logic of ll_proto_n2a and ll_proto_a2n
to utils.c and make it more generic by allowing to
pass table of protocols as argument (proto_tb).
Introduce struct proto with protocol ID and name to
allow this. This wil allow to use those functions by
other use cases.
Signed-off-by: Wojciech Drewek <wojciech.drewek@intel.com>
Acked-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
If __NR_bpf is not enabled, bpf() function set errno and return -1. Thus,
this patch includes the header.
Fixes: ac4e0913be ("bpf: Export bpf syscall wrapper")
Signed-off-by: Juhee Kang <claudiajkang@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Introduce a new object "lc" to add devlink support for line cards with
two commands:
show - to get the info about the line card state, list of supported
types as reported by kernel/driver.
set - to set/clear the line card type.
Example:
$ devlink lc
pci/0000:01:00.0:
lc 1 state unprovisioned
supported_types:
16x100G
lc 2 state unprovisioned
supported_types:
16x100G
lc 3 state unprovisioned
supported_types:
16x100G
lc 4 state unprovisioned
supported_types:
16x100G
lc 5 state unprovisioned
supported_types:
16x100G
lc 6 state unprovisioned
supported_types:
16x100G
lc 7 state unprovisioned
supported_types:
16x100G
lc 8 state unprovisioned
supported_types:
16x100G
To provision the slot #8:
$ devlink lc set pci/0000:01:00.0 lc 8 type 16x100G
$ devlink lc show pci/0000:01:00.0 lc 8
pci/0000:01:00.0:
lc 8 state active type 16x100G
supported_types:
16x100G
To uprovision the slot #8:
$ devlink lc set pci/0000:01:00.0 lc 8 notype
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
Update the man page to include vdpa statistics information inroduce in
6f97e9c933 ("vdpa: Add support for reading vdpa device statistics")
Signed-off-by: Eli Cohen <elic@nvidia.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
With the following command sequence:
ip link add dummy0 type dummy
ip neigh add 192.168.0.1 dev dummy0
ip neigh get 192.168.0.1 dev dummy0
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x17A0EC: rtnl_recvmsg (libnetlink.c:838)
by 0x17A3D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x17B894: __rtnl_talk (libnetlink.c:1141)
by 0x17B894: rtnl_talk (libnetlink.c:1147)
by 0x12E49B: ipneigh_get (ipneigh.c:728)
by 0x1174CB: do_cmd (ip.c:136)
by 0x116F7C: main (ip.c:324)
Free the answer obtained from rtnl_talk().
Fixes: 6284236237 ("ipneigh: neigh get support")
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
When running the command `ip mptcp limits` under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 1 of 1
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x17A0BC: rtnl_recvmsg (libnetlink.c:838)
by 0x17A3A1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x17B864: __rtnl_talk (libnetlink.c:1141)
by 0x17B864: rtnl_talk (libnetlink.c:1147)
by 0x16837D: mptcp_limit_get_set (ipmptcp.c:436)
by 0x1174CB: do_cmd (ip.c:136)
by 0x116F7C: main (ip.c:324)
Free the answer obtained from rtnl_talk().
Fixes: 7e0767cd86 ("add support for mptcp netlink interface")
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
With the following command sequence:
ip mptcp endpoint add 127.0.0.1 id 1
ip mptcp endpoint show id 1
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x17A0AC: rtnl_recvmsg (libnetlink.c:838)
by 0x17A391: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x17B854: __rtnl_talk (libnetlink.c:1141)
by 0x17B854: rtnl_talk (libnetlink.c:1147)
by 0x168A56: mptcp_addr_show (ipmptcp.c:334)
by 0x1174CB: do_cmd (ip.c:136)
by 0x116F7C: main (ip.c:324)
Free the answer obtained from rtnl_talk().
Fixes: 7e0767cd86 ("add support for mptcp netlink interface")
Suggested-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
With the following command sequence:
ip link add br0 up type bridge
ip link add dummy0 up address 02:00:00:00:00:01 master br0 type dummy
bridge fdb get 02:00:00:00:00:01 br br0
when running the last command under valgrind, it reports
32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2
at 0x483F7B5: malloc (vg_replace_malloc.c:381)
by 0x11C1EC: rtnl_recvmsg (libnetlink.c:838)
by 0x11C4D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040)
by 0x11D994: __rtnl_talk (libnetlink.c:1141)
by 0x11D994: rtnl_talk (libnetlink.c:1147)
by 0x10D336: fdb_get (fdb.c:652)
by 0x48907FC: (below main) (libc-start.c:332)
Free the answer obtained from rtnl_talk().
Fixes: 4ed5ad7bd3 ("bridge: fdb get support")
Reported-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Running a command like `ip addr show dev lo` under valgrind informs us that
32,768 bytes in 1 blocks are definitely lost in loss record 4 of 4
at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x16CBE2: rtnl_recvmsg (libnetlink.c:775)
by 0x16CF04: __rtnl_talk_iov (libnetlink.c:954)
by 0x16E257: __rtnl_talk (libnetlink.c:1059)
by 0x16E257: rtnl_talk (libnetlink.c:1065)
by 0x115CB1: ipaddr_link_get (ipaddress.c:1833)
by 0x11A0D1: ipaddr_list_flush_or_save (ipaddress.c:2030)
by 0x1152EB: do_cmd (ip.c:115)
by 0x114D6F: main (ip.c:321)
After calling store_nlmsg(), the original buffer should be freed. That is
the pattern used elsewhere through the rtnl_dump_filter() call chain.
Fixes: 8847097850 ("ip address: Set device index in dump request")
Reported-by: Binu Gopalakrishnapillai <binug@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
When vdpa was updated, it included linux/virtio_ring.h but that
sanitized header file was not added.
Fixes: bd91c76471 ("vdpa: Allow for printing negotiated features of a device")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Iproute2 depends on kernel headers and all necessary kernel headers
should be in iproute tree.
Fixes: c2ecc82b9d ("vdpa: Add vdpa tool")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
