ss is able to print the map ID(s) for which a given socket has BPF
socket-local storage defined (using --bpf-maps or --bpf-map-id=). However,
the actual content of the map remains hidden.
This change aims to pretty-print the socket-local storage content following
the socket details, similar to what `bpftool map dump` would do. The exact
output format is inspired by drgn, while the BTF data processing is similar
to bpftool's.
ss will use libbpf's btf_dump__dump_type_data() to ease pretty-printing
of binary data. This requires out_bpf_sk_storage_print_fn() as a print
callback function used by btf_dump__dump_type_data(). vout() is also
introduced, which is similar to out() but accepts a va_list as
parameter.
ss' output remains unchanged unless --bpf-maps or --bpf-map-id= is used,
in which case each socket containing BPF local storage will be followed by
the content of the storage before the next socket's info is displayed.
Signed-off-by: Quentin Deslandes <qde@naccy.de>
Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
While sock_diag is able to return BPF socket-local storage in response
to INET_DIAG_REQ_SK_BPF_STORAGES requests, ss doesn't request it.
This change introduces the --bpf-maps and --bpf-map-id= options to request
BPF socket-local storage for all SK_STORAGE maps, or only specific ones.
The bigger part of this change will check the requested map IDs and
ensure they are valid. The column COL_EXT is used to print the
socket-local data into.
When --bpf-maps is used, ss will send an empty
INET_DIAG_REQ_SK_BPF_STORAGES request, in return the kernel will send
all the BPF socket-local storage entries for a given socket. The BTF
data for each map is loaded on demand, as ss can't predict which map ID
are used.
When --bpf-map-id=ID is used, a file descriptor to the requested maps is
open to 1) ensure the map doesn't disappear before the data is printed,
and 2) ensure the map type is BPF_MAP_TYPE_SK_STORAGE. The BTF data for
each requested map is loaded before the request is sent to the kernel.
Co-developed-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Quentin Deslandes <qde@naccy.de>
Signed-off-by: David Ahern <dsahern@kernel.org>
Use snprintf to print only valid data
v2: adjust formatting
v3: fix the issue with a buffer length
Signed-off-by: Denis Kirjanov <dkirjanov@suse.de>
Signed-off-by: David Ahern <dsahern@kernel.org>
The kernel will now send missing type information in error response.
Print it if present.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@kernel.org>
Throughout ifstat.c, ifstat_ent.val is accessed as a long long unsigned
type, however it is defined as __u64. This works by coincidence on many
systems, however on ppc64le, __u64 is a long unsigned.
This patch makes the type definition consistent with all of the places
where it is accessed.
Fixes: 5a52102b7c ("ifstat: Add extended statistics to ifstat")
Reviewed-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add assertion to check for case of snprintf failing (bad format?)
or buffer getting full.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix json corruption when using the "-json" option in cases where tc-fw is set.
Signed-off-by: Takanori Hirano <me@hrntknr.net>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix some typos and spelling errors in iproute2 documentation.
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Fix various typos and spelling errors in some iproute2 comments.
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If rtnl_listen detects error (such as netlink socket EOF),
then exit with status 2 like other iproute2 monitor commands.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If rtnl_listen() returns error while looking for netconf events,
then exit with status of 2 as other iproute2 monitor actions do.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Use the same pattern for handling rtnl_listen() errors that
is used across other iproute2 commands. All other commands
exit with status of 2 if rtnl_listen fails.
Reported-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
if ctrl_list is called with get operation and wrong number
of parameters, it would forget to close the local netlink
handle.
Signed-off-by: Maks Mishin <maks.mishinFZ@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
coupled_control specifies whether the LACP state machine's MUX in the
802.3ad mode should have separate Collecting and Distributing states per
IEEE 802.1AX-2008 5.4.15 for coupled and independent control state.
By default this setting is on and does not separate the Collecting and
Distributing states, maintaining the bond in coupled control. If set off,
will toggle independent control state machine which will seperate
Collecting and Distributing states.
Signed-off-by: Aahil Awatramani <aahila@google.com>
v2:
Dropped uapi header change
Use of print_on_off and parse_on_off
Signed-off-by: David Ahern <dsahern@kernel.org>
In commit b264b4c656 ("ip: add NLM_F_ECHO support") the "-echo" option
was added, but not to the options in the usage. Add it.
Note there doesn't seem to be any praticular order for the options here,
so it's placed kind of randomly.
Fixes: b264b4c656 ("ip: add NLM_F_ECHO support")
Signed-off-by: Yedaya Katsman <yedaya.ka@gmail.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
The stats command was added in 54d82b0699 ("ip: Add a new family of
commands, "stats""), but wasn't included in the subcommand list in the
help usage.
Add it in the right position alphabetically.
Fixes: 54d82b0699 ("ip: Add a new family of commands, "stats"")
Signed-off-by: Yedaya Katsman <yedaya.ka@gmail.com>
Reviewed-by: Petr Machata <me@pmachata.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Commit 6e15d27aae ("ip: add AMT support") added "amt" to the list
of "first level" commands list, which isn't correct, as it isn't present
in the cmds list. remove it from the usage help.
Fixes: 6e15d27aae ("ip: add AMT support")
Signed-off-by: Yedaya Katsman <yedaya.ka@gmail.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
convert frprintf calls to perror() so the caller
can see the reason of an error
Signed-off-by: Denis Kirjanov <dkirjanov@suse.de>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Victor Nogueira says:
====================
Continuing on what Hangbin Liu started [1], this patch set adds support for
the NLM_F_ECHO flag for tc actions and filters. For qdiscs it will require
some kernel surgery, and we'll send it soon after this surgery is merged.
When user space configures the kernel with netlink messages, it can set
NLM_F_ECHO flag to request the kernel to send the applied configuration
back to the caller. This allows user space to receive back configuration
information that is populated by the kernel. Often because there are
parameters that can only be set by the kernel which become visible with the
echo, or because user space lets the kernel choose a default value.
To illustrate a use case where the kernel will give us a default value,
the example below shows the user not specifying the action index:
tc -echo actions add action mirred egress mirror dev lo
total acts 0
Added action
action order 1: mirred (Egress Mirror to device lo) pipe
index 1 ref 1 bind 0
not_in_hw
Note that the echoed response indicates that the kernel gave us a value
of index 1
[1] https://lore.kernel.org/netdev/20220916033428.400131-2-liuhangbin@gmail.com/
====================
Signed-off-by: David Ahern <dsahern@kernel.org>
If the user specifies this flag for a filter command the kernel will
return the command's result back to user space.
For example:
tc -echo filter add dev lo parent ffff: protocol ip matchall action ok
added filter dev lo parent ffff: protocol ip pref 49152 matchall chain 0
As illustrated above, the kernel will give us a pref of 491252
The same can be done for other filter commands (replace, delete, and
change). For example:
tc -echo filter del dev lo parent ffff: pref 49152 protocol ip matchall
deleted filter dev lo parent ffff: protocol ip pref 49152 matchall chain 0
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
This patch adds the -echo flag to tc command line and support for it in
tc actions. If the user specifies this flag for an action command, the
kernel will return the command's result back to user space.
For example:
tc -echo actions add action mirred egress mirror dev lo
total acts 0
Added action
action order 1: mirred (Egress Mirror to device lo) pipe
index 10 ref 1 bind 0
not_in_hw
As illustrated above, the kernel will give us an index of 10
The same can be done for other action commands (replace, change, and
delete). For example:
tc -echo actions delete action mirred index 10
total acts 0
Deleted action
action order 1: mirred (Egress Mirror to device lo) pipe
index 10 ref 0 bind 0
not_in_hw
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
The function basename() expects a mutable character string,
which now causes a warning:
bpf_legacy.c: In function ‘bpf_load_common’:
bpf_legacy.c:975:38: warning: passing argument 1 of ‘__xpg_basename’ discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
975 | basename(cfg->object), cfg->mode == EBPF_PINNED ?
| ~~~^~~~~~~~
In file included from bpf_legacy.c:21:
/usr/include/libgen.h:34:36: note: expected ‘char *’ but argument is of type ‘const char *’
34 | extern char *__xpg_basename (char *__path) __THROW;
Fixes: f20ff2f195 ("bpf: keep parsed program mode in struct bpf_cfg_in")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
So far the mirred action has dealt with syntax that handles
mirror/redirection for netdev. A matching packet is redirected or mirrored
to a target netdev.
In this patch we enable mirred to mirror to a tc block as well.
IOW, the new syntax looks as follows:
... mirred <ingress | egress> <mirror | redirect> [index INDEX] < <blockid BLOCKID> | <dev <devname>> >
Examples of mirroring or redirecting to a tc block:
$ tc filter add block 22 protocol ip pref 25 \
flower dst_ip 192.168.0.0/16 action mirred egress mirror blockid 22
$ tc filter add block 22 protocol ip pref 25 \
flower dst_ip 10.10.10.10/32 action mirred egress redirect blockid 22
Co-developed-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Co-developed-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Victor Nogueira <victor@mojatatu.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
In musl basename() is only available via libgen.h
Signed-off-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
There are cases where NULL is passed as format string when
nothing is to be printed. This is commonly done in the print_bool
function when a flag is false. Glibc seems to handle this case nicely
but for musl it will cause a segmentation fault
Since nothing needs to be printed, in this case; just check
for NULL and return.
Reported-by: Pedro Tammela <pctammela@mojatatu.com>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
There was a word too much in the documentation of tc-htb
Signed-off-by: Simon Egli <simon@egli.online>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Add a new option `-Q/--no-queues` to ss(8) to suppress the two standard
columns Send-Q and Recv-Q. This helps to keep the output steady for
monitoring purposes (like listening sockets).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: David Ahern <dsahern@kernel.org>
There are three places in tc which all have same code for
handling clockid (copy/paste). Move it into tc_util.c.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This file is rather free form, out dated, and redundant.
Everything here should be covered on man pages.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Most of this document goes back to when IFB was first integrated
and covers the motivation. Only of historical interest.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
A recent modification broke "extra" options for all protocols showing
info about the processes when '-p' / '--processes' option was not used
as well. In other words, all the additional bits displayed at the end or
at the next line were no longer printed if the user didn't ask to show
info about processes as well.
The reason is that, the "current_field" pointer never switched to the
"Ext" column. If the user didn't ask to display the processes, nothing
happened when trying to print extra bits using the "out()" function,
because the current field was still pointing to the "Process" one, now
marked as disabled.
Before the commit mentioned below, it was not an issue not to switch to
the "Ext" or "Process" columns because they were never marked as
"disabled".
Here is a quick list of options that were no longer displayed if '-p' /
'--processes' was not set:
- AF_INET(6):
-o, --options
-e, --extended
--tos
--cgroup
--inet-sockopt
-m, --memory
-i, --info
- AF_PACKET:
-e, --extended
- AF_XDP:
-e, --extended
- AF_UNIX:
-m, --memory
-e, --extended
- TIPC:
--tipcinfo
That was just by quickly reading the code, I probably missed some. But
this shows that the impact can be quite important for all scripts using
'ss' to monitor connections or to report info.
Fixes: 1607bf53 ("ss: prevent "Process" column from being printed unless requested")
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This reverts commit 1607bf531f.
This commit is being reverted because it breaks output of tcp info.
The order of the columns enum is order sensistive.
Bug: https://bugzilla.kernel.org/show_bug.cgi?id=218372
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
