Merge changes Id0db30f6,I117dcabd,If21f95e2,I42c1ebfa am: 550751fdb7 am: ef18ea8cd8
am: ff27a837e6
Change-Id: I9bbf3abcb11c1f81c33de67dbe8ea88898fe8fa5
diff --git a/.gitignore b/.gitignore
index 98d83c5..f8c3dfc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
+# locally generated
+Config
static-syms.h
config.*
-Config
*.o
*.a
*.so
@@ -10,6 +11,7 @@
# cscope
cscope.*
ncscope.*
+tags
TAGS
# git files that we don't want to ignore even it they are dot-files
@@ -35,6 +37,8 @@
# tests
testsuite/results
testsuite/iproute2/iproute2-this
+testsuite/tools/generate_nlmsg
+testsuite/tests/ip/link/dev_wo_vf_rate.nl
# doc files generated at runtime
doc/*.aux
@@ -44,3 +48,4 @@
doc/*.dvi
doc/*.html
doc/*.pdf
+doc/*.out
diff --git a/Android.mk b/Android.mk
index 5053e7d..9271768 100644
--- a/Android.mk
+++ b/Android.mk
@@ -1 +1,5 @@
+# Explicitly list the bionic UAPI includes so we don't pick up stray
+# vendor copies of the UAPI includes that are too old for us to build.
+UAPI_INCLUDES := bionic/libc/kernel/uapi
+
include $(call all-subdir-makefiles)
diff --git a/Makefile b/Makefile
index 67176be..6ad9610 100644
--- a/Makefile
+++ b/Makefile
@@ -1,12 +1,20 @@
+# Top level Makefile for iproute2
+
+ifeq ($(VERBOSE),0)
+MAKEFLAGS += --no-print-directory
+endif
+
PREFIX?=/usr
LIBDIR?=$(PREFIX)/lib
SBINDIR?=/sbin
CONFDIR?=/etc/iproute2
DATADIR?=$(PREFIX)/share
+HDRDIR?=$(PREFIX)/include/iproute2
DOCDIR?=$(DATADIR)/doc/iproute2
MANDIR?=$(DATADIR)/man
ARPDDIR?=/var/lib/arpd
KERNEL_INCLUDE?=/usr/include
+BASH_COMPDIR?=$(DATADIR)/bash-completion/completions
# Path to db_185.h include
DBM_INCLUDE:=$(DESTDIR)/usr/include
@@ -29,8 +37,8 @@
#options for mpls
ADDLIB+=mpls_ntop.o mpls_pton.o
-CC = gcc
-HOSTCC = gcc
+CC := gcc
+HOSTCC ?= $(CC)
DEFINES += -D_GNU_SOURCE
# Turn on transparent support for LFS
DEFINES += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
@@ -38,47 +46,51 @@
WFLAGS := -Wall -Wstrict-prototypes -Wmissing-prototypes
WFLAGS += -Wmissing-declarations -Wold-style-definition -Wformat=2
-CFLAGS := $(WFLAGS) $(CCOPTS) -I../include $(DEFINES) $(CFLAGS)
+CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS)
YACCFLAGS = -d -t -v
-SUBDIRS=lib ip tc bridge misc netem genl tipc man
+SUBDIRS=lib ip tc bridge misc netem genl tipc devlink rdma man
LIBNETLINK=../lib/libnetlink.a ../lib/libutil.a
LDLIBS += $(LIBNETLINK)
-all: Config
+all: config.mk
@set -e; \
for i in $(SUBDIRS); \
- do $(MAKE) $(MFLAGS) -C $$i; done
+ do echo; echo $$i; $(MAKE) $(MFLAGS) -C $$i; done
-Config:
+config.mk:
sh configure $(KERNEL_INCLUDE)
install: all
install -m 0755 -d $(DESTDIR)$(SBINDIR)
install -m 0755 -d $(DESTDIR)$(CONFDIR)
install -m 0755 -d $(DESTDIR)$(ARPDDIR)
+ install -m 0755 -d $(DESTDIR)$(HDRDIR)
install -m 0755 -d $(DESTDIR)$(DOCDIR)/examples
install -m 0755 -d $(DESTDIR)$(DOCDIR)/examples/diffserv
install -m 0644 README.iproute2+tc $(shell find examples -maxdepth 1 -type f) \
$(DESTDIR)$(DOCDIR)/examples
install -m 0644 $(shell find examples/diffserv -maxdepth 1 -type f) \
$(DESTDIR)$(DOCDIR)/examples/diffserv
- @for i in $(SUBDIRS) doc; do $(MAKE) -C $$i install; done
+ @for i in $(SUBDIRS); do $(MAKE) -C $$i install; done
install -m 0644 $(shell find etc/iproute2 -maxdepth 1 -type f) $(DESTDIR)$(CONFDIR)
+ install -m 0755 -d $(DESTDIR)$(BASH_COMPDIR)
+ install -m 0644 bash-completion/tc $(DESTDIR)$(BASH_COMPDIR)
+ install -m 0644 include/bpf_elf.h $(DESTDIR)$(HDRDIR)
snapshot:
echo "static const char SNAPSHOT[] = \""`date +%y%m%d`"\";" \
> include/SNAPSHOT.h
clean:
- @for i in $(SUBDIRS) doc; \
+ @for i in $(SUBDIRS); \
do $(MAKE) $(MFLAGS) -C $$i clean; done
clobber:
- touch Config
+ touch config.mk
$(MAKE) $(MFLAGS) clean
- rm -f Config cscope.*
+ rm -f config.mk cscope.*
distclean: clobber
diff --git a/README b/README
index c7a5118..386fbaf 100644
--- a/README
+++ b/README
@@ -21,8 +21,9 @@
2. make
-The makefile will automatically build a Config file which
-contains whether or not ATM is available, etc.
+The makefile will automatically build a config.mk file which
+contains definitions of libraries that may or may not be available
+on the system such as: ATM, ELF, MNL, and SELINUX.
3. To make documentation, cd to doc/ directory , then
look at start of Makefile and set correct values for
diff --git a/bash-completion/tc b/bash-completion/tc
new file mode 100644
index 0000000..80d1297
--- /dev/null
+++ b/bash-completion/tc
@@ -0,0 +1,800 @@
+# tc(8) completion -*- shell-script -*-
+# Copyright 2016 6WIND S.A.
+# Copyright 2016 Quentin Monnet <quentin.monnet@6wind.com>
+
+QDISC_KIND=' choke codel bfifo pfifo pfifo_head_drop fq fq_codel gred hhf \
+ mqprio multiq netem pfifo_fast pie red rr sfb sfq tbf atm cbq drr \
+ dsmark hfsc htb prio qfq '
+FILTER_KIND=' basic bpf cgroup flow flower fw route rsvp tcindex u32 matchall '
+ACTION_KIND=' gact mirred bpf sample '
+
+# Takes a list of words in argument; each one of them is added to COMPREPLY if
+# it is not already present on the command line. Returns no value.
+_tc_once_attr()
+{
+ local w subcword found
+ for w in $*; do
+ found=0
+ for (( subcword=3; subcword < ${#words[@]}-1; subcword++ )); do
+ if [[ $w == ${words[subcword]} ]]; then
+ found=1
+ break
+ fi
+ done
+ [[ $found -eq 0 ]] && \
+ COMPREPLY+=( $( compgen -W "$w" -- "$cur" ) )
+ done
+}
+
+# Takes a list of words in argument; each one of them is added to COMPREPLY if
+# it is not already present on the command line from the provided index. Returns
+# no value.
+_tc_once_attr_from()
+{
+ local w subcword found from=$1
+ shift
+ for w in $*; do
+ found=0
+ for (( subcword=$from; subcword < ${#words[@]}-1; subcword++ )); do
+ if [[ $w == ${words[subcword]} ]]; then
+ found=1
+ break
+ fi
+ done
+ [[ $found -eq 0 ]] && \
+ COMPREPLY+=( $( compgen -W "$w" -- "$cur" ) )
+ done
+}
+
+# Takes a list of words in argument; adds them all to COMPREPLY if none of them
+# is already present on the command line. Returns no value.
+_tc_one_of_list()
+{
+ local w subcword
+ for w in $*; do
+ for (( subcword=3; subcword < ${#words[@]}-1; subcword++ )); do
+ [[ $w == ${words[subcword]} ]] && return 1
+ done
+ done
+ COMPREPLY+=( $( compgen -W "$*" -- "$cur" ) )
+}
+
+# Takes a list of words in argument; adds them all to COMPREPLY if none of them
+# is already present on the command line from the provided index. Returns no
+# value.
+_tc_one_of_list_from()
+{
+ local w subcword from=$1
+ shift
+ for w in $*; do
+ for (( subcword=$from; subcword < ${#words[@]}-1; subcword++ )); do
+ [[ $w == ${words[subcword]} ]] && return 1
+ done
+ done
+ COMPREPLY+=( $( compgen -W "$*" -- "$cur" ) )
+}
+
+# Returns "$cur ${cur}arg1 ${cur}arg2 ..."
+_tc_expand_units()
+{
+ [[ $cur =~ ^[0-9]+ ]] || return 1
+ local value=${cur%%[^0-9]*}
+ [[ $cur == $value ]] && echo $cur
+ echo ${@/#/$value}
+}
+
+# Complete based on given word, usually $prev (or possibly the word before),
+# for when an argument or an option name has but a few possible arguments (so
+# tc does not take particular commands into account here).
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_direct_complete()
+{
+ case $1 in
+ # Command options
+ dev)
+ _available_interfaces
+ return 0
+ ;;
+ classid)
+ return 0
+ ;;
+ estimator)
+ local list=$( _tc_expand_units 'secs' 'msecs' 'usecs' )
+ COMPREPLY+=( $( compgen -W "$list" -- "$cur" ) )
+ return 0
+ ;;
+ handle)
+ return 0
+ ;;
+ parent|flowid)
+ local i iface ids cmd
+ for (( i=3; i < ${#words[@]}-2; i++ )); do
+ [[ ${words[i]} == dev ]] && iface=${words[i+1]}
+ break
+ done
+ for cmd in qdisc class; do
+ if [[ -n $iface ]]; then
+ ids+=$( tc $cmd show dev $iface 2>/dev/null | \
+ cut -d\ -f 3 )" "
+ else
+ ids+=$( tc $cmd show 2>/dev/null | cut -d\ -f 3 )
+ fi
+ done
+ [[ $ids != " " ]] && \
+ COMPREPLY+=( $( compgen -W "$ids" -- "$cur" ) )
+ return 0
+ ;;
+ protocol) # list comes from lib/ll_proto.c
+ COMPREPLY+=( $( compgen -W ' 802.1Q 802.1ad 802_2 802_3 LLDP aarp \
+ all aoe arp atalk atmfate atmmpoa ax25 bpq can control cust \
+ ddcmp dec diag dna_dl dna_rc dna_rt econet ieeepup ieeepupat \
+ ip ipv4 ipv6 ipx irda lat localtalk loop mobitex ppp_disc \
+ ppp_mp ppp_ses ppptalk pup pupat rarp sca snap tipc tr_802_2 \
+ wan_ppp x25' -- "$cur" ) )
+ return 0
+ ;;
+ prio)
+ return 0
+ ;;
+ stab)
+ COMPREPLY+=( $( compgen -W 'mtu tsize mpu overhead
+ linklayer' -- "$cur" ) )
+ ;;
+
+ # Qdiscs and classes options
+ alpha|bands|beta|buckets|corrupt|debug|decrement|default|\
+ default_index|depth|direct_qlen|divisor|duplicate|ewma|flow_limit|\
+ flows|hh_limit|increment|indices|linklayer|non_hh_weight|num_tc|\
+ penalty_burst|penalty_rate|prio|priomap|probability|queues|r2q|\
+ reorder|vq|vqs)
+ return 0
+ ;;
+ setup)
+ COMPREPLY+=( $( compgen -W 'vqs' -- "$cur" ) )
+ return 0
+ ;;
+ hw)
+ COMPREPLY+=( $( compgen -W '1 0' -- "$cur" ) )
+ return 0
+ ;;
+ distribution)
+ COMPREPLY+=( $( compgen -W 'uniform normal pareto
+ paretonormal' -- "$cur" ) )
+ return 0
+ ;;
+ loss)
+ COMPREPLY+=( $( compgen -W 'random state gmodel' -- "$cur" ) )
+ return 0
+ ;;
+
+ # Qdiscs and classes options options
+ gap|gmodel|state)
+ return 0
+ ;;
+
+ # Filters options
+ map)
+ COMPREPLY+=( $( compgen -W 'key' -- "$cur" ) )
+ return 0
+ ;;
+ hash)
+ COMPREPLY+=( $( compgen -W 'keys' -- "$cur" ) )
+ return 0
+ ;;
+ indev)
+ _available_interfaces
+ return 0
+ ;;
+ eth_type)
+ COMPREPLY+=( $( compgen -W 'ipv4 ipv6' -- "$cur" ) )
+ return 0
+ ;;
+ ip_proto)
+ COMPREPLY+=( $( compgen -W 'tcp udp' -- "$cur" ) )
+ return 0
+ ;;
+
+ # Filters options options
+ key|keys)
+ [[ ${words[@]} =~ graft ]] && return 1
+ COMPREPLY+=( $( compgen -W 'src dst proto proto-src proto-dst iif \
+ priority mark nfct nfct-src nfct-dst nfct-proto-src \
+ nfct-proto-dst rt-classid sk-uid sk-gid vlan-tag rxhash' -- \
+ "$cur" ) )
+ return 0
+ ;;
+
+ # BPF options - used for filters, actions, and exec
+ export|bytecode|bytecode-file|object-file)
+ _filedir
+ return 0
+ ;;
+ object-pinned|graft) # Pinned object is probably under /sys/fs/bpf/
+ [[ -n "$cur" ]] && _filedir && return 0
+ COMPREPLY=( $( compgen -G "/sys/fs/bpf/*" -- "$cur" ) ) || _filedir
+ compopt -o nospace
+ return 0
+ ;;
+ section)
+ if (type objdump > /dev/null 2>&1) ; then
+ local fword objfile section_list
+ for (( fword=3; fword < ${#words[@]}-3; fword++ )); do
+ if [[ ${words[fword]} == object-file ]]; then
+ objfile=${words[fword+1]}
+ break
+ fi
+ done
+ section_list=$( objdump -h $objfile 2>/dev/null | \
+ sed -n 's/^ *[0-9]\+ \([^ ]*\) *.*/\1/p' )
+ COMPREPLY+=( $( compgen -W "$section_list" -- "$cur" ) )
+ fi
+ return 0
+ ;;
+ import|run)
+ _filedir
+ return 0
+ ;;
+ type)
+ COMPREPLY+=( $( compgen -W 'cls act' -- "$cur" ) )
+ return 0
+ ;;
+
+ # Actions options
+ random)
+ _tc_one_of_list 'netrand determ'
+ return 0
+ ;;
+
+ # Units for option arguments
+ bandwidth|maxrate|peakrate|rate)
+ local list=$( _tc_expand_units 'bit' \
+ 'kbit' 'kibit' 'kbps' 'kibps' \
+ 'mbit' 'mibit' 'mbps' 'mibps' \
+ 'gbit' 'gibit' 'gbps' 'gibps' \
+ 'tbit' 'tibit' 'tbps' 'tibps' )
+ COMPREPLY+=( $( compgen -W "$list" -- "$cur" ) )
+ ;;
+ admit_bytes|avpkt|burst|cell|initial_quantum|limit|max|min|mtu|mpu|\
+ overhead|quantum|redflowlist)
+ local list=$( _tc_expand_units \
+ 'b' 'kbit' 'k' 'mbit' 'm' 'gbit' 'g' )
+ COMPREPLY+=( $( compgen -W "$list" -- "$cur" ) )
+ ;;
+ db|delay|evict_timeout|interval|latency|perturb|rehash|reset_timeout|\
+ target|tupdate)
+ local list=$( _tc_expand_units 'secs' 'msecs' 'usecs' )
+ COMPREPLY+=( $( compgen -W "$list" -- "$cur" ) )
+ ;;
+ esac
+ return 1
+}
+
+# Complete with options names for qdiscs. Each qdisc has its own set of options
+# and it seems we cannot really parse it from anywhere, so we add it manually
+# in this function.
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_qdisc_options()
+{
+ case $1 in
+ choke)
+ _tc_once_attr 'limit bandwidth ecn min max burst'
+ return 0
+ ;;
+ codel)
+ _tc_once_attr 'limit target interval'
+ _tc_one_of_list 'ecn noecn'
+ return 0
+ ;;
+ bfifo|pfifo|pfifo_head_drop)
+ _tc_once_attr 'limit'
+ return 0
+ ;;
+ fq)
+ _tc_once_attr 'limit flow_limit quantum initial_quantum maxrate \
+ buckets'
+ _tc_one_of_list 'pacing nopacing'
+ return 0
+ ;;
+ fq_codel)
+ _tc_once_attr 'limit flows target interval quantum'
+ _tc_one_of_list 'ecn noecn'
+ return 0
+ ;;
+ gred)
+ _tc_once_attr 'setup vqs default grio vq prio limit min max avpkt \
+ burst probability bandwidth'
+ return 0
+ ;;
+ hhf)
+ _tc_once_attr 'limit quantum hh_limit reset_timeout admit_bytes \
+ evict_timeout non_hh_weight'
+ return 0
+ ;;
+ mqprio)
+ _tc_once_attr 'num_tc map queues hw'
+ return 0
+ ;;
+ netem)
+ _tc_once_attr 'delay distribution corrupt duplicate loss ecn \
+ reorder rate'
+ return 0
+ ;;
+ pie)
+ _tc_once_attr 'limit target tupdate alpha beta'
+ _tc_one_of_list 'bytemode nobytemode'
+ _tc_one_of_list 'ecn noecn'
+ return 0
+ ;;
+ red)
+ _tc_once_attr 'limit min max avpkt burst adaptive probability \
+ bandwidth ecn harddrop'
+ return 0
+ ;;
+ rr|prio)
+ _tc_once_attr 'bands priomap multiqueue'
+ return 0
+ ;;
+ sfb)
+ _tc_once_attr 'rehash db limit max target increment decrement \
+ penalty_rate penalty_burst'
+ return 0
+ ;;
+ sfq)
+ _tc_once_attr 'limit perturb quantum divisor flows depth headdrop \
+ redflowlimit min max avpkt burst probability ecn harddrop'
+ return 0
+ ;;
+ tbf)
+ _tc_once_attr 'limit burst rate mtu peakrate latency overhead \
+ linklayer'
+ return 0
+ ;;
+ cbq)
+ _tc_once_attr 'bandwidth avpkt mpu cell ewma'
+ return 0
+ ;;
+ dsmark)
+ _tc_once_attr 'indices default_index set_tc_index'
+ return 0
+ ;;
+ hfsc)
+ _tc_once_attr 'default'
+ return 0
+ ;;
+ htb)
+ _tc_once_attr 'default r2q direct_qlen debug'
+ return 0
+ ;;
+ multiq|pfifo_fast|atm|drr|qfq)
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Complete with options names for BPF filters or actions.
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_bpf_options()
+{
+ [[ ${words[${#words[@]}-3]} == object-file ]] && \
+ _tc_once_attr 'section export'
+ [[ ${words[${#words[@]}-5]} == object-file ]] && \
+ [[ ${words[${#words[@]}-3]} =~ (section|export) ]] && \
+ _tc_once_attr 'section export'
+ _tc_one_of_list 'bytecode bytecode-file object-file object-pinned'
+ _tc_once_attr 'verbose index direct-action action classid'
+ return 0
+}
+
+# Complete with options names for filter actions.
+# This function is recursive, thus allowing multiple actions statement to be
+# parsed.
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_filter_action_options()
+{
+ for ((acwd=$1; acwd < ${#words[@]}-1; acwd++));
+ do
+ if [[ action == ${words[acwd]} ]]; then
+ _tc_filter_action_options $((acwd+1)) && return 0
+ fi
+ done
+
+ local action acwd
+ for ((acwd=$1; acwd < ${#words[@]}-1; acwd++)); do
+ if [[ $ACTION_KIND =~ ' '${words[acwd]}' ' ]]; then
+ _tc_one_of_list_from $acwd action
+ _tc_action_options $acwd && return 0
+ fi
+ done
+ _tc_one_of_list_from $acwd $ACTION_KIND
+ return 0
+}
+
+# Complete with options names for filters.
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_filter_options()
+{
+
+ for ((acwd=$1; acwd < ${#words[@]}-1; acwd++));
+ do
+ if [[ action == ${words[acwd]} ]]; then
+ _tc_filter_action_options $((acwd+1)) && return 0
+ fi
+ done
+
+ filter=${words[$1]}
+ case $filter in
+ basic)
+ _tc_once_attr 'match action classid'
+ return 0
+ ;;
+ bpf)
+ _tc_bpf_options
+ return 0
+ ;;
+ cgroup)
+ _tc_once_attr 'match action'
+ return 0
+ ;;
+ flow)
+ local i
+ for (( i=5; i < ${#words[@]}-1; i++ )); do
+ if [[ ${words[i]} =~ ^keys?$ ]]; then
+ _tc_direct_complete 'key'
+ COMPREPLY+=( $( compgen -W 'or and xor rshift addend' -- \
+ "$cur" ) )
+ break
+ fi
+ done
+ _tc_once_attr 'map hash divisor baseclass match action'
+ return 0
+ ;;
+ matchall)
+ _tc_once_attr 'action skip_sw skip_hw'
+ return 0
+ ;;
+ flower)
+ _tc_once_attr 'action classid indev dst_mac src_mac eth_type \
+ ip_proto dst_ip src_ip dst_port src_port'
+ return 0
+ ;;
+ fw)
+ _tc_once_attr 'action classid'
+ return 0
+ ;;
+ route)
+ _tc_one_of_list 'from fromif'
+ _tc_once_attr 'to classid action'
+ return 0
+ ;;
+ rsvp)
+ _tc_once_attr 'ipproto session sender classid action tunnelid \
+ tunnel flowlabel spi/ah spi/esp u8 u16 u32'
+ [[ ${words[${#words[@]}-3]} == tunnel ]] && \
+ COMPREPLY+=( $( compgen -W 'skip' -- "$cur" ) )
+ [[ ${words[${#words[@]}-3]} =~ u(8|16|32) ]] && \
+ COMPREPLY+=( $( compgen -W 'mask' -- "$cur" ) )
+ [[ ${words[${#words[@]}-3]} == mask ]] && \
+ COMPREPLY+=( $( compgen -W 'at' -- "$cur" ) )
+ return 0
+ ;;
+ tcindex)
+ _tc_once_attr 'hash mask shift classid action'
+ _tc_one_of_list 'pass_on fall_through'
+ return 0
+ ;;
+ u32)
+ _tc_once_attr 'match link classid action offset ht hashkey sample'
+ COMPREPLY+=( $( compgen -W 'ip ip6 udp tcp icmp u8 u16 u32 mark \
+ divisor' -- "$cur" ) )
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Complete with options names for actions.
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_action_options()
+{
+ local from=$1
+ local action=${words[from]}
+ case $action in
+ bpf)
+ _tc_bpf_options
+ return 0
+ ;;
+ mirred)
+ _tc_one_of_list_from $from 'ingress egress'
+ _tc_one_of_list_from $from 'mirror redirect'
+ _tc_once_attr_from $from 'index dev'
+ return 0
+ ;;
+ sample)
+ _tc_once_attr_from $from 'rate'
+ _tc_once_attr_from $from 'trunc'
+ _tc_once_attr_from $from 'group'
+ return 0
+ ;;
+ gact)
+ _tc_one_of_list_from $from 'reclassify drop continue pass'
+ _tc_once_attr_from $from 'random'
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Complete with options names for exec.
+# Returns 0 is completion should stop after running this function, 1 otherwise.
+_tc_exec_options()
+{
+ case $1 in
+ import)
+ [[ ${words[${#words[@]}-3]} == import ]] && \
+ _tc_once_attr 'run'
+ return 0
+ ;;
+ graft)
+ COMPREPLY+=( $( compgen -W 'key type' -- "$cur" ) )
+ [[ ${words[${#words[@]}-3]} == object-file ]] && \
+ _tc_once_attr 'type'
+ _tc_bpf_options
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+# Main completion function
+# Logic is as follows:
+# 1. Check if previous word is a global option; if so, propose arguments.
+# 2. Check if current word is a global option; if so, propose completion.
+# 3. Check for the presence of a main command (qdisc|class|filter|...). If
+# there is one, first call _tc_direct_complete to see if previous word is
+# waiting for a particular completion. If so, propose completion and exit.
+# 4. Extract main command and -- if available -- its subcommand
+# (add|delete|show|...).
+# 5. Propose completion based on main and sub- command in use. Additional
+# functions may be called for qdiscs, classes or filter options.
+_tc()
+{
+ local cur prev words cword
+ _init_completion || return
+
+ case $prev in
+ -V|-Version)
+ return 0
+ ;;
+ -b|-batch|-cf|-conf)
+ _filedir
+ return 0
+ ;;
+ -force)
+ COMPREPLY=( $( compgen -W '-batch' -- "$cur" ) )
+ return 0
+ ;;
+ -nm|name)
+ [[ -r /etc/iproute2/tc_cls ]] || \
+ COMPREPLY=( $( compgen -W '-conf' -- "$cur" ) )
+ return 0
+ ;;
+ -n|-net|-netns)
+ local nslist=$( ip netns list 2>/dev/null )
+ COMPREPLY+=( $( compgen -W "$nslist" -- "$cur" ) )
+ return 0
+ ;;
+ -tshort)
+ _tc_once_attr '-statistics'
+ COMPREPLY+=( $( compgen -W 'monitor' -- "$cur" ) )
+ return 0
+ ;;
+ -timestamp)
+ _tc_once_attr '-statistics -tshort'
+ COMPREPLY+=( $( compgen -W 'monitor' -- "$cur" ) )
+ return 0
+ ;;
+ esac
+
+ # Search for main commands
+ local subcword cmd subcmd
+ for (( subcword=1; subcword < ${#words[@]}-1; subcword++ )); do
+ [[ ${words[subcword]} == -b?(atch) ]] && return 0
+ [[ -n $cmd ]] && subcmd=${words[subcword]} && break
+ [[ ${words[subcword]} != -* && \
+ ${words[subcword-1]} != -@(n?(et?(ns))|c?(on)f) ]] && \
+ cmd=${words[subcword]}
+ done
+
+ if [[ -z $cmd ]]; then
+ case $cur in
+ -*)
+ local c='-Version -statistics -details -raw -pretty \
+ -iec -graphe -batch -name -netns -timestamp'
+ [[ $cword -eq 1 ]] && c+=' -force'
+ COMPREPLY=( $( compgen -W "$c" -- "$cur" ) )
+ return 0
+ ;;
+ *)
+ COMPREPLY=( $( compgen -W "help $( tc help 2>&1 | \
+ command sed \
+ -e '/OBJECT := /!d' \
+ -e 's/.*{//' \
+ -e 's/}.*//' \
+ -e \ 's/|//g' )" -- "$cur" ) )
+ return 0
+ ;;
+ esac
+ fi
+
+ [[ $subcmd == help ]] && return 0
+
+ # For this set of commands we may create COMPREPLY just by analysing the
+ # previous word, if it expects for a specific list of options or values.
+ if [[ $cmd =~ (qdisc|class|filter|action|exec) ]]; then
+ _tc_direct_complete $prev && return 0
+ if [[ ${words[${#words[@]}-3]} == estimator ]]; then
+ local list=$( _tc_expand_units 'secs' 'msecs' 'usecs' )
+ COMPREPLY+=( $( compgen -W "$list" -- "$cur" ) ) && return 0
+ fi
+ fi
+
+ # Completion depends on main command and subcommand in use.
+ case $cmd in
+ qdisc)
+ case $subcmd in
+ add|change|replace|link|del|delete)
+ if [[ $(($cword-$subcword)) -eq 1 ]]; then
+ COMPREPLY=( $( compgen -W 'dev' -- "$cur" ) )
+ return 0
+ fi
+ local qdisc qdwd
+ for ((qdwd=$subcword; qdwd < ${#words[@]}-1; qdwd++)); do
+ if [[ $QDISC_KIND =~ ' '${words[qdwd]}' ' ]]; then
+ qdisc=${words[qdwd]}
+ _tc_qdisc_options $qdisc && return 0
+ fi
+ done
+ _tc_one_of_list $QDISC_KIND
+ _tc_one_of_list 'root ingress parent clsact'
+ _tc_once_attr 'handle estimator stab'
+ ;;
+ show)
+ _tc_once_attr 'dev'
+ _tc_one_of_list 'ingress clsact'
+ _tc_once_attr '-statistics -details -raw -pretty -iec \
+ -graph -name'
+ ;;
+ help)
+ return 0
+ ;;
+ *)
+ [[ $cword -eq $subcword ]] && \
+ COMPREPLY=( $( compgen -W 'help add delete change \
+ replace link show' -- "$cur" ) )
+ ;;
+ esac
+ ;;
+
+ class)
+ case $subcmd in
+ add|change|replace|del|delete)
+ if [[ $(($cword-$subcword)) -eq 1 ]]; then
+ COMPREPLY=( $( compgen -W 'dev' -- "$cur" ) )
+ return 0
+ fi
+ local qdisc qdwd
+ for ((qdwd=$subcword; qdwd < ${#words[@]}-1; qdwd++)); do
+ if [[ $QDISC_KIND =~ ' '${words[qdwd]}' ' ]]; then
+ qdisc=${words[qdwd]}
+ _tc_qdisc_options $qdisc && return 0
+ fi
+ done
+ _tc_one_of_list $QDISC_KIND
+ _tc_one_of_list 'root parent'
+ _tc_once_attr 'classid'
+ ;;
+ show)
+ _tc_once_attr 'dev'
+ _tc_one_of_list 'root parent'
+ _tc_once_attr '-statistics -details -raw -pretty -iec \
+ -graph -name'
+ ;;
+ help)
+ return 0
+ ;;
+ *)
+ [[ $cword -eq $subcword ]] && \
+ COMPREPLY=( $( compgen -W 'help add delete change \
+ replace show' -- "$cur" ) )
+ ;;
+ esac
+ ;;
+
+ filter)
+ case $subcmd in
+ add|change|replace|del|delete)
+ if [[ $(($cword-$subcword)) -eq 1 ]]; then
+ COMPREPLY=( $( compgen -W 'dev' -- "$cur" ) )
+ return 0
+ fi
+ local filter fltwd
+ for ((fltwd=$subcword; fltwd < ${#words[@]}-1; fltwd++));
+ do
+ if [[ $FILTER_KIND =~ ' '${words[fltwd]}' ' ]]; then
+ _tc_filter_options $fltwd && return 0
+ fi
+ done
+ _tc_one_of_list $FILTER_KIND
+ _tc_one_of_list 'root ingress egress parent'
+ _tc_once_attr 'handle estimator pref protocol'
+ ;;
+ show)
+ _tc_once_attr 'dev'
+ _tc_one_of_list 'root ingress egress parent'
+ _tc_once_attr '-statistics -details -raw -pretty -iec \
+ -graph -name'
+ ;;
+ help)
+ return 0
+ ;;
+ *)
+ [[ $cword -eq $subcword ]] && \
+ COMPREPLY=( $( compgen -W 'help add delete change \
+ replace show' -- "$cur" ) )
+ ;;
+ esac
+ ;;
+
+ action)
+ case $subcmd in
+ add|change|replace)
+ local action acwd
+ for ((acwd=$subcword; acwd < ${#words[@]}-1; acwd++)); do
+ if [[ $ACTION_KIND =~ ' '${words[acwd]}' ' ]]; then
+ _tc_action_options $acwd && return 0
+ fi
+ done
+ _tc_one_of_list $ACTION_KIND
+ ;;
+ get|del|delete)
+ _tc_once_attr 'index'
+ ;;
+ lst|list|flush|show)
+ _tc_one_of_list $ACTION_KIND
+ ;;
+ *)
+ [[ $cword -eq $subcword ]] && \
+ COMPREPLY=( $( compgen -W 'help add delete change \
+ replace show list flush action' -- "$cur" ) )
+ ;;
+ esac
+ ;;
+
+ monitor)
+ COMPREPLY=( $( compgen -W 'help' -- "$cur" ) )
+ ;;
+
+ exec)
+ case $subcmd in
+ bpf)
+ local excmd exwd EXEC_KIND=' import debug graft '
+ for ((exwd=$subcword; exwd < ${#words[@]}-1; exwd++)); do
+ if [[ $EXEC_KIND =~ ' '${words[exwd]}' ' ]]; then
+ excmd=${words[exwd]}
+ _tc_exec_options $excmd && return 0
+ fi
+ done
+ _tc_one_of_list $EXEC_KIND
+ ;;
+ *)
+ [[ $cword -eq $subcword ]] && \
+ COMPREPLY=( $( compgen -W 'bpf' -- "$cur" ) )
+ ;;
+ esac
+ ;;
+ esac
+} &&
+complete -F _tc tc
+
+# ex: ts=4 sw=4 et filetype=sh
diff --git a/bridge/Makefile b/bridge/Makefile
index 9800753..b2ae0a4 100644
--- a/bridge/Makefile
+++ b/bridge/Makefile
@@ -1,18 +1,14 @@
BROBJ = bridge.o fdb.o monitor.o link.o mdb.o vlan.o
-include ../Config
-
-ifeq ($(IP_CONFIG_SETNS),y)
- CFLAGS += -DHAVE_SETNS
-endif
+include ../config.mk
all: bridge
-bridge: $(BROBJ) $(LIBNETLINK)
+bridge: $(BROBJ) $(LIBNETLINK)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
install: all
install -m 0755 bridge $(DESTDIR)$(SBINDIR)
clean:
rm -f $(BROBJ) bridge
-
diff --git a/bridge/br_common.h b/bridge/br_common.h
index 169a162..01447dd 100644
--- a/bridge/br_common.h
+++ b/bridge/br_common.h
@@ -1,3 +1,10 @@
+#define MDB_RTA(r) \
+ ((struct rtattr *)(((char *)(r)) + RTA_ALIGN(sizeof(struct br_mdb_entry))))
+
+#define MDB_RTR_RTA(r) \
+ ((struct rtattr *)(((char *)(r)) + RTA_ALIGN(sizeof(__u32))))
+
+extern void print_vlan_info(FILE *fp, struct rtattr *tb, int ifindex);
extern int print_linkinfo(const struct sockaddr_nl *who,
struct nlmsghdr *n,
void *arg);
@@ -17,4 +24,5 @@
extern int show_details;
extern int timestamp;
extern int compress_vlans;
+extern int json_output;
extern struct rtnl_handle rth;
diff --git a/bridge/bridge.c b/bridge/bridge.c
index 72f153f..6658cb8 100644
--- a/bridge/bridge.c
+++ b/bridge/bridge.c
@@ -18,11 +18,11 @@
struct rtnl_handle rth = { .fd = -1 };
int preferred_family = AF_UNSPEC;
-int resolve_hosts;
int oneline;
int show_stats;
int show_details;
int compress_vlans;
+int json_output;
int timestamp;
char *batch_file;
int force;
@@ -38,7 +38,7 @@
"where OBJECT := { link | fdb | mdb | vlan | monitor }\n"
" OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] |\n"
" -o[neline] | -t[imestamp] | -n[etns] name |\n"
-" -c[ompressvlans] }\n");
+" -c[ompressvlans] -j{son} }\n");
exit(-1);
}
@@ -173,6 +173,8 @@
++compress_vlans;
} else if (matches(opt, "-force") == 0) {
++force;
+ } else if (matches(opt, "-json") == 0) {
+ ++json_output;
} else if (matches(opt, "-batch") == 0) {
argc--;
argv++;
diff --git a/bridge/fdb.c b/bridge/fdb.c
index 4d10925..c2f654c 100644
--- a/bridge/fdb.c
+++ b/bridge/fdb.c
@@ -21,25 +21,30 @@
#include <linux/neighbour.h>
#include <string.h>
#include <limits.h>
+#include <json_writer.h>
+#include <stdbool.h>
#include "libnetlink.h"
#include "br_common.h"
#include "rt_names.h"
#include "utils.h"
-static unsigned int filter_index;
+static unsigned int filter_index, filter_vlan, filter_state;
+
+json_writer_t *jw_global;
static void usage(void)
{
- fprintf(stderr, "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV\n"
- " [ self ] [ master ] [ use ] [ router ]\n"
- " [ local | temp ] [ dst IPADDR ] [ vlan VID ]\n"
- " [ port PORT] [ vni VNI ] [ via DEV ]\n");
- fprintf(stderr, " bridge fdb [ show [ br BRDEV ] [ brport DEV ] ]\n");
+ fprintf(stderr,
+ "Usage: bridge fdb { add | append | del | replace } ADDR dev DEV\n"
+ " [ self ] [ master ] [ use ] [ router ]\n"
+ " [ local | static | dynamic ] [ dst IPADDR ] [ vlan VID ]\n"
+ " [ port PORT] [ vni VNI ] [ via DEV ]\n"
+ " bridge fdb [ show [ br BRDEV ] [ brport DEV ] [ vlan VID ] [ state STATE ] ]\n");
exit(-1);
}
-static const char *state_n2a(unsigned s)
+static const char *state_n2a(unsigned int s)
{
static char buf[32];
@@ -59,17 +64,46 @@
return buf;
}
+static int state_a2n(unsigned int *s, const char *arg)
+{
+ if (matches(arg, "permanent") == 0)
+ *s = NUD_PERMANENT;
+ else if (matches(arg, "static") == 0 || matches(arg, "temp") == 0)
+ *s = NUD_NOARP;
+ else if (matches(arg, "stale") == 0)
+ *s = NUD_STALE;
+ else if (matches(arg, "reachable") == 0 || matches(arg, "dynamic") == 0)
+ *s = NUD_REACHABLE;
+ else if (strcmp(arg, "all") == 0)
+ *s = ~0;
+ else if (get_unsigned(s, arg, 0))
+ return -1;
+
+ return 0;
+}
+
+static void start_json_fdb_flags_array(bool *fdb_flags)
+{
+ if (*fdb_flags)
+ return;
+ jsonw_name(jw_global, "flags");
+ jsonw_start_array(jw_global);
+ *fdb_flags = true;
+}
+
int print_fdb(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
FILE *fp = arg;
struct ndmsg *r = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[NDA_MAX+1];
+ struct rtattr *tb[NDA_MAX+1];
+ __u16 vid = 0;
+ bool fdb_flags = false;
+ const char *state_s;
if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) {
fprintf(stderr, "Not RTM_NEWNEIGH: %08x %08x %08x\n",
n->nlmsg_len, n->nlmsg_type, n->nlmsg_flags);
-
return 0;
}
@@ -85,47 +119,92 @@
if (filter_index && filter_index != r->ndm_ifindex)
return 0;
+ if (filter_state && !(r->ndm_state & filter_state))
+ return 0;
+
parse_rtattr(tb, NDA_MAX, NDA_RTA(r),
n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
- if (n->nlmsg_type == RTM_DELNEIGH)
- fprintf(fp, "Deleted ");
+ if (tb[NDA_VLAN])
+ vid = rta_getattr_u16(tb[NDA_VLAN]);
+
+ if (filter_vlan && filter_vlan != vid)
+ return 0;
+
+ if (jw_global) {
+ jsonw_pretty(jw_global, 1);
+ jsonw_start_object(jw_global);
+ }
+
+ if (n->nlmsg_type == RTM_DELNEIGH) {
+ if (jw_global)
+ jsonw_string_field(jw_global, "opCode", "deleted");
+ else
+ fprintf(fp, "Deleted ");
+ }
if (tb[NDA_LLADDR]) {
SPRINT_BUF(b1);
- fprintf(fp, "%s ",
- ll_addr_n2a(RTA_DATA(tb[NDA_LLADDR]),
- RTA_PAYLOAD(tb[NDA_LLADDR]),
- ll_index_to_type(r->ndm_ifindex),
- b1, sizeof(b1)));
+ ll_addr_n2a(RTA_DATA(tb[NDA_LLADDR]),
+ RTA_PAYLOAD(tb[NDA_LLADDR]),
+ ll_index_to_type(r->ndm_ifindex),
+ b1, sizeof(b1));
+ if (jw_global)
+ jsonw_string_field(jw_global, "mac", b1);
+ else
+ fprintf(fp, "%s ", b1);
}
- if (!filter_index && r->ndm_ifindex)
- fprintf(fp, "dev %s ", ll_index_to_name(r->ndm_ifindex));
+ if (!filter_index && r->ndm_ifindex) {
+ if (jw_global)
+ jsonw_string_field(jw_global, "dev",
+ ll_index_to_name(r->ndm_ifindex));
+ else
+ fprintf(fp, "dev %s ",
+ ll_index_to_name(r->ndm_ifindex));
+ }
if (tb[NDA_DST]) {
- SPRINT_BUF(abuf);
int family = AF_INET;
+ const char *abuf_s;
if (RTA_PAYLOAD(tb[NDA_DST]) == sizeof(struct in6_addr))
family = AF_INET6;
- fprintf(fp, "dst %s ",
- format_host(family,
- RTA_PAYLOAD(tb[NDA_DST]),
- RTA_DATA(tb[NDA_DST]),
- abuf, sizeof(abuf)));
+ abuf_s = format_host(family,
+ RTA_PAYLOAD(tb[NDA_DST]),
+ RTA_DATA(tb[NDA_DST]));
+ if (jw_global)
+ jsonw_string_field(jw_global, "dst", abuf_s);
+ else
+ fprintf(fp, "dst %s ", abuf_s);
}
- if (tb[NDA_VLAN]) {
- __u16 vid = rta_getattr_u16(tb[NDA_VLAN]);
- fprintf(fp, "vlan %hu ", vid);
+ if (vid) {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "vlan", vid);
+ else
+ fprintf(fp, "vlan %hu ", vid);
}
- if (tb[NDA_PORT])
- fprintf(fp, "port %d ", ntohs(rta_getattr_u16(tb[NDA_PORT])));
- if (tb[NDA_VNI])
- fprintf(fp, "vni %d ", rta_getattr_u32(tb[NDA_VNI]));
+ if (tb[NDA_PORT]) {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "port",
+ rta_getattr_be16(tb[NDA_PORT]));
+ else
+ fprintf(fp, "port %d ",
+ rta_getattr_be16(tb[NDA_PORT]));
+ }
+
+ if (tb[NDA_VNI]) {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "vni",
+ rta_getattr_u32(tb[NDA_VNI]));
+ else
+ fprintf(fp, "vni %d ",
+ rta_getattr_u32(tb[NDA_VNI]));
+ }
+
if (tb[NDA_IFINDEX]) {
unsigned int ifindex = rta_getattr_u32(tb[NDA_IFINDEX]);
@@ -133,37 +212,101 @@
char ifname[IF_NAMESIZE];
if (!tb[NDA_LINK_NETNSID] &&
- if_indextoname(ifindex, ifname))
- fprintf(fp, "via %s ", ifname);
- else
- fprintf(fp, "via ifindex %u ", ifindex);
+ if_indextoname(ifindex, ifname)) {
+ if (jw_global)
+ jsonw_string_field(jw_global, "viaIf",
+ ifname);
+ else
+ fprintf(fp, "via %s ", ifname);
+ } else {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "viaIfIndex",
+ ifindex);
+ else
+ fprintf(fp, "via ifindex %u ", ifindex);
+ }
}
}
- if (tb[NDA_LINK_NETNSID])
- fprintf(fp, "link-netnsid %d ",
- rta_getattr_u32(tb[NDA_LINK_NETNSID]));
+
+ if (tb[NDA_LINK_NETNSID]) {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "linkNetNsId",
+ rta_getattr_u32(tb[NDA_LINK_NETNSID]));
+ else
+ fprintf(fp, "link-netnsid %d ",
+ rta_getattr_u32(tb[NDA_LINK_NETNSID]));
+ }
if (show_stats && tb[NDA_CACHEINFO]) {
struct nda_cacheinfo *ci = RTA_DATA(tb[NDA_CACHEINFO]);
int hz = get_user_hz();
- fprintf(fp, "used %d/%d ", ci->ndm_used/hz,
- ci->ndm_updated/hz);
+ if (jw_global) {
+ jsonw_uint_field(jw_global, "used",
+ ci->ndm_used/hz);
+ jsonw_uint_field(jw_global, "updated",
+ ci->ndm_updated/hz);
+ } else {
+ fprintf(fp, "used %d/%d ", ci->ndm_used/hz,
+ ci->ndm_updated/hz);
+ }
}
- if (r->ndm_flags & NTF_SELF)
- fprintf(fp, "self ");
- if (tb[NDA_MASTER])
- fprintf(fp, "master %s ",
- ll_index_to_name(rta_getattr_u32(tb[NDA_MASTER])));
- else if (r->ndm_flags & NTF_MASTER)
- fprintf(fp, "master ");
- if (r->ndm_flags & NTF_ROUTER)
- fprintf(fp, "router ");
- if (r->ndm_flags & NTF_EXT_LEARNED)
- fprintf(fp, "offload ");
- fprintf(fp, "%s\n", state_n2a(r->ndm_state));
- fflush(fp);
+ if (jw_global) {
+ if (r->ndm_flags & NTF_SELF) {
+ start_json_fdb_flags_array(&fdb_flags);
+ jsonw_string(jw_global, "self");
+ }
+ if (r->ndm_flags & NTF_ROUTER) {
+ start_json_fdb_flags_array(&fdb_flags);
+ jsonw_string(jw_global, "router");
+ }
+ if (r->ndm_flags & NTF_EXT_LEARNED) {
+ start_json_fdb_flags_array(&fdb_flags);
+ jsonw_string(jw_global, "extern_learn");
+ }
+ if (r->ndm_flags & NTF_OFFLOADED) {
+ start_json_fdb_flags_array(&fdb_flags);
+ jsonw_string(jw_global, "offload");
+ }
+ if (r->ndm_flags & NTF_MASTER)
+ jsonw_string(jw_global, "master");
+ if (fdb_flags)
+ jsonw_end_array(jw_global);
+
+ if (tb[NDA_MASTER])
+ jsonw_string_field(jw_global,
+ "master",
+ ll_index_to_name(rta_getattr_u32(tb[NDA_MASTER])));
+
+ } else {
+ if (r->ndm_flags & NTF_SELF)
+ fprintf(fp, "self ");
+ if (r->ndm_flags & NTF_ROUTER)
+ fprintf(fp, "router ");
+ if (r->ndm_flags & NTF_EXT_LEARNED)
+ fprintf(fp, "extern_learn ");
+ if (r->ndm_flags & NTF_OFFLOADED)
+ fprintf(fp, "offload ");
+ if (tb[NDA_MASTER]) {
+ fprintf(fp, "master %s ",
+ ll_index_to_name(rta_getattr_u32(tb[NDA_MASTER])));
+ } else if (r->ndm_flags & NTF_MASTER) {
+ fprintf(fp, "master ");
+ }
+ }
+
+ state_s = state_n2a(r->ndm_state);
+ if (jw_global) {
+ if (state_s[0])
+ jsonw_string_field(jw_global, "state", state_s);
+
+ jsonw_end_object(jw_global);
+ } else {
+ fprintf(fp, "%s\n", state_s);
+
+ fflush(fp);
+ }
return 0;
}
@@ -171,19 +314,18 @@
static int fdb_show(int argc, char **argv)
{
struct {
- struct nlmsghdr n;
+ struct nlmsghdr n;
struct ifinfomsg ifm;
- char buf[256];
- } req;
+ char buf[256];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .ifm.ifi_family = PF_BRIDGE,
+ };
char *filter_dev = NULL;
char *br = NULL;
int msg_size = sizeof(struct ifinfomsg);
- memset(&req, 0, sizeof(req));
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.ifm.ifi_family = PF_BRIDGE;
-
while (argc > 0) {
if ((strcmp(*argv, "brport") == 0) || strcmp(*argv, "dev") == 0) {
NEXT_ARG();
@@ -191,6 +333,18 @@
} else if (strcmp(*argv, "br") == 0) {
NEXT_ARG();
br = *argv;
+ } else if (strcmp(*argv, "vlan") == 0) {
+ NEXT_ARG();
+ if (filter_vlan)
+ duparg("vlan", *argv);
+ filter_vlan = atoi(*argv);
+ } else if (strcmp(*argv, "state") == 0) {
+ unsigned int state;
+
+ NEXT_ARG();
+ if (state_a2n(&state, *argv))
+ invarg("invalid state", *argv);
+ filter_state |= state;
} else {
if (matches(*argv, "help") == 0)
usage();
@@ -200,6 +354,7 @@
if (br) {
int br_ifindex = ll_name_to_index(br);
+
if (br_ifindex == 0) {
fprintf(stderr, "Cannot find bridge device \"%s\"\n", br);
return -1;
@@ -224,10 +379,22 @@
exit(1);
}
+ if (json_output) {
+ jw_global = jsonw_new(stdout);
+ if (!jw_global) {
+ fprintf(stderr, "Error allocation json object\n");
+ exit(1);
+ }
+ jsonw_start_array(jw_global);
+ }
if (rtnl_dump_filter(&rth, print_fdb, stdout) < 0) {
fprintf(stderr, "Dump terminated\n");
exit(1);
}
+ if (jw_global) {
+ jsonw_end_array(jw_global);
+ jsonw_destroy(&jw_global);
+ }
return 0;
}
@@ -235,10 +402,16 @@
static int fdb_modify(int cmd, int flags, int argc, char **argv)
{
struct {
- struct nlmsghdr n;
- struct ndmsg ndm;
- char buf[256];
- } req;
+ struct nlmsghdr n;
+ struct ndmsg ndm;
+ char buf[256];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .ndm.ndm_family = PF_BRIDGE,
+ .ndm.ndm_state = NUD_NOARP,
+ };
char *addr = NULL;
char *d = NULL;
char abuf[ETH_ALEN];
@@ -250,14 +423,6 @@
char *endptr;
short vid = -1;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.ndm.ndm_family = PF_BRIDGE;
- req.ndm.ndm_state = NUD_NOARP;
-
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
@@ -298,11 +463,15 @@
req.ndm.ndm_flags |= NTF_MASTER;
} else if (matches(*argv, "router") == 0) {
req.ndm.ndm_flags |= NTF_ROUTER;
- } else if (matches(*argv, "local") == 0||
+ } else if (matches(*argv, "local") == 0 ||
matches(*argv, "permanent") == 0) {
req.ndm.ndm_state |= NUD_PERMANENT;
- } else if (matches(*argv, "temp") == 0) {
+ } else if (matches(*argv, "temp") == 0 ||
+ matches(*argv, "static") == 0) {
req.ndm.ndm_state |= NUD_REACHABLE;
+ } else if (matches(*argv, "dynamic") == 0) {
+ req.ndm.ndm_state |= NUD_REACHABLE;
+ req.ndm.ndm_state &= ~NUD_NOARP;
} else if (matches(*argv, "vlan") == 0) {
if (vid >= 0)
duparg2("vlan", *argv);
@@ -311,9 +480,9 @@
} else if (matches(*argv, "use") == 0) {
req.ndm.ndm_flags |= NTF_USE;
} else {
- if (strcmp(*argv, "to") == 0) {
+ if (strcmp(*argv, "to") == 0)
NEXT_ARG();
- }
+
if (matches(*argv, "help") == 0)
usage();
if (addr)
diff --git a/bridge/link.c b/bridge/link.c
index a9b1262..9e4206f 100644
--- a/bridge/link.c
+++ b/bridge/link.c
@@ -25,17 +25,17 @@
[BR_STATE_BLOCKING] = "blocking",
};
-extern char *if_indextoname (unsigned int __ifindex, char *__ifname);
+extern char *if_indextoname(unsigned int __ifindex, char *__ifname);
-static void print_link_flags(FILE *fp, unsigned flags)
+static void print_link_flags(FILE *fp, unsigned int flags)
{
fprintf(fp, "<");
if (flags & IFF_UP && !(flags & IFF_RUNNING))
fprintf(fp, "NO-CARRIER%s", flags ? "," : "");
flags &= ~IFF_RUNNING;
#define _PF(f) if (flags&IFF_##f) { \
- flags &= ~IFF_##f ; \
- fprintf(fp, #f "%s", flags ? "," : ""); }
+ flags &= ~IFF_##f ; \
+ fprintf(fp, #f "%s", flags ? "," : ""); }
_PF(LOOPBACK);
_PF(BROADCAST);
_PF(POINTOPOINT);
@@ -55,7 +55,7 @@
_PF(DORMANT);
_PF(ECHO);
#undef _PF
- if (flags)
+ if (flags)
fprintf(fp, "%x", flags);
fprintf(fp, "> ");
}
@@ -69,7 +69,7 @@
static void print_operstate(FILE *f, __u8 state)
{
- if (state >= sizeof(oper_states)/sizeof(oper_states[0]))
+ if (state >= ARRAY_SIZE(oper_states))
fprintf(f, "state %#x ", state);
else
fprintf(f, "state %s ", oper_states[state]);
@@ -90,7 +90,7 @@
static void print_hwmode(FILE *f, __u16 mode)
{
- if (mode >= sizeof(hw_mode)/sizeof(hw_mode[0]))
+ if (mode >= ARRAY_SIZE(hw_mode))
fprintf(f, "hwmode %#hx ", mode);
else
fprintf(f, "hwmode %s ", hw_mode[mode]);
@@ -102,14 +102,14 @@
FILE *fp = arg;
int len = n->nlmsg_len;
struct ifinfomsg *ifi = NLMSG_DATA(n);
- struct rtattr * tb[IFLA_MAX+1];
+ struct rtattr *tb[IFLA_MAX+1];
char b1[IFNAMSIZ];
len -= NLMSG_LENGTH(sizeof(*ifi));
if (len < 0) {
fprintf(stderr, "Message too short!\n");
return -1;
- }
+ }
if (!(ifi->ifi_family == AF_BRIDGE || ifi->ifi_family == AF_UNSPEC))
return 0;
@@ -136,6 +136,7 @@
if (tb[IFLA_LINK]) {
SPRINT_BUF(b1);
int iflink = rta_getattr_u32(tb[IFLA_LINK]);
+
if (iflink == 0)
fprintf(fp, "@NONE: ");
else
@@ -194,6 +195,9 @@
if (prtb[IFLA_BRPORT_UNICAST_FLOOD])
print_onoff(fp, "flood",
rta_getattr_u8(prtb[IFLA_BRPORT_UNICAST_FLOOD]));
+ if (prtb[IFLA_BRPORT_MCAST_FLOOD])
+ print_onoff(fp, "mcast_flood",
+ rta_getattr_u8(prtb[IFLA_BRPORT_MCAST_FLOOD]));
}
} else
print_portstate(fp, rta_getattr_u8(tb[IFLA_PROTINFO]));
@@ -209,6 +213,13 @@
if (aftb[IFLA_BRIDGE_MODE])
print_hwmode(fp, rta_getattr_u16(aftb[IFLA_BRIDGE_MODE]));
+ if (show_details) {
+ if (aftb[IFLA_BRIDGE_VLAN_INFO]) {
+ fprintf(fp, "\n");
+ print_vlan_info(fp, tb[IFLA_AF_SPEC],
+ ifi->ifi_index);
+ }
+ }
}
fprintf(fp, "\n");
@@ -220,12 +231,13 @@
{
fprintf(stderr, "Usage: bridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state STATE ]\n");
fprintf(stderr, " [ guard {on | off} ]\n");
- fprintf(stderr, " [ hairpin {on | off} ] \n");
+ fprintf(stderr, " [ hairpin {on | off} ]\n");
fprintf(stderr, " [ fastleave {on | off} ]\n");
fprintf(stderr, " [ root_block {on | off} ]\n");
fprintf(stderr, " [ learning {on | off} ]\n");
fprintf(stderr, " [ learning_sync {on | off} ]\n");
fprintf(stderr, " [ flood {on | off} ]\n");
+ fprintf(stderr, " [ mcast_flood {on | off} ]\n");
fprintf(stderr, " [ hwmode {vepa | veb} ]\n");
fprintf(stderr, " [ self ] [ master ]\n");
fprintf(stderr, " bridge link show [dev DEV]\n");
@@ -254,11 +266,17 @@
struct nlmsghdr n;
struct ifinfomsg ifm;
char buf[512];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_SETLINK,
+ .ifm.ifi_family = PF_BRIDGE,
+ };
char *d = NULL;
__s8 learning = -1;
__s8 learning_sync = -1;
__s8 flood = -1;
+ __s8 mcast_flood = -1;
__s8 hairpin = -1;
__s8 bpdu_guard = -1;
__s8 fast_leave = -1;
@@ -270,13 +288,6 @@
__u16 flags = 0;
struct rtattr *nest;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_SETLINK;
- req.ifm.ifi_family = PF_BRIDGE;
-
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
@@ -309,6 +320,10 @@
NEXT_ARG();
if (!on_off("flood", &flood, *argv))
return -1;
+ } else if (strcmp(*argv, "mcast_flood") == 0) {
+ NEXT_ARG();
+ if (!on_off("mcast_flood", &mcast_flood, *argv))
+ return -1;
} else if (strcmp(*argv, "cost") == 0) {
NEXT_ARG();
cost = atoi(*argv);
@@ -318,7 +333,8 @@
} else if (strcmp(*argv, "state") == 0) {
NEXT_ARG();
char *endptr;
- size_t nstates = sizeof(port_states) / sizeof(*port_states);
+ size_t nstates = ARRAY_SIZE(port_states);
+
state = strtol(*argv, &endptr, 10);
if (!(**argv != '\0' && *endptr == '\0')) {
for (state = 0; state < nstates; state++)
@@ -339,8 +355,7 @@
mode = BRIDGE_MODE_VEB;
else {
fprintf(stderr,
- "Mode argument must be \"vepa\" or "
- "\"veb\".\n");
+ "Mode argument must be \"vepa\" or \"veb\".\n");
return -1;
}
} else if (strcmp(*argv, "self") == 0) {
@@ -381,6 +396,9 @@
addattr8(&req.n, sizeof(req), IFLA_BRPORT_PROTECT, root_block);
if (flood >= 0)
addattr8(&req.n, sizeof(req), IFLA_BRPORT_UNICAST_FLOOD, flood);
+ if (mcast_flood >= 0)
+ addattr8(&req.n, sizeof(req), IFLA_BRPORT_MCAST_FLOOD,
+ mcast_flood);
if (learning >= 0)
addattr8(&req.n, sizeof(req), IFLA_BRPORT_LEARNING, learning);
if (learning_sync >= 0)
@@ -443,9 +461,19 @@
}
}
- if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETLINK) < 0) {
- perror("Cannon send dump request");
- exit(1);
+ if (show_details) {
+ if (rtnl_wilddump_req_filter(&rth, PF_BRIDGE, RTM_GETLINK,
+ (compress_vlans ?
+ RTEXT_FILTER_BRVLAN_COMPRESSED :
+ RTEXT_FILTER_BRVLAN)) < 0) {
+ perror("Cannon send dump request");
+ exit(1);
+ }
+ } else {
+ if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETLINK) < 0) {
+ perror("Cannon send dump request");
+ exit(1);
+ }
}
if (rtnl_dump_filter(&rth, print_linkinfo, stdout) < 0) {
diff --git a/bridge/mdb.c b/bridge/mdb.c
index 24c4903..748091b 100644
--- a/bridge/mdb.c
+++ b/bridge/mdb.c
@@ -13,6 +13,7 @@
#include <linux/if_ether.h>
#include <string.h>
#include <arpa/inet.h>
+#include <json_writer.h>
#include "libnetlink.h"
#include "br_common.h"
@@ -21,65 +22,198 @@
#ifndef MDBA_RTA
#define MDBA_RTA(r) \
- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct br_port_msg))))
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct br_port_msg))))
#endif
-static unsigned int filter_index;
+static unsigned int filter_index, filter_vlan;
+json_writer_t *jw_global;
+static bool print_mdb_entries = true;
+static bool print_mdb_router = true;
static void usage(void)
{
fprintf(stderr, "Usage: bridge mdb { add | del } dev DEV port PORT grp GROUP [permanent | temp] [vid VID]\n");
- fprintf(stderr, " bridge mdb {show} [ dev DEV ]\n");
+ fprintf(stderr, " bridge mdb {show} [ dev DEV ] [ vid VID ]\n");
exit(-1);
}
-static void br_print_router_ports(FILE *f, struct rtattr *attr)
+static bool is_temp_mcast_rtr(__u8 type)
+{
+ return type == MDB_RTR_TYPE_TEMP_QUERY || type == MDB_RTR_TYPE_TEMP;
+}
+
+static void __print_router_port_stats(FILE *f, struct rtattr *pattr)
+{
+ struct rtattr *tb[MDBA_ROUTER_PATTR_MAX + 1];
+ struct timeval tv;
+ __u8 type;
+
+ parse_rtattr(tb, MDBA_ROUTER_PATTR_MAX, MDB_RTR_RTA(RTA_DATA(pattr)),
+ RTA_PAYLOAD(pattr) - RTA_ALIGN(sizeof(uint32_t)));
+ if (tb[MDBA_ROUTER_PATTR_TIMER]) {
+ __jiffies_to_tv(&tv,
+ rta_getattr_u32(tb[MDBA_ROUTER_PATTR_TIMER]));
+ if (jw_global) {
+ char formatted_time[9];
+
+ snprintf(formatted_time, sizeof(formatted_time),
+ "%4i.%.2i", (int)tv.tv_sec,
+ (int)tv.tv_usec/10000);
+ jsonw_string_field(jw_global, "timer", formatted_time);
+ } else {
+ fprintf(f, " %4i.%.2i",
+ (int)tv.tv_sec, (int)tv.tv_usec/10000);
+ }
+ }
+ if (tb[MDBA_ROUTER_PATTR_TYPE]) {
+ type = rta_getattr_u8(tb[MDBA_ROUTER_PATTR_TYPE]);
+ if (jw_global)
+ jsonw_string_field(jw_global, "type",
+ is_temp_mcast_rtr(type) ? "temp" : "permanent");
+ else
+ fprintf(f, " %s",
+ is_temp_mcast_rtr(type) ? "temp" : "permanent");
+ }
+}
+
+static void br_print_router_ports(FILE *f, struct rtattr *attr, __u32 brifidx)
{
uint32_t *port_ifindex;
struct rtattr *i;
int rem;
rem = RTA_PAYLOAD(attr);
- for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
- port_ifindex = RTA_DATA(i);
- fprintf(f, "%s ", ll_index_to_name(*port_ifindex));
+ if (jw_global) {
+ jsonw_name(jw_global, ll_index_to_name(brifidx));
+ jsonw_start_array(jw_global);
+ for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ port_ifindex = RTA_DATA(i);
+ jsonw_start_object(jw_global);
+ jsonw_string_field(jw_global,
+ "port",
+ ll_index_to_name(*port_ifindex));
+ if (show_stats)
+ __print_router_port_stats(f, i);
+ jsonw_end_object(jw_global);
+ }
+ jsonw_end_array(jw_global);
+ } else {
+ if (!show_stats)
+ fprintf(f, "router ports on %s: ",
+ ll_index_to_name(brifidx));
+ for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ port_ifindex = RTA_DATA(i);
+ if (show_stats) {
+ fprintf(f, "router ports on %s: %s",
+ ll_index_to_name(brifidx),
+ ll_index_to_name(*port_ifindex));
+ __print_router_port_stats(f, i);
+ fprintf(f, "\n");
+ } else{
+ fprintf(f, "%s ",
+ ll_index_to_name(*port_ifindex));
+ }
+ }
+ if (!show_stats)
+ fprintf(f, "\n");
}
+}
- fprintf(f, "\n");
+static void start_json_mdb_flags_array(bool *mdb_flags)
+{
+ if (*mdb_flags)
+ return;
+ jsonw_name(jw_global, "flags");
+ jsonw_start_array(jw_global);
+ *mdb_flags = true;
}
static void print_mdb_entry(FILE *f, int ifindex, struct br_mdb_entry *e,
- struct nlmsghdr *n)
+ struct nlmsghdr *n, struct rtattr **tb)
{
SPRINT_BUF(abuf);
const void *src;
int af;
+ bool mdb_flags = false;
+ if (filter_vlan && e->vid != filter_vlan)
+ return;
af = e->addr.proto == htons(ETH_P_IP) ? AF_INET : AF_INET6;
src = af == AF_INET ? (const void *)&e->addr.u.ip4 :
(const void *)&e->addr.u.ip6;
- if (n->nlmsg_type == RTM_DELMDB)
- fprintf(f, "Deleted ");
- fprintf(f, "dev %s port %s grp %s %s", ll_index_to_name(ifindex),
- ll_index_to_name(e->ifindex),
- inet_ntop(af, src, abuf, sizeof(abuf)),
- (e->state & MDB_PERMANENT) ? "permanent" : "temp");
- if (e->vid)
- fprintf(f, " vid %hu", e->vid);
- fprintf(f, "\n");
+ if (jw_global)
+ jsonw_start_object(jw_global);
+ if (n->nlmsg_type == RTM_DELMDB) {
+ if (jw_global)
+ jsonw_string_field(jw_global, "opCode", "deleted");
+ else
+ fprintf(f, "Deleted ");
+ }
+ if (jw_global) {
+ jsonw_string_field(jw_global, "dev", ll_index_to_name(ifindex));
+ jsonw_string_field(jw_global,
+ "port",
+ ll_index_to_name(e->ifindex));
+ jsonw_string_field(jw_global, "grp", inet_ntop(af, src,
+ abuf, sizeof(abuf)));
+ jsonw_string_field(jw_global, "state",
+ (e->state & MDB_PERMANENT) ? "permanent" : "temp");
+ if (e->flags & MDB_FLAGS_OFFLOAD) {
+ start_json_mdb_flags_array(&mdb_flags);
+ jsonw_string(jw_global, "offload");
+ }
+ if (mdb_flags)
+ jsonw_end_array(jw_global);
+ } else{
+ fprintf(f, "dev %s port %s grp %s %s %s",
+ ll_index_to_name(ifindex),
+ ll_index_to_name(e->ifindex),
+ inet_ntop(af, src, abuf, sizeof(abuf)),
+ (e->state & MDB_PERMANENT) ? "permanent" : "temp",
+ (e->flags & MDB_FLAGS_OFFLOAD) ? "offload" : "");
+ }
+ if (e->vid) {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "vid", e->vid);
+ else
+ fprintf(f, " vid %hu", e->vid);
+ }
+ if (show_stats && tb && tb[MDBA_MDB_EATTR_TIMER]) {
+ struct timeval tv;
+
+ __jiffies_to_tv(&tv, rta_getattr_u32(tb[MDBA_MDB_EATTR_TIMER]));
+ if (jw_global) {
+ char formatted_time[9];
+
+ snprintf(formatted_time, sizeof(formatted_time),
+ "%4i.%.2i", (int)tv.tv_sec,
+ (int)tv.tv_usec/10000);
+ jsonw_string_field(jw_global, "timer", formatted_time);
+ } else {
+ fprintf(f, "%4i.%.2i", (int)tv.tv_sec,
+ (int)tv.tv_usec/10000);
+ }
+ }
+ if (jw_global)
+ jsonw_end_object(jw_global);
+ else
+ fprintf(f, "\n");
}
static void br_print_mdb_entry(FILE *f, int ifindex, struct rtattr *attr,
struct nlmsghdr *n)
{
+ struct rtattr *etb[MDBA_MDB_EATTR_MAX + 1];
+ struct br_mdb_entry *e;
struct rtattr *i;
int rem;
- struct br_mdb_entry *e;
rem = RTA_PAYLOAD(attr);
for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
e = RTA_DATA(i);
- print_mdb_entry(f, ifindex, e, n);
+ parse_rtattr(etb, MDBA_MDB_EATTR_MAX, MDB_RTA(RTA_DATA(i)),
+ RTA_PAYLOAD(i) - RTA_ALIGN(sizeof(*e)));
+ print_mdb_entry(f, ifindex, e, n, etb);
}
}
@@ -108,34 +242,50 @@
parse_rtattr(tb, MDBA_MAX, MDBA_RTA(r), n->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
- if (tb[MDBA_MDB]) {
+ if (tb[MDBA_MDB] && print_mdb_entries) {
int rem = RTA_PAYLOAD(tb[MDBA_MDB]);
for (i = RTA_DATA(tb[MDBA_MDB]); RTA_OK(i, rem); i = RTA_NEXT(i, rem))
br_print_mdb_entry(fp, r->ifindex, i, n);
}
- if (tb[MDBA_ROUTER]) {
+ if (tb[MDBA_ROUTER] && print_mdb_router) {
if (n->nlmsg_type == RTM_GETMDB) {
- if (show_details) {
- fprintf(fp, "router ports on %s: ",
- ll_index_to_name(r->ifindex));
- br_print_router_ports(fp, tb[MDBA_ROUTER]);
- }
+ if (show_details)
+ br_print_router_ports(fp, tb[MDBA_ROUTER],
+ r->ifindex);
} else {
uint32_t *port_ifindex;
i = RTA_DATA(tb[MDBA_ROUTER]);
port_ifindex = RTA_DATA(i);
- if (n->nlmsg_type == RTM_DELMDB)
- fprintf(fp, "Deleted ");
- fprintf(fp, "router port dev %s master %s\n",
- ll_index_to_name(*port_ifindex),
- ll_index_to_name(r->ifindex));
+ if (n->nlmsg_type == RTM_DELMDB) {
+ if (jw_global)
+ jsonw_string_field(jw_global,
+ "opCode",
+ "deleted");
+ else
+ fprintf(fp, "Deleted ");
+ }
+ if (jw_global) {
+ jsonw_name(jw_global,
+ ll_index_to_name(r->ifindex));
+ jsonw_start_array(jw_global);
+ jsonw_start_object(jw_global);
+ jsonw_string_field(jw_global, "port",
+ ll_index_to_name(*port_ifindex));
+ jsonw_end_object(jw_global);
+ jsonw_end_array(jw_global);
+ } else {
+ fprintf(fp, "router port dev %s master %s\n",
+ ll_index_to_name(*port_ifindex),
+ ll_index_to_name(r->ifindex));
+ }
}
}
- fflush(fp);
+ if (!jw_global)
+ fflush(fp);
return 0;
}
@@ -150,6 +300,11 @@
if (filter_dev)
duparg("dev", *argv);
filter_dev = *argv;
+ } else if (strcmp(*argv, "vid") == 0) {
+ NEXT_ARG();
+ if (filter_vlan)
+ duparg("vid", *argv);
+ filter_vlan = atoi(*argv);
}
argc--; argv++;
}
@@ -163,15 +318,54 @@
}
}
+ /* get mdb entries*/
if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETMDB) < 0) {
perror("Cannot send dump request");
return -1;
}
+ if (!json_output) {
+ /* Normal output */
+ if (rtnl_dump_filter(&rth, print_mdb, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return -1;
+ }
+ return 0;
+ }
+ /* Json output */
+ jw_global = jsonw_new(stdout);
+ jsonw_pretty(jw_global, 1);
+ jsonw_start_object(jw_global);
+ jsonw_name(jw_global, "mdb");
+ jsonw_start_array(jw_global);
+
+ /* print mdb entries */
+ print_mdb_entries = true;
+ print_mdb_router = false;
if (rtnl_dump_filter(&rth, print_mdb, stdout) < 0) {
fprintf(stderr, "Dump terminated\n");
return -1;
}
+ jsonw_end_array(jw_global);
+
+ /* get router ports */
+ if (rtnl_wilddump_request(&rth, PF_BRIDGE, RTM_GETMDB) < 0) {
+ perror("Cannot send dump request");
+ return -1;
+ }
+ jsonw_name(jw_global, "router");
+ jsonw_start_object(jw_global);
+
+ /* print router ports */
+ print_mdb_entries = false;
+ print_mdb_router = true;
+ if (rtnl_dump_filter(&rth, print_mdb, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return -1;
+ }
+ jsonw_end_object(jw_global);
+ jsonw_end_object(jw_global);
+ jsonw_destroy(&jw_global);
return 0;
}
@@ -179,22 +373,19 @@
static int mdb_modify(int cmd, int flags, int argc, char **argv)
{
struct {
- struct nlmsghdr n;
+ struct nlmsghdr n;
struct br_port_msg bpm;
- char buf[1024];
- } req;
- struct br_mdb_entry entry;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct br_port_msg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .bpm.family = PF_BRIDGE,
+ };
+ struct br_mdb_entry entry = {};
char *d = NULL, *p = NULL, *grp = NULL;
short vid = 0;
- memset(&req, 0, sizeof(req));
- memset(&entry, 0, sizeof(entry));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct br_port_msg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.bpm.family = PF_BRIDGE;
-
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
diff --git a/bridge/monitor.c b/bridge/monitor.c
index d8341ec..d294269 100644
--- a/bridge/monitor.c
+++ b/bridge/monitor.c
@@ -76,10 +76,10 @@
int do_monitor(int argc, char **argv)
{
char *file = NULL;
- unsigned groups = ~RTMGRP_TC;
- int llink=0;
- int lneigh=0;
- int lmdb=0;
+ unsigned int groups = ~RTMGRP_TC;
+ int llink = 0;
+ int lneigh = 0;
+ int lmdb = 0;
rtnl_close(&rth);
@@ -88,7 +88,7 @@
NEXT_ARG();
file = *argv;
} else if (matches(*argv, "link") == 0) {
- llink=1;
+ llink = 1;
groups = 0;
} else if (matches(*argv, "fdb") == 0) {
lneigh = 1;
@@ -98,7 +98,7 @@
groups = 0;
} else if (strcmp(*argv, "all") == 0) {
groups = ~RTMGRP_TC;
- prefix_banner=1;
+ prefix_banner = 1;
} else if (matches(*argv, "help") == 0) {
usage();
} else {
@@ -122,6 +122,7 @@
if (file) {
FILE *fp;
int err;
+
fp = fopen(file, "r");
if (fp == NULL) {
perror("Cannot fopen");
@@ -141,4 +142,3 @@
return 0;
}
-
diff --git a/bridge/vlan.c b/bridge/vlan.c
index ac2f523..ccd14bf 100644
--- a/bridge/vlan.c
+++ b/bridge/vlan.c
@@ -7,50 +7,53 @@
#include <netinet/in.h>
#include <linux/if_bridge.h>
#include <linux/if_ether.h>
+#include <json_writer.h>
#include <string.h>
#include "libnetlink.h"
#include "br_common.h"
#include "utils.h"
-static unsigned int filter_index;
+static unsigned int filter_index, filter_vlan;
+static int last_ifidx = -1;
+
+json_writer_t *jw_global;
static void usage(void)
{
- fprintf(stderr, "Usage: bridge vlan { add | del } vid VLAN_ID dev DEV [ pvid] [ untagged ]\n");
- fprintf(stderr, " [ self ] [ master ]\n");
- fprintf(stderr, " bridge vlan { show } [ dev DEV ]\n");
+ fprintf(stderr,
+ "Usage: bridge vlan { add | del } vid VLAN_ID dev DEV [ pvid ] [ untagged ]\n"
+ " [ self ] [ master ]\n"
+ " bridge vlan { show } [ dev DEV ] [ vid VLAN_ID ]\n");
exit(-1);
}
static int vlan_modify(int cmd, int argc, char **argv)
{
struct {
- struct nlmsghdr n;
- struct ifinfomsg ifm;
- char buf[1024];
- } req;
+ struct nlmsghdr n;
+ struct ifinfomsg ifm;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = cmd,
+ .ifm.ifi_family = PF_BRIDGE,
+ };
char *d = NULL;
short vid = -1;
short vid_end = -1;
struct rtattr *afspec;
- struct bridge_vlan_info vinfo;
+ struct bridge_vlan_info vinfo = {};
unsigned short flags = 0;
- memset(&vinfo, 0, sizeof(vinfo));
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = cmd;
- req.ifm.ifi_family = PF_BRIDGE;
-
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
d = *argv;
} else if (strcmp(*argv, "vid") == 0) {
char *p;
+
NEXT_ARG();
p = strchr(*argv, '-');
if (p) {
@@ -71,9 +74,8 @@
} else if (strcmp(*argv, "untagged") == 0) {
vinfo.flags |= BRIDGE_VLAN_INFO_UNTAGGED;
} else {
- if (matches(*argv, "help") == 0) {
+ if (matches(*argv, "help") == 0)
NEXT_ARG();
- }
}
argc--; argv++;
}
@@ -137,6 +139,48 @@
return 0;
}
+/* In order to use this function for both filtering and non-filtering cases
+ * we need to make it a tristate:
+ * return -1 - if filtering we've gone over so don't continue
+ * return 0 - skip entry and continue (applies to range start or to entries
+ * which are less than filter_vlan)
+ * return 1 - print the entry and continue
+ */
+static int filter_vlan_check(struct bridge_vlan_info *vinfo)
+{
+ /* if we're filtering we should stop on the first greater entry */
+ if (filter_vlan && vinfo->vid > filter_vlan &&
+ !(vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END))
+ return -1;
+ if ((vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) ||
+ vinfo->vid < filter_vlan)
+ return 0;
+
+ return 1;
+}
+
+static void print_vlan_port(FILE *fp, int ifi_index)
+{
+ if (jw_global) {
+ jsonw_pretty(jw_global, 1);
+ jsonw_name(jw_global,
+ ll_index_to_name(ifi_index));
+ jsonw_start_array(jw_global);
+ } else {
+ fprintf(fp, "%s",
+ ll_index_to_name(ifi_index));
+ }
+}
+
+static void start_json_vlan_flags_array(bool *vlan_flags)
+{
+ if (*vlan_flags)
+ return;
+ jsonw_name(jw_global, "flags");
+ jsonw_start_array(jw_global);
+ *vlan_flags = true;
+}
+
static int print_vlan(const struct sockaddr_nl *who,
struct nlmsghdr *n,
void *arg)
@@ -144,7 +188,7 @@
FILE *fp = arg;
struct ifinfomsg *ifm = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[IFLA_MAX+1];
+ struct rtattr *tb[IFLA_MAX+1];
if (n->nlmsg_type != RTM_NEWLINK) {
fprintf(stderr, "Not RTM_NEWLINK: %08x %08x %08x\n",
@@ -168,34 +212,102 @@
/* if AF_SPEC isn't there, vlan table is not preset for this port */
if (!tb[IFLA_AF_SPEC]) {
- fprintf(fp, "%s\tNone\n", ll_index_to_name(ifm->ifi_index));
+ if (!filter_vlan && !jw_global)
+ fprintf(fp, "%s\tNone\n",
+ ll_index_to_name(ifm->ifi_index));
return 0;
- } else {
- struct rtattr *i, *list = tb[IFLA_AF_SPEC];
- int rem = RTA_PAYLOAD(list);
-
- fprintf(fp, "%s", ll_index_to_name(ifm->ifi_index));
- for (i = RTA_DATA(list); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
- struct bridge_vlan_info *vinfo;
-
- if (i->rta_type != IFLA_BRIDGE_VLAN_INFO)
- continue;
-
- vinfo = RTA_DATA(i);
- if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END)
- fprintf(fp, "-%hu", vinfo->vid);
- else
- fprintf(fp, "\t %hu", vinfo->vid);
- if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN)
- continue;
- if (vinfo->flags & BRIDGE_VLAN_INFO_PVID)
- fprintf(fp, " PVID");
- if (vinfo->flags & BRIDGE_VLAN_INFO_UNTAGGED)
- fprintf(fp, " Egress Untagged");
- fprintf(fp, "\n");
- }
}
+
+ print_vlan_info(fp, tb[IFLA_AF_SPEC], ifm->ifi_index);
+ if (!filter_vlan) {
+ if (jw_global)
+ jsonw_end_array(jw_global);
+ else
+ fprintf(fp, "\n");
+
+ }
+ fflush(fp);
+ return 0;
+}
+
+static void print_one_vlan_stats(FILE *fp,
+ const struct bridge_vlan_xstats *vstats,
+ int ifindex)
+{
+ const char *ifname = "";
+
+ if (filter_vlan && filter_vlan != vstats->vid)
+ return;
+ /* skip pure port entries, they'll be dumped via the slave stats call */
+ if ((vstats->flags & BRIDGE_VLAN_INFO_MASTER) &&
+ !(vstats->flags & BRIDGE_VLAN_INFO_BRENTRY))
+ return;
+
+ if (last_ifidx != ifindex) {
+ ifname = ll_index_to_name(ifindex);
+ last_ifidx = ifindex;
+ }
+ fprintf(fp, "%-16s %hu", ifname, vstats->vid);
+ if (vstats->flags & BRIDGE_VLAN_INFO_PVID)
+ fprintf(fp, " PVID");
+ if (vstats->flags & BRIDGE_VLAN_INFO_UNTAGGED)
+ fprintf(fp, " Egress Untagged");
fprintf(fp, "\n");
+ fprintf(fp, "%-16s RX: %llu bytes %llu packets\n",
+ "", vstats->rx_bytes, vstats->rx_packets);
+ fprintf(fp, "%-16s TX: %llu bytes %llu packets\n",
+ "", vstats->tx_bytes, vstats->tx_packets);
+}
+
+static void print_vlan_stats_attr(FILE *fp, struct rtattr *attr, int ifindex)
+{
+ struct rtattr *brtb[LINK_XSTATS_TYPE_MAX+1];
+ struct rtattr *i, *list;
+ int rem;
+
+ parse_rtattr(brtb, LINK_XSTATS_TYPE_MAX, RTA_DATA(attr),
+ RTA_PAYLOAD(attr));
+ if (!brtb[LINK_XSTATS_TYPE_BRIDGE])
+ return;
+
+ list = brtb[LINK_XSTATS_TYPE_BRIDGE];
+ rem = RTA_PAYLOAD(list);
+ for (i = RTA_DATA(list); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ if (i->rta_type != BRIDGE_XSTATS_VLAN)
+ continue;
+ print_one_vlan_stats(fp, RTA_DATA(i), ifindex);
+ }
+}
+
+static int print_vlan_stats(const struct sockaddr_nl *who,
+ struct nlmsghdr *n,
+ void *arg)
+{
+ struct if_stats_msg *ifsm = NLMSG_DATA(n);
+ struct rtattr *tb[IFLA_STATS_MAX+1];
+ int len = n->nlmsg_len;
+ FILE *fp = arg;
+
+ len -= NLMSG_LENGTH(sizeof(*ifsm));
+ if (len < 0) {
+ fprintf(stderr, "BUG: wrong nlmsg len %d\n", len);
+ return -1;
+ }
+
+ if (filter_index && filter_index != ifsm->ifindex)
+ return 0;
+
+ parse_rtattr(tb, IFLA_STATS_MAX, IFLA_STATS_RTA(ifsm), len);
+
+ /* We have to check if any of the two attrs are usable */
+ if (tb[IFLA_STATS_LINK_XSTATS])
+ print_vlan_stats_attr(fp, tb[IFLA_STATS_LINK_XSTATS],
+ ifsm->ifindex);
+
+ if (tb[IFLA_STATS_LINK_XSTATS_SLAVE])
+ print_vlan_stats_attr(fp, tb[IFLA_STATS_LINK_XSTATS_SLAVE],
+ ifsm->ifindex);
+
fflush(fp);
return 0;
}
@@ -210,35 +322,159 @@
if (filter_dev)
duparg("dev", *argv);
filter_dev = *argv;
+ } else if (strcmp(*argv, "vid") == 0) {
+ NEXT_ARG();
+ if (filter_vlan)
+ duparg("vid", *argv);
+ filter_vlan = atoi(*argv);
}
argc--; argv++;
}
if (filter_dev) {
- if ((filter_index = if_nametoindex(filter_dev)) == 0) {
+ filter_index = if_nametoindex(filter_dev);
+ if (filter_index == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n",
- filter_dev);
+ filter_dev);
return -1;
}
}
- if (rtnl_wilddump_req_filter(&rth, PF_BRIDGE, RTM_GETLINK,
- (compress_vlans ?
- RTEXT_FILTER_BRVLAN_COMPRESSED :
- RTEXT_FILTER_BRVLAN)) < 0) {
- perror("Cannont send dump request");
- exit(1);
+ if (!show_stats) {
+ if (rtnl_wilddump_req_filter(&rth, PF_BRIDGE, RTM_GETLINK,
+ (compress_vlans ?
+ RTEXT_FILTER_BRVLAN_COMPRESSED :
+ RTEXT_FILTER_BRVLAN)) < 0) {
+ perror("Cannont send dump request");
+ exit(1);
+ }
+ if (json_output) {
+ jw_global = jsonw_new(stdout);
+ if (!jw_global) {
+ fprintf(stderr, "Error allocation json object\n");
+ exit(1);
+ }
+ jsonw_start_object(jw_global);
+ } else {
+ printf("port\tvlan ids\n");
+ }
+
+ if (rtnl_dump_filter(&rth, print_vlan, stdout) < 0) {
+ fprintf(stderr, "Dump ternminated\n");
+ exit(1);
+ }
+ } else {
+ __u32 filt_mask;
+
+ filt_mask = IFLA_STATS_FILTER_BIT(IFLA_STATS_LINK_XSTATS);
+ if (rtnl_wilddump_stats_req_filter(&rth, AF_UNSPEC,
+ RTM_GETSTATS,
+ filt_mask) < 0) {
+ perror("Cannont send dump request");
+ exit(1);
+ }
+
+ printf("%-16s vlan id\n", "port");
+ if (rtnl_dump_filter(&rth, print_vlan_stats, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ exit(1);
+ }
+
+ filt_mask = IFLA_STATS_FILTER_BIT(IFLA_STATS_LINK_XSTATS_SLAVE);
+ if (rtnl_wilddump_stats_req_filter(&rth, AF_UNSPEC,
+ RTM_GETSTATS,
+ filt_mask) < 0) {
+ perror("Cannont send slave dump request");
+ exit(1);
+ }
+
+ if (rtnl_dump_filter(&rth, print_vlan_stats, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ exit(1);
+ }
}
- printf("port\tvlan ids\n");
- if (rtnl_dump_filter(&rth, print_vlan, stdout) < 0) {
- fprintf(stderr, "Dump ternminated\n");
- exit(1);
+ if (jw_global) {
+ jsonw_end_object(jw_global);
+ jsonw_destroy(&jw_global);
}
return 0;
}
+void print_vlan_info(FILE *fp, struct rtattr *tb, int ifindex)
+{
+ struct rtattr *i, *list = tb;
+ int rem = RTA_PAYLOAD(list);
+ __u16 last_vid_start = 0;
+ bool vlan_flags = false;
+
+ if (!filter_vlan)
+ print_vlan_port(fp, ifindex);
+
+ for (i = RTA_DATA(list); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ struct bridge_vlan_info *vinfo;
+ int vcheck_ret;
+
+ if (i->rta_type != IFLA_BRIDGE_VLAN_INFO)
+ continue;
+
+ vinfo = RTA_DATA(i);
+
+ if (!(vinfo->flags & BRIDGE_VLAN_INFO_RANGE_END))
+ last_vid_start = vinfo->vid;
+ vcheck_ret = filter_vlan_check(vinfo);
+ if (vcheck_ret == -1)
+ break;
+ else if (vcheck_ret == 0)
+ continue;
+
+ if (filter_vlan)
+ print_vlan_port(fp, ifindex);
+ if (jw_global) {
+ jsonw_start_object(jw_global);
+ jsonw_uint_field(jw_global, "vlan",
+ last_vid_start);
+ if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN)
+ continue;
+ } else {
+ fprintf(fp, "\t %hu", last_vid_start);
+ }
+ if (last_vid_start != vinfo->vid) {
+ if (jw_global)
+ jsonw_uint_field(jw_global, "vlanEnd",
+ vinfo->vid);
+ else
+ fprintf(fp, "-%hu", vinfo->vid);
+ }
+ if (vinfo->flags & BRIDGE_VLAN_INFO_PVID) {
+ if (jw_global) {
+ start_json_vlan_flags_array(&vlan_flags);
+ jsonw_string(jw_global, "PVID");
+ } else {
+ fprintf(fp, " PVID");
+ }
+ }
+ if (vinfo->flags & BRIDGE_VLAN_INFO_UNTAGGED) {
+ if (jw_global) {
+ start_json_vlan_flags_array(&vlan_flags);
+ jsonw_string(jw_global,
+ "Egress Untagged");
+ } else {
+ fprintf(fp, " Egress Untagged");
+ }
+ }
+ if (jw_global && vlan_flags) {
+ jsonw_end_array(jw_global);
+ vlan_flags = false;
+ }
+
+ if (jw_global)
+ jsonw_end_object(jw_global);
+ else
+ fprintf(fp, "\n");
+ }
+}
int do_vlan(int argc, char **argv)
{
@@ -255,9 +491,10 @@
return vlan_show(argc-1, argv+1);
if (matches(*argv, "help") == 0)
usage();
- } else
+ } else {
return vlan_show(0, NULL);
+ }
- fprintf(stderr, "Command \"%s\" is unknown, try \"bridge fdb help\".\n", *argv);
+ fprintf(stderr, "Command \"%s\" is unknown, try \"bridge vlan help\".\n", *argv);
exit(-1);
}
diff --git a/configure b/configure
index d2540b0..f0668ab 100755
--- a/configure
+++ b/configure
@@ -3,6 +3,9 @@
#
INCLUDE=${1:-"$PWD/include"}
+# Output file which is input to Makefile
+CONFIG=config.mk
+
# Make a temp directory in build tree.
TMPDIR=$(mktemp -d config.XXXXXX)
trap 'status=$?; rm -rf $TMPDIR; exit $status' EXIT HUP INT QUIT TERM
@@ -10,7 +13,7 @@
check_prog()
{
echo -n "$2"
- command -v $1 >/dev/null 2>&1 && (echo "$3:=y" >> Config; echo "yes") || (echo "no"; return 1)
+ command -v $1 >/dev/null 2>&1 && (echo "$3:=y" >> $CONFIG; echo "yes") || (echo "no"; return 1)
}
check_docs()
@@ -30,9 +33,9 @@
: ${PKG_CONFIG:=pkg-config}
: ${AR=ar}
: ${CC=gcc}
- echo "PKG_CONFIG:=${PKG_CONFIG}" >>Config
- echo "AR:=${AR}" >>Config
- echo "CC:=${CC}" >>Config
+ echo "PKG_CONFIG:=${PKG_CONFIG}" >>$CONFIG
+ echo "AR:=${AR}" >>$CONFIG
+ echo "CC:=${CC}" >>$CONFIG
}
check_atm()
@@ -49,7 +52,7 @@
$CC -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1
if [ $? -eq 0 ]
then
- echo "TC_CONFIG_ATM:=y" >>Config
+ echo "TC_CONFIG_ATM:=y" >>$CONFIG
echo yes
else
echo no
@@ -57,6 +60,14 @@
rm -f $TMPDIR/atmtest.c $TMPDIR/atmtest
}
+check_xtables()
+{
+ if ! ${PKG_CONFIG} xtables --exists
+ then
+ echo "TC_CONFIG_NO_XT:=y" >>$CONFIG
+ fi
+}
+
check_xt()
{
#check if we have xtables from iptables >= 1.4.5.
@@ -82,7 +93,7 @@
if $CC -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL \
$(${PKG_CONFIG} xtables --cflags --libs) -ldl >/dev/null 2>&1
then
- echo "TC_CONFIG_XT:=y" >>Config
+ echo "TC_CONFIG_XT:=y" >>$CONFIG
echo "using xtables"
fi
rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
@@ -91,7 +102,7 @@
check_xt_old()
{
# bail if previous XT checks has already succeded.
- if grep -q TC_CONFIG_XT Config
+ if grep -q TC_CONFIG_XT $CONFIG
then
return
fi
@@ -121,7 +132,7 @@
$CC -I$INCLUDE $IPTC -o $TMPDIR/ipttest $TMPDIR/ipttest.c $IPTL -ldl >/dev/null 2>&1
if [ $? -eq 0 ]
then
- echo "TC_CONFIG_XT_OLD:=y" >>Config
+ echo "TC_CONFIG_XT_OLD:=y" >>$CONFIG
echo "using old xtables (no need for xt-internal.h)"
fi
rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
@@ -130,7 +141,7 @@
check_xt_old_internal_h()
{
# bail if previous XT checks has already succeded.
- if grep -q TC_CONFIG_XT Config
+ if grep -q TC_CONFIG_XT $CONFIG
then
return
fi
@@ -162,14 +173,14 @@
if [ $? -eq 0 ]
then
echo "using old xtables with xt-internal.h"
- echo "TC_CONFIG_XT_OLD_H:=y" >>Config
+ echo "TC_CONFIG_XT_OLD_H:=y" >>$CONFIG
fi
rm -f $TMPDIR/ipttest.c $TMPDIR/ipttest
}
check_ipt()
{
- if ! grep TC_CONFIG_XT Config > /dev/null
+ if ! grep TC_CONFIG_XT $CONFIG > /dev/null
then
echo "using iptables"
fi
@@ -180,7 +191,7 @@
IPT_LIB_DIR=$(${PKG_CONFIG} --variable=xtlibdir xtables)
if [ -n "$IPT_LIB_DIR" ]; then
echo $IPT_LIB_DIR
- echo "IPT_LIB_DIR:=$IPT_LIB_DIR" >> Config
+ echo "IPT_LIB_DIR:=$IPT_LIB_DIR" >> $CONFIG
return
fi
@@ -189,7 +200,7 @@
for file in $dir/{xtables,iptables}/lib*t_*so ; do
if [ -f $file ]; then
echo ${file%/*}
- echo "IPT_LIB_DIR:=${file%/*}" >> Config
+ echo "IPT_LIB_DIR:=${file%/*}" >> $CONFIG
return
fi
done
@@ -210,8 +221,9 @@
$CC -I$INCLUDE -o $TMPDIR/setnstest $TMPDIR/setnstest.c >/dev/null 2>&1
if [ $? -eq 0 ]
then
- echo "IP_CONFIG_SETNS:=y" >>Config
+ echo "IP_CONFIG_SETNS:=y" >>$CONFIG
echo "yes"
+ echo "CFLAGS += -DHAVE_SETNS" >>$CONFIG
else
echo "no"
fi
@@ -241,7 +253,7 @@
if $CC -I$INCLUDE -o $TMPDIR/ipsettest $TMPDIR/ipsettest.c >/dev/null 2>&1
then
- echo "TC_CONFIG_IPSET:=y" >>Config
+ echo "TC_CONFIG_IPSET:=y" >>$CONFIG
echo "yes"
else
echo "no"
@@ -251,25 +263,16 @@
check_elf()
{
- cat >$TMPDIR/elftest.c <<EOF
-#include <libelf.h>
-#include <gelf.h>
-int main(void)
-{
- Elf_Scn *scn;
- GElf_Shdr shdr;
- return elf_version(EV_CURRENT);
-}
-EOF
-
- if $CC -I$INCLUDE -o $TMPDIR/elftest $TMPDIR/elftest.c -lelf >/dev/null 2>&1
+ if ${PKG_CONFIG} libelf --exists
then
- echo "TC_CONFIG_ELF:=y" >>Config
+ echo "HAVE_ELF:=y" >>$CONFIG
echo "yes"
+
+ echo 'CFLAGS += -DHAVE_ELF' `${PKG_CONFIG} libelf --cflags` >> $CONFIG
+ echo 'LDLIBS += ' `${PKG_CONFIG} libelf --libs` >>$CONFIG
else
echo "no"
fi
- rm -f $TMPDIR/elftest.c $TMPDIR/elftest
}
check_selinux()
@@ -277,8 +280,11 @@
{
if ${PKG_CONFIG} libselinux --exists
then
- echo "HAVE_SELINUX:=y" >>Config
+ echo "HAVE_SELINUX:=y" >>$CONFIG
echo "yes"
+
+ echo 'LDLIBS +=' `${PKG_CONFIG} --libs libselinux` >>$CONFIG
+ echo 'CFLAGS += -DHAVE_SELINUX' `${PKG_CONFIG} --cflags libselinux` >>$CONFIG
else
echo "no"
fi
@@ -288,8 +294,11 @@
{
if ${PKG_CONFIG} libmnl --exists
then
- echo "HAVE_MNL:=y" >>Config
+ echo "HAVE_MNL:=y" >>$CONFIG
echo "yes"
+
+ echo 'CFLAGS += -DHAVE_LIBMNL' `${PKG_CONFIG} libmnl --cflags` >>$CONFIG
+ echo 'LDLIBS +=' `${PKG_CONFIG} libmnl --libs` >> $CONFIG
else
echo "no"
fi
@@ -309,7 +318,7 @@
$CC -I$INCLUDE -o $TMPDIR/dbtest $TMPDIR/dbtest.c -ldb >/dev/null 2>&1
if [ $? -eq 0 ]
then
- echo "HAVE_BERKELEY_DB:=y" >>Config
+ echo "HAVE_BERKELEY_DB:=y" >>$CONFIG
echo "yes"
else
echo "no"
@@ -317,7 +326,56 @@
rm -f $TMPDIR/dbtest.c $TMPDIR/dbtest
}
-echo "# Generated config based on" $INCLUDE >Config
+check_strlcpy()
+{
+ cat >$TMPDIR/strtest.c <<EOF
+#include <string.h>
+int main(int argc, char **argv) {
+ char dst[10];
+ strlcpy(dst, "test", sizeof(dst));
+ return 0;
+}
+EOF
+ $CC -I$INCLUDE -o $TMPDIR/strtest $TMPDIR/strtest.c >/dev/null 2>&1
+ if [ $? -eq 0 ]
+ then
+ echo "no"
+ else
+ echo 'CFLAGS += -DNEED_STRLCPY' >>$CONFIG
+ echo "yes"
+ fi
+ rm -f $TMPDIR/strtest.c $TMPDIR/strtest
+}
+
+quiet_config()
+{
+ cat <<EOF
+# user can control verbosity similar to kernel builds (e.g., V=1)
+ifeq ("\$(origin V)", "command line")
+ VERBOSE = \$(V)
+endif
+ifndef VERBOSE
+ VERBOSE = 0
+endif
+ifeq (\$(VERBOSE),1)
+ Q =
+else
+ Q = @
+endif
+
+ifeq (\$(VERBOSE), 0)
+ QUIET_CC = @echo ' CC '\$@;
+ QUIET_AR = @echo ' AR '\$@;
+ QUIET_LINK = @echo ' LINK '\$@;
+ QUIET_YACC = @echo ' YACC '\$@;
+ QUIET_LEX = @echo ' LEX '\$@;
+endif
+EOF
+}
+
+echo "# Generated config based on" $INCLUDE >$CONFIG
+quiet_config >> $CONFIG
+
check_toolchain
echo "TC schedulers"
@@ -325,18 +383,25 @@
echo -n " ATM "
check_atm
-echo -n " IPT "
-check_xt
-check_xt_old
-check_xt_old_internal_h
-check_ipt
+check_xtables
+if ! grep -q TC_CONFIG_NO_XT $CONFIG
+then
+ echo -n " IPT "
+ check_xt
+ check_xt_old
+ check_xt_old_internal_h
+ check_ipt
-echo -n " IPSET "
-check_ipset
+ echo -n " IPSET "
+ check_ipset
+fi
echo
-echo -n "iptables modules directory: "
-check_ipt_lib_dir
+if ! grep -q TC_CONFIG_NO_XT $CONFIG
+then
+ echo -n "iptables modules directory: "
+ check_ipt_lib_dir
+fi
echo -n "libc has setns: "
check_setns
@@ -353,7 +418,14 @@
echo -n "Berkeley DB: "
check_berkeley_db
+echo -n "need for strlcpy: "
+check_strlcpy
+
echo
echo -n "docs:"
check_docs
echo
+
+echo >> $CONFIG
+echo "%.o: %.c" >> $CONFIG
+echo ' $(QUIET_CC)$(CC) $(CFLAGS) $(EXTRA_CFLAGS) -c -o $@ $<' >> $CONFIG
diff --git a/devlink/.gitignore b/devlink/.gitignore
new file mode 100644
index 0000000..08d175f
--- /dev/null
+++ b/devlink/.gitignore
@@ -0,0 +1 @@
+devlink
diff --git a/devlink/Makefile b/devlink/Makefile
new file mode 100644
index 0000000..3b2067d
--- /dev/null
+++ b/devlink/Makefile
@@ -0,0 +1,22 @@
+include ../config.mk
+
+ifeq ($(HAVE_MNL),y)
+
+DEVLINKOBJ = devlink.o mnlg.o
+TARGETS=devlink
+
+CFLAGS += $(shell $(PKG_CONFIG) libmnl --cflags)
+LDLIBS += $(shell $(PKG_CONFIG) libmnl --libs)
+
+endif
+
+all: $(TARGETS) $(LIBS)
+
+devlink: $(DEVLINKOBJ)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
+
+install: all
+ install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+
+clean:
+ rm -f $(DEVLINKOBJ) $(TARGETS)
diff --git a/devlink/devlink.c b/devlink/devlink.c
new file mode 100644
index 0000000..1b15eef
--- /dev/null
+++ b/devlink/devlink.c
@@ -0,0 +1,4019 @@
+/*
+ * devlink.c Devlink tool
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Jiri Pirko <jiri@mellanox.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdbool.h>
+#include <unistd.h>
+#include <getopt.h>
+#include <limits.h>
+#include <errno.h>
+#include <linux/genetlink.h>
+#include <linux/devlink.h>
+#include <libmnl/libmnl.h>
+#include <netinet/ether.h>
+
+#include "SNAPSHOT.h"
+#include "list.h"
+#include "mnlg.h"
+#include "json_writer.h"
+#include "utils.h"
+
+#define ESWITCH_MODE_LEGACY "legacy"
+#define ESWITCH_MODE_SWITCHDEV "switchdev"
+#define ESWITCH_INLINE_MODE_NONE "none"
+#define ESWITCH_INLINE_MODE_LINK "link"
+#define ESWITCH_INLINE_MODE_NETWORK "network"
+#define ESWITCH_INLINE_MODE_TRANSPORT "transport"
+
+#define pr_err(args...) fprintf(stderr, ##args)
+#define pr_out(args...) \
+ do { \
+ if (g_indent_newline) { \
+ fprintf(stdout, "%s", g_indent_str); \
+ g_indent_newline = false; \
+ } \
+ fprintf(stdout, ##args); \
+ } while (0)
+
+#define pr_out_sp(num, args...) \
+ do { \
+ int ret = fprintf(stdout, ##args); \
+ if (ret < num) \
+ fprintf(stdout, "%*s", num - ret, ""); \
+ } while (0)
+
+static int g_indent_level;
+static bool g_indent_newline;
+#define INDENT_STR_STEP 2
+#define INDENT_STR_MAXLEN 32
+static char g_indent_str[INDENT_STR_MAXLEN + 1] = "";
+
+static void __pr_out_indent_inc(void)
+{
+ if (g_indent_level + INDENT_STR_STEP > INDENT_STR_MAXLEN)
+ return;
+ g_indent_level += INDENT_STR_STEP;
+ memset(g_indent_str, ' ', sizeof(g_indent_str));
+ g_indent_str[g_indent_level] = '\0';
+}
+
+static void __pr_out_indent_dec(void)
+{
+ if (g_indent_level - INDENT_STR_STEP < 0)
+ return;
+ g_indent_level -= INDENT_STR_STEP;
+ g_indent_str[g_indent_level] = '\0';
+}
+
+static void __pr_out_newline(void)
+{
+ pr_out("\n");
+ g_indent_newline = true;
+}
+
+static int _mnlg_socket_recv_run(struct mnlg_socket *nlg,
+ mnl_cb_t data_cb, void *data)
+{
+ int err;
+
+ err = mnlg_socket_recv_run(nlg, data_cb, data);
+ if (err < 0) {
+ pr_err("devlink answers: %s\n", strerror(errno));
+ return -errno;
+ }
+ return 0;
+}
+
+static int _mnlg_socket_sndrcv(struct mnlg_socket *nlg,
+ const struct nlmsghdr *nlh,
+ mnl_cb_t data_cb, void *data)
+{
+ int err;
+
+ err = mnlg_socket_send(nlg, nlh);
+ if (err < 0) {
+ pr_err("Failed to call mnlg_socket_send\n");
+ return -errno;
+ }
+ return _mnlg_socket_recv_run(nlg, data_cb, data);
+}
+
+static int _mnlg_socket_group_add(struct mnlg_socket *nlg,
+ const char *group_name)
+{
+ int err;
+
+ err = mnlg_socket_group_add(nlg, group_name);
+ if (err < 0) {
+ pr_err("Failed to call mnlg_socket_group_add\n");
+ return -errno;
+ }
+ return 0;
+}
+
+struct ifname_map {
+ struct list_head list;
+ char *bus_name;
+ char *dev_name;
+ uint32_t port_index;
+ char *ifname;
+};
+
+static struct ifname_map *ifname_map_alloc(const char *bus_name,
+ const char *dev_name,
+ uint32_t port_index,
+ const char *ifname)
+{
+ struct ifname_map *ifname_map;
+
+ ifname_map = calloc(1, sizeof(*ifname_map));
+ if (!ifname_map)
+ return NULL;
+ ifname_map->bus_name = strdup(bus_name);
+ ifname_map->dev_name = strdup(dev_name);
+ ifname_map->port_index = port_index;
+ ifname_map->ifname = strdup(ifname);
+ if (!ifname_map->bus_name || !ifname_map->dev_name ||
+ !ifname_map->ifname) {
+ free(ifname_map->ifname);
+ free(ifname_map->dev_name);
+ free(ifname_map->bus_name);
+ free(ifname_map);
+ return NULL;
+ }
+ return ifname_map;
+}
+
+static void ifname_map_free(struct ifname_map *ifname_map)
+{
+ free(ifname_map->ifname);
+ free(ifname_map->dev_name);
+ free(ifname_map->bus_name);
+ free(ifname_map);
+}
+
+#define DL_OPT_HANDLE BIT(0)
+#define DL_OPT_HANDLEP BIT(1)
+#define DL_OPT_PORT_TYPE BIT(2)
+#define DL_OPT_PORT_COUNT BIT(3)
+#define DL_OPT_SB BIT(4)
+#define DL_OPT_SB_POOL BIT(5)
+#define DL_OPT_SB_SIZE BIT(6)
+#define DL_OPT_SB_TYPE BIT(7)
+#define DL_OPT_SB_THTYPE BIT(8)
+#define DL_OPT_SB_TH BIT(9)
+#define DL_OPT_SB_TC BIT(10)
+#define DL_OPT_ESWITCH_MODE BIT(11)
+#define DL_OPT_ESWITCH_INLINE_MODE BIT(12)
+#define DL_OPT_DPIPE_TABLE_NAME BIT(13)
+#define DL_OPT_DPIPE_TABLE_COUNTERS BIT(14)
+#define DL_OPT_ESWITCH_ENCAP_MODE BIT(15)
+
+struct dl_opts {
+ uint32_t present; /* flags of present items */
+ char *bus_name;
+ char *dev_name;
+ uint32_t port_index;
+ enum devlink_port_type port_type;
+ uint32_t port_count;
+ uint32_t sb_index;
+ uint16_t sb_pool_index;
+ uint32_t sb_pool_size;
+ enum devlink_sb_pool_type sb_pool_type;
+ enum devlink_sb_threshold_type sb_pool_thtype;
+ uint32_t sb_threshold;
+ uint16_t sb_tc_index;
+ enum devlink_eswitch_mode eswitch_mode;
+ enum devlink_eswitch_inline_mode eswitch_inline_mode;
+ const char *dpipe_table_name;
+ bool dpipe_counters_enable;
+ bool eswitch_encap_mode;
+};
+
+struct dl {
+ struct mnlg_socket *nlg;
+ struct list_head ifname_map_list;
+ int argc;
+ char **argv;
+ bool no_nice_names;
+ struct dl_opts opts;
+ json_writer_t *jw;
+ bool json_output;
+ bool pretty_output;
+ bool verbose;
+ struct {
+ bool present;
+ char *bus_name;
+ char *dev_name;
+ uint32_t port_index;
+ } arr_last;
+};
+
+static int dl_argc(struct dl *dl)
+{
+ return dl->argc;
+}
+
+static char *dl_argv(struct dl *dl)
+{
+ if (dl_argc(dl) == 0)
+ return NULL;
+ return *dl->argv;
+}
+
+static void dl_arg_inc(struct dl *dl)
+{
+ if (dl_argc(dl) == 0)
+ return;
+ dl->argc--;
+ dl->argv++;
+}
+
+static char *dl_argv_next(struct dl *dl)
+{
+ char *ret;
+
+ if (dl_argc(dl) == 0)
+ return NULL;
+
+ ret = *dl->argv;
+ dl_arg_inc(dl);
+ return ret;
+}
+
+static char *dl_argv_index(struct dl *dl, unsigned int index)
+{
+ if (index >= dl_argc(dl))
+ return NULL;
+ return dl->argv[index];
+}
+
+static int strcmpx(const char *str1, const char *str2)
+{
+ if (strlen(str1) > strlen(str2))
+ return -1;
+ return strncmp(str1, str2, strlen(str1));
+}
+
+static bool dl_argv_match(struct dl *dl, const char *pattern)
+{
+ if (dl_argc(dl) == 0)
+ return false;
+ return strcmpx(dl_argv(dl), pattern) == 0;
+}
+
+static bool dl_no_arg(struct dl *dl)
+{
+ return dl_argc(dl) == 0;
+}
+
+static const enum mnl_attr_data_type devlink_policy[DEVLINK_ATTR_MAX + 1] = {
+ [DEVLINK_ATTR_BUS_NAME] = MNL_TYPE_NUL_STRING,
+ [DEVLINK_ATTR_DEV_NAME] = MNL_TYPE_NUL_STRING,
+ [DEVLINK_ATTR_PORT_INDEX] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_PORT_TYPE] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_PORT_DESIRED_TYPE] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_PORT_NETDEV_IFINDEX] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_PORT_NETDEV_NAME] = MNL_TYPE_NUL_STRING,
+ [DEVLINK_ATTR_PORT_IBDEV_NAME] = MNL_TYPE_NUL_STRING,
+ [DEVLINK_ATTR_SB_INDEX] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_SB_SIZE] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_SB_INGRESS_POOL_COUNT] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_SB_EGRESS_POOL_COUNT] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_SB_INGRESS_TC_COUNT] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_SB_EGRESS_TC_COUNT] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_SB_POOL_INDEX] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_SB_POOL_TYPE] = MNL_TYPE_U8,
+ [DEVLINK_ATTR_SB_POOL_SIZE] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE] = MNL_TYPE_U8,
+ [DEVLINK_ATTR_SB_THRESHOLD] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_SB_TC_INDEX] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_SB_OCC_CUR] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_SB_OCC_MAX] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_ESWITCH_MODE] = MNL_TYPE_U16,
+ [DEVLINK_ATTR_ESWITCH_INLINE_MODE] = MNL_TYPE_U8,
+ [DEVLINK_ATTR_ESWITCH_ENCAP_MODE] = MNL_TYPE_U8,
+ [DEVLINK_ATTR_DPIPE_TABLES] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_TABLE] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_TABLE_NAME] = MNL_TYPE_STRING,
+ [DEVLINK_ATTR_DPIPE_TABLE_SIZE] = MNL_TYPE_U64,
+ [DEVLINK_ATTR_DPIPE_TABLE_MATCHES] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_TABLE_ACTIONS] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED] = MNL_TYPE_U8,
+ [DEVLINK_ATTR_DPIPE_ENTRIES] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_ENTRY] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_ENTRY_INDEX] = MNL_TYPE_U64,
+ [DEVLINK_ATTR_DPIPE_ENTRY_MATCH_VALUES] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_ENTRY_ACTION_VALUES] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_ENTRY_COUNTER] = MNL_TYPE_U64,
+ [DEVLINK_ATTR_DPIPE_MATCH] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_MATCH_VALUE] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_MATCH_TYPE] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_ACTION] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_ACTION_VALUE] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_ACTION_TYPE] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_VALUE_MAPPING] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_HEADERS] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_HEADER] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_HEADER_NAME] = MNL_TYPE_STRING,
+ [DEVLINK_ATTR_DPIPE_HEADER_ID] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_HEADER_FIELDS] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_HEADER_GLOBAL] = MNL_TYPE_U8,
+ [DEVLINK_ATTR_DPIPE_HEADER_INDEX] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_FIELD] = MNL_TYPE_NESTED,
+ [DEVLINK_ATTR_DPIPE_FIELD_NAME] = MNL_TYPE_STRING,
+ [DEVLINK_ATTR_DPIPE_FIELD_ID] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_FIELD_BITWIDTH] = MNL_TYPE_U32,
+ [DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE] = MNL_TYPE_U32,
+};
+
+static int attr_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ int type;
+
+ if (mnl_attr_type_valid(attr, DEVLINK_ATTR_MAX) < 0)
+ return MNL_CB_ERROR;
+
+ type = mnl_attr_get_type(attr);
+ if (mnl_attr_validate(attr, devlink_policy[type]) < 0)
+ return MNL_CB_ERROR;
+
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+static int ifname_map_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct dl *dl = data;
+ struct ifname_map *ifname_map;
+ const char *bus_name;
+ const char *dev_name;
+ uint32_t port_ifindex;
+ const char *port_ifname;
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX])
+ return MNL_CB_ERROR;
+
+ if (!tb[DEVLINK_ATTR_PORT_NETDEV_NAME])
+ return MNL_CB_OK;
+
+ bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]);
+ dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]);
+ port_ifindex = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]);
+ port_ifname = mnl_attr_get_str(tb[DEVLINK_ATTR_PORT_NETDEV_NAME]);
+ ifname_map = ifname_map_alloc(bus_name, dev_name,
+ port_ifindex, port_ifname);
+ if (!ifname_map)
+ return MNL_CB_ERROR;
+ list_add(&ifname_map->list, &dl->ifname_map_list);
+
+ return MNL_CB_OK;
+}
+
+static void ifname_map_fini(struct dl *dl)
+{
+ struct ifname_map *ifname_map, *tmp;
+
+ list_for_each_entry_safe(ifname_map, tmp,
+ &dl->ifname_map_list, list) {
+ list_del(&ifname_map->list);
+ ifname_map_free(ifname_map);
+ }
+}
+
+static int ifname_map_init(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ INIT_LIST_HEAD(&dl->ifname_map_list);
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_GET,
+ NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP);
+
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, ifname_map_cb, dl);
+ if (err) {
+ ifname_map_fini(dl);
+ return err;
+ }
+ return 0;
+}
+
+static int ifname_map_lookup(struct dl *dl, const char *ifname,
+ char **p_bus_name, char **p_dev_name,
+ uint32_t *p_port_index)
+{
+ struct ifname_map *ifname_map;
+
+ list_for_each_entry(ifname_map, &dl->ifname_map_list, list) {
+ if (strcmp(ifname, ifname_map->ifname) == 0) {
+ *p_bus_name = ifname_map->bus_name;
+ *p_dev_name = ifname_map->dev_name;
+ *p_port_index = ifname_map->port_index;
+ return 0;
+ }
+ }
+ return -ENOENT;
+}
+
+static int ifname_map_rev_lookup(struct dl *dl, const char *bus_name,
+ const char *dev_name, uint32_t port_index,
+ char **p_ifname)
+{
+ struct ifname_map *ifname_map;
+
+ list_for_each_entry(ifname_map, &dl->ifname_map_list, list) {
+ if (strcmp(bus_name, ifname_map->bus_name) == 0 &&
+ strcmp(dev_name, ifname_map->dev_name) == 0 &&
+ port_index == ifname_map->port_index) {
+ *p_ifname = ifname_map->ifname;
+ return 0;
+ }
+ }
+ return -ENOENT;
+}
+
+static unsigned int strslashcount(char *str)
+{
+ unsigned int count = 0;
+ char *pos = str;
+
+ while ((pos = strchr(pos, '/'))) {
+ count++;
+ pos++;
+ }
+ return count;
+}
+
+static int strslashrsplit(char *str, char **before, char **after)
+{
+ char *slash;
+
+ slash = strrchr(str, '/');
+ if (!slash)
+ return -EINVAL;
+ *slash = '\0';
+ *before = str;
+ *after = slash + 1;
+ return 0;
+}
+
+static int strtouint32_t(const char *str, uint32_t *p_val)
+{
+ char *endptr;
+ unsigned long int val;
+
+ val = strtoul(str, &endptr, 10);
+ if (endptr == str || *endptr != '\0')
+ return -EINVAL;
+ if (val > UINT_MAX)
+ return -ERANGE;
+ *p_val = val;
+ return 0;
+}
+
+static int strtouint16_t(const char *str, uint16_t *p_val)
+{
+ char *endptr;
+ unsigned long int val;
+
+ val = strtoul(str, &endptr, 10);
+ if (endptr == str || *endptr != '\0')
+ return -EINVAL;
+ if (val > USHRT_MAX)
+ return -ERANGE;
+ *p_val = val;
+ return 0;
+}
+
+static int __dl_argv_handle(char *str, char **p_bus_name, char **p_dev_name)
+{
+ strslashrsplit(str, p_bus_name, p_dev_name);
+ return 0;
+}
+
+static int dl_argv_handle(struct dl *dl, char **p_bus_name, char **p_dev_name)
+{
+ char *str = dl_argv_next(dl);
+
+ if (!str) {
+ pr_err("Devlink identification (\"bus_name/dev_name\") expected\n");
+ return -EINVAL;
+ }
+ if (strslashcount(str) != 1) {
+ pr_err("Wrong devlink identification string format.\n");
+ pr_err("Expected \"bus_name/dev_name\".\n");
+ return -EINVAL;
+ }
+ return __dl_argv_handle(str, p_bus_name, p_dev_name);
+}
+
+static int __dl_argv_handle_port(char *str,
+ char **p_bus_name, char **p_dev_name,
+ uint32_t *p_port_index)
+{
+ char *handlestr;
+ char *portstr;
+ int err;
+
+ err = strslashrsplit(str, &handlestr, &portstr);
+ if (err) {
+ pr_err("Port identification \"%s\" is invalid\n", str);
+ return err;
+ }
+ err = strtouint32_t(portstr, p_port_index);
+ if (err) {
+ pr_err("Port index \"%s\" is not a number or not within range\n",
+ portstr);
+ return err;
+ }
+ err = strslashrsplit(handlestr, p_bus_name, p_dev_name);
+ if (err) {
+ pr_err("Port identification \"%s\" is invalid\n", str);
+ return err;
+ }
+ return 0;
+}
+
+static int __dl_argv_handle_port_ifname(struct dl *dl, char *str,
+ char **p_bus_name, char **p_dev_name,
+ uint32_t *p_port_index)
+{
+ int err;
+
+ err = ifname_map_lookup(dl, str, p_bus_name, p_dev_name,
+ p_port_index);
+ if (err) {
+ pr_err("Netdevice \"%s\" not found\n", str);
+ return err;
+ }
+ return 0;
+}
+
+static int dl_argv_handle_port(struct dl *dl, char **p_bus_name,
+ char **p_dev_name, uint32_t *p_port_index)
+{
+ char *str = dl_argv_next(dl);
+ unsigned int slash_count;
+
+ if (!str) {
+ pr_err("Port identification (\"bus_name/dev_name/port_index\" or \"netdev ifname\") expected.\n");
+ return -EINVAL;
+ }
+ slash_count = strslashcount(str);
+ switch (slash_count) {
+ case 0:
+ return __dl_argv_handle_port_ifname(dl, str, p_bus_name,
+ p_dev_name, p_port_index);
+ case 2:
+ return __dl_argv_handle_port(str, p_bus_name,
+ p_dev_name, p_port_index);
+ default:
+ pr_err("Wrong port identification string format.\n");
+ pr_err("Expected \"bus_name/dev_name/port_index\" or \"netdev_ifname\".\n");
+ return -EINVAL;
+ }
+}
+
+static int dl_argv_handle_both(struct dl *dl, char **p_bus_name,
+ char **p_dev_name, uint32_t *p_port_index,
+ uint32_t *p_handle_bit)
+{
+ char *str = dl_argv_next(dl);
+ unsigned int slash_count;
+ int err;
+
+ if (!str) {
+ pr_err("One of following identifications expected:\n"
+ "Devlink identification (\"bus_name/dev_name\")\n"
+ "Port identification (\"bus_name/dev_name/port_index\" or \"netdev ifname\")\n");
+ return -EINVAL;
+ }
+ slash_count = strslashcount(str);
+ if (slash_count == 1) {
+ err = __dl_argv_handle(str, p_bus_name, p_dev_name);
+ if (err)
+ return err;
+ *p_handle_bit = DL_OPT_HANDLE;
+ } else if (slash_count == 2) {
+ err = __dl_argv_handle_port(str, p_bus_name,
+ p_dev_name, p_port_index);
+ if (err)
+ return err;
+ *p_handle_bit = DL_OPT_HANDLEP;
+ } else if (slash_count == 0) {
+ err = __dl_argv_handle_port_ifname(dl, str, p_bus_name,
+ p_dev_name, p_port_index);
+ if (err)
+ return err;
+ *p_handle_bit = DL_OPT_HANDLEP;
+ } else {
+ pr_err("Wrong port identification string format.\n");
+ pr_err("Expected \"bus_name/dev_name\" or \"bus_name/dev_name/port_index\" or \"netdev_ifname\".\n");
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int dl_argv_uint32_t(struct dl *dl, uint32_t *p_val)
+{
+ char *str = dl_argv_next(dl);
+ int err;
+
+ if (!str) {
+ pr_err("Unsigned number argument expected\n");
+ return -EINVAL;
+ }
+
+ err = strtouint32_t(str, p_val);
+ if (err) {
+ pr_err("\"%s\" is not a number or not within range\n", str);
+ return err;
+ }
+ return 0;
+}
+
+static int dl_argv_uint16_t(struct dl *dl, uint16_t *p_val)
+{
+ char *str = dl_argv_next(dl);
+ int err;
+
+ if (!str) {
+ pr_err("Unsigned number argument expected\n");
+ return -EINVAL;
+ }
+
+ err = strtouint16_t(str, p_val);
+ if (err) {
+ pr_err("\"%s\" is not a number or not within range\n", str);
+ return err;
+ }
+ return 0;
+}
+
+static int dl_argv_str(struct dl *dl, const char **p_str)
+{
+ const char *str = dl_argv_next(dl);
+
+ if (!str) {
+ pr_err("String parameter expected\n");
+ return -EINVAL;
+ }
+ *p_str = str;
+ return 0;
+}
+
+static int port_type_get(const char *typestr, enum devlink_port_type *p_type)
+{
+ if (strcmp(typestr, "auto") == 0) {
+ *p_type = DEVLINK_PORT_TYPE_AUTO;
+ } else if (strcmp(typestr, "eth") == 0) {
+ *p_type = DEVLINK_PORT_TYPE_ETH;
+ } else if (strcmp(typestr, "ib") == 0) {
+ *p_type = DEVLINK_PORT_TYPE_IB;
+ } else {
+ pr_err("Unknown port type \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int pool_type_get(const char *typestr, enum devlink_sb_pool_type *p_type)
+{
+ if (strcmp(typestr, "ingress") == 0) {
+ *p_type = DEVLINK_SB_POOL_TYPE_INGRESS;
+ } else if (strcmp(typestr, "egress") == 0) {
+ *p_type = DEVLINK_SB_POOL_TYPE_EGRESS;
+ } else {
+ pr_err("Unknown pool type \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int threshold_type_get(const char *typestr,
+ enum devlink_sb_threshold_type *p_type)
+{
+ if (strcmp(typestr, "static") == 0) {
+ *p_type = DEVLINK_SB_THRESHOLD_TYPE_STATIC;
+ } else if (strcmp(typestr, "dynamic") == 0) {
+ *p_type = DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC;
+ } else {
+ pr_err("Unknown threshold type \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int eswitch_mode_get(const char *typestr,
+ enum devlink_eswitch_mode *p_mode)
+{
+ if (strcmp(typestr, ESWITCH_MODE_LEGACY) == 0) {
+ *p_mode = DEVLINK_ESWITCH_MODE_LEGACY;
+ } else if (strcmp(typestr, ESWITCH_MODE_SWITCHDEV) == 0) {
+ *p_mode = DEVLINK_ESWITCH_MODE_SWITCHDEV;
+ } else {
+ pr_err("Unknown eswitch mode \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int eswitch_inline_mode_get(const char *typestr,
+ enum devlink_eswitch_inline_mode *p_mode)
+{
+ if (strcmp(typestr, ESWITCH_INLINE_MODE_NONE) == 0) {
+ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_NONE;
+ } else if (strcmp(typestr, ESWITCH_INLINE_MODE_LINK) == 0) {
+ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_LINK;
+ } else if (strcmp(typestr, ESWITCH_INLINE_MODE_NETWORK) == 0) {
+ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_NETWORK;
+ } else if (strcmp(typestr, ESWITCH_INLINE_MODE_TRANSPORT) == 0) {
+ *p_mode = DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT;
+ } else {
+ pr_err("Unknown eswitch inline mode \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int dpipe_counters_enable_get(const char *typestr,
+ bool *counters_enable)
+{
+ if (strcmp(typestr, "enable") == 0) {
+ *counters_enable = 1;
+ } else if (strcmp(typestr, "disable") == 0) {
+ *counters_enable = 0;
+ } else {
+ pr_err("Unknown counter_state \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int eswitch_encap_mode_get(const char *typestr, bool *p_mode)
+{
+ if (strcmp(typestr, "enable") == 0) {
+ *p_mode = true;
+ } else if (strcmp(typestr, "disable") == 0) {
+ *p_mode = false;
+ } else {
+ pr_err("Unknown eswitch encap mode \"%s\"\n", typestr);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int dl_argv_parse(struct dl *dl, uint32_t o_required,
+ uint32_t o_optional)
+{
+ struct dl_opts *opts = &dl->opts;
+ uint32_t o_all = o_required | o_optional;
+ uint32_t o_found = 0;
+ int err;
+
+ if (o_required & DL_OPT_HANDLE && o_required & DL_OPT_HANDLEP) {
+ uint32_t handle_bit;
+
+ err = dl_argv_handle_both(dl, &opts->bus_name, &opts->dev_name,
+ &opts->port_index, &handle_bit);
+ if (err)
+ return err;
+ o_found |= handle_bit;
+ } else if (o_required & DL_OPT_HANDLE) {
+ err = dl_argv_handle(dl, &opts->bus_name, &opts->dev_name);
+ if (err)
+ return err;
+ o_found |= DL_OPT_HANDLE;
+ } else if (o_required & DL_OPT_HANDLEP) {
+ err = dl_argv_handle_port(dl, &opts->bus_name, &opts->dev_name,
+ &opts->port_index);
+ if (err)
+ return err;
+ o_found |= DL_OPT_HANDLEP;
+ }
+
+ while (dl_argc(dl)) {
+ if (dl_argv_match(dl, "type") &&
+ (o_all & DL_OPT_PORT_TYPE)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = port_type_get(typestr, &opts->port_type);
+ if (err)
+ return err;
+ o_found |= DL_OPT_PORT_TYPE;
+ } else if (dl_argv_match(dl, "count") &&
+ (o_all & DL_OPT_PORT_COUNT)) {
+ dl_arg_inc(dl);
+ err = dl_argv_uint32_t(dl, &opts->port_count);
+ if (err)
+ return err;
+ o_found |= DL_OPT_PORT_COUNT;
+ } else if (dl_argv_match(dl, "sb") &&
+ (o_all & DL_OPT_SB)) {
+ dl_arg_inc(dl);
+ err = dl_argv_uint32_t(dl, &opts->sb_index);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB;
+ } else if (dl_argv_match(dl, "pool") &&
+ (o_all & DL_OPT_SB_POOL)) {
+ dl_arg_inc(dl);
+ err = dl_argv_uint16_t(dl, &opts->sb_pool_index);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB_POOL;
+ } else if (dl_argv_match(dl, "size") &&
+ (o_all & DL_OPT_SB_SIZE)) {
+ dl_arg_inc(dl);
+ err = dl_argv_uint32_t(dl, &opts->sb_pool_size);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB_SIZE;
+ } else if (dl_argv_match(dl, "type") &&
+ (o_all & DL_OPT_SB_TYPE)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = pool_type_get(typestr, &opts->sb_pool_type);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB_TYPE;
+ } else if (dl_argv_match(dl, "thtype") &&
+ (o_all & DL_OPT_SB_THTYPE)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = threshold_type_get(typestr,
+ &opts->sb_pool_thtype);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB_THTYPE;
+ } else if (dl_argv_match(dl, "th") &&
+ (o_all & DL_OPT_SB_TH)) {
+ dl_arg_inc(dl);
+ err = dl_argv_uint32_t(dl, &opts->sb_threshold);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB_TH;
+ } else if (dl_argv_match(dl, "tc") &&
+ (o_all & DL_OPT_SB_TC)) {
+ dl_arg_inc(dl);
+ err = dl_argv_uint16_t(dl, &opts->sb_tc_index);
+ if (err)
+ return err;
+ o_found |= DL_OPT_SB_TC;
+ } else if (dl_argv_match(dl, "mode") &&
+ (o_all & DL_OPT_ESWITCH_MODE)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = eswitch_mode_get(typestr, &opts->eswitch_mode);
+ if (err)
+ return err;
+ o_found |= DL_OPT_ESWITCH_MODE;
+ } else if (dl_argv_match(dl, "inline-mode") &&
+ (o_all & DL_OPT_ESWITCH_INLINE_MODE)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = eswitch_inline_mode_get(
+ typestr, &opts->eswitch_inline_mode);
+ if (err)
+ return err;
+ o_found |= DL_OPT_ESWITCH_INLINE_MODE;
+ } else if (dl_argv_match(dl, "name") &&
+ (o_all & DL_OPT_DPIPE_TABLE_NAME)) {
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &opts->dpipe_table_name);
+ if (err)
+ return err;
+ o_found |= DL_OPT_DPIPE_TABLE_NAME;
+ } else if (dl_argv_match(dl, "counters") &&
+ (o_all & DL_OPT_DPIPE_TABLE_COUNTERS)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = dpipe_counters_enable_get(typestr,
+ &opts->dpipe_counters_enable);
+ if (err)
+ return err;
+ o_found |= DL_OPT_DPIPE_TABLE_COUNTERS;
+ } else if (dl_argv_match(dl, "encap") &&
+ (o_all & DL_OPT_ESWITCH_ENCAP_MODE)) {
+ const char *typestr;
+
+ dl_arg_inc(dl);
+ err = dl_argv_str(dl, &typestr);
+ if (err)
+ return err;
+ err = eswitch_encap_mode_get(typestr,
+ &opts->eswitch_encap_mode);
+ if (err)
+ return err;
+ o_found |= DL_OPT_ESWITCH_ENCAP_MODE;
+ } else {
+ pr_err("Unknown option \"%s\"\n", dl_argv(dl));
+ return -EINVAL;
+ }
+ }
+
+ opts->present = o_found;
+
+ if ((o_optional & DL_OPT_SB) && !(o_found & DL_OPT_SB)) {
+ opts->sb_index = 0;
+ opts->present |= DL_OPT_SB;
+ }
+
+ if ((o_required & DL_OPT_PORT_TYPE) && !(o_found & DL_OPT_PORT_TYPE)) {
+ pr_err("Port type option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_PORT_COUNT) &&
+ !(o_found & DL_OPT_PORT_COUNT)) {
+ pr_err("Port split count option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_SB_POOL) && !(o_found & DL_OPT_SB_POOL)) {
+ pr_err("Pool index option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_SB_SIZE) && !(o_found & DL_OPT_SB_SIZE)) {
+ pr_err("Pool size option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_SB_TYPE) && !(o_found & DL_OPT_SB_TYPE)) {
+ pr_err("Pool type option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_SB_THTYPE) && !(o_found & DL_OPT_SB_THTYPE)) {
+ pr_err("Pool threshold type option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_SB_TH) && !(o_found & DL_OPT_SB_TH)) {
+ pr_err("Threshold option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_SB_TC) && !(o_found & DL_OPT_SB_TC)) {
+ pr_err("TC index option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_ESWITCH_MODE) &&
+ !(o_found & DL_OPT_ESWITCH_MODE)) {
+ pr_err("E-Switch mode option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_ESWITCH_INLINE_MODE) &&
+ !(o_found & DL_OPT_ESWITCH_INLINE_MODE)) {
+ pr_err("E-Switch inline-mode option expected.\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_DPIPE_TABLE_NAME) &&
+ !(o_found & DL_OPT_DPIPE_TABLE_NAME)) {
+ pr_err("Dpipe table name expected\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_DPIPE_TABLE_COUNTERS) &&
+ !(o_found & DL_OPT_DPIPE_TABLE_COUNTERS)) {
+ pr_err("Dpipe table counter state expected\n");
+ return -EINVAL;
+ }
+
+ if ((o_required & DL_OPT_ESWITCH_ENCAP_MODE) &&
+ !(o_found & DL_OPT_ESWITCH_ENCAP_MODE)) {
+ pr_err("E-Switch encapsulation option expected.\n");
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static void dl_opts_put(struct nlmsghdr *nlh, struct dl *dl)
+{
+ struct dl_opts *opts = &dl->opts;
+
+ if (opts->present & DL_OPT_HANDLE) {
+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, opts->bus_name);
+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, opts->dev_name);
+ } else if (opts->present & DL_OPT_HANDLEP) {
+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_BUS_NAME, opts->bus_name);
+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DEV_NAME, opts->dev_name);
+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_INDEX,
+ opts->port_index);
+ }
+ if (opts->present & DL_OPT_PORT_TYPE)
+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_PORT_TYPE,
+ opts->port_type);
+ if (opts->present & DL_OPT_PORT_COUNT)
+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_PORT_SPLIT_COUNT,
+ opts->port_count);
+ if (opts->present & DL_OPT_SB)
+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_SB_INDEX,
+ opts->sb_index);
+ if (opts->present & DL_OPT_SB_POOL)
+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_SB_POOL_INDEX,
+ opts->sb_pool_index);
+ if (opts->present & DL_OPT_SB_SIZE)
+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_SB_POOL_SIZE,
+ opts->sb_pool_size);
+ if (opts->present & DL_OPT_SB_TYPE)
+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_SB_POOL_TYPE,
+ opts->sb_pool_type);
+ if (opts->present & DL_OPT_SB_THTYPE)
+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE,
+ opts->sb_pool_thtype);
+ if (opts->present & DL_OPT_SB_TH)
+ mnl_attr_put_u32(nlh, DEVLINK_ATTR_SB_THRESHOLD,
+ opts->sb_threshold);
+ if (opts->present & DL_OPT_SB_TC)
+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_SB_TC_INDEX,
+ opts->sb_tc_index);
+ if (opts->present & DL_OPT_ESWITCH_MODE)
+ mnl_attr_put_u16(nlh, DEVLINK_ATTR_ESWITCH_MODE,
+ opts->eswitch_mode);
+ if (opts->present & DL_OPT_ESWITCH_INLINE_MODE)
+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_ESWITCH_INLINE_MODE,
+ opts->eswitch_inline_mode);
+ if (opts->present & DL_OPT_DPIPE_TABLE_NAME)
+ mnl_attr_put_strz(nlh, DEVLINK_ATTR_DPIPE_TABLE_NAME,
+ opts->dpipe_table_name);
+ if (opts->present & DL_OPT_DPIPE_TABLE_COUNTERS)
+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED,
+ opts->dpipe_counters_enable);
+ if (opts->present & DL_OPT_ESWITCH_ENCAP_MODE)
+ mnl_attr_put_u8(nlh, DEVLINK_ATTR_ESWITCH_ENCAP_MODE,
+ opts->eswitch_encap_mode);
+}
+
+static int dl_argv_parse_put(struct nlmsghdr *nlh, struct dl *dl,
+ uint32_t o_required, uint32_t o_optional)
+{
+ int err;
+
+ err = dl_argv_parse(dl, o_required, o_optional);
+ if (err)
+ return err;
+ dl_opts_put(nlh, dl);
+ return 0;
+}
+
+static bool dl_dump_filter(struct dl *dl, struct nlattr **tb)
+{
+ struct dl_opts *opts = &dl->opts;
+ struct nlattr *attr_bus_name = tb[DEVLINK_ATTR_BUS_NAME];
+ struct nlattr *attr_dev_name = tb[DEVLINK_ATTR_DEV_NAME];
+ struct nlattr *attr_port_index = tb[DEVLINK_ATTR_PORT_INDEX];
+ struct nlattr *attr_sb_index = tb[DEVLINK_ATTR_SB_INDEX];
+
+ if (opts->present & DL_OPT_HANDLE &&
+ attr_bus_name && attr_dev_name) {
+ const char *bus_name = mnl_attr_get_str(attr_bus_name);
+ const char *dev_name = mnl_attr_get_str(attr_dev_name);
+
+ if (strcmp(bus_name, opts->bus_name) != 0 ||
+ strcmp(dev_name, opts->dev_name) != 0)
+ return false;
+ }
+ if (opts->present & DL_OPT_HANDLEP &&
+ attr_bus_name && attr_dev_name && attr_port_index) {
+ const char *bus_name = mnl_attr_get_str(attr_bus_name);
+ const char *dev_name = mnl_attr_get_str(attr_dev_name);
+ uint32_t port_index = mnl_attr_get_u32(attr_port_index);
+
+ if (strcmp(bus_name, opts->bus_name) != 0 ||
+ strcmp(dev_name, opts->dev_name) != 0 ||
+ port_index != opts->port_index)
+ return false;
+ }
+ if (opts->present & DL_OPT_SB && attr_sb_index) {
+ uint32_t sb_index = mnl_attr_get_u32(attr_sb_index);
+
+ if (sb_index != opts->sb_index)
+ return false;
+ }
+ return true;
+}
+
+static void cmd_dev_help(void)
+{
+ pr_err("Usage: devlink dev show [ DEV ]\n");
+ pr_err(" devlink dev eswitch set DEV [ mode { legacy | switchdev } ]\n");
+ pr_err(" [ inline-mode { none | link | network | transport } ]\n");
+ pr_err(" [ encap { disable | enable } ]\n");
+ pr_err(" devlink dev eswitch show DEV\n");
+}
+
+static bool cmp_arr_last_handle(struct dl *dl, const char *bus_name,
+ const char *dev_name)
+{
+ if (!dl->arr_last.present)
+ return false;
+ return strcmp(dl->arr_last.bus_name, bus_name) == 0 &&
+ strcmp(dl->arr_last.dev_name, dev_name) == 0;
+}
+
+static void arr_last_handle_set(struct dl *dl, const char *bus_name,
+ const char *dev_name)
+{
+ dl->arr_last.present = true;
+ free(dl->arr_last.dev_name);
+ free(dl->arr_last.bus_name);
+ dl->arr_last.bus_name = strdup(bus_name);
+ dl->arr_last.dev_name = strdup(dev_name);
+}
+
+static bool should_arr_last_handle_start(struct dl *dl, const char *bus_name,
+ const char *dev_name)
+{
+ return !cmp_arr_last_handle(dl, bus_name, dev_name);
+}
+
+static bool should_arr_last_handle_end(struct dl *dl, const char *bus_name,
+ const char *dev_name)
+{
+ return dl->arr_last.present &&
+ !cmp_arr_last_handle(dl, bus_name, dev_name);
+}
+
+static void __pr_out_handle_start(struct dl *dl, struct nlattr **tb,
+ bool content, bool array)
+{
+ const char *bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]);
+ const char *dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]);
+ char buf[32];
+
+ sprintf(buf, "%s/%s", bus_name, dev_name);
+
+ if (dl->json_output) {
+ if (array) {
+ if (should_arr_last_handle_end(dl, bus_name, dev_name))
+ jsonw_end_array(dl->jw);
+ if (should_arr_last_handle_start(dl, bus_name,
+ dev_name)) {
+ jsonw_name(dl->jw, buf);
+ jsonw_start_array(dl->jw);
+ jsonw_start_object(dl->jw);
+ arr_last_handle_set(dl, bus_name, dev_name);
+ } else {
+ jsonw_start_object(dl->jw);
+ }
+ } else {
+ jsonw_name(dl->jw, buf);
+ jsonw_start_object(dl->jw);
+ }
+ } else {
+ if (array) {
+ if (should_arr_last_handle_end(dl, bus_name, dev_name))
+ __pr_out_indent_dec();
+ if (should_arr_last_handle_start(dl, bus_name,
+ dev_name)) {
+ pr_out("%s%s", buf, content ? ":" : "");
+ __pr_out_newline();
+ __pr_out_indent_inc();
+ arr_last_handle_set(dl, bus_name, dev_name);
+ }
+ } else {
+ pr_out("%s%s", buf, content ? ":" : "");
+ }
+ }
+}
+
+static void pr_out_handle_start_arr(struct dl *dl, struct nlattr **tb)
+{
+ __pr_out_handle_start(dl, tb, true, true);
+}
+
+static void pr_out_handle_end(struct dl *dl)
+{
+ if (dl->json_output)
+ jsonw_end_object(dl->jw);
+ else
+ __pr_out_newline();
+}
+
+static void pr_out_handle(struct dl *dl, struct nlattr **tb)
+{
+ __pr_out_handle_start(dl, tb, false, false);
+ pr_out_handle_end(dl);
+}
+
+static bool cmp_arr_last_port_handle(struct dl *dl, const char *bus_name,
+ const char *dev_name, uint32_t port_index)
+{
+ return cmp_arr_last_handle(dl, bus_name, dev_name) &&
+ dl->arr_last.port_index == port_index;
+}
+
+static void arr_last_port_handle_set(struct dl *dl, const char *bus_name,
+ const char *dev_name, uint32_t port_index)
+{
+ arr_last_handle_set(dl, bus_name, dev_name);
+ dl->arr_last.port_index = port_index;
+}
+
+static bool should_arr_last_port_handle_start(struct dl *dl,
+ const char *bus_name,
+ const char *dev_name,
+ uint32_t port_index)
+{
+ return !cmp_arr_last_port_handle(dl, bus_name, dev_name, port_index);
+}
+
+static bool should_arr_last_port_handle_end(struct dl *dl,
+ const char *bus_name,
+ const char *dev_name,
+ uint32_t port_index)
+{
+ return dl->arr_last.present &&
+ !cmp_arr_last_port_handle(dl, bus_name, dev_name, port_index);
+}
+
+static void __pr_out_port_handle_start(struct dl *dl, const char *bus_name,
+ const char *dev_name,
+ uint32_t port_index, bool try_nice,
+ bool array)
+{
+ static char buf[32];
+ char *ifname = NULL;
+
+ if (dl->no_nice_names || !try_nice ||
+ ifname_map_rev_lookup(dl, bus_name, dev_name,
+ port_index, &ifname) != 0)
+ sprintf(buf, "%s/%s/%d", bus_name, dev_name, port_index);
+ else
+ sprintf(buf, "%s", ifname);
+
+ if (dl->json_output) {
+ if (array) {
+ if (should_arr_last_port_handle_end(dl, bus_name,
+ dev_name,
+ port_index))
+ jsonw_end_array(dl->jw);
+ if (should_arr_last_port_handle_start(dl, bus_name,
+ dev_name,
+ port_index)) {
+ jsonw_name(dl->jw, buf);
+ jsonw_start_array(dl->jw);
+ jsonw_start_object(dl->jw);
+ arr_last_port_handle_set(dl, bus_name, dev_name,
+ port_index);
+ } else {
+ jsonw_start_object(dl->jw);
+ }
+ } else {
+ jsonw_name(dl->jw, buf);
+ jsonw_start_object(dl->jw);
+ }
+ } else {
+ pr_out("%s:", buf);
+ }
+}
+
+static void pr_out_port_handle_start(struct dl *dl, struct nlattr **tb, bool try_nice)
+{
+ const char *bus_name;
+ const char *dev_name;
+ uint32_t port_index;
+
+ bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]);
+ dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]);
+ port_index = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]);
+ __pr_out_port_handle_start(dl, bus_name, dev_name, port_index, try_nice, false);
+}
+
+static void pr_out_port_handle_start_arr(struct dl *dl, struct nlattr **tb, bool try_nice)
+{
+ const char *bus_name;
+ const char *dev_name;
+ uint32_t port_index;
+
+ bus_name = mnl_attr_get_str(tb[DEVLINK_ATTR_BUS_NAME]);
+ dev_name = mnl_attr_get_str(tb[DEVLINK_ATTR_DEV_NAME]);
+ port_index = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]);
+ __pr_out_port_handle_start(dl, bus_name, dev_name, port_index, try_nice, true);
+}
+
+static void pr_out_port_handle_end(struct dl *dl)
+{
+ if (dl->json_output)
+ jsonw_end_object(dl->jw);
+ else
+ pr_out("\n");
+}
+
+
+static void pr_out_str(struct dl *dl, const char *name, const char *val)
+{
+ if (dl->json_output) {
+ jsonw_string_field(dl->jw, name, val);
+ } else {
+ if (g_indent_newline)
+ pr_out("%s %s", name, val);
+ else
+ pr_out(" %s %s", name, val);
+ }
+}
+
+static void pr_out_uint(struct dl *dl, const char *name, unsigned int val)
+{
+ if (dl->json_output) {
+ jsonw_uint_field(dl->jw, name, val);
+ } else {
+ if (g_indent_newline)
+ pr_out("%s %u", name, val);
+ else
+ pr_out(" %s %u", name, val);
+ }
+}
+
+static void pr_out_dev(struct dl *dl, struct nlattr **tb)
+{
+ pr_out_handle(dl, tb);
+}
+
+static void pr_out_section_start(struct dl *dl, const char *name)
+{
+ if (dl->json_output) {
+ jsonw_start_object(dl->jw);
+ jsonw_name(dl->jw, name);
+ jsonw_start_object(dl->jw);
+ }
+}
+
+static void pr_out_section_end(struct dl *dl)
+{
+ if (dl->json_output) {
+ if (dl->arr_last.present)
+ jsonw_end_array(dl->jw);
+ jsonw_end_object(dl->jw);
+ jsonw_end_object(dl->jw);
+ }
+}
+
+static void pr_out_array_start(struct dl *dl, const char *name)
+{
+ if (dl->json_output) {
+ jsonw_name(dl->jw, name);
+ jsonw_start_array(dl->jw);
+ } else {
+ if (!g_indent_newline)
+ __pr_out_newline();
+ pr_out("%s:", name);
+ __pr_out_newline();
+ __pr_out_indent_inc();
+ }
+}
+
+static void pr_out_array_end(struct dl *dl)
+{
+ if (dl->json_output)
+ jsonw_end_array(dl->jw);
+ else
+ __pr_out_indent_dec();
+}
+
+static void pr_out_entry_start(struct dl *dl)
+{
+ if (dl->json_output)
+ jsonw_start_object(dl->jw);
+}
+
+static void pr_out_entry_end(struct dl *dl)
+{
+ if (dl->json_output)
+ jsonw_end_object(dl->jw);
+ else
+ __pr_out_newline();
+}
+
+static const char *eswitch_mode_name(uint32_t mode)
+{
+ switch (mode) {
+ case DEVLINK_ESWITCH_MODE_LEGACY: return ESWITCH_MODE_LEGACY;
+ case DEVLINK_ESWITCH_MODE_SWITCHDEV: return ESWITCH_MODE_SWITCHDEV;
+ default: return "<unknown mode>";
+ }
+}
+
+static const char *eswitch_inline_mode_name(uint32_t mode)
+{
+ switch (mode) {
+ case DEVLINK_ESWITCH_INLINE_MODE_NONE:
+ return ESWITCH_INLINE_MODE_NONE;
+ case DEVLINK_ESWITCH_INLINE_MODE_LINK:
+ return ESWITCH_INLINE_MODE_LINK;
+ case DEVLINK_ESWITCH_INLINE_MODE_NETWORK:
+ return ESWITCH_INLINE_MODE_NETWORK;
+ case DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT:
+ return ESWITCH_INLINE_MODE_TRANSPORT;
+ default:
+ return "<unknown mode>";
+ }
+}
+
+static void pr_out_eswitch(struct dl *dl, struct nlattr **tb)
+{
+ __pr_out_handle_start(dl, tb, true, false);
+
+ if (tb[DEVLINK_ATTR_ESWITCH_MODE])
+ pr_out_str(dl, "mode",
+ eswitch_mode_name(mnl_attr_get_u16(tb[DEVLINK_ATTR_ESWITCH_MODE])));
+
+ if (tb[DEVLINK_ATTR_ESWITCH_INLINE_MODE])
+ pr_out_str(dl, "inline-mode",
+ eswitch_inline_mode_name(mnl_attr_get_u8(
+ tb[DEVLINK_ATTR_ESWITCH_INLINE_MODE])));
+
+ if (tb[DEVLINK_ATTR_ESWITCH_ENCAP_MODE]) {
+ bool encap_mode = !!mnl_attr_get_u8(tb[DEVLINK_ATTR_ESWITCH_ENCAP_MODE]);
+
+ pr_out_str(dl, "encap", encap_mode ? "enable" : "disable");
+ }
+
+ pr_out_handle_end(dl);
+}
+
+static int cmd_dev_eswitch_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME])
+ return MNL_CB_ERROR;
+ pr_out_eswitch(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_dev_eswitch_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_ESWITCH_GET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, 0);
+ if (err)
+ return err;
+
+ pr_out_section_start(dl, "dev");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dev_eswitch_show_cb, dl);
+ pr_out_section_end(dl);
+ return err;
+}
+
+static int cmd_dev_eswitch_set(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_ESWITCH_SET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE,
+ DL_OPT_ESWITCH_MODE |
+ DL_OPT_ESWITCH_INLINE_MODE |
+ DL_OPT_ESWITCH_ENCAP_MODE);
+
+ if (err)
+ return err;
+
+ if (dl->opts.present == 1) {
+ pr_err("Need to set at least one option\n");
+ return -ENOENT;
+ }
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_dev_eswitch(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_dev_help();
+ return 0;
+ } else if (dl_argv_match(dl, "set")) {
+ dl_arg_inc(dl);
+ return cmd_dev_eswitch_set(dl);
+ } else if (dl_argv_match(dl, "show")) {
+ dl_arg_inc(dl);
+ return cmd_dev_eswitch_show(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static int cmd_dev_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME])
+ return MNL_CB_ERROR;
+ pr_out_dev(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_dev_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ if (dl_argc(dl) == 0)
+ flags |= NLM_F_DUMP;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_GET, flags);
+
+ if (dl_argc(dl) > 0) {
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, 0);
+ if (err)
+ return err;
+ }
+
+ pr_out_section_start(dl, "dev");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dev_show_cb, dl);
+ pr_out_section_end(dl);
+ return err;
+}
+
+static int cmd_dev(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_dev_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list") || dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_dev_show(dl);
+ } else if (dl_argv_match(dl, "eswitch")) {
+ dl_arg_inc(dl);
+ return cmd_dev_eswitch(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static void cmd_port_help(void)
+{
+ pr_err("Usage: devlink port show [ DEV/PORT_INDEX ]\n");
+ pr_err(" devlink port set DEV/PORT_INDEX [ type { eth | ib | auto} ]\n");
+ pr_err(" devlink port split DEV/PORT_INDEX count COUNT\n");
+ pr_err(" devlink port unsplit DEV/PORT_INDEX\n");
+}
+
+static const char *port_type_name(uint32_t type)
+{
+ switch (type) {
+ case DEVLINK_PORT_TYPE_NOTSET: return "notset";
+ case DEVLINK_PORT_TYPE_AUTO: return "auto";
+ case DEVLINK_PORT_TYPE_ETH: return "eth";
+ case DEVLINK_PORT_TYPE_IB: return "ib";
+ default: return "<unknown type>";
+ }
+}
+
+static void pr_out_port(struct dl *dl, struct nlattr **tb)
+{
+ struct nlattr *pt_attr = tb[DEVLINK_ATTR_PORT_TYPE];
+ struct nlattr *dpt_attr = tb[DEVLINK_ATTR_PORT_DESIRED_TYPE];
+
+ pr_out_port_handle_start(dl, tb, false);
+ if (pt_attr) {
+ uint16_t port_type = mnl_attr_get_u16(pt_attr);
+
+ pr_out_str(dl, "type", port_type_name(port_type));
+ if (dpt_attr) {
+ uint16_t des_port_type = mnl_attr_get_u16(dpt_attr);
+
+ if (port_type != des_port_type)
+ pr_out_str(dl, "des_type",
+ port_type_name(des_port_type));
+ }
+ }
+ if (tb[DEVLINK_ATTR_PORT_NETDEV_NAME])
+ pr_out_str(dl, "netdev",
+ mnl_attr_get_str(tb[DEVLINK_ATTR_PORT_NETDEV_NAME]));
+ if (tb[DEVLINK_ATTR_PORT_IBDEV_NAME])
+ pr_out_str(dl, "ibdev",
+ mnl_attr_get_str(tb[DEVLINK_ATTR_PORT_IBDEV_NAME]));
+ if (tb[DEVLINK_ATTR_PORT_SPLIT_GROUP])
+ pr_out_uint(dl, "split_group",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_SPLIT_GROUP]));
+ pr_out_port_handle_end(dl);
+}
+
+static int cmd_port_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX])
+ return MNL_CB_ERROR;
+ pr_out_port(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_port_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ if (dl_argc(dl) == 0)
+ flags |= NLM_F_DUMP;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_GET, flags);
+
+ if (dl_argc(dl) > 0) {
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP, 0);
+ if (err)
+ return err;
+ }
+
+ pr_out_section_start(dl, "port");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_port_show_cb, dl);
+ pr_out_section_end(dl);
+ return err;
+}
+
+static int cmd_port_set(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_SET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_PORT_TYPE, 0);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_port_split(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_SPLIT,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_PORT_COUNT, 0);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_port_unsplit(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_PORT_UNSPLIT,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP, 0);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_port(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_port_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list") || dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_port_show(dl);
+ } else if (dl_argv_match(dl, "set")) {
+ dl_arg_inc(dl);
+ return cmd_port_set(dl);
+ } else if (dl_argv_match(dl, "split")) {
+ dl_arg_inc(dl);
+ return cmd_port_split(dl);
+ } else if (dl_argv_match(dl, "unsplit")) {
+ dl_arg_inc(dl);
+ return cmd_port_unsplit(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static void cmd_sb_help(void)
+{
+ pr_err("Usage: devlink sb show [ DEV [ sb SB_INDEX ] ]\n");
+ pr_err(" devlink sb pool show [ DEV [ sb SB_INDEX ] pool POOL_INDEX ]\n");
+ pr_err(" devlink sb pool set DEV [ sb SB_INDEX ] pool POOL_INDEX\n");
+ pr_err(" size POOL_SIZE thtype { static | dynamic }\n");
+ pr_err(" devlink sb port pool show [ DEV/PORT_INDEX [ sb SB_INDEX ]\n");
+ pr_err(" pool POOL_INDEX ]\n");
+ pr_err(" devlink sb port pool set DEV/PORT_INDEX [ sb SB_INDEX ]\n");
+ pr_err(" pool POOL_INDEX th THRESHOLD\n");
+ pr_err(" devlink sb tc bind show [ DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n");
+ pr_err(" type { ingress | egress } ]\n");
+ pr_err(" devlink sb tc bind set DEV/PORT_INDEX [ sb SB_INDEX ] tc TC_INDEX\n");
+ pr_err(" type { ingress | egress } pool POOL_INDEX\n");
+ pr_err(" th THRESHOLD\n");
+ pr_err(" devlink sb occupancy show { DEV | DEV/PORT_INDEX } [ sb SB_INDEX ]\n");
+ pr_err(" devlink sb occupancy snapshot DEV [ sb SB_INDEX ]\n");
+ pr_err(" devlink sb occupancy clearmax DEV [ sb SB_INDEX ]\n");
+}
+
+static void pr_out_sb(struct dl *dl, struct nlattr **tb)
+{
+ pr_out_handle_start_arr(dl, tb);
+ pr_out_uint(dl, "sb",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]));
+ pr_out_uint(dl, "size",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_SIZE]));
+ pr_out_uint(dl, "ing_pools",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_INGRESS_POOL_COUNT]));
+ pr_out_uint(dl, "eg_pools",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_EGRESS_POOL_COUNT]));
+ pr_out_uint(dl, "ing_tcs",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_INGRESS_TC_COUNT]));
+ pr_out_uint(dl, "eg_tcs",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_EGRESS_TC_COUNT]));
+ pr_out_handle_end(dl);
+}
+
+static int cmd_sb_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_SB_INDEX] || !tb[DEVLINK_ATTR_SB_SIZE] ||
+ !tb[DEVLINK_ATTR_SB_INGRESS_POOL_COUNT] ||
+ !tb[DEVLINK_ATTR_SB_EGRESS_POOL_COUNT] ||
+ !tb[DEVLINK_ATTR_SB_INGRESS_TC_COUNT] ||
+ !tb[DEVLINK_ATTR_SB_EGRESS_TC_COUNT])
+ return MNL_CB_ERROR;
+ pr_out_sb(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_sb_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ if (dl_argc(dl) == 0)
+ flags |= NLM_F_DUMP;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_GET, flags);
+
+ if (dl_argc(dl) > 0) {
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, DL_OPT_SB);
+ if (err)
+ return err;
+ }
+
+ pr_out_section_start(dl, "sb");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_show_cb, dl);
+ pr_out_section_end(dl);
+ return err;
+}
+
+static const char *pool_type_name(uint8_t type)
+{
+ switch (type) {
+ case DEVLINK_SB_POOL_TYPE_INGRESS: return "ingress";
+ case DEVLINK_SB_POOL_TYPE_EGRESS: return "egress";
+ default: return "<unknown type>";
+ }
+}
+
+static const char *threshold_type_name(uint8_t type)
+{
+ switch (type) {
+ case DEVLINK_SB_THRESHOLD_TYPE_STATIC: return "static";
+ case DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC: return "dynamic";
+ default: return "<unknown type>";
+ }
+}
+
+static void pr_out_sb_pool(struct dl *dl, struct nlattr **tb)
+{
+ pr_out_handle_start_arr(dl, tb);
+ pr_out_uint(dl, "sb",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]));
+ pr_out_uint(dl, "pool",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]));
+ pr_out_str(dl, "type",
+ pool_type_name(mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_TYPE])));
+ pr_out_uint(dl, "size",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_POOL_SIZE]));
+ pr_out_str(dl, "thtype",
+ threshold_type_name(mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE])));
+ pr_out_handle_end(dl);
+}
+
+static int cmd_sb_pool_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_SB_INDEX] || !tb[DEVLINK_ATTR_SB_POOL_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_POOL_TYPE] || !tb[DEVLINK_ATTR_SB_POOL_SIZE] ||
+ !tb[DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE])
+ return MNL_CB_ERROR;
+ pr_out_sb_pool(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_sb_pool_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ if (dl_argc(dl) == 0)
+ flags |= NLM_F_DUMP;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_POOL_GET, flags);
+
+ if (dl_argc(dl) > 0) {
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE | DL_OPT_SB_POOL,
+ DL_OPT_SB);
+ if (err)
+ return err;
+ }
+
+ pr_out_section_start(dl, "pool");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_pool_show_cb, dl);
+ pr_out_section_end(dl);
+ return err;
+}
+
+static int cmd_sb_pool_set(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_POOL_SET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE | DL_OPT_SB_POOL |
+ DL_OPT_SB_SIZE | DL_OPT_SB_THTYPE, DL_OPT_SB);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_sb_pool(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list") || dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_sb_pool_show(dl);
+ } else if (dl_argv_match(dl, "set")) {
+ dl_arg_inc(dl);
+ return cmd_sb_pool_set(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static void pr_out_sb_port_pool(struct dl *dl, struct nlattr **tb)
+{
+ pr_out_port_handle_start_arr(dl, tb, true);
+ pr_out_uint(dl, "sb",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]));
+ pr_out_uint(dl, "pool",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]));
+ pr_out_uint(dl, "threshold",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_THRESHOLD]));
+ pr_out_port_handle_end(dl);
+}
+
+static int cmd_sb_port_pool_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] || !tb[DEVLINK_ATTR_SB_THRESHOLD])
+ return MNL_CB_ERROR;
+ pr_out_sb_port_pool(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_sb_port_pool_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ if (dl_argc(dl) == 0)
+ flags |= NLM_F_DUMP;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_PORT_POOL_GET, flags);
+
+ if (dl_argc(dl) > 0) {
+ err = dl_argv_parse_put(nlh, dl,
+ DL_OPT_HANDLEP | DL_OPT_SB_POOL,
+ DL_OPT_SB);
+ if (err)
+ return err;
+ }
+
+ pr_out_section_start(dl, "port_pool");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_port_pool_show_cb, dl);
+ pr_out_section_end(dl);
+ return 0;
+}
+
+static int cmd_sb_port_pool_set(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_PORT_POOL_SET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_SB_POOL |
+ DL_OPT_SB_TH, DL_OPT_SB);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_sb_port_pool(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list") || dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_sb_port_pool_show(dl);
+ } else if (dl_argv_match(dl, "set")) {
+ dl_arg_inc(dl);
+ return cmd_sb_port_pool_set(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static int cmd_sb_port(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "pool")) {
+ dl_arg_inc(dl);
+ return cmd_sb_port_pool(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static void pr_out_sb_tc_bind(struct dl *dl, struct nlattr **tb)
+{
+ pr_out_port_handle_start_arr(dl, tb, true);
+ pr_out_uint(dl, "sb",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_INDEX]));
+ pr_out_uint(dl, "tc",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_TC_INDEX]));
+ pr_out_str(dl, "type",
+ pool_type_name(mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_TYPE])));
+ pr_out_uint(dl, "pool",
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]));
+ pr_out_uint(dl, "threshold",
+ mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_THRESHOLD]));
+ pr_out_port_handle_end(dl);
+}
+
+static int cmd_sb_tc_bind_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_TC_INDEX] || !tb[DEVLINK_ATTR_SB_POOL_TYPE] ||
+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] || !tb[DEVLINK_ATTR_SB_THRESHOLD])
+ return MNL_CB_ERROR;
+ pr_out_sb_tc_bind(dl, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_sb_tc_bind_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ if (dl_argc(dl) == 0)
+ flags |= NLM_F_DUMP;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_TC_POOL_BIND_GET, flags);
+
+ if (dl_argc(dl) > 0) {
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_SB_TC |
+ DL_OPT_SB_TYPE, DL_OPT_SB);
+ if (err)
+ return err;
+ }
+
+ pr_out_section_start(dl, "tc_bind");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_sb_tc_bind_show_cb, dl);
+ pr_out_section_end(dl);
+ return err;
+}
+
+static int cmd_sb_tc_bind_set(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_TC_POOL_BIND_SET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLEP | DL_OPT_SB_TC |
+ DL_OPT_SB_TYPE | DL_OPT_SB_POOL | DL_OPT_SB_TH,
+ DL_OPT_SB);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_sb_tc_bind(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list") || dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_sb_tc_bind_show(dl);
+ } else if (dl_argv_match(dl, "set")) {
+ dl_arg_inc(dl);
+ return cmd_sb_tc_bind_set(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static int cmd_sb_tc(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "bind")) {
+ dl_arg_inc(dl);
+ return cmd_sb_tc_bind(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+struct occ_item {
+ struct list_head list;
+ uint32_t index;
+ uint32_t cur;
+ uint32_t max;
+ uint32_t bound_pool_index;
+};
+
+struct occ_port {
+ struct list_head list;
+ char *bus_name;
+ char *dev_name;
+ uint32_t port_index;
+ uint32_t sb_index;
+ struct list_head pool_list;
+ struct list_head ing_tc_list;
+ struct list_head eg_tc_list;
+};
+
+struct occ_show {
+ struct dl *dl;
+ int err;
+ struct list_head port_list;
+};
+
+static struct occ_item *occ_item_alloc(void)
+{
+ return calloc(1, sizeof(struct occ_item));
+}
+
+static void occ_item_free(struct occ_item *occ_item)
+{
+ free(occ_item);
+}
+
+static struct occ_port *occ_port_alloc(uint32_t port_index)
+{
+ struct occ_port *occ_port;
+
+ occ_port = calloc(1, sizeof(*occ_port));
+ if (!occ_port)
+ return NULL;
+ occ_port->port_index = port_index;
+ INIT_LIST_HEAD(&occ_port->pool_list);
+ INIT_LIST_HEAD(&occ_port->ing_tc_list);
+ INIT_LIST_HEAD(&occ_port->eg_tc_list);
+ return occ_port;
+}
+
+static void occ_port_free(struct occ_port *occ_port)
+{
+ struct occ_item *occ_item, *tmp;
+
+ list_for_each_entry_safe(occ_item, tmp, &occ_port->pool_list, list)
+ occ_item_free(occ_item);
+ list_for_each_entry_safe(occ_item, tmp, &occ_port->ing_tc_list, list)
+ occ_item_free(occ_item);
+ list_for_each_entry_safe(occ_item, tmp, &occ_port->eg_tc_list, list)
+ occ_item_free(occ_item);
+}
+
+static struct occ_show *occ_show_alloc(struct dl *dl)
+{
+ struct occ_show *occ_show;
+
+ occ_show = calloc(1, sizeof(*occ_show));
+ if (!occ_show)
+ return NULL;
+ occ_show->dl = dl;
+ INIT_LIST_HEAD(&occ_show->port_list);
+ return occ_show;
+}
+
+static void occ_show_free(struct occ_show *occ_show)
+{
+ struct occ_port *occ_port, *tmp;
+
+ list_for_each_entry_safe(occ_port, tmp, &occ_show->port_list, list)
+ occ_port_free(occ_port);
+}
+
+static struct occ_port *occ_port_get(struct occ_show *occ_show,
+ struct nlattr **tb)
+{
+ struct occ_port *occ_port;
+ uint32_t port_index;
+
+ port_index = mnl_attr_get_u32(tb[DEVLINK_ATTR_PORT_INDEX]);
+
+ list_for_each_entry_reverse(occ_port, &occ_show->port_list, list) {
+ if (occ_port->port_index == port_index)
+ return occ_port;
+ }
+ occ_port = occ_port_alloc(port_index);
+ if (!occ_port)
+ return NULL;
+ list_add_tail(&occ_port->list, &occ_show->port_list);
+ return occ_port;
+}
+
+static void pr_out_occ_show_item_list(const char *label, struct list_head *list,
+ bool bound_pool)
+{
+ struct occ_item *occ_item;
+ int i = 1;
+
+ pr_out_sp(7, " %s:", label);
+ list_for_each_entry(occ_item, list, list) {
+ if ((i - 1) % 4 == 0 && i != 1)
+ pr_out_sp(7, " ");
+ if (bound_pool)
+ pr_out_sp(7, "%2u(%u):", occ_item->index,
+ occ_item->bound_pool_index);
+ else
+ pr_out_sp(7, "%2u:", occ_item->index);
+ pr_out_sp(15, "%7u/%u", occ_item->cur, occ_item->max);
+ if (i++ % 4 == 0)
+ pr_out("\n");
+ }
+ if ((i - 1) % 4 != 0)
+ pr_out("\n");
+}
+
+static void pr_out_json_occ_show_item_list(struct dl *dl, const char *label,
+ struct list_head *list,
+ bool bound_pool)
+{
+ struct occ_item *occ_item;
+ char buf[32];
+
+ jsonw_name(dl->jw, label);
+ jsonw_start_object(dl->jw);
+ list_for_each_entry(occ_item, list, list) {
+ sprintf(buf, "%u", occ_item->index);
+ jsonw_name(dl->jw, buf);
+ jsonw_start_object(dl->jw);
+ if (bound_pool)
+ jsonw_uint_field(dl->jw, "bound_pool",
+ occ_item->bound_pool_index);
+ jsonw_uint_field(dl->jw, "current", occ_item->cur);
+ jsonw_uint_field(dl->jw, "max", occ_item->max);
+ jsonw_end_object(dl->jw);
+ }
+ jsonw_end_object(dl->jw);
+}
+
+static void pr_out_occ_show_port(struct dl *dl, struct occ_port *occ_port)
+{
+ if (dl->json_output) {
+ pr_out_json_occ_show_item_list(dl, "pool",
+ &occ_port->pool_list, false);
+ pr_out_json_occ_show_item_list(dl, "itc",
+ &occ_port->ing_tc_list, true);
+ pr_out_json_occ_show_item_list(dl, "etc",
+ &occ_port->eg_tc_list, true);
+ } else {
+ pr_out("\n");
+ pr_out_occ_show_item_list("pool", &occ_port->pool_list, false);
+ pr_out_occ_show_item_list("itc", &occ_port->ing_tc_list, true);
+ pr_out_occ_show_item_list("etc", &occ_port->eg_tc_list, true);
+ }
+}
+
+static void pr_out_occ_show(struct occ_show *occ_show)
+{
+ struct dl *dl = occ_show->dl;
+ struct dl_opts *opts = &dl->opts;
+ struct occ_port *occ_port;
+
+ list_for_each_entry(occ_port, &occ_show->port_list, list) {
+ __pr_out_port_handle_start(dl, opts->bus_name, opts->dev_name,
+ occ_port->port_index, true, false);
+ pr_out_occ_show_port(dl, occ_port);
+ pr_out_port_handle_end(dl);
+ }
+}
+
+static void cmd_sb_occ_port_pool_process(struct occ_show *occ_show,
+ struct nlattr **tb)
+{
+ struct occ_port *occ_port;
+ struct occ_item *occ_item;
+
+ if (occ_show->err || !dl_dump_filter(occ_show->dl, tb))
+ return;
+
+ occ_port = occ_port_get(occ_show, tb);
+ if (!occ_port) {
+ occ_show->err = -ENOMEM;
+ return;
+ }
+
+ occ_item = occ_item_alloc();
+ if (!occ_item) {
+ occ_show->err = -ENOMEM;
+ return;
+ }
+ occ_item->index = mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]);
+ occ_item->cur = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_CUR]);
+ occ_item->max = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_MAX]);
+ list_add_tail(&occ_item->list, &occ_port->pool_list);
+}
+
+static int cmd_sb_occ_port_pool_process_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct occ_show *occ_show = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_OCC_CUR] || !tb[DEVLINK_ATTR_SB_OCC_MAX])
+ return MNL_CB_ERROR;
+ cmd_sb_occ_port_pool_process(occ_show, tb);
+ return MNL_CB_OK;
+}
+
+static void cmd_sb_occ_tc_pool_process(struct occ_show *occ_show,
+ struct nlattr **tb)
+{
+ struct occ_port *occ_port;
+ struct occ_item *occ_item;
+ uint8_t pool_type;
+
+ if (occ_show->err || !dl_dump_filter(occ_show->dl, tb))
+ return;
+
+ occ_port = occ_port_get(occ_show, tb);
+ if (!occ_port) {
+ occ_show->err = -ENOMEM;
+ return;
+ }
+
+ occ_item = occ_item_alloc();
+ if (!occ_item) {
+ occ_show->err = -ENOMEM;
+ return;
+ }
+ occ_item->index = mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_TC_INDEX]);
+ occ_item->cur = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_CUR]);
+ occ_item->max = mnl_attr_get_u32(tb[DEVLINK_ATTR_SB_OCC_MAX]);
+ occ_item->bound_pool_index =
+ mnl_attr_get_u16(tb[DEVLINK_ATTR_SB_POOL_INDEX]);
+ pool_type = mnl_attr_get_u8(tb[DEVLINK_ATTR_SB_POOL_TYPE]);
+ if (pool_type == DEVLINK_SB_POOL_TYPE_INGRESS)
+ list_add_tail(&occ_item->list, &occ_port->ing_tc_list);
+ else if (pool_type == DEVLINK_SB_POOL_TYPE_EGRESS)
+ list_add_tail(&occ_item->list, &occ_port->eg_tc_list);
+ else
+ occ_item_free(occ_item);
+}
+
+static int cmd_sb_occ_tc_pool_process_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct occ_show *occ_show = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX] || !tb[DEVLINK_ATTR_SB_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_TC_INDEX] || !tb[DEVLINK_ATTR_SB_POOL_TYPE] ||
+ !tb[DEVLINK_ATTR_SB_POOL_INDEX] ||
+ !tb[DEVLINK_ATTR_SB_OCC_CUR] || !tb[DEVLINK_ATTR_SB_OCC_MAX])
+ return MNL_CB_ERROR;
+ cmd_sb_occ_tc_pool_process(occ_show, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_sb_occ_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ struct occ_show *occ_show;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP;
+ int err;
+
+ err = dl_argv_parse(dl, DL_OPT_HANDLE | DL_OPT_HANDLEP, DL_OPT_SB);
+ if (err)
+ return err;
+
+ occ_show = occ_show_alloc(dl);
+ if (!occ_show)
+ return -ENOMEM;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_PORT_POOL_GET, flags);
+
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh,
+ cmd_sb_occ_port_pool_process_cb, occ_show);
+ if (err)
+ goto out;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_TC_POOL_BIND_GET, flags);
+
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh,
+ cmd_sb_occ_tc_pool_process_cb, occ_show);
+ if (err)
+ goto out;
+
+ pr_out_section_start(dl, "occupancy");
+ pr_out_occ_show(occ_show);
+ pr_out_section_end(dl);
+
+out:
+ occ_show_free(occ_show);
+ return err;
+}
+
+static int cmd_sb_occ_snapshot(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_OCC_SNAPSHOT,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, DL_OPT_SB);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_sb_occ_clearmax(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_SB_OCC_MAX_CLEAR,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, DL_OPT_SB);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+static int cmd_sb_occ(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list")) {
+ dl_arg_inc(dl);
+ return cmd_sb_occ_show(dl);
+ } else if (dl_argv_match(dl, "snapshot")) {
+ dl_arg_inc(dl);
+ return cmd_sb_occ_snapshot(dl);
+ } else if (dl_argv_match(dl, "clearmax")) {
+ dl_arg_inc(dl);
+ return cmd_sb_occ_clearmax(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static int cmd_sb(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_sb_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show") ||
+ dl_argv_match(dl, "list") || dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_sb_show(dl);
+ } else if (dl_argv_match(dl, "pool")) {
+ dl_arg_inc(dl);
+ return cmd_sb_pool(dl);
+ } else if (dl_argv_match(dl, "port")) {
+ dl_arg_inc(dl);
+ return cmd_sb_port(dl);
+ } else if (dl_argv_match(dl, "tc")) {
+ dl_arg_inc(dl);
+ return cmd_sb_tc(dl);
+ } else if (dl_argv_match(dl, "occupancy")) {
+ dl_arg_inc(dl);
+ return cmd_sb_occ(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static const char *cmd_name(uint8_t cmd)
+{
+ switch (cmd) {
+ case DEVLINK_CMD_UNSPEC: return "unspec";
+ case DEVLINK_CMD_GET: return "get";
+ case DEVLINK_CMD_SET: return "set";
+ case DEVLINK_CMD_NEW: return "new";
+ case DEVLINK_CMD_DEL: return "del";
+ case DEVLINK_CMD_PORT_GET: return "get";
+ case DEVLINK_CMD_PORT_SET: return "set";
+ case DEVLINK_CMD_PORT_NEW: return "net";
+ case DEVLINK_CMD_PORT_DEL: return "del";
+ default: return "<unknown cmd>";
+ }
+}
+
+static const char *cmd_obj(uint8_t cmd)
+{
+ switch (cmd) {
+ case DEVLINK_CMD_UNSPEC: return "unspec";
+ case DEVLINK_CMD_GET:
+ case DEVLINK_CMD_SET:
+ case DEVLINK_CMD_NEW:
+ case DEVLINK_CMD_DEL:
+ return "dev";
+ case DEVLINK_CMD_PORT_GET:
+ case DEVLINK_CMD_PORT_SET:
+ case DEVLINK_CMD_PORT_NEW:
+ case DEVLINK_CMD_PORT_DEL:
+ return "port";
+ default: return "<unknown obj>";
+ }
+}
+
+static void pr_out_mon_header(uint8_t cmd)
+{
+ pr_out("[%s,%s] ", cmd_obj(cmd), cmd_name(cmd));
+}
+
+static bool cmd_filter_check(struct dl *dl, uint8_t cmd)
+{
+ const char *obj = cmd_obj(cmd);
+ unsigned int index = 0;
+ const char *cur_obj;
+
+ if (dl_no_arg(dl))
+ return true;
+ while ((cur_obj = dl_argv_index(dl, index++))) {
+ if (strcmp(cur_obj, obj) == 0 || strcmp(cur_obj, "all") == 0)
+ return true;
+ }
+ return false;
+}
+
+static int cmd_mon_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dl *dl = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ uint8_t cmd = genl->cmd;
+
+ if (!cmd_filter_check(dl, cmd))
+ return MNL_CB_OK;
+
+ switch (cmd) {
+ case DEVLINK_CMD_GET: /* fall through */
+ case DEVLINK_CMD_SET: /* fall through */
+ case DEVLINK_CMD_NEW: /* fall through */
+ case DEVLINK_CMD_DEL:
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME])
+ return MNL_CB_ERROR;
+ pr_out_mon_header(genl->cmd);
+ pr_out_dev(dl, tb);
+ break;
+ case DEVLINK_CMD_PORT_GET: /* fall through */
+ case DEVLINK_CMD_PORT_SET: /* fall through */
+ case DEVLINK_CMD_PORT_NEW: /* fall through */
+ case DEVLINK_CMD_PORT_DEL:
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_PORT_INDEX])
+ return MNL_CB_ERROR;
+ pr_out_mon_header(genl->cmd);
+ pr_out_port(dl, tb);
+ break;
+ }
+ return MNL_CB_OK;
+}
+
+static int cmd_mon_show(struct dl *dl)
+{
+ int err;
+ unsigned int index = 0;
+ const char *cur_obj;
+
+ while ((cur_obj = dl_argv_index(dl, index++))) {
+ if (strcmp(cur_obj, "all") != 0 &&
+ strcmp(cur_obj, "dev") != 0 &&
+ strcmp(cur_obj, "port") != 0) {
+ pr_err("Unknown object \"%s\"\n", cur_obj);
+ return -EINVAL;
+ }
+ }
+ err = _mnlg_socket_group_add(dl->nlg, DEVLINK_GENL_MCGRP_CONFIG_NAME);
+ if (err)
+ return err;
+ err = _mnlg_socket_recv_run(dl->nlg, cmd_mon_show_cb, dl);
+ if (err)
+ return err;
+ return 0;
+}
+
+static void cmd_mon_help(void)
+{
+ pr_err("Usage: devlink monitor [ all | OBJECT-LIST ]\n"
+ "where OBJECT-LIST := { dev | port }\n");
+}
+
+static int cmd_mon(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help")) {
+ cmd_mon_help();
+ return 0;
+ } else if (dl_no_arg(dl)) {
+ dl_arg_inc(dl);
+ return cmd_mon_show(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+struct dpipe_field {
+ char *name;
+ unsigned int id;
+ unsigned int bitwidth;
+ enum devlink_dpipe_field_mapping_type mapping_type;
+};
+
+struct dpipe_header {
+ struct list_head list;
+ char *name;
+ unsigned int id;
+ struct dpipe_field *fields;
+ unsigned int fields_count;
+};
+
+struct dpipe_ctx {
+ struct dl *dl;
+ int err;
+ struct list_head global_headers;
+ struct list_head local_headers;
+ bool print_headers;
+};
+
+static struct dpipe_header *dpipe_header_alloc(unsigned int fields_count)
+{
+ struct dpipe_header *header;
+
+ header = calloc(1, sizeof(struct dpipe_header));
+ if (!header)
+ return NULL;
+ header->fields = calloc(fields_count, sizeof(struct dpipe_field));
+ if (!header->fields)
+ goto err_fields_alloc;
+ header->fields_count = fields_count;
+ return header;
+
+err_fields_alloc:
+ free(header);
+ return NULL;
+}
+
+static void dpipe_header_free(struct dpipe_header *header)
+{
+ free(header->fields);
+ free(header);
+}
+
+static void dpipe_header_clear(struct dpipe_header *header)
+{
+ struct dpipe_field *field;
+ int i;
+
+ for (i = 0; i < header->fields_count; i++) {
+ field = &header->fields[i];
+ free(field->name);
+ }
+ free(header->name);
+}
+
+static void dpipe_header_add(struct dpipe_ctx *ctx,
+ struct dpipe_header *header, bool global)
+{
+ if (global)
+ list_add(&header->list, &ctx->global_headers);
+ else
+ list_add(&header->list, &ctx->local_headers);
+}
+
+static void dpipe_header_del(struct dpipe_header *header)
+{
+ list_del(&header->list);
+}
+
+static struct dpipe_ctx *dpipe_ctx_alloc(struct dl *dl)
+{
+ struct dpipe_ctx *ctx;
+
+ ctx = calloc(1, sizeof(struct dpipe_ctx));
+ if (!ctx)
+ return NULL;
+ ctx->dl = dl;
+ INIT_LIST_HEAD(&ctx->global_headers);
+ INIT_LIST_HEAD(&ctx->local_headers);
+ return ctx;
+}
+
+static void dpipe_ctx_free(struct dpipe_ctx *ctx)
+{
+ free(ctx);
+}
+
+static void dpipe_ctx_clear(struct dpipe_ctx *ctx)
+{
+ struct dpipe_header *header, *tmp;
+
+ list_for_each_entry_safe(header, tmp, &ctx->global_headers,
+ list) {
+ dpipe_header_del(header);
+ dpipe_header_clear(header);
+ dpipe_header_free(header);
+ }
+ list_for_each_entry_safe(header, tmp, &ctx->local_headers,
+ list) {
+ dpipe_header_del(header);
+ dpipe_header_clear(header);
+ dpipe_header_free(header);
+ }
+}
+
+static const char *dpipe_header_id2s(struct dpipe_ctx *ctx,
+ uint32_t header_id, bool global)
+{
+ struct list_head *header_list;
+ struct dpipe_header *header;
+
+ if (global)
+ header_list = &ctx->global_headers;
+ else
+ header_list = &ctx->local_headers;
+ list_for_each_entry(header, header_list, list) {
+ if (header->id != header_id)
+ continue;
+ return header->name;
+ }
+ return NULL;
+}
+
+static const char *dpipe_field_id2s(struct dpipe_ctx *ctx,
+ uint32_t header_id,
+ uint32_t field_id, bool global)
+{
+ struct list_head *header_list;
+ struct dpipe_header *header;
+
+ if (global)
+ header_list = &ctx->global_headers;
+ else
+ header_list = &ctx->local_headers;
+ list_for_each_entry(header, header_list, list) {
+ if (header->id != header_id)
+ continue;
+ return header->fields[field_id].name;
+ }
+ return NULL;
+}
+
+static const char *
+dpipe_field_mapping_e2s(enum devlink_dpipe_field_mapping_type mapping_type)
+{
+ switch (mapping_type) {
+ case DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE:
+ return NULL;
+ case DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX:
+ return "ifindex";
+ default:
+ return "<unknown>";
+ }
+}
+
+static const char *
+dpipe_mapping_get(struct dpipe_ctx *ctx, uint32_t header_id,
+ uint32_t field_id, bool global)
+{
+ enum devlink_dpipe_field_mapping_type mapping_type;
+ struct list_head *header_list;
+ struct dpipe_header *header;
+
+ if (global)
+ header_list = &ctx->global_headers;
+ else
+ header_list = &ctx->local_headers;
+ list_for_each_entry(header, header_list, list) {
+ if (header->id != header_id)
+ continue;
+ mapping_type = header->fields[field_id].mapping_type;
+ return dpipe_field_mapping_e2s(mapping_type);
+ }
+ return NULL;
+}
+
+static void pr_out_dpipe_fields(struct dpipe_ctx *ctx,
+ struct dpipe_field *fields,
+ unsigned int field_count)
+{
+ struct dpipe_field *field;
+ int i;
+
+ for (i = 0; i < field_count; i++) {
+ field = &fields[i];
+ pr_out_entry_start(ctx->dl);
+ pr_out_str(ctx->dl, "name", field->name);
+ if (ctx->dl->verbose)
+ pr_out_uint(ctx->dl, "id", field->id);
+ pr_out_uint(ctx->dl, "bitwidth", field->bitwidth);
+ if (field->mapping_type)
+ pr_out_str(ctx->dl, "mapping_type",
+ dpipe_field_mapping_e2s(field->mapping_type));
+ pr_out_entry_end(ctx->dl);
+ }
+}
+
+static void
+pr_out_dpipe_header(struct dpipe_ctx *ctx, struct nlattr **tb,
+ struct dpipe_header *header, bool global)
+{
+ pr_out_handle_start_arr(ctx->dl, tb);
+ pr_out_str(ctx->dl, "name", header->name);
+ if (ctx->dl->verbose) {
+ pr_out_uint(ctx->dl, "id", header->id);
+ pr_out_str(ctx->dl, "global",
+ global ? "true" : "false");
+ }
+ pr_out_array_start(ctx->dl, "field");
+ pr_out_dpipe_fields(ctx, header->fields,
+ header->fields_count);
+ pr_out_array_end(ctx->dl);
+ pr_out_handle_end(ctx->dl);
+}
+
+static void pr_out_dpipe_headers(struct dpipe_ctx *ctx,
+ struct nlattr **tb)
+{
+ struct dpipe_header *header;
+
+ list_for_each_entry(header, &ctx->local_headers, list)
+ pr_out_dpipe_header(ctx, tb, header, false);
+
+ list_for_each_entry(header, &ctx->global_headers, list)
+ pr_out_dpipe_header(ctx, tb, header, true);
+}
+
+static int dpipe_header_field_get(struct nlattr *nl, struct dpipe_field *field)
+{
+ struct nlattr *nla_field[DEVLINK_ATTR_MAX + 1] = {};
+ const char *name;
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_field);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+ if (!nla_field[DEVLINK_ATTR_DPIPE_FIELD_ID] ||
+ !nla_field[DEVLINK_ATTR_DPIPE_FIELD_NAME] ||
+ !nla_field[DEVLINK_ATTR_DPIPE_FIELD_BITWIDTH] ||
+ !nla_field[DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE])
+ return -EINVAL;
+
+ name = mnl_attr_get_str(nla_field[DEVLINK_ATTR_DPIPE_FIELD_NAME]);
+ field->id = mnl_attr_get_u32(nla_field[DEVLINK_ATTR_DPIPE_FIELD_ID]);
+ field->bitwidth = mnl_attr_get_u32(nla_field[DEVLINK_ATTR_DPIPE_FIELD_BITWIDTH]);
+ field->name = strdup(name);
+ if (!field->name)
+ return -ENOMEM;
+ field->mapping_type = mnl_attr_get_u32(nla_field[DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE]);
+ return 0;
+}
+
+static int dpipe_header_fields_get(struct nlattr *nla_fields,
+ struct dpipe_field *fields)
+{
+ struct nlattr *nla_field;
+ int count = 0;
+ int err;
+
+ mnl_attr_for_each_nested(nla_field, nla_fields) {
+ err = dpipe_header_field_get(nla_field, &fields[count]);
+ if (err)
+ return err;
+ count++;
+ }
+ return 0;
+}
+
+static unsigned int dpipe_header_field_count_get(struct nlattr *nla_fields)
+{
+ struct nlattr *nla_field;
+ unsigned int count = 0;
+
+ mnl_attr_for_each_nested(nla_field, nla_fields)
+ count++;
+ return count;
+}
+
+static int dpipe_header_get(struct dpipe_ctx *ctx, struct nlattr *nl)
+{
+ struct nlattr *nla_header[DEVLINK_ATTR_MAX + 1] = {};
+ struct dpipe_header *header;
+ unsigned int fields_count;
+ const char *header_name;
+ bool global;
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_header);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_header[DEVLINK_ATTR_DPIPE_HEADER_NAME] ||
+ !nla_header[DEVLINK_ATTR_DPIPE_HEADER_ID] ||
+ !nla_header[DEVLINK_ATTR_DPIPE_HEADER_FIELDS])
+ return -EINVAL;
+
+ fields_count = dpipe_header_field_count_get(nla_header[DEVLINK_ATTR_DPIPE_HEADER_FIELDS]);
+ header = dpipe_header_alloc(fields_count);
+ if (!header)
+ return -ENOMEM;
+
+ header_name = mnl_attr_get_str(nla_header[DEVLINK_ATTR_DPIPE_HEADER_NAME]);
+ header->name = strdup(header_name);
+ header->id = mnl_attr_get_u32(nla_header[DEVLINK_ATTR_DPIPE_HEADER_ID]);
+ header->fields_count = fields_count;
+ global = !!mnl_attr_get_u8(nla_header[DEVLINK_ATTR_DPIPE_HEADER_GLOBAL]);
+
+ err = dpipe_header_fields_get(nla_header[DEVLINK_ATTR_DPIPE_HEADER_FIELDS],
+ header->fields);
+ if (err)
+ goto err_field_get;
+ dpipe_header_add(ctx, header, global);
+ return 0;
+
+err_field_get:
+ dpipe_header_free(header);
+ return err;
+}
+
+static int dpipe_headers_get(struct dpipe_ctx *ctx, struct nlattr **tb)
+{
+ struct nlattr *nla_headers = tb[DEVLINK_ATTR_DPIPE_HEADERS];
+ struct nlattr *nla_header;
+ int err;
+
+ mnl_attr_for_each_nested(nla_header, nla_headers) {
+ err = dpipe_header_get(ctx, nla_header);
+ if (err)
+ return err;
+ }
+ return 0;
+}
+
+static int cmd_dpipe_header_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dpipe_ctx *ctx = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ int err;
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_DPIPE_HEADERS])
+ return MNL_CB_ERROR;
+ err = dpipe_headers_get(ctx, tb);
+ if (err) {
+ ctx->err = err;
+ return MNL_CB_ERROR;
+ }
+
+ if (ctx->print_headers)
+ pr_out_dpipe_headers(ctx, tb);
+ return MNL_CB_OK;
+}
+
+static int cmd_dpipe_headers_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ struct dpipe_ctx *ctx;
+ uint16_t flags = NLM_F_REQUEST | NLM_F_ACK;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_DPIPE_HEADERS_GET, flags);
+
+ err = dl_argv_parse_put(nlh, dl, DL_OPT_HANDLE, 0);
+ if (err)
+ return err;
+
+ ctx = dpipe_ctx_alloc(dl);
+ if (!ctx)
+ return -ENOMEM;
+
+ ctx->print_headers = true;
+
+ pr_out_section_start(dl, "header");
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dpipe_header_cb, ctx);
+ if (err)
+ pr_err("error get headers %s\n", strerror(ctx->err));
+ pr_out_section_end(dl);
+
+ dpipe_ctx_clear(ctx);
+ dpipe_ctx_free(ctx);
+ return err;
+}
+
+static void cmd_dpipe_header_help(void)
+{
+ pr_err("Usage: devlink dpipe headers show DEV\n");
+}
+
+static int cmd_dpipe_header(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_dpipe_header_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe_headers_show(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static const char
+*dpipe_action_type_e2s(enum devlink_dpipe_action_type action_type)
+{
+ switch (action_type) {
+ case DEVLINK_DPIPE_ACTION_TYPE_FIELD_MODIFY:
+ return "field_modify";
+ default:
+ return "<unknown>";
+ }
+}
+
+struct dpipe_op_info {
+ uint32_t header_id;
+ uint32_t field_id;
+ bool header_global;
+};
+
+struct dpipe_action {
+ struct dpipe_op_info info;
+ uint32_t type;
+};
+
+static void pr_out_dpipe_action(struct dpipe_action *action,
+ struct dpipe_ctx *ctx)
+{
+ struct dpipe_op_info *op_info = &action->info;
+ const char *mapping;
+
+ pr_out_str(ctx->dl, "type",
+ dpipe_action_type_e2s(action->type));
+ pr_out_str(ctx->dl, "header",
+ dpipe_header_id2s(ctx, op_info->header_id,
+ op_info->header_global));
+ pr_out_str(ctx->dl, "field",
+ dpipe_field_id2s(ctx, op_info->header_id,
+ op_info->field_id,
+ op_info->header_global));
+ mapping = dpipe_mapping_get(ctx, op_info->header_id,
+ op_info->field_id,
+ op_info->header_global);
+ if (mapping)
+ pr_out_str(ctx->dl, "mapping", mapping);
+}
+
+static int dpipe_action_parse(struct dpipe_action *action, struct nlattr *nl)
+{
+ struct nlattr *nla_action[DEVLINK_ATTR_MAX + 1] = {};
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_action);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_action[DEVLINK_ATTR_DPIPE_ACTION_TYPE] ||
+ !nla_action[DEVLINK_ATTR_DPIPE_HEADER_INDEX] ||
+ !nla_action[DEVLINK_ATTR_DPIPE_HEADER_ID] ||
+ !nla_action[DEVLINK_ATTR_DPIPE_FIELD_ID]) {
+ return -EINVAL;
+ }
+
+ action->type = mnl_attr_get_u32(nla_action[DEVLINK_ATTR_DPIPE_ACTION_TYPE]);
+ action->info.header_id = mnl_attr_get_u32(nla_action[DEVLINK_ATTR_DPIPE_HEADER_ID]);
+ action->info.field_id = mnl_attr_get_u32(nla_action[DEVLINK_ATTR_DPIPE_FIELD_ID]);
+ action->info.header_global = !!mnl_attr_get_u8(nla_action[DEVLINK_ATTR_DPIPE_HEADER_GLOBAL]);
+
+ return 0;
+}
+
+static int dpipe_table_actions_show(struct dpipe_ctx *ctx,
+ struct nlattr *nla_actions)
+{
+ struct nlattr *nla_action;
+ struct dpipe_action action;
+
+ mnl_attr_for_each_nested(nla_action, nla_actions) {
+ pr_out_entry_start(ctx->dl);
+ if (dpipe_action_parse(&action, nla_action))
+ goto err_action_parse;
+ pr_out_dpipe_action(&action, ctx);
+ pr_out_entry_end(ctx->dl);
+ }
+ return 0;
+
+err_action_parse:
+ pr_out_entry_end(ctx->dl);
+ return -EINVAL;
+}
+
+static const char *
+dpipe_match_type_e2s(enum devlink_dpipe_match_type match_type)
+{
+ switch (match_type) {
+ case DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT:
+ return "field_exact";
+ default:
+ return "<unknown>";
+ }
+}
+
+struct dpipe_match {
+ struct dpipe_op_info info;
+ uint32_t type;
+};
+
+static void pr_out_dpipe_match(struct dpipe_match *match,
+ struct dpipe_ctx *ctx)
+{
+ struct dpipe_op_info *op_info = &match->info;
+ const char *mapping;
+
+ pr_out_str(ctx->dl, "type",
+ dpipe_match_type_e2s(match->type));
+ pr_out_str(ctx->dl, "header",
+ dpipe_header_id2s(ctx, op_info->header_id,
+ op_info->header_global));
+ pr_out_str(ctx->dl, "field",
+ dpipe_field_id2s(ctx, op_info->header_id,
+ op_info->field_id,
+ op_info->header_global));
+ mapping = dpipe_mapping_get(ctx, op_info->header_id,
+ op_info->field_id,
+ op_info->header_global);
+ if (mapping)
+ pr_out_str(ctx->dl, "mapping", mapping);
+}
+
+static int dpipe_match_parse(struct dpipe_match *match,
+ struct nlattr *nl)
+
+{
+ struct nlattr *nla_match[DEVLINK_ATTR_MAX + 1] = {};
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_match);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_match[DEVLINK_ATTR_DPIPE_MATCH_TYPE] ||
+ !nla_match[DEVLINK_ATTR_DPIPE_HEADER_INDEX] ||
+ !nla_match[DEVLINK_ATTR_DPIPE_HEADER_ID] ||
+ !nla_match[DEVLINK_ATTR_DPIPE_FIELD_ID]) {
+ return -EINVAL;
+ }
+
+ match->type = mnl_attr_get_u32(nla_match[DEVLINK_ATTR_DPIPE_MATCH_TYPE]);
+ match->info.header_id = mnl_attr_get_u32(nla_match[DEVLINK_ATTR_DPIPE_HEADER_ID]);
+ match->info.field_id = mnl_attr_get_u32(nla_match[DEVLINK_ATTR_DPIPE_FIELD_ID]);
+ match->info.header_global = !!mnl_attr_get_u8(nla_match[DEVLINK_ATTR_DPIPE_HEADER_GLOBAL]);
+
+ return 0;
+}
+
+static int dpipe_table_matches_show(struct dpipe_ctx *ctx,
+ struct nlattr *nla_matches)
+{
+ struct nlattr *nla_match;
+ struct dpipe_match match;
+
+ mnl_attr_for_each_nested(nla_match, nla_matches) {
+ pr_out_entry_start(ctx->dl);
+ if (dpipe_match_parse(&match, nla_match))
+ goto err_match_parse;
+ pr_out_dpipe_match(&match, ctx);
+ pr_out_entry_end(ctx->dl);
+ }
+ return 0;
+
+err_match_parse:
+ pr_out_entry_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int dpipe_table_show(struct dpipe_ctx *ctx, struct nlattr *nl)
+{
+ struct nlattr *nla_table[DEVLINK_ATTR_MAX + 1] = {};
+ bool counters_enabled;
+ const char *name;
+ uint32_t size;
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_table);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_table[DEVLINK_ATTR_DPIPE_TABLE_NAME] ||
+ !nla_table[DEVLINK_ATTR_DPIPE_TABLE_SIZE] ||
+ !nla_table[DEVLINK_ATTR_DPIPE_TABLE_ACTIONS] ||
+ !nla_table[DEVLINK_ATTR_DPIPE_TABLE_MATCHES] ||
+ !nla_table[DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED]) {
+ return -EINVAL;
+ }
+
+ name = mnl_attr_get_str(nla_table[DEVLINK_ATTR_DPIPE_TABLE_NAME]);
+ size = mnl_attr_get_u32(nla_table[DEVLINK_ATTR_DPIPE_TABLE_SIZE]);
+ counters_enabled = !!mnl_attr_get_u8(nla_table[DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED]);
+
+ pr_out_str(ctx->dl, "name", name);
+ pr_out_uint(ctx->dl, "size", size);
+ pr_out_str(ctx->dl, "counters_enabled",
+ counters_enabled ? "true" : "false");
+
+ pr_out_array_start(ctx->dl, "match");
+ if (dpipe_table_matches_show(ctx, nla_table[DEVLINK_ATTR_DPIPE_TABLE_MATCHES]))
+ goto err_matches_show;
+ pr_out_array_end(ctx->dl);
+
+ pr_out_array_start(ctx->dl, "action");
+ if (dpipe_table_actions_show(ctx, nla_table[DEVLINK_ATTR_DPIPE_TABLE_ACTIONS]))
+ goto err_actions_show;
+ pr_out_array_end(ctx->dl);
+
+ return 0;
+
+err_actions_show:
+err_matches_show:
+ pr_out_array_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int dpipe_tables_show(struct dpipe_ctx *ctx, struct nlattr **tb)
+{
+ struct nlattr *nla_tables = tb[DEVLINK_ATTR_DPIPE_TABLES];
+ struct nlattr *nla_table;
+
+ mnl_attr_for_each_nested(nla_table, nla_tables) {
+ pr_out_handle_start_arr(ctx->dl, tb);
+ if (dpipe_table_show(ctx, nla_table))
+ goto err_table_show;
+ pr_out_handle_end(ctx->dl);
+ }
+ return 0;
+
+err_table_show:
+ pr_out_handle_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int cmd_dpipe_table_show_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dpipe_ctx *ctx = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_DPIPE_TABLES])
+ return MNL_CB_ERROR;
+
+ if (dpipe_tables_show(ctx, tb))
+ return MNL_CB_ERROR;
+ return MNL_CB_OK;
+}
+
+static int cmd_dpipe_table_show(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ struct dpipe_ctx *ctx;
+ uint16_t flags = NLM_F_REQUEST;
+ int err;
+
+ ctx = dpipe_ctx_alloc(dl);
+ if (!ctx)
+ return -ENOMEM;
+
+ err = dl_argv_parse(dl, DL_OPT_HANDLE, DL_OPT_DPIPE_TABLE_NAME);
+ if (err)
+ goto out;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_DPIPE_HEADERS_GET, flags);
+ dl_opts_put(nlh, dl);
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dpipe_header_cb, ctx);
+ if (err) {
+ pr_err("error get headers %s\n", strerror(ctx->err));
+ goto out;
+ }
+
+ flags = NLM_F_REQUEST | NLM_F_ACK;
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_DPIPE_TABLE_GET, flags);
+ dl_opts_put(nlh, dl);
+
+ pr_out_section_start(dl, "table");
+ _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dpipe_table_show_cb, ctx);
+ pr_out_section_end(dl);
+out:
+ dpipe_ctx_clear(ctx);
+ dpipe_ctx_free(ctx);
+ return err;
+}
+
+static int cmd_dpipe_table_set(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_DPIPE_TABLE_COUNTERS_SET,
+ NLM_F_REQUEST | NLM_F_ACK);
+
+ err = dl_argv_parse_put(nlh, dl,
+ DL_OPT_HANDLE | DL_OPT_DPIPE_TABLE_NAME |
+ DL_OPT_DPIPE_TABLE_COUNTERS, 0);
+ if (err)
+ return err;
+
+ return _mnlg_socket_sndrcv(dl->nlg, nlh, NULL, NULL);
+}
+
+enum dpipe_value_type {
+ DPIPE_VALUE_TYPE_VALUE,
+ DPIPE_VALUE_TYPE_MASK,
+};
+
+static const char *
+dpipe_value_type_e2s(enum dpipe_value_type type)
+{
+ switch (type) {
+ case DPIPE_VALUE_TYPE_VALUE:
+ return "value";
+ case DPIPE_VALUE_TYPE_MASK:
+ return "value_mask";
+ default:
+ return "<unknown>";
+ }
+}
+
+struct dpipe_field_printer {
+ unsigned int field_id;
+ void (*printer)(struct dpipe_ctx *, enum dpipe_value_type, void *);
+};
+
+struct dpipe_header_printer {
+ struct dpipe_field_printer *printers;
+ unsigned int printers_count;
+ unsigned int header_id;
+};
+
+static void dpipe_field_printer_ipv4_addr(struct dpipe_ctx *ctx,
+ enum dpipe_value_type type,
+ void *value)
+{
+ struct in_addr ip_addr;
+
+ ip_addr.s_addr = htonl(*(uint32_t *)value);
+ pr_out_str(ctx->dl, dpipe_value_type_e2s(type), inet_ntoa(ip_addr));
+}
+
+static void
+dpipe_field_printer_ethernet_addr(struct dpipe_ctx *ctx,
+ enum dpipe_value_type type,
+ void *value)
+{
+ pr_out_str(ctx->dl, dpipe_value_type_e2s(type),
+ ether_ntoa((struct ether_addr *)value));
+}
+
+static void dpipe_field_printer_ipv6_addr(struct dpipe_ctx *ctx,
+ enum dpipe_value_type type,
+ void *value)
+{
+ char str[INET6_ADDRSTRLEN];
+
+ inet_ntop(AF_INET6, value, str, INET6_ADDRSTRLEN);
+ pr_out_str(ctx->dl, dpipe_value_type_e2s(type), str);
+}
+
+static struct dpipe_field_printer dpipe_field_printers_ipv4[] = {
+ {
+ .printer = dpipe_field_printer_ipv4_addr,
+ .field_id = DEVLINK_DPIPE_FIELD_IPV4_DST_IP,
+ }
+};
+
+static struct dpipe_header_printer dpipe_header_printer_ipv4 = {
+ .printers = dpipe_field_printers_ipv4,
+ .printers_count = ARRAY_SIZE(dpipe_field_printers_ipv4),
+ .header_id = DEVLINK_DPIPE_HEADER_IPV4,
+};
+
+static struct dpipe_field_printer dpipe_field_printers_ethernet[] = {
+ {
+ .printer = dpipe_field_printer_ethernet_addr,
+ .field_id = DEVLINK_DPIPE_FIELD_ETHERNET_DST_MAC,
+ },
+};
+
+static struct dpipe_header_printer dpipe_header_printer_ethernet = {
+ .printers = dpipe_field_printers_ethernet,
+ .printers_count = ARRAY_SIZE(dpipe_field_printers_ethernet),
+ .header_id = DEVLINK_DPIPE_HEADER_ETHERNET,
+};
+
+static struct dpipe_field_printer dpipe_field_printers_ipv6[] = {
+ {
+ .printer = dpipe_field_printer_ipv6_addr,
+ .field_id = DEVLINK_DPIPE_FIELD_IPV6_DST_IP,
+ }
+};
+
+static struct dpipe_header_printer dpipe_header_printer_ipv6 = {
+ .printers = dpipe_field_printers_ipv6,
+ .printers_count = ARRAY_SIZE(dpipe_field_printers_ipv6),
+ .header_id = DEVLINK_DPIPE_HEADER_IPV6,
+};
+
+static struct dpipe_header_printer *dpipe_header_printers[] = {
+ &dpipe_header_printer_ipv4,
+ &dpipe_header_printer_ethernet,
+ &dpipe_header_printer_ipv6,
+};
+
+static int dpipe_print_prot_header(struct dpipe_ctx *ctx,
+ struct dpipe_op_info *info,
+ enum dpipe_value_type type,
+ void *value)
+{
+ unsigned int header_printers_count = ARRAY_SIZE(dpipe_header_printers);
+ struct dpipe_header_printer *header_printer;
+ struct dpipe_field_printer *field_printer;
+ unsigned int field_printers_count;
+ int j;
+ int i;
+
+ for (i = 0; i < header_printers_count; i++) {
+ header_printer = dpipe_header_printers[i];
+ if (header_printer->header_id != info->header_id)
+ continue;
+ field_printers_count = header_printer->printers_count;
+ for (j = 0; j < field_printers_count; j++) {
+ field_printer = &header_printer->printers[j];
+ if (field_printer->field_id != info->field_id)
+ continue;
+ field_printer->printer(ctx, type, value);
+ return 0;
+ }
+ }
+
+ return -EINVAL;
+}
+
+static void __pr_out_entry_value(struct dpipe_ctx *ctx,
+ void *value,
+ unsigned int value_len,
+ struct dpipe_op_info *info,
+ enum dpipe_value_type type)
+{
+ if (info->header_global &&
+ !dpipe_print_prot_header(ctx, info, type, value))
+ return;
+
+ if (value_len == sizeof(uint32_t)) {
+ uint32_t *value_32 = value;
+
+ pr_out_uint(ctx->dl, dpipe_value_type_e2s(type), *value_32);
+ }
+}
+
+static void pr_out_dpipe_entry_value(struct dpipe_ctx *ctx,
+ struct nlattr **nla_match_value,
+ struct dpipe_op_info *info)
+{
+ void *value, *value_mask;
+ uint32_t value_mapping;
+ uint16_t value_len;
+ bool mask, mapping;
+
+ mask = !!nla_match_value[DEVLINK_ATTR_DPIPE_VALUE_MASK];
+ mapping = !!nla_match_value[DEVLINK_ATTR_DPIPE_VALUE_MAPPING];
+
+ value_len = mnl_attr_get_payload_len(nla_match_value[DEVLINK_ATTR_DPIPE_VALUE]);
+ value = mnl_attr_get_payload(nla_match_value[DEVLINK_ATTR_DPIPE_VALUE]);
+
+ if (mapping) {
+ value_mapping = mnl_attr_get_u32(nla_match_value[DEVLINK_ATTR_DPIPE_VALUE_MAPPING]);
+ pr_out_uint(ctx->dl, "mapping_value", value_mapping);
+ }
+
+ if (mask) {
+ value_mask = mnl_attr_get_payload(nla_match_value[DEVLINK_ATTR_DPIPE_VALUE]);
+ __pr_out_entry_value(ctx, value_mask, value_len, info,
+ DPIPE_VALUE_TYPE_MASK);
+ }
+
+ __pr_out_entry_value(ctx, value, value_len, info, DPIPE_VALUE_TYPE_VALUE);
+}
+
+static int dpipe_entry_match_value_show(struct dpipe_ctx *ctx,
+ struct nlattr *nl)
+{
+ struct nlattr *nla_match_value[DEVLINK_ATTR_MAX + 1] = {};
+ struct dpipe_match match;
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_match_value);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_match_value[DEVLINK_ATTR_DPIPE_MATCH] ||
+ !nla_match_value[DEVLINK_ATTR_DPIPE_VALUE]) {
+ return -EINVAL;
+ }
+
+ pr_out_entry_start(ctx->dl);
+ if (dpipe_match_parse(&match,
+ nla_match_value[DEVLINK_ATTR_DPIPE_MATCH]))
+ goto err_match_parse;
+ pr_out_dpipe_match(&match, ctx);
+ pr_out_dpipe_entry_value(ctx, nla_match_value, &match.info);
+ pr_out_entry_end(ctx->dl);
+
+ return 0;
+
+err_match_parse:
+ pr_out_entry_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int dpipe_entry_action_value_show(struct dpipe_ctx *ctx,
+ struct nlattr *nl)
+{
+ struct nlattr *nla_action_value[DEVLINK_ATTR_MAX + 1] = {};
+ struct dpipe_action action;
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_action_value);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_action_value[DEVLINK_ATTR_DPIPE_ACTION] ||
+ !nla_action_value[DEVLINK_ATTR_DPIPE_VALUE]) {
+ return -EINVAL;
+ }
+
+ pr_out_entry_start(ctx->dl);
+ if (dpipe_action_parse(&action,
+ nla_action_value[DEVLINK_ATTR_DPIPE_ACTION]))
+ goto err_action_parse;
+ pr_out_dpipe_action(&action, ctx);
+ pr_out_dpipe_entry_value(ctx, nla_action_value, &action.info);
+ pr_out_entry_end(ctx->dl);
+
+ return 0;
+
+err_action_parse:
+ pr_out_entry_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int
+dpipe_tables_action_values_show(struct dpipe_ctx *ctx,
+ struct nlattr *nla_action_values)
+{
+ struct nlattr *nla_action_value;
+
+ mnl_attr_for_each_nested(nla_action_value, nla_action_values) {
+ if (dpipe_entry_action_value_show(ctx, nla_action_value))
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int
+dpipe_tables_match_values_show(struct dpipe_ctx *ctx,
+ struct nlattr *nla_match_values)
+{
+ struct nlattr *nla_match_value;
+
+ mnl_attr_for_each_nested(nla_match_value, nla_match_values) {
+ if (dpipe_entry_match_value_show(ctx, nla_match_value))
+ return -EINVAL;
+ }
+ return 0;
+}
+
+static int dpipe_entry_show(struct dpipe_ctx *ctx, struct nlattr *nl)
+{
+ struct nlattr *nla_entry[DEVLINK_ATTR_MAX + 1] = {};
+ uint32_t entry_index;
+ uint64_t counter;
+ int err;
+
+ err = mnl_attr_parse_nested(nl, attr_cb, nla_entry);
+ if (err != MNL_CB_OK)
+ return -EINVAL;
+
+ if (!nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_INDEX] ||
+ !nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_MATCH_VALUES] ||
+ !nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_ACTION_VALUES]) {
+ return -EINVAL;
+ }
+
+ entry_index = mnl_attr_get_u32(nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_INDEX]);
+ pr_out_uint(ctx->dl, "index", entry_index);
+
+ if (nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_COUNTER]) {
+ counter = mnl_attr_get_u64(nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_COUNTER]);
+ pr_out_uint(ctx->dl, "counter", counter);
+ }
+
+ pr_out_array_start(ctx->dl, "match_value");
+ if (dpipe_tables_match_values_show(ctx,
+ nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_MATCH_VALUES]))
+ goto err_match_values_show;
+ pr_out_array_end(ctx->dl);
+
+ pr_out_array_start(ctx->dl, "action_value");
+ if (dpipe_tables_action_values_show(ctx,
+ nla_entry[DEVLINK_ATTR_DPIPE_ENTRY_ACTION_VALUES]))
+ goto err_action_values_show;
+ pr_out_array_end(ctx->dl);
+ return 0;
+
+err_action_values_show:
+err_match_values_show:
+ pr_out_array_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int dpipe_table_entries_show(struct dpipe_ctx *ctx, struct nlattr **tb)
+{
+ struct nlattr *nla_entries = tb[DEVLINK_ATTR_DPIPE_ENTRIES];
+ struct nlattr *nla_entry;
+
+ mnl_attr_for_each_nested(nla_entry, nla_entries) {
+ pr_out_handle_start_arr(ctx->dl, tb);
+ if (dpipe_entry_show(ctx, nla_entry))
+ goto err_entry_show;
+ pr_out_handle_end(ctx->dl);
+ }
+ return 0;
+
+err_entry_show:
+ pr_out_handle_end(ctx->dl);
+ return -EINVAL;
+}
+
+static int cmd_dpipe_table_entry_dump_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct dpipe_ctx *ctx = data;
+ struct nlattr *tb[DEVLINK_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), attr_cb, tb);
+ if (!tb[DEVLINK_ATTR_BUS_NAME] || !tb[DEVLINK_ATTR_DEV_NAME] ||
+ !tb[DEVLINK_ATTR_DPIPE_ENTRIES])
+ return MNL_CB_ERROR;
+
+ if (dpipe_table_entries_show(ctx, tb))
+ return MNL_CB_ERROR;
+ return MNL_CB_OK;
+}
+
+static int cmd_dpipe_table_dump(struct dl *dl)
+{
+ struct nlmsghdr *nlh;
+ struct dpipe_ctx *ctx;
+ uint16_t flags = NLM_F_REQUEST;
+ int err;
+
+ ctx = dpipe_ctx_alloc(dl);
+ if (!ctx)
+ return -ENOMEM;
+
+ err = dl_argv_parse(dl, DL_OPT_HANDLE | DL_OPT_DPIPE_TABLE_NAME, 0);
+ if (err)
+ goto out;
+
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_DPIPE_HEADERS_GET, flags);
+ dl_opts_put(nlh, dl);
+ err = _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dpipe_header_cb, ctx);
+ if (err) {
+ pr_err("error get headers %s\n", strerror(ctx->err));
+ goto out;
+ }
+
+ flags = NLM_F_REQUEST | NLM_F_ACK;
+ nlh = mnlg_msg_prepare(dl->nlg, DEVLINK_CMD_DPIPE_ENTRIES_GET, flags);
+ dl_opts_put(nlh, dl);
+
+ pr_out_section_start(dl, "table_entry");
+ _mnlg_socket_sndrcv(dl->nlg, nlh, cmd_dpipe_table_entry_dump_cb, ctx);
+ pr_out_section_end(dl);
+out:
+ dpipe_ctx_clear(ctx);
+ dpipe_ctx_free(ctx);
+ return err;
+}
+
+static void cmd_dpipe_table_help(void)
+{
+ pr_err("Usage: devlink dpipe table [ OBJECT-LIST ]\n"
+ "where OBJECT-LIST := { show | set | dump }\n");
+}
+
+static int cmd_dpipe_table(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_dpipe_table_help();
+ return 0;
+ } else if (dl_argv_match(dl, "show")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe_table_show(dl);
+ } else if (dl_argv_match(dl, "set")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe_table_set(dl);
+ } else if (dl_argv_match(dl, "dump")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe_table_dump(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static void cmd_dpipe_help(void)
+{
+ pr_err("Usage: devlink dpipe [ OBJECT-LIST ]\n"
+ "where OBJECT-LIST := { header | table }\n");
+}
+
+static int cmd_dpipe(struct dl *dl)
+{
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ cmd_dpipe_help();
+ return 0;
+ } else if (dl_argv_match(dl, "header")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe_header(dl);
+ } else if (dl_argv_match(dl, "table")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe_table(dl);
+ }
+ pr_err("Command \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static void help(void)
+{
+ pr_err("Usage: devlink [ OPTIONS ] OBJECT { COMMAND | help }\n"
+ " devlink [ -f[orce] ] -b[atch] filename\n"
+ "where OBJECT := { dev | port | sb | monitor | dpipe }\n"
+ " OPTIONS := { -V[ersion] | -n[no-nice-names] | -j[json] | -p[pretty] | -v[verbose] }\n");
+}
+
+static int dl_cmd(struct dl *dl, int argc, char **argv)
+{
+ dl->argc = argc;
+ dl->argv = argv;
+
+ if (dl_argv_match(dl, "help") || dl_no_arg(dl)) {
+ help();
+ return 0;
+ } else if (dl_argv_match(dl, "dev")) {
+ dl_arg_inc(dl);
+ return cmd_dev(dl);
+ } else if (dl_argv_match(dl, "port")) {
+ dl_arg_inc(dl);
+ return cmd_port(dl);
+ } else if (dl_argv_match(dl, "sb")) {
+ dl_arg_inc(dl);
+ return cmd_sb(dl);
+ } else if (dl_argv_match(dl, "monitor")) {
+ dl_arg_inc(dl);
+ return cmd_mon(dl);
+ } else if (dl_argv_match(dl, "dpipe")) {
+ dl_arg_inc(dl);
+ return cmd_dpipe(dl);
+ }
+ pr_err("Object \"%s\" not found\n", dl_argv(dl));
+ return -ENOENT;
+}
+
+static int dl_init(struct dl *dl)
+{
+ int err;
+
+ dl->nlg = mnlg_socket_open(DEVLINK_GENL_NAME, DEVLINK_GENL_VERSION);
+ if (!dl->nlg) {
+ pr_err("Failed to connect to devlink Netlink\n");
+ return -errno;
+ }
+
+ err = ifname_map_init(dl);
+ if (err) {
+ pr_err("Failed to create index map\n");
+ goto err_ifname_map_create;
+ }
+ if (dl->json_output) {
+ dl->jw = jsonw_new(stdout);
+ if (!dl->jw) {
+ pr_err("Failed to create JSON writer\n");
+ goto err_json_new;
+ }
+ jsonw_pretty(dl->jw, dl->pretty_output);
+ }
+ return 0;
+
+err_json_new:
+ ifname_map_fini(dl);
+err_ifname_map_create:
+ mnlg_socket_close(dl->nlg);
+ return err;
+}
+
+static void dl_fini(struct dl *dl)
+{
+ if (dl->json_output)
+ jsonw_destroy(&dl->jw);
+ ifname_map_fini(dl);
+ mnlg_socket_close(dl->nlg);
+}
+
+static struct dl *dl_alloc(void)
+{
+ struct dl *dl;
+
+ dl = calloc(1, sizeof(*dl));
+ if (!dl)
+ return NULL;
+ return dl;
+}
+
+static void dl_free(struct dl *dl)
+{
+ free(dl);
+}
+
+static int dl_batch(struct dl *dl, const char *name, bool force)
+{
+ char *line = NULL;
+ size_t len = 0;
+ int ret = EXIT_SUCCESS;
+
+ if (name && strcmp(name, "-") != 0) {
+ if (freopen(name, "r", stdin) == NULL) {
+ fprintf(stderr,
+ "Cannot open file \"%s\" for reading: %s\n",
+ name, strerror(errno));
+ return EXIT_FAILURE;
+ }
+ }
+
+ cmdlineno = 0;
+ while (getcmdline(&line, &len, stdin) != -1) {
+ char *largv[100];
+ int largc;
+
+ largc = makeargs(line, largv, 100);
+ if (!largc)
+ continue; /* blank line */
+
+ if (dl_cmd(dl, largc, largv)) {
+ fprintf(stderr, "Command failed %s:%d\n",
+ name, cmdlineno);
+ ret = EXIT_FAILURE;
+ if (!force)
+ break;
+ }
+ }
+
+ if (line)
+ free(line);
+
+ return ret;
+}
+
+int main(int argc, char **argv)
+{
+ static const struct option long_options[] = {
+ { "Version", no_argument, NULL, 'V' },
+ { "force", no_argument, NULL, 'f' },
+ { "batch", required_argument, NULL, 'b' },
+ { "no-nice-names", no_argument, NULL, 'n' },
+ { "json", no_argument, NULL, 'j' },
+ { "pretty", no_argument, NULL, 'p' },
+ { "verbose", no_argument, NULL, 'v' },
+ { NULL, 0, NULL, 0 }
+ };
+ const char *batch_file = NULL;
+ bool force = false;
+ struct dl *dl;
+ int opt;
+ int err;
+ int ret;
+
+ dl = dl_alloc();
+ if (!dl) {
+ pr_err("Failed to allocate memory for devlink\n");
+ return EXIT_FAILURE;
+ }
+
+ while ((opt = getopt_long(argc, argv, "Vfb:njpv",
+ long_options, NULL)) >= 0) {
+
+ switch (opt) {
+ case 'V':
+ printf("devlink utility, iproute2-ss%s\n", SNAPSHOT);
+ ret = EXIT_SUCCESS;
+ goto dl_free;
+ case 'f':
+ force = true;
+ break;
+ case 'b':
+ batch_file = optarg;
+ break;
+ case 'n':
+ dl->no_nice_names = true;
+ break;
+ case 'j':
+ dl->json_output = true;
+ break;
+ case 'p':
+ dl->pretty_output = true;
+ break;
+ case 'v':
+ dl->verbose = true;
+ break;
+ default:
+ pr_err("Unknown option.\n");
+ help();
+ ret = EXIT_FAILURE;
+ goto dl_free;
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ err = dl_init(dl);
+ if (err) {
+ ret = EXIT_FAILURE;
+ goto dl_free;
+ }
+
+ if (batch_file)
+ err = dl_batch(dl, batch_file, force);
+ else
+ err = dl_cmd(dl, argc, argv);
+
+ if (err) {
+ ret = EXIT_FAILURE;
+ goto dl_fini;
+ }
+
+ ret = EXIT_SUCCESS;
+
+dl_fini:
+ dl_fini(dl);
+dl_free:
+ dl_free(dl);
+
+ return ret;
+}
diff --git a/devlink/mnlg.c b/devlink/mnlg.c
new file mode 100644
index 0000000..9e27de2
--- /dev/null
+++ b/devlink/mnlg.c
@@ -0,0 +1,274 @@
+/*
+ * mnlg.c Generic Netlink helpers for libmnl
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Jiri Pirko <jiri@mellanox.com>
+ */
+
+#include <stdlib.h>
+#include <stdbool.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <time.h>
+#include <libmnl/libmnl.h>
+#include <linux/genetlink.h>
+
+#include "mnlg.h"
+
+struct mnlg_socket {
+ struct mnl_socket *nl;
+ char *buf;
+ uint32_t id;
+ uint8_t version;
+ unsigned int seq;
+ unsigned int portid;
+};
+
+static struct nlmsghdr *__mnlg_msg_prepare(struct mnlg_socket *nlg, uint8_t cmd,
+ uint16_t flags, uint32_t id,
+ uint8_t version)
+{
+ struct nlmsghdr *nlh;
+ struct genlmsghdr *genl;
+
+ nlh = mnl_nlmsg_put_header(nlg->buf);
+ nlh->nlmsg_type = id;
+ nlh->nlmsg_flags = flags;
+ nlg->seq = time(NULL);
+ nlh->nlmsg_seq = nlg->seq;
+
+ genl = mnl_nlmsg_put_extra_header(nlh, sizeof(struct genlmsghdr));
+ genl->cmd = cmd;
+ genl->version = version;
+
+ return nlh;
+}
+
+struct nlmsghdr *mnlg_msg_prepare(struct mnlg_socket *nlg, uint8_t cmd,
+ uint16_t flags)
+{
+ return __mnlg_msg_prepare(nlg, cmd, flags, nlg->id, nlg->version);
+}
+
+int mnlg_socket_send(struct mnlg_socket *nlg, const struct nlmsghdr *nlh)
+{
+ return mnl_socket_sendto(nlg->nl, nlh, nlh->nlmsg_len);
+}
+
+int mnlg_socket_recv_run(struct mnlg_socket *nlg, mnl_cb_t data_cb, void *data)
+{
+ int err;
+
+ do {
+ err = mnl_socket_recvfrom(nlg->nl, nlg->buf,
+ MNL_SOCKET_BUFFER_SIZE);
+ if (err <= 0)
+ break;
+ err = mnl_cb_run(nlg->buf, err, nlg->seq, nlg->portid,
+ data_cb, data);
+ } while (err > 0);
+
+ return err;
+}
+
+struct group_info {
+ bool found;
+ uint32_t id;
+ const char *name;
+};
+
+static int parse_mc_grps_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ int type = mnl_attr_get_type(attr);
+
+ if (mnl_attr_type_valid(attr, CTRL_ATTR_MCAST_GRP_MAX) < 0)
+ return MNL_CB_OK;
+
+ switch (type) {
+ case CTRL_ATTR_MCAST_GRP_ID:
+ if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
+ return MNL_CB_ERROR;
+ break;
+ case CTRL_ATTR_MCAST_GRP_NAME:
+ if (mnl_attr_validate(attr, MNL_TYPE_STRING) < 0)
+ return MNL_CB_ERROR;
+ break;
+ }
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+static void parse_genl_mc_grps(struct nlattr *nested,
+ struct group_info *group_info)
+{
+ struct nlattr *pos;
+ const char *name;
+
+ mnl_attr_for_each_nested(pos, nested) {
+ struct nlattr *tb[CTRL_ATTR_MCAST_GRP_MAX + 1] = {};
+
+ mnl_attr_parse_nested(pos, parse_mc_grps_cb, tb);
+ if (!tb[CTRL_ATTR_MCAST_GRP_NAME] ||
+ !tb[CTRL_ATTR_MCAST_GRP_ID])
+ continue;
+
+ name = mnl_attr_get_str(tb[CTRL_ATTR_MCAST_GRP_NAME]);
+ if (strcmp(name, group_info->name) != 0)
+ continue;
+
+ group_info->id = mnl_attr_get_u32(tb[CTRL_ATTR_MCAST_GRP_ID]);
+ group_info->found = true;
+ }
+}
+
+static int get_group_id_attr_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ int type = mnl_attr_get_type(attr);
+
+ if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0)
+ return MNL_CB_ERROR;
+
+ if (type == CTRL_ATTR_MCAST_GROUPS &&
+ mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
+ return MNL_CB_ERROR;
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+static int get_group_id_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct group_info *group_info = data;
+ struct nlattr *tb[CTRL_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), get_group_id_attr_cb, tb);
+ if (!tb[CTRL_ATTR_MCAST_GROUPS])
+ return MNL_CB_ERROR;
+ parse_genl_mc_grps(tb[CTRL_ATTR_MCAST_GROUPS], group_info);
+ return MNL_CB_OK;
+}
+
+int mnlg_socket_group_add(struct mnlg_socket *nlg, const char *group_name)
+{
+ struct nlmsghdr *nlh;
+ struct group_info group_info;
+ int err;
+
+ nlh = __mnlg_msg_prepare(nlg, CTRL_CMD_GETFAMILY,
+ NLM_F_REQUEST | NLM_F_ACK, GENL_ID_CTRL, 1);
+ mnl_attr_put_u32(nlh, CTRL_ATTR_FAMILY_ID, nlg->id);
+
+ err = mnlg_socket_send(nlg, nlh);
+ if (err < 0)
+ return err;
+
+ group_info.found = false;
+ group_info.name = group_name;
+ err = mnlg_socket_recv_run(nlg, get_group_id_cb, &group_info);
+ if (err < 0)
+ return err;
+
+ if (!group_info.found) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ err = mnl_socket_setsockopt(nlg->nl, NETLINK_ADD_MEMBERSHIP,
+ &group_info.id, sizeof(group_info.id));
+ if (err < 0)
+ return err;
+
+ return 0;
+}
+
+static int get_family_id_attr_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ int type = mnl_attr_get_type(attr);
+
+ if (mnl_attr_type_valid(attr, CTRL_ATTR_MAX) < 0)
+ return MNL_CB_ERROR;
+
+ if (type == CTRL_ATTR_FAMILY_ID &&
+ mnl_attr_validate(attr, MNL_TYPE_U16) < 0)
+ return MNL_CB_ERROR;
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+static int get_family_id_cb(const struct nlmsghdr *nlh, void *data)
+{
+ uint32_t *p_id = data;
+ struct nlattr *tb[CTRL_ATTR_MAX + 1] = {};
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+
+ mnl_attr_parse(nlh, sizeof(*genl), get_family_id_attr_cb, tb);
+ if (!tb[CTRL_ATTR_FAMILY_ID])
+ return MNL_CB_ERROR;
+ *p_id = mnl_attr_get_u16(tb[CTRL_ATTR_FAMILY_ID]);
+ return MNL_CB_OK;
+}
+
+struct mnlg_socket *mnlg_socket_open(const char *family_name, uint8_t version)
+{
+ struct mnlg_socket *nlg;
+ struct nlmsghdr *nlh;
+ int err;
+
+ nlg = malloc(sizeof(*nlg));
+ if (!nlg)
+ return NULL;
+
+ nlg->buf = malloc(MNL_SOCKET_BUFFER_SIZE);
+ if (!nlg->buf)
+ goto err_buf_alloc;
+
+ nlg->nl = mnl_socket_open(NETLINK_GENERIC);
+ if (!nlg->nl)
+ goto err_mnl_socket_open;
+
+ err = mnl_socket_bind(nlg->nl, 0, MNL_SOCKET_AUTOPID);
+ if (err < 0)
+ goto err_mnl_socket_bind;
+
+ nlg->portid = mnl_socket_get_portid(nlg->nl);
+
+ nlh = __mnlg_msg_prepare(nlg, CTRL_CMD_GETFAMILY,
+ NLM_F_REQUEST | NLM_F_ACK, GENL_ID_CTRL, 1);
+ mnl_attr_put_strz(nlh, CTRL_ATTR_FAMILY_NAME, family_name);
+
+ err = mnlg_socket_send(nlg, nlh);
+ if (err < 0)
+ goto err_mnlg_socket_send;
+
+ err = mnlg_socket_recv_run(nlg, get_family_id_cb, &nlg->id);
+ if (err < 0)
+ goto err_mnlg_socket_recv_run;
+
+ nlg->version = version;
+ return nlg;
+
+err_mnlg_socket_recv_run:
+err_mnlg_socket_send:
+err_mnl_socket_bind:
+ mnl_socket_close(nlg->nl);
+err_mnl_socket_open:
+ free(nlg->buf);
+err_buf_alloc:
+ free(nlg);
+ return NULL;
+}
+
+void mnlg_socket_close(struct mnlg_socket *nlg)
+{
+ mnl_socket_close(nlg->nl);
+ free(nlg->buf);
+ free(nlg);
+}
diff --git a/devlink/mnlg.h b/devlink/mnlg.h
new file mode 100644
index 0000000..4d1babf
--- /dev/null
+++ b/devlink/mnlg.h
@@ -0,0 +1,27 @@
+/*
+ * mnlg.h Generic Netlink helpers for libmnl
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Jiri Pirko <jiri@mellanox.com>
+ */
+
+#ifndef _MNLG_H_
+#define _MNLG_H_
+
+#include <libmnl/libmnl.h>
+
+struct mnlg_socket;
+
+struct nlmsghdr *mnlg_msg_prepare(struct mnlg_socket *nlg, uint8_t cmd,
+ uint16_t flags);
+int mnlg_socket_send(struct mnlg_socket *nlg, const struct nlmsghdr *nlh);
+int mnlg_socket_recv_run(struct mnlg_socket *nlg, mnl_cb_t data_cb, void *data);
+int mnlg_socket_group_add(struct mnlg_socket *nlg, const char *group_name);
+struct mnlg_socket *mnlg_socket_open(const char *family_name, uint8_t version);
+void mnlg_socket_close(struct mnlg_socket *nlg);
+
+#endif /* _MNLG_H_ */
diff --git a/doc/Makefile b/doc/Makefile
deleted file mode 100644
index e9c0ff7..0000000
--- a/doc/Makefile
+++ /dev/null
@@ -1,73 +0,0 @@
-PSFILES=ip-cref.ps ip-tunnels.ps api-ip6-flowlabels.ps ss.ps nstat.ps arpd.ps rtstat.ps
-# tc-cref.ps
-# api-rtnl.tex api-pmtudisc.tex api-news.tex
-# iki-netdev.ps iki-neighdst.ps
-
-
-LATEX=latex
-DVIPS=dvips
-SGML2DVI=sgml2latex
-SGML2HTML=sgml2html -s 0
-LPR=lpr -Zsduplex
-SHELL=bash
-PAGESIZE=a4
-PAGESPERPAGE=2
-
-HTMLFILES=$(subst .sgml,.html,$(shell echo *.sgml))
-DVIFILES=$(subst .ps,.dvi,$(PSFILES))
-PDFFILES=$(subst .ps,.pdf,$(PSFILES))
-
-
-all: pstwocol
-
-pstwocol: $(PSFILES)
-
-html: $(HTMLFILES)
-
-dvi: $(DVIFILES)
-
-pdf: $(PDFFILES)
-
-print: $(PSFILES)
- $(LPR) $(PSFILES)
-
-%.tex: %.sgml
- $(SGML2DVI) --output=tex $<
-
-%.dvi: %.sgml
- $(SGML2DVI) --output=dvi $<
-
-%.dvi: %.tex
- @set -e; pass=2; echo "Running LaTeX $<"; \
- while [ `$(LATEX) $< </dev/null 2>&1 | \
- grep -c '^\(LaTeX Warning: Label(s) may\|No file \|! Emergency stop\)'` -ge 1 ]; do \
- if [ $$pass -gt 3 ]; then \
- echo "Seems, something is wrong. Try by hands." ; exit 1 ; \
- fi; \
- echo "Re-running LaTeX $<, $${pass}d pass"; pass=$$[$$pass + 1]; \
- done
-
-%.pdf: %.tex
- @set -e; pass=2; echo "Running pdfLaTeX $<"; \
- while [ `pdflatex $< </dev/null 2>&1 | \
- grep -c '^\(LaTeX Warning: Label(s) may\|No file \|! Emergency stop\)'` -ge 1 ]; do \
- if [ $$pass -gt 3 ]; then \
- echo "Seems, something is wrong. Try by hands." ; exit 1 ; \
- fi; \
- echo "Re-running pdfLaTeX $<, $${pass}d pass"; pass=$$[$$pass + 1]; \
- done
-#%.pdf: %.ps
-# ps2pdf $<
-
-%.ps: %.dvi
- $(DVIPS) $< -o $@
-
-%.html: %.sgml
- $(SGML2HTML) $<
-
-install:
- install -m 0644 $(shell echo *.tex) $(DESTDIR)$(DOCDIR)
- install -m 0644 $(shell echo *.sgml) $(DESTDIR)$(DOCDIR)
-
-clean:
- rm -f *.aux *.log *.toc $(PSFILES) $(DVIFILES) *.html *.pdf
diff --git a/doc/Plan b/doc/Plan
deleted file mode 100644
index 55f478e..0000000
--- a/doc/Plan
+++ /dev/null
@@ -1,16 +0,0 @@
-Partially finished work.
-
-1. User Reference manuals.
-1.1 IP Command reference (ip-cref.tex, published)
-1.2 TC Command reference (tc-cref.tex)
-1.3 IP tunnels (ip-tunnels.tex, published)
-
-2. Linux-2.2 Networking API
-2.1 RTNETLINK (api-rtnl.tex)
-2.2 Path MTU Discovery (api-pmtudisc.tex)
-2.3 IPv6 Flow Labels (api-ip6-flowlabels.tex, published)
-2.4 Miscellaneous extensions (api-misc.tex)
-
-3. Linux-2.2 Networking Intra-Kernel Interfaces
-3.1 NetDev --- Networking Devices and netdev... (iki-netdev.tex)
-3.2 Neighbour cache and destination cache. (iki-neighdst.tex)
diff --git a/doc/SNAPSHOT.tex b/doc/SNAPSHOT.tex
deleted file mode 100644
index 7ed0298..0000000
--- a/doc/SNAPSHOT.tex
+++ /dev/null
@@ -1 +0,0 @@
-\def\Draft{020116}
diff --git a/doc/api-ip6-flowlabels.tex b/doc/api-ip6-flowlabels.tex
deleted file mode 100644
index aa34e94..0000000
--- a/doc/api-ip6-flowlabels.tex
+++ /dev/null
@@ -1,429 +0,0 @@
-\documentstyle[12pt,twoside]{article}
-\def\TITLE{IPv6 Flow Labels}
-\input preamble
-\begin{center}
-\Large\bf IPv6 Flow Labels in Linux-2.2.
-\end{center}
-
-
-\begin{center}
-{ \large Alexey~N.~Kuznetsov } \\
-\em Institute for Nuclear Research, Moscow \\
-\verb|kuznet@ms2.inr.ac.ru| \\
-\rm April 11, 1999
-\end{center}
-
-\vspace{5mm}
-
-\tableofcontents
-
-\section{Introduction.}
-
-Every IPv6 packet carries 28 bits of flow information. RFC2460 splits
-these bits to two fields: 8 bits of traffic class (or DS field, if you
-prefer this term) and 20 bits of flow label. Currently there exist
-no well-defined API to manage IPv6 flow information. In this document
-I describe an attempt to design the API for Linux-2.2 IPv6 stack.
-
-\vskip 1mm
-
-The API must solve the following tasks:
-
-\begin{enumerate}
-
-\item To allow user to set traffic class bits.
-
-\item To allow user to read traffic class bits of received packets.
-This feature is not so useful as the first one, however it will be
-necessary f.e.\ to implement ECN [RFC2481] for datagram oriented services
-or to implement receiver side of SRP or another end-to-end protocol
-using traffic class bits.
-
-\item To assign flow labels to packets sent by user.
-
-\item To get flow labels of received packets. I do not know
-any applications of this feature, but it is possible that receiver will
-want to use flow labels to distinguish sub-flows.
-
-\item To allocate flow labels in the way, compliant to RFC2460. Namely:
-
-\begin{itemize}
-\item
-Flow labels must be uniformly distributed (pseudo-)random numbers,
-so that any subset of 20 bits can be used as hash key.
-
-\item
-Flows with coinciding source address and flow label must have identical
-destination address and not-fragmentable extensions headers (i.e.\
-hop by hop options and all the headers up to and including routing header,
-if it is present.)
-
-\begin{NB}
-There is a hole in specs: some hop-by-hop options can be
-defined only on per-packet base (f.e.\ jumbo payload option).
-Essentially, it means that such options cannot present in packets
-with flow labels.
-\end{NB}
-\begin{NB}
-NB notes here and below reflect only my personal opinion,
-they should be read with smile or should not be read at all :-).
-\end{NB}
-
-
-\item
-Flow labels have finite lifetime and source is not allowed to reuse
-flow label for another flow within the maximal lifetime has expired,
-so that intermediate nodes will be able to invalidate flow state before
-the label is taken over by another flow.
-Flow state, including lifetime, is propagated along datagram path
-by some application specific methods
-(f.e.\ in RSVP PATH messages or in some hop-by-hop option).
-
-
-\end{itemize}
-
-\end{enumerate}
-
-\section{Sending/receiving flow information.}
-
-\paragraph{Discussion.}
-\addcontentsline{toc}{subsection}{Discussion}
-It was proposed (Where? I do not remember any explicit statement)
-to solve the first four tasks using
-\verb|sin6_flowinfo| field added to \verb|struct| \verb|sockaddr_in6|
-(see RFC2553).
-
-\begin{NB}
- This method is difficult to consider as reasonable, because it
- puts additional overhead to all the services, despite of only
- very small subset of them (none, to be more exact) really use it.
- It contradicts both to IETF spirit and the letter. Before RFC2553
- one justification existed, IPv6 address alignment left 4 byte
- hole in \verb|sockaddr_in6| in any case. Now it has no justification.
-\end{NB}
-
-We have two problems with this method. The first one is common for all OSes:
-if \verb|recvmsg()| initializes \verb|sin6_flowinfo| to flow info
-of received packet, we loose one very important property of BSD socket API,
-namely, we are not allowed to use received address for reply directly
-and have to mangle it, even if we are not interested in flowinfo subtleties.
-
-\begin{NB}
- RFC2553 adds new requirement: to clear \verb|sin6_flowinfo|.
- Certainly, it is not solution but rather attempt to force applications
- to make unnecessary work. Well, as usually, one mistake in design
- is followed by attempts to patch the hole and more mistakes...
-\end{NB}
-
-Another problem is Linux specific. Historically Linux IPv6 did not
-initialize \verb|sin6_flowinfo| at all, so that, if kernel does not
-support flow labels, this field is not zero, but a random number.
-Some applications also did not take care about it.
-
-\begin{NB}
-Following RFC2553 such applications can be considered as broken,
-but I still think that they are right: clearing all the address
-before filling known fields is robust but stupid solution.
-Useless wasting CPU cycles and
-memory bandwidth is not a good idea. Such patches are acceptable
-as temporary hacks, but not as standard of the future.
-\end{NB}
-
-
-\paragraph{Implementation.}
-\addcontentsline{toc}{subsection}{Implementation}
-By default Linux IPv6 does not read \verb|sin6_flowinfo| field
-assuming that common applications are not obliged to initialize it
-and are permitted to consider it as pure alignment padding.
-In order to tell kernel that application
-is aware of this field, it is necessary to set socket option
-\verb|IPV6_FLOWINFO_SEND|.
-
-\begin{verbatim}
- int on = 1;
- setsockopt(sock, SOL_IPV6, IPV6_FLOWINFO_SEND,
- (void*)&on, sizeof(on));
-\end{verbatim}
-
-Linux kernel never fills \verb|sin6_flowinfo| field, when passing
-message to user space, though the kernels which support flow labels
-initialize it to zero. If user wants to get received flowinfo, he
-will set option \verb|IPV6_FLOWINFO| and after this he will receive
-flowinfo as ancillary data object of type \verb|IPV6_FLOWINFO|
-(cf.\ RFC2292).
-
-\begin{verbatim}
- int on = 1;
- setsockopt(sock, SOL_IPV6, IPV6_FLOWINFO, (void*)&on, sizeof(on));
-\end{verbatim}
-
-Flowinfo received and latched by a connected TCP socket also may be fetched
-with \verb|getsockopt()| \verb|IPV6_PKTOPTIONS| together with
-another optional information.
-
-Besides that, in the spirit of RFC2292 the option \verb|IPV6_FLOWINFO|
-may be used as alternative way to send flowinfo with \verb|sendmsg()| or
-to latch it with \verb|IPV6_PKTOPTIONS|.
-
-\paragraph{Note about IPv6 options and destination address.}
-\addcontentsline{toc}{subsection}{IPv6 options and destination address}
-If \verb|sin6_flowinfo| does contain not zero flow label,
-destination address in \verb|sin6_addr| and non-fragmentable
-extension headers are ignored. Instead, kernel uses the values
-cached at flow setup (see below). However, for connected sockets
-kernel prefers the values set at connection time.
-
-\paragraph{Example.}
-\addcontentsline{toc}{subsection}{Example}
-After setting socket option \verb|IPV6_FLOWINFO|
-flowlabel and DS field are received as ancillary data object
-of type \verb|IPV6_FLOWINFO| and level \verb|SOL_IPV6|.
-In the cases when it is convenient to use \verb|recvfrom(2)|,
-it is possible to replace library variant with your own one,
-sort of:
-
-\begin{verbatim}
-#include <sys/socket.h>
-#include <netinet/in6.h>
-
-size_t recvfrom(int fd, char *buf, size_t len, int flags,
- struct sockaddr *addr, int *addrlen)
-{
- size_t cc;
- char cbuf[128];
- struct cmsghdr *c;
- struct iovec iov = { buf, len };
- struct msghdr msg = { addr, *addrlen,
- &iov, 1,
- cbuf, sizeof(cbuf),
- 0 };
-
- cc = recvmsg(fd, &msg, flags);
- if (cc < 0)
- return cc;
- ((struct sockaddr_in6*)addr)->sin6_flowinfo = 0;
- *addrlen = msg.msg_namelen;
- for (c=CMSG_FIRSTHDR(&msg); c; c = CMSG_NEXTHDR(&msg, c)) {
- if (c->cmsg_level != SOL_IPV6 ||
- c->cmsg_type != IPV6_FLOWINFO)
- continue;
- ((struct sockaddr_in6*)addr)->sin6_flowinfo = *(__u32*)CMSG_DATA(c);
- }
- return cc;
-}
-\end{verbatim}
-
-
-
-\section{Flow label management.}
-
-\paragraph{Discussion.}
-\addcontentsline{toc}{subsection}{Discussion}
-Requirements of RFC2460 are pretty tough. Particularly, lifetimes
-longer than boot time require to store allocated labels at stable
-storage, so that the full implementation necessarily includes user space flow
-label manager. There are at least three different approaches:
-
-\begin{enumerate}
-\item {\bf ``Cooperative''. } We could leave flow label allocation wholly
-to user space. When user needs label he requests manager directly. The approach
-is valid, but as any ``cooperative'' approach it suffers of security problems.
-
-\begin{NB}
-One idea is to disallow not privileged user to allocate flow
-labels, but instead to pass the socket to manager via \verb|SCM_RIGHTS|
-control message, so that it will allocate label and assign it to socket
-itself. Hmm... the idea is interesting.
-\end{NB}
-
-\item {\bf ``Indirect''.} Kernel redirects requests to user level daemon
-and does not install label until the daemon acknowledged the request.
-The approach is the most promising, it is especially pleasant to recognize
-parallel with IPsec API [RFC2367,Craig]. Actually, it may share API with
-IPsec.
-
-\item {\bf ``Stupid''.} To allocate labels in kernel space. It is the simplest
-method, but it suffers of two serious flaws: the first,
-we cannot lease labels with lifetimes longer than boot time, the second,
-it is sensitive to DoS attacks. Kernel have to remember all the obsolete
-labels until their expiration and malicious user may fastly eat all the
-flow label space.
-
-\end{enumerate}
-
-Certainly, I choose the most ``stupid'' method. It is the cheapest one
-for implementor (i.e.\ me), and taking into account that flow labels
-still have no serious applications it is not useful to work on more
-advanced API, especially, taking into account that eventually we
-will get it for no fee together with IPsec.
-
-
-\paragraph{Implementation.}
-\addcontentsline{toc}{subsection}{Implementation}
-Socket option \verb|IPV6_FLOWLABEL_MGR| allows to
-request flow label manager to allocate new flow label, to reuse
-already allocated one or to delete old flow label.
-Its argument is \verb|struct| \verb|in6_flowlabel_req|:
-
-\begin{verbatim}
-struct in6_flowlabel_req
-{
- struct in6_addr flr_dst;
- __u32 flr_label;
- __u8 flr_action;
- __u8 flr_share;
- __u16 flr_flags;
- __u16 flr_expires;
- __u16 flr_linger;
- __u32 __flr_reserved;
- /* Options in format of IPV6_PKTOPTIONS */
-};
-\end{verbatim}
-
-\begin{itemize}
-
-\item \verb|dst| is IPv6 destination address associated with the label.
-
-\item \verb|label| is flow label value in network byte order. If it is zero,
-kernel will allocate new pseudo-random number. Otherwise, kernel will try
-to lease flow label ordered by user. In this case, it is user task to provide
-necessary flow label randomness.
-
-\item \verb|action| is requested operation. Currently, only three operations
-are defined:
-
-\begin{verbatim}
-#define IPV6_FL_A_GET 0 /* Get flow label */
-#define IPV6_FL_A_PUT 1 /* Release flow label */
-#define IPV6_FL_A_RENEW 2 /* Update expire time */
-\end{verbatim}
-
-\item \verb|flags| are optional modifiers. Currently
-only \verb|IPV6_FL_A_GET| has modifiers:
-
-\begin{verbatim}
-#define IPV6_FL_F_CREATE 1 /* Allowed to create new label */
-#define IPV6_FL_F_EXCL 2 /* Do not create new label */
-\end{verbatim}
-
-
-\item \verb|share| defines who is allowed to reuse the same flow label.
-
-\begin{verbatim}
-#define IPV6_FL_S_NONE 0 /* Not defined */
-#define IPV6_FL_S_EXCL 1 /* Label is private */
-#define IPV6_FL_S_PROCESS 2 /* May be reused by this process */
-#define IPV6_FL_S_USER 3 /* May be reused by this user */
-#define IPV6_FL_S_ANY 255 /* Anyone may reuse it */
-\end{verbatim}
-
-\item \verb|linger| is time in seconds. After the last user releases flow
-label, it will not be reused with different destination and options at least
-during this time. If \verb|share| is not \verb|IPV6_FL_S_EXCL| the label
-still can be shared by another sockets. Current implementation does not allow
-unprivileged user to set linger longer than 60 sec.
-
-\item \verb|expires| is time in seconds. Flow label will be kept at least
-for this time, but it will not be destroyed before user released it explicitly
-or closed all the sockets using it. Current implementation does not allow
-unprivileged user to set timeout longer than 60 sec. Proviledged applications
-MAY set longer lifetimes, but in this case they MUST save allocated
-labels at stable storage and restore them back after reboot before the first
-application allocates new flow.
-
-\end{itemize}
-
-This structure is followed by optional extension headers associated
-with this flow label in format of \verb|IPV6_PKTOPTIONS|. Only
-\verb|IPV6_HOPOPTS|, \verb|IPV6_RTHDR| and, if \verb|IPV6_RTHDR| presents,
-\verb|IPV6_DSTOPTS| are allowed.
-
-\paragraph{Example.}
-\addcontentsline{toc}{subsection}{Example}
- The function \verb|get_flow_label| allocates
-private flow label.
-
-\begin{verbatim}
-int get_flow_label(int fd, struct sockaddr_in6 *dst, __u32 fl)
-{
- int on = 1;
- struct in6_flowlabel_req freq;
-
- memset(&freq, 0, sizeof(freq));
- freq.flr_label = htonl(fl);
- freq.flr_action = IPV6_FL_A_GET;
- freq.flr_flags = IPV6_FL_F_CREATE | IPV6_FL_F_EXCL;
- freq.flr_share = IPV6_FL_S_EXCL;
- memcpy(&freq.flr_dst, &dst->sin6_addr, 16);
- if (setsockopt(fd, SOL_IPV6, IPV6_FLOWLABEL_MGR,
- &freq, sizeof(freq)) == -1) {
- perror ("can't lease flowlabel");
- return -1;
- }
- dst->sin6_flowinfo |= freq.flr_label;
-
- if (setsockopt(fd, SOL_IPV6, IPV6_FLOWINFO_SEND,
- &on, sizeof(on)) == -1) {
- perror ("can't send flowinfo");
-
- freq.flr_action = IPV6_FL_A_PUT;
- setsockopt(fd, SOL_IPV6, IPV6_FLOWLABEL_MGR,
- &freq, sizeof(freq));
- return -1;
- }
- return 0;
-}
-\end{verbatim}
-
-A bit more complicated example using routing header can be found
-in \verb|ping6| utility (\verb|iputils| package). Linux rsvpd backend
-contains an example of using operation \verb|IPV6_FL_A_RENEW|.
-
-\paragraph{Listing flow labels.}
-\addcontentsline{toc}{subsection}{Listing flow labels}
-List of currently allocated
-flow labels may be read from \verb|/proc/net/ip6_flowlabel|.
-
-\begin{verbatim}
-Label S Owner Users Linger Expires Dst Opt
-A1BE5 1 0 0 6 3 3ffe2400000000010a0020fffe71fb30 0
-\end{verbatim}
-
-\begin{itemize}
-\item \verb|Label| is hexadecimal flow label value.
-\item \verb|S| is sharing style.
-\item \verb|Owner| is ID of creator, it is zero, pid or uid, depending on
- sharing style.
-\item \verb|Users| is number of applications using the label now.
-\item \verb|Linger| is \verb|linger| of this label in seconds.
-\item \verb|Expires| is time until expiration of the label in seconds. It may
- be negative, if the label is in use.
-\item \verb|Dst| is IPv6 destination address.
-\item \verb|Opt| is length of options, associated with the label. Option
- data are not accessible.
-\end{itemize}
-
-
-\paragraph{Flow labels and RSVP.}
-\addcontentsline{toc}{subsection}{Flow labels and RSVP}
-RSVP daemon supports IPv6 flow labels
-without any modifications to standard ISI RAPI. Sender must allocate
-flow label, fill corresponding sender template and submit it to local rsvp
-daemon. rsvpd will check the label and start to announce it in PATH
-messages. Rsvpd on sender node will renew the flow label, so that it will not
-be reused before path state expires and all the intermediate
-routers and receiver purge flow state.
-
-\verb|rtap| utility is modified to parse flow labels. F.e.\ if user allocated
-flow label \verb|0xA1234|, he may write:
-
-\begin{verbatim}
-RTAP> sender 3ffe:2400::1/FL0xA1234 <Tspec>
-\end{verbatim}
-
-Receiver makes reservation with command:
-\begin{verbatim}
-RTAP> reserve ff 3ffe:2400::1/FL0xA1234 <Flowspec>
-\end{verbatim}
-
-\end{document}
diff --git a/doc/arpd.sgml b/doc/arpd.sgml
deleted file mode 100644
index 0ab79c6..0000000
--- a/doc/arpd.sgml
+++ /dev/null
@@ -1,130 +0,0 @@
-<!doctype linuxdoc system>
-
-<article>
-
-<title>ARPD Daemon
-<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/
-<date>some_negative_number, 20 Sep 2001
-<abstract>
-<tt/arpd/ is daemon collecting gratuitous ARP information, saving
-it on local disk and feeding it to kernel on demand to avoid
-redundant broadcasting due to limited size of kernel ARP cache.
-</abstract>
-
-
-<p><bf/Description/
-
-<p>The format of the command is:
-
-<tscreen><verb>
- arpd OPTIONS [ INTERFACE [ INTERFACE ... ] ]
-</verb></tscreen>
-
-<p> <tt/OPTIONS/ are:
-
-<itemize>
-
-<item><tt/-l/ - dump <tt/arpd/ database to stdout and exit. Output consists
-of three columns: interface index, IP address and MAC address.
-Negative entries for dead hosts are also shown, in this case MAC address
-is replaced by word <tt/FAILED/ followed by colon and time when the fact
-that host is dead was proven the last time.
-
-<item><tt/-f FILE/ - read and load <tt/arpd/ database from <tt/FILE/
-in text format similar dumped by option <tt/-l/. Exit after load,
-probably listing resulting database, if option <tt/-l/ is also given.
-If <tt/FILE/ is <tt/-/, <tt/stdin/ is read to get ARP table.
-
-<item><tt/-b DATABASE/ - location of database file. Default location is
-<tt>/var/lib/arpd/arpd.db</tt>.
-
-<item><tt/-a NUMBER/ - <tt/arpd/ not only passively listens ARP on wire, but
-also send brodcast queries itself. <tt/NUMBER/ is number of such queries
-to make before destination is considered as dead. When <tt/arpd/ is started
-as kernel helper (i.e. with <tt/app_solicit/ enabled in <tt/sysctl/
-or even with option <tt/-k/) without this option and still did not learn enough
-information, you can observe 1 second gaps in service. Not fatal, but
-not good.
-
-<item><tt/-k/ - suppress sending broadcast queries by kernel. It takes
-sense together with option <tt/-a/.
-
-<item><tt/-n TIME/ - timeout of negative cache. When resolution fails <tt/arpd/
-suppresses further attempts to resolve for this period. It makes sense
-only together with option <tt/-k/. This timeout should not be too much
-longer than boot time of a typical host not supporting gratuitous ARP.
-Default value is 60 seconds.
-
-<item><tt/-R RATE/ - maximal steady rate of broadcasts sent by <tt/arpd/
-in packets per second. Default value is 1.
-
-<item><tt/-B NUMBER/ - number of broadcasts sent by <tt/arpd/ back to back.
-Default value is 3. Together with option <tt/-R/ this option allows
-to police broadcasting not to exceed <tt/B+R*T/ over any interval
-of time <tt/T/.
-
-</itemize>
-
-<p><tt/INTERFACE/ is name of networking inteface to watch.
-If no interfaces given, <tt/arpd/ monitors all the interfaces.
-In this case <tt/arpd/ does not adjust <tt/sysctl/ parameters,
-it is supposed user does this himself after <tt/arpd/ is started.
-
-
-<p> Signals
-
-<p> <tt/arpd/ exits gracefully syncing database and restoring adjusted
-<tt/sysctl/ parameters, when receives <tt/SIGINT/ or <tt/SIGTERM/.
-<tt/SIGHUP/ syncs database to disk. <tt/SIGUSR1/ sends some statistics
-to <tt/syslog/. Effect of another signals is undefined, they may corrupt
-database and leave <tt/sysctl/ parameters in an unpredictable state.
-
-<p> Note
-
-<p> In order to <tt/arpd/ be able to serve as ARP resolver, kernel must be
-compiled with the option <tt/CONFIG_ARPD/ and, in the case when interface list
-is not given on command line, variable <tt/app_solicit/
-on interfaces of interest should be set in <tt>/proc/sys/net/ipv4/neigh/*</tt>.
-If this is not made <tt/arpd/ still collects gratuitous ARP information
-in its database.
-
-<p> Examples
-
-<enum>
-<item> Start <tt/arpd/ to collect gratuitous ARP, but not messing
-with kernel functionality:
-
-<tscreen><verb>
- arpd -b /var/tmp/arpd.db
-</verb></tscreen>
-
-<item> Look at result after some time:
-
-<tscreen><verb>
- killall arpd
- arpd -l -b /var/tmp/arpd.db
-</verb></tscreen>
-
-<item> To enable kernel helper, leaving leading role to kernel:
-
-<tscreen><verb>
- arpd -b /var/tmp/arpd.db -a 1 eth0 eth1
-</verb></tscreen>
-
-<item> Completely replace kernel resolution on interfaces <tt/eth0/
-and <tt/eth1/. In this case kernel still does unicast probing to
-validate entries, but all the broadcast activity is suppressed
-and made under authority of <tt/arpd/:
-
-<tscreen><verb>
- arpd -b /var/tmp/arpd.db -a 3 -k eth0 eth1
-</verb></tscreen>
-
-This is mode which <tt/arpd/ is supposed to work normally.
-It is not default just to prevent occasional enabling of too aggressive
-mode occasionally.
-
-</enum>
-
-</article>
-
diff --git a/doc/do-psnup b/doc/do-psnup
deleted file mode 100644
index 2dce848..0000000
--- a/doc/do-psnup
+++ /dev/null
@@ -1,16 +0,0 @@
-#! /bin/bash
-# $1 = Temporary file . "string"
-# $2 = File to process . "string"
-# $3 = Page size . ie: a4 , letter ... "string"
-# $4 = Number of pages to fit on a single sheet . "numeric"
-
-if type psnup >&/dev/null; then
- echo "psnup -$4 -p$3 $1 $2"
- psnup -$4 -p$3 $1 $2
-elif type psmulti >&/dev/null; then
- echo "psmulti $1 > $2"
- psmulti $1 > $2
-else
- echo "cp $1 $2"
- cp $1 $2
-fi
diff --git a/doc/ip-cref.tex b/doc/ip-cref.tex
deleted file mode 100644
index 67094c9..0000000
--- a/doc/ip-cref.tex
+++ /dev/null
@@ -1,3449 +0,0 @@
-\documentstyle[12pt,twoside]{article}
-\def\TITLE{IP Command Reference}
-\input preamble
-\begin{center}
-\Large\bf IP Command Reference.
-\end{center}
-
-
-\begin{center}
-{ \large Alexey~N.~Kuznetsov } \\
-\em Institute for Nuclear Research, Moscow \\
-\verb|kuznet@ms2.inr.ac.ru| \\
-\rm April 14, 1999
-\end{center}
-
-\vspace{5mm}
-
-\tableofcontents
-
-\newpage
-
-\section{About this document}
-
-This document presents a comprehensive description of the \verb|ip| utility
-from the \verb|iproute2| package. It is not a tutorial or user's guide.
-It is a {\em dictionary\/}, not explaining terms,
-but translating them into other terms, which may also be unknown to the reader.
-However, the document is self-contained and the reader, provided they have a
-basic networking background, will find enough information
-and examples to understand and configure Linux-2.2 IP and IPv6
-networking.
-
-This document is split into sections explaining \verb|ip| commands
-and options, decrypting \verb|ip| output and containing a few examples.
-More voluminous examples and some topics, which require more elaborate
-discussion, are in the appendix.
-
-The paragraphs beginning with NB contain side notes, warnings about
-bugs and design drawbacks. They may be skipped at the first reading.
-
-\section{{\tt ip} --- command syntax}
-
-The generic form of an \verb|ip| command is:
-\begin{verbatim}
-ip [ OPTIONS ] OBJECT [ COMMAND [ ARGUMENTS ]]
-\end{verbatim}
-where \verb|OPTIONS| is a set of optional modifiers affecting the
-general behaviour of the \verb|ip| utility or changing its output. All options
-begin with the character \verb|'-'| and may be used in either long or abbreviated
-forms. Currently, the following options are available:
-
-\begin{itemize}
-\item \verb|-V|, \verb|-Version|
-
---- print the version of the \verb|ip| utility and exit.
-
-
-\item \verb|-s|, \verb|-stats|, \verb|-statistics|
-
---- output more information. If the option
-appears twice or more, the amount of information increases.
-As a rule, the information is statistics or some time values.
-
-\item \verb|-d|, \verb|-details|
-
---- output more detailed information.
-
-\item \verb|-f|, \verb|-family| followed by a protocol family
-identifier: \verb|inet|, \verb|inet6| or \verb|link|.
-
---- enforce the protocol family to use. If the option is not present,
-the protocol family is guessed from other arguments. If the rest of the command
-line does not give enough information to guess the family, \verb|ip| falls back to the default
-one, usually \verb|inet| or \verb|any|. \verb|link| is a special family
-identifier meaning that no networking protocol is involved.
-
-\item \verb|-4|
-
---- shortcut for \verb|-family inet|.
-
-\item \verb|-6|
-
---- shortcut for \verb|-family inet6|.
-
-\item \verb|-0|
-
---- shortcut for \verb|-family link|.
-
-
-\item \verb|-o|, \verb|-oneline|
-
---- output each record on a single line, replacing line feeds
-with the \verb|'\'| character. This is convenient when you want to
-count records with \verb|wc| or to \verb|grep| the output. The trivial
-script \verb|rtpr| converts the output back into readable form.
-
-\item \verb|-r|, \verb|-resolve|
-
---- use the system's name resolver to print DNS names instead of
-host addresses.
-
-\begin{NB}
- Do not use this option when reporting bugs or asking for advice.
-\end{NB}
-\begin{NB}
- \verb|ip| never uses DNS to resolve names to addresses.
-\end{NB}
-
-\item \verb|-b|, \verb|-batch FILE|
-
---- read commands from provided file or standart input and invoke them.
-First failure will cause termination of \verb|ip|.
-In batch \verb|FILE| everything which begins with \verb|#| symbol is
-ignored and can be used for comments.
-\paragraph{Example:}
-\begin{verbatim}
-kuznet@kaiser $ cat /tmp/ip_batch.ip
-# This is a comment
-tuntap add mode tap tap1 # This is an another comment
-link set up dev tap1
-addr add 10.0.0.1/24 dev tap1
-kuznet@kaiser $ sudo ip -b /tmp/ip_batch.ip
-\end{verbatim}
-or from standart input:
-\begin{verbatim}
-kuznet@kaiser $ cat /tmp/ip_batch.ip | sudo ip -b -
-\end{verbatim}
-
-\item \verb|-force|
-
---- don't terminate ip on errors in batch mode.
-If there were any errors during execution of the commands,
-the application return code will be non zero.
-
-\item \verb|-l|, \verb|-loops COUNT|
-
---- specify maximum number of loops the 'ip addr flush' logic will attempt
-before giving up. The default is 10. Zero (0) means loop until all
-addresses are removed.
-
-\end{itemize}
-
-\verb|OBJECT| is the object to manage or to get information about.
-The object types currently understood by \verb|ip| are:
-
-\begin{itemize}
-\item \verb|link| --- network device
-\item \verb|address| --- protocol (IP or IPv6) address on a device
-\item \verb|neighbour| --- ARP or NDISC cache entry
-\item \verb|route| --- routing table entry
-\item \verb|rule| --- rule in routing policy database
-\item \verb|maddress| --- multicast address
-\item \verb|mroute| --- multicast routing cache entry
-\item \verb|tunnel| --- tunnel over IP
-\end{itemize}
-
-Again, the names of all objects may be written in full or
-abbreviated form, f.e.\ \verb|address| is abbreviated as \verb|addr|
-or just \verb|a|.
-
-\verb|COMMAND| specifies the action to perform on the object.
-The set of possible actions depends on the object type.
-As a rule, it is possible to \verb|add|, \verb|delete| and
-\verb|show| (or \verb|list|) objects, but some objects
-do not allow all of these operations or have some additional commands.
-The \verb|help| command is available for all objects. It prints
-out a list of available commands and argument syntax conventions.
-
-If no command is given, some default command is assumed.
-Usually it is \verb|list| or, if the objects of this class
-cannot be listed, \verb|help|.
-
-\verb|ARGUMENTS| is a list of arguments to the command.
-The arguments depend on the command and object. There are two types of arguments:
-{\em flags\/}, consisting of a single keyword, and {\em parameters\/},
-consisting of a keyword followed by a value. For convenience,
-each command has some {\em default parameter\/}
-which may be omitted. F.e.\ parameter \verb|dev| is the default
-for the {\tt ip link} command, so {\tt ip link ls eth0} is equivalent
-to {\tt ip link ls dev eth0}.
-In the command descriptions below such parameters
-are distinguished with the marker: ``(default)''.
-
-Almost all keywords may be abbreviated with several first (or even single)
-letters. The shortcuts are convenient when \verb|ip| is used interactively,
-but they are not recommended in scripts or when reporting bugs
-or asking for advice. ``Officially'' allowed abbreviations are listed
-in the document body.
-
-
-
-\section{{\tt ip} --- error messages}
-
-\verb|ip| may fail for one of the following reasons:
-
-\begin{itemize}
-\item
-A syntax error on the command line: an unknown keyword, incorrectly formatted
-IP address {\em et al\/}. In this case \verb|ip| prints an error message
-and exits. As a rule, the error message will contain information
-about the reason for the failure. Sometimes it also prints a help page.
-
-\item
-The arguments did not pass verification for self-consistency.
-
-\item
-\verb|ip| failed to compile a kernel request from the arguments
-because the user didn't give enough information.
-
-\item
-The kernel returned an error to some syscall. In this case \verb|ip|
-prints the error message, as it is output with \verb|perror(3)|,
-prefixed with a comment and a syscall identifier.
-
-\item
-The kernel returned an error to some RTNETLINK request.
-In this case \verb|ip| prints the error message, as it is output
-with \verb|perror(3)| prefixed with ``RTNETLINK answers:''.
-
-\end{itemize}
-
-All the operations are atomic, i.e.\
-if the \verb|ip| utility fails, it does not change anything
-in the system. One harmful exception is \verb|ip link| command
-(Sec.\ref{IP-LINK}, p.\pageref{IP-LINK}),
-which may change only some of the device parameters given
-on command line.
-
-It is difficult to list all the error messages (especially
-syntax errors). However, as a rule, their meaning is clear
-from the context of the command.
-
-The most common mistakes are:
-
-\begin{enumerate}
-\item Netlink is not configured in the kernel. The message is:
-\begin{verbatim}
-Cannot open netlink socket: Invalid value
-\end{verbatim}
-
-\item RTNETLINK is not configured in the kernel. In this case
-one of the following messages may be printed, depending on the command:
-\begin{verbatim}
-Cannot talk to rtnetlink: Connection refused
-Cannot send dump request: Connection refused
-\end{verbatim}
-
-\item The \verb|CONFIG_IP_MULTIPLE_TABLES| option was not selected
-when configuring the kernel. In this case any attempt to use the
-\verb|ip| \verb|rule| command will fail, f.e.
-\begin{verbatim}
-kuznet@kaiser $ ip rule list
-RTNETLINK error: Invalid argument
-dump terminated
-\end{verbatim}
-
-\end{enumerate}
-
-
-\section{{\tt ip link} --- network device configuration}
-\label{IP-LINK}
-
-\paragraph{Object:} A \verb|link| is a network device and the corresponding
-commands display and change the state of devices.
-
-\paragraph{Commands:} \verb|set| and \verb|show| (or \verb|list|).
-
-\subsection{{\tt ip link set} --- change device attributes}
-
-\paragraph{Abbreviations:} \verb|set|, \verb|s|.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|dev NAME| (default)
-
---- \verb|NAME| specifies the network device on which to operate.
-
-\item \verb|up| and \verb|down|
-
---- change the state of the device to \verb|UP| or \verb|DOWN|.
-
-\item \verb|arp on| or \verb|arp off|
-
---- change the \verb|NOARP| flag on the device.
-
-\begin{NB}
-This operation is {\em not allowed\/} if the device is in state \verb|UP|.
-Though neither the \verb|ip| utility nor the kernel check for this condition.
-You can get unpredictable results changing this flag while the
-device is running.
-\end{NB}
-
-\item \verb|multicast on| or \verb|multicast off|
-
---- change the \verb|MULTICAST| flag on the device.
-
-\item \verb|dynamic on| or \verb|dynamic off|
-
---- change the \verb|DYNAMIC| flag on the device.
-
-\item \verb|name NAME|
-
---- change the name of the device. This operation is not
-recommended if the device is running or has some addresses
-already configured.
-
-\item \verb|txqueuelen NUMBER| or \verb|txqlen NUMBER|
-
---- change the transmit queue length of the device.
-
-\item \verb|mtu NUMBER|
-
---- change the MTU of the device.
-
-\item \verb|address LLADDRESS|
-
---- change the station address of the interface.
-
-\item \verb|broadcast LLADDRESS|, \verb|brd LLADDRESS| or \verb|peer LLADDRESS|
-
---- change the link layer broadcast address or the peer address when
-the interface is \verb|POINTOPOINT|.
-
-\vskip 1mm
-\begin{NB}
-For most devices (f.e.\ for Ethernet) changing the link layer
-broadcast address will break networking.
-Do not use it, if you do not understand what this operation really does.
-\end{NB}
-
-\item \verb|netns PID|
-
---- move the device to the network namespace associated with the process PID.
-
-\end{itemize}
-
-\vskip 1mm
-\begin{NB}
-The \verb|PROMISC| and \verb|ALLMULTI| flags are considered
-obsolete and should not be changed administratively, though
-the {\tt ip} utility will allow that.
-\end{NB}
-
-\paragraph{Warning:} If multiple parameter changes are requested,
-\verb|ip| aborts immediately after any of the changes have failed.
-This is the only case when \verb|ip| can move the system to
-an unpredictable state. The solution is to avoid changing
-several parameters with one {\tt ip link set} call.
-
-\paragraph{Examples:}
-\begin{itemize}
-\item \verb|ip link set dummy address 00:00:00:00:00:01|
-
---- change the station address of the interface \verb|dummy|.
-
-\item \verb|ip link set dummy up|
-
---- start the interface \verb|dummy|.
-
-\end{itemize}
-
-
-\subsection{{\tt ip link show} --- display device attributes}
-\label{IP-LINK-SHOW}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
-\verb|l|.
-
-\paragraph{Arguments:}
-\begin{itemize}
-\item \verb|dev NAME| (default)
-
---- \verb|NAME| specifies the network device to show.
-If this argument is omitted all devices are listed.
-
-\item \verb|up|
-
---- only display running interfaces.
-
-\end{itemize}
-
-
-\paragraph{Output format:}
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip link ls eth0
-3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100
- link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff
-kuznet@alisa:~ $ ip link ls sit0
-5: sit0@NONE: <NOARP,UP> mtu 1480 qdisc noqueue
- link/sit 0.0.0.0 brd 0.0.0.0
-kuznet@alisa:~ $ ip link ls dummy
-2: dummy: <BROADCAST,NOARP> mtu 1500 qdisc noop
- link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
-kuznet@alisa:~ $
-\end{verbatim}
-
-
-The number before each colon is an {\em interface index\/} or {\em ifindex\/}.
-This number uniquely identifies the interface. This is followed by the {\em interface name\/}
-(\verb|eth0|, \verb|sit0| etc.). The interface name is also
-unique at every given moment. However, the interface may disappear from the
-list (f.e.\ when the corresponding driver module is unloaded) and another
-one with the same name may be created later. Besides that,
-the administrator may change the name of any device with
-\verb|ip| \verb|link| \verb|set| \verb|name|
-to make it more intelligible.
-
-The interface name may have another name or \verb|NONE| appended
-after the \verb|@| sign. This means that this device is bound to some other
-device,
-i.e.\ packets send through it are encapsulated and sent via the ``master''
-device. If the name is \verb|NONE|, the master is unknown.
-
-Then we see the interface {\em mtu\/} (``maximal transfer unit''). This determines
-the maximal size of data which can be sent as a single packet over this interface.
-
-{\em qdisc\/} (``queuing discipline'') shows the queuing algorithm used
-on the interface. Particularly, \verb|noqueue| means that this interface
-does not queue anything and \verb|noop| means that the interface is in blackhole
-mode i.e.\ all packets sent to it are immediately discarded.
-{\em qlen\/} is the default transmit queue length of the device measured
-in packets.
-
-The interface flags are summarized in the angle brackets.
-
-\begin{itemize}
-\item \verb|UP| --- the device is turned on. It is ready to accept
-packets for transmission and it may inject into the kernel packets received
-from other nodes on the network.
-
-\item \verb|LOOPBACK| --- the interface does not communicate with other
-hosts. All packets sent through it will be returned
-and nothing but bounced packets can be received.
-
-\item \verb|BROADCAST| --- the device has the facility to send packets
-to all hosts sharing the same link. A typical example is an Ethernet link.
-
-\item \verb|POINTOPOINT| --- the link has only two ends with one node
-attached to each end. All packets sent to this link will reach the peer
-and all packets received by us came from this single peer.
-
-If neither \verb|LOOPBACK| nor \verb|BROADCAST| nor \verb|POINTOPOINT|
-are set, the interface is assumed to be NMBA (Non-Broadcast Multi-Access).
-This is the most generic type of device and the most complicated one, because
-the host attached to a NBMA link has no means to send to anyone
-without additionally configured information.
-
-\item \verb|MULTICAST| --- is an advisory flag indicating that the interface
-is aware of multicasting i.e.\ sending packets to some subset of neighbouring
-nodes. Broadcasting is a particular case of multicasting, where the multicast
-group consists of all nodes on the link. It is important to emphasize
-that software {\em must not\/} interpret the absence of this flag as the inability
-to use multicasting on this interface. Any \verb|POINTOPOINT| and
-\verb|BROADCAST| link is multicasting by definition, because we have
-direct access to all the neighbours and, hence, to any part of them.
-Certainly, the use of high bandwidth multicast transfers is not recommended
-on broadcast-only links because of high expense, but it is not strictly
-prohibited.
-
-\item \verb|PROMISC| --- the device listens to and feeds to the kernel all
-traffic on the link even if it is not destined for us, not broadcasted
-and not destined for a multicast group of which we are member. Usually
-this mode exists only on broadcast links and is used by bridges and for network
-monitoring.
-
-\item \verb|ALLMULTI| --- the device receives all multicast packets
-wandering on the link. This mode is used by multicast routers.
-
-\item \verb|NOARP| --- this flag is different from the other ones. It has
-no invariant value and its interpretation depends on the network protocols
-involved. As a rule, it indicates that the device needs no address
-resolution and that the software or hardware knows how to deliver packets
-without any help from the protocol stacks.
-
-\item \verb|DYNAMIC| --- is an advisory flag indicating that the interface is
-dynamically created and destroyed.
-
-\item \verb|SLAVE| --- this interface is bonded to some other interfaces
-to share link capacities.
-
-\end{itemize}
-
-\vskip 1mm
-\begin{NB}
-There are other flags but they are either obsolete (\verb|NOTRAILERS|)
-or not implemented (\verb|DEBUG|) or specific to some devices
-(\verb|MASTER|, \verb|AUTOMEDIA| and \verb|PORTSEL|). We do not discuss
-them here.
-\end{NB}
-
-
-The second line contains information on the link layer addresses
-associated with the device. The first word (\verb|ether|, \verb|sit|)
-defines the interface hardware type. This type determines the format and semantics
-of the addresses and is logically part of the address.
-The default format of the station address and the broadcast address
-(or the peer address for pointopoint links) is a
-sequence of hexadecimal bytes separated by colons, but some link
-types may have their natural address format, f.e.\ addresses
-of tunnels over IP are printed as dotted-quad IP addresses.
-
-\vskip 1mm
-\begin{NB}
- NBMA links have no well-defined broadcast or peer address,
- however this field may contain useful information, f.e.\
- about the address of broadcast relay or about the address of the ARP server.
-\end{NB}
-\begin{NB}
-Multicast addresses are not shown by this command, see
-\verb|ip maddr ls| in~Sec.\ref{IP-MADDR} (p.\pageref{IP-MADDR} of this
-document).
-\end{NB}
-
-
-\paragraph{Statistics:} With the \verb|-statistics| option, \verb|ip| also
-prints interface statistics:
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip -s link ls eth0
-3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100
- link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff
- RX: bytes packets errors dropped overrun mcast
- 2449949362 2786187 0 0 0 0
- TX: bytes packets errors dropped carrier collsns
- 178558497 1783945 332 0 332 35172
-kuznet@alisa:~ $
-\end{verbatim}
-\verb|RX:| and \verb|TX:| lines summarize receiver and transmitter
-statistics. They contain:
-\begin{itemize}
-\item \verb|bytes| --- the total number of bytes received or transmitted
-on the interface. This number wraps when the maximal length of the data type
-natural for the architecture is exceeded, so continuous monitoring requires
-a user level daemon snapping it periodically.
-\item \verb|packets| --- the total number of packets received or transmitted
-on the interface.
-\item \verb|errors| --- the total number of receiver or transmitter errors.
-\item \verb|dropped| --- the total number of packets dropped due to lack
-of resources.
-\item \verb|overrun| --- the total number of receiver overruns resulting
-in dropped packets. As a rule, if the interface is overrun, it means
-serious problems in the kernel or that your machine is too slow
-for this interface.
-\item \verb|mcast| --- the total number of received multicast packets. This option
-is only supported by a few devices.
-\item \verb|carrier| --- total number of link media failures f.e.\ because
-of lost carrier.
-\item \verb|collsns| --- the total number of collision events
-on Ethernet-like media. This number may have a different sense on other
-link types.
-\item \verb|compressed| --- the total number of compressed packets. This is
-available only for links using VJ header compression.
-\end{itemize}
-
-
-If the \verb|-s| option is entered twice or more,
-\verb|ip| prints more detailed statistics on receiver
-and transmitter errors.
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip -s -s link ls eth0
-3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100
- link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff
- RX: bytes packets errors dropped overrun mcast
- 2449949362 2786187 0 0 0 0
- RX errors: length crc frame fifo missed
- 0 0 0 0 0
- TX: bytes packets errors dropped carrier collsns
- 178558497 1783945 332 0 332 35172
- TX errors: aborted fifo window heartbeat
- 0 0 0 332
-kuznet@alisa:~ $
-\end{verbatim}
-These error names are pure Ethernetisms. Other devices
-may have non zero values in these fields but they may be
-interpreted differently.
-
-
-\section{{\tt ip address} --- protocol address management}
-
-\paragraph{Abbreviations:} \verb|address|, \verb|addr|, \verb|a|.
-
-\paragraph{Object:} The \verb|address| is a protocol (IP or IPv6) address attached
-to a network device. Each device must have at least one address
-to use the corresponding protocol. It is possible to have several
-different addresses attached to one device. These addresses are not
-discriminated, so that the term {\em alias\/} is not quite appropriate
-for them and we do not use it in this document.
-
-The \verb|ip addr| command displays addresses and their properties,
-adds new addresses and deletes old ones.
-
-\paragraph{Commands:} \verb|add|, \verb|delete|, \verb|flush| and \verb|show|
-(or \verb|list|).
-
-
-\subsection{{\tt ip address add} --- add a new protocol address}
-\label{IP-ADDR-ADD}
-
-\paragraph{Abbreviations:} \verb|add|, \verb|a|.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|dev NAME|
-
-\noindent--- the name of the device to add the address to.
-
-\item \verb|local ADDRESS| (default)
-
---- the address of the interface. The format of the address depends
-on the protocol. It is a dotted quad for IP and a sequence of hexadecimal halfwords
-separated by colons for IPv6. The \verb|ADDRESS| may be followed by
-a slash and a decimal number which encodes the network prefix length.
-
-
-\item \verb|peer ADDRESS|
-
---- the address of the remote endpoint for pointopoint interfaces.
-Again, the \verb|ADDRESS| may be followed by a slash and a decimal number,
-encoding the network prefix length. If a peer address is specified,
-the local address {\em cannot\/} have a prefix length. The network prefix is associated
-with the peer rather than with the local address.
-
-
-\item \verb|broadcast ADDRESS|
-
---- the broadcast address on the interface.
-
-It is possible to use the special symbols \verb|'+'| and \verb|'-'|
-instead of the broadcast address. In this case, the broadcast address
-is derived by setting/resetting the host bits of the interface prefix.
-
-\vskip 1mm
-\begin{NB}
-Unlike \verb|ifconfig|, the \verb|ip| utility {\em does not\/} set any broadcast
-address unless explicitly requested.
-\end{NB}
-
-
-\item \verb|label NAME|
-
---- Each address may be tagged with a label string.
-In order to preserve compatibility with Linux-2.0 net aliases,
-this string must coincide with the name of the device or must be prefixed
-with the device name followed by colon.
-
-
-\item \verb|scope SCOPE_VALUE|
-
---- the scope of the area where this address is valid.
-The available scopes are listed in file \verb|/etc/iproute2/rt_scopes|.
-Predefined scope values are:
-
- \begin{itemize}
- \item \verb|global| --- the address is globally valid.
- \item \verb|site| --- (IPv6 only) the address is site local,
- i.e.\ it is valid inside this site.
- \item \verb|link| --- the address is link local, i.e.\
- it is valid only on this device.
- \item \verb|host| --- the address is valid only inside this host.
- \end{itemize}
-
-Appendix~\ref{ADDR-SEL} (p.\pageref{ADDR-SEL} of this document)
-contains more details on address scopes.
-
-\end{itemize}
-
-\paragraph{Examples:}
-\begin{itemize}
-\item \verb|ip addr add 127.0.0.1/8 dev lo brd + scope host|
-
---- add the usual loopback address to the loopback device.
-
-\item \verb|ip addr add 10.0.0.1/24 brd + dev eth0 label eth0:Alias|
-
---- add the address 10.0.0.1 with prefix length 24 (i.e.\ netmask
-\verb|255.255.255.0|), standard broadcast and label \verb|eth0:Alias|
-to the interface \verb|eth0|.
-\end{itemize}
-
-
-\subsection{{\tt ip address delete} --- delete a protocol address}
-
-\paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
-
-\paragraph{Arguments:} coincide with the arguments of \verb|ip addr add|.
-The device name is a required argument. The rest are optional.
-If no arguments are given, the first address is deleted.
-
-\paragraph{Examples:}
-\begin{itemize}
-\item \verb|ip addr del 127.0.0.1/8 dev lo|
-
---- deletes the loopback address from the loopback device.
-It would be best not to repeat this experiment.
-
-\item Disable IP on the interface \verb|eth0|:
-\begin{verbatim}
- while ip -f inet addr del dev eth0; do
- : nothing
- done
-\end{verbatim}
-Another method to disable IP on an interface using {\tt ip addr flush}
-may be found in sec.\ref{IP-ADDR-FLUSH}, p.\pageref{IP-ADDR-FLUSH}.
-
-\end{itemize}
-
-
-\subsection{{\tt ip address show} --- display protocol addresses}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|lst|, \verb|sh|, \verb|ls|,
-\verb|l|.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|dev NAME| (default)
-
---- the name of the device.
-
-\item \verb|scope SCOPE_VAL|
-
---- only list addresses with this scope.
-
-\item \verb|to PREFIX|
-
---- only list addresses matching this prefix.
-
-\item \verb|label PATTERN|
-
---- only list addresses with labels matching the \verb|PATTERN|.
-\verb|PATTERN| is a usual shell style pattern.
-
-
-\item \verb|dynamic| and \verb|permanent|
-
---- (IPv6 only) only list addresses installed due to stateless
-address configuration or only list permanent (not dynamic) addresses.
-
-\item \verb|tentative|
-
---- (IPv6 only) only list addresses which did not pass duplicate
-address detection.
-
-\item \verb|deprecated|
-
---- (IPv6 only) only list deprecated addresses.
-
-
-\item \verb|primary| and \verb|secondary|
-
---- only list primary (or secondary) addresses.
-
-\end{itemize}
-
-
-\paragraph{Output format:}
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip addr ls eth0
-3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc cbq qlen 100
- link/ether 00:a0:cc:66:18:78 brd ff:ff:ff:ff:ff:ff
- inet 193.233.7.90/24 brd 193.233.7.255 scope global eth0
- inet6 3ffe:2400:0:1:2a0:ccff:fe66:1878/64 scope global dynamic
- valid_lft forever preferred_lft 604746sec
- inet6 fe80::2a0:ccff:fe66:1878/10 scope link
-kuznet@alisa:~ $
-\end{verbatim}
-
-The first two lines coincide with the output of \verb|ip link ls|.
-It is natural to interpret link layer addresses
-as addresses of the protocol family \verb|AF_PACKET|.
-
-Then the list of IP and IPv6 addresses follows, accompanied by
-additional address attributes: scope value (see Sec.\ref{IP-ADDR-ADD},
-p.\pageref{IP-ADDR-ADD} above), flags and the address label.
-
-Address flags are set by the kernel and cannot be changed
-administratively. Currently, the following flags are defined:
-
-\begin{enumerate}
-\item \verb|secondary|
-
---- the address is not used when selecting the default source address
-of outgoing packets (Cf.\ Appendix~\ref{ADDR-SEL}, p.\pageref{ADDR-SEL}.).
-An IP address becomes secondary if another address with the same
-prefix bits already exists. The first address is primary.
-It is the leader of the group of all secondary addresses. When the leader
-is deleted, all secondaries are purged too.
-There is a tweak in \verb|/proc/sys/net/ipv4/conf/<dev>/promote_secondaries|
-which activate secondaries promotion when a primary is deleted.
-To permanently enable this feature on all devices add
-\verb|net.ipv4.conf.all.promote_secondaries=1| to \verb|/etc/sysctl.conf|.
-This tweak is available in linux 2.6.15 and later.
-
-
-\item \verb|dynamic|
-
---- the address was created due to stateless autoconfiguration~\cite{RFC-ADDRCONF}.
-In this case the output also contains information on times, when
-the address is still valid. After \verb|preferred_lft| expires the address is
-moved to the deprecated state. After \verb|valid_lft| expires the address
-is finally invalidated.
-
-\item \verb|deprecated|
-
---- the address is deprecated, i.e.\ it is still valid, but cannot
-be used by newly created connections.
-
-\item \verb|tentative|
-
---- the address is not used because duplicate address detection~\cite{RFC-ADDRCONF}
-is still not complete or failed.
-
-\end{enumerate}
-
-
-\subsection{{\tt ip address flush} --- flush protocol addresses}
-\label{IP-ADDR-FLUSH}
-
-\paragraph{Abbreviations:} \verb|flush|, \verb|f|.
-
-\paragraph{Description:}This command flushes the protocol addresses
-selected by some criteria.
-
-\paragraph{Arguments:} This command has the same arguments as \verb|show|.
-The difference is that it does not run when no arguments are given.
-
-\paragraph{Warning:} This command (and other \verb|flush| commands
-described below) is pretty dangerous. If you make a mistake, it will
-not forgive it, but will cruelly purge all the addresses.
-
-\paragraph{Statistics:} With the \verb|-statistics| option, the command
-becomes verbose. It prints out the number of deleted addresses and the number
-of rounds made to flush the address list. If this option is given
-twice, \verb|ip addr flush| also dumps all the deleted addresses
-in the format described in the previous subsection.
-
-\paragraph{Example:} Delete all the addresses from the private network
-10.0.0.0/8:
-\begin{verbatim}
-netadm@amber:~ # ip -s -s a f to 10/8
-2: dummy inet 10.7.7.7/16 brd 10.7.255.255 scope global dummy
-3: eth0 inet 10.10.7.7/16 brd 10.10.255.255 scope global eth0
-4: eth1 inet 10.8.7.7/16 brd 10.8.255.255 scope global eth1
-
-*** Round 1, deleting 3 addresses ***
-*** Flush is complete after 1 round ***
-netadm@amber:~ #
-\end{verbatim}
-Another instructive example is disabling IP on all the Ethernets:
-\begin{verbatim}
-netadm@amber:~ # ip -4 addr flush label "eth*"
-\end{verbatim}
-And the last example shows how to flush all the IPv6 addresses
-acquired by the host from stateless address autoconfiguration
-after you enabled forwarding or disabled autoconfiguration.
-\begin{verbatim}
-netadm@amber:~ # ip -6 addr flush dynamic
-\end{verbatim}
-
-
-
-\section{{\tt ip neighbour} --- neighbour/arp tables management}
-
-\paragraph{Abbreviations:} \verb|neighbour|, \verb|neighbor|, \verb|neigh|,
-\verb|n|.
-
-\paragraph{Object:} \verb|neighbour| objects establish bindings between protocol
-addresses and link layer addresses for hosts sharing the same link.
-Neighbour entries are organized into tables. The IPv4 neighbour table
-is known by another name --- the ARP table.
-
-The corresponding commands display neighbour bindings
-and their properties, add new neighbour entries and delete old ones.
-
-\paragraph{Commands:} \verb|add|, \verb|change|, \verb|replace|,
-\verb|delete|, \verb|flush| and \verb|show| (or \verb|list|).
-
-\paragraph{See also:} Appendix~\ref{PROXY-NEIGH}, p.\pageref{PROXY-NEIGH}
-describes how to manage proxy ARP/NDISC with the \verb|ip| utility.
-
-
-\subsection{{\tt ip neighbour add} --- add a new neighbour entry\\
- {\tt ip neighbour change} --- change an existing entry\\
- {\tt ip neighbour replace} --- add a new entry or change an existing one}
-
-\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
-\verb|replace|, \verb|repl|.
-
-\paragraph{Description:} These commands create new neighbour records
-or update existing ones.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|to ADDRESS| (default)
-
---- the protocol address of the neighbour. It is either an IPv4 or IPv6 address.
-
-\item \verb|dev NAME|
-
---- the interface to which this neighbour is attached.
-
-
-\item \verb|lladdr LLADDRESS|
-
---- the link layer address of the neighbour. \verb|LLADDRESS| can also be
-\verb|null|.
-
-\item \verb|nud NUD_STATE|
-
---- the state of the neighbour entry. \verb|nud| is an abbreviation for ``Neighbour
-Unreachability Detection''. The state can take one of the following values:
-
-\begin{enumerate}
-\item \verb|permanent| --- the neighbour entry is valid forever and can be only be removed
-administratively.
-\item \verb|noarp| --- the neighbour entry is valid. No attempts to validate
-this entry will be made but it can be removed when its lifetime expires.
-\item \verb|reachable| --- the neighbour entry is valid until the reachability
-timeout expires.
-\item \verb|stale| --- the neighbour entry is valid but suspicious.
-This option to \verb|ip neigh| does not change the neighbour state if
-it was valid and the address is not changed by this command.
-\end{enumerate}
-
-\end{itemize}
-
-\paragraph{Examples:}
-\begin{itemize}
-\item \verb|ip neigh add 10.0.0.3 lladdr 0:0:0:0:0:1 dev eth0 nud perm|
-
---- add a permanent ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
-
-\item \verb|ip neigh chg 10.0.0.3 dev eth0 nud reachable|
-
---- change its state to \verb|reachable|.
-\end{itemize}
-
-
-\subsection{{\tt ip neighbour delete} --- delete a neighbour entry}
-
-\paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
-
-\paragraph{Description:} This command invalidates a neighbour entry.
-
-\paragraph{Arguments:} The arguments are the same as with \verb|ip neigh add|,
-except that \verb|lladdr| and \verb|nud| are ignored.
-
-
-\paragraph{Example:}
-\begin{itemize}
-\item \verb|ip neigh del 10.0.0.3 dev eth0|
-
---- invalidate an ARP entry for the neighbour 10.0.0.3 on the device \verb|eth0|.
-
-\end{itemize}
-
-\begin{NB}
- The deleted neighbour entry will not disappear from the tables
- immediately. If it is in use it cannot be deleted until the last
- client releases it. Otherwise it will be destroyed during
- the next garbage collection.
-\end{NB}
-
-
-\paragraph{Warning:} Attempts to delete or manually change
-a \verb|noarp| entry created by the kernel may result in unpredictable behaviour.
-Particularly, the kernel may try to resolve this address even
-on a \verb|NOARP| interface or if the address is multicast or broadcast.
-
-
-\subsection{{\tt ip neighbour show} --- list neighbour entries}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|.
-
-\paragraph{Description:}This commands displays neighbour tables.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-
-\item \verb|to ADDRESS| (default)
-
---- the prefix selecting the neighbours to list.
-
-\item \verb|dev NAME|
-
---- only list the neighbours attached to this device.
-
-\item \verb|unused|
-
---- only list neighbours which are not currently in use.
-
-\item \verb|nud NUD_STATE|
-
---- only list neighbour entries in this state. \verb|NUD_STATE| takes
-values listed below or the special value \verb|all| which means all states.
-This option may occur more than once. If this option is absent, \verb|ip|
-lists all entries except for \verb|none| and \verb|noarp|.
-
-\end{itemize}
-
-
-\paragraph{Output format:}
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip neigh ls
-:: dev lo lladdr 00:00:00:00:00:00 nud noarp
-fe80::200:cff:fe76:3f85 dev eth0 lladdr 00:00:0c:76:3f:85 router \
- nud stale
-0.0.0.0 dev lo lladdr 00:00:00:00:00:00 nud noarp
-193.233.7.254 dev eth0 lladdr 00:00:0c:76:3f:85 nud reachable
-193.233.7.85 dev eth0 lladdr 00:e0:1e:63:39:00 nud stale
-kuznet@alisa:~ $
-\end{verbatim}
-
-The first word of each line is the protocol address of the neighbour.
-Then the device name follows. The rest of the line describes the contents of
-the neighbour entry identified by the pair (device, address).
-
-\verb|lladdr| is the link layer address of the neighbour.
-
-\verb|nud| is the state of the ``neighbour unreachability detection'' machine
-for this entry. The detailed description of the neighbour
-state machine can be found in~\cite{RFC-NDISC}. Here is the full list
-of the states with short descriptions:
-
-\begin{enumerate}
-\item\verb|none| --- the state of the neighbour is void.
-\item\verb|incomplete| --- the neighbour is in the process of resolution.
-\item\verb|reachable| --- the neighbour is valid and apparently reachable.
-\item\verb|stale| --- the neighbour is valid, but is probably already
-unreachable, so the kernel will try to check it at the first transmission.
-\item\verb|delay| --- a packet has been sent to the stale neighbour and the kernel is waiting
-for confirmation.
-\item\verb|probe| --- the delay timer expired but no confirmation was received.
-The kernel has started to probe the neighbour with ARP/NDISC messages.
-\item\verb|failed| --- resolution has failed.
-\item\verb|noarp| --- the neighbour is valid. No attempts to check the entry
-will be made.
-\item\verb|permanent| --- it is a \verb|noarp| entry, but only the administrator
-may remove the entry from the neighbour table.
-\end{enumerate}
-
-The link layer address is valid in all states except for \verb|none|,
-\verb|failed| and \verb|incomplete|.
-
-IPv6 neighbours can be marked with the additional flag \verb|router|
-which means that the neighbour introduced itself as an IPv6 router~\cite{RFC-NDISC}.
-
-\paragraph{Statistics:} The \verb|-statistics| option displays some usage
-statistics, f.e.\
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip -s n ls 193.233.7.254
-193.233.7.254 dev eth0 lladdr 00:00:0c:76:3f:85 ref 5 used 12/13/20 \
- nud reachable
-kuznet@alisa:~ $
-\end{verbatim}
-
-Here \verb|ref| is the number of users of this entry
-and \verb|used| is a triplet of time intervals in seconds
-separated by slashes. In this case they show that:
-
-\begin{enumerate}
-\item the entry was used 12 seconds ago.
-\item the entry was confirmed 13 seconds ago.
-\item the entry was updated 20 seconds ago.
-\end{enumerate}
-
-\subsection{{\tt ip neighbour flush} --- flush neighbour entries}
-
-\paragraph{Abbreviations:} \verb|flush|, \verb|f|.
-
-\paragraph{Description:}This command flushes neighbour tables, selecting
-entries to flush by some criteria.
-
-\paragraph{Arguments:} This command has the same arguments as \verb|show|.
-The differences are that it does not run when no arguments are given,
-and that the default neighbour states to be flushed do not include
-\verb|permanent| and \verb|noarp|.
-
-
-\paragraph{Statistics:} With the \verb|-statistics| option, the command
-becomes verbose. It prints out the number of deleted neighbours and the number
-of rounds made to flush the neighbour table. If the option is given
-twice, \verb|ip neigh flush| also dumps all the deleted neighbours
-in the format described in the previous subsection.
-
-\paragraph{Example:}
-\begin{verbatim}
-netadm@alisa:~ # ip -s -s n f 193.233.7.254
-193.233.7.254 dev eth0 lladdr 00:00:0c:76:3f:85 ref 5 used 12/13/20 \
- nud reachable
-
-*** Round 1, deleting 1 entries ***
-*** Flush is complete after 1 round ***
-netadm@alisa:~ #
-\end{verbatim}
-
-
-\section{{\tt ip route} --- routing table management}
-\label{IP-ROUTE}
-
-\paragraph{Abbreviations:} \verb|route|, \verb|ro|, \verb|r|.
-
-\paragraph{Object:} \verb|route| entries in the kernel routing tables keep
-information about paths to other networked nodes.
-
-Each route entry has a {\em key\/} consisting of a {\em prefix\/}
-(i.e.\ a pair containing a network address and the length of its mask) and,
-optionally, the TOS value. An IP packet matches the route if the highest
-bits of its destination address are equal to the route prefix at least
-up to the prefix length and if the TOS of the route is zero or equal to
-the TOS of the packet.
-
-If several routes match the packet, the following pruning rules
-are used to select the best one (see~\cite{RFC1812}):
-\begin{enumerate}
-\item The longest matching prefix is selected. All shorter ones
-are dropped.
-
-\item If the TOS of some route with the longest prefix is equal to the TOS
-of the packet, the routes with different TOS are dropped.
-
-If no exact TOS match was found and routes with TOS=0 exist,
-the rest of routes are pruned.
-
-Otherwise, the route lookup fails.
-
-\item If several routes remain after the previous steps, then
-the routes with the best preference values are selected.
-
-\item If we still have several routes, then the {\em first\/} of them
-is selected.
-
-\begin{NB}
- Note the ambiguity of the last step. Unfortunately, Linux
- historically allows such a bizarre situation. The sense of the
-word ``first'' depends on the order of route additions and it is practically
-impossible to maintain a bundle of such routes in this order.
-\end{NB}
-
-For simplicity we will limit ourselves to the case where such a situation
-is impossible and routes are uniquely identified by the triplet
-\{prefix, tos, preference\}. Actually, it is impossible to create
-non-unique routes with \verb|ip| commands described in this section.
-
-One useful exception to this rule is the default route on non-forwarding
-hosts. It is ``officially'' allowed to have several fallback routes
-when several routers are present on directly connected networks.
-In this case, Linux-2.2 makes ``dead gateway detection''~\cite{RFC1122}
-controlled by neighbour unreachability detection and by advice
-from transport protocols to select a working router, so the order
-of the routes is not essential. However, in this case,
-fiddling with default routes manually is not recommended. Use the Router Discovery
-protocol (see Appendix~\ref{EXAMPLE-SETUP}, p.\pageref{EXAMPLE-SETUP})
-instead. Actually, Linux-2.2 IPv6 does not give user level applications
-any access to default routes.
-\end{enumerate}
-
-Certainly, the steps above are not performed exactly
-in this sequence. Instead, the routing table in the kernel is kept
-in some data structure to achieve the final result
-with minimal cost. However, not depending on a particular
-routing algorithm implemented in the kernel, we can summarize
-the statements above as: a route is identified by the triplet
-\{prefix, tos, preference\}. This {\em key\/} lets us locate
-the route in the routing table.
-
-\paragraph{Route attributes:} Each route key refers to a routing
-information record containing
-the data required to deliver IP packets (f.e.\ output device and
-next hop router) and some optional attributes (f.e. the path MTU or
-the preferred source address when communicating with this destination).
-These attributes are described in the following subsection.
-
-\paragraph{Route types:} \label{IP-ROUTE-TYPES}
-It is important that the set
-of required and optional attributes depend on the route {\em type\/}.
-The most important route type
-is \verb|unicast|. It describes real paths to other hosts.
-As a rule, common routing tables contain only such routes. However,
-there are other types of routes with different semantics. The
-full list of types understood by Linux-2.2 is:
-\begin{itemize}
-\item \verb|unicast| --- the route entry describes real paths to the
-destinations covered by the route prefix.
-\item \verb|unreachable| --- these destinations are unreachable. Packets
-are discarded and the ICMP message {\em host unreachable\/} is generated.
-The local senders get an \verb|EHOSTUNREACH| error.
-\item \verb|blackhole| --- these destinations are unreachable. Packets
-are discarded silently. The local senders get an \verb|EINVAL| error.
-\item \verb|prohibit| --- these destinations are unreachable. Packets
-are discarded and the ICMP message {\em communication administratively
-prohibited\/} is generated. The local senders get an \verb|EACCES| error.
-\item \verb|local| --- the destinations are assigned to this
-host. The packets are looped back and delivered locally.
-\item \verb|broadcast| --- the destinations are broadcast addresses.
-The packets are sent as link broadcasts.
-\item \verb|throw| --- a special control route used together with policy
-rules (see sec.\ref{IP-RULE}, p.\pageref{IP-RULE}). If such a route is selected, lookup
-in this table is terminated pretending that no route was found.
-Without policy routing it is equivalent to the absence of the route in the routing
-table. The packets are dropped and the ICMP message {\em net unreachable\/}
-is generated. The local senders get an \verb|ENETUNREACH| error.
-\item \verb|nat| --- a special NAT route. Destinations covered by the prefix
-are considered to be dummy (or external) addresses which require translation
-to real (or internal) ones before forwarding. The addresses to translate to
-are selected with the attribute \verb|via|. More about NAT is
-in Appendix~\ref{ROUTE-NAT}, p.\pageref{ROUTE-NAT}.
-\item \verb|anycast| --- ({\em not implemented\/}) the destinations are
-{\em anycast\/} addresses assigned to this host. They are mainly equivalent
-to \verb|local| with one difference: such addresses are invalid when used
-as the source address of any packet.
-\item \verb|multicast| --- a special type used for multicast routing.
-It is not present in normal routing tables.
-\end{itemize}
-
-\paragraph{Route tables:} Linux-2.2 can pack routes into several routing
-tables identified by a number in the range from 1 to 255 or by
-name from the file \verb|/etc/iproute2/rt_tables|. By default all normal
-routes are inserted into the \verb|main| table (ID 254) and the kernel only uses
-this table when calculating routes.
-
-Actually, one other table always exists, which is invisible but
-even more important. It is the \verb|local| table (ID 255). This table
-consists of routes for local and broadcast addresses. The kernel maintains
-this table automatically and the administrator usually need not modify it
-or even look at it.
-
-The multiple routing tables enter the game when {\em policy routing\/}
-is used. See sec.\ref{IP-RULE}, p.\pageref{IP-RULE}.
-In this case, the table identifier effectively becomes
-one more parameter, which should be added to the triplet
-\{prefix, tos, preference\} to uniquely identify the route.
-
-
-\subsection{{\tt ip route add} --- add a new route\\
- {\tt ip route change} --- change a route\\
- {\tt ip route replace} --- change a route or add a new one}
-\label{IP-ROUTE-ADD}
-
-\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
- \verb|replace|, \verb|repl|.
-
-
-\paragraph{Arguments:}
-\begin{itemize}
-\item \verb|to PREFIX| or \verb|to TYPE PREFIX| (default)
-
---- the destination prefix of the route. If \verb|TYPE| is omitted,
-\verb|ip| assumes type \verb|unicast|. Other values of \verb|TYPE|
-are listed above. \verb|PREFIX| is an IP or IPv6 address optionally followed
-by a slash and the prefix length. If the length of the prefix is missing,
-\verb|ip| assumes a full-length host route. There is also a special
-\verb|PREFIX| --- \verb|default| --- which is equivalent to IP \verb|0/0| or
-to IPv6 \verb|::/0|.
-
-\item \verb|tos TOS| or \verb|dsfield TOS|
-
---- the Type Of Service (TOS) key. This key has no associated mask and
-the longest match is understood as: First, compare the TOS
-of the route and of the packet. If they are not equal, then the packet
-may still match a route with a zero TOS. \verb|TOS| is either an 8 bit hexadecimal
-number or an identifier from {\tt /etc/iproute2/rt\_dsfield}.
-
-
-\item \verb|metric NUMBER| or \verb|preference NUMBER|
-
---- the preference value of the route. \verb|NUMBER| is an arbitrary 32bit number.
-
-\item \verb|table TABLEID|
-
---- the table to add this route to.
-\verb|TABLEID| may be a number or a string from the file
-\verb|/etc/iproute2/rt_tables|. If this parameter is omitted,
-\verb|ip| assumes the \verb|main| table, with the exception of
-\verb|local|, \verb|broadcast| and \verb|nat| routes, which are
-put into the \verb|local| table by default.
-
-\item \verb|dev NAME|
-
---- the output device name.
-
-\item \verb|via ADDRESS|
-
---- the address of the nexthop router. Actually, the sense of this field depends
-on the route type. For normal \verb|unicast| routes it is either the true nexthop
-router or, if it is a direct route installed in BSD compatibility mode,
-it can be a local address of the interface.
-For NAT routes it is the first address of the block of translated IP destinations.
-
-\item \verb|src ADDRESS|
-
---- the source address to prefer when sending to the destinations
-covered by the route prefix.
-
-\item \verb|realm REALMID|
-
---- the realm to which this route is assigned.
-\verb|REALMID| may be a number or a string from the file
-\verb|/etc/iproute2/rt_realms|. Sec.\ref{RT-REALMS} (p.\pageref{RT-REALMS})
-contains more information on realms.
-
-\item \verb|mtu MTU| or \verb|mtu lock MTU|
-
---- the MTU along the path to the destination. If the modifier \verb|lock| is
-not used, the MTU may be updated by the kernel due to Path MTU Discovery.
-If the modifier \verb|lock| is used, no path MTU discovery will be tried,
-all packets will be sent without the DF bit in IPv4 case
-or fragmented to MTU for IPv6.
-
-\item \verb|window NUMBER|
-
---- the maximal window for TCP to advertise to these destinations,
-measured in bytes. It limits maximal data bursts that our TCP
-peers are allowed to send to us.
-
-\item \verb|rtt NUMBER|
-
---- the initial RTT (``Round Trip Time'') estimate.
-
-
-\item \verb|rttvar NUMBER|
-
---- \threeonly the initial RTT variance estimate.
-
-
-\item \verb|ssthresh NUMBER|
-
---- \threeonly an estimate for the initial slow start threshold.
-
-
-\item \verb|cwnd NUMBER|
-
---- \threeonly the clamp for congestion window. It is ignored if the \verb|lock|
- flag is not used.
-
-
-\item \verb|advmss NUMBER|
-
---- \threeonly the MSS (``Maximal Segment Size'') to advertise to these
- destinations when establishing TCP connections. If it is not given,
- Linux uses a default value calculated from the first hop device MTU.
-
-\begin{NB}
- If the path to these destination is asymmetric, this guess may be wrong.
-\end{NB}
-
-\item \verb|reordering NUMBER|
-
---- \threeonly Maximal reordering on the path to this destination.
- If it is not given, Linux uses the value selected with \verb|sysctl|
- variable \verb|net/ipv4/tcp_reordering|.
-
-\item \verb|hoplimit NUMBER|
-
---- [2.5.74+ only] Maximum number of hops on the path to this destination.
- The default is the value selected with the \verb|sysctl| variable
- \verb|net/ipv4/ip_default_ttl|.
-
-\item \verb|initcwnd NUMBER|
---- [2.5.70+ only] Initial congestion window size for connections to
- this destination. Actual window size is this value multiplied by the
- MSS (``Maximal Segment Size'') for same connection. The default is
- zero, meaning to use the values specified in~\cite{RFC2414}.
-
-+\item \verb|initrwnd NUMBER|
-
-+--- [2.6.33+ only] Initial receive window size for connections to
-+ this destination. The actual window size is this value multiplied
-+ by the MSS (''Maximal Segment Size'') of the connection. The default
-+ value is zero, meaning to use Slow Start value.
-
-\item \verb|nexthop NEXTHOP|
-
---- the nexthop of a multipath route. \verb|NEXTHOP| is a complex value
-with its own syntax similar to the top level argument lists:
-\begin{itemize}
-\item \verb|via ADDRESS| is the nexthop router.
-\item \verb|dev NAME| is the output device.
-\item \verb|weight NUMBER| is a weight for this element of a multipath
-route reflecting its relative bandwidth or quality.
-\end{itemize}
-
-\item \verb|scope SCOPE_VAL|
-
---- the scope of the destinations covered by the route prefix.
-\verb|SCOPE_VAL| may be a number or a string from the file
-\verb|/etc/iproute2/rt_scopes|.
-If this parameter is omitted,
-\verb|ip| assumes scope \verb|global| for all gatewayed \verb|unicast|
-routes, scope \verb|link| for direct \verb|unicast| and \verb|broadcast| routes
-and scope \verb|host| for \verb|local| routes.
-
-\item \verb|protocol RTPROTO|
-
---- the routing protocol identifier of this route.
-\verb|RTPROTO| may be a number or a string from the file
-\verb|/etc/iproute2/rt_protos|. If the routing protocol ID is
-not given, \verb|ip| assumes protocol \verb|boot| (i.e.\
-it assumes the route was added by someone who doesn't
-understand what they are doing). Several protocol values have a fixed interpretation.
-Namely:
-\begin{itemize}
-\item \verb|redirect| --- the route was installed due to an ICMP redirect.
-\item \verb|kernel| --- the route was installed by the kernel during
-autoconfiguration.
-\item \verb|boot| --- the route was installed during the bootup sequence.
-If a routing daemon starts, it will purge all of them.
-\item \verb|static| --- the route was installed by the administrator
-to override dynamic routing. Routing daemon will respect them
-and, probably, even advertise them to its peers.
-\item \verb|ra| --- the route was installed by Router Discovery protocol.
-\end{itemize}
-The rest of the values are not reserved and the administrator is free
-to assign (or not to assign) protocol tags. At least, routing
-daemons should take care of setting some unique protocol values,
-f.e.\ as they are assigned in \verb|rtnetlink.h| or in \verb|rt_protos|
-database.
-
-
-\item \verb|onlink|
-
---- pretend that the nexthop is directly attached to this link,
-even if it does not match any interface prefix. One application of this
-option may be found in~\cite{IP-TUNNELS}.
-
-\item \verb|pref PREF|
-
---- the IPv6 route preference.
-\verb|PREF| PREF is a string specifying the route preference as defined in
-RFC4191 for Router Discovery messages. Namely:
-\begin{itemize}
-\item \verb|low| --- the route has a lowest priority.
-\item \verb|medium| --- the route has a default priority.
-\item \verb|high| --- the route has a highest priority.
-\end{itemize}
-
-\end{itemize}
-
-
-\begin{NB}
- Actually there are more commands: \verb|prepend| does the same
- thing as classic \verb|route add|, i.e.\ adds a route, even if another
- route to the same destination exists. Its opposite case is \verb|append|,
- which adds the route to the end of the list. Avoid these
- features.
-\end{NB}
-\begin{NB}
- More sad news, IPv6 only understands the \verb|append| command correctly.
- All the others are translated into \verb|append| commands. Certainly,
- this will change in the future.
-\end{NB}
-
-\paragraph{Examples:}
-\begin{itemize}
-\item add a plain route to network 10.0.0/24 via gateway 193.233.7.65
-\begin{verbatim}
- ip route add 10.0.0/24 via 193.233.7.65
-\end{verbatim}
-\item change it to a direct route via the \verb|dummy| device
-\begin{verbatim}
- ip ro chg 10.0.0/24 dev dummy
-\end{verbatim}
-\item add a default multipath route splitting the load between \verb|ppp0|
-and \verb|ppp1|
-\begin{verbatim}
- ip route add default scope global nexthop dev ppp0 \
- nexthop dev ppp1
-\end{verbatim}
-Note the scope value. It is not necessary but it informs the kernel
-that this route is gatewayed rather than direct. Actually, if you
-know the addresses of remote endpoints it would be better to use the
-\verb|via| parameter.
-\item announce that the address 192.203.80.144 is not a real one, but
-should be translated to 193.233.7.83 before forwarding
-\begin{verbatim}
- ip route add nat 192.203.80.144 via 193.233.7.83
-\end{verbatim}
-Backward translation is setup with policy rules described
-in the following section (sec.\ref{IP-RULE}, p.\pageref{IP-RULE}).
-\end{itemize}
-
-\subsection{{\tt ip route delete} --- delete a route}
-
-\paragraph{Abbreviations:} \verb|delete|, \verb|del|, \verb|d|.
-
-\paragraph{Arguments:} \verb|ip route del| has the same arguments as
-\verb|ip route add|, but their semantics are a bit different.
-
-Key values (\verb|to|, \verb|tos|, \verb|preference| and \verb|table|)
-select the route to delete. If optional attributes are present, \verb|ip|
-verifies that they coincide with the attributes of the route to delete.
-If no route with the given key and attributes was found, \verb|ip route del|
-fails.
-\begin{NB}
-Linux-2.0 had the option to delete a route selected only by prefix address,
-ignoring its length (i.e.\ netmask). This option no longer exists
-because it was ambiguous. However, look at {\tt ip route flush}
-(sec.\ref{IP-ROUTE-FLUSH}, p.\pageref{IP-ROUTE-FLUSH}) which
-provides similar and even richer functionality.
-\end{NB}
-
-\paragraph{Example:}
-\begin{itemize}
-\item delete the multipath route created by the command in previous subsection
-\begin{verbatim}
- ip route del default scope global nexthop dev ppp0 \
- nexthop dev ppp1
-\end{verbatim}
-\end{itemize}
-
-
-
-\subsection{{\tt ip route show} --- list routes}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
-
-\paragraph{Description:} the command displays the contents of the routing tables
-or the route(s) selected by some criteria.
-
-
-\paragraph{Arguments:}
-\begin{itemize}
-\item \verb|to SELECTOR| (default)
-
---- only select routes from the given range of destinations. \verb|SELECTOR|
-consists of an optional modifier (\verb|root|, \verb|match| or \verb|exact|)
-and a prefix. \verb|root PREFIX| selects routes with prefixes not shorter
-than \verb|PREFIX|. F.e.\ \verb|root 0/0| selects the entire routing table.
-\verb|match PREFIX| selects routes with prefixes not longer than
-\verb|PREFIX|. F.e.\ \verb|match 10.0/16| selects \verb|10.0/16|,
-\verb|10/8| and \verb|0/0|, but it does not select \verb|10.1/16| and
-\verb|10.0.0/24|. And \verb|exact PREFIX| (or just \verb|PREFIX|)
-selects routes with this exact prefix. If neither of these options
-are present, \verb|ip| assumes \verb|root 0/0| i.e.\ it lists the entire table.
-
-
-\item \verb|tos TOS| or \verb|dsfield TOS|
-
- --- only select routes with the given TOS.
-
-
-\item \verb|table TABLEID|
-
- --- show the routes from this table(s). The default setting is to show
-\verb|table| \verb|main|. \verb|TABLEID| may either be the ID of a real table
-or one of the special values:
- \begin{itemize}
- \item \verb|all| --- list all of the tables.
- \item \verb|cache| --- dump the routing cache.
- \end{itemize}
-\begin{NB}
- IPv6 has a single table. However, splitting it into \verb|main|, \verb|local|
- and \verb|cache| is emulated by the \verb|ip| utility.
-\end{NB}
-
-\item \verb|cloned| or \verb|cached|
-
---- list cloned routes i.e.\ routes which were dynamically forked from
-other routes because some route attribute (f.e.\ MTU) was updated.
-Actually, it is equivalent to \verb|table cache|.
-
-\item \verb|from SELECTOR|
-
---- the same syntax as for \verb|to|, but it binds the source address range
-rather than destinations. Note that the \verb|from| option only works with
-cloned routes.
-
-\item \verb|protocol RTPROTO|
-
---- only list routes of this protocol.
-
-
-\item \verb|scope SCOPE_VAL|
-
---- only list routes with this scope.
-
-\item \verb|type TYPE|
-
---- only list routes of this type.
-
-\item \verb|dev NAME|
-
---- only list routes going via this device.
-
-\item \verb|via PREFIX|
-
---- only list routes going via the nexthop routers selected by \verb|PREFIX|.
-
-\item \verb|src PREFIX|
-
---- only list routes with preferred source addresses selected
-by \verb|PREFIX|.
-
-\item \verb|realm REALMID| or \verb|realms FROMREALM/TOREALM|
-
---- only list routes with these realms.
-
-\end{itemize}
-
-\paragraph{Examples:} Let us count routes of protocol \verb|gated/bgp|
-on a router:
-\begin{verbatim}
-kuznet@amber:~ $ ip ro ls proto gated/bgp | wc
- 1413 9891 79010
-kuznet@amber:~ $
-\end{verbatim}
-To count the size of the routing cache, we have to use the \verb|-o| option
-because cached attributes can take more than one line of output:
-\begin{verbatim}
-kuznet@amber:~ $ ip -o ro ls cloned | wc
- 159 2543 18707
-kuznet@amber:~ $
-\end{verbatim}
-
-
-\paragraph{Output format:} The output of this command consists
-of per route records separated by line feeds.
-However, some records may consist
-of more than one line: particularly, this is the case when the route
-is cloned or you requested additional statistics. If the
-\verb|-o| option was given, then line feeds separating lines inside
-records are replaced with the backslash sign.
-
-The output has the same syntax as arguments given to {\tt ip route add},
-so that it can be understood easily. F.e.\
-\begin{verbatim}
-kuznet@amber:~ $ ip ro ls 193.233.7/24
-193.233.7.0/24 dev eth0 proto gated/conn scope link \
- src 193.233.7.65 realms inr.ac
-kuznet@amber:~ $
-\end{verbatim}
-
-If you list cloned entries, the output contains other attributes which
-are evaluated during route calculation and updated during route
-lifetime. An example of the output is:
-\begin{verbatim}
-kuznet@amber:~ $ ip ro ls 193.233.7.82 tab cache
-193.233.7.82 from 193.233.7.82 dev eth0 src 193.233.7.65 \
- realms inr.ac/inr.ac
- cache <src-direct,redirect> mtu 1500 rtt 300 iif eth0
-193.233.7.82 dev eth0 src 193.233.7.65 realms inr.ac
- cache mtu 1500 rtt 300
-kuznet@amber:~ $
-\end{verbatim}
-\begin{NB}
- \label{NB-strange-route}
- The route looks a bit strange, doesn't it? Did you notice that
- it is a path from 193.233.7.82 back to 193.233.82? Well, you will
- see in the section on \verb|ip route get| (p.\pageref{NB-nature-of-strangeness})
- how it appeared.
-\end{NB}
-The second line, starting with the word \verb|cache|, shows
-additional attributes which normal routes do not possess.
-Cached flags are summarized in angle brackets:
-\begin{itemize}
-\item \verb|local| --- packets are delivered locally.
-It stands for loopback unicast routes, for broadcast routes
-and for multicast routes, if this host is a member of the corresponding
-group.
-
-\item \verb|reject| --- the path is bad. Any attempt to use it results
-in an error. See attribute \verb|error| below (p.\pageref{IP-ROUTE-GET-error}).
-
-\item \verb|mc| --- the destination is multicast.
-
-\item \verb|brd| --- the destination is broadcast.
-
-\item \verb|src-direct| --- the source is on a directly connected
-interface.
-
-\item \verb|redirected| --- the route was created by an ICMP Redirect.
-
-\item \verb|redirect| --- packets going via this route will
-trigger an ICMP redirect.
-
-\item \verb|fastroute| --- the route is eligible to be used for fastroute.
-
-\item \verb|equalize| --- make packet by packet randomization
-along this path.
-
-\item \verb|dst-nat| --- the destination address requires translation.
-
-\item \verb|src-nat| --- the source address requires translation.
-
-\item \verb|masq| --- the source address requires masquerading.
-This feature disappeared in linux-2.4.
-
-\item \verb|notify| --- ({\em not implemented}) change/deletion
-of this route will trigger RTNETLINK notification.
-\end{itemize}
-
-Then some optional attributes follow:
-\begin{itemize}
-\item \verb|error| --- on \verb|reject| routes it is error code
-returned to local senders when they try to use this route.
-These error codes are translated into ICMP error codes, sent to remote
-senders, according to the rules described above in the subsection
-devoted to route types (p.\pageref{IP-ROUTE-TYPES}).
-\label{IP-ROUTE-GET-error}
-
-\item \verb|expires| --- this entry will expire after this timeout.
-
-\item \verb|iif| --- the packets for this path are expected to arrive
-on this interface.
-\end{itemize}
-
-\paragraph{Statistics:} With the \verb|-statistics| option, more
-information about this route is shown:
-\begin{itemize}
-\item \verb|users| --- the number of users of this entry.
-\item \verb|age| --- shows when this route was last used.
-\item \verb|used| --- the number of lookups of this route since its creation.
-\end{itemize}
-
-\subsection{{\tt ip route save} -- save routing tables}
-\label{IP-ROUTE-SAVE}
-
-\paragraph{Description:} this command saves the contents of the routing
-tables or the route(s) selected by some criteria to standard output.
-
-\paragraph{Arguments:} \verb|ip route save| has the same arguments as
-\verb|ip route show|.
-
-\paragraph{Example:} This saves all the routes to the {\tt saved\_routes}
-file:
-\begin{verbatim}
-dan@caffeine:~ # ip route save > saved_routes
-\end{verbatim}
-
-\paragraph{Output format:} The format of the data stream provided by
-\verb|ip route save| is that of \verb|rtnetlink|. See
-\verb|rtnetlink(7)| for more information.
-
-\subsection{{\tt ip route restore} -- restore routing tables}
-\label{IP-ROUTE-RESTORE}
-
-\paragraph{Description:} this command restores the contents of the routing
-tables according to a data stream as provided by \verb|ip route save| via
-standard input. Note that any routes already in the table are left unchanged.
-Any routes in the input stream that already exist in the tables are ignored.
-
-\paragraph{Arguments:} This command takes no arguments.
-
-\paragraph{Example:} This restores all routes that were saved to the
-{\tt saved\_routes} file:
-
-\begin{verbatim}
-dan@caffeine:~ # ip route restore < saved_routes
-\end{verbatim}
-
-\subsection{{\tt ip route flush} --- flush routing tables}
-\label{IP-ROUTE-FLUSH}
-
-\paragraph{Abbreviations:} \verb|flush|, \verb|f|.
-
-\paragraph{Description:} this command flushes routes selected
-by some criteria.
-
-\paragraph{Arguments:} the arguments have the same syntax and semantics
-as the arguments of \verb|ip route show|, but routing tables are not
-listed but purged. The only difference is the default action: \verb|show|
-dumps all the IP main routing table but \verb|flush| prints the helper page.
-The reason for this difference does not require any explanation, does it?
-
-
-\paragraph{Statistics:} With the \verb|-statistics| option, the command
-becomes verbose. It prints out the number of deleted routes and the number
-of rounds made to flush the routing table. If the option is given
-twice, \verb|ip route flush| also dumps all the deleted routes
-in the format described in the previous subsection.
-
-\paragraph{Examples:} The first example flushes all the
-gatewayed routes from the main table (f.e.\ after a routing daemon crash).
-\begin{verbatim}
-netadm@amber:~ # ip -4 ro flush scope global type unicast
-\end{verbatim}
-This option deserves to be put into a scriptlet \verb|routef|.
-\begin{NB}
-This option was described in the \verb|route(8)| man page borrowed
-from BSD, but was never implemented in Linux.
-\end{NB}
-
-The second example flushes all IPv6 cloned routes:
-\begin{verbatim}
-netadm@amber:~ # ip -6 -s -s ro flush cache
-3ffe:2400::220:afff:fef4:c5d1 via 3ffe:2400::220:afff:fef4:c5d1 \
- dev eth0 metric 0
- cache used 2 age 12sec mtu 1500 rtt 300
-3ffe:2400::280:adff:feb7:8034 via 3ffe:2400::280:adff:feb7:8034 \
- dev eth0 metric 0
- cache used 2 age 15sec mtu 1500 rtt 300
-3ffe:2400::280:c8ff:fe59:5bcc via 3ffe:2400::280:c8ff:fe59:5bcc \
- dev eth0 metric 0
- cache users 1 used 1 age 23sec mtu 1500 rtt 300
-3ffe:2400:0:1:2a0:ccff:fe66:1878 via 3ffe:2400:0:1:2a0:ccff:fe66:1878 \
- dev eth1 metric 0
- cache used 2 age 20sec mtu 1500 rtt 300
-3ffe:2400:0:1:a00:20ff:fe71:fb30 via 3ffe:2400:0:1:a00:20ff:fe71:fb30 \
- dev eth1 metric 0
- cache used 2 age 33sec mtu 1500 rtt 300
-ff02::1 via ff02::1 dev eth1 metric 0
- cache users 1 used 1 age 45sec mtu 1500 rtt 300
-
-*** Round 1, deleting 6 entries ***
-*** Flush is complete after 1 round ***
-netadm@amber:~ # ip -6 -s -s ro flush cache
-Nothing to flush.
-netadm@amber:~ #
-\end{verbatim}
-
-The third example flushes BGP routing tables after a \verb|gated|
-death.
-\begin{verbatim}
-netadm@amber:~ # ip ro ls proto gated/bgp | wc
- 1408 9856 78730
-netadm@amber:~ # ip -s ro f proto gated/bgp
-
-*** Round 1, deleting 1408 entries ***
-*** Flush is complete after 1 round ***
-netadm@amber:~ # ip ro f proto gated/bgp
-Nothing to flush.
-netadm@amber:~ # ip ro ls proto gated/bgp
-netadm@amber:~ #
-\end{verbatim}
-
-
-\subsection{{\tt ip route get} --- get a single route}
-\label{IP-ROUTE-GET}
-
-\paragraph{Abbreviations:} \verb|get|, \verb|g|.
-
-\paragraph{Description:} this command gets a single route to a destination
-and prints its contents exactly as the kernel sees it.
-
-\paragraph{Arguments:}
-\begin{itemize}
-\item \verb|to ADDRESS| (default)
-
---- the destination address.
-
-\item \verb|from ADDRESS|
-
---- the source address.
-
-\item \verb|tos TOS| or \verb|dsfield TOS|
-
---- the Type Of Service.
-
-\item \verb|iif NAME|
-
---- the device from which this packet is expected to arrive.
-
-\item \verb|oif NAME|
-
---- force the output device on which this packet will be routed.
-
-\item \verb|connected|
-
---- if no source address (option \verb|from|) was given, relookup
-the route with the source set to the preferred address received from the first lookup.
-If policy routing is used, it may be a different route.
-
-\end{itemize}
-
-Note that this operation is not equivalent to \verb|ip route show|.
-\verb|show| shows existing routes. \verb|get| resolves them and
-creates new clones if necessary. Essentially, \verb|get|
-is equivalent to sending a packet along this path.
-If the \verb|iif| argument is not given, the kernel creates a route
-to output packets towards the requested destination.
-This is equivalent to pinging the destination
-with a subsequent {\tt ip route ls cache}, however, no packets are
-actually sent. With the \verb|iif| argument, the kernel pretends
-that a packet arrived from this interface and searches for
-a path to forward the packet.
-
-\paragraph{Output format:} This command outputs routes in the same
-format as \verb|ip route ls|.
-
-\paragraph{Examples:}
-\begin{itemize}
-\item Find a route to output packets to 193.233.7.82:
-\begin{verbatim}
-kuznet@amber:~ $ ip route get 193.233.7.82
-193.233.7.82 dev eth0 src 193.233.7.65 realms inr.ac
- cache mtu 1500 rtt 300
-kuznet@amber:~ $
-\end{verbatim}
-
-\item Find a route to forward packets arriving on \verb|eth0|
-from 193.233.7.82 and destined for 193.233.7.82:
-\begin{verbatim}
-kuznet@amber:~ $ ip r g 193.233.7.82 from 193.233.7.82 iif eth0
-193.233.7.82 from 193.233.7.82 dev eth0 src 193.233.7.65 \
- realms inr.ac/inr.ac
- cache <src-direct,redirect> mtu 1500 rtt 300 iif eth0
-kuznet@amber:~ $
-\end{verbatim}
-\begin{NB}
- \label{NB-nature-of-strangeness}
- This is the command that created the funny route from 193.233.7.82
- looped back to 193.233.7.82 (cf.\ NB on~p.\pageref{NB-strange-route}).
- Note the \verb|redirect| flag on it.
-\end{NB}
-
-\item Find a multicast route for packets arriving on \verb|eth0|
-from host 193.233.7.82 and destined for multicast group 224.2.127.254
-(it is assumed that a multicast routing daemon is running.
-In this case, it is \verb|pimd|)
-\begin{verbatim}
-kuznet@amber:~ $ ip r g 224.2.127.254 from 193.233.7.82 iif eth0
-multicast 224.2.127.254 from 193.233.7.82 dev lo \
- src 193.233.7.65 realms inr.ac/cosmos
- cache <mc> iif eth0 Oifs: eth1 pimreg
-kuznet@amber:~ $
-\end{verbatim}
-This route differs from the ones seen before. It contains a ``normal'' part
-and a ``multicast'' part. The normal part is used to deliver (or not to
-deliver) the packet to local IP listeners. In this case the router
-is not a member
-of this group, so that route has no \verb|local| flag and only
-forwards packets. The output device for such entries is always loopback.
-The multicast part consists of an additional \verb|Oifs:| list showing
-the output interfaces.
-\end{itemize}
-
-
-It is time for a more complicated example. Let us add an invalid
-gatewayed route for a destination which is really directly connected:
-\begin{verbatim}
-netadm@alisa:~ # ip route add 193.233.7.98 via 193.233.7.254
-netadm@alisa:~ # ip route get 193.233.7.98
-193.233.7.98 via 193.233.7.254 dev eth0 src 193.233.7.90
- cache mtu 1500 rtt 3072
-netadm@alisa:~ #
-\end{verbatim}
-and probe it with ping:
-\begin{verbatim}
-netadm@alisa:~ # ping -n 193.233.7.98
-PING 193.233.7.98 (193.233.7.98) from 193.233.7.90 : 56 data bytes
-From 193.233.7.254: Redirect Host(New nexthop: 193.233.7.98)
-64 bytes from 193.233.7.98: icmp_seq=0 ttl=255 time=3.5 ms
-From 193.233.7.254: Redirect Host(New nexthop: 193.233.7.98)
-64 bytes from 193.233.7.98: icmp_seq=1 ttl=255 time=2.2 ms
-64 bytes from 193.233.7.98: icmp_seq=2 ttl=255 time=0.4 ms
-64 bytes from 193.233.7.98: icmp_seq=3 ttl=255 time=0.4 ms
-64 bytes from 193.233.7.98: icmp_seq=4 ttl=255 time=0.4 ms
-^C
---- 193.233.7.98 ping statistics ---
-5 packets transmitted, 5 packets received, 0% packet loss
-round-trip min/avg/max = 0.4/1.3/3.5 ms
-netadm@alisa:~ #
-\end{verbatim}
-What happened? Router 193.233.7.254 understood that we have a much
-better path to the destination and sent us an ICMP redirect message.
-We may retry \verb|ip route get| to see what we have in the routing
-tables now:
-\begin{verbatim}
-netadm@alisa:~ # ip route get 193.233.7.98
-193.233.7.98 dev eth0 src 193.233.7.90
- cache <redirected> mtu 1500 rtt 3072
-netadm@alisa:~ #
-\end{verbatim}
-
-
-
-\section{{\tt ip rule} --- routing policy database management}
-\label{IP-RULE}
-
-\paragraph{Abbreviations:} \verb|rule|, \verb|ru|.
-
-\paragraph{Object:} \verb|rule|s in the routing policy database control
-the route selection algorithm.
-
-Classic routing algorithms used in the Internet make routing decisions
-based only on the destination address of packets (and in theory,
-but not in practice, on the TOS field). The seminal review of classic
-routing algorithms and their modifications can be found in~\cite{RFC1812}.
-
-In some circumstances we want to route packets differently depending not only
-on destination addresses, but also on other packet fields: source address,
-IP protocol, transport protocol ports or even packet payload.
-This task is called ``policy routing''.
-
-\begin{NB}
- ``policy routing'' $\neq$ ``routing policy''.
-
-\noindent ``policy routing'' $=$ ``cunning routing''.
-
-\noindent ``routing policy'' $=$ ``routing tactics'' or ``routing plan''.
-\end{NB}
-
-To solve this task, the conventional destination based routing table, ordered
-according to the longest match rule, is replaced with a ``routing policy
-database'' (or RPDB), which selects routes
-by executing some set of rules. The rules may have lots of keys of different
-natures and therefore they have no natural ordering, but one imposed
-by the administrator. Linux-2.2 RPDB is a linear list of rules
-ordered by numeric priority value.
-RPDB explicitly allows matching a few packet fields:
-
-\begin{itemize}
-\item packet source address.
-\item packet destination address.
-\item TOS.
-\item incoming interface (which is packet metadata, rather than a packet field).
-\end{itemize}
-
-Matching IP protocols and transport ports is also possible,
-indirectly, via \verb|ipchains|, by exploiting their ability
-to mark some classes of packets with \verb|fwmark|. Therefore,
-\verb|fwmark| is also included in the set of keys checked by rules.
-
-Each policy routing rule consists of a {\em selector\/} and an {\em action\/}
-predicate. The RPDB is scanned in the order of increasing priority. The selector
-of each rule is applied to \{source address, destination address, incoming
-interface, tos, fwmark\} and, if the selector matches the packet,
-the action is performed. The action predicate may return with success.
-In this case, it will either give a route or failure indication
-and the RPDB lookup is terminated. Otherwise, the RPDB program
-continues on the next rule.
-
-What is the action, semantically? The natural action is to select the
-nexthop and the output device. This is what
-Cisco IOS~\cite{IOS} does. Let us call it ``match \& set''.
-The Linux-2.2 approach is more flexible. The action includes
-lookups in destination-based routing tables and selecting
-a route from these tables according to the classic longest match algorithm.
-The ``match \& set'' approach is the simplest case of the Linux one. It is realized
-when a second level routing table contains a single default route.
-Recall that Linux-2.2 supports multiple tables
-managed with the \verb|ip route| command, described in the previous section.
-
-At startup time the kernel configures the default RPDB consisting of three
-rules:
-
-\begin{enumerate}
-\item Priority: 0, Selector: match anything, Action: lookup routing
-table \verb|local| (ID 255).
-The \verb|local| table is a special routing table containing
-high priority control routes for local and broadcast addresses.
-
-Rule 0 is special. It cannot be deleted or overridden.
-
-
-\item Priority: 32766, Selector: match anything, Action: lookup routing
-table \verb|main| (ID 254).
-The \verb|main| table is the normal routing table containing all non-policy
-routes. This rule may be deleted and/or overridden with other
-ones by the administrator.
-
-\item Priority: 32767, Selector: match anything, Action: lookup routing
-table \verb|default| (ID 253).
-The \verb|default| table is empty. It is reserved for some
-post-processing if no previous default rules selected the packet.
-This rule may also be deleted.
-
-\end{enumerate}
-
-Do not confuse routing tables with rules: rules point to routing tables,
-several rules may refer to one routing table and some routing tables
-may have no rules pointing to them. If the administrator deletes all the rules
-referring to a table, the table is not used, but it still exists
-and will disappear only after all the routes contained in it are deleted.
-
-
-\paragraph{Rule attributes:} Each RPDB entry has additional
-attributes. F.e.\ each rule has a pointer to some routing
-table. NAT and masquerading rules have an attribute to select new IP
-address to translate/masquerade. Besides that, rules have some
-optional attributes, which routes have, namely \verb|realms|.
-These values do not override those contained in the routing tables. They
-are only used if the route did not select any attributes.
-
-
-\paragraph{Rule types:} The RPDB may contain rules of the following
-types:
-\begin{itemize}
-\item \verb|unicast| --- the rule prescribes to return the route found
-in the routing table referenced by the rule.
-\item \verb|blackhole| --- the rule prescribes to silently drop the packet.
-\item \verb|unreachable| --- the rule prescribes to generate a ``Network
-is unreachable'' error.
-\item \verb|prohibit| --- the rule prescribes to generate
-``Communication is administratively prohibited'' error.
-\item \verb|nat| --- the rule prescribes to translate the source address
-of the IP packet into some other value. More about NAT is
-in Appendix~\ref{ROUTE-NAT}, p.\pageref{ROUTE-NAT}.
-\end{itemize}
-
-
-\paragraph{Commands:} \verb|add|, \verb|delete| and \verb|show|
-(or \verb|list|).
-
-\subsection{{\tt ip rule add} --- insert a new rule\\
- {\tt ip rule delete} --- delete a rule}
-\label{IP-RULE-ADD}
-
-\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|,
- \verb|d|.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|type TYPE| (default)
-
---- the type of this rule. The list of valid types was given in the previous
-subsection.
-
-\item \verb|from PREFIX|
-
---- select the source prefix to match.
-
-\item \verb|to PREFIX|
-
---- select the destination prefix to match.
-
-\item \verb|iif NAME|
-
---- select the incoming device to match. If the interface is loopback,
-the rule only matches packets originating from this host. This means that you
-may create separate routing tables for forwarded and local packets and,
-hence, completely segregate them.
-
-\item \verb|tos TOS| or \verb|dsfield TOS|
-
---- select the TOS value to match.
-
-\item \verb|fwmark MARK|
-
---- select the \verb|fwmark| value to match.
-
-\item \verb|priority PREFERENCE|
-
---- the priority of this rule. Each rule should have an explicitly
-set {\em unique\/} priority value.
-\begin{NB}
- Really, for historical reasons \verb|ip rule add| does not require a
- priority value and allows them to be non-unique.
- If the user does not supplied a priority, it is selected by the kernel.
- If the user creates a rule with a priority value that
- already exists, the kernel does not reject the request. It adds
- the new rule before all old rules of the same priority.
-
- It is mistake in design, no more. And it will be fixed one day,
- so do not rely on this feature. Use explicit priorities.
-\end{NB}
-
-
-\item \verb|table TABLEID|
-
---- the routing table identifier to lookup if the rule selector matches.
-
-\item \verb|realms FROM/TO|
-
---- Realms to select if the rule matched and the routing table lookup
-succeeded. Realm \verb|TO| is only used if the route did not select
-any realm.
-
-\item \verb|nat ADDRESS|
-
---- The base of the IP address block to translate (for source addresses).
-The \verb|ADDRESS| may be either the start of the block of NAT addresses
-(selected by NAT routes) or in linux-2.2 a local host address (or even zero).
-In the last case the router does not translate the packets,
-but masquerades them to this address; this feature disappered in 2.4.
-More about NAT is in Appendix~\ref{ROUTE-NAT},
-p.\pageref{ROUTE-NAT}.
-
-\end{itemize}
-
-\paragraph{Warning:} Changes to the RPDB made with these commands
-do not become active immediately. It is assumed that after
-a script finishes a batch of updates, it flushes the routing cache
-with \verb|ip route flush cache|.
-
-\paragraph{Examples:}
-\begin{itemize}
-\item Route packets with source addresses from 192.203.80/24
-according to routing table \verb|inr.ruhep|:
-\begin{verbatim}
-ip ru add from 192.203.80.0/24 table inr.ruhep prio 220
-\end{verbatim}
-
-\item Translate packet source address 193.233.7.83 into 192.203.80.144
-and route it according to table \#1 (actually, it is \verb|inr.ruhep|):
-\begin{verbatim}
-ip ru add from 193.233.7.83 nat 192.203.80.144 table 1 prio 320
-\end{verbatim}
-
-\item Delete the unused default rule:
-\begin{verbatim}
-ip ru del prio 32767
-\end{verbatim}
-
-\end{itemize}
-
-
-
-\subsection{{\tt ip rule show} --- list rules}
-\label{IP-RULE-SHOW}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
-
-
-\paragraph{Arguments:} Good news, this is one command that has no arguments.
-
-\paragraph{Output format:}
-
-\begin{verbatim}
-kuznet@amber:~ $ ip ru ls
-0: from all lookup local
-200: from 192.203.80.0/24 to 193.233.7.0/24 lookup main
-210: from 192.203.80.0/24 to 192.203.80.0/24 lookup main
-220: from 192.203.80.0/24 lookup inr.ruhep realms inr.ruhep/radio-msu
-300: from 193.233.7.83 to 193.233.7.0/24 lookup main
-310: from 193.233.7.83 to 192.203.80.0/24 lookup main
-320: from 193.233.7.83 lookup inr.ruhep map-to 192.203.80.144
-32766: from all lookup main
-kuznet@amber:~ $
-\end{verbatim}
-
-In the first column is the rule priority value followed
-by a colon. Then the selectors follow. Each key is prefixed
-with the same keyword that was used to create the rule.
-
-The keyword \verb|lookup| is followed by a routing table identifier,
-as it is recorded in the file \verb|/etc/iproute2/rt_tables|.
-
-If the rule does NAT (f.e.\ rule \#320), it is shown by the keyword
-\verb|map-to| followed by the start of the block of addresses to map.
-
-The sense of this example is pretty simple. The prefixes
-192.203.80.0/24 and 193.233.7.0/24 form the internal network, but
-they are routed differently when the packets leave it.
-Besides that, the host 193.233.7.83 is translated into
-another prefix to look like 192.203.80.144 when talking
-to the outer world.
-
-\subsection{{\tt ip rule save} -- save rules tables}
-\label{IP-RULE-SAVE}
-
-\paragraph{Description:} this command saves the contents of the rules
-tables or the rule(s) selected by some criteria to standard output.
-
-\paragraph{Arguments:} \verb|ip rule save| has the same arguments as
-\verb|ip rule show|.
-
-\paragraph{Example:} This saves all the rules to the {\tt saved\_rules}
-file:
-\begin{verbatim}
-dan@caffeine:~ # ip rule save > saved_rules
-\end{verbatim}
-
-\paragraph{Output format:} The format of the data stream provided by
-\verb|ip rule save| is that of \verb|rtnetlink|. See
-\verb|rtnetlink(7)| for more information.
-
-\subsection{{\tt ip rule restore} -- restore rules tables}
-\label{IP-RULE-RESTORE}
-
-\paragraph{Description:} this command restores the contents of the rules
-tables according to a data stream as provided by \verb|ip rule save| via
-standard input. Note that any rules already in the table are left unchanged,
-and duplicates are not ignored.
-
-\paragraph{Arguments:} This command takes no arguments.
-
-\paragraph{Example:} This restores all rules that were saved to the
-{\tt saved\_rules} file:
-
-\begin{verbatim}
-dan@caffeine:~ # ip rule restore < saved_rules
-\end{verbatim}
-
-
-
-\section{{\tt ip maddress} --- multicast addresses management}
-\label{IP-MADDR}
-
-\paragraph{Object:} \verb|maddress| objects are multicast addresses.
-
-\paragraph{Commands:} \verb|add|, \verb|delete|, \verb|show| (or \verb|list|).
-
-\subsection{{\tt ip maddress show} --- list multicast addresses}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-
-\item \verb|dev NAME| (default)
-
---- the device name.
-
-\end{itemize}
-
-\paragraph{Output format:}
-
-\begin{verbatim}
-kuznet@alisa:~ $ ip maddr ls dummy
-2: dummy
- link 33:33:00:00:00:01
- link 01:00:5e:00:00:01
- inet 224.0.0.1 users 2
- inet6 ff02::1
-kuznet@alisa:~ $
-\end{verbatim}
-
-The first line of the output shows the interface index and its name.
-Then the multicast address list follows. Each line starts with the
-protocol identifier. The word \verb|link| denotes a link layer
-multicast addresses.
-
-If a multicast address has more than one user, the number
-of users is shown after the \verb|users| keyword.
-
-One additional feature not present in the example above
-is the \verb|static| flag, which indicates that the address was joined
-with \verb|ip maddr add|. See the following subsection.
-
-
-
-\subsection{{\tt ip maddress add} --- add a multicast address\\
- {\tt ip maddress delete} --- delete a multicast address}
-
-\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|delete|, \verb|del|, \verb|d|.
-
-\paragraph{Description:} these commands attach/detach
-a static link layer multicast address to listen on the interface.
-Note that it is impossible to join protocol multicast groups
-statically. This command only manages link layer addresses.
-
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|address LLADDRESS| (default)
-
---- the link layer multicast address.
-
-\item \verb|dev NAME|
-
---- the device to join/leave this multicast address.
-
-\end{itemize}
-
-
-\paragraph{Example:} Let us continue with the example from the previous subsection.
-
-\begin{verbatim}
-netadm@alisa:~ # ip maddr add 33:33:00:00:00:01 dev dummy
-netadm@alisa:~ # ip -0 maddr ls dummy
-2: dummy
- link 33:33:00:00:00:01 users 2 static
- link 01:00:5e:00:00:01
-netadm@alisa:~ # ip maddr del 33:33:00:00:00:01 dev dummy
-\end{verbatim}
-
-\begin{NB}
- Neither \verb|ip| nor the kernel check for multicast address validity.
- Particularly, this means that you can try to load a unicast address
- instead of a multicast address. Most drivers will ignore such addresses,
- but several (f.e.\ Tulip) will intern it to their on-board filter.
- The effects may be strange. Namely, the addresses become additional
- local link addresses and, if you loaded the address of another host
- to the router, wait for duplicated packets on the wire.
- It is not a bug, but rather a hole in the API and intra-kernel interfaces.
- This feature is really more useful for traffic monitoring, but using it
- with Linux-2.2 you {\em have to\/} be sure that the host is not
- a router and, especially, that it is not a transparent proxy or masquerading
- agent.
-\end{NB}
-
-
-
-\section{{\tt ip mroute} --- multicast routing cache management}
-\label{IP-MROUTE}
-
-\paragraph{Abbreviations:} \verb|mroute|, \verb|mr|.
-
-\paragraph{Object:} \verb|mroute| objects are multicast routing cache
-entries created by a user level mrouting daemon
-(f.e.\ \verb|pimd| or \verb|mrouted|).
-
-Due to the limitations of the current interface to the multicast routing
-engine, it is impossible to change \verb|mroute| objects administratively,
-so we may only display them. This limitation will be removed
-in the future.
-
-\paragraph{Commands:} \verb|show| (or \verb|list|).
-
-
-\subsection{{\tt ip mroute show} --- list mroute cache entries}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-\item \verb|to PREFIX| (default)
-
---- the prefix selecting the destination multicast addresses to list.
-
-
-\item \verb|iif NAME|
-
---- the interface on which multicast packets are received.
-
-
-\item \verb|from PREFIX|
-
---- the prefix selecting the IP source addresses of the multicast route.
-
-
-\end{itemize}
-
-\paragraph{Output format:}
-
-\begin{verbatim}
-kuznet@amber:~ $ ip mroute ls
-(193.232.127.6, 224.0.1.39) Iif: unresolved
-(193.232.244.34, 224.0.1.40) Iif: unresolved
-(193.233.7.65, 224.66.66.66) Iif: eth0 Oifs: pimreg
-kuznet@amber:~ $
-\end{verbatim}
-
-Each line shows one (S,G) entry in the multicast routing cache,
-where S is the source address and G is the multicast group. \verb|Iif| is
-the interface on which multicast packets are expected to arrive.
-If the word \verb|unresolved| is there instead of the interface name,
-it means that the routing daemon still hasn't resolved this entry.
-The keyword \verb|oifs| is followed by a list of output interfaces, separated
-by spaces. If a multicast routing entry is created with non-trivial
-TTL scope, administrative distances are appended to the device names
-in the \verb|oifs| list.
-
-\paragraph{Statistics:} The \verb|-statistics| option also prints the
-number of packets and bytes forwarded along this route and
-the number of packets that arrived on the wrong interface, if this number is not zero.
-
-\begin{verbatim}
-kuznet@amber:~ $ ip -s mr ls 224.66/16
-(193.233.7.65, 224.66.66.66) Iif: eth0 Oifs: pimreg
- 9383 packets, 300256 bytes
-kuznet@amber:~ $
-\end{verbatim}
-
-
-\section{{\tt ip tunnel} --- tunnel configuration}
-\label{IP-TUNNEL}
-
-\paragraph{Abbreviations:} \verb|tunnel|, \verb|tunl|.
-
-\paragraph{Object:} \verb|tunnel| objects are tunnels, encapsulating
-packets in IPv4 packets and then sending them over the IP infrastructure.
-
-\paragraph{Commands:} \verb|add|, \verb|delete|, \verb|change|, \verb|show|
-(or \verb|list|).
-
-\paragraph{See also:} A more informal discussion of tunneling
-over IP and the \verb|ip tunnel| command can be found in~\cite{IP-TUNNELS}.
-
-\subsection{{\tt ip tunnel add} --- add a new tunnel\\
- {\tt ip tunnel change} --- change an existing tunnel\\
- {\tt ip tunnel delete} --- destroy a tunnel}
-
-\paragraph{Abbreviations:} \verb|add|, \verb|a|; \verb|change|, \verb|chg|;
-\verb|delete|, \verb|del|, \verb|d|.
-
-
-\paragraph{Arguments:}
-
-\begin{itemize}
-
-\item \verb|name NAME| (default)
-
---- select the tunnel device name.
-
-\item \verb|mode MODE|
-
---- set the tunnel mode. Three modes are currently available:
- \verb|ipip|, \verb|sit| and \verb|gre|.
-
-\item \verb|remote ADDRESS|
-
---- set the remote endpoint of the tunnel.
-
-\item \verb|local ADDRESS|
-
---- set the fixed local address for tunneled packets.
-It must be an address on another interface of this host.
-
-\item \verb|ttl N|
-
---- set a fixed TTL \verb|N| on tunneled packets.
- \verb|N| is a number in the range 1--255. 0 is a special value
- meaning that packets inherit the TTL value.
- The default value is: \verb|inherit|.
-
-\item \verb|tos T| or \verb|dsfield T|
-
---- set a fixed TOS \verb|T| on tunneled packets.
- The default value is: \verb|inherit|.
-
-
-
-\item \verb|dev NAME|
-
---- bind the tunnel to the device \verb|NAME| so that
- tunneled packets will only be routed via this device and will
- not be able to escape to another device when the route to endpoint changes.
-
-\item \verb|nopmtudisc|
-
---- disable Path MTU Discovery on this tunnel.
- It is enabled by default. Note that a fixed ttl is incompatible
- with this option: tunnelling with a fixed ttl always makes pmtu discovery.
-
-\item \verb|key K|, \verb|ikey K|, \verb|okey K|
-
---- (only GRE tunnels) use keyed GRE with key \verb|K|. \verb|K| is
- either a number or an IP address-like dotted quad.
- The \verb|key| parameter sets the key to use in both directions.
- The \verb|ikey| and \verb|okey| parameters set different keys for input and output.
-
-
-\item \verb|csum|, \verb|icsum|, \verb|ocsum|
-
---- (only GRE tunnels) generate/require checksums for tunneled packets.
- The \verb|ocsum| flag calculates checksums for outgoing packets.
- The \verb|icsum| flag requires that all input packets have the correct
- checksum. The \verb|csum| flag is equivalent to the combination
- ``\verb|icsum| \verb|ocsum|''.
-
-\item \verb|seq|, \verb|iseq|, \verb|oseq|
-
---- (only GRE tunnels) serialize packets.
- The \verb|oseq| flag enables sequencing of outgoing packets.
- The \verb|iseq| flag requires that all input packets are serialized.
- The \verb|seq| flag is equivalent to the combination ``\verb|iseq| \verb|oseq|''.
-
-\begin{NB}
- I think this option does not
- work. At least, I did not test it, did not debug it and
- do not even understand how it is supposed to work or for what
- purpose Cisco planned to use it. Do not use it.
-\end{NB}
-
-
-\end{itemize}
-
-\paragraph{Example:} Create a pointopoint IPv6 tunnel with maximal TTL of 32.
-\begin{verbatim}
-netadm@amber:~ # ip tunl add Cisco mode sit remote 192.31.7.104 \
- local 192.203.80.142 ttl 32
-\end{verbatim}
-
-\subsection{{\tt ip tunnel show} --- list tunnels}
-
-\paragraph{Abbreviations:} \verb|show|, \verb|list|, \verb|sh|, \verb|ls|, \verb|l|.
-
-
-\paragraph{Arguments:} None.
-
-\paragraph{Output format:}
-\begin{verbatim}
-kuznet@amber:~ $ ip tunl ls Cisco
-Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
-kuznet@amber:~ $
-\end{verbatim}
-The line starts with the tunnel device name followed by a colon.
-Then the tunnel mode follows. The parameters of the tunnel are listed
-with the same keywords that were used when creating the tunnel.
-
-\paragraph{Statistics:}
-
-\begin{verbatim}
-kuznet@amber:~ $ ip -s tunl ls Cisco
-Cisco: ipv6/ip remote 192.31.7.104 local 192.203.80.142 ttl 32
-RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
- 12566 1707516 0 0 0 0
-TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
- 13445 1879677 0 0 0 0
-kuznet@amber:~ $
-\end{verbatim}
-Essentially, these numbers are the same as the numbers
-printed with {\tt ip -s link show}
-(sec.\ref{IP-LINK-SHOW}, p.\pageref{IP-LINK-SHOW}) but the tags are different
-to reflect that they are tunnel specific.
-\begin{itemize}
-\item \verb|CsumErrs| --- the total number of packets dropped
-because of checksum failures for a GRE tunnel with checksumming enabled.
-\item \verb|OutOfSeq| --- the total number of packets dropped
-because they arrived out of sequence for a GRE tunnel with
-serialization enabled.
-\item \verb|Mcasts| --- the total number of multicast packets
-received on a broadcast GRE tunnel.
-\item \verb|DeadLoop| --- the total number of packets which were not
-transmitted because the tunnel is looped back to itself.
-\item \verb|NoRoute| --- the total number of packets which were not
-transmitted because there is no IP route to the remote endpoint.
-\item \verb|NoBufs| --- the total number of packets which were not
-transmitted because the kernel failed to allocate a buffer.
-\end{itemize}
-
-
-\section{{\tt ip monitor} and {\tt rtmon} --- state monitoring}
-\label{IP-MONITOR}
-
-The \verb|ip| utility can monitor the state of devices, addresses
-and routes continuously. This option has a slightly different format.
-Namely,
-the \verb|monitor| command is the first in the command line and then
-the object list follows:
-\begin{verbatim}
- ip monitor [ file FILE ] [ all | OBJECT-LIST ] [ label ]
-\end{verbatim}
-\verb|OBJECT-LIST| is the list of object types that we want to
-monitor. It may contain \verb|link|, \verb|address| and \verb|route|.
-Specifying \verb|label| indicates that output lines should be labelled
-with the type of object being printed --- this happens by default if
-\verb|all| is specified. If no \verb|file| argument is given,
-\verb|ip| opens RTNETLINK, listens on it and dumps state changes in
-the format described in previous sections.
-
-If a file name is given, it does not listen on RTNETLINK,
-but opens the file containing RTNETLINK messages saved in binary format
-and dumps them. Such a history file can be generated with the
-\verb|rtmon| utility. This utility has a command line syntax similar to
-\verb|ip monitor|.
-Ideally, \verb|rtmon| should be started before
-the first network configuration command is issued. F.e.\ if
-you insert:
-\begin{verbatim}
- rtmon file /var/log/rtmon.log
-\end{verbatim}
-in a startup script, you will be able to view the full history
-later.
-
-Certainly, it is possible to start \verb|rtmon| at any time.
-It prepends the history with the state snapshot dumped at the moment
-of starting.
-
-
-\section{Route realms and policy propagation, {\tt rtacct}}
-\label{RT-REALMS}
-
-On routers using OSPF ASE or, especially, the BGP protocol, routing
-tables may be huge. If we want to classify or to account for the packets
-per route, we will have to keep lots of information. Even worse, if we
-want to distinguish the packets not only by their destination, but
-also by their source, the task gets quadratic complexity and its solution
-is physically impossible.
-
-One approach to propagating the policy from routing protocols
-to the forwarding engine has been proposed in~\cite{IOS-BGP-PP}.
-Essentially, Cisco Policy Propagation via BGP is based on the fact
-that dedicated routers all have the RIB (Routing Information Base)
-close to the forwarding engine, so policy routing rules can
-check all the route attributes, including ASPATH information
-and community strings.
-
-The Linux architecture, splitting the RIB (maintained by a user level
-daemon) and the kernel based FIB (Forwarding Information Base),
-does not allow such a simple approach.
-
-It is to our fortune because there is another solution
-which allows even more flexible policy and richer semantics.
-
-Namely, routes can be clustered together in user space, based on their
-attributes. F.e.\ a BGP router knows route ASPATH, its community;
-an OSPF router knows the route tag or its area. The administrator, when adding
-routes manually, also knows their nature. Providing that the number of such
-aggregates (we call them {\em realms\/}) is low, the task of full
-classification both by source and destination becomes quite manageable.
-
-So each route may be assigned to a realm. It is assumed that
-this identification is made by a routing daemon, but static routes
-can also be handled manually with \verb|ip route| (see sec.\ref{IP-ROUTE},
-p.\pageref{IP-ROUTE}).
-\begin{NB}
- There is a patch to \verb|gated|, allowing classification of routes
- to realms with all the set of policy rules implemented in \verb|gated|:
- by prefix, by ASPATH, by origin, by tag etc.
-\end{NB}
-
-To facilitate the construction (f.e.\ in case the routing
-daemon is not aware of realms), missing realms may be completed
-with routing policy rules, see sec.~\ref{IP-RULE}, p.\pageref{IP-RULE}.
-
-For each packet the kernel calculates a tuple of realms: source realm
-and destination realm, using the following algorithm:
-
-\begin{enumerate}
-\item If the route has a realm, the destination realm of the packet is set to it.
-\item If the rule has a source realm, the source realm of the packet is set to it.
-If the destination realm was not inherited from the route and the rule has a destination realm,
-it is also set.
-\item If at least one of the realms is still unknown, the kernel finds
-the reversed route to the source of the packet.
-\item If the source realm is still unknown, get it from the reversed route.
-\item If one of the realms is still unknown, swap the realms of reversed
-routes and apply step 2 again.
-\end{enumerate}
-
-After this procedure is completed we know what realm the packet
-arrived from and the realm where it is going to propagate to.
-If some of the realms are unknown, they are initialized to zero
-(or realm \verb|unknown|).
-
-The main application of realms is the TC \verb|route| classifier~\cite{TC-CREF},
-where they are used to help assign packets to traffic classes,
-to account, police and schedule them according to this
-classification.
-
-A much simpler but still very useful application is incoming packet
-accounting by realms. The kernel gathers a packet statistics summary
-which can be viewed with the \verb|rtacct| utility.
-\begin{verbatim}
-kuznet@amber:~ $ rtacct russia
-Realm BytesTo PktsTo BytesFrom PktsFrom
-russia 20576778 169176 47080168 153805
-kuznet@amber:~ $
-\end{verbatim}
-This shows that this router received 153805 packets from
-the realm \verb|russia| and forwarded 169176 packets to \verb|russia|.
-The realm \verb|russia| consists of routes with ASPATHs not leaving
-Russia.
-
-Note that locally originating packets are not accounted here,
-\verb|rtacct| shows incoming packets only. Using the \verb|route|
-classifier (see~\cite{TC-CREF}) you can get even more detailed
-accounting information about outgoing packets, optionally
-summarizing traffic not only by source or destination, but
-by any pair of source and destination realms.
-
-
-\begin{thebibliography}{99}
-\addcontentsline{toc}{section}{References}
-\bibitem{RFC-NDISC} T.~Narten, E.~Nordmark, W.~Simpson.
-``Neighbor Discovery for IP Version 6 (IPv6)'', RFC-2461.
-
-\bibitem{RFC-ADDRCONF} S.~Thomson, T.~Narten.
-``IPv6 Stateless Address Autoconfiguration'', RFC-2462.
-
-\bibitem{RFC1812} F.~Baker.
-``Requirements for IP Version 4 Routers'', RFC-1812.
-
-\bibitem{RFC1122} R.~T.~Braden.
-``Requirements for Internet hosts --- communication layers'', RFC-1122.
-
-\bibitem{IOS} ``Cisco IOS Release 12.0 Network Protocols
-Command Reference, Part 1'' and
-``Cisco IOS Release 12.0 Quality of Service Solutions
-Configuration Guide: Configuring Policy-Based Routing'',\\
-http://www.cisco.com/univercd/cc/td/doc/product/software/ios120.
-
-\bibitem{IP-TUNNELS} A.~N.~Kuznetsov.
-``Tunnels over IP in Linux-2.2'', \\
-In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
-
-\bibitem{TC-CREF} A.~N.~Kuznetsov. ``TC Command Reference'',\\
-In: {\tt ftp://ftp.inr.ac.ru/ip-routing/iproute2-current.tar.gz}.
-
-\bibitem{IOS-BGP-PP} ``Cisco IOS Release 12.0 Quality of Service Solutions
-Configuration Guide: Configuring QoS Policy Propagation via
-Border Gateway Protocol'',\\
-http://www.cisco.com/univercd/cc/td/doc/product/software/ios120.
-
-\bibitem{RFC-DHCP} R.~Droms.
-``Dynamic Host Configuration Protocol.'', RFC-2131
-
-\bibitem{RFC2414} M.~Allman, S.~Floyd, C.~Partridge.
-``Increasing TCP's Initial Window'', RFC-2414.
-
-\end{thebibliography}
-
-
-
-
-\appendix
-\addcontentsline{toc}{section}{Appendix}
-
-\section{Source address selection}
-\label{ADDR-SEL}
-
-When a host creates an IP packet, it must select some source
-address. Correct source address selection is a critical procedure,
-because it gives the receiver the information needed to deliver a
-reply. If the source is selected incorrectly, in the best case,
-the backward path may appear different to the forward one which
-is harmful for performance. In the worst case, when the addresses
-are administratively scoped, the reply may be lost entirely.
-
-Linux-2.2 selects source addresses using the following algorithm:
-
-\begin{itemize}
-\item
-The application may select a source address explicitly with \verb|bind(2)|
-syscall or supplying it to \verb|sendmsg(2)| via the ancillary data object
-\verb|IP_PKTINFO|. In this case the kernel only checks the validity
-of the address and never tries to ``improve'' an incorrect user choice,
-generating an error instead.
-\begin{NB}
- Never say ``Never''. The sysctl option \verb|ip_dynaddr| breaks
- this axiom. It has been made deliberately with the purpose
- of automatically reselecting the address on hosts with dynamic dial-out interfaces.
- However, this hack {\em must not\/} be used on multihomed hosts
- and especially on routers: it would break them.
-\end{NB}
-
-
-\item Otherwise, IP routing tables can contain an explicit source
-address hint for this destination. The hint is set with the \verb|src| parameter
-to the \verb|ip route| command, sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}.
-
-
-\item Otherwise, the kernel searches through the list of addresses
-attached to the interface through which the packets will be routed.
-The search strategies are different for IP and IPv6. Namely:
-
-\begin{itemize}
-\item IPv6 searches for the first valid, not deprecated address
-with the same scope as the destination.
-
-\item IP searches for the first valid address with a scope wider
-than the scope of the destination but it prefers addresses
-which fall to the same subnet as the nexthop of the route
-to the destination. Unlike IPv6, the scopes of IPv4 destinations
-are not encoded in their addresses but are supplied
-in routing tables instead (the \verb|scope| parameter to the \verb|ip route| command,
-sec.\ref{IP-ROUTE}, p.\pageref{IP-ROUTE}).
-
-\end{itemize}
-
-
-\item Otherwise, if the scope of the destination is \verb|link| or \verb|host|,
-the algorithm fails and returns a zero source address.
-
-\item Otherwise, all interfaces are scanned to search for an address
-with an appropriate scope. The loopback device \verb|lo| is always the first
-in the search list, so that if an address with global scope (not 127.0.0.1!)
-is configured on loopback, it is always preferred.
-
-\end{itemize}
-
-
-\section{Proxy ARP/NDISC}
-\label{PROXY-NEIGH}
-
-Routers may answer ARP/NDISC solicitations on behalf of other hosts.
-In Linux-2.2 proxy ARP on an interface may be enabled
-by setting the kernel \verb|sysctl| variable
-\verb|/proc/sys/net/ipv4/conf/<dev>/proxy_arp| to 1. After this, the router
-starts to answer ARP requests on the interface \verb|<dev>|, provided
-the route to the requested destination does {\em not\/} go back via the same
-device.
-
-The variable \verb|/proc/sys/net/ipv4/conf/all/proxy_arp| enables proxy
-ARP on all the IP devices.
-
-However, this approach fails in the case of IPv6 because the router
-must join the solicited node multicast address to listen for the corresponding
-NDISC queries. It means that proxy NDISC is possible only on a per destination
-basis.
-
-Logically, proxy ARP/NDISC is not a kernel task. It can easily be implemented
-in user space. However, similar functionality was present in BSD kernels
-and in Linux-2.0, so we have to preserve it at least to the extent that
-is standardized in BSD.
-\begin{NB}
- Linux-2.0 ARP had a feature called {\em subnet\/} proxy ARP.
- It is replaced with the sysctl flag in Linux-2.2.
-\end{NB}
-
-
-The \verb|ip| utility provides a way to manage proxy ARP/NDISC
-with the \verb|ip neigh| command, namely:
-\begin{verbatim}
- ip neigh add proxy ADDRESS [ dev NAME ]
-\end{verbatim}
-adds a new proxy ARP/NDISC record and
-\begin{verbatim}
- ip neigh del proxy ADDRESS [ dev NAME ]
-\end{verbatim}
-deletes it.
-
-If the name of the device is not given, the router will answer solicitations
-for address \verb|ADDRESS| on all devices, otherwise it will only serve
-the device \verb|NAME|. Even if the proxy entry is created with
-\verb|ip neigh|, the router {\em will not\/} answer a query if the route
-to the destination goes back via the interface from which the solicitation
-was received.
-
-It is important to emphasize that proxy entries have {\em no\/}
-parameters other than these (IP/IPv6 address and optional device).
-Particularly, the entry does not store any link layer address.
-It always advertises the station address of the interface
-on which it sends advertisements (i.e. it's own station address).
-
-\section{Route NAT status}
-\label{ROUTE-NAT}
-
-NAT (or ``Network Address Translation'') remaps some parts
-of the IP address space into other ones. Linux-2.2 route NAT is supposed
-to be used to facilitate policy routing by rewriting addresses
-to other routing domains or to help while renumbering sites
-to another prefix.
-
-\paragraph{What it is not:}
-It is necessary to emphasize that {\em it is not supposed\/}
-to be used to compress address space or to split load.
-This is not missing functionality but a design principle.
-Route NAT is {\em stateless\/}. It does not hold any state
-about translated sessions. This means that it handles any number
-of sessions flawlessly. But it also means that it is {\em static\/}.
-It cannot detect the moment when the last TCP client stops
-using an address. For the same reason, it will not help to split
-load between several servers.
-\begin{NB}
-It is a pretty commonly held belief that it is useful to split load between
-several servers with NAT. This is a mistake. All you get from this
-is the requirement that the router keep the state of all the TCP connections
-going via it. Well, if the router is so powerful, run apache on it. 8)
-\end{NB}
-
-The second feature: it does not touch packet payload,
-does not try to ``improve'' broken protocols by looking
-through its data and mangling it. It mangles IP addresses,
-only IP addresses and nothing but IP addresses.
-This also, is not missing any functionality.
-
-To resume: if you need to compress address space or keep
-active FTP clients happy, your choice is not route NAT but masquerading,
-port forwarding, NAPT etc.
-\begin{NB}
-By the way, you may also want to look at
-http://www.suse.com/\~mha/HyperNews/get/linux-ip-nat.html
-\end{NB}
-
-
-\paragraph{How it works.}
-Some part of the address space is reserved for dummy addresses
-which will look for all the world like some host addresses
-inside your network. No other hosts may use these addresses,
-however other routers may also be configured to translate them.
-\begin{NB}
-A great advantage of route NAT is that it may be used not
-only in stub networks but in environments with arbitrarily complicated
-structure. It does not firewall, it {\em forwards.}
-\end{NB}
-These addresses are selected by the \verb|ip route| command
-(sec.\ref{IP-ROUTE-ADD}, p.\pageref{IP-ROUTE-ADD}). F.e.\
-\begin{verbatim}
- ip route add nat 192.203.80.144 via 193.233.7.83
-\end{verbatim}
-states that the single address 192.203.80.144 is a dummy NAT address.
-For all the world it looks like a host address inside our network.
-For neighbouring hosts and routers it looks like the local address
-of the translating router. The router answers ARP for it, advertises
-this address as routed via it, {\em et al\/}. When the router
-receives a packet destined for 192.203.80.144, it replaces
-this address with 193.233.7.83 which is the address of some real
-host and forwards the packet. If you need to remap
-blocks of addresses, you may use a command like:
-\begin{verbatim}
- ip route add nat 192.203.80.192/26 via 193.233.7.64
-\end{verbatim}
-This command will map a block of 63 addresses 192.203.80.192-255 to
-193.233.7.64-127.
-
-When an internal host (193.233.7.83 in the example above)
-sends something to the outer world and these packets are forwarded
-by our router, it should translate the source address 193.233.7.83
-into 192.203.80.144. This task is solved by setting a special
-policy rule (sec.\ref{IP-RULE-ADD}, p.\pageref{IP-RULE-ADD}):
-\begin{verbatim}
- ip rule add prio 320 from 193.233.7.83 nat 192.203.80.144
-\end{verbatim}
-This rule says that the source address 193.233.7.83
-should be translated into 192.203.80.144 before forwarding.
-It is important that the address after the \verb|nat| keyword
-is some NAT address, declared by {\tt ip route add nat}.
-If it is just a random address the router will not map to it.
-\begin{NB}
-The exception is when the address is a local address of this
-router (or 0.0.0.0) and masquerading is configured in the linux-2.2
-kernel. In this case the router will masquerade the packets as this address.
-If 0.0.0.0 is selected, the result is equivalent to one
-obtained with firewalling rules. Otherwise, you have the way
-to order Linux to masquerade to this fixed address.
-NAT mechanism used in linux-2.4 is more flexible than
-masquerading, so that this feature has lost meaning and disabled.
-\end{NB}
-
-If the network has non-trivial internal structure, it is
-useful and even necessary to add rules disabling translation
-when a packet does not leave this network. Let us return to the
-example from sec.\ref{IP-RULE-SHOW} (p.\pageref{IP-RULE-SHOW}).
-\begin{verbatim}
-300: from 193.233.7.83 to 193.233.7.0/24 lookup main
-310: from 193.233.7.83 to 192.203.80.0/24 lookup main
-320: from 193.233.7.83 lookup inr.ruhep map-to 192.203.80.144
-\end{verbatim}
-This block of rules causes normal forwarding when
-packets from 193.233.7.83 do not leave networks 193.233.7/24
-and 192.203.80/24. Also, if the \verb|inr.ruhep| table does not
-contain a route to the destination (which means that the routing
-domain owning addresses from 192.203.80/24 is dead), no translation
-will occur. Otherwise, the packets are translated.
-
-\paragraph{How to only translate selected ports:}
-If you only want to translate selected ports (f.e.\ http)
-and leave the rest intact, you may use \verb|ipchains|
-to \verb|fwmark| a class of packets.
-Suppose you did and all the packets from 193.233.7.83
-destined for port 80 are marked with marker 0x1234 in input fwchain.
-In this case you may replace rule \#320 with:
-\begin{verbatim}
-320: from 193.233.7.83 fwmark 1234 lookup main map-to 192.203.80.144
-\end{verbatim}
-and translation will only be enabled for outgoing http requests.
-
-\section{Example: minimal host setup}
-\label{EXAMPLE-SETUP}
-
-The following script gives an example of a fault safe
-setup of IP (and IPv6, if it is compiled into the kernel)
-in the common case of a node attached to a single broadcast
-network. A more advanced script, which may be used both on multihomed
-hosts and on routers, is described in the following
-section.
-
-The utilities used in the script may be found in the
-directory ftp://ftp.inr.ac.ru/ip-routing/:
-\begin{enumerate}
-\item \verb|ip| --- package \verb|iproute2|.
-\item \verb|arping| --- package \verb|iputils|.
-\item \verb|rdisc| --- package \verb|iputils|.
-\end{enumerate}
-\begin{NB}
-It also refers to a DHCP client, \verb|dhcpcd|. I should refrain from
-recommending a good DHCP client to use. All that I can
-say is that ISC \verb|dhcp-2.0b1pl6| patched with the patch that
-can be found in the \verb|dhcp.bootp.rarp| subdirectory of
-the same ftp site {\em does\/} work,
-at least on Ethernet and Token Ring.
-\end{NB}
-
-\begin{verbatim}
-#! /bin/bash
-\end{verbatim}
-\begin{flushleft}
-\# {\bf Usage: \verb|ifone ADDRESS[/PREFIX-LENGTH] [DEVICE]|}\\
-\# {\bf Parameters:}\\
-\# \$1 --- Static IP address, optionally followed by prefix length.\\
-\# \$2 --- Device name. If it is missing, \verb|eth0| is asssumed.\\
-\# F.e. \verb|ifone 193.233.7.90|
-\end{flushleft}
-\begin{verbatim}
-dev=$2
-: ${dev:=eth0}
-ipaddr=
-\end{verbatim}
-\# Parse IP address, splitting prefix length.
-\begin{verbatim}
-if [ "$1" != "" ]; then
- ipaddr=${1%/*}
- if [ "$1" != "$ipaddr" ]; then
- pfxlen=${1#*/}
- fi
- : ${pfxlen:=24}
-fi
-pfx="${ipaddr}/${pfxlen}"
-\end{verbatim}
-
-\begin{flushleft}
-\# {\bf Step 0} --- enable loopback.\\
-\#\\
-\# This step is necessary on any networked box before attempt\\
-\# to configure any other device.\\
-\end{flushleft}
-\begin{verbatim}
-ip link set up dev lo
-ip addr add 127.0.0.1/8 dev lo brd + scope host
-\end{verbatim}
-\begin{flushleft}
-\# IPv6 autoconfigure themself on loopback.\\
-\#\\
-\# If user gave loopback as device, we add the address as alias and exit.
-\end{flushleft}
-\begin{verbatim}
-if [ "$dev" = "lo" ]; then
- if [ "$ipaddr" != "" -a "$ipaddr" != "127.0.0.1" ]; then
- ip address add $ipaddr dev $dev
- exit $?
- fi
- exit 0
-fi
-\end{verbatim}
-
-\noindent\# {\bf Step 1} --- enable device \verb|$dev|
-
-\begin{verbatim}
-if ! ip link set up dev $dev ; then
- echo "Cannot enable interface $dev. Aborting." 1>&2
- exit 1
-fi
-\end{verbatim}
-\begin{flushleft}
-\# The interface is \verb|UP|. IPv6 started stateless autoconfiguration itself,\\
-\# and its configuration finishes here. However,\\
-\# IP still needs some static preconfigured address.
-\end{flushleft}
-\begin{verbatim}
-if [ "$ipaddr" = "" ]; then
- echo "No address for $dev is configured, trying DHCP..." 1>&2
- dhcpcd
- exit $?
-fi
-\end{verbatim}
-
-\begin{flushleft}
-\# {\bf Step 2} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
-\# Send two probes and wait for result for 3 seconds.\\
-\# If the interface opens slower f.e.\ due to long media detection,\\
-\# you want to increase the timeout.\\
-\end{flushleft}
-\begin{verbatim}
-if ! arping -q -c 2 -w 3 -D -I $dev $ipaddr ; then
- echo "Address $ipaddr is busy, trying DHCP..." 1>&2
- dhcpcd
- exit $?
-fi
-\end{verbatim}
-\begin{flushleft}
-\# OK, the address is unique, we may add it on the interface.\\
-\#\\
-\# {\bf Step 3} --- Configure the address on the interface.
-\end{flushleft}
-
-\begin{verbatim}
-if ! ip address add $pfx brd + dev $dev; then
- echo "Failed to add $pfx on $dev, trying DHCP..." 1>&2
- dhcpcd
- exit $?
-fi
-\end{verbatim}
-
-\noindent\# {\bf Step 4} --- Announce our presence on the link.
-\begin{verbatim}
-arping -A -c 1 -I $dev $ipaddr
-noarp=$?
-( sleep 2;
- arping -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
-\end{verbatim}
-
-\begin{flushleft}
-\# {\bf Step 5} (optional) --- Add some control routes.\\
-\#\\
-\# 1. Prohibit link local multicast addresses.\\
-\# 2. Prohibit link local (alias, limited) broadcast.\\
-\# 3. Add default multicast route.
-\end{flushleft}
-\begin{verbatim}
-ip route add unreachable 224.0.0.0/24
-ip route add unreachable 255.255.255.255
-if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
- ip route add 224.0.0.0/4 dev $dev scope global
-fi
-\end{verbatim}
-
-\begin{flushleft}
-\# {\bf Step 6} --- Add fallback default route with huge metric.\\
-\# If a proxy ARP server is present on the interface, we will be\\
-\# able to talk to all the Internet without further configuration.\\
-\# It is not so cheap though and we still hope that this route\\
-\# will be overridden by more correct one by rdisc.\\
-\# Do not make this step if the device is not ARPable,\\
-\# because dead nexthop detection does not work on them.
-\end{flushleft}
-\begin{verbatim}
-if [ "$noarp" = "0" ]; then
- ip ro add default dev $dev metric 30000 scope global
-fi
-\end{verbatim}
-
-\begin{flushleft}
-\# {\bf Step 7} --- Restart router discovery and exit.
-\end{flushleft}
-\begin{verbatim}
-killall -HUP rdisc || rdisc -fs
-exit 0
-\end{verbatim}
-
-
-\section{Example: {\protect\tt ifcfg} --- interface address management}
-\label{EXAMPLE-IFCFG}
-
-This is a simplistic script replacing one option of \verb|ifconfig|,
-namely, IP address management. It not only adds
-addresses, but also carries out Duplicate Address Detection~\cite{RFC-DHCP},
-sends unsolicited ARP to update the caches of other hosts sharing
-the interface, adds some control routes and restarts Router Discovery
-when it is necessary.
-
-I strongly recommend using it {\em instead\/} of \verb|ifconfig| both
-on hosts and on routers.
-
-\begin{verbatim}
-#! /bin/bash
-\end{verbatim}
-\begin{flushleft}
-\# {\bf Usage: \verb?ifcfg DEVICE[:ALIAS] [add|del] ADDRESS[/LENGTH] [PEER]?}\\
-\# {\bf Parameters:}\\
-\# ---Device name. It may have alias suffix, separated by colon.\\
-\# ---Command: add, delete or stop.\\
-\# ---IP address, optionally followed by prefix length.\\
-\# ---Optional peer address for pointopoint interfaces.\\
-\# F.e. \verb|ifcfg eth0 193.233.7.90/24|
-
-\noindent\# This function determines, whether it is router or host.\\
-\# It returns 0, if the host is apparently not router.
-\end{flushleft}
-\begin{verbatim}
-CheckForwarding () {
- local sbase fwd
- sbase=/proc/sys/net/ipv4/conf
- fwd=0
- if [ -d $sbase ]; then
- for dir in $sbase/*/forwarding; do
- fwd=$[$fwd + `cat $dir`]
- done
- else
- fwd=2
- fi
- return $fwd
-}
-\end{verbatim}
-\begin{flushleft}
-\# This function restarts Router Discovery.\\
-\end{flushleft}
-\begin{verbatim}
-RestartRDISC () {
- killall -HUP rdisc || rdisc -fs
-}
-\end{verbatim}
-\begin{flushleft}
-\# Calculate ABC "natural" mask length\\
-\# Arg: \$1 = dotquad address
-\end{flushleft}
-\begin{verbatim}
-ABCMaskLen () {
- local class;
- class=${1%%.*}
- if [ $class -eq 0 -o $class -ge 224 ]; then return 0
- elif [ $class -ge 192 ]; then return 24
- elif [ $class -ge 128 ]; then return 16
- else return 8 ; fi
-}
-\end{verbatim}
-
-
-\begin{flushleft}
-\# {\bf MAIN()}\\
-\#\\
-\# Strip alias suffix separated by colon.
-\end{flushleft}
-\begin{verbatim}
-label="label $1"
-ldev=$1
-dev=${1%:*}
-if [ "$dev" = "" -o "$1" = "help" ]; then
- echo "Usage: ifcfg DEV [[add|del [ADDR[/LEN]] [PEER] | stop]" 1>&2
- echo " add - add new address" 1>&2
- echo " del - delete address" 1>&2
- echo " stop - completely disable IP" 1>&2
- exit 1
-fi
-shift
-
-CheckForwarding
-fwd=$?
-\end{verbatim}
-\begin{flushleft}
-\# Parse command. If it is ``stop'', flush and exit.
-\end{flushleft}
-\begin{verbatim}
-deleting=0
-case "$1" in
-add) shift ;;
-stop)
- if [ "$ldev" != "$dev" ]; then
- echo "Cannot stop alias $ldev" 1>&2
- exit 1;
- fi
- ip -4 addr flush dev $dev $label || exit 1
- if [ $fwd -eq 0 ]; then RestartRDISC; fi
- exit 0 ;;
-del*)
- deleting=1; shift ;;
-*)
-esac
-\end{verbatim}
-\begin{flushleft}
-\# Parse prefix, split prefix length, separated by slash.
-\end{flushleft}
-\begin{verbatim}
-ipaddr=
-pfxlen=
-if [ "$1" != "" ]; then
- ipaddr=${1%/*}
- if [ "$1" != "$ipaddr" ]; then
- pfxlen=${1#*/}
- fi
- if [ "$ipaddr" = "" ]; then
- echo "$1 is bad IP address." 1>&2
- exit 1
- fi
-fi
-shift
-\end{verbatim}
-\begin{flushleft}
-\# If peer address is present, prefix length is 32.\\
-\# Otherwise, if prefix length was not given, guess it.
-\end{flushleft}
-\begin{verbatim}
-peer=$1
-if [ "$peer" != "" ]; then
- if [ "$pfxlen" != "" -a "$pfxlen" != "32" ]; then
- echo "Peer address with non-trivial netmask." 1>&2
- exit 1
- fi
- pfx="$ipaddr peer $peer"
-else
- if [ "$pfxlen" = "" ]; then
- ABCMaskLen $ipaddr
- pfxlen=$?
- fi
- pfx="$ipaddr/$pfxlen"
-fi
-if [ "$ldev" = "$dev" -a "$ipaddr" != "" ]; then
- label=
-fi
-\end{verbatim}
-\begin{flushleft}
-\# If deletion was requested, delete the address and restart RDISC
-\end{flushleft}
-\begin{verbatim}
-if [ $deleting -ne 0 ]; then
- ip addr del $pfx dev $dev $label || exit 1
- if [ $fwd -eq 0 ]; then RestartRDISC; fi
- exit 0
-fi
-\end{verbatim}
-\begin{flushleft}
-\# Start interface initialization.\\
-\#\\
-\# {\bf Step 0} --- enable device \verb|$dev|
-\end{flushleft}
-\begin{verbatim}
-if ! ip link set up dev $dev ; then
- echo "Error: cannot enable interface $dev." 1>&2
- exit 1
-fi
-if [ "$ipaddr" = "" ]; then exit 0; fi
-\end{verbatim}
-\begin{flushleft}
-\# {\bf Step 1} --- IP Duplicate Address Detection~\cite{RFC-DHCP}.\\
-\# Send two probes and wait for result for 3 seconds.\\
-\# If the interface opens slower f.e.\ due to long media detection,\\
-\# you want to increase the timeout.\\
-\end{flushleft}
-\begin{verbatim}
-if ! arping -q -c 2 -w 3 -D -I $dev $ipaddr ; then
- echo "Error: some host already uses address $ipaddr on $dev." 1>&2
- exit 1
-fi
-\end{verbatim}
-\begin{flushleft}
-\# OK, the address is unique. We may add it to the interface.\\
-\#\\
-\# {\bf Step 2} --- Configure the address on the interface.
-\end{flushleft}
-\begin{verbatim}
-if ! ip address add $pfx brd + dev $dev $label; then
- echo "Error: failed to add $pfx on $dev." 1>&2
- exit 1
-fi
-\end{verbatim}
-\noindent\# {\bf Step 3} --- Announce our presence on the link
-\begin{verbatim}
-arping -q -A -c 1 -I $dev $ipaddr
-noarp=$?
-( sleep 2 ;
- arping -q -U -c 1 -I $dev $ipaddr ) >& /dev/null </dev/null &
-\end{verbatim}
-\begin{flushleft}
-\# {\bf Step 4} (optional) --- Add some control routes.\\
-\#\\
-\# 1. Prohibit link local multicast addresses.\\
-\# 2. Prohibit link local (alias, limited) broadcast.\\
-\# 3. Add default multicast route.
-\end{flushleft}
-\begin{verbatim}
-ip route add unreachable 224.0.0.0/24 >& /dev/null
-ip route add unreachable 255.255.255.255 >& /dev/null
-if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
- ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
-fi
-\end{verbatim}
-\begin{flushleft}
-\# {\bf Step 5} --- Add fallback default route with huge metric.\\
-\# If a proxy ARP server is present on the interface, we will be\\
-\# able to talk to all the Internet without further configuration.\\
-\# Do not make this step on router or if the device is not ARPable.\\
-\# because dead nexthop detection does not work on them.
-\end{flushleft}
-\begin{verbatim}
-if [ $fwd -eq 0 ]; then
- if [ $noarp -eq 0 ]; then
- ip ro append default dev $dev metric 30000 scope global
- elif [ "$peer" != "" ]; then
- if ping -q -c 2 -w 4 $peer ; then
- ip ro append default via $peer dev $dev metric 30001
- fi
- fi
- RestartRDISC
-fi
-
-exit 0
-\end{verbatim}
-\begin{flushleft}
-\# End of {\bf MAIN()}
-\end{flushleft}
-
-
-\end{document}
diff --git a/doc/ip-tunnels.tex b/doc/ip-tunnels.tex
deleted file mode 100644
index 0a8c930..0000000
--- a/doc/ip-tunnels.tex
+++ /dev/null
@@ -1,469 +0,0 @@
-\documentstyle[12pt,twoside]{article}
-\def\TITLE{Tunnels over IP}
-\input preamble
-\begin{center}
-\Large\bf Tunnels over IP in Linux-2.2
-\end{center}
-
-
-\begin{center}
-{ \large Alexey~N.~Kuznetsov } \\
-\em Institute for Nuclear Research, Moscow \\
-\verb|kuznet@ms2.inr.ac.ru| \\
-\rm March 17, 1999
-\end{center}
-
-\vspace{5mm}
-
-\tableofcontents
-
-
-\section{Instead of introduction: micro-FAQ.}
-
-\begin{itemize}
-
-\item
-Q: In linux-2.0.36 I used:
-\begin{verbatim}
- ifconfig tunl1 10.0.0.1 pointopoint 193.233.7.65
-\end{verbatim}
-to create tunnel. It does not work in 2.2.0!
-
-A: You are right, it does not work. The command written above is split to two commands.
-\begin{verbatim}
- ip tunnel add MY-TUNNEL mode ipip remote 193.233.7.65
-\end{verbatim}
-will create tunnel device with name \verb|MY-TUNNEL|. Now you may configure
-it with:
-\begin{verbatim}
- ifconfig MY-TUNNEL 10.0.0.1
-\end{verbatim}
-Certainly, if you prefer name \verb|tunl1| to \verb|MY-TUNNEL|,
-you still may use it.
-
-\item
-Q: In linux-2.0.36 I used:
-\begin{verbatim}
- ifconfig tunl0 10.0.0.1
- route add -net 10.0.0.0 gw 193.233.7.65 dev tunl0
-\end{verbatim}
-to tunnel net 10.0.0.0 via router 193.233.7.65. It does not
-work in 2.2.0! Moreover, \verb|route| prints a funny error sort of
-``network unreachable'' and after this I found a strange direct route
-to 10.0.0.0 via \verb|tunl0| in routing table.
-
-A: Yes, in 2.2 the rule that {\em normal} gateway must reside on directly
-connected network has not any exceptions. You may tell kernel, that
-this particular route is {\em abnormal}:
-\begin{verbatim}
- ifconfig tunl0 10.0.0.1 netmask 255.255.255.255
- ip route add 10.0.0.0/8 via 193.233.7.65 dev tunl0 onlink
-\end{verbatim}
-Note keyword \verb|onlink|, it is the magic key that orders kernel
-not to check for consistency of gateway address.
-Probably, after this explanation you have already guessed another method
-to cheat kernel:
-\begin{verbatim}
- ifconfig tunl0 10.0.0.1 netmask 255.255.255.255
- route add -host 193.233.7.65 dev tunl0
- route add -net 10.0.0.0 netmask 255.0.0.0 gw 193.233.7.65
- route del -host 193.233.7.65 dev tunl0
-\end{verbatim}
-Well, if you like such tricks, nobody may prohibit you to use them.
-Only do not forget
-that between \verb|route add| and \verb|route del| host 193.233.7.65 is
-unreachable.
-
-\item
-Q: In 2.0.36 I used to load \verb|tunnel| device module and \verb|ipip| module.
-I cannot find any \verb|tunnel| in 2.2!
-
-A: Linux-2.2 has single module \verb|ipip| for both directions of tunneling
-and for all IPIP tunnel devices.
-
-\item
-Q: \verb|traceroute| does not work over tunnel! Well, stop... It works,
- only skips some number of hops.
-
-A: Yes. By default tunnel driver copies \verb|ttl| value from
-inner packet to outer one. It means that path traversed by tunneled
-packets to another endpoint is not hidden. If you dislike this, or if you
-are going to use some routing protocol expecting that packets
-with ttl 1 will reach peering host (f.e.\ RIP, OSPF or EBGP)
-and you are not afraid of
-tunnel loops, you may append option \verb|ttl 64|, when creating tunnel
-with \verb|ip tunnel add|.
-
-\item
-Q: ... Well, list of things, which 2.0 was able to do finishes.
-
-\end{itemize}
-
-\paragraph{Summary of differences between 2.2 and 2.0.}
-
-\begin{itemize}
-
-\item {\bf In 2.0} you could compile tunnel device into kernel
- and got set of 4 devices \verb|tunl0| ... \verb|tunl3| or,
- alternatively, compile it as module and load new module
- for each new tunnel. Also, module \verb|ipip| was necessary
- to receive tunneled packets.
-
- {\bf 2.2} has {\em one\/} module \verb|ipip|. Loading it you get base
- tunnel device \verb|tunl0| and another tunnels may be created with command
- \verb|ip tunnel add|. These new devices may have arbitrary names.
-
-
-\item {\bf In 2.0} you set remote tunnel endpoint address with
- the command \verb|ifconfig| ... \verb|pointopoint A|.
-
- {\bf In 2.2} this command has the same semantics on all
- the interfaces, namely it sets not tunnel endpoint,
- but address of peering host, which is directly reachable
- via this tunnel,
- rather than via Internet. Actual tunnel endpoint address \verb|A|
- should be set with \verb|ip tunnel add ... remote A|.
-
-\item {\bf In 2.0} you create tunnel routes with the command:
-\begin{verbatim}
- route add -net 10.0.0.0 gw A dev tunl0
-\end{verbatim}
-
- {\bf 2.2} interprets this command equally for all device
- kinds and gateway is required to be directly reachable via this tunnel,
- rather than via Internet. You still may use \verb|ip route add ... onlink|
- to override this behaviour.
-
-\end{itemize}
-
-
-\section{Tunnel setup: basics}
-
-Standard Linux-2.2 kernel supports three flavor of tunnels,
-listed in the following table:
-\vspace{2mm}
-
-\begin{tabular}{lll}
-\vrule depth 0.8ex width 0pt\relax
-Mode & Description & Base device \\
-ipip & IP over IP & tunl0 \\
-sit & IPv6 over IP & sit0 \\
-gre & ANY over GRE over IP & gre0
-\end{tabular}
-
-\vspace{2mm}
-
-\noindent All the kinds of tunnels are created with one command:
-\begin{verbatim}
- ip tunnel add <NAME> mode <MODE> [ local <S> ] [ remote <D> ]
-\end{verbatim}
-
-This command creates new tunnel device with name \verb|<NAME>|.
-The \verb|<NAME>| is an arbitrary string. Particularly,
-it may be even \verb|eth0|. The rest of parameters set
-different tunnel characteristics.
-
-\begin{itemize}
-
-\item
-\verb|mode <MODE>| sets tunnel mode. Three modes are available now
- \verb|ipip|, \verb|sit| and \verb|gre|.
-
-\item
-\verb|remote <D>| sets remote endpoint of the tunnel to IP
- address \verb|<D>|.
-\item
-\verb|local <S>| sets fixed local address for tunneled
- packets. It must be an address on another interface of this host.
-
-\end{itemize}
-
-\let\thefootnote\oldthefootnote
-
-Both \verb|remote| and \verb|local| may be omitted. In this case we
-say that they are zero or wildcard. Two tunnels of one mode cannot
-have the same \verb|remote| and \verb|local|. Particularly it means
-that base device or fallback tunnel cannot be replicated.\footnote{
-This restriction is relaxed for keyed GRE tunnels.}
-
-Tunnels are divided to two classes: {\bf pointopoint} tunnels, which
-have some not wildcard \verb|remote| address and deliver all the packets
-to this destination, and {\bf NBMA} (i.e. Non-Broadcast Multi-Access) tunnels,
-which have no \verb|remote|. Particularly, base devices (f.e.\ \verb|tunl0|)
-are NBMA, because they have neither \verb|remote| nor
-\verb|local| addresses.
-
-
-After tunnel device is created you should configure it as you did
-it with another devices. Certainly, the configuration of tunnels has
-some features related to the fact that they work over existing Internet
-routing infrastructure and simultaneously create new virtual links,
-which changes this infrastructure. The danger that not enough careful
-tunnel setup will result in formation of tunnel loops,
-collapse of routing or flooding network with exponentially
-growing number of tunneled fragments is very real.
-
-
-Protocol setup on pointopoint tunnels does not differ of configuration
-of another devices. You should set a protocol address with \verb|ifconfig|
-and add routes with \verb|route| utility.
-
-NBMA tunnels are different. To route something via NBMA tunnel
-you have to explain to driver, where it should deliver packets to.
-The only way to make it is to create special routes with gateway
-address pointing to desired endpoint. F.e.\
-\begin{verbatim}
- ip route add 10.0.0.0/24 via <A> dev tunl0 onlink
-\end{verbatim}
-It is important to use option \verb|onlink|, otherwise
-kernel will refuse request to create route via gateway not directly
-reachable over device \verb|tunl0|. With IPv6 the situation is much simpler:
-when you start device \verb|sit0|, it automatically configures itself
-with all IPv4 addresses mapped to IPv6 space, so that all IPv4
-Internet is {\em really reachable} via \verb|sit0|! Excellent, the command
-\begin{verbatim}
- ip route add 3FFE::/16 via ::193.233.7.65 dev sit0
-\end{verbatim}
-will route \verb|3FFE::/16| via \verb|sit0|, sending all the packets
-destined to this prefix to 193.233.7.65.
-
-\section{Tunnel setup: options}
-
-Command \verb|ip tunnel add| has several additional options.
-\begin{itemize}
-
-\item \verb|ttl N| --- set fixed TTL \verb|N| on tunneled packets.
- \verb|N| is number in the range 1--255. 0 is special value,
- meaning that packets inherit TTL value.
- Default value is: \verb|inherit|.
-
-\item \verb|tos T| --- set fixed tos \verb|T| on tunneled packets.
- Default value is: \verb|inherit|.
-
-\item \verb|dev DEV| --- bind tunnel to device \verb|DEV|, so that
- tunneled packets will be routed only via this device and will
- not be able to escape to another device, when route to endpoint changes.
-
-\item \verb|nopmtudisc| --- disable Path MTU Discovery on this tunnel.
- It is enabled by default. Note that fixed ttl is incompatible
- with this option: tunnels with fixed ttl always make pmtu discovery.
-
-\end{itemize}
-
-\verb|ipip| and \verb|sit| tunnels have no more options. \verb|gre|
-tunnels are more complicated:
-
-\begin{itemize}
-
-\item \verb|key K| --- use keyed GRE with key \verb|K|. \verb|K| is
- either number or IP address-like dotted quad.
-
-\item \verb|csum| --- checksum tunneled packets.
-
-\item \verb|seq| --- serialize packets.
-\begin{NB}
- I think this option does not
- work. At least, I did not test it, did not debug it and
- even do not understand, how it is supposed to work and for what
- purpose Cisco planned to use it.
-\end{NB}
-
-\end{itemize}
-
-
-Actually, these GRE options can be set separately for input and
-output directions by prefixing corresponding keywords with letter
-\verb|i| or \verb|o|. F.e.\ \verb|icsum| orders to accept only
-packets with correct checksum and \verb|ocsum| means, that
-our host will calculate and send checksum.
-
-Command \verb|ip tunnel add| is not the only operation,
-which can be made with tunnels. Certainly, you may get short help page
-with:
-\begin{verbatim}
- ip tunnel help
-\end{verbatim}
-
-Besides that, you may view list of installed tunnels with the help of command:
-\begin{verbatim}
- ip tunnel ls
-\end{verbatim}
-Also you may look at statistics:
-\begin{verbatim}
- ip -s tunnel ls Cisco
-\end{verbatim}
-where \verb|Cisco| is name of tunnel device. Command
-\begin{verbatim}
- ip tunnel del Cisco
-\end{verbatim}
-destroys tunnel \verb|Cisco|. And, finally,
-\begin{verbatim}
- ip tunnel change Cisco mode sit local ME remote HE ttl 32
-\end{verbatim}
-changes its parameters.
-
-\section{Differences 2.2 and 2.0 tunnels revisited.}
-
-Now we can discuss more subtle differences between tunneling in 2.0
-and 2.2.
-
-\begin{itemize}
-
-\item In 2.0 all tunneled packets were received promiscuously
-as soon as you loaded module \verb|ipip|. 2.2 tries to select the best
-tunnel device and packet looks as received on this. F.e.\ if host
-received \verb|ipip| packet from host \verb|D| destined to our
-local address \verb|S|, kernel searches for matching tunnels
-in order:
-
-\begin{tabular}{ll}
-1 & \verb|remote| is \verb|D| and \verb|local| is \verb|S| \\
-2 & \verb|remote| is \verb|D| and \verb|local| is wildcard \\
-3 & \verb|remote| is wildcard and \verb|local| is \verb|S| \\
-4 & \verb|tunl0|
-\end{tabular}
-
-If tunnel exists, but it is not in \verb|UP| state, the tunnel is ignored.
-Note, that if \verb|tunl0| is \verb|UP| it receives all the IPIP packets,
-not acknowledged by more specific tunnels.
-Be careful, it means that without carefully installed firewall rules
-anyone on the Internet may inject to your network any packets with
-source addresses indistinguishable from local ones. It is not so bad idea
-to design tunnels in the way enforcing maximal route symmetry
-and to enable reversed path filter (\verb|rp_filter| sysctl option) on
-tunnel devices.
-
-\item In 2.2 you can monitor and debug tunnels with \verb|tcpdump|.
-F.e.\ \verb|tcpdump| \verb|-i Cisco| \verb|-nvv| will dump packets,
-which kernel output, via tunnel \verb|Cisco| and the packets received on it
-from kernel viewpoint.
-
-\end{itemize}
-
-
-\section{Linux and Cisco IOS tunnels.}
-
-Among another tunnels Cisco IOS supports IPIP and GRE.
-Essentially, Cisco setup is subset of options, available for Linux.
-Let us consider the simplest example:
-
-\begin{verbatim}
-interface Tunnel0
- tunnel mode gre ip
- tunnel source 10.10.14.1
- tunnel destination 10.10.13.2
-\end{verbatim}
-
-
-This command set translates to:
-
-\begin{verbatim}
- ip tunnel add Tunnel0 \
- mode gre \
- local 10.10.14.1 \
- remote 10.10.13.2
-\end{verbatim}
-
-Any questions? No questions.
-
-\section{Interaction IPIP tunnels and DVMRP.}
-
-DVMRP exploits IPIP tunnels to route multicasts via Internet.
-\verb|mrouted| creates
-IPIP tunnels listed in its configuration file automatically.
-From kernel and user viewpoints there are no differences between
-tunnels, created in this way, and tunnels created by \verb|ip tunnel|.
-I.e.\ if \verb|mrouted| created some tunnel, it may be used to
-route unicast packets, provided appropriate routes are added.
-And vice versa, if administrator has already created a tunnel,
-it will be reused by \verb|mrouted|, if it requests DVMRP
-tunnel with the same local and remote addresses.
-
-Do not wonder, if your manually configured tunnel is
-destroyed, when mrouted exits.
-
-
-\section{Broadcast GRE ``tunnels''.}
-
-It is possible to set \verb|remote| for GRE tunnel to a multicast
-address. Such tunnel becomes {\bf broadcast} tunnel (though word
-tunnel is not quite appropriate in this case, it is rather virtual network).
-\begin{verbatim}
- ip tunnel add Universe local 193.233.7.65 \
- remote 224.66.66.66 ttl 16
- ip addr add 10.0.0.1/16 dev Universe
- ip link set Universe up
-\end{verbatim}
-This tunnel is true broadcast network and broadcast packets are
-sent to multicast group 224.66.66.66. By default such tunnel starts
-to resolve both IP and IPv6 addresses via ARP/NDISC, so that
-if multicast routing is supported in surrounding network, all GRE nodes
-will find one another automatically and will form virtual Ethernet-like
-broadcast network. If multicast routing does not work, it is unpleasant
-but not fatal flaw. The tunnel becomes NBMA rather than broadcast network.
-You may disable dynamic ARPing by:
-\begin{verbatim}
- echo 0 > /proc/sys/net/ipv4/neigh/Universe/mcast_solicit
-\end{verbatim}
-and to add required information to ARP tables manually:
-\begin{verbatim}
- ip neigh add 10.0.0.2 lladdr 128.6.190.2 dev Universe nud permanent
-\end{verbatim}
-In this case packets sent to 10.0.0.2 will be encapsulated in GRE
-and sent to 128.6.190.2. It is possible to facilitate address resolution
-using methods typical for another NBMA networks f.e.\ to start user
-level \verb|arpd| daemon, which will maintain database of hosts attached
-to GRE virtual network or ask for information
-dedicated ARP or NHRP server.
-
-
-Actually, such setup is the most natural for tunneling,
-it is really flexible, scalable and easily managable, so that
-it is strongly recommended to be used with GRE tunnels instead of ugly
-hack with NBMA mode and \verb|onlink| modifier. Unfortunately,
-by historical reasons broadcast mode is not supported by IPIP tunnels,
-but this probably will change in future.
-
-
-
-\section{Traffic control issues.}
-
-Tunnels are devices, hence all the power of Linux traffic control
-applies to them. The simplest (and the most useful in practice)
-example is limiting tunnel bandwidth. The following command:
-\begin{verbatim}
- tc qdisc add dev tunl0 root tbf \
- rate 128Kbit burst 4K limit 10K
-\end{verbatim}
-will limit tunneled traffic to 128Kbit with maximal burst size of 4K
-and queuing not more than 10K.
-
-However, you should remember, that tunnels are {\em virtual} devices
-implemented in software and true queue management is impossible for them
-just because they have no queues. Instead, it is better to create classes
-on real physical interfaces and to map tunneled packets to them.
-In general case of dynamic routing you should create such classes
-on all outgoing interfaces, or, alternatively,
-to use option \verb|dev DEV| to bind tunnel to a fixed physical device.
-In the last case packets will be routed only via specified device
-and you need to setup corresponding classes only on it.
-Though you have to pay for this convenience,
-if routing will change, your tunnel will fail.
-
-Suppose that CBQ class \verb|1:ABC| has been created on device \verb|eth0|
-specially for tunnel \verb|Cisco| with endpoints \verb|S| and \verb|D|.
-Now you can select IPIP packets with addresses \verb|S| and \verb|D|
-with some classifier and map them to class \verb|1:ABC|. F.e.\
-it is easy to make with \verb|rsvp| classifier:
-\begin{verbatim}
- tc filter add dev eth0 pref 100 proto ip rsvp \
- session D ipproto ipip filter S \
- classid 1:ABC
-\end{verbatim}
-
-If you want to make more detailed classification of sub-flows
-transmitted via tunnel, you can build CBQ subtree,
-rooted at \verb|1:ABC| and attach to subroot set of rules parsing
-IPIP packets more deeply.
-
-\end{document}
diff --git a/doc/nstat.sgml b/doc/nstat.sgml
deleted file mode 100644
index 48cacc6..0000000
--- a/doc/nstat.sgml
+++ /dev/null
@@ -1,110 +0,0 @@
-<!doctype linuxdoc system>
-
-<article>
-
-<title>NSTAT, IFSTAT and RTACCT Utilities
-<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/
-<date>some_negative_number, 20 Sep 2001
-<abstract>
-<tt/nstat/, <tt/ifstat/ and <tt/rtacct/ are simple tools helping
-to monitor kernel snmp counters and network interface statistics.
-</abstract>
-
-<p> These utilities are very similar, so that I describe
-them simultaneously, using name <tt/Xstat/ in the places which apply
-to all of them.
-
-<p>The format of the command is:
-
-<tscreen><verb>
- Xstat [ OPTIONS ] [ PATTERN [ PATTERN ... ] ]
-</verb></tscreen>
-
-<p>
-<tt/PATTERN/ is shell style pattern, selecting identifier
-of SNMP variables or interfaces to show. Variable is displayed
-if one of patterns matches its name. If no patterns are given,
-<tt/Xstat/ assumes that user wants to see all the variables.
-
-<p> <tt/OPTIONS/ is list of single letter options, using common unix
-conventions.
-
-<itemize>
-<item><tt/-h/ - show help page
-<item><tt/-?/ - the same, of course
-<item><tt/-v/, <tt/-V/ - print version of <tt/Xstat/ and exit
-<item><tt/-z/ - dump zero counters too. By default they are not shown.
-<item><tt/-a/ - dump absolute values of counters. By default <tt/Xstat/
- calculates increments since the previous use.
-<item><tt/-s/ - do not update history, so that the next time you will
- see counters including values accumulated to the moment
- of this measurement too.
-<item><tt/-n/ - do not display anything, only update history.
-<item><tt/-r/ - reset history.
-<item><tt/-d INTERVAL/ - <tt/Xstat/ is run in daemon mode collecting
- statistics. <tt/INTERVAL/ is interval between measurements
- in seconds.
-<item><tt/-t INTERVAL/ - time interval to average rates. Default value
- is 60 seconds.
-<item><tt/-e/ - display extended information about errors (<tt/ifstat/ only).
-</itemize>
-
-<p>
-History is just dump saved in file <tt>/tmp/.Xstat.uUID</tt>
-or in file given by environment variables <tt/NSTAT_HISTORY/,
-<tt/IFSTAT_HISTORY/ and <tt/RTACCT_HISTORY/.
-Each time when you use <tt/Xstat/ values there are updated.
-If you use patterns, only the values which you _really_ see
-are updated. If you want to skip an unintersting period,
-use option <tt/-n/, or just output to <tt>/dev/null</tt>.
-
-<p>
-<tt/Xstat/ understands when history is invalidated by system reboot
-or source of information switched between different instances
-of daemonic <tt/Xstat/ and kernel SNMP tables and does not
-use invalid history.
-
-<p> Beware, <tt/Xstat/ will not produce sane output,
-when many processes use it simultaneously. If several processes
-under single user need this utility they should use environment
-variables to put their history in safe places
-or to use it with options <tt/-a -s/.
-
-<p>
-Well, that's all. The utility is very simple, but nevertheless
-very handy.
-
-<p> <bf/Output of XSTAT/
-<p> The first line of output is <tt/#/ followed by identifier
-of source of information, it may be word <tt/kernel/, when <tt/Xstat/
-gets information from kernel or some dotted decimal number followed
-by parameters, when it obtains information from running <tt/Xstat/ daemon.
-
-<p>In the case of <tt/nstat/ the rest of output consists of three columns:
-SNMP MIB identifier,
-its value (or increment since previous measurement) and average
-rate of increase of the counter per second. <tt/ifstat/ outputs
-interface name followed by pairs of counter and rate of its change.
-
-<p> <bf/Daemonic Xstat/
-<p> <tt/Xstat/ may be started as daemon by any user. This makes sense
-to avoid wrapped counters and to obtain reasonable long counters
-for large time. Also <tt/Xstat/ daemon calculates average rates.
-For the first goal sampling interval (option <tt/-d/) may be large enough,
-f.e. for gigabit rates byte counters overflow not more frequently than
-each 40 seconds and you may select interval of 20 seconds.
-From the other hand, when <tt/Xstat/ is used for estimating rates
-interval should be less than averaging period (option <tt/-t/), otherwise
-estimation loses in quality.
-
-Client <tt/Xstat/, before trying to get information from the kernel,
-contacts daemon started by this user, then it tries system wide
-daemon, which is supposed to be started by superuser. And only if
-none of them replied it gets information from kernel.
-
-<p> <bf/Environment/
-<p> <tt/NSTAT_HISTORY/ - name of history file for <tt/nstat/.
-<p> <tt/IFSTAT_HISTORY/ - name of history file for <tt/ifstat/.
-<p> <tt/RTACCT_HISTORY/ - name of history file for <tt/rtacct/.
-
-</article>
diff --git a/doc/preamble.tex b/doc/preamble.tex
deleted file mode 100644
index 80ca508..0000000
--- a/doc/preamble.tex
+++ /dev/null
@@ -1,26 +0,0 @@
-\textwidth 6.0in
-\textheight 8.5in
-
-\input SNAPSHOT
-
-\pagestyle{myheadings}
-\markboth{\protect\TITLE}{}
-\markright{{\protect\sc iproute2-ss\Draft}}
-
-% To print it in compact form: both sides on one sheet (psnup -2)
-\evensidemargin=\oddsidemargin
-
-\newenvironment{NB}{\bgroup \vskip 1mm\leftskip 1cm \footnotesize \noindent NB.
-}{\par\egroup \vskip 1mm}
-
-\def\threeonly{[2.3.15+ only] }
-
-\begin{document}
-
-\makeatletter
-\renewcommand{\@oddhead}{{\protect\sc iproute2-ss\Draft} \hfill \protect\arabic{page}}
-\makeatother
-\let\oldthefootnote\thefootnote
-\def\thefootnote{}
-\footnotetext{Copyright \copyright~1999 A.N.Kuznetsov}
-
diff --git a/doc/rtstat.sgml b/doc/rtstat.sgml
deleted file mode 100644
index 07391c3..0000000
--- a/doc/rtstat.sgml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!doctype linuxdoc system>
-
-<article>
-
-<title>RTACCT Utility
-<author>Robert Olsson
-<date>some_negative_number, 20 Dec 2001
-
-<p>
-Here is some code for monitoring the route cache. For systems handling high
-network load, servers, routers, firewalls etc the route cache and its garbage
-collection is crucial. Linux has a solid implementation.
-
-<p>
-The kernel patch (not required since linux-2.4.7) adds statistics counters
-from route cache process into
-/proc/net/rt_cache_stat. A companion user mode program presents the statistics
-in a vmstat or iostat manner. The ratio between cache hits and misses gives
-the flow length.
-
-<p>
-Hopefully it can help understanding performance and DoS and other related
-issues.
-
-<p> An URL where newer versions of this utility can be (probably) found
-is ftp://robur.slu.se/pub/Linux/net-development/rt_cache_stat/
-
-
-<p><bf/Description/
-
-<p>The format of the command is:
-
-<tscreen><verb>
- rtstat [ OPTIONS ]
-</verb></tscreen>
-
-<p> <tt/OPTIONS/ are:
-
-<itemize>
-
-<item><tt/-h/, <tt/-help/ - show help page and version of the utility.
-
-<item><tt/-i INTERVAL/ - interval between snapshots, default value is
-2 seconds.
-
-<item><tt/-s NUMBER/ - whether to print header line. 0 inhibits header line,
-1 prescribes to print it once and 2 (this is default setting) forces header
-line each 20 lines.
-
-</itemize>
-
-</article>
diff --git a/doc/ss.sgml b/doc/ss.sgml
deleted file mode 100644
index 3024b57..0000000
--- a/doc/ss.sgml
+++ /dev/null
@@ -1,525 +0,0 @@
-<!doctype linuxdoc system>
-
-<article>
-
-<title>SS Utility: Quick Intro
-<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/
-<date>some_negative_number, 20 Sep 2001
-<abstract>
-<tt/ss/ is one another utility to investigate sockets.
-Functionally it is NOT better than <tt/netstat/ combined
-with some perl/awk scripts and though it is surely faster
-it is not enough to make it much better. :-)
-So, stop reading this now and do not waste your time.
-Well, certainly, it proposes some functionality, which current
-netstat is still not able to do, but surely will soon.
-</abstract>
-
-<sect>Why?
-
-<p> <tt>/proc</tt> interface is inadequate, unfortunately.
-When amount of sockets is enough large, <tt/netstat/ or even
-plain <tt>cat /proc/net/tcp/</tt> cause nothing but pains and curses.
-In linux-2.4 the desease became worse: even if amount
-of sockets is small reading <tt>/proc/net/tcp/</tt> is slow enough.
-
-This utility presents a new approach, which is supposed to scale
-well. I am not going to describe technical details here and
-will concentrate on description of the command.
-The only important thing to say is that it is not so bad idea
-to load module <tt/tcp_diag/, which can be found in directory
-<tt/Modules/ of <tt/iproute2/. If you do not make this <tt/ss/
-will work, but it falls back to <tt>/proc</tt> and becomes slow
-like <tt/netstat/, well, a bit faster yet (see section "Some numbers").
-
-<sect>Old news
-
-<p>
-In the simplest form <tt/ss/ is equivalent to netstat
-with some small deviations.
-
-<itemize>
-<item><tt/ss -t -a/ dumps all TCP sockets
-<item><tt/ss -u -a/ dumps all UDP sockets
-<item><tt/ss -w -a/ dumps all RAW sockets
-<item><tt/ss -x -a/ dumps all UNIX sockets
-</itemize>
-
-<p>
-Option <tt/-o/ shows TCP timers state.
-Option <tt/-e/ shows some extended information.
-Etc. etc. etc. Seems, all the options of netstat related to sockets
-are supported. Though not AX.25 and other bizarres. :-)
-If someone wants, he can make support for decnet and ipx.
-Some rudimentary support for them is already present in iproute2 libutils,
-and I will be glad to see these new members.
-
-<p>
-However, standard functionality is a bit different:
-
-<p>
-The first: without option <tt/-a/ sockets in states
-<tt/TIME-WAIT/ and <tt/SYN-RECV/ are skipped too.
-It is more reasonable default, I think.
-
-<p>
-The second: format of UNIX sockets is different. It coincides
-with tcp/udp. Though standard kernel still does not allow to
-see write/read queues and peer address of connected UNIX sockets,
-the patch doing this exists.
-
-<p>
-The third: default is to dump only TCP sockets, rather than all of the types.
-
-<p>
-The next: by default it does not resolve numeric host addresses (like <tt/ip/)!
-Resolving is enabled with option <tt/-r/. Service names, usually stored
-in local files, are resolved by default. Also, if service database
-does not contain references to a port, <tt/ss/ queries system
-<tt/rpcbind/. RPC services are prefixed with <tt/rpc./
-Resolution of services may be suppressed with option <tt/-n/.
-
-<p>
-It does not accept "long" options (I dislike them, sorry).
-So, address family is given with family identifier following
-option <tt/-f/ to be algined to iproute2 conventions.
-Mostly, it is to allow option parser to parse
-addresses correctly, but as side effect it really limits dumping
-to sockets supporting only given family. Option <tt/-A/ followed
-by list of socket tables to dump is also supported.
-Logically, id of socket table is different of _address_ family, which is
-another point of incompatibility. So, id is one of
-<tt/all/, <tt/tcp/, <tt/udp/,
-<tt/raw/, <tt/inet/, <tt/unix/, <tt/packet/, <tt/netlink/. See?
-Well, <tt/inet/ is just abbreviation for <tt/tcp|udp|raw/
-and it is not difficult to guess that <tt/packet/ allows
-to look at packet sockets. Actually, there are also some other abbreviations,
-f.e. <tt/unix_dgram/ selects only datagram UNIX sockets.
-
-<p>
-The next: well, I still do not know. :-)
-
-
-
-
-<sect>Time to talk about new functionality.
-
-<p>It is builtin filtering of socket lists.
-
-<sect1> Filtering by state.
-
-<p>
-<tt/ss/ allows to filter socket states, using keywords
-<tt/state/ and <tt/exclude/, followed by some state
-identifier.
-
-<p>
-State identifier are standard TCP state names (not listed,
-they are useless for you if you already do not know them)
-or abbreviations:
-
-<itemize>
-<item><tt/all/ - for all the states
-<item><tt/bucket/ - for TCP minisockets (<tt/TIME-WAIT|SYN-RECV/)
-<item><tt/big/ - all except for minisockets
-<item><tt/connected/ - not closed and not listening
-<item><tt/synchronized/ - connected and not <tt/SYN-SENT/
-</itemize>
-
-<p>
- F.e. to dump all tcp sockets except <tt/SYN-RECV/:
-
-<tscreen><verb>
- ss exclude SYN-RECV
-</verb></tscreen>
-
-<p>
- If neither <tt/state/ nor <tt/exclude/ directives
- are present,
- state filter defaults to <tt/all/ with option <tt/-a/
- or to <tt/all/,
- excluding listening, syn-recv, time-wait and closed sockets.
-
-<sect1> Filtering by addresses and ports.
-
-<p>
-Option list may contain address/port filter.
-It is boolean expression which consists of boolean operation
-<tt/or/, <tt/and/, <tt/not/ and predicates.
-Actually, all the flavors of names for boolean operations are eaten:
-<tt/&/, <tt/&&/, <tt/|/, <tt/||/, <tt/!/, but do not forget
-about special sense given to these symbols by unix shells and escape
-them correctly, when used from command line.
-
-<p>
-Predicates may be of the folowing kinds:
-
-<itemize>
-<item>A. Address/port match, where address is checked against mask
- and port is either wildcard or exact. It is one of:
-
-<tscreen><verb>
- dst prefix:port
- src prefix:port
- src unix:STRING
- src link:protocol:ifindex
- src nl:channel:pid
-</verb></tscreen>
-
- Both prefix and port may be absent or replaced with <tt/*/,
- which means wildcard. UNIX socket use more powerful scheme
- matching to socket names by shell wildcards. Also, prefixes
- unix: and link: may be omitted, if address family is evident
- from context (with option <tt/-x/ or with <tt/-f unix/
- or with <tt/unix/ keyword)
-
-<p>
- F.e.
-
-<tscreen><verb>
- dst 10.0.0.1
- dst 10.0.0.1:
- dst 10.0.0.1/32:
- dst 10.0.0.1:*
-</verb></tscreen>
- are equivalent and mean socket connected to
- any port on host 10.0.0.1
-
-<tscreen><verb>
- dst 10.0.0.0/24:22
-</verb></tscreen>
- sockets connected to port 22 on network
- 10.0.0.0...255.
-
-<p>
- Note that port separated of address with colon, which creates
- troubles with IPv6 addresses. Generally, we interpret the last
- colon as splitting port. To allow to give IPv6 addresses,
- trick like used in IPv6 HTTP URLs may be used:
-
-<tscreen><verb>
- dst [::1]
-</verb></tscreen>
- are sockets connected to ::1 on any port
-
-<p>
- Another way is <tt/dst ::1/128/. / helps to understand that
- colon is part of IPv6 address.
-
-<p>
- Now we can add another alias for <tt/dst 10.0.0.1/:
- <tt/dst [10.0.0.1]/. :-)
-
-<p> Address may be a DNS name. In this case all the addresses are looked
- up (in all the address families, if it is not limited by option <tt/-f/
- or special address prefix <tt/inet:/, <tt/inet6/) and resulting
- expression is <tt/or/ over all of them.
-
-<item> B. Port expressions:
-<tscreen><verb>
- dport >= :1024
- dport != :22
- sport < :32000
-</verb></tscreen>
- etc.
-
- All the relations: <tt/</, <tt/>/, <tt/=/, <tt/>=/, <tt/=/, <tt/==/,
- <tt/!=/, <tt/eq/, <tt/ge/, <tt/lt/, <tt/ne/...
- Use variant which you like more, but not forget to escape special
- characters when typing them in command line. :-)
-
- Note that port number syntactically coincides to the case A!
- You may even add an IP address, but it will not participate
- incomparison, except for <tt/==/ and <tt/!=/, which are equivalent
- to corresponding predicates of type A. F.e.
-<p>
-<tt/dst 10.0.0.1:22/
- is equivalent to <tt/dport eq 10.0.0.1:22/
- and
- <tt/not dst 10.0.0.1:22/ is equivalent to
- <tt/dport neq 10.0.0.1:22/
-
-<item>C. Keyword <tt/autobound/. It matches to sockets bound automatically
- on local system.
-
-</itemize>
-
-
-<sect> Examples
-
-<p>
-<itemize>
-<item>1. List all the tcp sockets in state <tt/FIN-WAIT-1/ for our apache
- to network 193.233.7/24 and look at their timers:
-
-<tscreen><verb>
- ss -o state fin-wait-1 \( sport = :http or sport = :https \) \
- dst 193.233.7/24
-</verb></tscreen>
-
- Oops, forgot to say that missing logical operation is
- equivalent to <tt/and/.
-
-<item> 2. Well, now look at the rest...
-
-<tscreen><verb>
- ss -o excl fin-wait-1
- ss state fin-wait-1 \( sport neq :http and sport neq :https \) \
- or not dst 193.233.7/24
-</verb></tscreen>
-
- Note that we have to do _two_ calls of ss to do this.
- State match is always anded to address/port match.
- The reason for this is purely technical: ss does fast skip of
- not matching states before parsing addresses and I consider the
- ability to skip fastly gobs of time-wait and syn-recv sockets
- as more important than logical generality.
-
-<item> 3. So, let's look at all our sockets using autobound ports:
-
-<tscreen><verb>
- ss -a -A all autobound
-</verb></tscreen>
-
-
-<item> 4. And eventually find all the local processes connected
- to local X servers:
-
-<tscreen><verb>
- ss -xp dst "/tmp/.X11-unix/*"
-</verb></tscreen>
-
- Pardon, this does not work with current kernel, patching is required.
- But we still can look at server side:
-
-<tscreen><verb>
- ss -x src "/tmp/.X11-unix/*"
-</verb></tscreen>
-
-</itemize>
-
-
-<sect> Returning to ground: real manual
-
-<p>
-<sect1> Command arguments
-
-<p> General format of arguments to <tt/ss/ is:
-
-<tscreen><verb>
- ss [ OPTIONS ] [ STATE-FILTER ] [ ADDRESS-FILTER ]
-</verb></tscreen>
-
-<sect2><tt/OPTIONS/
-<p> <tt/OPTIONS/ is list of single letter options, using common unix
-conventions.
-
-<itemize>
-<item><tt/-h/ - show help page
-<item><tt/-?/ - the same, of course
-<item><tt/-v/, <tt/-V/ - print version of <tt/ss/ and exit
-<item><tt/-s/ - print summary statistics. This option does not parse
-socket lists obtaining summary from various sources. It is useful
-when amount of sockets is so huge that parsing <tt>/proc/net/tcp</tt>
-is painful.
-<item><tt/-D FILE/ - do not display anything, just dump raw information
-about TCP sockets to <tt/FILE/ after applying filters. If <tt/FILE/ is <tt/-/
-<tt/stdout/ is used.
-<item><tt/-F FILE/ - read continuation of filter from <tt/FILE/.
-Each line of <tt/FILE/ is interpreted like single command line option.
-If <tt/FILE/ is <tt/-/ <tt/stdin/ is used.
-<item><tt/-r/ - try to resolve numeric address/ports
-<item><tt/-n/ - do not try to resolve ports
-<item><tt/-o/ - show some optional information, f.e. TCP timers
-<item><tt/-i/ - show some infomration specific to TCP (RTO, congestion
-window, slow start threshould etc.)
-<item><tt/-e/ - show even more optional information
-<item><tt/-m/ - show extended information on memory used by the socket.
-It is available only with <tt/tcp_diag/ enabled.
-<item><tt/-p/ - show list of processes owning the socket
-<item><tt/-f FAMILY/ - default address family used for parsing addresses.
- Also this option limits listing to sockets supporting
- given address family. Currently the following families
- are supported: <tt/unix/, <tt/inet/, <tt/inet6/, <tt/link/,
- <tt/netlink/.
-<item><tt/-4/ - alias for <tt/-f inet/
-<item><tt/-6/ - alias for <tt/-f inet6/
-<item><tt/-0/ - alias for <tt/-f link/
-<item><tt/-A LIST-OF-TABLES/ - list of socket tables to dump, separated
- by commas. The following identifiers are understood:
- <tt/all/, <tt/inet/, <tt/tcp/, <tt/udp/, <tt/raw/,
- <tt/unix/, <tt/packet/, <tt/netlink/, <tt/unix_dgram/,
- <tt/unix_stream/, <tt/packet_raw/, <tt/packet_dgram/.
-<item><tt/-x/ - alias for <tt/-A unix/
-<item><tt/-t/ - alias for <tt/-A tcp/
-<item><tt/-u/ - alias for <tt/-A udp/
-<item><tt/-w/ - alias for <tt/-A raw/
-<item><tt/-a/ - show sockets of all the states. By default sockets
- in states <tt/LISTEN/, <tt/TIME-WAIT/, <tt/SYN_RECV/
- and <tt/CLOSE/ are skipped.
-<item><tt/-l/ - show only sockets in state <tt/LISTEN/
-</itemize>
-
-<sect2><tt/STATE-FILTER/
-
-<p><tt/STATE-FILTER/ allows to construct arbitrary set of
-states to match. Its syntax is sequence of keywords <tt/state/
-and <tt/exclude/ followed by identifier of state.
-Available identifiers are:
-
-<p>
-<itemize>
-<item> All standard TCP states: <tt/established/, <tt/syn-sent/,
-<tt/syn-recv/, <tt/fin-wait-1/, <tt/fin-wait-2/, <tt/time-wait/,
-<tt/closed/, <tt/close-wait/, <tt/last-ack/, <tt/listen/ and <tt/closing/.
-
-<item><tt/all/ - for all the states
-<item><tt/connected/ - all the states except for <tt/listen/ and <tt/closed/
-<item><tt/synchronized/ - all the <tt/connected/ states except for
-<tt/syn-sent/
-<item><tt/bucket/ - states, which are maintained as minisockets, i.e.
-<tt/time-wait/ and <tt/syn-recv/.
-<item><tt/big/ - opposite to <tt/bucket/
-</itemize>
-
-<sect2><tt/ADDRESS_FILTER/
-
-<p><tt/ADDRESS_FILTER/ is boolean expression with operations <tt/and/, <tt/or/
-and <tt/not/, which can be abbreviated in C style f.e. as <tt/&/,
-<tt/&&/.
-
-<p>
-Predicates check socket addresses, both local and remote.
-There are the following kinds of predicates:
-
-<itemize>
-<item> <tt/dst ADDRESS_PATTERN/ - matches remote address and port
-<item> <tt/src ADDRESS_PATTERN/ - matches local address and port
-<item> <tt/dport RELOP PORT/ - compares remote port to a number
-<item> <tt/sport RELOP PORT/ - compares local port to a number
-<item> <tt/autobound/ - checks that socket is bound to an ephemeral
- port
-</itemize>
-
-<p><tt/RELOP/ is some of <tt/<=/, <tt/>=/, <tt/==/ etc.
-To make this more convinient for use in unix shell, alphabetic
-FORTRAN-like notations <tt/le/, <tt/gt/ etc. are accepted as well.
-
-<p>The format and semantics of <tt/ADDRESS_PATTERN/ depends on address
-family.
-
-<itemize>
-<item><tt/inet/ - <tt/ADDRESS_PATTERN/ consists of IP prefix, optionally
-followed by colon and port. If prefix or port part is absent or replaced
-with <tt/*/, this means wildcard match.
-<item><tt/inet6/ - The same as <tt/inet/, only prefix refers to an IPv6
-address. Unlike <tt/inet/ colon becomes ambiguous, so that <tt/ss/ allows
-to use scheme, like used in URLs, where address is suppounded with
-<tt/[/ ... <tt/]/.
-<item><tt/unix/ - <tt/ADDRESS_PATTERN/ is shell-style wildcard.
-<item><tt/packet/ - format looks like <tt/inet/, only interface index
-stays instead of port and link layer protocol id instead of address.
-<item><tt/netlink/ - format looks like <tt/inet/, only socket pid
-stays instead of port and netlink channel instead of address.
-</itemize>
-
-<p><tt/PORT/ is syntactically <tt/ADDRESS_PATTERN/ with wildcard
-address part. Certainly, it is undefined for UNIX sockets.
-
-<sect1> Environment variables
-
-<p>
-<tt/ss/ allows to change source of information using various
-environment variables:
-
-<p>
-<itemize>
-<item> <tt/PROC_SLABINFO/ to override <tt>/proc/slabinfo</tt>
-<item> <tt/PROC_NET_TCP/ to override <tt>/proc/net/tcp</tt>
-<item> <tt/PROC_NET_UDP/ to override <tt>/proc/net/udp</tt>
-<item> etc.
-</itemize>
-
-<p>
-Variable <tt/PROC_ROOT/ allows to change root of all the <tt>/proc/</tt>
-hierarchy.
-
-<p>
-Variable <tt/TCPDIAG_FILE/ prescribes to open a file instead of
-requesting kernel to dump information about TCP sockets.
-
-
-<p> This option is used mainly to investigate bug reports,
-when dumps of files usually found in <tt>/proc/</tt> are recevied
-by e-mail.
-
-<sect1> Output format
-
-<p>Six columns. The first is <tt/Netid/, it denotes socket type and
-transport protocol, when it is ambiguous: <tt/tcp/, <tt/udp/, <tt/raw/,
-<tt/u_str/ is abbreviation for <tt/unix_stream/, <tt/u_dgr/ for UNIX
-datagram sockets, <tt/nl/ for netlink, <tt/p_raw/ and <tt/p_dgr/ for
-raw and datagram packet sockets. This column is optional, it will
-be hidden, if filter selects an unique netid.
-
-<p>
-The second column is <tt/State/. Socket state is displayed here.
-The names are standard TCP names, except for <tt/UNCONN/, which
-cannot happen for TCP, but normal for not connected sockets
-of another types. Again, this column can be hidden.
-
-<p>
-Then two columns (<tt/Recv-Q/ and <tt/Send-Q/) showing amount of data
-queued for receive and transmit.
-
-<p>
-And the last two columns display local address and port of the socket
-and its peer address, if the socket is connected.
-
-<p>
-If options <tt/-o/, <tt/-e/ or <tt/-p/ were given, options are
-displayed not in fixed positions but separated by spaces pairs:
-<tt/option:value/. If value is not a single number, it is presented
-as list of values, enclosed to <tt/(/ ... <tt/)/ and separated with
-commas. F.e.
-
-<tscreen><verb>
- timer:(keepalive,111min,0)
-</verb></tscreen>
-is typical format for TCP timer (option <tt/-o/).
-
-<tscreen><verb>
- users:((X,113,3))
-</verb></tscreen>
-is typical for list of users (option <tt/-p/).
-
-
-<sect>Some numbers
-
-<p>
-Well, let us use <tt/pidentd/ and a tool <tt/ibench/ to measure
-its performance. It is 30 requests per second here. Nothing to test,
-it is too slow. OK, let us patch pidentd with patch from directory
-Patches. After this it handles about 4300 requests per second
-and becomes handy tool to pollute socket tables with lots of timewait
-buckets.
-
-<p>
-So, each test starts from pollution tables with 30000 sockets
-and then doing full dump of the table piped to wc and measuring
-timings with time:
-
-<p>Results:
-
-<itemize>
-<item> <tt/netstat -at/ - 15.6 seconds
-<item> <tt/ss -atr/, but without <tt/tcp_diag/ - 5.4 seconds
-<item> <tt/ss -atr/ with <tt/tcp_diag/ - 0.47 seconds
-</itemize>
-
-No comments. Though one comment is necessary, most of time
-without <tt/tcp_diag/ is wasted inside kernel with completely
-blocked networking. More than 10 seconds, yes. <tt/tcp_diag/
-does the same work for 100 milliseconds of system time.
-
-</article>
diff --git a/etc/iproute2/nl_protos b/etc/iproute2/nl_protos
index 43418f3..7c17cf0 100644
--- a/etc/iproute2/nl_protos
+++ b/etc/iproute2/nl_protos
@@ -12,7 +12,7 @@
9 audit
10 fiblookup
11 connector
-12 nft
+12 nft
13 ip6fw
14 dec-rt
15 uevent
@@ -20,4 +20,4 @@
18 scsi-trans
19 ecryptfs
20 rdma
-21 crypto
+21 crypto
diff --git a/etc/iproute2/rt_protos.d/README b/etc/iproute2/rt_protos.d/README
new file mode 100644
index 0000000..f9c599c
--- /dev/null
+++ b/etc/iproute2/rt_protos.d/README
@@ -0,0 +1,2 @@
+Each file in this directory is an rt_protos configuration file. iproute2
+commands scan this directory processing all files that end in '.conf'.
diff --git a/etc/iproute2/rt_tables.d/README b/etc/iproute2/rt_tables.d/README
index 79386f8..0920cb1 100644
--- a/etc/iproute2/rt_tables.d/README
+++ b/etc/iproute2/rt_tables.d/README
@@ -1,3 +1,2 @@
Each file in this directory is an rt_tables configuration file. iproute2
commands scan this directory processing all files that end in '.conf'.
-
diff --git a/examples/bpf/README b/examples/bpf/README
index 4247257..1bbdda3 100644
--- a/examples/bpf/README
+++ b/examples/bpf/README
@@ -1,13 +1,8 @@
eBPF toy code examples (running in kernel) to familiarize yourself
with syntax and features:
- - bpf_prog.c -> Classifier examples with using maps
- bpf_shared.c -> Ingress/egress map sharing example
- bpf_tailcall.c -> Using tail call chains
- bpf_cyclic.c -> Simple cycle as tail calls
- bpf_graft.c -> Demo on altering runtime behaviour
-
-User space code example:
-
- - bpf_agent.c -> Counterpart to bpf_prog.c for user
- space to transfer/read out map data
+ - bpf_map_in_map.c -> Using map in map example
diff --git a/examples/bpf/bpf_agent.c b/examples/bpf/bpf_agent.c
deleted file mode 100644
index f9b9ce3..0000000
--- a/examples/bpf/bpf_agent.c
+++ /dev/null
@@ -1,258 +0,0 @@
-/*
- * eBPF user space agent part
- *
- * Simple, _self-contained_ user space agent for the eBPF kernel
- * ebpf_prog.c program, which gets all map fds passed from tc via unix
- * domain socket in one transaction and can thus keep referencing
- * them from user space in order to read out (or possibly modify)
- * map data. Here, just as a minimal example to display counters.
- *
- * The agent only uses the bpf(2) syscall API to read or possibly
- * write to eBPF maps, it doesn't need to be aware of the low-level
- * bytecode parts and/or ELF parsing bits.
- *
- * ! For more details, see header comment in bpf_prog.c !
- *
- * gcc bpf_agent.c -o bpf_agent -Wall -O2
- *
- * For example, a more complex user space agent could run on each
- * host, reading and writing into eBPF maps used by tc classifier
- * and actions. It would thus allow for implementing a distributed
- * tc architecture, for example, which would push down central
- * policies into eBPF maps, and thus altering run-time behaviour.
- *
- * -- Happy eBPF hacking! ;)
- */
-
-#define _GNU_SOURCE
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <stdint.h>
-#include <assert.h>
-
-#include <sys/un.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/socket.h>
-
-/* Just some misc macros as min(), offsetof(), etc. */
-#include "../../include/utils.h"
-/* Common code from fd passing. */
-#include "../../include/bpf_scm.h"
-/* Common, shared definitions with ebpf_prog.c */
-#include "bpf_shared.h"
-/* Mini syscall wrapper */
-#include "bpf_sys.h"
-
-static void bpf_dump_drops(int fd)
-{
- int cpu, max;
-
- max = sysconf(_SC_NPROCESSORS_ONLN);
-
- printf(" `- number of drops:");
- for (cpu = 0; cpu < max; cpu++) {
- long drops;
-
- assert(bpf_lookup_elem(fd, &cpu, &drops) == 0);
- printf("\tcpu%d: %5ld", cpu, drops);
- }
- printf("\n");
-}
-
-static void bpf_dump_queue(int fd)
-{
- /* Just for the same of the example. */
- int max_queue = 4, i;
-
- printf(" | nic queues:");
- for (i = 0; i < max_queue; i++) {
- struct count_queue cq;
- int ret;
-
- memset(&cq, 0, sizeof(cq));
- ret = bpf_lookup_elem(fd, &i, &cq);
- assert(ret == 0 || (ret < 0 && errno == ENOENT));
-
- printf("\tq%d:[pkts: %ld, mis: %ld]",
- i, cq.total, cq.mismatch);
- }
- printf("\n");
-}
-
-static void bpf_dump_proto(int fd)
-{
- uint8_t protos[] = { IPPROTO_TCP, IPPROTO_UDP, IPPROTO_ICMP };
- char *names[] = { "tcp", "udp", "icmp" };
- int i;
-
- printf(" ` protos:");
- for (i = 0; i < ARRAY_SIZE(protos); i++) {
- struct count_tuple ct;
- int ret;
-
- memset(&ct, 0, sizeof(ct));
- ret = bpf_lookup_elem(fd, &protos[i], &ct);
- assert(ret == 0 || (ret < 0 && errno == ENOENT));
-
- printf("\t%s:[pkts: %ld, bytes: %ld]",
- names[i], ct.packets, ct.bytes);
- }
- printf("\n");
-}
-
-static void bpf_dump_map_data(int *tfd)
-{
- int i;
-
- for (i = 0; i < 30; i++) {
- const int period = 5;
-
- printf("data, period: %dsec\n", period);
-
- bpf_dump_drops(tfd[BPF_MAP_ID_DROPS]);
- bpf_dump_queue(tfd[BPF_MAP_ID_QUEUE]);
- bpf_dump_proto(tfd[BPF_MAP_ID_PROTO]);
-
- sleep(period);
- }
-}
-
-static void bpf_info_loop(int *fds, struct bpf_map_aux *aux)
-{
- int i, tfd[BPF_MAP_ID_MAX];
-
- printf("ver: %d\nobj: %s\ndev: %lu\nino: %lu\nmaps: %u\n",
- aux->uds_ver, aux->obj_name, aux->obj_st.st_dev,
- aux->obj_st.st_ino, aux->num_ent);
-
- for (i = 0; i < aux->num_ent; i++) {
- printf("map%d:\n", i);
- printf(" `- fd: %u\n", fds[i]);
- printf(" | serial: %u\n", aux->ent[i].id);
- printf(" | type: %u\n", aux->ent[i].type);
- printf(" | max elem: %u\n", aux->ent[i].max_elem);
- printf(" | size key: %u\n", aux->ent[i].size_key);
- printf(" ` size val: %u\n", aux->ent[i].size_value);
-
- tfd[aux->ent[i].id] = fds[i];
- }
-
- bpf_dump_map_data(tfd);
-}
-
-static void bpf_map_get_from_env(int *tfd)
-{
- char key[64], *val;
- int i;
-
- for (i = 0; i < BPF_MAP_ID_MAX; i++) {
- memset(key, 0, sizeof(key));
- snprintf(key, sizeof(key), "BPF_MAP%d", i);
-
- val = getenv(key);
- assert(val != NULL);
-
- tfd[i] = atoi(val);
- }
-}
-
-static int bpf_map_set_recv(int fd, int *fds, struct bpf_map_aux *aux,
- unsigned int entries)
-{
- struct bpf_map_set_msg msg;
- int *cmsg_buf, min_fd, i;
- char *amsg_buf, *mmsg_buf;
-
- cmsg_buf = bpf_map_set_init(&msg, NULL, 0);
- amsg_buf = (char *)msg.aux.ent;
- mmsg_buf = (char *)&msg.aux;
-
- for (i = 0; i < entries; i += min_fd) {
- struct cmsghdr *cmsg;
- int ret;
-
- min_fd = min(BPF_SCM_MAX_FDS * 1U, entries - i);
-
- bpf_map_set_init_single(&msg, min_fd);
-
- ret = recvmsg(fd, &msg.hdr, 0);
- if (ret <= 0)
- return ret ? : -1;
-
- cmsg = CMSG_FIRSTHDR(&msg.hdr);
- if (!cmsg || cmsg->cmsg_type != SCM_RIGHTS)
- return -EINVAL;
- if (msg.hdr.msg_flags & MSG_CTRUNC)
- return -EIO;
-
- min_fd = (cmsg->cmsg_len - sizeof(*cmsg)) / sizeof(fd);
- if (min_fd > entries || min_fd <= 0)
- return -1;
-
- memcpy(&fds[i], cmsg_buf, sizeof(fds[0]) * min_fd);
- memcpy(&aux->ent[i], amsg_buf, sizeof(aux->ent[0]) * min_fd);
- memcpy(aux, mmsg_buf, offsetof(struct bpf_map_aux, ent));
-
- if (i + min_fd == aux->num_ent)
- break;
- }
-
- return 0;
-}
-
-int main(int argc, char **argv)
-{
- int fds[BPF_SCM_MAX_FDS];
- struct bpf_map_aux aux;
- struct sockaddr_un addr;
- int fd, ret, i;
-
- /* When arguments are being passed, we take it as a path
- * to a Unix domain socket, otherwise we grab the fds
- * from the environment to demonstrate both possibilities.
- */
- if (argc == 1) {
- int tfd[BPF_MAP_ID_MAX];
-
- bpf_map_get_from_env(tfd);
- bpf_dump_map_data(tfd);
-
- return 0;
- }
-
- fd = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (fd < 0) {
- fprintf(stderr, "Cannot open socket: %s\n",
- strerror(errno));
- exit(1);
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, argv[argc - 1], sizeof(addr.sun_path));
-
- ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr));
- if (ret < 0) {
- fprintf(stderr, "Cannot bind to socket: %s\n",
- strerror(errno));
- exit(1);
- }
-
- memset(fds, 0, sizeof(fds));
- memset(&aux, 0, sizeof(aux));
-
- ret = bpf_map_set_recv(fd, fds, &aux, BPF_SCM_MAX_FDS);
- if (ret >= 0)
- bpf_info_loop(fds, &aux);
-
- for (i = 0; i < aux.num_ent; i++)
- close(fds[i]);
-
- close(fd);
- return 0;
-}
diff --git a/examples/bpf/bpf_cyclic.c b/examples/bpf/bpf_cyclic.c
index c66cbec..11d1c06 100644
--- a/examples/bpf/bpf_cyclic.c
+++ b/examples/bpf/bpf_cyclic.c
@@ -6,14 +6,19 @@
*/
#define JMP_MAP_ID 0xabccba
-BPF_PROG_ARRAY(jmp_tc, JMP_MAP_ID, PIN_OBJECT_NS, 1);
+struct bpf_elf_map __section_maps jmp_tc = {
+ .type = BPF_MAP_TYPE_PROG_ARRAY,
+ .id = JMP_MAP_ID,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .pinning = PIN_OBJECT_NS,
+ .max_elem = 1,
+};
__section_tail(JMP_MAP_ID, 0)
int cls_loop(struct __sk_buff *skb)
{
- char fmt[] = "cb: %u\n";
-
- trace_printk(fmt, sizeof(fmt), skb->cb[0]++);
+ printt("cb: %u\n", skb->cb[0]++);
tail_call(skb, &jmp_tc, 0);
skb->tc_classid = TC_H_MAKE(1, 42);
diff --git a/examples/bpf/bpf_graft.c b/examples/bpf/bpf_graft.c
index f48fd02..07113d4 100644
--- a/examples/bpf/bpf_graft.c
+++ b/examples/bpf/bpf_graft.c
@@ -33,34 +33,33 @@
* [...]
*/
-BPF_PROG_ARRAY(jmp_tc, 0, PIN_GLOBAL_NS, 1);
+struct bpf_elf_map __section_maps jmp_tc = {
+ .type = BPF_MAP_TYPE_PROG_ARRAY,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .pinning = PIN_GLOBAL_NS,
+ .max_elem = 1,
+};
__section("aaa")
int cls_aaa(struct __sk_buff *skb)
{
- char fmt[] = "aaa\n";
-
- trace_printk(fmt, sizeof(fmt));
+ printt("aaa\n");
return TC_H_MAKE(1, 42);
}
__section("bbb")
int cls_bbb(struct __sk_buff *skb)
{
- char fmt[] = "bbb\n";
-
- trace_printk(fmt, sizeof(fmt));
+ printt("bbb\n");
return TC_H_MAKE(1, 43);
}
__section_cls_entry
int cls_entry(struct __sk_buff *skb)
{
- char fmt[] = "fallthrough\n";
-
tail_call(skb, &jmp_tc, 0);
- trace_printk(fmt, sizeof(fmt));
-
+ printt("fallthrough\n");
return BPF_H_DEFAULT;
}
diff --git a/examples/bpf/bpf_map_in_map.c b/examples/bpf/bpf_map_in_map.c
new file mode 100644
index 0000000..ff0e623
--- /dev/null
+++ b/examples/bpf/bpf_map_in_map.c
@@ -0,0 +1,56 @@
+#include "../../include/bpf_api.h"
+
+#define MAP_INNER_ID 42
+
+struct bpf_elf_map __section_maps map_inner = {
+ .type = BPF_MAP_TYPE_ARRAY,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .id = MAP_INNER_ID,
+ .inner_idx = 0,
+ .pinning = PIN_GLOBAL_NS,
+ .max_elem = 1,
+};
+
+struct bpf_elf_map __section_maps map_outer = {
+ .type = BPF_MAP_TYPE_ARRAY_OF_MAPS,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .inner_id = MAP_INNER_ID,
+ .pinning = PIN_GLOBAL_NS,
+ .max_elem = 1,
+};
+
+__section("egress")
+int emain(struct __sk_buff *skb)
+{
+ struct bpf_elf_map *map_inner;
+ int key = 0, *val;
+
+ map_inner = map_lookup_elem(&map_outer, &key);
+ if (map_inner) {
+ val = map_lookup_elem(map_inner, &key);
+ if (val)
+ lock_xadd(val, 1);
+ }
+
+ return BPF_H_DEFAULT;
+}
+
+__section("ingress")
+int imain(struct __sk_buff *skb)
+{
+ struct bpf_elf_map *map_inner;
+ int key = 0, *val;
+
+ map_inner = map_lookup_elem(&map_outer, &key);
+ if (map_inner) {
+ val = map_lookup_elem(map_inner, &key);
+ if (val)
+ printt("map val: %d\n", *val);
+ }
+
+ return BPF_H_DEFAULT;
+}
+
+BPF_LICENSE("GPL");
diff --git a/examples/bpf/bpf_prog.c b/examples/bpf/bpf_prog.c
deleted file mode 100644
index 4728049..0000000
--- a/examples/bpf/bpf_prog.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/*
- * eBPF kernel space program part
- *
- * Toy eBPF program for demonstration purposes, some parts derived from
- * kernel tree's samples/bpf/sockex2_kern.c example.
- *
- * More background on eBPF, kernel tree: Documentation/networking/filter.txt
- *
- * Note, this file is rather large, and most classifier and actions are
- * likely smaller to accomplish one specific use-case and are tailored
- * for high performance. For performance reasons, you might also have the
- * classifier and action already merged inside the classifier.
- *
- * In order to show various features it serves as a bigger programming
- * example, which you should feel free to rip apart and experiment with.
- *
- * Compilation, configuration example:
- *
- * Note: as long as the BPF backend in LLVM is still experimental,
- * you need to build LLVM with LLVM with --enable-experimental-targets=BPF
- * Also, make sure your 4.1+ kernel is compiled with CONFIG_BPF_SYSCALL=y,
- * and you have libelf.h and gelf.h headers and can link tc against -lelf.
- *
- * In case you need to sync kernel headers, go to your kernel source tree:
- * # make headers_install INSTALL_HDR_PATH=/usr/
- *
- * $ export PATH=/home/<...>/llvm/Debug+Asserts/bin/:$PATH
- * $ clang -O2 -emit-llvm -c bpf_prog.c -o - | llc -march=bpf -filetype=obj -o bpf.o
- * $ objdump -h bpf.o
- * [...]
- * 3 classifier 000007f8 0000000000000000 0000000000000000 00000040 2**3
- * CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
- * 4 action-mark 00000088 0000000000000000 0000000000000000 00000838 2**3
- * CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
- * 5 action-rand 00000098 0000000000000000 0000000000000000 000008c0 2**3
- * CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
- * 6 maps 00000030 0000000000000000 0000000000000000 00000958 2**2
- * CONTENTS, ALLOC, LOAD, DATA
- * 7 license 00000004 0000000000000000 0000000000000000 00000988 2**0
- * CONTENTS, ALLOC, LOAD, DATA
- * [...]
- * # echo 1 > /proc/sys/net/core/bpf_jit_enable
- * $ gcc bpf_agent.c -o bpf_agent -Wall -O2
- * # ./bpf_agent /tmp/bpf-uds (e.g. on a different terminal)
- * # tc filter add dev em1 parent 1: bpf obj bpf.o exp /tmp/bpf-uds flowid 1:1 \
- * action bpf obj bpf.o sec action-mark \
- * action bpf obj bpf.o sec action-rand ok
- * # tc filter show dev em1
- * filter parent 1: protocol all pref 49152 bpf
- * filter parent 1: protocol all pref 49152 bpf handle 0x1 flowid 1:1 bpf.o:[classifier]
- * action order 1: bpf bpf.o:[action-mark] default-action pipe
- * index 52 ref 1 bind 1
- *
- * action order 2: bpf bpf.o:[action-rand] default-action pipe
- * index 53 ref 1 bind 1
- *
- * action order 3: gact action pass
- * random type none pass val 0
- * index 38 ref 1 bind 1
- *
- * The same program can also be installed on ingress side (as opposed to above
- * egress configuration), e.g.:
- *
- * # tc qdisc add dev em1 handle ffff: ingress
- * # tc filter add dev em1 parent ffff: bpf obj ...
- *
- * Notes on BPF agent:
- *
- * In the above example, the bpf_agent creates the unix domain socket
- * natively. "tc exec" can also spawn a shell and hold the socktes there:
- *
- * # tc exec bpf imp /tmp/bpf-uds
- * # tc filter add dev em1 parent 1: bpf obj bpf.o exp /tmp/bpf-uds flowid 1:1 \
- * action bpf obj bpf.o sec action-mark \
- * action bpf obj bpf.o sec action-rand ok
- * sh-4.2# (shell spawned from tc exec)
- * sh-4.2# bpf_agent
- * [...]
- *
- * This will read out fds over environment and produce the same data dump
- * as below. This has the advantage that the spawned shell owns the fds
- * and thus if the agent is restarted, it can reattach to the same fds, also
- * various programs can easily read/modify the data simultaneously from user
- * space side.
- *
- * If the shell is unnecessary, the agent can also just be spawned directly
- * via tc exec:
- *
- * # tc exec bpf imp /tmp/bpf-uds run bpf_agent
- * # tc filter add dev em1 parent 1: bpf obj bpf.o exp /tmp/bpf-uds flowid 1:1 \
- * action bpf obj bpf.o sec action-mark \
- * action bpf obj bpf.o sec action-rand ok
- *
- * BPF agent example output:
- *
- * ver: 1
- * obj: bpf.o
- * dev: 64770
- * ino: 6045133
- * maps: 3
- * map0:
- * `- fd: 4
- * | serial: 1
- * | type: 1
- * | max elem: 256
- * | size key: 1
- * ` size val: 16
- * map1:
- * `- fd: 5
- * | serial: 2
- * | type: 1
- * | max elem: 1024
- * | size key: 4
- * ` size val: 16
- * map2:
- * `- fd: 6
- * | serial: 3
- * | type: 2
- * | max elem: 64
- * | size key: 4
- * ` size val: 8
- * data, period: 5sec
- * `- number of drops: cpu0: 0 cpu1: 0 cpu2: 0 cpu3: 0
- * | nic queues: q0:[pkts: 0, mis: 0] q1:[pkts: 0, mis: 0] q2:[pkts: 0, mis: 0] q3:[pkts: 0, mis: 0]
- * ` protos: tcp:[pkts: 0, bytes: 0] udp:[pkts: 0, bytes: 0] icmp:[pkts: 0, bytes: 0]
- * data, period: 5sec
- * `- number of drops: cpu0: 5 cpu1: 0 cpu2: 0 cpu3: 1
- * | nic queues: q0:[pkts: 0, mis: 0] q1:[pkts: 0, mis: 0] q2:[pkts: 24, mis: 14] q3:[pkts: 0, mis: 0]
- * ` protos: tcp:[pkts: 13, bytes: 1989] udp:[pkts: 10, bytes: 710] icmp:[pkts: 0, bytes: 0]
- * data, period: 5sec
- * `- number of drops: cpu0: 5 cpu1: 0 cpu2: 3 cpu3: 3
- * | nic queues: q0:[pkts: 0, mis: 0] q1:[pkts: 0, mis: 0] q2:[pkts: 39, mis: 21] q3:[pkts: 0, mis: 0]
- * ` protos: tcp:[pkts: 20, bytes: 3549] udp:[pkts: 18, bytes: 1278] icmp:[pkts: 0, bytes: 0]
- * [...]
- *
- * This now means, the below classifier and action pipeline has been loaded
- * as eBPF bytecode into the kernel, the kernel has verified that the
- * execution of the bytecode is "safe", and it has JITed the programs
- * afterwards, so that upon invocation they're running on native speed. tc
- * has transferred all map file descriptors to the bpf_agent via IPC and
- * even after tc exits, the agent can read out or modify all map data.
- *
- * Note that the export to the uds is done only once in the classifier and
- * not in the action. It's enough to export the (here) shared descriptors
- * once.
- *
- * If you need to disassemble the generated JIT image (echo with 2), the
- * kernel tree has under tools/net/ a small helper, you can invoke e.g.
- * `bpf_jit_disasm -o`.
- *
- * Please find in the code below further comments.
- *
- * -- Happy eBPF hacking! ;)
- */
-#include <stdint.h>
-#include <stdbool.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <asm/types.h>
-#include <linux/in.h>
-#include <linux/if.h>
-#include <linux/if_ether.h>
-#include <linux/ip.h>
-#include <linux/ipv6.h>
-#include <linux/if_tunnel.h>
-#include <linux/filter.h>
-#include <linux/bpf.h>
-
-/* Common, shared definitions with ebpf_agent.c. */
-#include "bpf_shared.h"
-/* BPF helper functions for our example. */
-#include "../../include/bpf_api.h"
-
-/* Could be defined here as well, or included from the header. */
-#define TC_ACT_UNSPEC (-1)
-#define TC_ACT_OK 0
-#define TC_ACT_RECLASSIFY 1
-#define TC_ACT_SHOT 2
-#define TC_ACT_PIPE 3
-#define TC_ACT_STOLEN 4
-#define TC_ACT_QUEUED 5
-#define TC_ACT_REPEAT 6
-
-/* Other, misc stuff. */
-#define IP_MF 0x2000
-#define IP_OFFSET 0x1FFF
-
-/* eBPF map definitions, all placed in section "maps". */
-struct bpf_elf_map __section("maps") map_proto = {
- .type = BPF_MAP_TYPE_HASH,
- .id = BPF_MAP_ID_PROTO,
- .size_key = sizeof(uint8_t),
- .size_value = sizeof(struct count_tuple),
- .max_elem = 256,
-};
-
-struct bpf_elf_map __section("maps") map_queue = {
- .type = BPF_MAP_TYPE_HASH,
- .id = BPF_MAP_ID_QUEUE,
- .size_key = sizeof(uint32_t),
- .size_value = sizeof(struct count_queue),
- .max_elem = 1024,
-};
-
-struct bpf_elf_map __section("maps") map_drops = {
- .type = BPF_MAP_TYPE_ARRAY,
- .id = BPF_MAP_ID_DROPS,
- .size_key = sizeof(uint32_t),
- .size_value = sizeof(long),
- .max_elem = 64,
-};
-
-/* Helper functions and definitions for the flow dissector used by the
- * example classifier. This resembles the kernel's flow dissector to
- * some extend and is just used as an example to show what's possible
- * with eBPF.
- */
-struct sockaddr;
-
-struct vlan_hdr {
- __be16 h_vlan_TCI;
- __be16 h_vlan_encapsulated_proto;
-};
-
-struct flow_keys {
- __u32 src;
- __u32 dst;
- union {
- __u32 ports;
- __u16 port16[2];
- };
- __s32 th_off;
- __u8 ip_proto;
-};
-
-static inline int flow_ports_offset(__u8 ip_proto)
-{
- switch (ip_proto) {
- case IPPROTO_TCP:
- case IPPROTO_UDP:
- case IPPROTO_DCCP:
- case IPPROTO_ESP:
- case IPPROTO_SCTP:
- case IPPROTO_UDPLITE:
- default:
- return 0;
- case IPPROTO_AH:
- return 4;
- }
-}
-
-static inline bool flow_is_frag(struct __sk_buff *skb, int nh_off)
-{
- return !!(load_half(skb, nh_off + offsetof(struct iphdr, frag_off)) &
- (IP_MF | IP_OFFSET));
-}
-
-static inline int flow_parse_ipv4(struct __sk_buff *skb, int nh_off,
- __u8 *ip_proto, struct flow_keys *flow)
-{
- __u8 ip_ver_len;
-
- if (unlikely(flow_is_frag(skb, nh_off)))
- *ip_proto = 0;
- else
- *ip_proto = load_byte(skb, nh_off + offsetof(struct iphdr,
- protocol));
- if (*ip_proto != IPPROTO_GRE) {
- flow->src = load_word(skb, nh_off + offsetof(struct iphdr, saddr));
- flow->dst = load_word(skb, nh_off + offsetof(struct iphdr, daddr));
- }
-
- ip_ver_len = load_byte(skb, nh_off + 0 /* offsetof(struct iphdr, ihl) */);
- if (likely(ip_ver_len == 0x45))
- nh_off += 20;
- else
- nh_off += (ip_ver_len & 0xF) << 2;
-
- return nh_off;
-}
-
-static inline __u32 flow_addr_hash_ipv6(struct __sk_buff *skb, int off)
-{
- __u32 w0 = load_word(skb, off);
- __u32 w1 = load_word(skb, off + sizeof(w0));
- __u32 w2 = load_word(skb, off + sizeof(w0) * 2);
- __u32 w3 = load_word(skb, off + sizeof(w0) * 3);
-
- return w0 ^ w1 ^ w2 ^ w3;
-}
-
-static inline int flow_parse_ipv6(struct __sk_buff *skb, int nh_off,
- __u8 *ip_proto, struct flow_keys *flow)
-{
- *ip_proto = load_byte(skb, nh_off + offsetof(struct ipv6hdr, nexthdr));
-
- flow->src = flow_addr_hash_ipv6(skb, nh_off + offsetof(struct ipv6hdr, saddr));
- flow->dst = flow_addr_hash_ipv6(skb, nh_off + offsetof(struct ipv6hdr, daddr));
-
- return nh_off + sizeof(struct ipv6hdr);
-}
-
-static inline bool flow_dissector(struct __sk_buff *skb,
- struct flow_keys *flow)
-{
- int poff, nh_off = BPF_LL_OFF + ETH_HLEN;
- __be16 proto = skb->protocol;
- __u8 ip_proto;
-
- /* TODO: check for skb->vlan_tci, skb->vlan_proto first */
- if (proto == htons(ETH_P_8021AD)) {
- proto = load_half(skb, nh_off +
- offsetof(struct vlan_hdr, h_vlan_encapsulated_proto));
- nh_off += sizeof(struct vlan_hdr);
- }
- if (proto == htons(ETH_P_8021Q)) {
- proto = load_half(skb, nh_off +
- offsetof(struct vlan_hdr, h_vlan_encapsulated_proto));
- nh_off += sizeof(struct vlan_hdr);
- }
-
- if (likely(proto == htons(ETH_P_IP)))
- nh_off = flow_parse_ipv4(skb, nh_off, &ip_proto, flow);
- else if (proto == htons(ETH_P_IPV6))
- nh_off = flow_parse_ipv6(skb, nh_off, &ip_proto, flow);
- else
- return false;
-
- switch (ip_proto) {
- case IPPROTO_GRE: {
- struct gre_hdr {
- __be16 flags;
- __be16 proto;
- };
-
- __u16 gre_flags = load_half(skb, nh_off +
- offsetof(struct gre_hdr, flags));
- __u16 gre_proto = load_half(skb, nh_off +
- offsetof(struct gre_hdr, proto));
-
- if (gre_flags & (GRE_VERSION | GRE_ROUTING))
- break;
-
- nh_off += 4;
- if (gre_flags & GRE_CSUM)
- nh_off += 4;
- if (gre_flags & GRE_KEY)
- nh_off += 4;
- if (gre_flags & GRE_SEQ)
- nh_off += 4;
-
- if (gre_proto == ETH_P_8021Q) {
- gre_proto = load_half(skb, nh_off +
- offsetof(struct vlan_hdr,
- h_vlan_encapsulated_proto));
- nh_off += sizeof(struct vlan_hdr);
- }
- if (gre_proto == ETH_P_IP)
- nh_off = flow_parse_ipv4(skb, nh_off, &ip_proto, flow);
- else if (gre_proto == ETH_P_IPV6)
- nh_off = flow_parse_ipv6(skb, nh_off, &ip_proto, flow);
- else
- return false;
- break;
- }
- case IPPROTO_IPIP:
- nh_off = flow_parse_ipv4(skb, nh_off, &ip_proto, flow);
- break;
- case IPPROTO_IPV6:
- nh_off = flow_parse_ipv6(skb, nh_off, &ip_proto, flow);
- default:
- break;
- }
-
- nh_off += flow_ports_offset(ip_proto);
-
- flow->ports = load_word(skb, nh_off);
- flow->th_off = nh_off;
- flow->ip_proto = ip_proto;
-
- return true;
-}
-
-static inline void cls_update_proto_map(const struct __sk_buff *skb,
- const struct flow_keys *flow)
-{
- uint8_t proto = flow->ip_proto;
- struct count_tuple *ct, _ct;
-
- ct = map_lookup_elem(&map_proto, &proto);
- if (likely(ct)) {
- lock_xadd(&ct->packets, 1);
- lock_xadd(&ct->bytes, skb->len);
- return;
- }
-
- /* No hit yet, we need to create a new entry. */
- _ct.packets = 1;
- _ct.bytes = skb->len;
-
- map_update_elem(&map_proto, &proto, &_ct, BPF_ANY);
-}
-
-static inline void cls_update_queue_map(const struct __sk_buff *skb)
-{
- uint32_t queue = skb->queue_mapping;
- struct count_queue *cq, _cq;
- bool mismatch;
-
- mismatch = skb->queue_mapping != get_smp_processor_id();
-
- cq = map_lookup_elem(&map_queue, &queue);
- if (likely(cq)) {
- lock_xadd(&cq->total, 1);
- if (mismatch)
- lock_xadd(&cq->mismatch, 1);
- return;
- }
-
- /* No hit yet, we need to create a new entry. */
- _cq.total = 1;
- _cq.mismatch = mismatch ? 1 : 0;
-
- map_update_elem(&map_queue, &queue, &_cq, BPF_ANY);
-}
-
-/* eBPF program definitions, placed in various sections, which can
- * have custom section names. If custom names are in use, it's
- * required to point tc to the correct section, e.g.
- *
- * tc filter add [...] bpf obj cls.o sec cls-tos [...]
- *
- * in case the program resides in __section("cls-tos").
- *
- * Default section for cls_bpf is: "classifier", for act_bpf is:
- * "action". Naturally, if for example multiple actions are present
- * in the same file, they need to have distinct section names.
- *
- * It is however not required to have multiple programs sharing
- * a file.
- */
-__section("classifier")
-int cls_main(struct __sk_buff *skb)
-{
- struct flow_keys flow;
-
- if (!flow_dissector(skb, &flow))
- return 0; /* No match in cls_bpf. */
-
- cls_update_proto_map(skb, &flow);
- cls_update_queue_map(skb);
-
- return flow.ip_proto;
-}
-
-static inline void act_update_drop_map(void)
-{
- uint32_t *count, cpu = get_smp_processor_id();
-
- count = map_lookup_elem(&map_drops, &cpu);
- if (count)
- /* Only this cpu is accessing this element. */
- (*count)++;
-}
-
-__section("action-mark")
-int act_mark_main(struct __sk_buff *skb)
-{
- /* You could also mangle skb data here with the helper function
- * BPF_FUNC_skb_store_bytes, etc. Or, alternatively you could
- * do that already in the classifier itself as a merged combination
- * of classifier'n'action model.
- */
-
- if (skb->mark == 0xcafe) {
- act_update_drop_map();
- return TC_ACT_SHOT;
- }
-
- /* Default configured tc opcode. */
- return TC_ACT_UNSPEC;
-}
-
-__section("action-rand")
-int act_rand_main(struct __sk_buff *skb)
-{
- /* Sorry, we're near event horizon ... */
- if ((get_prandom_u32() & 3) == 0) {
- act_update_drop_map();
- return TC_ACT_SHOT;
- }
-
- return TC_ACT_UNSPEC;
-}
-
-/* Last but not least, the file contains a license. Some future helper
- * functions may only be available with a GPL license.
- */
-BPF_LICENSE("GPL");
diff --git a/examples/bpf/bpf_shared.c b/examples/bpf/bpf_shared.c
index accc0ad..21fe6f1 100644
--- a/examples/bpf/bpf_shared.c
+++ b/examples/bpf/bpf_shared.c
@@ -18,7 +18,13 @@
* instance is being created.
*/
-BPF_ARRAY4(map_sh, 0, PIN_OBJECT_NS, 1); /* or PIN_GLOBAL_NS, or PIN_NONE */
+struct bpf_elf_map __section_maps map_sh = {
+ .type = BPF_MAP_TYPE_ARRAY,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .pinning = PIN_OBJECT_NS, /* or PIN_GLOBAL_NS, or PIN_NONE */
+ .max_elem = 1,
+};
__section("egress")
int emain(struct __sk_buff *skb)
@@ -35,12 +41,11 @@
__section("ingress")
int imain(struct __sk_buff *skb)
{
- char fmt[] = "map val: %d\n";
int key = 0, *val;
val = map_lookup_elem(&map_sh, &key);
if (val)
- trace_printk(fmt, sizeof(fmt), *val);
+ printt("map val: %d\n", *val);
return BPF_H_DEFAULT;
}
diff --git a/examples/bpf/bpf_shared.h b/examples/bpf/bpf_shared.h
deleted file mode 100644
index a24038d..0000000
--- a/examples/bpf/bpf_shared.h
+++ /dev/null
@@ -1,22 +0,0 @@
-#ifndef __BPF_SHARED__
-#define __BPF_SHARED__
-
-enum {
- BPF_MAP_ID_PROTO,
- BPF_MAP_ID_QUEUE,
- BPF_MAP_ID_DROPS,
- __BPF_MAP_ID_MAX,
-#define BPF_MAP_ID_MAX __BPF_MAP_ID_MAX
-};
-
-struct count_tuple {
- long packets; /* type long for lock_xadd() */
- long bytes;
-};
-
-struct count_queue {
- long total;
- long mismatch;
-};
-
-#endif /* __BPF_SHARED__ */
diff --git a/examples/bpf/bpf_sys.h b/examples/bpf/bpf_sys.h
deleted file mode 100644
index 6e4f09e..0000000
--- a/examples/bpf/bpf_sys.h
+++ /dev/null
@@ -1,23 +0,0 @@
-#ifndef __BPF_SYS__
-#define __BPF_SYS__
-
-#include <sys/syscall.h>
-#include <linux/bpf.h>
-
-static inline __u64 bpf_ptr_to_u64(const void *ptr)
-{
- return (__u64) (unsigned long) ptr;
-}
-
-static inline int bpf_lookup_elem(int fd, void *key, void *value)
-{
- union bpf_attr attr = {
- .map_fd = fd,
- .key = bpf_ptr_to_u64(key),
- .value = bpf_ptr_to_u64(value),
- };
-
- return syscall(__NR_bpf, BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr));
-}
-
-#endif /* __BPF_SYS__ */
diff --git a/examples/bpf/bpf_tailcall.c b/examples/bpf/bpf_tailcall.c
index 040790d..1a30426 100644
--- a/examples/bpf/bpf_tailcall.c
+++ b/examples/bpf/bpf_tailcall.c
@@ -26,20 +26,40 @@
* classifier behaviour.
*/
-BPF_PROG_ARRAY(jmp_tc, FOO, PIN_OBJECT_NS, MAX_JMP_SIZE);
-BPF_PROG_ARRAY(jmp_ex, BAR, PIN_OBJECT_NS, 1);
+struct bpf_elf_map __section_maps jmp_tc = {
+ .type = BPF_MAP_TYPE_PROG_ARRAY,
+ .id = FOO,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .pinning = PIN_OBJECT_NS,
+ .max_elem = MAX_JMP_SIZE,
+};
-BPF_ARRAY4(map_sh, 0, PIN_OBJECT_NS, 1);
+struct bpf_elf_map __section_maps jmp_ex = {
+ .type = BPF_MAP_TYPE_PROG_ARRAY,
+ .id = BAR,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .pinning = PIN_OBJECT_NS,
+ .max_elem = 1,
+};
+
+struct bpf_elf_map __section_maps map_sh = {
+ .type = BPF_MAP_TYPE_ARRAY,
+ .size_key = sizeof(uint32_t),
+ .size_value = sizeof(uint32_t),
+ .pinning = PIN_OBJECT_NS,
+ .max_elem = 1,
+};
__section_tail(FOO, ENTRY_0)
int cls_case1(struct __sk_buff *skb)
{
- char fmt[] = "case1: map-val: %d from:%u\n";
int key = 0, *val;
val = map_lookup_elem(&map_sh, &key);
if (val)
- trace_printk(fmt, sizeof(fmt), *val, skb->cb[0]);
+ printt("case1: map-val: %d from:%u\n", *val, skb->cb[0]);
skb->cb[0] = ENTRY_0;
tail_call(skb, &jmp_ex, ENTRY_0);
@@ -50,12 +70,11 @@
__section_tail(FOO, ENTRY_1)
int cls_case2(struct __sk_buff *skb)
{
- char fmt[] = "case2: map-val: %d from:%u\n";
int key = 0, *val;
val = map_lookup_elem(&map_sh, &key);
if (val)
- trace_printk(fmt, sizeof(fmt), *val, skb->cb[0]);
+ printt("case2: map-val: %d from:%u\n", *val, skb->cb[0]);
skb->cb[0] = ENTRY_1;
tail_call(skb, &jmp_tc, ENTRY_0);
@@ -66,12 +85,11 @@
__section_tail(BAR, ENTRY_0)
int cls_exit(struct __sk_buff *skb)
{
- char fmt[] = "exit: map-val: %d from:%u\n";
int key = 0, *val;
val = map_lookup_elem(&map_sh, &key);
if (val)
- trace_printk(fmt, sizeof(fmt), *val, skb->cb[0]);
+ printt("exit: map-val: %d from:%u\n", *val, skb->cb[0]);
/* Termination point. */
return BPF_H_DEFAULT;
@@ -80,7 +98,6 @@
__section_cls_entry
int cls_entry(struct __sk_buff *skb)
{
- char fmt[] = "fallthrough\n";
int key = 0, *val;
/* For transferring state, we can use skb->cb[0] ... skb->cb[4]. */
@@ -92,7 +109,7 @@
tail_call(skb, &jmp_tc, skb->hash & (MAX_JMP_SIZE - 1));
}
- trace_printk(fmt, sizeof(fmt));
+ printt("fallthrough\n");
return BPF_H_DEFAULT;
}
diff --git a/examples/cbq.init-v0.7.3 b/examples/cbq.init-v0.7.3
index 1bc0d44..66448d8 100644
--- a/examples/cbq.init-v0.7.3
+++ b/examples/cbq.init-v0.7.3
@@ -532,7 +532,7 @@
### Prefixed message
cbq_message () {
- echo -e "**CBQ: $@"
+ echo -e "**CBQ: $*"
} # cbq_message
### Failure message
@@ -560,15 +560,15 @@
### Display CBQ setup
cbq_show () {
for dev in `cbq_device_list`; do
- [ `tc qdisc show dev $dev| wc -l` -eq 0 ] && continue
+ [ "`tc qdisc show dev $dev| wc -l`" -eq 0 ] && continue
echo -e "### $dev: queueing disciplines\n"
tc $1 qdisc show dev $dev; echo
- [ `tc class show dev $dev| wc -l` -eq 0 ] && continue
+ [ "`tc class show dev $dev| wc -l`" -eq 0 ] && continue
echo -e "### $dev: traffic classes\n"
tc $1 class show dev $dev; echo
- [ `tc filter show dev $dev| wc -l` -eq 0 ] && continue
+ [ "`tc filter show dev $dev| wc -l`" -eq 0 ] && continue
echo -e "### $dev: filtering rules\n"
tc $1 filter show dev $dev; echo
done
@@ -585,7 +585,7 @@
### Gather all DEVICE fields from $1/cbq-*
DEVFIELDS=`find $1 -maxdepth 1 \( -type f -or -type l \) -name 'cbq-*' \
- -not -name '*~' | xargs sed -n 's/#.*//; \
+ -not -name '*~' -print0 | xargs -0 sed -n 's/#.*//; \
s/[[:space:]]//g; /^DEVICE=[^,]*,[^,]*\(,[^,]*\)\?/ \
{ s/.*=//; p; }'| sort -u`
[ -z "$DEVFIELDS" ] &&
@@ -593,7 +593,7 @@
### Check for different DEVICE fields for the same device
DEVICES=`echo "$DEVFIELDS"| sed 's/,.*//'| sort -u`
- [ `echo "$DEVICES"| wc -l` -ne `echo "$DEVFIELDS"| wc -l` ] &&
+ [ "`echo "$DEVICES"| wc -l`" -ne "`echo "$DEVFIELDS"| wc -l`" ] &&
cbq_failure "different DEVICE fields for single device!\n$DEVFIELDS"
} # cbq_init
@@ -618,7 +618,7 @@
PRIO_MARK=$PRIO_MARK_DEFAULT
PRIO_REALM=$PRIO_REALM_DEFAULT
- eval `echo "$CFILE"| grep -E "^($CBQ_WORDS)="`
+ eval "`echo "$CFILE"| grep -E "^($CBQ_WORDS)="`"
### Require RATE/WEIGHT
[ -z "$RATE" -o -z "$WEIGHT" ] &&
@@ -661,7 +661,7 @@
### echo-only version of "tc" command
tc () {
- echo "$TC $@"
+ echo "$TC $*"
} # tc
elif [ -n "$CBQ_DEBUG" ]; then
@@ -669,13 +669,13 @@
### Logging version of "ip" command
ip () {
- echo -e "\n# ip $@" >> $CBQ_DEBUG
+ echo -e "\n# ip $*" >> $CBQ_DEBUG
$IP "$@" 2>&1 | tee -a $CBQ_DEBUG
} # ip
### Logging version of "tc" command
tc () {
- echo -e "\n# tc $@" >> $CBQ_DEBUG
+ echo -e "\n# tc $*" >> $CBQ_DEBUG
$TC "$@" 2>&1 | tee -a $CBQ_DEBUG
} # tc
else
@@ -711,8 +711,8 @@
### validate the cache
[ "$2" = "invalidate" -o ! -f $CBQ_CACHE ] && VALID=0
if [ $VALID -eq 1 ]; then
- [ `find $CBQ_PATH -maxdepth 1 -newer $CBQ_CACHE| \
- wc -l` -gt 0 ] && VALID=0
+ [ "`find $CBQ_PATH -maxdepth 1 -newer $CBQ_CACHE| \
+ wc -l`" -gt 0 ] && VALID=0
fi
### compile the config if the cache is invalid
diff --git a/genl/Makefile b/genl/Makefile
index 03d1f26..de1635e 100644
--- a/genl/Makefile
+++ b/genl/Makefile
@@ -1,6 +1,6 @@
GENLOBJ=genl.o
-include ../Config
+include ../config.mk
SHARED_LIBS ?= y
CFLAGS += -fno-strict-aliasing
@@ -20,6 +20,7 @@
all: genl
genl: $(GENLOBJ) $(LIBNETLINK) $(LIBUTIL) $(GENLLIB)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
install: all
install -m 0755 genl $(DESTDIR)$(SBINDIR)
diff --git a/genl/ctrl.c b/genl/ctrl.c
index b7a8878..448988e 100644
--- a/genl/ctrl.c
+++ b/genl/ctrl.c
@@ -42,23 +42,19 @@
int genl_ctrl_resolve_family(const char *family)
{
struct rtnl_handle rth;
- struct nlmsghdr *nlh;
- struct genlmsghdr *ghdr;
int ret = 0;
struct {
struct nlmsghdr n;
+ struct genlmsghdr g;
char buf[4096];
- } req;
-
- memset(&req, 0, sizeof(req));
-
- nlh = &req.n;
- nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN);
- nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
- nlh->nlmsg_type = GENL_ID_CTRL;
-
- ghdr = NLMSG_DATA(&req.n);
- ghdr->cmd = CTRL_CMD_GETFAMILY;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN),
+ .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,
+ .n.nlmsg_type = GENL_ID_CTRL,
+ .g.cmd = CTRL_CMD_GETFAMILY,
+ };
+ struct nlmsghdr *nlh = &req.n;
+ struct genlmsghdr *ghdr = &req.g;
if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) {
fprintf(stderr, "Cannot open generic netlink socket\n");
@@ -74,7 +70,6 @@
{
struct rtattr *tb[CTRL_ATTR_MAX + 1];
- struct genlmsghdr *ghdr = NLMSG_DATA(nlh);
int len = nlh->nlmsg_len;
struct rtattr *attrs;
@@ -132,7 +127,7 @@
fprintf(fp, "\n");
}
-
+
static int print_ctrl_cmds(FILE *fp, struct rtattr *arg, __u32 ctrl_ver)
{
struct rtattr *tb[CTRL_ATTR_OP_MAX + 1];
@@ -291,24 +286,19 @@
static int ctrl_list(int cmd, int argc, char **argv)
{
struct rtnl_handle rth;
- struct nlmsghdr *nlh;
- struct genlmsghdr *ghdr;
int ret = -1;
char d[GENL_NAMSIZ];
struct {
struct nlmsghdr n;
+ struct genlmsghdr g;
char buf[4096];
- } req;
-
- memset(&req, 0, sizeof(req));
-
- nlh = &req.n;
- nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN);
- nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
- nlh->nlmsg_type = GENL_ID_CTRL;
-
- ghdr = NLMSG_DATA(&req.n);
- ghdr->cmd = CTRL_CMD_GETFAMILY;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN),
+ .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,
+ .n.nlmsg_type = GENL_ID_CTRL,
+ .g.cmd = CTRL_CMD_GETFAMILY,
+ };
+ struct nlmsghdr *nlh = &req.n;
if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC) < 0) {
fprintf(stderr, "Cannot open generic netlink socket\n");
@@ -323,7 +313,7 @@
if (matches(*argv, "name") == 0) {
NEXT_ARG();
- strncpy(d, *argv, sizeof (d) - 1);
+ strlcpy(d, *argv, sizeof(d));
addattr_l(nlh, 128, CTRL_ATTR_FAMILY_NAME,
d, strlen(d) + 1);
} else if (matches(*argv, "id") == 0) {
diff --git a/genl/genl.c b/genl/genl.c
index e33fafd..7e4a208 100644
--- a/genl/genl.c
+++ b/genl/genl.c
@@ -30,7 +30,6 @@
int show_stats = 0;
int show_details = 0;
int show_raw = 0;
-int resolve_hosts = 0;
static void *BODY;
static struct genl_util * genl_list;
@@ -86,9 +85,8 @@
return f;
noexist:
- f = malloc(sizeof(*f));
+ f = calloc(1, sizeof(*f));
if (f) {
- memset(f, 0, sizeof(*f));
strncpy(f->name, str, 15);
f->parse_genlopt = parse_nofopt;
f->print_genlopt = print_nofopt;
diff --git a/include/SNAPSHOT.h b/include/SNAPSHOT.h
index 58d3632..576b11a 100644
--- a/include/SNAPSHOT.h
+++ b/include/SNAPSHOT.h
@@ -1 +1 @@
-static const char SNAPSHOT[] = "160111";
+static const char SNAPSHOT[] = "171113";
diff --git a/include/bpf_api.h b/include/bpf_api.h
index 0666a31..d132471 100644
--- a/include/bpf_api.h
+++ b/include/bpf_api.h
@@ -56,6 +56,10 @@
# define ntohl(X) __constant_ntohl((X))
#endif
+#ifndef __inline__
+# define __inline__ __attribute__((always_inline))
+#endif
+
/** Section helper macros. */
#ifndef __section
@@ -68,6 +72,11 @@
__section(__stringify(ID) "/" __stringify(KEY))
#endif
+#ifndef __section_xdp_entry
+# define __section_xdp_entry \
+ __section(ELF_SECTION_PROG)
+#endif
+
#ifndef __section_cls_entry
# define __section_cls_entry \
__section(ELF_SECTION_CLASSIFIER)
@@ -78,6 +87,11 @@
__section(ELF_SECTION_ACTION)
#endif
+#ifndef __section_lwt_entry
+# define __section_lwt_entry \
+ __section(ELF_SECTION_PROG)
+#endif
+
#ifndef __section_license
# define __section_license \
__section(ELF_SECTION_LICENSE)
@@ -95,62 +109,22 @@
char ____license[] __section_license = NAME
#endif
-#ifndef __BPF_MAP
-# define __BPF_MAP(NAME, TYPE, ID, SIZE_KEY, SIZE_VALUE, PIN, MAX_ELEM) \
- struct bpf_elf_map __section_maps NAME = { \
- .type = (TYPE), \
- .id = (ID), \
- .size_key = (SIZE_KEY), \
- .size_value = (SIZE_VALUE), \
- .pinning = (PIN), \
- .max_elem = (MAX_ELEM), \
- }
-#endif
-
-#ifndef BPF_HASH
-# define BPF_HASH(NAME, ID, SIZE_KEY, SIZE_VALUE, PIN, MAX_ELEM) \
- __BPF_MAP(NAME, BPF_MAP_TYPE_HASH, ID, SIZE_KEY, SIZE_VALUE, \
- PIN, MAX_ELEM)
-#endif
-
-#ifndef BPF_ARRAY
-# define BPF_ARRAY(NAME, ID, SIZE_VALUE, PIN, MAX_ELEM) \
- __BPF_MAP(NAME, BPF_MAP_TYPE_ARRAY, ID, sizeof(uint32_t), \
- SIZE_VALUE, PIN, MAX_ELEM)
-#endif
-
-#ifndef BPF_ARRAY2
-# define BPF_ARRAY2(NAME, ID, PIN, MAX_ELEM) \
- BPF_ARRAY(NAME, ID, sizeof(uint16_t), PIN, MAX_ELEM)
-#endif
-
-#ifndef BPF_ARRAY4
-# define BPF_ARRAY4(NAME, ID, PIN, MAX_ELEM) \
- BPF_ARRAY(NAME, ID, sizeof(uint32_t), PIN, MAX_ELEM)
-#endif
-
-#ifndef BPF_ARRAY8
-# define BPF_ARRAY8(NAME, ID, PIN, MAX_ELEM) \
- BPF_ARRAY(NAME, ID, sizeof(uint64_t), PIN, MAX_ELEM)
-#endif
-
-#ifndef BPF_PROG_ARRAY
-# define BPF_PROG_ARRAY(NAME, ID, PIN, MAX_ELEM) \
- __BPF_MAP(NAME, BPF_MAP_TYPE_PROG_ARRAY, ID, sizeof(uint32_t), \
- sizeof(uint32_t), PIN, MAX_ELEM)
-#endif
-
/** Classifier helper */
#ifndef BPF_H_DEFAULT
# define BPF_H_DEFAULT -1
#endif
-/** BPF helper functions for tc. */
+/** BPF helper functions for tc. Individual flags are in linux/bpf.h */
+
+#ifndef __BPF_FUNC
+# define __BPF_FUNC(NAME, ...) \
+ (* NAME)(__VA_ARGS__) __maybe_unused
+#endif
#ifndef BPF_FUNC
# define BPF_FUNC(NAME, ...) \
- (* NAME)(__VA_ARGS__) __maybe_unused = (void *) BPF_FUNC_##NAME
+ __BPF_FUNC(NAME, __VA_ARGS__) = (void *) BPF_FUNC_##NAME
#endif
/* Map access/manipulation */
@@ -163,8 +137,22 @@
static uint64_t BPF_FUNC(ktime_get_ns);
/* Debugging */
+
+/* FIXME: __attribute__ ((format(printf, 1, 3))) not possible unless
+ * llvm bug https://llvm.org/bugs/show_bug.cgi?id=26243 gets resolved.
+ * It would require ____fmt to be made const, which generates a reloc
+ * entry (non-map).
+ */
static void BPF_FUNC(trace_printk, const char *fmt, int fmt_size, ...);
+#ifndef printt
+# define printt(fmt, ...) \
+ ({ \
+ char ____fmt[] = fmt; \
+ trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__); \
+ })
+#endif
+
/* Random numbers */
static uint32_t BPF_FUNC(get_prandom_u32);
@@ -174,10 +162,15 @@
/* System helpers */
static uint32_t BPF_FUNC(get_smp_processor_id);
+static uint32_t BPF_FUNC(get_numa_node_id);
/* Packet misc meta data */
static uint32_t BPF_FUNC(get_cgroup_classid, struct __sk_buff *skb);
+static int BPF_FUNC(skb_under_cgroup, void *map, uint32_t index);
+
static uint32_t BPF_FUNC(get_route_realm, struct __sk_buff *skb);
+static uint32_t BPF_FUNC(get_hash_recalc, struct __sk_buff *skb);
+static uint32_t BPF_FUNC(set_hash_invalid, struct __sk_buff *skb);
/* Packet redirection */
static int BPF_FUNC(redirect, int ifindex, uint32_t flags);
@@ -185,16 +178,31 @@
uint32_t flags);
/* Packet manipulation */
-#define BPF_PSEUDO_HDR 0x10
-#define BPF_HAS_PSEUDO_HDR(flags) ((flags) & BPF_PSEUDO_HDR)
-#define BPF_HDR_FIELD_SIZE(flags) ((flags) & 0x0f)
-
+static int BPF_FUNC(skb_load_bytes, struct __sk_buff *skb, uint32_t off,
+ void *to, uint32_t len);
static int BPF_FUNC(skb_store_bytes, struct __sk_buff *skb, uint32_t off,
- void *from, uint32_t len, uint32_t flags);
+ const void *from, uint32_t len, uint32_t flags);
+
static int BPF_FUNC(l3_csum_replace, struct __sk_buff *skb, uint32_t off,
uint32_t from, uint32_t to, uint32_t flags);
static int BPF_FUNC(l4_csum_replace, struct __sk_buff *skb, uint32_t off,
uint32_t from, uint32_t to, uint32_t flags);
+static int BPF_FUNC(csum_diff, const void *from, uint32_t from_size,
+ const void *to, uint32_t to_size, uint32_t seed);
+static int BPF_FUNC(csum_update, struct __sk_buff *skb, uint32_t wsum);
+
+static int BPF_FUNC(skb_change_type, struct __sk_buff *skb, uint32_t type);
+static int BPF_FUNC(skb_change_proto, struct __sk_buff *skb, uint32_t proto,
+ uint32_t flags);
+static int BPF_FUNC(skb_change_tail, struct __sk_buff *skb, uint32_t nlen,
+ uint32_t flags);
+
+static int BPF_FUNC(skb_pull_data, struct __sk_buff *skb, uint32_t len);
+
+/* Event notification */
+static int __BPF_FUNC(skb_event_output, struct __sk_buff *skb, void *map,
+ uint64_t index, const void *data, uint32_t size) =
+ (void *) BPF_FUNC_perf_event_output;
/* Packet vlan encap/decap */
static int BPF_FUNC(skb_vlan_push, struct __sk_buff *skb, uint16_t proto,
@@ -205,14 +213,42 @@
static int BPF_FUNC(skb_get_tunnel_key, struct __sk_buff *skb,
struct bpf_tunnel_key *to, uint32_t size, uint32_t flags);
static int BPF_FUNC(skb_set_tunnel_key, struct __sk_buff *skb,
- struct bpf_tunnel_key *from, uint32_t size, uint32_t flags);
+ const struct bpf_tunnel_key *from, uint32_t size,
+ uint32_t flags);
-/** LLVM built-ins */
+static int BPF_FUNC(skb_get_tunnel_opt, struct __sk_buff *skb,
+ void *to, uint32_t size);
+static int BPF_FUNC(skb_set_tunnel_opt, struct __sk_buff *skb,
+ const void *from, uint32_t size);
+
+/** LLVM built-ins, mem*() routines work for constant size */
#ifndef lock_xadd
# define lock_xadd(ptr, val) ((void) __sync_fetch_and_add(ptr, val))
#endif
+#ifndef memset
+# define memset(s, c, n) __builtin_memset((s), (c), (n))
+#endif
+
+#ifndef memcpy
+# define memcpy(d, s, n) __builtin_memcpy((d), (s), (n))
+#endif
+
+#ifndef memmove
+# define memmove(d, s, n) __builtin_memmove((d), (s), (n))
+#endif
+
+/* FIXME: __builtin_memcmp() is not yet fully useable unless llvm bug
+ * https://llvm.org/bugs/show_bug.cgi?id=26218 gets resolved. Also
+ * this one would generate a reloc entry (non-map), otherwise.
+ */
+#if 0
+#ifndef memcmp
+# define memcmp(a, b, n) __builtin_memcmp((a), (b), (n))
+#endif
+#endif
+
unsigned long long load_byte(void *skb, unsigned long long off)
asm ("llvm.bpf.load.byte");
diff --git a/include/bpf_elf.h b/include/bpf_elf.h
index 31a8974..406c308 100644
--- a/include/bpf_elf.h
+++ b/include/bpf_elf.h
@@ -15,6 +15,7 @@
/* ELF section names, etc */
#define ELF_SECTION_LICENSE "license"
#define ELF_SECTION_MAPS "maps"
+#define ELF_SECTION_PROG "prog"
#define ELF_SECTION_CLASSIFIER "classifier"
#define ELF_SECTION_ACTION "action"
@@ -32,8 +33,11 @@
__u32 size_key;
__u32 size_value;
__u32 max_elem;
+ __u32 flags;
__u32 id;
__u32 pinning;
+ __u32 inner_id;
+ __u32 inner_idx;
};
#endif /* __BPF_ELF__ */
diff --git a/include/bpf_scm.h b/include/bpf_scm.h
index 35117d1..122d59f 100644
--- a/include/bpf_scm.h
+++ b/include/bpf_scm.h
@@ -3,6 +3,7 @@
#include <sys/types.h>
#include <sys/socket.h>
+#include <sys/un.h>
#include "utils.h"
#include "bpf_elf.h"
diff --git a/include/bpf_util.h b/include/bpf_util.h
new file mode 100644
index 0000000..e818221
--- /dev/null
+++ b/include/bpf_util.h
@@ -0,0 +1,283 @@
+/*
+ * bpf_util.h BPF common code
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Daniel Borkmann <daniel@iogearbox.net>
+ * Jiri Pirko <jiri@resnulli.us>
+ */
+
+#ifndef __BPF_UTIL__
+#define __BPF_UTIL__
+
+#include <linux/bpf.h>
+#include <linux/filter.h>
+#include <linux/magic.h>
+#include <linux/elf-em.h>
+#include <linux/if_alg.h>
+
+#include "utils.h"
+#include "bpf_scm.h"
+
+#define BPF_ENV_UDS "TC_BPF_UDS"
+#define BPF_ENV_MNT "TC_BPF_MNT"
+
+#ifndef BPF_MAX_LOG
+# define BPF_MAX_LOG 4096
+#endif
+
+#define BPF_DIR_GLOBALS "globals"
+
+#ifndef BPF_FS_MAGIC
+# define BPF_FS_MAGIC 0xcafe4a11
+#endif
+
+#define BPF_DIR_MNT "/sys/fs/bpf"
+
+#ifndef TRACEFS_MAGIC
+# define TRACEFS_MAGIC 0x74726163
+#endif
+
+#define TRACE_DIR_MNT "/sys/kernel/tracing"
+
+#ifndef AF_ALG
+# define AF_ALG 38
+#endif
+
+#ifndef EM_BPF
+# define EM_BPF 247
+#endif
+
+struct bpf_cfg_ops {
+ void (*cbpf_cb)(void *nl, const struct sock_filter *ops, int ops_len);
+ void (*ebpf_cb)(void *nl, int fd, const char *annotation);
+};
+
+struct bpf_cfg_in {
+ const char *object;
+ const char *section;
+ const char *uds;
+ int argc;
+ char **argv;
+ struct sock_filter *ops;
+};
+
+/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
+
+#define BPF_ALU64_REG(OP, DST, SRC) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = 0, \
+ .imm = 0 })
+
+#define BPF_ALU32_REG(OP, DST, SRC) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU | BPF_OP(OP) | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = 0, \
+ .imm = 0 })
+
+/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
+
+#define BPF_ALU64_IMM(OP, DST, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM })
+
+#define BPF_ALU32_IMM(OP, DST, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU | BPF_OP(OP) | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM })
+
+/* Short form of mov, dst_reg = src_reg */
+
+#define BPF_MOV64_REG(DST, SRC) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU64 | BPF_MOV | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = 0, \
+ .imm = 0 })
+
+#define BPF_MOV32_REG(DST, SRC) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU | BPF_MOV | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = 0, \
+ .imm = 0 })
+
+/* Short form of mov, dst_reg = imm32 */
+
+#define BPF_MOV64_IMM(DST, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU64 | BPF_MOV | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM })
+
+#define BPF_MOV32_IMM(DST, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_ALU | BPF_MOV | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM })
+
+/* BPF_LD_IMM64 macro encodes single 'load 64-bit immediate' insn */
+#define BPF_LD_IMM64(DST, IMM) \
+ BPF_LD_IMM64_RAW(DST, 0, IMM)
+
+#define BPF_LD_IMM64_RAW(DST, SRC, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_LD | BPF_DW | BPF_IMM, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = 0, \
+ .imm = (__u32) (IMM) }), \
+ ((struct bpf_insn) { \
+ .code = 0, /* zero is reserved opcode */ \
+ .dst_reg = 0, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = ((__u64) (IMM)) >> 32 })
+
+#ifndef BPF_PSEUDO_MAP_FD
+# define BPF_PSEUDO_MAP_FD 1
+#endif
+
+/* pseudo BPF_LD_IMM64 insn used to refer to process-local map_fd */
+#define BPF_LD_MAP_FD(DST, MAP_FD) \
+ BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD)
+
+
+/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */
+
+#define BPF_LD_ABS(SIZE, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \
+ .dst_reg = 0, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM })
+
+/* Memory load, dst_reg = *(uint *) (src_reg + off16) */
+
+#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \
+ ((struct bpf_insn) { \
+ .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = OFF, \
+ .imm = 0 })
+
+/* Memory store, *(uint *) (dst_reg + off16) = src_reg */
+
+#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \
+ ((struct bpf_insn) { \
+ .code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = OFF, \
+ .imm = 0 })
+
+/* Memory store, *(uint *) (dst_reg + off16) = imm32 */
+
+#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \
+ ((struct bpf_insn) { \
+ .code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = OFF, \
+ .imm = IMM })
+
+/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
+
+#define BPF_JMP_REG(OP, DST, SRC, OFF) \
+ ((struct bpf_insn) { \
+ .code = BPF_JMP | BPF_OP(OP) | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = OFF, \
+ .imm = 0 })
+
+/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
+
+#define BPF_JMP_IMM(OP, DST, IMM, OFF) \
+ ((struct bpf_insn) { \
+ .code = BPF_JMP | BPF_OP(OP) | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = OFF, \
+ .imm = IMM })
+
+/* Raw code statement block */
+
+#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \
+ ((struct bpf_insn) { \
+ .code = CODE, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = OFF, \
+ .imm = IMM })
+
+/* Program exit */
+
+#define BPF_EXIT_INSN() \
+ ((struct bpf_insn) { \
+ .code = BPF_JMP | BPF_EXIT, \
+ .dst_reg = 0, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = 0 })
+
+int bpf_parse_common(enum bpf_prog_type type, struct bpf_cfg_in *cfg,
+ const struct bpf_cfg_ops *ops, void *nl);
+
+const char *bpf_prog_to_default_section(enum bpf_prog_type type);
+
+int bpf_graft_map(const char *map_path, uint32_t *key, int argc, char **argv);
+int bpf_trace_pipe(void);
+
+void bpf_print_ops(FILE *f, struct rtattr *bpf_ops, __u16 len);
+
+int bpf_prog_load(enum bpf_prog_type type, const struct bpf_insn *insns,
+ size_t size_insns, const char *license, char *log,
+ size_t size_log);
+
+int bpf_prog_attach_fd(int prog_fd, int target_fd, enum bpf_attach_type type);
+int bpf_prog_detach_fd(int target_fd, enum bpf_attach_type type);
+
+int bpf_dump_prog_info(FILE *f, uint32_t id);
+
+#ifdef HAVE_ELF
+int bpf_send_map_fds(const char *path, const char *obj);
+int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux,
+ unsigned int entries);
+#else
+static inline int bpf_send_map_fds(const char *path, const char *obj)
+{
+ return 0;
+}
+
+static inline int bpf_recv_map_fds(const char *path, int *fds,
+ struct bpf_map_aux *aux,
+ unsigned int entries)
+{
+ return -1;
+}
+#endif /* HAVE_ELF */
+#endif /* __BPF_UTIL__ */
diff --git a/include/color.h b/include/color.h
index b85003a..7fd685d 100644
--- a/include/color.h
+++ b/include/color.h
@@ -7,10 +7,15 @@
COLOR_INET,
COLOR_INET6,
COLOR_OPERSTATE_UP,
- COLOR_OPERSTATE_DOWN
+ COLOR_OPERSTATE_DOWN,
+ COLOR_NONE
};
void enable_color(void);
+void check_if_color_enabled(void);
+void set_color_palette(void);
int color_fprintf(FILE *fp, enum color_attr attr, const char *fmt, ...);
+enum color_attr ifa_family_color(__u8 ifa_family);
+enum color_attr oper_state_color(__u8 state);
#endif
diff --git a/include/hlist.h b/include/hlist.h
deleted file mode 100644
index 4e8de9e..0000000
--- a/include/hlist.h
+++ /dev/null
@@ -1,56 +0,0 @@
-#ifndef __HLIST_H__
-#define __HLIST_H__ 1
-/* Hash list stuff from kernel */
-
-#include <stddef.h>
-
-#define container_of(ptr, type, member) ({ \
- const typeof( ((type *)0)->member ) *__mptr = (ptr); \
- (type *)( (char *)__mptr - offsetof(type,member) );})
-
-struct hlist_head {
- struct hlist_node *first;
-};
-
-struct hlist_node {
- struct hlist_node *next, **pprev;
-};
-
-static inline void hlist_del(struct hlist_node *n)
-{
- struct hlist_node *next = n->next;
- struct hlist_node **pprev = n->pprev;
- *pprev = next;
- if (next)
- next->pprev = pprev;
-}
-
-static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h)
-{
- struct hlist_node *first = h->first;
- n->next = first;
- if (first)
- first->pprev = &n->next;
- h->first = n;
- n->pprev = &h->first;
-}
-
-#define hlist_for_each(pos, head) \
- for (pos = (head)->first; pos ; pos = pos->next)
-
-
-#define hlist_for_each_safe(pos, n, head) \
- for (pos = (head)->first; pos && ({ n = pos->next; 1; }); \
- pos = n)
-
-#define hlist_entry_safe(ptr, type, member) \
- ({ typeof(ptr) ____ptr = (ptr); \
- ____ptr ? hlist_entry(____ptr, type, member) : NULL; \
- })
-
-#define hlist_for_each_entry(pos, head, member) \
- for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\
- pos; \
- pos = hlist_entry_safe((pos)->member.next, typeof(*(pos)), member))
-
-#endif /* __HLIST_H__ */
diff --git a/include/iptables_common.h b/include/iptables_common.h
deleted file mode 100644
index 9099667..0000000
--- a/include/iptables_common.h
+++ /dev/null
@@ -1,51 +0,0 @@
-#ifndef _IPTABLES_COMMON_H
-#define _IPTABLES_COMMON_H
-/* Shared definitions between ipv4 and ipv6. */
-
-enum exittype {
- OTHER_PROBLEM = 1,
- PARAMETER_PROBLEM,
- VERSION_PROBLEM,
- RESOURCE_PROBLEM
-};
-
-/* this is a special 64bit data type that is 8-byte aligned */
-#define aligned_u64 unsigned long long __attribute__((aligned(8)))
-
-extern void exit_printhelp(void) __attribute__((noreturn));
-extern void exit_tryhelp(int) __attribute__((noreturn));
-int check_inverse(const char option[], int *invert, int *optind, int argc);
-extern int string_to_number(const char *,
- unsigned int,
- unsigned int,
- unsigned int *);
-extern int string_to_number_l(const char *,
- unsigned long int,
- unsigned long int,
- unsigned long *);
-extern int string_to_number_ll(const char *,
- unsigned long long int,
- unsigned long long int,
- unsigned long long *);
-extern int iptables_insmod(const char *modname, const char *modprobe);
-extern int load_iptables_ko(const char *modprobe);
-void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
- format(printf,2,3)));
-extern const char *program_name, *program_version;
-extern char *lib_dir;
-
-#define _init __attribute__((constructor)) my_init
-#ifdef NO_SHARED_LIBS
-# ifdef _INIT
-# undef _init
-# define _init _INIT
-# endif
- extern void init_extensions(void);
-#endif
-
-#define __be32 u_int32_t
-#define __le32 u_int32_t
-#define __be16 u_int16_t
-#define __le16 u_int16_t
-
-#endif /*_IPTABLES_COMMON_H*/
diff --git a/include/json_print.h b/include/json_print.h
new file mode 100644
index 0000000..dc4d2bb
--- /dev/null
+++ b/include/json_print.h
@@ -0,0 +1,69 @@
+/*
+ * json_print.h "print regular or json output, based on json_writer".
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Julien Fortin, <julien@cumulusnetworks.com>
+ */
+
+#ifndef _JSON_PRINT_H_
+#define _JSON_PRINT_H_
+
+#include "json_writer.h"
+#include "color.h"
+
+json_writer_t *get_json_writer(void);
+
+/*
+ * use:
+ * - PRINT_ANY for context based output
+ * - PRINT_FP for non json specific output
+ * - PRINT_JSON for json specific output
+ */
+enum output_type {
+ PRINT_FP = 1,
+ PRINT_JSON = 2,
+ PRINT_ANY = 4,
+};
+
+void new_json_obj(int json);
+void delete_json_obj(void);
+
+bool is_json_context(void);
+
+void fflush_fp(void);
+
+void open_json_object(const char *str);
+void close_json_object(void);
+void open_json_array(enum output_type type, const char *delim);
+void close_json_array(enum output_type type, const char *delim);
+
+#define _PRINT_FUNC(type_name, type) \
+ void print_color_##type_name(enum output_type t, \
+ enum color_attr color, \
+ const char *key, \
+ const char *fmt, \
+ type value); \
+ \
+ static inline void print_##type_name(enum output_type t, \
+ const char *key, \
+ const char *fmt, \
+ type value) \
+ { \
+ print_color_##type_name(t, COLOR_NONE, key, fmt, value); \
+ }
+_PRINT_FUNC(int, int);
+_PRINT_FUNC(bool, bool);
+_PRINT_FUNC(null, const char*);
+_PRINT_FUNC(string, const char*);
+_PRINT_FUNC(uint, uint64_t);
+_PRINT_FUNC(hu, unsigned short);
+_PRINT_FUNC(hex, unsigned int);
+_PRINT_FUNC(0xhex, unsigned int);
+_PRINT_FUNC(lluint, unsigned long long int);
+#undef _PRINT_FUNC
+
+#endif /* _JSON_PRINT_H_ */
diff --git a/include/json_writer.h b/include/json_writer.h
index ab9a008..1516aaf 100644
--- a/include/json_writer.h
+++ b/include/json_writer.h
@@ -33,20 +33,29 @@
void jsonw_name(json_writer_t *self, const char *name);
/* Add value */
+void jsonw_printf(json_writer_t *self, const char *fmt, ...);
void jsonw_string(json_writer_t *self, const char *value);
void jsonw_bool(json_writer_t *self, bool value);
void jsonw_float(json_writer_t *self, double number);
+void jsonw_float_fmt(json_writer_t *self, const char *fmt, double num);
void jsonw_uint(json_writer_t *self, uint64_t number);
+void jsonw_hu(json_writer_t *self, unsigned short number);
void jsonw_int(json_writer_t *self, int64_t number);
void jsonw_null(json_writer_t *self);
+void jsonw_lluint(json_writer_t *self, unsigned long long int num);
/* Useful Combinations of name and value */
void jsonw_string_field(json_writer_t *self, const char *prop, const char *val);
void jsonw_bool_field(json_writer_t *self, const char *prop, bool value);
void jsonw_float_field(json_writer_t *self, const char *prop, double num);
void jsonw_uint_field(json_writer_t *self, const char *prop, uint64_t num);
+void jsonw_hu_field(json_writer_t *self, const char *prop, unsigned short num);
void jsonw_int_field(json_writer_t *self, const char *prop, int64_t num);
void jsonw_null_field(json_writer_t *self, const char *prop);
+void jsonw_lluint_field(json_writer_t *self, const char *prop,
+ unsigned long long int num);
+void jsonw_float_field_fmt(json_writer_t *self, const char *prop,
+ const char *fmt, double val);
/* Collections */
void jsonw_start_object(json_writer_t *self);
diff --git a/include/libgenl.h b/include/libgenl.h
index 9db4baf..2dbb4b3 100644
--- a/include/libgenl.h
+++ b/include/libgenl.h
@@ -21,5 +21,7 @@
}
extern int genl_resolve_family(struct rtnl_handle *grth, const char *family);
+extern int genl_init_handle(struct rtnl_handle *grth, const char *family,
+ int *genl_family);
#endif /* __LIBGENL_H__ */
diff --git a/include/libnetlink.h b/include/libnetlink.h
index 431189e..69257f0 100644
--- a/include/libnetlink.h
+++ b/include/libnetlink.h
@@ -10,9 +10,9 @@
#include <linux/if_addr.h>
#include <linux/neighbour.h>
#include <linux/netconf.h>
+#include <arpa/inet.h>
-struct rtnl_handle
-{
+struct rtnl_handle {
int fd;
struct sockaddr_nl local;
struct sockaddr_nl peer;
@@ -21,15 +21,26 @@
int proto;
FILE *dump_fp;
#define RTNL_HANDLE_F_LISTEN_ALL_NSID 0x01
+#define RTNL_HANDLE_F_SUPPRESS_NLERR 0x02
int flags;
};
+struct nlmsg_list {
+ struct nlmsg_list *next;
+ struct nlmsghdr h;
+};
+
+struct nlmsg_chain {
+ struct nlmsg_list *head;
+ struct nlmsg_list *tail;
+};
+
extern int rcvbuf;
-int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions)
+int rtnl_open(struct rtnl_handle *rth, unsigned int subscriptions)
__attribute__((warn_unused_result));
-int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions,
+int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
int protocol)
__attribute__((warn_unused_result));
@@ -39,6 +50,15 @@
int rtnl_wilddump_req_filter(struct rtnl_handle *rth, int fam, int type,
__u32 filt_mask)
__attribute__((warn_unused_result));
+
+typedef int (*req_filter_fn_t)(struct nlmsghdr *nlh, int reqlen);
+
+int rtnl_wilddump_req_filter_fn(struct rtnl_handle *rth, int fam, int type,
+ req_filter_fn_t fn)
+ __attribute__((warn_unused_result));
+int rtnl_wilddump_stats_req_filter(struct rtnl_handle *rth, int fam, int type,
+ __u32 filt_mask)
+ __attribute__((warn_unused_result));
int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req,
int len)
__attribute__((warn_unused_result));
@@ -56,8 +76,10 @@
struct rtnl_ctrl_data *,
struct nlmsghdr *n, void *);
-struct rtnl_dump_filter_arg
-{
+typedef int (*nl_ext_ack_fn_t)(const char *errmsg, uint32_t off,
+ const struct nlmsghdr *inner_nlh);
+
+struct rtnl_dump_filter_arg {
rtnl_filter_t filter;
void *arg1;
__u16 nc_flags;
@@ -73,6 +95,12 @@
int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
struct nlmsghdr *answer, size_t len)
__attribute__((warn_unused_result));
+int rtnl_talk_extack(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t len, nl_ext_ack_fn_t errfn)
+ __attribute__((warn_unused_result));
+int rtnl_talk_suppress_rtnl_errmsg(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t len)
+ __attribute__((warn_unused_result));
int rtnl_send(struct rtnl_handle *rth, const void *buf, int)
__attribute__((warn_unused_result));
int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int)
@@ -133,13 +161,22 @@
{
return *(__u16 *)RTA_DATA(rta);
}
+static inline __be16 rta_getattr_be16(const struct rtattr *rta)
+{
+ return ntohs(rta_getattr_u16(rta));
+}
static inline __u32 rta_getattr_u32(const struct rtattr *rta)
{
return *(__u32 *)RTA_DATA(rta);
}
+static inline __be32 rta_getattr_be32(const struct rtattr *rta)
+{
+ return ntohl(rta_getattr_u32(rta));
+}
static inline __u64 rta_getattr_u64(const struct rtattr *rta)
{
__u64 tmp;
+
memcpy(&tmp, RTA_DATA(rta), sizeof(__u64));
return tmp;
}
@@ -159,42 +196,47 @@
#ifndef IFA_RTA
#define IFA_RTA(r) \
- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
#endif
#ifndef IFA_PAYLOAD
-#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
+#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct ifaddrmsg))
#endif
#ifndef IFLA_RTA
#define IFLA_RTA(r) \
- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
#endif
#ifndef IFLA_PAYLOAD
-#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
+#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct ifinfomsg))
#endif
#ifndef NDA_RTA
#define NDA_RTA(r) \
- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
#endif
#ifndef NDA_PAYLOAD
-#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
+#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct ndmsg))
#endif
#ifndef NDTA_RTA
#define NDTA_RTA(r) \
- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndtmsg))))
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct ndtmsg))))
#endif
#ifndef NDTA_PAYLOAD
-#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
+#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct ndtmsg))
#endif
#ifndef NETNS_RTA
#define NETNS_RTA(r) \
- ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct rtgenmsg))))
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct rtgenmsg))))
#endif
#ifndef NETNS_PAYLOAD
-#define NETNS_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct rtgenmsg))
+#define NETNS_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct rtgenmsg))
+#endif
+
+#ifndef IFLA_STATS_RTA
+#define IFLA_STATS_RTA(r) \
+ ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct if_stats_msg))))
#endif
/* User defined nlmsg_type which is used mostly for logging netlink
@@ -202,4 +244,3 @@
#define NLMSG_TSTAMP 15
#endif /* __LIBNETLINK_H__ */
-
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
deleted file mode 100644
index f970f9d..0000000
--- a/include/linux/bpf.h
+++ /dev/null
@@ -1,326 +0,0 @@
-/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of version 2 of the GNU General Public
- * License as published by the Free Software Foundation.
- */
-#ifndef __LINUX_BPF_H__
-#define __LINUX_BPF_H__
-
-#include <linux/types.h>
-#include <linux/bpf_common.h>
-
-/* Extended instruction set based on top of classic BPF */
-
-/* instruction classes */
-#define BPF_ALU64 0x07 /* alu mode in double word width */
-
-/* ld/ldx fields */
-#define BPF_DW 0x18 /* double word */
-#define BPF_XADD 0xc0 /* exclusive add */
-
-/* alu/jmp fields */
-#define BPF_MOV 0xb0 /* mov reg to reg */
-#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */
-
-/* change endianness of a register */
-#define BPF_END 0xd0 /* flags for endianness conversion: */
-#define BPF_TO_LE 0x00 /* convert to little-endian */
-#define BPF_TO_BE 0x08 /* convert to big-endian */
-#define BPF_FROM_LE BPF_TO_LE
-#define BPF_FROM_BE BPF_TO_BE
-
-#define BPF_JNE 0x50 /* jump != */
-#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */
-#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */
-#define BPF_CALL 0x80 /* function call */
-#define BPF_EXIT 0x90 /* function return */
-
-/* Register numbers */
-enum {
- BPF_REG_0 = 0,
- BPF_REG_1,
- BPF_REG_2,
- BPF_REG_3,
- BPF_REG_4,
- BPF_REG_5,
- BPF_REG_6,
- BPF_REG_7,
- BPF_REG_8,
- BPF_REG_9,
- BPF_REG_10,
- __MAX_BPF_REG,
-};
-
-/* BPF has 10 general purpose 64-bit registers and stack frame. */
-#define MAX_BPF_REG __MAX_BPF_REG
-
-struct bpf_insn {
- __u8 code; /* opcode */
- __u8 dst_reg:4; /* dest register */
- __u8 src_reg:4; /* source register */
- __s16 off; /* signed offset */
- __s32 imm; /* signed immediate constant */
-};
-
-/* BPF syscall commands, see bpf(2) man-page for details. */
-enum bpf_cmd {
- BPF_MAP_CREATE,
- BPF_MAP_LOOKUP_ELEM,
- BPF_MAP_UPDATE_ELEM,
- BPF_MAP_DELETE_ELEM,
- BPF_MAP_GET_NEXT_KEY,
- BPF_PROG_LOAD,
- BPF_OBJ_PIN,
- BPF_OBJ_GET,
-};
-
-enum bpf_map_type {
- BPF_MAP_TYPE_UNSPEC,
- BPF_MAP_TYPE_HASH,
- BPF_MAP_TYPE_ARRAY,
- BPF_MAP_TYPE_PROG_ARRAY,
- BPF_MAP_TYPE_PERF_EVENT_ARRAY,
-};
-
-enum bpf_prog_type {
- BPF_PROG_TYPE_UNSPEC,
- BPF_PROG_TYPE_SOCKET_FILTER,
- BPF_PROG_TYPE_KPROBE,
- BPF_PROG_TYPE_SCHED_CLS,
- BPF_PROG_TYPE_SCHED_ACT,
-};
-
-#define BPF_PSEUDO_MAP_FD 1
-
-/* flags for BPF_MAP_UPDATE_ELEM command */
-#define BPF_ANY 0 /* create new element or update existing */
-#define BPF_NOEXIST 1 /* create new element if it didn't exist */
-#define BPF_EXIST 2 /* update existing element */
-
-union bpf_attr {
- struct { /* anonymous struct used by BPF_MAP_CREATE command */
- __u32 map_type; /* one of enum bpf_map_type */
- __u32 key_size; /* size of key in bytes */
- __u32 value_size; /* size of value in bytes */
- __u32 max_entries; /* max number of entries in a map */
- };
-
- struct { /* anonymous struct used by BPF_MAP_*_ELEM commands */
- __u32 map_fd;
- __aligned_u64 key;
- union {
- __aligned_u64 value;
- __aligned_u64 next_key;
- };
- __u64 flags;
- };
-
- struct { /* anonymous struct used by BPF_PROG_LOAD command */
- __u32 prog_type; /* one of enum bpf_prog_type */
- __u32 insn_cnt;
- __aligned_u64 insns;
- __aligned_u64 license;
- __u32 log_level; /* verbosity level of verifier */
- __u32 log_size; /* size of user buffer */
- __aligned_u64 log_buf; /* user supplied buffer */
- __u32 kern_version; /* checked when prog_type=kprobe */
- };
-
- struct { /* anonymous struct used by BPF_OBJ_* commands */
- __aligned_u64 pathname;
- __u32 bpf_fd;
- };
-} __attribute__((aligned(8)));
-
-/* integer value in 'imm' field of BPF_CALL instruction selects which helper
- * function eBPF program intends to call
- */
-enum bpf_func_id {
- BPF_FUNC_unspec,
- BPF_FUNC_map_lookup_elem, /* void *map_lookup_elem(&map, &key) */
- BPF_FUNC_map_update_elem, /* int map_update_elem(&map, &key, &value, flags) */
- BPF_FUNC_map_delete_elem, /* int map_delete_elem(&map, &key) */
- BPF_FUNC_probe_read, /* int bpf_probe_read(void *dst, int size, void *src) */
- BPF_FUNC_ktime_get_ns, /* u64 bpf_ktime_get_ns(void) */
- BPF_FUNC_trace_printk, /* int bpf_trace_printk(const char *fmt, int fmt_size, ...) */
- BPF_FUNC_get_prandom_u32, /* u32 prandom_u32(void) */
- BPF_FUNC_get_smp_processor_id, /* u32 raw_smp_processor_id(void) */
-
- /**
- * skb_store_bytes(skb, offset, from, len, flags) - store bytes into packet
- * @skb: pointer to skb
- * @offset: offset within packet from skb->mac_header
- * @from: pointer where to copy bytes from
- * @len: number of bytes to store into packet
- * @flags: bit 0 - if true, recompute skb->csum
- * other bits - reserved
- * Return: 0 on success
- */
- BPF_FUNC_skb_store_bytes,
-
- /**
- * l3_csum_replace(skb, offset, from, to, flags) - recompute IP checksum
- * @skb: pointer to skb
- * @offset: offset within packet where IP checksum is located
- * @from: old value of header field
- * @to: new value of header field
- * @flags: bits 0-3 - size of header field
- * other bits - reserved
- * Return: 0 on success
- */
- BPF_FUNC_l3_csum_replace,
-
- /**
- * l4_csum_replace(skb, offset, from, to, flags) - recompute TCP/UDP checksum
- * @skb: pointer to skb
- * @offset: offset within packet where TCP/UDP checksum is located
- * @from: old value of header field
- * @to: new value of header field
- * @flags: bits 0-3 - size of header field
- * bit 4 - is pseudo header
- * other bits - reserved
- * Return: 0 on success
- */
- BPF_FUNC_l4_csum_replace,
-
- /**
- * bpf_tail_call(ctx, prog_array_map, index) - jump into another BPF program
- * @ctx: context pointer passed to next program
- * @prog_array_map: pointer to map which type is BPF_MAP_TYPE_PROG_ARRAY
- * @index: index inside array that selects specific program to run
- * Return: 0 on success
- */
- BPF_FUNC_tail_call,
-
- /**
- * bpf_clone_redirect(skb, ifindex, flags) - redirect to another netdev
- * @skb: pointer to skb
- * @ifindex: ifindex of the net device
- * @flags: bit 0 - if set, redirect to ingress instead of egress
- * other bits - reserved
- * Return: 0 on success
- */
- BPF_FUNC_clone_redirect,
-
- /**
- * u64 bpf_get_current_pid_tgid(void)
- * Return: current->tgid << 32 | current->pid
- */
- BPF_FUNC_get_current_pid_tgid,
-
- /**
- * u64 bpf_get_current_uid_gid(void)
- * Return: current_gid << 32 | current_uid
- */
- BPF_FUNC_get_current_uid_gid,
-
- /**
- * bpf_get_current_comm(char *buf, int size_of_buf)
- * stores current->comm into buf
- * Return: 0 on success
- */
- BPF_FUNC_get_current_comm,
-
- /**
- * bpf_get_cgroup_classid(skb) - retrieve a proc's classid
- * @skb: pointer to skb
- * Return: classid if != 0
- */
- BPF_FUNC_get_cgroup_classid,
- BPF_FUNC_skb_vlan_push, /* bpf_skb_vlan_push(skb, vlan_proto, vlan_tci) */
- BPF_FUNC_skb_vlan_pop, /* bpf_skb_vlan_pop(skb) */
-
- /**
- * bpf_skb_[gs]et_tunnel_key(skb, key, size, flags)
- * retrieve or populate tunnel metadata
- * @skb: pointer to skb
- * @key: pointer to 'struct bpf_tunnel_key'
- * @size: size of 'struct bpf_tunnel_key'
- * @flags: room for future extensions
- * Retrun: 0 on success
- */
- BPF_FUNC_skb_get_tunnel_key,
- BPF_FUNC_skb_set_tunnel_key,
- BPF_FUNC_perf_event_read, /* u64 bpf_perf_event_read(&map, index) */
- /**
- * bpf_redirect(ifindex, flags) - redirect to another netdev
- * @ifindex: ifindex of the net device
- * @flags: bit 0 - if set, redirect to ingress instead of egress
- * other bits - reserved
- * Return: TC_ACT_REDIRECT
- */
- BPF_FUNC_redirect,
-
- /**
- * bpf_get_route_realm(skb) - retrieve a dst's tclassid
- * @skb: pointer to skb
- * Return: realm if != 0
- */
- BPF_FUNC_get_route_realm,
-
- /**
- * bpf_perf_event_output(ctx, map, index, data, size) - output perf raw sample
- * @ctx: struct pt_regs*
- * @map: pointer to perf_event_array map
- * @index: index of event in the map
- * @data: data on stack to be output as raw data
- * @size: size of data
- * Return: 0 on success
- */
- BPF_FUNC_perf_event_output,
- BPF_FUNC_skb_load_bytes,
- __BPF_FUNC_MAX_ID,
-};
-
-/* All flags used by eBPF helper functions, placed here. */
-
-/* BPF_FUNC_skb_store_bytes flags. */
-#define BPF_F_RECOMPUTE_CSUM (1ULL << 0)
-
-/* BPF_FUNC_l3_csum_replace and BPF_FUNC_l4_csum_replace flags.
- * First 4 bits are for passing the header field size.
- */
-#define BPF_F_HDR_FIELD_MASK 0xfULL
-
-/* BPF_FUNC_l4_csum_replace flags. */
-#define BPF_F_PSEUDO_HDR (1ULL << 4)
-
-/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
-#define BPF_F_INGRESS (1ULL << 0)
-
-/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
-#define BPF_F_TUNINFO_IPV6 (1ULL << 0)
-
-/* user accessible mirror of in-kernel sk_buff.
- * new fields can only be added to the end of this structure
- */
-struct __sk_buff {
- __u32 len;
- __u32 pkt_type;
- __u32 mark;
- __u32 queue_mapping;
- __u32 protocol;
- __u32 vlan_present;
- __u32 vlan_tci;
- __u32 vlan_proto;
- __u32 priority;
- __u32 ingress_ifindex;
- __u32 ifindex;
- __u32 tc_index;
- __u32 cb[5];
- __u32 hash;
- __u32 tc_classid;
-};
-
-struct bpf_tunnel_key {
- __u32 tunnel_id;
- union {
- __u32 remote_ipv4;
- __u32 remote_ipv6[4];
- };
- __u8 tunnel_tos;
- __u8 tunnel_ttl;
-};
-
-#endif /* __LINUX_BPF_H__ */
diff --git a/include/linux/tc_act/tc_pedit.h b/include/linux/tc_act/tc_pedit.h
deleted file mode 100644
index 716cfab..0000000
--- a/include/linux/tc_act/tc_pedit.h
+++ /dev/null
@@ -1,34 +0,0 @@
-#ifndef __LINUX_TC_PED_H
-#define __LINUX_TC_PED_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TCA_ACT_PEDIT 7
-
-enum {
- TCA_PEDIT_UNSPEC,
- TCA_PEDIT_TM,
- TCA_PEDIT_PARMS,
- __TCA_PEDIT_MAX
-};
-#define TCA_PEDIT_MAX (__TCA_PEDIT_MAX - 1)
-
-struct tc_pedit_key {
- __u32 mask; /* AND */
- __u32 val; /*XOR */
- __u32 off; /*offset */
- __u32 at;
- __u32 offmask;
- __u32 shift;
-};
-
-struct tc_pedit_sel {
- tc_gen;
- unsigned char nkeys;
- unsigned char flags;
- struct tc_pedit_key keys[0];
-};
-#define tc_pedit tc_pedit_sel
-
-#endif
diff --git a/include/linux/tc_ematch/tc_em_text.h b/include/linux/tc_ematch/tc_em_text.h
deleted file mode 100644
index 5aac404..0000000
--- a/include/linux/tc_ematch/tc_em_text.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#ifndef __LINUX_TC_EM_TEXT_H
-#define __LINUX_TC_EM_TEXT_H
-
-#include <linux/types.h>
-#include <linux/pkt_cls.h>
-
-#define TC_EM_TEXT_ALGOSIZ 16
-
-struct tcf_em_text {
- char algo[TC_EM_TEXT_ALGOSIZ];
- __u16 from_offset;
- __u16 to_offset;
- __u16 pattern_len;
- __u8 from_layer:4;
- __u8 to_layer:4;
- __u8 pad;
-};
-
-#endif
diff --git a/include/list.h b/include/list.h
new file mode 100644
index 0000000..5b529dc
--- /dev/null
+++ b/include/list.h
@@ -0,0 +1,128 @@
+#ifndef __LIST_H__
+#define __LIST_H__ 1
+/* List and hash list stuff from kernel */
+
+#include <stddef.h>
+
+#define container_of(ptr, type, member) ({ \
+ const typeof( ((type *)0)->member ) *__mptr = (ptr); \
+ (type *)( (char *)__mptr - offsetof(type,member) );})
+
+struct list_head {
+ struct list_head *next, *prev;
+};
+
+static inline void INIT_LIST_HEAD(struct list_head *list)
+{
+ list->next = list;
+ list->prev = list;
+}
+
+static inline void __list_add(struct list_head *new,
+ struct list_head *prev,
+ struct list_head *next)
+{
+ next->prev = new;
+ new->next = next;
+ new->prev = prev;
+ prev->next = new;
+}
+
+static inline void list_add(struct list_head *new, struct list_head *head)
+{
+ __list_add(new, head, head->next);
+}
+
+static inline void list_add_tail(struct list_head *new, struct list_head *head)
+{
+ __list_add(new, head->prev, head);
+}
+
+static inline void __list_del(struct list_head *prev, struct list_head *next)
+{
+ next->prev = prev;
+ prev->next = next;
+}
+
+static inline void list_del(struct list_head *entry)
+{
+ __list_del(entry->prev, entry->next);
+}
+
+#define list_entry(ptr, type, member) \
+ container_of(ptr, type, member)
+
+#define list_first_entry(ptr, type, member) \
+ list_entry((ptr)->next, type, member)
+
+#define list_last_entry(ptr, type, member) \
+ list_entry((ptr)->prev, type, member)
+
+#define list_next_entry(pos, member) \
+ list_entry((pos)->member.next, typeof(*(pos)), member)
+
+#define list_prev_entry(pos, member) \
+ list_entry((pos)->member.prev, typeof(*(pos)), member)
+
+#define list_for_each_entry(pos, head, member) \
+ for (pos = list_first_entry(head, typeof(*pos), member); \
+ &pos->member != (head); \
+ pos = list_next_entry(pos, member))
+
+#define list_for_each_entry_safe(pos, n, head, member) \
+ for (pos = list_first_entry(head, typeof(*pos), member), \
+ n = list_next_entry(pos, member); \
+ &pos->member != (head); \
+ pos = n, n = list_next_entry(n, member))
+
+#define list_for_each_entry_reverse(pos, head, member) \
+ for (pos = list_last_entry(head, typeof(*pos), member); \
+ &pos->member != (head); \
+ pos = list_prev_entry(pos, member))
+
+struct hlist_head {
+ struct hlist_node *first;
+};
+
+struct hlist_node {
+ struct hlist_node *next, **pprev;
+};
+
+static inline void hlist_del(struct hlist_node *n)
+{
+ struct hlist_node *next = n->next;
+ struct hlist_node **pprev = n->pprev;
+ *pprev = next;
+ if (next)
+ next->pprev = pprev;
+}
+
+static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h)
+{
+ struct hlist_node *first = h->first;
+ n->next = first;
+ if (first)
+ first->pprev = &n->next;
+ h->first = n;
+ n->pprev = &h->first;
+}
+
+#define hlist_for_each(pos, head) \
+ for (pos = (head)->first; pos ; pos = pos->next)
+
+
+#define hlist_for_each_safe(pos, n, head) \
+ for (pos = (head)->first; pos && ({ n = pos->next; 1; }); \
+ pos = n)
+
+#define hlist_entry_safe(ptr, type, member) \
+ ({ typeof(ptr) ____ptr = (ptr); \
+ ____ptr ? hlist_entry(____ptr, type, member) : NULL; \
+ })
+
+#define hlist_for_each_entry(pos, head, member) \
+ for (pos = hlist_entry_safe((head)->first, typeof(*(pos)), member);\
+ pos; \
+ pos = hlist_entry_safe((pos)->member.next, typeof(*(pos)), member))
+
+#endif /* __LIST_H__ */
diff --git a/include/linux/atm.h b/include/uapi/linux/atm.h
similarity index 98%
rename from include/linux/atm.h
rename to include/uapi/linux/atm.h
index 08e27be..e33ff6b 100644
--- a/include/linux/atm.h
+++ b/include/uapi/linux/atm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* atm.h - general ATM declarations */
/* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */
diff --git a/include/linux/atmapi.h b/include/uapi/linux/atmapi.h
similarity index 93%
rename from include/linux/atmapi.h
rename to include/uapi/linux/atmapi.h
index 8fe54d9..c9bf5c2 100644
--- a/include/linux/atmapi.h
+++ b/include/uapi/linux/atmapi.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* atmapi.h - ATM API user space/kernel compatibility */
/* Written 1999,2000 by Werner Almesberger, EPFL ICA */
diff --git a/include/uapi/linux/atmarp.h b/include/uapi/linux/atmarp.h
new file mode 100644
index 0000000..8e44d12
--- /dev/null
+++ b/include/uapi/linux/atmarp.h
@@ -0,0 +1,42 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* atmarp.h - ATM ARP protocol and kernel-demon interface definitions */
+
+/* Written 1995-1999 by Werner Almesberger, EPFL LRC/ICA */
+
+
+#ifndef _LINUX_ATMARP_H
+#define _LINUX_ATMARP_H
+
+#include <linux/types.h>
+#include <linux/atmapi.h>
+#include <linux/atmioc.h>
+
+
+#define ATMARP_RETRY_DELAY 30 /* request next resolution or forget
+ NAK after 30 sec - should go into
+ atmclip.h */
+#define ATMARP_MAX_UNRES_PACKETS 5 /* queue that many packets while
+ waiting for the resolver */
+
+
+#define ATMARPD_CTRL _IO('a',ATMIOC_CLIP+1) /* become atmarpd ctrl sock */
+#define ATMARP_MKIP _IO('a',ATMIOC_CLIP+2) /* attach socket to IP */
+#define ATMARP_SETENTRY _IO('a',ATMIOC_CLIP+3) /* fill or hide ARP entry */
+#define ATMARP_ENCAP _IO('a',ATMIOC_CLIP+5) /* change encapsulation */
+
+
+enum atmarp_ctrl_type {
+ act_invalid, /* catch uninitialized structures */
+ act_need, /* need address resolution */
+ act_up, /* interface is coming up */
+ act_down, /* interface is going down */
+ act_change /* interface configuration has changed */
+};
+
+struct atmarp_ctrl {
+ enum atmarp_ctrl_type type; /* message type */
+ int itf_num;/* interface number (if present) */
+ __be32 ip; /* IP address (act_need only) */
+};
+
+#endif
diff --git a/include/uapi/linux/atmdev.h b/include/uapi/linux/atmdev.h
new file mode 100644
index 0000000..9bdb96a
--- /dev/null
+++ b/include/uapi/linux/atmdev.h
@@ -0,0 +1,216 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* atmdev.h - ATM device driver declarations and various related items */
+
+/* Written 1995-2000 by Werner Almesberger, EPFL LRC/ICA */
+
+
+#ifndef LINUX_ATMDEV_H
+#define LINUX_ATMDEV_H
+
+
+#include <linux/atmapi.h>
+#include <linux/atm.h>
+#include <linux/atmioc.h>
+
+
+#define ESI_LEN 6
+
+#define ATM_OC3_PCR (155520000/270*260/8/53)
+ /* OC3 link rate: 155520000 bps
+ SONET overhead: /270*260 (9 section, 1 path)
+ bits per cell: /8/53
+ max cell rate: 353207.547 cells/sec */
+#define ATM_25_PCR ((25600000/8-8000)/54)
+ /* 25 Mbps ATM cell rate (59111) */
+#define ATM_OC12_PCR (622080000/1080*1040/8/53)
+ /* OC12 link rate: 622080000 bps
+ SONET overhead: /1080*1040
+ bits per cell: /8/53
+ max cell rate: 1412830.188 cells/sec */
+#define ATM_DS3_PCR (8000*12)
+ /* DS3: 12 cells in a 125 usec time slot */
+
+
+#define __AAL_STAT_ITEMS \
+ __HANDLE_ITEM(tx); /* TX okay */ \
+ __HANDLE_ITEM(tx_err); /* TX errors */ \
+ __HANDLE_ITEM(rx); /* RX okay */ \
+ __HANDLE_ITEM(rx_err); /* RX errors */ \
+ __HANDLE_ITEM(rx_drop); /* RX out of memory */
+
+struct atm_aal_stats {
+#define __HANDLE_ITEM(i) int i
+ __AAL_STAT_ITEMS
+#undef __HANDLE_ITEM
+};
+
+
+struct atm_dev_stats {
+ struct atm_aal_stats aal0;
+ struct atm_aal_stats aal34;
+ struct atm_aal_stats aal5;
+} __ATM_API_ALIGN;
+
+
+#define ATM_GETLINKRATE _IOW('a',ATMIOC_ITF+1,struct atmif_sioc)
+ /* get link rate */
+#define ATM_GETNAMES _IOW('a',ATMIOC_ITF+3,struct atm_iobuf)
+ /* get interface names (numbers) */
+#define ATM_GETTYPE _IOW('a',ATMIOC_ITF+4,struct atmif_sioc)
+ /* get interface type name */
+#define ATM_GETESI _IOW('a',ATMIOC_ITF+5,struct atmif_sioc)
+ /* get interface ESI */
+#define ATM_GETADDR _IOW('a',ATMIOC_ITF+6,struct atmif_sioc)
+ /* get itf's local ATM addr. list */
+#define ATM_RSTADDR _IOW('a',ATMIOC_ITF+7,struct atmif_sioc)
+ /* reset itf's ATM address list */
+#define ATM_ADDADDR _IOW('a',ATMIOC_ITF+8,struct atmif_sioc)
+ /* add a local ATM address */
+#define ATM_DELADDR _IOW('a',ATMIOC_ITF+9,struct atmif_sioc)
+ /* remove a local ATM address */
+#define ATM_GETCIRANGE _IOW('a',ATMIOC_ITF+10,struct atmif_sioc)
+ /* get connection identifier range */
+#define ATM_SETCIRANGE _IOW('a',ATMIOC_ITF+11,struct atmif_sioc)
+ /* set connection identifier range */
+#define ATM_SETESI _IOW('a',ATMIOC_ITF+12,struct atmif_sioc)
+ /* set interface ESI */
+#define ATM_SETESIF _IOW('a',ATMIOC_ITF+13,struct atmif_sioc)
+ /* force interface ESI */
+#define ATM_ADDLECSADDR _IOW('a', ATMIOC_ITF+14, struct atmif_sioc)
+ /* register a LECS address */
+#define ATM_DELLECSADDR _IOW('a', ATMIOC_ITF+15, struct atmif_sioc)
+ /* unregister a LECS address */
+#define ATM_GETLECSADDR _IOW('a', ATMIOC_ITF+16, struct atmif_sioc)
+ /* retrieve LECS address(es) */
+
+#define ATM_GETSTAT _IOW('a',ATMIOC_SARCOM+0,struct atmif_sioc)
+ /* get AAL layer statistics */
+#define ATM_GETSTATZ _IOW('a',ATMIOC_SARCOM+1,struct atmif_sioc)
+ /* get AAL layer statistics and zero */
+#define ATM_GETLOOP _IOW('a',ATMIOC_SARCOM+2,struct atmif_sioc)
+ /* get loopback mode */
+#define ATM_SETLOOP _IOW('a',ATMIOC_SARCOM+3,struct atmif_sioc)
+ /* set loopback mode */
+#define ATM_QUERYLOOP _IOW('a',ATMIOC_SARCOM+4,struct atmif_sioc)
+ /* query supported loopback modes */
+#define ATM_SETSC _IOW('a',ATMIOC_SPECIAL+1,int)
+ /* enable or disable single-copy */
+#define ATM_SETBACKEND _IOW('a',ATMIOC_SPECIAL+2,atm_backend_t)
+ /* set backend handler */
+#define ATM_NEWBACKENDIF _IOW('a',ATMIOC_SPECIAL+3,atm_backend_t)
+ /* use backend to make new if */
+#define ATM_ADDPARTY _IOW('a', ATMIOC_SPECIAL+4,struct atm_iobuf)
+ /* add party to p2mp call */
+#ifdef CONFIG_COMPAT
+/* It actually takes struct sockaddr_atmsvc, not struct atm_iobuf */
+#define COMPAT_ATM_ADDPARTY _IOW('a', ATMIOC_SPECIAL+4,struct compat_atm_iobuf)
+#endif
+#define ATM_DROPPARTY _IOW('a', ATMIOC_SPECIAL+5,int)
+ /* drop party from p2mp call */
+
+/*
+ * These are backend handkers that can be set via the ATM_SETBACKEND call
+ * above. In the future we may support dynamic loading of these - for now,
+ * they're just being used to share the ATMIOC_BACKEND ioctls
+ */
+#define ATM_BACKEND_RAW 0
+#define ATM_BACKEND_PPP 1 /* PPPoATM - RFC2364 */
+#define ATM_BACKEND_BR2684 2 /* Bridged RFC1483/2684 */
+
+/* for ATM_GETTYPE */
+#define ATM_ITFTYP_LEN 8 /* maximum length of interface type name */
+
+/*
+ * Loopback modes for ATM_{PHY,SAR}_{GET,SET}LOOP
+ */
+
+/* Point of loopback CPU-->SAR-->PHY-->line--> ... */
+#define __ATM_LM_NONE 0 /* no loop back ^ ^ ^ ^ */
+#define __ATM_LM_AAL 1 /* loop back PDUs --' | | | */
+#define __ATM_LM_ATM 2 /* loop back ATM cells ---' | | */
+/* RESERVED 4 loop back on PHY side ---' */
+#define __ATM_LM_PHY 8 /* loop back bits (digital) ----' | */
+#define __ATM_LM_ANALOG 16 /* loop back the analog signal --------' */
+
+/* Direction of loopback */
+#define __ATM_LM_MKLOC(n) ((n)) /* Local (i.e. loop TX to RX) */
+#define __ATM_LM_MKRMT(n) ((n) << 8) /* Remote (i.e. loop RX to TX) */
+
+#define __ATM_LM_XTLOC(n) ((n) & 0xff)
+#define __ATM_LM_XTRMT(n) (((n) >> 8) & 0xff)
+
+#define ATM_LM_NONE 0 /* no loopback */
+
+#define ATM_LM_LOC_AAL __ATM_LM_MKLOC(__ATM_LM_AAL)
+#define ATM_LM_LOC_ATM __ATM_LM_MKLOC(__ATM_LM_ATM)
+#define ATM_LM_LOC_PHY __ATM_LM_MKLOC(__ATM_LM_PHY)
+#define ATM_LM_LOC_ANALOG __ATM_LM_MKLOC(__ATM_LM_ANALOG)
+
+#define ATM_LM_RMT_AAL __ATM_LM_MKRMT(__ATM_LM_AAL)
+#define ATM_LM_RMT_ATM __ATM_LM_MKRMT(__ATM_LM_ATM)
+#define ATM_LM_RMT_PHY __ATM_LM_MKRMT(__ATM_LM_PHY)
+#define ATM_LM_RMT_ANALOG __ATM_LM_MKRMT(__ATM_LM_ANALOG)
+
+/*
+ * Note: ATM_LM_LOC_* and ATM_LM_RMT_* can be combined, provided that
+ * __ATM_LM_XTLOC(x) <= __ATM_LM_XTRMT(x)
+ */
+
+
+struct atm_iobuf {
+ int length;
+ void *buffer;
+};
+
+/* for ATM_GETCIRANGE / ATM_SETCIRANGE */
+
+#define ATM_CI_MAX -1 /* use maximum range of VPI/VCI */
+
+struct atm_cirange {
+ signed char vpi_bits; /* 1..8, ATM_CI_MAX (-1) for maximum */
+ signed char vci_bits; /* 1..16, ATM_CI_MAX (-1) for maximum */
+};
+
+/* for ATM_SETSC; actually taken from the ATM_VF number space */
+
+#define ATM_SC_RX 1024 /* enable RX single-copy */
+#define ATM_SC_TX 2048 /* enable TX single-copy */
+
+#define ATM_BACKLOG_DEFAULT 32 /* if we get more, we're likely to time out
+ anyway */
+
+/* MF: change_qos (Modify) flags */
+
+#define ATM_MF_IMMED 1 /* Block until change is effective */
+#define ATM_MF_INC_RSV 2 /* Change reservation on increase */
+#define ATM_MF_INC_SHP 4 /* Change shaping on increase */
+#define ATM_MF_DEC_RSV 8 /* Change reservation on decrease */
+#define ATM_MF_DEC_SHP 16 /* Change shaping on decrease */
+#define ATM_MF_BWD 32 /* Set the backward direction parameters */
+
+#define ATM_MF_SET (ATM_MF_INC_RSV | ATM_MF_INC_SHP | ATM_MF_DEC_RSV | \
+ ATM_MF_DEC_SHP | ATM_MF_BWD)
+
+/*
+ * ATM_VS_* are used to express VC state in a human-friendly way.
+ */
+
+#define ATM_VS_IDLE 0 /* VC is not used */
+#define ATM_VS_CONNECTED 1 /* VC is connected */
+#define ATM_VS_CLOSING 2 /* VC is closing */
+#define ATM_VS_LISTEN 3 /* VC is listening for incoming setups */
+#define ATM_VS_INUSE 4 /* VC is in use (registered with atmsigd) */
+#define ATM_VS_BOUND 5 /* VC is bound */
+
+#define ATM_VS2TXT_MAP \
+ "IDLE", "CONNECTED", "CLOSING", "LISTEN", "INUSE", "BOUND"
+
+#define ATM_VF2TXT_MAP \
+ "ADDR", "READY", "PARTIAL", "REGIS", \
+ "RELEASED", "HASQOS", "LISTEN", "META", \
+ "256", "512", "1024", "2048", \
+ "SESSION", "HASSAP", "BOUND", "CLOSE"
+
+
+
+#endif /* LINUX_ATMDEV_H */
diff --git a/include/linux/atmioc.h b/include/uapi/linux/atmioc.h
similarity index 95%
rename from include/linux/atmioc.h
rename to include/uapi/linux/atmioc.h
index 37f67aa..cd7655e 100644
--- a/include/linux/atmioc.h
+++ b/include/uapi/linux/atmioc.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* atmioc.h - ranges for ATM-related ioctl numbers */
/* Written 1995-1999 by Werner Almesberger, EPFL LRC/ICA */
diff --git a/include/linux/atmsap.h b/include/uapi/linux/atmsap.h
similarity index 98%
rename from include/linux/atmsap.h
rename to include/uapi/linux/atmsap.h
index 799b104..fc05248 100644
--- a/include/linux/atmsap.h
+++ b/include/uapi/linux/atmsap.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* atmsap.h - ATM Service Access Point addressing definitions */
/* Written 1995-1999 by Werner Almesberger, EPFL LRC/ICA */
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
new file mode 100644
index 0000000..d52a93c
--- /dev/null
+++ b/include/uapi/linux/bpf.h
@@ -0,0 +1,867 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of version 2 of the GNU General Public
+ * License as published by the Free Software Foundation.
+ */
+#ifndef __LINUX_BPF_H__
+#define __LINUX_BPF_H__
+
+#include <linux/types.h>
+#include <linux/bpf_common.h>
+
+/* Extended instruction set based on top of classic BPF */
+
+/* instruction classes */
+#define BPF_ALU64 0x07 /* alu mode in double word width */
+
+/* ld/ldx fields */
+#define BPF_DW 0x18 /* double word */
+#define BPF_XADD 0xc0 /* exclusive add */
+
+/* alu/jmp fields */
+#define BPF_MOV 0xb0 /* mov reg to reg */
+#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */
+
+/* change endianness of a register */
+#define BPF_END 0xd0 /* flags for endianness conversion: */
+#define BPF_TO_LE 0x00 /* convert to little-endian */
+#define BPF_TO_BE 0x08 /* convert to big-endian */
+#define BPF_FROM_LE BPF_TO_LE
+#define BPF_FROM_BE BPF_TO_BE
+
+/* jmp encodings */
+#define BPF_JNE 0x50 /* jump != */
+#define BPF_JLT 0xa0 /* LT is unsigned, '<' */
+#define BPF_JLE 0xb0 /* LE is unsigned, '<=' */
+#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */
+#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */
+#define BPF_JSLT 0xc0 /* SLT is signed, '<' */
+#define BPF_JSLE 0xd0 /* SLE is signed, '<=' */
+#define BPF_CALL 0x80 /* function call */
+#define BPF_EXIT 0x90 /* function return */
+
+/* Register numbers */
+enum {
+ BPF_REG_0 = 0,
+ BPF_REG_1,
+ BPF_REG_2,
+ BPF_REG_3,
+ BPF_REG_4,
+ BPF_REG_5,
+ BPF_REG_6,
+ BPF_REG_7,
+ BPF_REG_8,
+ BPF_REG_9,
+ BPF_REG_10,
+ __MAX_BPF_REG,
+};
+
+/* BPF has 10 general purpose 64-bit registers and stack frame. */
+#define MAX_BPF_REG __MAX_BPF_REG
+
+struct bpf_insn {
+ __u8 code; /* opcode */
+ __u8 dst_reg:4; /* dest register */
+ __u8 src_reg:4; /* source register */
+ __s16 off; /* signed offset */
+ __s32 imm; /* signed immediate constant */
+};
+
+/* Key of an a BPF_MAP_TYPE_LPM_TRIE entry */
+struct bpf_lpm_trie_key {
+ __u32 prefixlen; /* up to 32 for AF_INET, 128 for AF_INET6 */
+ __u8 data[0]; /* Arbitrary size */
+};
+
+/* BPF syscall commands, see bpf(2) man-page for details. */
+enum bpf_cmd {
+ BPF_MAP_CREATE,
+ BPF_MAP_LOOKUP_ELEM,
+ BPF_MAP_UPDATE_ELEM,
+ BPF_MAP_DELETE_ELEM,
+ BPF_MAP_GET_NEXT_KEY,
+ BPF_PROG_LOAD,
+ BPF_OBJ_PIN,
+ BPF_OBJ_GET,
+ BPF_PROG_ATTACH,
+ BPF_PROG_DETACH,
+ BPF_PROG_TEST_RUN,
+ BPF_PROG_GET_NEXT_ID,
+ BPF_MAP_GET_NEXT_ID,
+ BPF_PROG_GET_FD_BY_ID,
+ BPF_MAP_GET_FD_BY_ID,
+ BPF_OBJ_GET_INFO_BY_FD,
+};
+
+enum bpf_map_type {
+ BPF_MAP_TYPE_UNSPEC,
+ BPF_MAP_TYPE_HASH,
+ BPF_MAP_TYPE_ARRAY,
+ BPF_MAP_TYPE_PROG_ARRAY,
+ BPF_MAP_TYPE_PERF_EVENT_ARRAY,
+ BPF_MAP_TYPE_PERCPU_HASH,
+ BPF_MAP_TYPE_PERCPU_ARRAY,
+ BPF_MAP_TYPE_STACK_TRACE,
+ BPF_MAP_TYPE_CGROUP_ARRAY,
+ BPF_MAP_TYPE_LRU_HASH,
+ BPF_MAP_TYPE_LRU_PERCPU_HASH,
+ BPF_MAP_TYPE_LPM_TRIE,
+ BPF_MAP_TYPE_ARRAY_OF_MAPS,
+ BPF_MAP_TYPE_HASH_OF_MAPS,
+ BPF_MAP_TYPE_DEVMAP,
+ BPF_MAP_TYPE_SOCKMAP,
+};
+
+enum bpf_prog_type {
+ BPF_PROG_TYPE_UNSPEC,
+ BPF_PROG_TYPE_SOCKET_FILTER,
+ BPF_PROG_TYPE_KPROBE,
+ BPF_PROG_TYPE_SCHED_CLS,
+ BPF_PROG_TYPE_SCHED_ACT,
+ BPF_PROG_TYPE_TRACEPOINT,
+ BPF_PROG_TYPE_XDP,
+ BPF_PROG_TYPE_PERF_EVENT,
+ BPF_PROG_TYPE_CGROUP_SKB,
+ BPF_PROG_TYPE_CGROUP_SOCK,
+ BPF_PROG_TYPE_LWT_IN,
+ BPF_PROG_TYPE_LWT_OUT,
+ BPF_PROG_TYPE_LWT_XMIT,
+ BPF_PROG_TYPE_SOCK_OPS,
+ BPF_PROG_TYPE_SK_SKB,
+};
+
+enum bpf_attach_type {
+ BPF_CGROUP_INET_INGRESS,
+ BPF_CGROUP_INET_EGRESS,
+ BPF_CGROUP_INET_SOCK_CREATE,
+ BPF_CGROUP_SOCK_OPS,
+ BPF_SK_SKB_STREAM_PARSER,
+ BPF_SK_SKB_STREAM_VERDICT,
+ __MAX_BPF_ATTACH_TYPE
+};
+
+#define MAX_BPF_ATTACH_TYPE __MAX_BPF_ATTACH_TYPE
+
+/* If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command
+ * to the given target_fd cgroup the descendent cgroup will be able to
+ * override effective bpf program that was inherited from this cgroup
+ */
+#define BPF_F_ALLOW_OVERRIDE (1U << 0)
+
+/* If BPF_F_STRICT_ALIGNMENT is used in BPF_PROG_LOAD command, the
+ * verifier will perform strict alignment checking as if the kernel
+ * has been built with CONFIG_EFFICIENT_UNALIGNED_ACCESS not set,
+ * and NET_IP_ALIGN defined to 2.
+ */
+#define BPF_F_STRICT_ALIGNMENT (1U << 0)
+
+#define BPF_PSEUDO_MAP_FD 1
+
+/* flags for BPF_MAP_UPDATE_ELEM command */
+#define BPF_ANY 0 /* create new element or update existing */
+#define BPF_NOEXIST 1 /* create new element if it didn't exist */
+#define BPF_EXIST 2 /* update existing element */
+
+/* flags for BPF_MAP_CREATE command */
+#define BPF_F_NO_PREALLOC (1U << 0)
+/* Instead of having one common LRU list in the
+ * BPF_MAP_TYPE_LRU_[PERCPU_]HASH map, use a percpu LRU list
+ * which can scale and perform better.
+ * Note, the LRU nodes (including free nodes) cannot be moved
+ * across different LRU lists.
+ */
+#define BPF_F_NO_COMMON_LRU (1U << 1)
+/* Specify numa node during map creation */
+#define BPF_F_NUMA_NODE (1U << 2)
+
+union bpf_attr {
+ struct { /* anonymous struct used by BPF_MAP_CREATE command */
+ __u32 map_type; /* one of enum bpf_map_type */
+ __u32 key_size; /* size of key in bytes */
+ __u32 value_size; /* size of value in bytes */
+ __u32 max_entries; /* max number of entries in a map */
+ __u32 map_flags; /* BPF_MAP_CREATE related
+ * flags defined above.
+ */
+ __u32 inner_map_fd; /* fd pointing to the inner map */
+ __u32 numa_node; /* numa node (effective only if
+ * BPF_F_NUMA_NODE is set).
+ */
+ };
+
+ struct { /* anonymous struct used by BPF_MAP_*_ELEM commands */
+ __u32 map_fd;
+ __aligned_u64 key;
+ union {
+ __aligned_u64 value;
+ __aligned_u64 next_key;
+ };
+ __u64 flags;
+ };
+
+ struct { /* anonymous struct used by BPF_PROG_LOAD command */
+ __u32 prog_type; /* one of enum bpf_prog_type */
+ __u32 insn_cnt;
+ __aligned_u64 insns;
+ __aligned_u64 license;
+ __u32 log_level; /* verbosity level of verifier */
+ __u32 log_size; /* size of user buffer */
+ __aligned_u64 log_buf; /* user supplied buffer */
+ __u32 kern_version; /* checked when prog_type=kprobe */
+ __u32 prog_flags;
+ };
+
+ struct { /* anonymous struct used by BPF_OBJ_* commands */
+ __aligned_u64 pathname;
+ __u32 bpf_fd;
+ };
+
+ struct { /* anonymous struct used by BPF_PROG_ATTACH/DETACH commands */
+ __u32 target_fd; /* container object to attach to */
+ __u32 attach_bpf_fd; /* eBPF program to attach */
+ __u32 attach_type;
+ __u32 attach_flags;
+ };
+
+ struct { /* anonymous struct used by BPF_PROG_TEST_RUN command */
+ __u32 prog_fd;
+ __u32 retval;
+ __u32 data_size_in;
+ __u32 data_size_out;
+ __aligned_u64 data_in;
+ __aligned_u64 data_out;
+ __u32 repeat;
+ __u32 duration;
+ } test;
+
+ struct { /* anonymous struct used by BPF_*_GET_*_ID */
+ union {
+ __u32 start_id;
+ __u32 prog_id;
+ __u32 map_id;
+ };
+ __u32 next_id;
+ };
+
+ struct { /* anonymous struct used by BPF_OBJ_GET_INFO_BY_FD */
+ __u32 bpf_fd;
+ __u32 info_len;
+ __aligned_u64 info;
+ } info;
+} __attribute__((aligned(8)));
+
+/* BPF helper function descriptions:
+ *
+ * void *bpf_map_lookup_elem(&map, &key)
+ * Return: Map value or NULL
+ *
+ * int bpf_map_update_elem(&map, &key, &value, flags)
+ * Return: 0 on success or negative error
+ *
+ * int bpf_map_delete_elem(&map, &key)
+ * Return: 0 on success or negative error
+ *
+ * int bpf_probe_read(void *dst, int size, void *src)
+ * Return: 0 on success or negative error
+ *
+ * u64 bpf_ktime_get_ns(void)
+ * Return: current ktime
+ *
+ * int bpf_trace_printk(const char *fmt, int fmt_size, ...)
+ * Return: length of buffer written or negative error
+ *
+ * u32 bpf_prandom_u32(void)
+ * Return: random value
+ *
+ * u32 bpf_raw_smp_processor_id(void)
+ * Return: SMP processor ID
+ *
+ * int bpf_skb_store_bytes(skb, offset, from, len, flags)
+ * store bytes into packet
+ * @skb: pointer to skb
+ * @offset: offset within packet from skb->mac_header
+ * @from: pointer where to copy bytes from
+ * @len: number of bytes to store into packet
+ * @flags: bit 0 - if true, recompute skb->csum
+ * other bits - reserved
+ * Return: 0 on success or negative error
+ *
+ * int bpf_l3_csum_replace(skb, offset, from, to, flags)
+ * recompute IP checksum
+ * @skb: pointer to skb
+ * @offset: offset within packet where IP checksum is located
+ * @from: old value of header field
+ * @to: new value of header field
+ * @flags: bits 0-3 - size of header field
+ * other bits - reserved
+ * Return: 0 on success or negative error
+ *
+ * int bpf_l4_csum_replace(skb, offset, from, to, flags)
+ * recompute TCP/UDP checksum
+ * @skb: pointer to skb
+ * @offset: offset within packet where TCP/UDP checksum is located
+ * @from: old value of header field
+ * @to: new value of header field
+ * @flags: bits 0-3 - size of header field
+ * bit 4 - is pseudo header
+ * other bits - reserved
+ * Return: 0 on success or negative error
+ *
+ * int bpf_tail_call(ctx, prog_array_map, index)
+ * jump into another BPF program
+ * @ctx: context pointer passed to next program
+ * @prog_array_map: pointer to map which type is BPF_MAP_TYPE_PROG_ARRAY
+ * @index: 32-bit index inside array that selects specific program to run
+ * Return: 0 on success or negative error
+ *
+ * int bpf_clone_redirect(skb, ifindex, flags)
+ * redirect to another netdev
+ * @skb: pointer to skb
+ * @ifindex: ifindex of the net device
+ * @flags: bit 0 - if set, redirect to ingress instead of egress
+ * other bits - reserved
+ * Return: 0 on success or negative error
+ *
+ * u64 bpf_get_current_pid_tgid(void)
+ * Return: current->tgid << 32 | current->pid
+ *
+ * u64 bpf_get_current_uid_gid(void)
+ * Return: current_gid << 32 | current_uid
+ *
+ * int bpf_get_current_comm(char *buf, int size_of_buf)
+ * stores current->comm into buf
+ * Return: 0 on success or negative error
+ *
+ * u32 bpf_get_cgroup_classid(skb)
+ * retrieve a proc's classid
+ * @skb: pointer to skb
+ * Return: classid if != 0
+ *
+ * int bpf_skb_vlan_push(skb, vlan_proto, vlan_tci)
+ * Return: 0 on success or negative error
+ *
+ * int bpf_skb_vlan_pop(skb)
+ * Return: 0 on success or negative error
+ *
+ * int bpf_skb_get_tunnel_key(skb, key, size, flags)
+ * int bpf_skb_set_tunnel_key(skb, key, size, flags)
+ * retrieve or populate tunnel metadata
+ * @skb: pointer to skb
+ * @key: pointer to 'struct bpf_tunnel_key'
+ * @size: size of 'struct bpf_tunnel_key'
+ * @flags: room for future extensions
+ * Return: 0 on success or negative error
+ *
+ * u64 bpf_perf_event_read(map, flags)
+ * read perf event counter value
+ * @map: pointer to perf_event_array map
+ * @flags: index of event in the map or bitmask flags
+ * Return: value of perf event counter read or error code
+ *
+ * int bpf_redirect(ifindex, flags)
+ * redirect to another netdev
+ * @ifindex: ifindex of the net device
+ * @flags:
+ * cls_bpf:
+ * bit 0 - if set, redirect to ingress instead of egress
+ * other bits - reserved
+ * xdp_bpf:
+ * all bits - reserved
+ * Return: cls_bpf: TC_ACT_REDIRECT on success or TC_ACT_SHOT on error
+ * xdp_bfp: XDP_REDIRECT on success or XDP_ABORT on error
+ * int bpf_redirect_map(map, key, flags)
+ * redirect to endpoint in map
+ * @map: pointer to dev map
+ * @key: index in map to lookup
+ * @flags: --
+ * Return: XDP_REDIRECT on success or XDP_ABORT on error
+ *
+ * u32 bpf_get_route_realm(skb)
+ * retrieve a dst's tclassid
+ * @skb: pointer to skb
+ * Return: realm if != 0
+ *
+ * int bpf_perf_event_output(ctx, map, flags, data, size)
+ * output perf raw sample
+ * @ctx: struct pt_regs*
+ * @map: pointer to perf_event_array map
+ * @flags: index of event in the map or bitmask flags
+ * @data: data on stack to be output as raw data
+ * @size: size of data
+ * Return: 0 on success or negative error
+ *
+ * int bpf_get_stackid(ctx, map, flags)
+ * walk user or kernel stack and return id
+ * @ctx: struct pt_regs*
+ * @map: pointer to stack_trace map
+ * @flags: bits 0-7 - numer of stack frames to skip
+ * bit 8 - collect user stack instead of kernel
+ * bit 9 - compare stacks by hash only
+ * bit 10 - if two different stacks hash into the same stackid
+ * discard old
+ * other bits - reserved
+ * Return: >= 0 stackid on success or negative error
+ *
+ * s64 bpf_csum_diff(from, from_size, to, to_size, seed)
+ * calculate csum diff
+ * @from: raw from buffer
+ * @from_size: length of from buffer
+ * @to: raw to buffer
+ * @to_size: length of to buffer
+ * @seed: optional seed
+ * Return: csum result or negative error code
+ *
+ * int bpf_skb_get_tunnel_opt(skb, opt, size)
+ * retrieve tunnel options metadata
+ * @skb: pointer to skb
+ * @opt: pointer to raw tunnel option data
+ * @size: size of @opt
+ * Return: option size
+ *
+ * int bpf_skb_set_tunnel_opt(skb, opt, size)
+ * populate tunnel options metadata
+ * @skb: pointer to skb
+ * @opt: pointer to raw tunnel option data
+ * @size: size of @opt
+ * Return: 0 on success or negative error
+ *
+ * int bpf_skb_change_proto(skb, proto, flags)
+ * Change protocol of the skb. Currently supported is v4 -> v6,
+ * v6 -> v4 transitions. The helper will also resize the skb. eBPF
+ * program is expected to fill the new headers via skb_store_bytes
+ * and lX_csum_replace.
+ * @skb: pointer to skb
+ * @proto: new skb->protocol type
+ * @flags: reserved
+ * Return: 0 on success or negative error
+ *
+ * int bpf_skb_change_type(skb, type)
+ * Change packet type of skb.
+ * @skb: pointer to skb
+ * @type: new skb->pkt_type type
+ * Return: 0 on success or negative error
+ *
+ * int bpf_skb_under_cgroup(skb, map, index)
+ * Check cgroup2 membership of skb
+ * @skb: pointer to skb
+ * @map: pointer to bpf_map in BPF_MAP_TYPE_CGROUP_ARRAY type
+ * @index: index of the cgroup in the bpf_map
+ * Return:
+ * == 0 skb failed the cgroup2 descendant test
+ * == 1 skb succeeded the cgroup2 descendant test
+ * < 0 error
+ *
+ * u32 bpf_get_hash_recalc(skb)
+ * Retrieve and possibly recalculate skb->hash.
+ * @skb: pointer to skb
+ * Return: hash
+ *
+ * u64 bpf_get_current_task(void)
+ * Returns current task_struct
+ * Return: current
+ *
+ * int bpf_probe_write_user(void *dst, void *src, int len)
+ * safely attempt to write to a location
+ * @dst: destination address in userspace
+ * @src: source address on stack
+ * @len: number of bytes to copy
+ * Return: 0 on success or negative error
+ *
+ * int bpf_current_task_under_cgroup(map, index)
+ * Check cgroup2 membership of current task
+ * @map: pointer to bpf_map in BPF_MAP_TYPE_CGROUP_ARRAY type
+ * @index: index of the cgroup in the bpf_map
+ * Return:
+ * == 0 current failed the cgroup2 descendant test
+ * == 1 current succeeded the cgroup2 descendant test
+ * < 0 error
+ *
+ * int bpf_skb_change_tail(skb, len, flags)
+ * The helper will resize the skb to the given new size, to be used f.e.
+ * with control messages.
+ * @skb: pointer to skb
+ * @len: new skb length
+ * @flags: reserved
+ * Return: 0 on success or negative error
+ *
+ * int bpf_skb_pull_data(skb, len)
+ * The helper will pull in non-linear data in case the skb is non-linear
+ * and not all of len are part of the linear section. Only needed for
+ * read/write with direct packet access.
+ * @skb: pointer to skb
+ * @len: len to make read/writeable
+ * Return: 0 on success or negative error
+ *
+ * s64 bpf_csum_update(skb, csum)
+ * Adds csum into skb->csum in case of CHECKSUM_COMPLETE.
+ * @skb: pointer to skb
+ * @csum: csum to add
+ * Return: csum on success or negative error
+ *
+ * void bpf_set_hash_invalid(skb)
+ * Invalidate current skb->hash.
+ * @skb: pointer to skb
+ *
+ * int bpf_get_numa_node_id()
+ * Return: Id of current NUMA node.
+ *
+ * int bpf_skb_change_head()
+ * Grows headroom of skb and adjusts MAC header offset accordingly.
+ * Will extends/reallocae as required automatically.
+ * May change skb data pointer and will thus invalidate any check
+ * performed for direct packet access.
+ * @skb: pointer to skb
+ * @len: length of header to be pushed in front
+ * @flags: Flags (unused for now)
+ * Return: 0 on success or negative error
+ *
+ * int bpf_xdp_adjust_head(xdp_md, delta)
+ * Adjust the xdp_md.data by delta
+ * @xdp_md: pointer to xdp_md
+ * @delta: An positive/negative integer to be added to xdp_md.data
+ * Return: 0 on success or negative on error
+ *
+ * int bpf_probe_read_str(void *dst, int size, const void *unsafe_ptr)
+ * Copy a NUL terminated string from unsafe address. In case the string
+ * length is smaller than size, the target is not padded with further NUL
+ * bytes. In case the string length is larger than size, just count-1
+ * bytes are copied and the last byte is set to NUL.
+ * @dst: destination address
+ * @size: maximum number of bytes to copy, including the trailing NUL
+ * @unsafe_ptr: unsafe address
+ * Return:
+ * > 0 length of the string including the trailing NUL on success
+ * < 0 error
+ *
+ * u64 bpf_get_socket_cookie(skb)
+ * Get the cookie for the socket stored inside sk_buff.
+ * @skb: pointer to skb
+ * Return: 8 Bytes non-decreasing number on success or 0 if the socket
+ * field is missing inside sk_buff
+ *
+ * u32 bpf_get_socket_uid(skb)
+ * Get the owner uid of the socket stored inside sk_buff.
+ * @skb: pointer to skb
+ * Return: uid of the socket owner on success or overflowuid if failed.
+ *
+ * u32 bpf_set_hash(skb, hash)
+ * Set full skb->hash.
+ * @skb: pointer to skb
+ * @hash: hash to set
+ *
+ * int bpf_setsockopt(bpf_socket, level, optname, optval, optlen)
+ * Calls setsockopt. Not all opts are available, only those with
+ * integer optvals plus TCP_CONGESTION.
+ * Supported levels: SOL_SOCKET and IPROTO_TCP
+ * @bpf_socket: pointer to bpf_socket
+ * @level: SOL_SOCKET or IPROTO_TCP
+ * @optname: option name
+ * @optval: pointer to option value
+ * @optlen: length of optval in byes
+ * Return: 0 or negative error
+ *
+ * int bpf_skb_adjust_room(skb, len_diff, mode, flags)
+ * Grow or shrink room in sk_buff.
+ * @skb: pointer to skb
+ * @len_diff: (signed) amount of room to grow/shrink
+ * @mode: operation mode (enum bpf_adj_room_mode)
+ * @flags: reserved for future use
+ * Return: 0 on success or negative error code
+ *
+ * int bpf_sk_redirect_map(map, key, flags)
+ * Redirect skb to a sock in map using key as a lookup key for the
+ * sock in map.
+ * @map: pointer to sockmap
+ * @key: key to lookup sock in map
+ * @flags: reserved for future use
+ * Return: SK_PASS
+ *
+ * int bpf_sock_map_update(skops, map, key, flags)
+ * @skops: pointer to bpf_sock_ops
+ * @map: pointer to sockmap to update
+ * @key: key to insert/update sock in map
+ * @flags: same flags as map update elem
+ */
+#define __BPF_FUNC_MAPPER(FN) \
+ FN(unspec), \
+ FN(map_lookup_elem), \
+ FN(map_update_elem), \
+ FN(map_delete_elem), \
+ FN(probe_read), \
+ FN(ktime_get_ns), \
+ FN(trace_printk), \
+ FN(get_prandom_u32), \
+ FN(get_smp_processor_id), \
+ FN(skb_store_bytes), \
+ FN(l3_csum_replace), \
+ FN(l4_csum_replace), \
+ FN(tail_call), \
+ FN(clone_redirect), \
+ FN(get_current_pid_tgid), \
+ FN(get_current_uid_gid), \
+ FN(get_current_comm), \
+ FN(get_cgroup_classid), \
+ FN(skb_vlan_push), \
+ FN(skb_vlan_pop), \
+ FN(skb_get_tunnel_key), \
+ FN(skb_set_tunnel_key), \
+ FN(perf_event_read), \
+ FN(redirect), \
+ FN(get_route_realm), \
+ FN(perf_event_output), \
+ FN(skb_load_bytes), \
+ FN(get_stackid), \
+ FN(csum_diff), \
+ FN(skb_get_tunnel_opt), \
+ FN(skb_set_tunnel_opt), \
+ FN(skb_change_proto), \
+ FN(skb_change_type), \
+ FN(skb_under_cgroup), \
+ FN(get_hash_recalc), \
+ FN(get_current_task), \
+ FN(probe_write_user), \
+ FN(current_task_under_cgroup), \
+ FN(skb_change_tail), \
+ FN(skb_pull_data), \
+ FN(csum_update), \
+ FN(set_hash_invalid), \
+ FN(get_numa_node_id), \
+ FN(skb_change_head), \
+ FN(xdp_adjust_head), \
+ FN(probe_read_str), \
+ FN(get_socket_cookie), \
+ FN(get_socket_uid), \
+ FN(set_hash), \
+ FN(setsockopt), \
+ FN(skb_adjust_room), \
+ FN(redirect_map), \
+ FN(sk_redirect_map), \
+ FN(sock_map_update), \
+
+/* integer value in 'imm' field of BPF_CALL instruction selects which helper
+ * function eBPF program intends to call
+ */
+#define __BPF_ENUM_FN(x) BPF_FUNC_ ## x
+enum bpf_func_id {
+ __BPF_FUNC_MAPPER(__BPF_ENUM_FN)
+ __BPF_FUNC_MAX_ID,
+};
+#undef __BPF_ENUM_FN
+
+/* All flags used by eBPF helper functions, placed here. */
+
+/* BPF_FUNC_skb_store_bytes flags. */
+#define BPF_F_RECOMPUTE_CSUM (1ULL << 0)
+#define BPF_F_INVALIDATE_HASH (1ULL << 1)
+
+/* BPF_FUNC_l3_csum_replace and BPF_FUNC_l4_csum_replace flags.
+ * First 4 bits are for passing the header field size.
+ */
+#define BPF_F_HDR_FIELD_MASK 0xfULL
+
+/* BPF_FUNC_l4_csum_replace flags. */
+#define BPF_F_PSEUDO_HDR (1ULL << 4)
+#define BPF_F_MARK_MANGLED_0 (1ULL << 5)
+#define BPF_F_MARK_ENFORCE (1ULL << 6)
+
+/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
+#define BPF_F_INGRESS (1ULL << 0)
+
+/* BPF_FUNC_skb_set_tunnel_key and BPF_FUNC_skb_get_tunnel_key flags. */
+#define BPF_F_TUNINFO_IPV6 (1ULL << 0)
+
+/* BPF_FUNC_get_stackid flags. */
+#define BPF_F_SKIP_FIELD_MASK 0xffULL
+#define BPF_F_USER_STACK (1ULL << 8)
+#define BPF_F_FAST_STACK_CMP (1ULL << 9)
+#define BPF_F_REUSE_STACKID (1ULL << 10)
+
+/* BPF_FUNC_skb_set_tunnel_key flags. */
+#define BPF_F_ZERO_CSUM_TX (1ULL << 1)
+#define BPF_F_DONT_FRAGMENT (1ULL << 2)
+
+/* BPF_FUNC_perf_event_output and BPF_FUNC_perf_event_read flags. */
+#define BPF_F_INDEX_MASK 0xffffffffULL
+#define BPF_F_CURRENT_CPU BPF_F_INDEX_MASK
+/* BPF_FUNC_perf_event_output for sk_buff input context. */
+#define BPF_F_CTXLEN_MASK (0xfffffULL << 32)
+
+/* Mode for BPF_FUNC_skb_adjust_room helper. */
+enum bpf_adj_room_mode {
+ BPF_ADJ_ROOM_NET,
+};
+
+/* user accessible mirror of in-kernel sk_buff.
+ * new fields can only be added to the end of this structure
+ */
+struct __sk_buff {
+ __u32 len;
+ __u32 pkt_type;
+ __u32 mark;
+ __u32 queue_mapping;
+ __u32 protocol;
+ __u32 vlan_present;
+ __u32 vlan_tci;
+ __u32 vlan_proto;
+ __u32 priority;
+ __u32 ingress_ifindex;
+ __u32 ifindex;
+ __u32 tc_index;
+ __u32 cb[5];
+ __u32 hash;
+ __u32 tc_classid;
+ __u32 data;
+ __u32 data_end;
+ __u32 napi_id;
+
+ /* accessed by BPF_PROG_TYPE_sk_skb types */
+ __u32 family;
+ __u32 remote_ip4; /* Stored in network byte order */
+ __u32 local_ip4; /* Stored in network byte order */
+ __u32 remote_ip6[4]; /* Stored in network byte order */
+ __u32 local_ip6[4]; /* Stored in network byte order */
+ __u32 remote_port; /* Stored in network byte order */
+ __u32 local_port; /* stored in host byte order */
+};
+
+struct bpf_tunnel_key {
+ __u32 tunnel_id;
+ union {
+ __u32 remote_ipv4;
+ __u32 remote_ipv6[4];
+ };
+ __u8 tunnel_tos;
+ __u8 tunnel_ttl;
+ __u16 tunnel_ext;
+ __u32 tunnel_label;
+};
+
+/* Generic BPF return codes which all BPF program types may support.
+ * The values are binary compatible with their TC_ACT_* counter-part to
+ * provide backwards compatibility with existing SCHED_CLS and SCHED_ACT
+ * programs.
+ *
+ * XDP is handled seprately, see XDP_*.
+ */
+enum bpf_ret_code {
+ BPF_OK = 0,
+ /* 1 reserved */
+ BPF_DROP = 2,
+ /* 3-6 reserved */
+ BPF_REDIRECT = 7,
+ /* >127 are reserved for prog type specific return codes */
+};
+
+struct bpf_sock {
+ __u32 bound_dev_if;
+ __u32 family;
+ __u32 type;
+ __u32 protocol;
+ __u32 mark;
+ __u32 priority;
+};
+
+#define XDP_PACKET_HEADROOM 256
+
+/* User return codes for XDP prog type.
+ * A valid XDP program must return one of these defined values. All other
+ * return codes are reserved for future use. Unknown return codes will
+ * result in packet drops and a warning via bpf_warn_invalid_xdp_action().
+ */
+enum xdp_action {
+ XDP_ABORTED = 0,
+ XDP_DROP,
+ XDP_PASS,
+ XDP_TX,
+ XDP_REDIRECT,
+};
+
+/* user accessible metadata for XDP packet hook
+ * new fields must be added to the end of this structure
+ */
+struct xdp_md {
+ __u32 data;
+ __u32 data_end;
+};
+
+enum sk_action {
+ SK_DROP = 0,
+ SK_PASS,
+};
+
+#define BPF_TAG_SIZE 8
+
+struct bpf_prog_info {
+ __u32 type;
+ __u32 id;
+ __u8 tag[BPF_TAG_SIZE];
+ __u32 jited_prog_len;
+ __u32 xlated_prog_len;
+ __aligned_u64 jited_prog_insns;
+ __aligned_u64 xlated_prog_insns;
+} __attribute__((aligned(8)));
+
+struct bpf_map_info {
+ __u32 type;
+ __u32 id;
+ __u32 key_size;
+ __u32 value_size;
+ __u32 max_entries;
+ __u32 map_flags;
+} __attribute__((aligned(8)));
+
+/* User bpf_sock_ops struct to access socket values and specify request ops
+ * and their replies.
+ * Some of this fields are in network (bigendian) byte order and may need
+ * to be converted before use (bpf_ntohl() defined in samples/bpf/bpf_endian.h).
+ * New fields can only be added at the end of this structure
+ */
+struct bpf_sock_ops {
+ __u32 op;
+ union {
+ __u32 reply;
+ __u32 replylong[4];
+ };
+ __u32 family;
+ __u32 remote_ip4; /* Stored in network byte order */
+ __u32 local_ip4; /* Stored in network byte order */
+ __u32 remote_ip6[4]; /* Stored in network byte order */
+ __u32 local_ip6[4]; /* Stored in network byte order */
+ __u32 remote_port; /* Stored in network byte order */
+ __u32 local_port; /* stored in host byte order */
+};
+
+/* List of known BPF sock_ops operators.
+ * New entries can only be added at the end
+ */
+enum {
+ BPF_SOCK_OPS_VOID,
+ BPF_SOCK_OPS_TIMEOUT_INIT, /* Should return SYN-RTO value to use or
+ * -1 if default value should be used
+ */
+ BPF_SOCK_OPS_RWND_INIT, /* Should return initial advertized
+ * window (in packets) or -1 if default
+ * value should be used
+ */
+ BPF_SOCK_OPS_TCP_CONNECT_CB, /* Calls BPF program right before an
+ * active connection is initialized
+ */
+ BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB, /* Calls BPF program when an
+ * active connection is
+ * established
+ */
+ BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB, /* Calls BPF program when a
+ * passive connection is
+ * established
+ */
+ BPF_SOCK_OPS_NEEDS_ECN, /* If connection's congestion control
+ * needs ECN
+ */
+};
+
+#define TCP_BPF_IW 1001 /* Set TCP initial congestion window */
+#define TCP_BPF_SNDCWND_CLAMP 1002 /* Set sndcwnd_clamp */
+
+#endif /* __LINUX_BPF_H__ */
diff --git a/include/linux/bpf_common.h b/include/uapi/linux/bpf_common.h
similarity index 94%
rename from include/linux/bpf_common.h
rename to include/uapi/linux/bpf_common.h
index afe7433..9f0201b 100644
--- a/include/linux/bpf_common.h
+++ b/include/uapi/linux/bpf_common.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_BPF_COMMON_H__
#define __LINUX_BPF_COMMON_H__
diff --git a/include/linux/can.h b/include/uapi/linux/can.h
similarity index 97%
rename from include/linux/can.h
rename to include/uapi/linux/can.h
index 4af39b0..4d1ab8e 100644
--- a/include/linux/can.h
+++ b/include/uapi/linux/can.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
/*
* linux/can.h
*
@@ -196,5 +197,6 @@
};
#define CAN_INV_FILTER 0x20000000U /* to be set in can_filter.can_id */
+#define CAN_RAW_FILTER_MAX 512 /* maximum number of can_filter set via setsockopt() */
#endif /* !_UAPI_CAN_H */
diff --git a/include/linux/can/netlink.h b/include/uapi/linux/can/netlink.h
similarity index 93%
rename from include/linux/can/netlink.h
rename to include/uapi/linux/can/netlink.h
index 6d4ec2a..c12e9bf 100644
--- a/include/linux/can/netlink.h
+++ b/include/uapi/linux/can/netlink.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* linux/can/netlink.h
*
@@ -127,9 +128,16 @@
IFLA_CAN_BERR_COUNTER,
IFLA_CAN_DATA_BITTIMING,
IFLA_CAN_DATA_BITTIMING_CONST,
+ IFLA_CAN_TERMINATION,
+ IFLA_CAN_TERMINATION_CONST,
+ IFLA_CAN_BITRATE_CONST,
+ IFLA_CAN_DATA_BITRATE_CONST,
__IFLA_CAN_MAX
};
#define IFLA_CAN_MAX (__IFLA_CAN_MAX - 1)
+/* u16 termination range: 1..65535 Ohms */
+#define CAN_TERMINATION_DISABLED 0
+
#endif /* !_UAPI_CAN_NETLINK_H */
diff --git a/include/uapi/linux/can/vxcan.h b/include/uapi/linux/can/vxcan.h
new file mode 100644
index 0000000..b364d77
--- /dev/null
+++ b/include/uapi/linux/can/vxcan.h
@@ -0,0 +1,13 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _CAN_VXCAN_H
+#define _CAN_VXCAN_H
+
+enum {
+ VXCAN_INFO_UNSPEC,
+ VXCAN_INFO_PEER,
+
+ __VXCAN_INFO_MAX
+#define VXCAN_INFO_MAX (__VXCAN_INFO_MAX - 1)
+};
+
+#endif
diff --git a/include/uapi/linux/devlink.h b/include/uapi/linux/devlink.h
new file mode 100644
index 0000000..0c44d09
--- /dev/null
+++ b/include/uapi/linux/devlink.h
@@ -0,0 +1,248 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * include/uapi/linux/devlink.h - Network physical device Netlink interface
+ * Copyright (c) 2016 Mellanox Technologies. All rights reserved.
+ * Copyright (c) 2016 Jiri Pirko <jiri@mellanox.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#ifndef _LINUX_DEVLINK_H_
+#define _LINUX_DEVLINK_H_
+
+#define DEVLINK_GENL_NAME "devlink"
+#define DEVLINK_GENL_VERSION 0x1
+#define DEVLINK_GENL_MCGRP_CONFIG_NAME "config"
+
+enum devlink_command {
+ /* don't change the order or add anything between, this is ABI! */
+ DEVLINK_CMD_UNSPEC,
+
+ DEVLINK_CMD_GET, /* can dump */
+ DEVLINK_CMD_SET,
+ DEVLINK_CMD_NEW,
+ DEVLINK_CMD_DEL,
+
+ DEVLINK_CMD_PORT_GET, /* can dump */
+ DEVLINK_CMD_PORT_SET,
+ DEVLINK_CMD_PORT_NEW,
+ DEVLINK_CMD_PORT_DEL,
+
+ DEVLINK_CMD_PORT_SPLIT,
+ DEVLINK_CMD_PORT_UNSPLIT,
+
+ DEVLINK_CMD_SB_GET, /* can dump */
+ DEVLINK_CMD_SB_SET,
+ DEVLINK_CMD_SB_NEW,
+ DEVLINK_CMD_SB_DEL,
+
+ DEVLINK_CMD_SB_POOL_GET, /* can dump */
+ DEVLINK_CMD_SB_POOL_SET,
+ DEVLINK_CMD_SB_POOL_NEW,
+ DEVLINK_CMD_SB_POOL_DEL,
+
+ DEVLINK_CMD_SB_PORT_POOL_GET, /* can dump */
+ DEVLINK_CMD_SB_PORT_POOL_SET,
+ DEVLINK_CMD_SB_PORT_POOL_NEW,
+ DEVLINK_CMD_SB_PORT_POOL_DEL,
+
+ DEVLINK_CMD_SB_TC_POOL_BIND_GET, /* can dump */
+ DEVLINK_CMD_SB_TC_POOL_BIND_SET,
+ DEVLINK_CMD_SB_TC_POOL_BIND_NEW,
+ DEVLINK_CMD_SB_TC_POOL_BIND_DEL,
+
+ /* Shared buffer occupancy monitoring commands */
+ DEVLINK_CMD_SB_OCC_SNAPSHOT,
+ DEVLINK_CMD_SB_OCC_MAX_CLEAR,
+
+ DEVLINK_CMD_ESWITCH_GET,
+#define DEVLINK_CMD_ESWITCH_MODE_GET /* obsolete, never use this! */ \
+ DEVLINK_CMD_ESWITCH_GET
+
+ DEVLINK_CMD_ESWITCH_SET,
+#define DEVLINK_CMD_ESWITCH_MODE_SET /* obsolete, never use this! */ \
+ DEVLINK_CMD_ESWITCH_SET
+
+ DEVLINK_CMD_DPIPE_TABLE_GET,
+ DEVLINK_CMD_DPIPE_ENTRIES_GET,
+ DEVLINK_CMD_DPIPE_HEADERS_GET,
+ DEVLINK_CMD_DPIPE_TABLE_COUNTERS_SET,
+
+ /* add new commands above here */
+ __DEVLINK_CMD_MAX,
+ DEVLINK_CMD_MAX = __DEVLINK_CMD_MAX - 1
+};
+
+enum devlink_port_type {
+ DEVLINK_PORT_TYPE_NOTSET,
+ DEVLINK_PORT_TYPE_AUTO,
+ DEVLINK_PORT_TYPE_ETH,
+ DEVLINK_PORT_TYPE_IB,
+};
+
+enum devlink_sb_pool_type {
+ DEVLINK_SB_POOL_TYPE_INGRESS,
+ DEVLINK_SB_POOL_TYPE_EGRESS,
+};
+
+/* static threshold - limiting the maximum number of bytes.
+ * dynamic threshold - limiting the maximum number of bytes
+ * based on the currently available free space in the shared buffer pool.
+ * In this mode, the maximum quota is calculated based
+ * on the following formula:
+ * max_quota = alpha / (1 + alpha) * Free_Buffer
+ * While Free_Buffer is the amount of none-occupied buffer associated to
+ * the relevant pool.
+ * The value range which can be passed is 0-20 and serves
+ * for computation of alpha by following formula:
+ * alpha = 2 ^ (passed_value - 10)
+ */
+
+enum devlink_sb_threshold_type {
+ DEVLINK_SB_THRESHOLD_TYPE_STATIC,
+ DEVLINK_SB_THRESHOLD_TYPE_DYNAMIC,
+};
+
+#define DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX 20
+
+enum devlink_eswitch_mode {
+ DEVLINK_ESWITCH_MODE_LEGACY,
+ DEVLINK_ESWITCH_MODE_SWITCHDEV,
+};
+
+enum devlink_eswitch_inline_mode {
+ DEVLINK_ESWITCH_INLINE_MODE_NONE,
+ DEVLINK_ESWITCH_INLINE_MODE_LINK,
+ DEVLINK_ESWITCH_INLINE_MODE_NETWORK,
+ DEVLINK_ESWITCH_INLINE_MODE_TRANSPORT,
+};
+
+enum devlink_eswitch_encap_mode {
+ DEVLINK_ESWITCH_ENCAP_MODE_NONE,
+ DEVLINK_ESWITCH_ENCAP_MODE_BASIC,
+};
+
+enum devlink_attr {
+ /* don't change the order or add anything between, this is ABI! */
+ DEVLINK_ATTR_UNSPEC,
+
+ /* bus name + dev name together are a handle for devlink entity */
+ DEVLINK_ATTR_BUS_NAME, /* string */
+ DEVLINK_ATTR_DEV_NAME, /* string */
+
+ DEVLINK_ATTR_PORT_INDEX, /* u32 */
+ DEVLINK_ATTR_PORT_TYPE, /* u16 */
+ DEVLINK_ATTR_PORT_DESIRED_TYPE, /* u16 */
+ DEVLINK_ATTR_PORT_NETDEV_IFINDEX, /* u32 */
+ DEVLINK_ATTR_PORT_NETDEV_NAME, /* string */
+ DEVLINK_ATTR_PORT_IBDEV_NAME, /* string */
+ DEVLINK_ATTR_PORT_SPLIT_COUNT, /* u32 */
+ DEVLINK_ATTR_PORT_SPLIT_GROUP, /* u32 */
+ DEVLINK_ATTR_SB_INDEX, /* u32 */
+ DEVLINK_ATTR_SB_SIZE, /* u32 */
+ DEVLINK_ATTR_SB_INGRESS_POOL_COUNT, /* u16 */
+ DEVLINK_ATTR_SB_EGRESS_POOL_COUNT, /* u16 */
+ DEVLINK_ATTR_SB_INGRESS_TC_COUNT, /* u16 */
+ DEVLINK_ATTR_SB_EGRESS_TC_COUNT, /* u16 */
+ DEVLINK_ATTR_SB_POOL_INDEX, /* u16 */
+ DEVLINK_ATTR_SB_POOL_TYPE, /* u8 */
+ DEVLINK_ATTR_SB_POOL_SIZE, /* u32 */
+ DEVLINK_ATTR_SB_POOL_THRESHOLD_TYPE, /* u8 */
+ DEVLINK_ATTR_SB_THRESHOLD, /* u32 */
+ DEVLINK_ATTR_SB_TC_INDEX, /* u16 */
+ DEVLINK_ATTR_SB_OCC_CUR, /* u32 */
+ DEVLINK_ATTR_SB_OCC_MAX, /* u32 */
+ DEVLINK_ATTR_ESWITCH_MODE, /* u16 */
+ DEVLINK_ATTR_ESWITCH_INLINE_MODE, /* u8 */
+
+ DEVLINK_ATTR_DPIPE_TABLES, /* nested */
+ DEVLINK_ATTR_DPIPE_TABLE, /* nested */
+ DEVLINK_ATTR_DPIPE_TABLE_NAME, /* string */
+ DEVLINK_ATTR_DPIPE_TABLE_SIZE, /* u64 */
+ DEVLINK_ATTR_DPIPE_TABLE_MATCHES, /* nested */
+ DEVLINK_ATTR_DPIPE_TABLE_ACTIONS, /* nested */
+ DEVLINK_ATTR_DPIPE_TABLE_COUNTERS_ENABLED, /* u8 */
+
+ DEVLINK_ATTR_DPIPE_ENTRIES, /* nested */
+ DEVLINK_ATTR_DPIPE_ENTRY, /* nested */
+ DEVLINK_ATTR_DPIPE_ENTRY_INDEX, /* u64 */
+ DEVLINK_ATTR_DPIPE_ENTRY_MATCH_VALUES, /* nested */
+ DEVLINK_ATTR_DPIPE_ENTRY_ACTION_VALUES, /* nested */
+ DEVLINK_ATTR_DPIPE_ENTRY_COUNTER, /* u64 */
+
+ DEVLINK_ATTR_DPIPE_MATCH, /* nested */
+ DEVLINK_ATTR_DPIPE_MATCH_VALUE, /* nested */
+ DEVLINK_ATTR_DPIPE_MATCH_TYPE, /* u32 */
+
+ DEVLINK_ATTR_DPIPE_ACTION, /* nested */
+ DEVLINK_ATTR_DPIPE_ACTION_VALUE, /* nested */
+ DEVLINK_ATTR_DPIPE_ACTION_TYPE, /* u32 */
+
+ DEVLINK_ATTR_DPIPE_VALUE,
+ DEVLINK_ATTR_DPIPE_VALUE_MASK,
+ DEVLINK_ATTR_DPIPE_VALUE_MAPPING, /* u32 */
+
+ DEVLINK_ATTR_DPIPE_HEADERS, /* nested */
+ DEVLINK_ATTR_DPIPE_HEADER, /* nested */
+ DEVLINK_ATTR_DPIPE_HEADER_NAME, /* string */
+ DEVLINK_ATTR_DPIPE_HEADER_ID, /* u32 */
+ DEVLINK_ATTR_DPIPE_HEADER_FIELDS, /* nested */
+ DEVLINK_ATTR_DPIPE_HEADER_GLOBAL, /* u8 */
+ DEVLINK_ATTR_DPIPE_HEADER_INDEX, /* u32 */
+
+ DEVLINK_ATTR_DPIPE_FIELD, /* nested */
+ DEVLINK_ATTR_DPIPE_FIELD_NAME, /* string */
+ DEVLINK_ATTR_DPIPE_FIELD_ID, /* u32 */
+ DEVLINK_ATTR_DPIPE_FIELD_BITWIDTH, /* u32 */
+ DEVLINK_ATTR_DPIPE_FIELD_MAPPING_TYPE, /* u32 */
+
+ DEVLINK_ATTR_PAD,
+
+ DEVLINK_ATTR_ESWITCH_ENCAP_MODE, /* u8 */
+
+ /* add new attributes above here, update the policy in devlink.c */
+
+ __DEVLINK_ATTR_MAX,
+ DEVLINK_ATTR_MAX = __DEVLINK_ATTR_MAX - 1
+};
+
+/* Mapping between internal resource described by the field and system
+ * structure
+ */
+enum devlink_dpipe_field_mapping_type {
+ DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE,
+ DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX,
+};
+
+/* Match type - specify the type of the match */
+enum devlink_dpipe_match_type {
+ DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT,
+};
+
+/* Action type - specify the action type */
+enum devlink_dpipe_action_type {
+ DEVLINK_DPIPE_ACTION_TYPE_FIELD_MODIFY,
+};
+
+enum devlink_dpipe_field_ethernet_id {
+ DEVLINK_DPIPE_FIELD_ETHERNET_DST_MAC,
+};
+
+enum devlink_dpipe_field_ipv4_id {
+ DEVLINK_DPIPE_FIELD_IPV4_DST_IP,
+};
+
+enum devlink_dpipe_field_ipv6_id {
+ DEVLINK_DPIPE_FIELD_IPV6_DST_IP,
+};
+
+enum devlink_dpipe_header_id {
+ DEVLINK_DPIPE_HEADER_ETHERNET,
+ DEVLINK_DPIPE_HEADER_IPV4,
+ DEVLINK_DPIPE_HEADER_IPV6,
+};
+
+#endif /* _LINUX_DEVLINK_H_ */
diff --git a/include/uapi/linux/elf-em.h b/include/uapi/linux/elf-em.h
new file mode 100644
index 0000000..31aa101
--- /dev/null
+++ b/include/uapi/linux/elf-em.h
@@ -0,0 +1,61 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_ELF_EM_H
+#define _LINUX_ELF_EM_H
+
+/* These constants define the various ELF target machines */
+#define EM_NONE 0
+#define EM_M32 1
+#define EM_SPARC 2
+#define EM_386 3
+#define EM_68K 4
+#define EM_88K 5
+#define EM_486 6 /* Perhaps disused */
+#define EM_860 7
+#define EM_MIPS 8 /* MIPS R3000 (officially, big-endian only) */
+ /* Next two are historical and binaries and
+ modules of these types will be rejected by
+ Linux. */
+#define EM_MIPS_RS3_LE 10 /* MIPS R3000 little-endian */
+#define EM_MIPS_RS4_BE 10 /* MIPS R4000 big-endian */
+
+#define EM_PARISC 15 /* HPPA */
+#define EM_SPARC32PLUS 18 /* Sun's "v8plus" */
+#define EM_PPC 20 /* PowerPC */
+#define EM_PPC64 21 /* PowerPC64 */
+#define EM_SPU 23 /* Cell BE SPU */
+#define EM_ARM 40 /* ARM 32 bit */
+#define EM_SH 42 /* SuperH */
+#define EM_SPARCV9 43 /* SPARC v9 64-bit */
+#define EM_H8_300 46 /* Renesas H8/300 */
+#define EM_IA_64 50 /* HP/Intel IA-64 */
+#define EM_X86_64 62 /* AMD x86-64 */
+#define EM_S390 22 /* IBM S/390 */
+#define EM_CRIS 76 /* Axis Communications 32-bit embedded processor */
+#define EM_M32R 88 /* Renesas M32R */
+#define EM_MN10300 89 /* Panasonic/MEI MN10300, AM33 */
+#define EM_OPENRISC 92 /* OpenRISC 32-bit embedded processor */
+#define EM_BLACKFIN 106 /* ADI Blackfin Processor */
+#define EM_ALTERA_NIOS2 113 /* Altera Nios II soft-core processor */
+#define EM_TI_C6000 140 /* TI C6X DSPs */
+#define EM_AARCH64 183 /* ARM 64 bit */
+#define EM_TILEPRO 188 /* Tilera TILEPro */
+#define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */
+#define EM_TILEGX 191 /* Tilera TILE-Gx */
+#define EM_BPF 247 /* Linux BPF - in-kernel virtual machine */
+#define EM_FRV 0x5441 /* Fujitsu FR-V */
+
+/*
+ * This is an interim value that we will use until the committee comes
+ * up with a final number.
+ */
+#define EM_ALPHA 0x9026
+
+/* Bogus old m32r magic number, used by old tools. */
+#define EM_CYGNUS_M32R 0x9041
+/* This is the old interim value for S/390 architecture */
+#define EM_S390_OLD 0xA390
+/* Also Panasonic/MEI MN10300, AM33 */
+#define EM_CYGNUS_MN10300 0xbeef
+
+
+#endif /* _LINUX_ELF_EM_H */
diff --git a/include/linux/fib_rules.h b/include/uapi/linux/fib_rules.h
similarity index 96%
rename from include/linux/fib_rules.h
rename to include/uapi/linux/fib_rules.h
index bbf02a6..2b642bf 100644
--- a/include/linux/fib_rules.h
+++ b/include/uapi/linux/fib_rules.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_FIB_RULES_H
#define __LINUX_FIB_RULES_H
diff --git a/include/linux/filter.h b/include/uapi/linux/filter.h
similarity index 96%
rename from include/linux/filter.h
rename to include/uapi/linux/filter.h
index e4f2f74..eaef459 100644
--- a/include/linux/filter.h
+++ b/include/uapi/linux/filter.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Linux Socket Filter Data Structures
*/
diff --git a/include/linux/fou.h b/include/uapi/linux/fou.h
similarity index 90%
rename from include/linux/fou.h
rename to include/uapi/linux/fou.h
index 744c323..bf022c6 100644
--- a/include/linux/fou.h
+++ b/include/uapi/linux/fou.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* fou.h - FOU Interface */
#ifndef _LINUX_FOU_H
diff --git a/include/linux/gen_stats.h b/include/uapi/linux/gen_stats.h
similarity index 94%
rename from include/linux/gen_stats.h
rename to include/uapi/linux/gen_stats.h
index 6487317..24a861c 100644
--- a/include/linux/gen_stats.h
+++ b/include/uapi/linux/gen_stats.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_GEN_STATS_H
#define __LINUX_GEN_STATS_H
@@ -10,6 +11,7 @@
TCA_STATS_QUEUE,
TCA_STATS_APP,
TCA_STATS_RATE_EST64,
+ TCA_STATS_PAD,
__TCA_STATS_MAX,
};
#define TCA_STATS_MAX (__TCA_STATS_MAX - 1)
diff --git a/include/linux/genetlink.h b/include/uapi/linux/genetlink.h
similarity index 90%
rename from include/linux/genetlink.h
rename to include/uapi/linux/genetlink.h
index 8a1d500..1317119 100644
--- a/include/linux/genetlink.h
+++ b/include/uapi/linux/genetlink.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_GENERIC_NETLINK_H
#define __LINUX_GENERIC_NETLINK_H
@@ -21,14 +22,16 @@
#define GENL_CMD_CAP_DO 0x02
#define GENL_CMD_CAP_DUMP 0x04
#define GENL_CMD_CAP_HASPOL 0x08
+#define GENL_UNS_ADMIN_PERM 0x10
/*
* List of reserved static generic netlink identifiers:
*/
-#define GENL_ID_GENERATE 0
#define GENL_ID_CTRL NLMSG_MIN_TYPE
#define GENL_ID_VFS_DQUOT (NLMSG_MIN_TYPE + 1)
#define GENL_ID_PMCRAID (NLMSG_MIN_TYPE + 2)
+/* must be last reserved + 1 */
+#define GENL_START_ALLOC (NLMSG_MIN_TYPE + 3)
/**************************************************************************
* Controller
diff --git a/include/linux/hdlc/ioctl.h b/include/uapi/linux/hdlc/ioctl.h
similarity index 97%
rename from include/linux/hdlc/ioctl.h
rename to include/uapi/linux/hdlc/ioctl.h
index 04bc027..0fe4238 100644
--- a/include/linux/hdlc/ioctl.h
+++ b/include/uapi/linux/hdlc/ioctl.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __HDLC_IOCTL_H__
#define __HDLC_IOCTL_H__
diff --git a/include/uapi/linux/icmpv6.h b/include/uapi/linux/icmpv6.h
new file mode 100644
index 0000000..cb247a5
--- /dev/null
+++ b/include/uapi/linux/icmpv6.h
@@ -0,0 +1,167 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_ICMPV6_H
+#define _LINUX_ICMPV6_H
+
+#include <linux/types.h>
+#include <asm/byteorder.h>
+
+struct icmp6hdr {
+
+ __u8 icmp6_type;
+ __u8 icmp6_code;
+ __sum16 icmp6_cksum;
+
+
+ union {
+ __be32 un_data32[1];
+ __be16 un_data16[2];
+ __u8 un_data8[4];
+
+ struct icmpv6_echo {
+ __be16 identifier;
+ __be16 sequence;
+ } u_echo;
+
+ struct icmpv6_nd_advt {
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+ __u32 reserved:5,
+ override:1,
+ solicited:1,
+ router:1,
+ reserved2:24;
+#elif defined(__BIG_ENDIAN_BITFIELD)
+ __u32 router:1,
+ solicited:1,
+ override:1,
+ reserved:29;
+#else
+#error "Please fix <asm/byteorder.h>"
+#endif
+ } u_nd_advt;
+
+ struct icmpv6_nd_ra {
+ __u8 hop_limit;
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+ __u8 reserved:3,
+ router_pref:2,
+ home_agent:1,
+ other:1,
+ managed:1;
+
+#elif defined(__BIG_ENDIAN_BITFIELD)
+ __u8 managed:1,
+ other:1,
+ home_agent:1,
+ router_pref:2,
+ reserved:3;
+#else
+#error "Please fix <asm/byteorder.h>"
+#endif
+ __be16 rt_lifetime;
+ } u_nd_ra;
+
+ } icmp6_dataun;
+
+#define icmp6_identifier icmp6_dataun.u_echo.identifier
+#define icmp6_sequence icmp6_dataun.u_echo.sequence
+#define icmp6_pointer icmp6_dataun.un_data32[0]
+#define icmp6_mtu icmp6_dataun.un_data32[0]
+#define icmp6_unused icmp6_dataun.un_data32[0]
+#define icmp6_maxdelay icmp6_dataun.un_data16[0]
+#define icmp6_router icmp6_dataun.u_nd_advt.router
+#define icmp6_solicited icmp6_dataun.u_nd_advt.solicited
+#define icmp6_override icmp6_dataun.u_nd_advt.override
+#define icmp6_ndiscreserved icmp6_dataun.u_nd_advt.reserved
+#define icmp6_hop_limit icmp6_dataun.u_nd_ra.hop_limit
+#define icmp6_addrconf_managed icmp6_dataun.u_nd_ra.managed
+#define icmp6_addrconf_other icmp6_dataun.u_nd_ra.other
+#define icmp6_rt_lifetime icmp6_dataun.u_nd_ra.rt_lifetime
+#define icmp6_router_pref icmp6_dataun.u_nd_ra.router_pref
+};
+
+
+#define ICMPV6_ROUTER_PREF_LOW 0x3
+#define ICMPV6_ROUTER_PREF_MEDIUM 0x0
+#define ICMPV6_ROUTER_PREF_HIGH 0x1
+#define ICMPV6_ROUTER_PREF_INVALID 0x2
+
+#define ICMPV6_DEST_UNREACH 1
+#define ICMPV6_PKT_TOOBIG 2
+#define ICMPV6_TIME_EXCEED 3
+#define ICMPV6_PARAMPROB 4
+
+#define ICMPV6_INFOMSG_MASK 0x80
+
+#define ICMPV6_ECHO_REQUEST 128
+#define ICMPV6_ECHO_REPLY 129
+#define ICMPV6_MGM_QUERY 130
+#define ICMPV6_MGM_REPORT 131
+#define ICMPV6_MGM_REDUCTION 132
+
+#define ICMPV6_NI_QUERY 139
+#define ICMPV6_NI_REPLY 140
+
+#define ICMPV6_MLD2_REPORT 143
+
+#define ICMPV6_DHAAD_REQUEST 144
+#define ICMPV6_DHAAD_REPLY 145
+#define ICMPV6_MOBILE_PREFIX_SOL 146
+#define ICMPV6_MOBILE_PREFIX_ADV 147
+
+/*
+ * Codes for Destination Unreachable
+ */
+#define ICMPV6_NOROUTE 0
+#define ICMPV6_ADM_PROHIBITED 1
+#define ICMPV6_NOT_NEIGHBOUR 2
+#define ICMPV6_ADDR_UNREACH 3
+#define ICMPV6_PORT_UNREACH 4
+#define ICMPV6_POLICY_FAIL 5
+#define ICMPV6_REJECT_ROUTE 6
+
+/*
+ * Codes for Time Exceeded
+ */
+#define ICMPV6_EXC_HOPLIMIT 0
+#define ICMPV6_EXC_FRAGTIME 1
+
+/*
+ * Codes for Parameter Problem
+ */
+#define ICMPV6_HDR_FIELD 0
+#define ICMPV6_UNK_NEXTHDR 1
+#define ICMPV6_UNK_OPTION 2
+
+/*
+ * constants for (set|get)sockopt
+ */
+
+#define ICMPV6_FILTER 1
+
+/*
+ * ICMPV6 filter
+ */
+
+#define ICMPV6_FILTER_BLOCK 1
+#define ICMPV6_FILTER_PASS 2
+#define ICMPV6_FILTER_BLOCKOTHERS 3
+#define ICMPV6_FILTER_PASSONLY 4
+
+struct icmp6_filter {
+ __u32 data[8];
+};
+
+/*
+ * Definitions for MLDv2
+ */
+#define MLD2_MODE_IS_INCLUDE 1
+#define MLD2_MODE_IS_EXCLUDE 2
+#define MLD2_CHANGE_TO_INCLUDE 3
+#define MLD2_CHANGE_TO_EXCLUDE 4
+#define MLD2_ALLOW_NEW_SOURCES 5
+#define MLD2_BLOCK_OLD_SOURCES 6
+
+#define MLD2_ALL_MCR_INIT { { { 0xff,0x02,0,0,0,0,0,0,0,0,0,0,0,0,0,0x16 } } }
+
+
+#endif /* _LINUX_ICMPV6_H */
diff --git a/include/linux/if.h b/include/uapi/linux/if.h
similarity index 86%
rename from include/linux/if.h
rename to include/uapi/linux/if.h
index a55a9e0..495cdd2 100644
--- a/include/linux/if.h
+++ b/include/uapi/linux/if.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
@@ -19,14 +20,22 @@
#ifndef _LINUX_IF_H
#define _LINUX_IF_H
+#include <linux/libc-compat.h> /* for compatibility with glibc */
#include <linux/types.h> /* for "__kernel_caddr_t" et al */
#include <linux/socket.h> /* for "struct sockaddr" et al */
/* for "__user" et al */
+#include <sys/socket.h> /* for struct sockaddr. */
+
+#if __UAPI_DEF_IF_IFNAMSIZ
#define IFNAMSIZ 16
+#endif /* __UAPI_DEF_IF_IFNAMSIZ */
#define IFALIASZ 256
#include <linux/hdlc/ioctl.h>
+/* For glibc compatibility. An empty enum does not compile. */
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || \
+ __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0
/**
* enum net_device_flags - &struct net_device flags
*
@@ -37,7 +46,7 @@
* are shared for all types of net_devices. The sysfs entries are available
* via /sys/class/net/<dev>/flags. Flags which can be toggled through sysfs
* are annotated below, note that only a few flags can be toggled and some
- * other flags are always always preserved from the original net_device flags
+ * other flags are always preserved from the original net_device flags
* even if you try to set them via sysfs. Flags which are always preserved
* are kept under the flag grouping @IFF_VOLATILE. Flags which are __volatile__
* are annotated below as such.
@@ -68,6 +77,8 @@
* @IFF_ECHO: echo sent packets. Volatile.
*/
enum net_device_flags {
+/* for compatibility with glibc net/if.h */
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS
IFF_UP = 1<<0, /* sysfs */
IFF_BROADCAST = 1<<1, /* __volatile__ */
IFF_DEBUG = 1<<2, /* sysfs */
@@ -84,11 +95,17 @@
IFF_PORTSEL = 1<<13, /* sysfs */
IFF_AUTOMEDIA = 1<<14, /* sysfs */
IFF_DYNAMIC = 1<<15, /* sysfs */
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
IFF_LOWER_UP = 1<<16, /* __volatile__ */
IFF_DORMANT = 1<<17, /* __volatile__ */
IFF_ECHO = 1<<18, /* __volatile__ */
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
};
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */
+/* for compatibility with glibc net/if.h */
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS
#define IFF_UP IFF_UP
#define IFF_BROADCAST IFF_BROADCAST
#define IFF_DEBUG IFF_DEBUG
@@ -105,9 +122,13 @@
#define IFF_PORTSEL IFF_PORTSEL
#define IFF_AUTOMEDIA IFF_AUTOMEDIA
#define IFF_DYNAMIC IFF_DYNAMIC
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
+
+#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
#define IFF_LOWER_UP IFF_LOWER_UP
#define IFF_DORMANT IFF_DORMANT
#define IFF_ECHO IFF_ECHO
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
#define IFF_VOLATILE (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|IFF_ECHO|\
IFF_MASTER|IFF_SLAVE|IFF_RUNNING|IFF_LOWER_UP|IFF_DORMANT)
@@ -166,6 +187,8 @@
* being very small might be worth keeping for clean configuration.
*/
+/* for compatibility with glibc net/if.h */
+#if __UAPI_DEF_IF_IFMAP
struct ifmap {
unsigned long mem_start;
unsigned long mem_end;
@@ -175,6 +198,7 @@
unsigned char port;
/* 3 bytes spare */
};
+#endif /* __UAPI_DEF_IF_IFMAP */
struct if_settings {
unsigned int type; /* Type of physical device or protocol */
@@ -200,6 +224,8 @@
* remainder may be interface specific.
*/
+/* for compatibility with glibc net/if.h */
+#if __UAPI_DEF_IF_IFREQ
struct ifreq {
#define IFHWADDRLEN 6
union
@@ -223,6 +249,7 @@
struct if_settings ifru_settings;
} ifr_ifru;
};
+#endif /* __UAPI_DEF_IF_IFREQ */
#define ifr_name ifr_ifrn.ifrn_name /* interface name */
#define ifr_hwaddr ifr_ifru.ifru_hwaddr /* MAC address */
@@ -249,6 +276,8 @@
* must know all networks accessible).
*/
+/* for compatibility with glibc net/if.h */
+#if __UAPI_DEF_IF_IFCONF
struct ifconf {
int ifc_len; /* size of buffer */
union {
@@ -256,6 +285,8 @@
struct ifreq *ifcu_req;
} ifc_ifcu;
};
+#endif /* __UAPI_DEF_IF_IFCONF */
+
#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
diff --git a/include/linux/if_addr.h b/include/uapi/linux/if_addr.h
similarity index 96%
rename from include/linux/if_addr.h
rename to include/uapi/linux/if_addr.h
index 26f0ecf..c4899e2 100644
--- a/include/linux/if_addr.h
+++ b/include/uapi/linux/if_addr.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_IF_ADDR_H
#define __LINUX_IF_ADDR_H
diff --git a/include/linux/if_addrlabel.h b/include/uapi/linux/if_addrlabel.h
similarity index 91%
rename from include/linux/if_addrlabel.h
rename to include/uapi/linux/if_addrlabel.h
index 54580c2..d1f5974 100644
--- a/include/linux/if_addrlabel.h
+++ b/include/uapi/linux/if_addrlabel.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* if_addrlabel.h - netlink interface for address labels
*
diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h
new file mode 100644
index 0000000..bc2bcde
--- /dev/null
+++ b/include/uapi/linux/if_alg.h
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * if_alg: User-space algorithm interface
+ *
+ * Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ */
+
+#ifndef _LINUX_IF_ALG_H
+#define _LINUX_IF_ALG_H
+
+#include <linux/types.h>
+
+struct sockaddr_alg {
+ __u16 salg_family;
+ __u8 salg_type[14];
+ __u32 salg_feat;
+ __u32 salg_mask;
+ __u8 salg_name[64];
+};
+
+struct af_alg_iv {
+ __u32 ivlen;
+ __u8 iv[0];
+};
+
+/* Socket options */
+#define ALG_SET_KEY 1
+#define ALG_SET_IV 2
+#define ALG_SET_OP 3
+#define ALG_SET_AEAD_ASSOCLEN 4
+#define ALG_SET_AEAD_AUTHSIZE 5
+
+/* Operations */
+#define ALG_OP_DECRYPT 0
+#define ALG_OP_ENCRYPT 1
+
+#endif /* _LINUX_IF_ALG_H */
diff --git a/include/linux/if_arp.h b/include/uapi/linux/if_arp.h
similarity index 96%
rename from include/linux/if_arp.h
rename to include/uapi/linux/if_arp.h
index d001bdb..cd136a6 100644
--- a/include/linux/if_arp.h
+++ b/include/uapi/linux/if_arp.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
@@ -59,6 +60,7 @@
#define ARPHRD_LAPB 516 /* LAPB */
#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */
#define ARPHRD_RAWHDLC 518 /* Raw HDLC */
+#define ARPHRD_RAWIP 519 /* Raw IP */
#define ARPHRD_TUNNEL 768 /* IPIP tunnel */
#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */
@@ -95,6 +97,7 @@
#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */
#define ARPHRD_NETLINK 824 /* Netlink header */
#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */
+#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */
#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */
#define ARPHRD_NONE 0xFFFE /* zero header length */
diff --git a/include/uapi/linux/if_bonding.h b/include/uapi/linux/if_bonding.h
new file mode 100644
index 0000000..61a1bf6
--- /dev/null
+++ b/include/uapi/linux/if_bonding.h
@@ -0,0 +1,131 @@
+/* SPDX-License-Identifier: GPL-1.0+ WITH Linux-syscall-note */
+/*
+ * Bond several ethernet interfaces into a Cisco, running 'Etherchannel'.
+ *
+ *
+ * Portions are (c) Copyright 1995 Simon "Guru Aleph-Null" Janes
+ * NCM: Network and Communications Management, Inc.
+ *
+ * BUT, I'm the one who modified it for ethernet, so:
+ * (c) Copyright 1999, Thomas Davis, tadavis@lbl.gov
+ *
+ * This software may be used and distributed according to the terms
+ * of the GNU Public License, incorporated herein by reference.
+ *
+ * 2003/03/18 - Amir Noam <amir.noam at intel dot com>
+ * - Added support for getting slave's speed and duplex via ethtool.
+ * Needed for 802.3ad and other future modes.
+ *
+ * 2003/03/18 - Tsippy Mendelson <tsippy.mendelson at intel dot com> and
+ * Shmulik Hen <shmulik.hen at intel dot com>
+ * - Enable support of modes that need to use the unique mac address of
+ * each slave.
+ *
+ * 2003/03/18 - Tsippy Mendelson <tsippy.mendelson at intel dot com> and
+ * Amir Noam <amir.noam at intel dot com>
+ * - Moved driver's private data types to bonding.h
+ *
+ * 2003/03/18 - Amir Noam <amir.noam at intel dot com>,
+ * Tsippy Mendelson <tsippy.mendelson at intel dot com> and
+ * Shmulik Hen <shmulik.hen at intel dot com>
+ * - Added support for IEEE 802.3ad Dynamic link aggregation mode.
+ *
+ * 2003/05/01 - Amir Noam <amir.noam at intel dot com>
+ * - Added ABI version control to restore compatibility between
+ * new/old ifenslave and new/old bonding.
+ *
+ * 2003/12/01 - Shmulik Hen <shmulik.hen at intel dot com>
+ * - Code cleanup and style changes
+ *
+ * 2005/05/05 - Jason Gabler <jygabler at lbl dot gov>
+ * - added definitions for various XOR hashing policies
+ */
+
+#ifndef _LINUX_IF_BONDING_H
+#define _LINUX_IF_BONDING_H
+
+#include <linux/if.h>
+#include <linux/types.h>
+#include <linux/if_ether.h>
+
+/* userland - kernel ABI version (2003/05/08) */
+#define BOND_ABI_VERSION 2
+
+/*
+ * We can remove these ioctl definitions in 2.5. People should use the
+ * SIOC*** versions of them instead
+ */
+#define BOND_ENSLAVE_OLD (SIOCDEVPRIVATE)
+#define BOND_RELEASE_OLD (SIOCDEVPRIVATE + 1)
+#define BOND_SETHWADDR_OLD (SIOCDEVPRIVATE + 2)
+#define BOND_SLAVE_INFO_QUERY_OLD (SIOCDEVPRIVATE + 11)
+#define BOND_INFO_QUERY_OLD (SIOCDEVPRIVATE + 12)
+#define BOND_CHANGE_ACTIVE_OLD (SIOCDEVPRIVATE + 13)
+
+#define BOND_CHECK_MII_STATUS (SIOCGMIIPHY)
+
+#define BOND_MODE_ROUNDROBIN 0
+#define BOND_MODE_ACTIVEBACKUP 1
+#define BOND_MODE_XOR 2
+#define BOND_MODE_BROADCAST 3
+#define BOND_MODE_8023AD 4
+#define BOND_MODE_TLB 5
+#define BOND_MODE_ALB 6 /* TLB + RLB (receive load balancing) */
+
+/* each slave's link has 4 states */
+#define BOND_LINK_UP 0 /* link is up and running */
+#define BOND_LINK_FAIL 1 /* link has just gone down */
+#define BOND_LINK_DOWN 2 /* link has been down for too long time */
+#define BOND_LINK_BACK 3 /* link is going back */
+
+/* each slave has several states */
+#define BOND_STATE_ACTIVE 0 /* link is active */
+#define BOND_STATE_BACKUP 1 /* link is backup */
+
+#define BOND_DEFAULT_MAX_BONDS 1 /* Default maximum number of devices to support */
+
+#define BOND_DEFAULT_TX_QUEUES 16 /* Default number of tx queues per device */
+
+#define BOND_DEFAULT_RESEND_IGMP 1 /* Default number of IGMP membership reports */
+
+/* hashing types */
+#define BOND_XMIT_POLICY_LAYER2 0 /* layer 2 (MAC only), default */
+#define BOND_XMIT_POLICY_LAYER34 1 /* layer 3+4 (IP ^ (TCP || UDP)) */
+#define BOND_XMIT_POLICY_LAYER23 2 /* layer 2+3 (IP ^ MAC) */
+#define BOND_XMIT_POLICY_ENCAP23 3 /* encapsulated layer 2+3 */
+#define BOND_XMIT_POLICY_ENCAP34 4 /* encapsulated layer 3+4 */
+
+typedef struct ifbond {
+ __s32 bond_mode;
+ __s32 num_slaves;
+ __s32 miimon;
+} ifbond;
+
+typedef struct ifslave {
+ __s32 slave_id; /* Used as an IN param to the BOND_SLAVE_INFO_QUERY ioctl */
+ char slave_name[IFNAMSIZ];
+ __s8 link;
+ __s8 state;
+ __u32 link_failure_count;
+} ifslave;
+
+struct ad_info {
+ __u16 aggregator_id;
+ __u16 ports;
+ __u16 actor_key;
+ __u16 partner_key;
+ __u8 partner_system[ETH_ALEN];
+};
+
+#endif /* _LINUX_IF_BONDING_H */
+
+/*
+ * Local variables:
+ * version-control: t
+ * kept-new-versions: 5
+ * c-indent-level: 8
+ * c-basic-offset: 8
+ * tab-width: 8
+ * End:
+ */
+
diff --git a/include/linux/if_bridge.h b/include/uapi/linux/if_bridge.h
similarity index 67%
rename from include/linux/if_bridge.h
rename to include/uapi/linux/if_bridge.h
index ee197a3..bdfecf9 100644
--- a/include/linux/if_bridge.h
+++ b/include/uapi/linux/if_bridge.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Linux ethernet bridge
*
@@ -118,6 +119,7 @@
IFLA_BRIDGE_FLAGS,
IFLA_BRIDGE_MODE,
IFLA_BRIDGE_VLAN_INFO,
+ IFLA_BRIDGE_VLAN_TUNNEL_INFO,
__IFLA_BRIDGE_MAX,
};
#define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
@@ -134,14 +136,40 @@
__u16 vid;
};
+enum {
+ IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC,
+ IFLA_BRIDGE_VLAN_TUNNEL_ID,
+ IFLA_BRIDGE_VLAN_TUNNEL_VID,
+ IFLA_BRIDGE_VLAN_TUNNEL_FLAGS,
+ __IFLA_BRIDGE_VLAN_TUNNEL_MAX,
+};
+
+#define IFLA_BRIDGE_VLAN_TUNNEL_MAX (__IFLA_BRIDGE_VLAN_TUNNEL_MAX - 1)
+
+struct bridge_vlan_xstats {
+ __u64 rx_bytes;
+ __u64 rx_packets;
+ __u64 tx_bytes;
+ __u64 tx_packets;
+ __u16 vid;
+ __u16 flags;
+ __u32 pad2;
+};
+
/* Bridge multicast database attributes
* [MDBA_MDB] = {
* [MDBA_MDB_ENTRY] = {
- * [MDBA_MDB_ENTRY_INFO]
+ * [MDBA_MDB_ENTRY_INFO] {
+ * struct br_mdb_entry
+ * [MDBA_MDB_EATTR attributes]
+ * }
* }
* }
* [MDBA_ROUTER] = {
- * [MDBA_ROUTER_PORT]
+ * [MDBA_ROUTER_PORT] = {
+ * u32 ifindex
+ * [MDBA_ROUTER_PATTR attributes]
+ * }
* }
*/
enum {
@@ -166,6 +194,22 @@
};
#define MDBA_MDB_ENTRY_MAX (__MDBA_MDB_ENTRY_MAX - 1)
+/* per mdb entry additional attributes */
+enum {
+ MDBA_MDB_EATTR_UNSPEC,
+ MDBA_MDB_EATTR_TIMER,
+ __MDBA_MDB_EATTR_MAX
+};
+#define MDBA_MDB_EATTR_MAX (__MDBA_MDB_EATTR_MAX - 1)
+
+/* multicast router types */
+enum {
+ MDB_RTR_TYPE_DISABLED,
+ MDB_RTR_TYPE_TEMP_QUERY,
+ MDB_RTR_TYPE_PERM,
+ MDB_RTR_TYPE_TEMP
+};
+
enum {
MDBA_ROUTER_UNSPEC,
MDBA_ROUTER_PORT,
@@ -173,6 +217,15 @@
};
#define MDBA_ROUTER_MAX (__MDBA_ROUTER_MAX - 1)
+/* router port attributes */
+enum {
+ MDBA_ROUTER_PATTR_UNSPEC,
+ MDBA_ROUTER_PATTR_TIMER,
+ MDBA_ROUTER_PATTR_TYPE,
+ __MDBA_ROUTER_PATTR_MAX
+};
+#define MDBA_ROUTER_PATTR_MAX (__MDBA_ROUTER_PATTR_MAX - 1)
+
struct br_port_msg {
__u8 family;
__u32 ifindex;
@@ -183,6 +236,8 @@
#define MDB_TEMPORARY 0
#define MDB_PERMANENT 1
__u8 state;
+#define MDB_FLAGS_OFFLOAD (1 << 0)
+ __u8 flags;
__u16 vid;
struct {
union {
@@ -200,4 +255,41 @@
};
#define MDBA_SET_ENTRY_MAX (__MDBA_SET_ENTRY_MAX - 1)
+/* Embedded inside LINK_XSTATS_TYPE_BRIDGE */
+enum {
+ BRIDGE_XSTATS_UNSPEC,
+ BRIDGE_XSTATS_VLAN,
+ BRIDGE_XSTATS_MCAST,
+ BRIDGE_XSTATS_PAD,
+ __BRIDGE_XSTATS_MAX
+};
+#define BRIDGE_XSTATS_MAX (__BRIDGE_XSTATS_MAX - 1)
+
+enum {
+ BR_MCAST_DIR_RX,
+ BR_MCAST_DIR_TX,
+ BR_MCAST_DIR_SIZE
+};
+
+/* IGMP/MLD statistics */
+struct br_mcast_stats {
+ __u64 igmp_v1queries[BR_MCAST_DIR_SIZE];
+ __u64 igmp_v2queries[BR_MCAST_DIR_SIZE];
+ __u64 igmp_v3queries[BR_MCAST_DIR_SIZE];
+ __u64 igmp_leaves[BR_MCAST_DIR_SIZE];
+ __u64 igmp_v1reports[BR_MCAST_DIR_SIZE];
+ __u64 igmp_v2reports[BR_MCAST_DIR_SIZE];
+ __u64 igmp_v3reports[BR_MCAST_DIR_SIZE];
+ __u64 igmp_parse_errors;
+
+ __u64 mld_v1queries[BR_MCAST_DIR_SIZE];
+ __u64 mld_v2queries[BR_MCAST_DIR_SIZE];
+ __u64 mld_leaves[BR_MCAST_DIR_SIZE];
+ __u64 mld_v1reports[BR_MCAST_DIR_SIZE];
+ __u64 mld_v2reports[BR_MCAST_DIR_SIZE];
+ __u64 mld_parse_errors;
+
+ __u64 mcast_bytes[BR_MCAST_DIR_SIZE];
+ __u64 mcast_packets[BR_MCAST_DIR_SIZE];
+};
#endif /* _LINUX_IF_BRIDGE_H */
diff --git a/include/linux/if_ether.h b/include/uapi/linux/if_ether.h
similarity index 91%
rename from include/linux/if_ether.h
rename to include/uapi/linux/if_ether.h
index bf278d6..2eb529a 100644
--- a/include/linux/if_ether.h
+++ b/include/uapi/linux/if_ether.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
@@ -35,6 +36,9 @@
#define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */
#define ETH_FCS_LEN 4 /* Octets in the FCS */
+#define ETH_MIN_MTU 68 /* Min IPv4 MTU per RFC791 */
+#define ETH_MAX_MTU 0xFFFFU /* 65535, same as IP_MAX_MTU */
+
/*
* These are the defined Ethernet Protocol ID's.
*/
@@ -63,6 +67,7 @@
#define ETH_P_ATALK 0x809B /* Appletalk DDP */
#define ETH_P_AARP 0x80F3 /* Appletalk AARP */
#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */
+#define ETH_P_ERSPAN 0x88BE /* ERSPAN type II */
#define ETH_P_IPX 0x8137 /* IPX over DIX */
#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */
#define ETH_P_PAUSE 0x8808 /* IEEE Pause frames. See 802.3 31B */
@@ -83,19 +88,25 @@
#define ETH_P_8021AD 0x88A8 /* 802.1ad Service VLAN */
#define ETH_P_802_EX1 0x88B5 /* 802.1 Local Experimental 1. */
#define ETH_P_TIPC 0x88CA /* TIPC */
+#define ETH_P_MACSEC 0x88E5 /* 802.1ae MACsec */
#define ETH_P_8021AH 0x88E7 /* 802.1ah Backbone Service Tag */
#define ETH_P_MVRP 0x88F5 /* 802.1Q MVRP */
#define ETH_P_1588 0x88F7 /* IEEE 1588 Timesync */
+#define ETH_P_NCSI 0x88F8 /* NCSI protocol */
#define ETH_P_PRP 0x88FB /* IEC 62439-3 PRP/HSRv0 */
#define ETH_P_FCOE 0x8906 /* Fibre Channel over Ethernet */
+#define ETH_P_IBOE 0x8915 /* Infiniband over Ethernet */
#define ETH_P_TDLS 0x890D /* TDLS */
#define ETH_P_FIP 0x8914 /* FCoE Initialization Protocol */
#define ETH_P_80221 0x8917 /* IEEE 802.21 Media Independent Handover Protocol */
+#define ETH_P_HSR 0x892F /* IEC 62439-3 HSRv1 */
+#define ETH_P_NSH 0x894F /* Network Service Header */
#define ETH_P_LOOPBACK 0x9000 /* Ethernet loopback packet, per IEEE 802.3 */
#define ETH_P_QINQ1 0x9100 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_QINQ2 0x9200 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_QINQ3 0x9300 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_EDSA 0xDADA /* Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] */
+#define ETH_P_IFE 0xED3E /* ForCES inter-FE LFB type */
#define ETH_P_AF_IUCV 0xFBFB /* IBM af_iucv [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_802_3_MIN 0x0600 /* If the value in the ethernet type is less than this value
@@ -130,6 +141,9 @@
#define ETH_P_IEEE802154 0x00F6 /* IEEE802.15.4 frame */
#define ETH_P_CAIF 0x00F7 /* ST-Ericsson CAIF protocol */
#define ETH_P_XDSA 0x00F8 /* Multiplexed DSA protocol */
+#define ETH_P_MAP 0x00F9 /* Qualcomm multiplexing and
+ * aggregation protocol
+ */
/*
* This is an Ethernet frame header.
diff --git a/include/linux/if_link.h b/include/uapi/linux/if_link.h
similarity index 78%
rename from include/linux/if_link.h
rename to include/uapi/linux/if_link.h
index d91f2c9..abc8f15 100644
--- a/include/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_IF_LINK_H
#define _LINUX_IF_LINK_H
@@ -35,6 +36,8 @@
/* for cslip etc */
__u32 rx_compressed;
__u32 tx_compressed;
+
+ __u32 rx_nohandler; /* dropped, no handler found */
};
/* The main device statistics structure */
@@ -68,6 +71,8 @@
/* for cslip etc */
__u64 rx_compressed;
__u64 tx_compressed;
+
+ __u64 rx_nohandler; /* dropped, no handler found */
};
/* The struct should be in sync with struct ifmap */
@@ -149,6 +154,11 @@
IFLA_LINK_NETNSID,
IFLA_PHYS_PORT_NAME,
IFLA_PROTO_DOWN,
+ IFLA_GSO_MAX_SEGS,
+ IFLA_GSO_MAX_SIZE,
+ IFLA_PAD,
+ IFLA_XDP,
+ IFLA_EVENT,
__IFLA_MAX
};
@@ -262,6 +272,11 @@
IFLA_BR_NF_CALL_IP6TABLES,
IFLA_BR_NF_CALL_ARPTABLES,
IFLA_BR_VLAN_DEFAULT_PVID,
+ IFLA_BR_PAD,
+ IFLA_BR_VLAN_STATS_ENABLED,
+ IFLA_BR_MCAST_STATS_ENABLED,
+ IFLA_BR_MCAST_IGMP_VERSION,
+ IFLA_BR_MCAST_MLD_VERSION,
__IFLA_BR_MAX,
};
@@ -304,6 +319,11 @@
IFLA_BRPORT_HOLD_TIMER,
IFLA_BRPORT_FLUSH,
IFLA_BRPORT_MULTICAST_ROUTER,
+ IFLA_BRPORT_PAD,
+ IFLA_BRPORT_MCAST_FLOOD,
+ IFLA_BRPORT_MCAST_TO_UCAST,
+ IFLA_BRPORT_VLAN_TUNNEL,
+ IFLA_BRPORT_BCAST_FLOOD,
__IFLA_BRPORT_MAX
};
#define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
@@ -399,6 +419,44 @@
#define IFLA_VRF_MAX (__IFLA_VRF_MAX - 1)
+enum {
+ IFLA_VRF_PORT_UNSPEC,
+ IFLA_VRF_PORT_TABLE,
+ __IFLA_VRF_PORT_MAX
+};
+
+#define IFLA_VRF_PORT_MAX (__IFLA_VRF_PORT_MAX - 1)
+
+/* MACSEC section */
+enum {
+ IFLA_MACSEC_UNSPEC,
+ IFLA_MACSEC_SCI,
+ IFLA_MACSEC_PORT,
+ IFLA_MACSEC_ICV_LEN,
+ IFLA_MACSEC_CIPHER_SUITE,
+ IFLA_MACSEC_WINDOW,
+ IFLA_MACSEC_ENCODING_SA,
+ IFLA_MACSEC_ENCRYPT,
+ IFLA_MACSEC_PROTECT,
+ IFLA_MACSEC_INC_SCI,
+ IFLA_MACSEC_ES,
+ IFLA_MACSEC_SCB,
+ IFLA_MACSEC_REPLAY_PROTECT,
+ IFLA_MACSEC_VALIDATION,
+ IFLA_MACSEC_PAD,
+ __IFLA_MACSEC_MAX,
+};
+
+#define IFLA_MACSEC_MAX (__IFLA_MACSEC_MAX - 1)
+
+enum macsec_validation_type {
+ MACSEC_VALIDATE_DISABLED = 0,
+ MACSEC_VALIDATE_CHECK = 1,
+ MACSEC_VALIDATE_STRICT = 2,
+ __MACSEC_VALIDATE_END,
+ MACSEC_VALIDATE_MAX = __MACSEC_VALIDATE_END - 1,
+};
+
/* IPVLAN section */
enum {
IFLA_IPVLAN_UNSPEC,
@@ -411,6 +469,7 @@
enum ipvlan_mode {
IPVLAN_MODE_L2 = 0,
IPVLAN_MODE_L3,
+ IPVLAN_MODE_L3S,
IPVLAN_MODE_MAX
};
@@ -442,6 +501,8 @@
IFLA_VXLAN_GBP,
IFLA_VXLAN_REMCSUM_NOPARTIAL,
IFLA_VXLAN_COLLECT_METADATA,
+ IFLA_VXLAN_LABEL,
+ IFLA_VXLAN_GPE,
__IFLA_VXLAN_MAX
};
#define IFLA_VXLAN_MAX (__IFLA_VXLAN_MAX - 1)
@@ -464,10 +525,36 @@
IFLA_GENEVE_UDP_CSUM,
IFLA_GENEVE_UDP_ZERO_CSUM6_TX,
IFLA_GENEVE_UDP_ZERO_CSUM6_RX,
+ IFLA_GENEVE_LABEL,
__IFLA_GENEVE_MAX
};
#define IFLA_GENEVE_MAX (__IFLA_GENEVE_MAX - 1)
+/* PPP section */
+enum {
+ IFLA_PPP_UNSPEC,
+ IFLA_PPP_DEV_FD,
+ __IFLA_PPP_MAX
+};
+#define IFLA_PPP_MAX (__IFLA_PPP_MAX - 1)
+
+/* GTP section */
+
+enum ifla_gtp_role {
+ GTP_ROLE_GGSN = 0,
+ GTP_ROLE_SGSN,
+};
+
+enum {
+ IFLA_GTP_UNSPEC,
+ IFLA_GTP_FD0,
+ IFLA_GTP_FD1,
+ IFLA_GTP_PDP_HASHSIZE,
+ IFLA_GTP_ROLE,
+ __IFLA_GTP_MAX,
+};
+#define IFLA_GTP_MAX (__IFLA_GTP_MAX - 1)
+
/* Bonding section */
enum {
@@ -544,7 +631,7 @@
enum {
IFLA_VF_UNSPEC,
IFLA_VF_MAC, /* Hardware queue specific attributes */
- IFLA_VF_VLAN,
+ IFLA_VF_VLAN, /* VLAN ID and QoS */
IFLA_VF_TX_RATE, /* Max TX Bandwidth Allocation */
IFLA_VF_SPOOFCHK, /* Spoof Checking on/off switch */
IFLA_VF_LINK_STATE, /* link state enable/disable/auto switch */
@@ -554,6 +641,9 @@
*/
IFLA_VF_STATS, /* network device statistics */
IFLA_VF_TRUST, /* Trust VF */
+ IFLA_VF_IB_NODE_GUID, /* VF Infiniband node GUID */
+ IFLA_VF_IB_PORT_GUID, /* VF Infiniband port GUID */
+ IFLA_VF_VLAN_LIST, /* nested list of vlans, option for QinQ */
__IFLA_VF_MAX,
};
@@ -570,6 +660,22 @@
__u32 qos;
};
+enum {
+ IFLA_VF_VLAN_INFO_UNSPEC,
+ IFLA_VF_VLAN_INFO, /* VLAN ID, QoS and VLAN protocol */
+ __IFLA_VF_VLAN_INFO_MAX,
+};
+
+#define IFLA_VF_VLAN_INFO_MAX (__IFLA_VF_VLAN_INFO_MAX - 1)
+#define MAX_VLAN_LIST_LEN 1
+
+struct ifla_vf_vlan_info {
+ __u32 vf;
+ __u32 vlan; /* 0 - 4095, 0 disables VLAN filter */
+ __u32 qos;
+ __be16 vlan_proto; /* VLAN protocol either 802.1Q or 802.1ad */
+};
+
struct ifla_vf_tx_rate {
__u32 vf;
__u32 rate; /* Max TX bandwidth in Mbps, 0 disables throttling */
@@ -586,6 +692,11 @@
__u32 setting;
};
+struct ifla_vf_guid {
+ __u32 vf;
+ __u64 guid;
+};
+
enum {
IFLA_VF_LINK_STATE_AUTO, /* link state of the uplink */
IFLA_VF_LINK_STATE_ENABLE, /* link always up */
@@ -610,6 +721,7 @@
IFLA_VF_STATS_TX_BYTES,
IFLA_VF_STATS_BROADCAST,
IFLA_VF_STATS_MULTICAST,
+ IFLA_VF_STATS_PAD,
__IFLA_VF_STATS_MAX,
};
@@ -720,9 +832,98 @@
IFLA_HSR_MULTICAST_SPEC, /* Last byte of supervision addr */
IFLA_HSR_SUPERVISION_ADDR, /* Supervision frame multicast addr */
IFLA_HSR_SEQ_NR,
+ IFLA_HSR_VERSION, /* HSR version */
__IFLA_HSR_MAX,
};
#define IFLA_HSR_MAX (__IFLA_HSR_MAX - 1)
+/* STATS section */
+
+struct if_stats_msg {
+ __u8 family;
+ __u8 pad1;
+ __u16 pad2;
+ __u32 ifindex;
+ __u32 filter_mask;
+};
+
+/* A stats attribute can be netdev specific or a global stat.
+ * For netdev stats, lets use the prefix IFLA_STATS_LINK_*
+ */
+enum {
+ IFLA_STATS_UNSPEC, /* also used as 64bit pad attribute */
+ IFLA_STATS_LINK_64,
+ IFLA_STATS_LINK_XSTATS,
+ IFLA_STATS_LINK_XSTATS_SLAVE,
+ IFLA_STATS_LINK_OFFLOAD_XSTATS,
+ IFLA_STATS_AF_SPEC,
+ __IFLA_STATS_MAX,
+};
+
+#define IFLA_STATS_MAX (__IFLA_STATS_MAX - 1)
+
+#define IFLA_STATS_FILTER_BIT(ATTR) (1 << (ATTR - 1))
+
+/* These are embedded into IFLA_STATS_LINK_XSTATS:
+ * [IFLA_STATS_LINK_XSTATS]
+ * -> [LINK_XSTATS_TYPE_xxx]
+ * -> [rtnl link type specific attributes]
+ */
+enum {
+ LINK_XSTATS_TYPE_UNSPEC,
+ LINK_XSTATS_TYPE_BRIDGE,
+ __LINK_XSTATS_TYPE_MAX
+};
+#define LINK_XSTATS_TYPE_MAX (__LINK_XSTATS_TYPE_MAX - 1)
+
+/* These are stats embedded into IFLA_STATS_LINK_OFFLOAD_XSTATS */
+enum {
+ IFLA_OFFLOAD_XSTATS_UNSPEC,
+ IFLA_OFFLOAD_XSTATS_CPU_HIT, /* struct rtnl_link_stats64 */
+ __IFLA_OFFLOAD_XSTATS_MAX
+};
+#define IFLA_OFFLOAD_XSTATS_MAX (__IFLA_OFFLOAD_XSTATS_MAX - 1)
+
+/* XDP section */
+
+#define XDP_FLAGS_UPDATE_IF_NOEXIST (1U << 0)
+#define XDP_FLAGS_SKB_MODE (1U << 1)
+#define XDP_FLAGS_DRV_MODE (1U << 2)
+#define XDP_FLAGS_HW_MODE (1U << 3)
+#define XDP_FLAGS_MODES (XDP_FLAGS_SKB_MODE | \
+ XDP_FLAGS_DRV_MODE | \
+ XDP_FLAGS_HW_MODE)
+#define XDP_FLAGS_MASK (XDP_FLAGS_UPDATE_IF_NOEXIST | \
+ XDP_FLAGS_MODES)
+
+/* These are stored into IFLA_XDP_ATTACHED on dump. */
+enum {
+ XDP_ATTACHED_NONE = 0,
+ XDP_ATTACHED_DRV,
+ XDP_ATTACHED_SKB,
+ XDP_ATTACHED_HW,
+};
+
+enum {
+ IFLA_XDP_UNSPEC,
+ IFLA_XDP_FD,
+ IFLA_XDP_ATTACHED,
+ IFLA_XDP_FLAGS,
+ IFLA_XDP_PROG_ID,
+ __IFLA_XDP_MAX,
+};
+
+#define IFLA_XDP_MAX (__IFLA_XDP_MAX - 1)
+
+enum {
+ IFLA_EVENT_NONE,
+ IFLA_EVENT_REBOOT, /* internal reset / reboot */
+ IFLA_EVENT_FEATURES, /* change in offload features */
+ IFLA_EVENT_BONDING_FAILOVER, /* change in active slave */
+ IFLA_EVENT_NOTIFY_PEERS, /* re-sent grat. arp/ndisc */
+ IFLA_EVENT_IGMP_RESEND, /* re-sent IGMP JOIN */
+ IFLA_EVENT_BONDING_OPTIONS, /* change in bonding options */
+};
+
#endif /* _LINUX_IF_LINK_H */
diff --git a/include/uapi/linux/if_macsec.h b/include/uapi/linux/if_macsec.h
new file mode 100644
index 0000000..560ab00
--- /dev/null
+++ b/include/uapi/linux/if_macsec.h
@@ -0,0 +1,172 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * include/uapi/linux/if_macsec.h - MACsec device
+ *
+ * Copyright (c) 2015 Sabrina Dubroca <sd@queasysnail.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#ifndef _MACSEC_H
+#define _MACSEC_H
+
+#include <linux/types.h>
+
+#define MACSEC_GENL_NAME "macsec"
+#define MACSEC_GENL_VERSION 1
+
+#define MACSEC_MAX_KEY_LEN 128
+
+#define MACSEC_KEYID_LEN 16
+
+#define MACSEC_DEFAULT_CIPHER_ID 0x0080020001000001ULL
+#define MACSEC_DEFAULT_CIPHER_ALT 0x0080C20001000001ULL
+
+#define MACSEC_MIN_ICV_LEN 8
+#define MACSEC_MAX_ICV_LEN 32
+/* upper limit for ICV length as recommended by IEEE802.1AE-2006 */
+#define MACSEC_STD_ICV_LEN 16
+
+enum macsec_attrs {
+ MACSEC_ATTR_UNSPEC,
+ MACSEC_ATTR_IFINDEX, /* u32, ifindex of the MACsec netdevice */
+ MACSEC_ATTR_RXSC_CONFIG, /* config, nested macsec_rxsc_attrs */
+ MACSEC_ATTR_SA_CONFIG, /* config, nested macsec_sa_attrs */
+ MACSEC_ATTR_SECY, /* dump, nested macsec_secy_attrs */
+ MACSEC_ATTR_TXSA_LIST, /* dump, nested, macsec_sa_attrs for each TXSA */
+ MACSEC_ATTR_RXSC_LIST, /* dump, nested, macsec_rxsc_attrs for each RXSC */
+ MACSEC_ATTR_TXSC_STATS, /* dump, nested, macsec_txsc_stats_attr */
+ MACSEC_ATTR_SECY_STATS, /* dump, nested, macsec_secy_stats_attr */
+ __MACSEC_ATTR_END,
+ NUM_MACSEC_ATTR = __MACSEC_ATTR_END,
+ MACSEC_ATTR_MAX = __MACSEC_ATTR_END - 1,
+};
+
+enum macsec_secy_attrs {
+ MACSEC_SECY_ATTR_UNSPEC,
+ MACSEC_SECY_ATTR_SCI,
+ MACSEC_SECY_ATTR_ENCODING_SA,
+ MACSEC_SECY_ATTR_WINDOW,
+ MACSEC_SECY_ATTR_CIPHER_SUITE,
+ MACSEC_SECY_ATTR_ICV_LEN,
+ MACSEC_SECY_ATTR_PROTECT,
+ MACSEC_SECY_ATTR_REPLAY,
+ MACSEC_SECY_ATTR_OPER,
+ MACSEC_SECY_ATTR_VALIDATE,
+ MACSEC_SECY_ATTR_ENCRYPT,
+ MACSEC_SECY_ATTR_INC_SCI,
+ MACSEC_SECY_ATTR_ES,
+ MACSEC_SECY_ATTR_SCB,
+ MACSEC_SECY_ATTR_PAD,
+ __MACSEC_SECY_ATTR_END,
+ NUM_MACSEC_SECY_ATTR = __MACSEC_SECY_ATTR_END,
+ MACSEC_SECY_ATTR_MAX = __MACSEC_SECY_ATTR_END - 1,
+};
+
+enum macsec_rxsc_attrs {
+ MACSEC_RXSC_ATTR_UNSPEC,
+ MACSEC_RXSC_ATTR_SCI, /* config/dump, u64 */
+ MACSEC_RXSC_ATTR_ACTIVE, /* config/dump, u8 0..1 */
+ MACSEC_RXSC_ATTR_SA_LIST, /* dump, nested */
+ MACSEC_RXSC_ATTR_STATS, /* dump, nested, macsec_rxsc_stats_attr */
+ MACSEC_RXSC_ATTR_PAD,
+ __MACSEC_RXSC_ATTR_END,
+ NUM_MACSEC_RXSC_ATTR = __MACSEC_RXSC_ATTR_END,
+ MACSEC_RXSC_ATTR_MAX = __MACSEC_RXSC_ATTR_END - 1,
+};
+
+enum macsec_sa_attrs {
+ MACSEC_SA_ATTR_UNSPEC,
+ MACSEC_SA_ATTR_AN, /* config/dump, u8 0..3 */
+ MACSEC_SA_ATTR_ACTIVE, /* config/dump, u8 0..1 */
+ MACSEC_SA_ATTR_PN, /* config/dump, u32 */
+ MACSEC_SA_ATTR_KEY, /* config, data */
+ MACSEC_SA_ATTR_KEYID, /* config/dump, 128-bit */
+ MACSEC_SA_ATTR_STATS, /* dump, nested, macsec_sa_stats_attr */
+ MACSEC_SA_ATTR_PAD,
+ __MACSEC_SA_ATTR_END,
+ NUM_MACSEC_SA_ATTR = __MACSEC_SA_ATTR_END,
+ MACSEC_SA_ATTR_MAX = __MACSEC_SA_ATTR_END - 1,
+};
+
+enum macsec_nl_commands {
+ MACSEC_CMD_GET_TXSC,
+ MACSEC_CMD_ADD_RXSC,
+ MACSEC_CMD_DEL_RXSC,
+ MACSEC_CMD_UPD_RXSC,
+ MACSEC_CMD_ADD_TXSA,
+ MACSEC_CMD_DEL_TXSA,
+ MACSEC_CMD_UPD_TXSA,
+ MACSEC_CMD_ADD_RXSA,
+ MACSEC_CMD_DEL_RXSA,
+ MACSEC_CMD_UPD_RXSA,
+};
+
+/* u64 per-RXSC stats */
+enum macsec_rxsc_stats_attr {
+ MACSEC_RXSC_STATS_ATTR_UNSPEC,
+ MACSEC_RXSC_STATS_ATTR_IN_OCTETS_VALIDATED,
+ MACSEC_RXSC_STATS_ATTR_IN_OCTETS_DECRYPTED,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNCHECKED,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_DELAYED,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_OK,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_INVALID,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_LATE,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_VALID,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_USING_SA,
+ MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNUSED_SA,
+ MACSEC_RXSC_STATS_ATTR_PAD,
+ __MACSEC_RXSC_STATS_ATTR_END,
+ NUM_MACSEC_RXSC_STATS_ATTR = __MACSEC_RXSC_STATS_ATTR_END,
+ MACSEC_RXSC_STATS_ATTR_MAX = __MACSEC_RXSC_STATS_ATTR_END - 1,
+};
+
+/* u32 per-{RX,TX}SA stats */
+enum macsec_sa_stats_attr {
+ MACSEC_SA_STATS_ATTR_UNSPEC,
+ MACSEC_SA_STATS_ATTR_IN_PKTS_OK,
+ MACSEC_SA_STATS_ATTR_IN_PKTS_INVALID,
+ MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_VALID,
+ MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_USING_SA,
+ MACSEC_SA_STATS_ATTR_IN_PKTS_UNUSED_SA,
+ MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED,
+ MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED,
+ __MACSEC_SA_STATS_ATTR_END,
+ NUM_MACSEC_SA_STATS_ATTR = __MACSEC_SA_STATS_ATTR_END,
+ MACSEC_SA_STATS_ATTR_MAX = __MACSEC_SA_STATS_ATTR_END - 1,
+};
+
+/* u64 per-TXSC stats */
+enum macsec_txsc_stats_attr {
+ MACSEC_TXSC_STATS_ATTR_UNSPEC,
+ MACSEC_TXSC_STATS_ATTR_OUT_PKTS_PROTECTED,
+ MACSEC_TXSC_STATS_ATTR_OUT_PKTS_ENCRYPTED,
+ MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_PROTECTED,
+ MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_ENCRYPTED,
+ MACSEC_TXSC_STATS_ATTR_PAD,
+ __MACSEC_TXSC_STATS_ATTR_END,
+ NUM_MACSEC_TXSC_STATS_ATTR = __MACSEC_TXSC_STATS_ATTR_END,
+ MACSEC_TXSC_STATS_ATTR_MAX = __MACSEC_TXSC_STATS_ATTR_END - 1,
+};
+
+/* u64 per-SecY stats */
+enum macsec_secy_stats_attr {
+ MACSEC_SECY_STATS_ATTR_UNSPEC,
+ MACSEC_SECY_STATS_ATTR_OUT_PKTS_UNTAGGED,
+ MACSEC_SECY_STATS_ATTR_IN_PKTS_UNTAGGED,
+ MACSEC_SECY_STATS_ATTR_OUT_PKTS_TOO_LONG,
+ MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_TAG,
+ MACSEC_SECY_STATS_ATTR_IN_PKTS_BAD_TAG,
+ MACSEC_SECY_STATS_ATTR_IN_PKTS_UNKNOWN_SCI,
+ MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_SCI,
+ MACSEC_SECY_STATS_ATTR_IN_PKTS_OVERRUN,
+ MACSEC_SECY_STATS_ATTR_PAD,
+ __MACSEC_SECY_STATS_ATTR_END,
+ NUM_MACSEC_SECY_STATS_ATTR = __MACSEC_SECY_STATS_ATTR_END,
+ MACSEC_SECY_STATS_ATTR_MAX = __MACSEC_SECY_STATS_ATTR_END - 1,
+};
+
+#endif /* _MACSEC_H */
diff --git a/include/uapi/linux/if_packet.h b/include/uapi/linux/if_packet.h
new file mode 100644
index 0000000..67b61d9
--- /dev/null
+++ b/include/uapi/linux/if_packet.h
@@ -0,0 +1,303 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef __LINUX_IF_PACKET_H
+#define __LINUX_IF_PACKET_H
+
+#include <linux/types.h>
+
+struct sockaddr_pkt {
+ unsigned short spkt_family;
+ unsigned char spkt_device[14];
+ __be16 spkt_protocol;
+};
+
+struct sockaddr_ll {
+ unsigned short sll_family;
+ __be16 sll_protocol;
+ int sll_ifindex;
+ unsigned short sll_hatype;
+ unsigned char sll_pkttype;
+ unsigned char sll_halen;
+ unsigned char sll_addr[8];
+};
+
+/* Packet types */
+
+#define PACKET_HOST 0 /* To us */
+#define PACKET_BROADCAST 1 /* To all */
+#define PACKET_MULTICAST 2 /* To group */
+#define PACKET_OTHERHOST 3 /* To someone else */
+#define PACKET_OUTGOING 4 /* Outgoing of any type */
+#define PACKET_LOOPBACK 5 /* MC/BRD frame looped back */
+#define PACKET_USER 6 /* To user space */
+#define PACKET_KERNEL 7 /* To kernel space */
+/* Unused, PACKET_FASTROUTE and PACKET_LOOPBACK are invisible to user space */
+#define PACKET_FASTROUTE 6 /* Fastrouted frame */
+
+/* Packet socket options */
+
+#define PACKET_ADD_MEMBERSHIP 1
+#define PACKET_DROP_MEMBERSHIP 2
+#define PACKET_RECV_OUTPUT 3
+/* Value 4 is still used by obsolete turbo-packet. */
+#define PACKET_RX_RING 5
+#define PACKET_STATISTICS 6
+#define PACKET_COPY_THRESH 7
+#define PACKET_AUXDATA 8
+#define PACKET_ORIGDEV 9
+#define PACKET_VERSION 10
+#define PACKET_HDRLEN 11
+#define PACKET_RESERVE 12
+#define PACKET_TX_RING 13
+#define PACKET_LOSS 14
+#define PACKET_VNET_HDR 15
+#define PACKET_TX_TIMESTAMP 16
+#define PACKET_TIMESTAMP 17
+#define PACKET_FANOUT 18
+#define PACKET_TX_HAS_OFF 19
+#define PACKET_QDISC_BYPASS 20
+#define PACKET_ROLLOVER_STATS 21
+#define PACKET_FANOUT_DATA 22
+
+#define PACKET_FANOUT_HASH 0
+#define PACKET_FANOUT_LB 1
+#define PACKET_FANOUT_CPU 2
+#define PACKET_FANOUT_ROLLOVER 3
+#define PACKET_FANOUT_RND 4
+#define PACKET_FANOUT_QM 5
+#define PACKET_FANOUT_CBPF 6
+#define PACKET_FANOUT_EBPF 7
+#define PACKET_FANOUT_FLAG_ROLLOVER 0x1000
+#define PACKET_FANOUT_FLAG_UNIQUEID 0x2000
+#define PACKET_FANOUT_FLAG_DEFRAG 0x8000
+
+struct tpacket_stats {
+ unsigned int tp_packets;
+ unsigned int tp_drops;
+};
+
+struct tpacket_stats_v3 {
+ unsigned int tp_packets;
+ unsigned int tp_drops;
+ unsigned int tp_freeze_q_cnt;
+};
+
+struct tpacket_rollover_stats {
+ __aligned_u64 tp_all;
+ __aligned_u64 tp_huge;
+ __aligned_u64 tp_failed;
+};
+
+union tpacket_stats_u {
+ struct tpacket_stats stats1;
+ struct tpacket_stats_v3 stats3;
+};
+
+struct tpacket_auxdata {
+ __u32 tp_status;
+ __u32 tp_len;
+ __u32 tp_snaplen;
+ __u16 tp_mac;
+ __u16 tp_net;
+ __u16 tp_vlan_tci;
+ __u16 tp_vlan_tpid;
+};
+
+/* Rx ring - header status */
+#define TP_STATUS_KERNEL 0
+#define TP_STATUS_USER (1 << 0)
+#define TP_STATUS_COPY (1 << 1)
+#define TP_STATUS_LOSING (1 << 2)
+#define TP_STATUS_CSUMNOTREADY (1 << 3)
+#define TP_STATUS_VLAN_VALID (1 << 4) /* auxdata has valid tp_vlan_tci */
+#define TP_STATUS_BLK_TMO (1 << 5)
+#define TP_STATUS_VLAN_TPID_VALID (1 << 6) /* auxdata has valid tp_vlan_tpid */
+#define TP_STATUS_CSUM_VALID (1 << 7)
+
+/* Tx ring - header status */
+#define TP_STATUS_AVAILABLE 0
+#define TP_STATUS_SEND_REQUEST (1 << 0)
+#define TP_STATUS_SENDING (1 << 1)
+#define TP_STATUS_WRONG_FORMAT (1 << 2)
+
+/* Rx and Tx ring - header status */
+#define TP_STATUS_TS_SOFTWARE (1 << 29)
+#define TP_STATUS_TS_SYS_HARDWARE (1 << 30) /* deprecated, never set */
+#define TP_STATUS_TS_RAW_HARDWARE (1 << 31)
+
+/* Rx ring - feature request bits */
+#define TP_FT_REQ_FILL_RXHASH 0x1
+
+struct tpacket_hdr {
+ unsigned long tp_status;
+ unsigned int tp_len;
+ unsigned int tp_snaplen;
+ unsigned short tp_mac;
+ unsigned short tp_net;
+ unsigned int tp_sec;
+ unsigned int tp_usec;
+};
+
+#define TPACKET_ALIGNMENT 16
+#define TPACKET_ALIGN(x) (((x)+TPACKET_ALIGNMENT-1)&~(TPACKET_ALIGNMENT-1))
+#define TPACKET_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket_hdr)) + sizeof(struct sockaddr_ll))
+
+struct tpacket2_hdr {
+ __u32 tp_status;
+ __u32 tp_len;
+ __u32 tp_snaplen;
+ __u16 tp_mac;
+ __u16 tp_net;
+ __u32 tp_sec;
+ __u32 tp_nsec;
+ __u16 tp_vlan_tci;
+ __u16 tp_vlan_tpid;
+ __u8 tp_padding[4];
+};
+
+struct tpacket_hdr_variant1 {
+ __u32 tp_rxhash;
+ __u32 tp_vlan_tci;
+ __u16 tp_vlan_tpid;
+ __u16 tp_padding;
+};
+
+struct tpacket3_hdr {
+ __u32 tp_next_offset;
+ __u32 tp_sec;
+ __u32 tp_nsec;
+ __u32 tp_snaplen;
+ __u32 tp_len;
+ __u32 tp_status;
+ __u16 tp_mac;
+ __u16 tp_net;
+ /* pkt_hdr variants */
+ union {
+ struct tpacket_hdr_variant1 hv1;
+ };
+ __u8 tp_padding[8];
+};
+
+struct tpacket_bd_ts {
+ unsigned int ts_sec;
+ union {
+ unsigned int ts_usec;
+ unsigned int ts_nsec;
+ };
+};
+
+struct tpacket_hdr_v1 {
+ __u32 block_status;
+ __u32 num_pkts;
+ __u32 offset_to_first_pkt;
+
+ /* Number of valid bytes (including padding)
+ * blk_len <= tp_block_size
+ */
+ __u32 blk_len;
+
+ /*
+ * Quite a few uses of sequence number:
+ * 1. Make sure cache flush etc worked.
+ * Well, one can argue - why not use the increasing ts below?
+ * But look at 2. below first.
+ * 2. When you pass around blocks to other user space decoders,
+ * you can see which blk[s] is[are] outstanding etc.
+ * 3. Validate kernel code.
+ */
+ __aligned_u64 seq_num;
+
+ /*
+ * ts_last_pkt:
+ *
+ * Case 1. Block has 'N'(N >=1) packets and TMO'd(timed out)
+ * ts_last_pkt == 'time-stamp of last packet' and NOT the
+ * time when the timer fired and the block was closed.
+ * By providing the ts of the last packet we can absolutely
+ * guarantee that time-stamp wise, the first packet in the
+ * next block will never precede the last packet of the
+ * previous block.
+ * Case 2. Block has zero packets and TMO'd
+ * ts_last_pkt = time when the timer fired and the block
+ * was closed.
+ * Case 3. Block has 'N' packets and NO TMO.
+ * ts_last_pkt = time-stamp of the last pkt in the block.
+ *
+ * ts_first_pkt:
+ * Is always the time-stamp when the block was opened.
+ * Case a) ZERO packets
+ * No packets to deal with but atleast you know the
+ * time-interval of this block.
+ * Case b) Non-zero packets
+ * Use the ts of the first packet in the block.
+ *
+ */
+ struct tpacket_bd_ts ts_first_pkt, ts_last_pkt;
+};
+
+union tpacket_bd_header_u {
+ struct tpacket_hdr_v1 bh1;
+};
+
+struct tpacket_block_desc {
+ __u32 version;
+ __u32 offset_to_priv;
+ union tpacket_bd_header_u hdr;
+};
+
+#define TPACKET2_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket2_hdr)) + sizeof(struct sockaddr_ll))
+#define TPACKET3_HDRLEN (TPACKET_ALIGN(sizeof(struct tpacket3_hdr)) + sizeof(struct sockaddr_ll))
+
+enum tpacket_versions {
+ TPACKET_V1,
+ TPACKET_V2,
+ TPACKET_V3
+};
+
+/*
+ Frame structure:
+
+ - Start. Frame must be aligned to TPACKET_ALIGNMENT=16
+ - struct tpacket_hdr
+ - pad to TPACKET_ALIGNMENT=16
+ - struct sockaddr_ll
+ - Gap, chosen so that packet data (Start+tp_net) alignes to TPACKET_ALIGNMENT=16
+ - Start+tp_mac: [ Optional MAC header ]
+ - Start+tp_net: Packet data, aligned to TPACKET_ALIGNMENT=16.
+ - Pad to align to TPACKET_ALIGNMENT=16
+ */
+
+struct tpacket_req {
+ unsigned int tp_block_size; /* Minimal size of contiguous block */
+ unsigned int tp_block_nr; /* Number of blocks */
+ unsigned int tp_frame_size; /* Size of frame */
+ unsigned int tp_frame_nr; /* Total number of frames */
+};
+
+struct tpacket_req3 {
+ unsigned int tp_block_size; /* Minimal size of contiguous block */
+ unsigned int tp_block_nr; /* Number of blocks */
+ unsigned int tp_frame_size; /* Size of frame */
+ unsigned int tp_frame_nr; /* Total number of frames */
+ unsigned int tp_retire_blk_tov; /* timeout in msecs */
+ unsigned int tp_sizeof_priv; /* offset to private data area */
+ unsigned int tp_feature_req_word;
+};
+
+union tpacket_req_u {
+ struct tpacket_req req;
+ struct tpacket_req3 req3;
+};
+
+struct packet_mreq {
+ int mr_ifindex;
+ unsigned short mr_type;
+ unsigned short mr_alen;
+ unsigned char mr_address[8];
+};
+
+#define PACKET_MR_MULTICAST 0
+#define PACKET_MR_PROMISC 1
+#define PACKET_MR_ALLMULTI 2
+#define PACKET_MR_UNICAST 3
+
+#endif
diff --git a/include/linux/if_tun.h b/include/uapi/linux/if_tun.h
similarity index 98%
rename from include/linux/if_tun.h
rename to include/uapi/linux/if_tun.h
index d5ecb42..581f356 100644
--- a/include/linux/if_tun.h
+++ b/include/uapi/linux/if_tun.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Universal TUN/TAP device driver.
* Copyright (C) 1999-2000 Maxim Krasnyansky <max_mk@yahoo.com>
diff --git a/include/linux/if_tunnel.h b/include/uapi/linux/if_tunnel.h
similarity index 77%
rename from include/linux/if_tunnel.h
rename to include/uapi/linux/if_tunnel.h
index f0201ca..9db14bd 100644
--- a/include/linux/if_tunnel.h
+++ b/include/uapi/linux/if_tunnel.h
@@ -1,7 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _IF_TUNNEL_H_
#define _IF_TUNNEL_H_
#include <linux/types.h>
+#include <linux/if.h>
+#include <linux/ip.h>
+#include <linux/in6.h>
#include <asm/byteorder.h>
@@ -24,9 +28,23 @@
#define GRE_SEQ __cpu_to_be16(0x1000)
#define GRE_STRICT __cpu_to_be16(0x0800)
#define GRE_REC __cpu_to_be16(0x0700)
-#define GRE_FLAGS __cpu_to_be16(0x00F8)
+#define GRE_ACK __cpu_to_be16(0x0080)
+#define GRE_FLAGS __cpu_to_be16(0x0078)
#define GRE_VERSION __cpu_to_be16(0x0007)
+#define GRE_IS_CSUM(f) ((f) & GRE_CSUM)
+#define GRE_IS_ROUTING(f) ((f) & GRE_ROUTING)
+#define GRE_IS_KEY(f) ((f) & GRE_KEY)
+#define GRE_IS_SEQ(f) ((f) & GRE_SEQ)
+#define GRE_IS_STRICT(f) ((f) & GRE_STRICT)
+#define GRE_IS_REC(f) ((f) & GRE_REC)
+#define GRE_IS_ACK(f) ((f) & GRE_ACK)
+
+#define GRE_VERSION_0 __cpu_to_be16(0x0000)
+#define GRE_VERSION_1 __cpu_to_be16(0x0001)
+#define GRE_PROTO_PPP __cpu_to_be16(0x880b)
+#define GRE_PPTP_KEY_MASK __cpu_to_be32(0xffff)
+
struct ip_tunnel_parm {
char name[IFNAMSIZ];
int link;
@@ -57,6 +75,8 @@
IFLA_IPTUN_ENCAP_FLAGS,
IFLA_IPTUN_ENCAP_SPORT,
IFLA_IPTUN_ENCAP_DPORT,
+ IFLA_IPTUN_COLLECT_METADATA,
+ IFLA_IPTUN_FWMARK,
__IFLA_IPTUN_MAX,
};
#define IFLA_IPTUN_MAX (__IFLA_IPTUN_MAX - 1)
@@ -113,6 +133,9 @@
IFLA_GRE_ENCAP_SPORT,
IFLA_GRE_ENCAP_DPORT,
IFLA_GRE_COLLECT_METADATA,
+ IFLA_GRE_IGNORE_DF,
+ IFLA_GRE_FWMARK,
+ IFLA_GRE_ERSPAN_INDEX,
__IFLA_GRE_MAX,
};
@@ -128,6 +151,7 @@
IFLA_VTI_OKEY,
IFLA_VTI_LOCAL,
IFLA_VTI_REMOTE,
+ IFLA_VTI_FWMARK,
__IFLA_VTI_MAX,
};
diff --git a/include/linux/if_vlan.h b/include/uapi/linux/if_vlan.h
similarity index 96%
rename from include/linux/if_vlan.h
rename to include/uapi/linux/if_vlan.h
index 24ae007..18a15da 100644
--- a/include/linux/if_vlan.h
+++ b/include/uapi/linux/if_vlan.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* VLAN An implementation of 802.1Q VLAN tagging.
*
diff --git a/include/uapi/linux/ife.h b/include/uapi/linux/ife.h
new file mode 100644
index 0000000..bdd953c
--- /dev/null
+++ b/include/uapi/linux/ife.h
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef __UAPI_IFE_H
+#define __UAPI_IFE_H
+
+#define IFE_METAHDRLEN 2
+
+enum {
+ IFE_META_SKBMARK = 1,
+ IFE_META_HASHID,
+ IFE_META_PRIO,
+ IFE_META_QMAP,
+ IFE_META_TCINDEX,
+ __IFE_META_MAX
+};
+
+/*Can be overridden at runtime by module option*/
+#define IFE_META_MAX (__IFE_META_MAX - 1)
+
+#endif
diff --git a/include/linux/ila.h b/include/uapi/linux/ila.h
similarity index 76%
rename from include/linux/ila.h
rename to include/uapi/linux/ila.h
index 4f9e1de..9407d0d 100644
--- a/include/linux/ila.h
+++ b/include/uapi/linux/ila.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* ila.h - ILA Interface */
#ifndef _LINUX_ILA_H
@@ -14,6 +15,8 @@
ILA_ATTR_LOCATOR_MATCH, /* u64 */
ILA_ATTR_IFINDEX, /* s32 */
ILA_ATTR_DIR, /* u32 */
+ ILA_ATTR_PAD,
+ ILA_ATTR_CSUM_MODE, /* u8 */
__ILA_ATTR_MAX,
};
@@ -34,4 +37,10 @@
#define ILA_DIR_IN (1 << 0)
#define ILA_DIR_OUT (1 << 1)
+enum {
+ ILA_CSUM_ADJUST_TRANSPORT,
+ ILA_CSUM_NEUTRAL_MAP,
+ ILA_CSUM_NO_ACTION,
+};
+
#endif /* _LINUX_ILA_H */
diff --git a/include/linux/in.h b/include/uapi/linux/in.h
similarity index 98%
rename from include/linux/in.h
rename to include/uapi/linux/in.h
index 194b43b..a4f143b 100644
--- a/include/linux/in.h
+++ b/include/uapi/linux/in.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
@@ -117,6 +118,7 @@
#define IP_NODEFRAG 22
#define IP_CHECKSUM 23
#define IP_BIND_ADDRESS_NO_PORT 24
+#define IP_RECVFRAGSIZE 25
/* IP_MTU_DISCOVER values */
#define IP_PMTUDISC_DONT 0 /* Never send DF frames */
diff --git a/include/linux/in6.h b/include/uapi/linux/in6.h
similarity index 97%
rename from include/linux/in6.h
rename to include/uapi/linux/in6.h
index aa5b66d..9b75a82 100644
--- a/include/linux/in6.h
+++ b/include/uapi/linux/in6.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Types and definitions for AF_INET6
* Linux INET6 implementation
@@ -143,6 +144,7 @@
#define IPV6_TLV_PAD1 0
#define IPV6_TLV_PADN 1
#define IPV6_TLV_ROUTERALERT 5
+#define IPV6_TLV_CALIPSO 7 /* RFC 5570 */
#define IPV6_TLV_JUMBO 194
#define IPV6_TLV_HAO 201 /* home address option */
@@ -282,6 +284,7 @@
#define IPV6_RECVORIGDSTADDR IPV6_ORIGDSTADDR
#define IPV6_TRANSPARENT 75
#define IPV6_UNICAST_IF 76
+#define IPV6_RECVFRAGSIZE 77
/*
* Multicast Routing:
diff --git a/include/uapi/linux/in_route.h b/include/uapi/linux/in_route.h
new file mode 100644
index 0000000..0cc2c23
--- /dev/null
+++ b/include/uapi/linux/in_route.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_IN_ROUTE_H
+#define _LINUX_IN_ROUTE_H
+
+/* IPv4 routing cache flags */
+
+#define RTCF_DEAD RTNH_F_DEAD
+#define RTCF_ONLINK RTNH_F_ONLINK
+
+/* Obsolete flag. About to be deleted */
+#define RTCF_NOPMTUDISC RTM_F_NOPMTUDISC
+
+#define RTCF_NOTIFY 0x00010000
+#define RTCF_DIRECTDST 0x00020000 /* unused */
+#define RTCF_REDIRECTED 0x00040000
+#define RTCF_TPROXY 0x00080000 /* unused */
+
+#define RTCF_FAST 0x00200000 /* unused */
+#define RTCF_MASQ 0x00400000 /* unused */
+#define RTCF_SNAT 0x00800000 /* unused */
+#define RTCF_DOREDIRECT 0x01000000
+#define RTCF_DIRECTSRC 0x04000000
+#define RTCF_DNAT 0x08000000
+#define RTCF_BROADCAST 0x10000000
+#define RTCF_MULTICAST 0x20000000
+#define RTCF_REJECT 0x40000000 /* unused */
+#define RTCF_LOCAL 0x80000000
+
+#define RTCF_NAT (RTCF_DNAT|RTCF_SNAT)
+
+#define RT_TOS(tos) ((tos)&IPTOS_TOS_MASK)
+
+#endif /* _LINUX_IN_ROUTE_H */
diff --git a/include/linux/inet_diag.h b/include/uapi/linux/inet_diag.h
similarity index 75%
rename from include/linux/inet_diag.h
rename to include/uapi/linux/inet_diag.h
index 016de88..8a22e17 100644
--- a/include/linux/inet_diag.h
+++ b/include/uapi/linux/inet_diag.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _INET_DIAG_H_
#define _INET_DIAG_H_
@@ -43,6 +44,23 @@
struct inet_diag_sockid id;
};
+/*
+ * SOCK_RAW sockets require the underlied protocol to be
+ * additionally specified so we can use @pad member for
+ * this, but we can't rename it because userspace programs
+ * still may depend on this name. Instead lets use another
+ * structure definition as an alias for struct
+ * @inet_diag_req_v2.
+ */
+struct inet_diag_req_raw {
+ __u8 sdiag_family;
+ __u8 sdiag_protocol;
+ __u8 idiag_ext;
+ __u8 sdiag_raw_protocol;
+ __u32 idiag_states;
+ struct inet_diag_sockid id;
+};
+
enum {
INET_DIAG_REQ_NONE,
INET_DIAG_REQ_BYTECODE,
@@ -124,6 +142,9 @@
INET_DIAG_PEERS,
INET_DIAG_PAD,
INET_DIAG_MARK,
+ INET_DIAG_BBRINFO,
+ INET_DIAG_CLASS_ID,
+ INET_DIAG_MD5SIG,
__INET_DIAG_MAX,
};
@@ -157,8 +178,20 @@
__u32 dctcp_ab_tot;
};
+/* INET_DIAG_BBRINFO */
+
+struct tcp_bbr_info {
+ /* u64 bw: max-filtered BW (app throughput) estimate in Byte per sec: */
+ __u32 bbr_bw_lo; /* lower 32 bits of bw */
+ __u32 bbr_bw_hi; /* upper 32 bits of bw */
+ __u32 bbr_min_rtt; /* min-filtered RTT in uSec */
+ __u32 bbr_pacing_gain; /* pacing gain shifted left 8 bits */
+ __u32 bbr_cwnd_gain; /* cwnd gain shifted left 8 bits */
+};
+
union tcp_cc_info {
struct tcpvegas_info vegas;
struct tcp_dctcp_info dctcp;
+ struct tcp_bbr_info bbr;
};
#endif /* _INET_DIAG_H_ */
diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h
new file mode 100644
index 0000000..883fd33
--- /dev/null
+++ b/include/uapi/linux/ip.h
@@ -0,0 +1,176 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * INET An implementation of the TCP/IP protocol suite for the LINUX
+ * operating system. INET is implemented using the BSD Socket
+ * interface as the means of communication with the user level.
+ *
+ * Definitions for the IP protocol.
+ *
+ * Version: @(#)ip.h 1.0.2 04/28/93
+ *
+ * Authors: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+#ifndef _LINUX_IP_H
+#define _LINUX_IP_H
+#include <linux/types.h>
+#include <asm/byteorder.h>
+
+#define IPTOS_TOS_MASK 0x1E
+#define IPTOS_TOS(tos) ((tos)&IPTOS_TOS_MASK)
+#define IPTOS_LOWDELAY 0x10
+#define IPTOS_THROUGHPUT 0x08
+#define IPTOS_RELIABILITY 0x04
+#define IPTOS_MINCOST 0x02
+
+#define IPTOS_PREC_MASK 0xE0
+#define IPTOS_PREC(tos) ((tos)&IPTOS_PREC_MASK)
+#define IPTOS_PREC_NETCONTROL 0xe0
+#define IPTOS_PREC_INTERNETCONTROL 0xc0
+#define IPTOS_PREC_CRITIC_ECP 0xa0
+#define IPTOS_PREC_FLASHOVERRIDE 0x80
+#define IPTOS_PREC_FLASH 0x60
+#define IPTOS_PREC_IMMEDIATE 0x40
+#define IPTOS_PREC_PRIORITY 0x20
+#define IPTOS_PREC_ROUTINE 0x00
+
+
+/* IP options */
+#define IPOPT_COPY 0x80
+#define IPOPT_CLASS_MASK 0x60
+#define IPOPT_NUMBER_MASK 0x1f
+
+#define IPOPT_COPIED(o) ((o)&IPOPT_COPY)
+#define IPOPT_CLASS(o) ((o)&IPOPT_CLASS_MASK)
+#define IPOPT_NUMBER(o) ((o)&IPOPT_NUMBER_MASK)
+
+#define IPOPT_CONTROL 0x00
+#define IPOPT_RESERVED1 0x20
+#define IPOPT_MEASUREMENT 0x40
+#define IPOPT_RESERVED2 0x60
+
+#define IPOPT_END (0 |IPOPT_CONTROL)
+#define IPOPT_NOOP (1 |IPOPT_CONTROL)
+#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
+#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_RR (7 |IPOPT_CONTROL)
+#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
+#define IPOPT_RA (20|IPOPT_CONTROL|IPOPT_COPY)
+
+#define IPVERSION 4
+#define MAXTTL 255
+#define IPDEFTTL 64
+
+#define IPOPT_OPTVAL 0
+#define IPOPT_OLEN 1
+#define IPOPT_OFFSET 2
+#define IPOPT_MINOFF 4
+#define MAX_IPOPTLEN 40
+#define IPOPT_NOP IPOPT_NOOP
+#define IPOPT_EOL IPOPT_END
+#define IPOPT_TS IPOPT_TIMESTAMP
+
+#define IPOPT_TS_TSONLY 0 /* timestamps only */
+#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
+#define IPOPT_TS_PRESPEC 3 /* specified modules only */
+
+#define IPV4_BEET_PHMAXLEN 8
+
+struct iphdr {
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+ __u8 ihl:4,
+ version:4;
+#elif defined (__BIG_ENDIAN_BITFIELD)
+ __u8 version:4,
+ ihl:4;
+#else
+#error "Please fix <asm/byteorder.h>"
+#endif
+ __u8 tos;
+ __be16 tot_len;
+ __be16 id;
+ __be16 frag_off;
+ __u8 ttl;
+ __u8 protocol;
+ __sum16 check;
+ __be32 saddr;
+ __be32 daddr;
+ /*The options start here. */
+};
+
+
+struct ip_auth_hdr {
+ __u8 nexthdr;
+ __u8 hdrlen; /* This one is measured in 32 bit units! */
+ __be16 reserved;
+ __be32 spi;
+ __be32 seq_no; /* Sequence number */
+ __u8 auth_data[0]; /* Variable len but >=4. Mind the 64 bit alignment! */
+};
+
+struct ip_esp_hdr {
+ __be32 spi;
+ __be32 seq_no; /* Sequence number */
+ __u8 enc_data[0]; /* Variable len but >=8. Mind the 64 bit alignment! */
+};
+
+struct ip_comp_hdr {
+ __u8 nexthdr;
+ __u8 flags;
+ __be16 cpi;
+};
+
+struct ip_beet_phdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 padlen;
+ __u8 reserved;
+};
+
+/* index values for the variables in ipv4_devconf */
+enum
+{
+ IPV4_DEVCONF_FORWARDING=1,
+ IPV4_DEVCONF_MC_FORWARDING,
+ IPV4_DEVCONF_PROXY_ARP,
+ IPV4_DEVCONF_ACCEPT_REDIRECTS,
+ IPV4_DEVCONF_SECURE_REDIRECTS,
+ IPV4_DEVCONF_SEND_REDIRECTS,
+ IPV4_DEVCONF_SHARED_MEDIA,
+ IPV4_DEVCONF_RP_FILTER,
+ IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE,
+ IPV4_DEVCONF_BOOTP_RELAY,
+ IPV4_DEVCONF_LOG_MARTIANS,
+ IPV4_DEVCONF_TAG,
+ IPV4_DEVCONF_ARPFILTER,
+ IPV4_DEVCONF_MEDIUM_ID,
+ IPV4_DEVCONF_NOXFRM,
+ IPV4_DEVCONF_NOPOLICY,
+ IPV4_DEVCONF_FORCE_IGMP_VERSION,
+ IPV4_DEVCONF_ARP_ANNOUNCE,
+ IPV4_DEVCONF_ARP_IGNORE,
+ IPV4_DEVCONF_PROMOTE_SECONDARIES,
+ IPV4_DEVCONF_ARP_ACCEPT,
+ IPV4_DEVCONF_ARP_NOTIFY,
+ IPV4_DEVCONF_ACCEPT_LOCAL,
+ IPV4_DEVCONF_SRC_VMARK,
+ IPV4_DEVCONF_PROXY_ARP_PVLAN,
+ IPV4_DEVCONF_ROUTE_LOCALNET,
+ IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL,
+ IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL,
+ IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN,
+ IPV4_DEVCONF_DROP_UNICAST_IN_L2_MULTICAST,
+ IPV4_DEVCONF_DROP_GRATUITOUS_ARP,
+ __IPV4_DEVCONF_MAX
+};
+
+#define IPV4_DEVCONF_MAX (__IPV4_DEVCONF_MAX - 1)
+
+#endif /* _LINUX_IP_H */
diff --git a/include/linux/ip6_tunnel.h b/include/uapi/linux/ip6_tunnel.h
similarity index 91%
rename from include/linux/ip6_tunnel.h
rename to include/uapi/linux/ip6_tunnel.h
index 48af63c..51f2930 100644
--- a/include/linux/ip6_tunnel.h
+++ b/include/uapi/linux/ip6_tunnel.h
@@ -1,7 +1,10 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _IP6_TUNNEL_H
#define _IP6_TUNNEL_H
#include <linux/types.h>
+#include <linux/if.h> /* For IFNAMSIZ. */
+#include <linux/in6.h> /* For struct in6_addr. */
#define IPV6_TLV_TNL_ENCAP_LIMIT 4
#define IPV6_DEFAULT_TNL_ENCAP_LIMIT 4
diff --git a/include/uapi/linux/ipsec.h b/include/uapi/linux/ipsec.h
new file mode 100644
index 0000000..50d8ee1
--- /dev/null
+++ b/include/uapi/linux/ipsec.h
@@ -0,0 +1,48 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_IPSEC_H
+#define _LINUX_IPSEC_H
+
+/* The definitions, required to talk to KAME racoon IKE. */
+
+#include <linux/pfkeyv2.h>
+
+#define IPSEC_PORT_ANY 0
+#define IPSEC_ULPROTO_ANY 255
+#define IPSEC_PROTO_ANY 255
+
+enum {
+ IPSEC_MODE_ANY = 0, /* We do not support this for SA */
+ IPSEC_MODE_TRANSPORT = 1,
+ IPSEC_MODE_TUNNEL = 2,
+ IPSEC_MODE_BEET = 3
+};
+
+enum {
+ IPSEC_DIR_ANY = 0,
+ IPSEC_DIR_INBOUND = 1,
+ IPSEC_DIR_OUTBOUND = 2,
+ IPSEC_DIR_FWD = 3, /* It is our own */
+ IPSEC_DIR_MAX = 4,
+ IPSEC_DIR_INVALID = 5
+};
+
+enum {
+ IPSEC_POLICY_DISCARD = 0,
+ IPSEC_POLICY_NONE = 1,
+ IPSEC_POLICY_IPSEC = 2,
+ IPSEC_POLICY_ENTRUST = 3,
+ IPSEC_POLICY_BYPASS = 4
+};
+
+enum {
+ IPSEC_LEVEL_DEFAULT = 0,
+ IPSEC_LEVEL_USE = 1,
+ IPSEC_LEVEL_REQUIRE = 2,
+ IPSEC_LEVEL_UNIQUE = 3
+};
+
+#define IPSEC_MANUAL_REQID_MAX 0x3fff
+
+#define IPSEC_REPLAYWSIZE 32
+
+#endif /* _LINUX_IPSEC_H */
diff --git a/include/uapi/linux/kernel.h b/include/uapi/linux/kernel.h
new file mode 100644
index 0000000..d99ffa1
--- /dev/null
+++ b/include/uapi/linux/kernel.h
@@ -0,0 +1,15 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_KERNEL_H
+#define _LINUX_KERNEL_H
+
+#include <linux/sysinfo.h>
+
+/*
+ * 'kernel.h' contains some often-used function prototypes etc
+ */
+#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
+#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
+
+#define __KERNEL_DIV_ROUND_UP(n, d) (((n) + (d) - 1) / (d))
+
+#endif /* _LINUX_KERNEL_H */
diff --git a/include/linux/l2tp.h b/include/uapi/linux/l2tp.h
similarity index 87%
rename from include/linux/l2tp.h
rename to include/uapi/linux/l2tp.h
index 5b0e36d..472e992 100644
--- a/include/linux/l2tp.h
+++ b/include/uapi/linux/l2tp.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* L2TP-over-IP socket for L2TPv3.
*
@@ -9,7 +10,8 @@
#include <linux/types.h>
#include <linux/socket.h>
-#include <netinet/in.h>
+#include <linux/in.h>
+#include <linux/in6.h>
#define IPPROTO_L2TP 115
@@ -29,7 +31,7 @@
__u32 l2tp_conn_id; /* Connection ID of tunnel */
/* Pad to size of `struct sockaddr'. */
- unsigned char __pad[sizeof(struct sockaddr) -
+ unsigned char __pad[__SOCK_SIZE__ -
sizeof(__kernel_sa_family_t) -
sizeof(__be16) - sizeof(struct in_addr) -
sizeof(__u32)];
@@ -106,7 +108,7 @@
L2TP_ATTR_VLAN_ID, /* u16 */
L2TP_ATTR_COOKIE, /* 0, 4 or 8 bytes */
L2TP_ATTR_PEER_COOKIE, /* 0, 4 or 8 bytes */
- L2TP_ATTR_DEBUG, /* u32 */
+ L2TP_ATTR_DEBUG, /* u32, enum l2tp_debug_flags */
L2TP_ATTR_RECV_SEQ, /* u8 */
L2TP_ATTR_SEND_SEQ, /* u8 */
L2TP_ATTR_LNS_MODE, /* u8 */
@@ -122,8 +124,9 @@
L2TP_ATTR_STATS, /* nested */
L2TP_ATTR_IP6_SADDR, /* struct in6_addr */
L2TP_ATTR_IP6_DADDR, /* struct in6_addr */
- L2TP_ATTR_UDP_ZERO_CSUM6_TX, /* u8 */
- L2TP_ATTR_UDP_ZERO_CSUM6_RX, /* u8 */
+ L2TP_ATTR_UDP_ZERO_CSUM6_TX, /* flag */
+ L2TP_ATTR_UDP_ZERO_CSUM6_RX, /* flag */
+ L2TP_ATTR_PAD,
__L2TP_ATTR_MAX,
};
@@ -140,6 +143,7 @@
L2TP_ATTR_RX_SEQ_DISCARDS, /* u64 */
L2TP_ATTR_RX_OOS_PACKETS, /* u64 */
L2TP_ATTR_RX_ERRORS, /* u64 */
+ L2TP_ATTR_STATS_PAD,
__L2TP_ATTR_STATS_MAX,
};
@@ -171,6 +175,21 @@
L2TP_SEQ_ALL = 2,
};
+/**
+ * enum l2tp_debug_flags - debug message categories for L2TP tunnels/sessions
+ *
+ * @L2TP_MSG_DEBUG: verbose debug (if compiled in)
+ * @L2TP_MSG_CONTROL: userspace - kernel interface
+ * @L2TP_MSG_SEQ: sequence numbers
+ * @L2TP_MSG_DATA: data packets
+ */
+enum l2tp_debug_flags {
+ L2TP_MSG_DEBUG = (1 << 0),
+ L2TP_MSG_CONTROL = (1 << 1),
+ L2TP_MSG_SEQ = (1 << 2),
+ L2TP_MSG_DATA = (1 << 3),
+};
+
/*
* NETLINK_GENERIC related info
*/
diff --git a/include/linux/libc-compat.h b/include/uapi/linux/libc-compat.h
similarity index 64%
rename from include/linux/libc-compat.h
rename to include/uapi/linux/libc-compat.h
index 9bed5b6..9ab3ace 100644
--- a/include/linux/libc-compat.h
+++ b/include/uapi/linux/libc-compat.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Compatibility interface for userspace libc header coordination:
*
@@ -51,6 +52,40 @@
/* We have included glibc headers... */
#if defined(__GLIBC__)
+/* Coordinate with glibc net/if.h header. */
+#if defined(_NET_IF_H) && defined(__USE_MISC)
+
+/* GLIBC headers included first so don't define anything
+ * that would already be defined. */
+
+#define __UAPI_DEF_IF_IFCONF 0
+#define __UAPI_DEF_IF_IFMAP 0
+#define __UAPI_DEF_IF_IFNAMSIZ 0
+#define __UAPI_DEF_IF_IFREQ 0
+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 0
+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
+#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
+#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
+
+#else /* _NET_IF_H */
+
+/* Linux headers included first, and we must define everything
+ * we need. The expectation is that glibc will check the
+ * __UAPI_DEF_* defines and adjust appropriately. */
+
+#define __UAPI_DEF_IF_IFCONF 1
+#define __UAPI_DEF_IF_IFMAP 1
+#define __UAPI_DEF_IF_IFNAMSIZ 1
+#define __UAPI_DEF_IF_IFREQ 1
+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
+
+#endif /* _NET_IF_H */
+
/* Coordinate with glibc netinet/in.h header. */
#if defined(_NETINET_IN_H)
@@ -105,6 +140,25 @@
#endif /* _NETINET_IN_H */
+/* Coordinate with glibc netipx/ipx.h header. */
+#if defined(__NETIPX_IPX_H)
+
+#define __UAPI_DEF_SOCKADDR_IPX 0
+#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0
+#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0
+#define __UAPI_DEF_IPX_CONFIG_DATA 0
+#define __UAPI_DEF_IPX_ROUTE_DEF 0
+
+#else /* defined(__NETIPX_IPX_H) */
+
+#define __UAPI_DEF_SOCKADDR_IPX 1
+#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
+#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
+#define __UAPI_DEF_IPX_CONFIG_DATA 1
+#define __UAPI_DEF_IPX_ROUTE_DEF 1
+
+#endif /* defined(__NETIPX_IPX_H) */
+
/* Definitions for xattr.h */
#if defined(_SYS_XATTR_H)
#define __UAPI_DEF_XATTR 0
@@ -117,6 +171,16 @@
* that we need. */
#else /* !defined(__GLIBC__) */
+/* Definitions for if.h */
+#define __UAPI_DEF_IF_IFCONF 1
+#define __UAPI_DEF_IF_IFMAP 1
+#define __UAPI_DEF_IF_IFNAMSIZ 1
+#define __UAPI_DEF_IF_IFREQ 1
+/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
+/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
+#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
+
/* Definitions for in.h */
#define __UAPI_DEF_IN_ADDR 1
#define __UAPI_DEF_IN_IPPROTO 1
@@ -135,6 +199,13 @@
#define __UAPI_DEF_IN6_PKTINFO 1
#define __UAPI_DEF_IP6_MTUINFO 1
+/* Definitions for ipx.h */
+#define __UAPI_DEF_SOCKADDR_IPX 1
+#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
+#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
+#define __UAPI_DEF_IPX_CONFIG_DATA 1
+#define __UAPI_DEF_IPX_ROUTE_DEF 1
+
/* Definitions for xattr.h */
#define __UAPI_DEF_XATTR 1
diff --git a/include/uapi/linux/limits.h b/include/uapi/linux/limits.h
new file mode 100644
index 0000000..c3547f0
--- /dev/null
+++ b/include/uapi/linux/limits.h
@@ -0,0 +1,21 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_LIMITS_H
+#define _LINUX_LIMITS_H
+
+#define NR_OPEN 1024
+
+#define NGROUPS_MAX 65536 /* supplemental group IDs are available */
+#define ARG_MAX 131072 /* # bytes of args + environ for exec() */
+#define LINK_MAX 127 /* # links a file may have */
+#define MAX_CANON 255 /* size of the canonical input queue */
+#define MAX_INPUT 255 /* size of the type-ahead buffer */
+#define NAME_MAX 255 /* # chars in a file name */
+#define PATH_MAX 4096 /* # chars in a path name including nul */
+#define PIPE_BUF 4096 /* # bytes in atomic write to a pipe */
+#define XATTR_NAME_MAX 255 /* # chars in an extended attribute name */
+#define XATTR_SIZE_MAX 65536 /* size of an extended attribute value (64k) */
+#define XATTR_LIST_MAX 65536 /* size of extended attribute namelist (64k) */
+
+#define RTSIG_MAX 32
+
+#endif
diff --git a/include/linux/lwtunnel.h b/include/uapi/linux/lwtunnel.h
similarity index 60%
rename from include/linux/lwtunnel.h
rename to include/uapi/linux/lwtunnel.h
index 1d2f4f6..3f3fe6f 100644
--- a/include/linux/lwtunnel.h
+++ b/include/uapi/linux/lwtunnel.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LWTUNNEL_H_
#define _LWTUNNEL_H_
@@ -9,6 +10,9 @@
LWTUNNEL_ENCAP_IP,
LWTUNNEL_ENCAP_ILA,
LWTUNNEL_ENCAP_IP6,
+ LWTUNNEL_ENCAP_SEG6,
+ LWTUNNEL_ENCAP_BPF,
+ LWTUNNEL_ENCAP_SEG6_LOCAL,
__LWTUNNEL_ENCAP_MAX,
};
@@ -22,6 +26,7 @@
LWTUNNEL_IP_TTL,
LWTUNNEL_IP_TOS,
LWTUNNEL_IP_FLAGS,
+ LWTUNNEL_IP_PAD,
__LWTUNNEL_IP_MAX,
};
@@ -35,9 +40,32 @@
LWTUNNEL_IP6_HOPLIMIT,
LWTUNNEL_IP6_TC,
LWTUNNEL_IP6_FLAGS,
+ LWTUNNEL_IP6_PAD,
__LWTUNNEL_IP6_MAX,
};
#define LWTUNNEL_IP6_MAX (__LWTUNNEL_IP6_MAX - 1)
+enum {
+ LWT_BPF_PROG_UNSPEC,
+ LWT_BPF_PROG_FD,
+ LWT_BPF_PROG_NAME,
+ __LWT_BPF_PROG_MAX,
+};
+
+#define LWT_BPF_PROG_MAX (__LWT_BPF_PROG_MAX - 1)
+
+enum {
+ LWT_BPF_UNSPEC,
+ LWT_BPF_IN,
+ LWT_BPF_OUT,
+ LWT_BPF_XMIT,
+ LWT_BPF_XMIT_HEADROOM,
+ __LWT_BPF_MAX,
+};
+
+#define LWT_BPF_MAX (__LWT_BPF_MAX - 1)
+
+#define LWT_BPF_MAX_HEADROOM 256
+
#endif /* _LWTUNNEL_H_ */
diff --git a/include/uapi/linux/magic.h b/include/uapi/linux/magic.h
new file mode 100644
index 0000000..aa50113
--- /dev/null
+++ b/include/uapi/linux/magic.h
@@ -0,0 +1,92 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef __LINUX_MAGIC_H__
+#define __LINUX_MAGIC_H__
+
+#define ADFS_SUPER_MAGIC 0xadf5
+#define AFFS_SUPER_MAGIC 0xadff
+#define AFS_SUPER_MAGIC 0x5346414F
+#define AUTOFS_SUPER_MAGIC 0x0187
+#define CODA_SUPER_MAGIC 0x73757245
+#define CRAMFS_MAGIC 0x28cd3d45 /* some random number */
+#define CRAMFS_MAGIC_WEND 0x453dcd28 /* magic number with the wrong endianess */
+#define DEBUGFS_MAGIC 0x64626720
+#define SECURITYFS_MAGIC 0x73636673
+#define SELINUX_MAGIC 0xf97cff8c
+#define SMACK_MAGIC 0x43415d53 /* "SMAC" */
+#define RAMFS_MAGIC 0x858458f6 /* some random number */
+#define TMPFS_MAGIC 0x01021994
+#define HUGETLBFS_MAGIC 0x958458f6 /* some random number */
+#define SQUASHFS_MAGIC 0x73717368
+#define ECRYPTFS_SUPER_MAGIC 0xf15f
+#define EFS_SUPER_MAGIC 0x414A53
+#define EXT2_SUPER_MAGIC 0xEF53
+#define EXT3_SUPER_MAGIC 0xEF53
+#define XENFS_SUPER_MAGIC 0xabba1974
+#define EXT4_SUPER_MAGIC 0xEF53
+#define BTRFS_SUPER_MAGIC 0x9123683E
+#define NILFS_SUPER_MAGIC 0x3434
+#define F2FS_SUPER_MAGIC 0xF2F52010
+#define HPFS_SUPER_MAGIC 0xf995e849
+#define ISOFS_SUPER_MAGIC 0x9660
+#define JFFS2_SUPER_MAGIC 0x72b6
+#define PSTOREFS_MAGIC 0x6165676C
+#define EFIVARFS_MAGIC 0xde5e81e4
+#define HOSTFS_SUPER_MAGIC 0x00c0ffee
+#define OVERLAYFS_SUPER_MAGIC 0x794c7630
+
+#define MINIX_SUPER_MAGIC 0x137F /* minix v1 fs, 14 char names */
+#define MINIX_SUPER_MAGIC2 0x138F /* minix v1 fs, 30 char names */
+#define MINIX2_SUPER_MAGIC 0x2468 /* minix v2 fs, 14 char names */
+#define MINIX2_SUPER_MAGIC2 0x2478 /* minix v2 fs, 30 char names */
+#define MINIX3_SUPER_MAGIC 0x4d5a /* minix v3 fs, 60 char names */
+
+#define MSDOS_SUPER_MAGIC 0x4d44 /* MD */
+#define NCP_SUPER_MAGIC 0x564c /* Guess, what 0x564c is :-) */
+#define NFS_SUPER_MAGIC 0x6969
+#define OCFS2_SUPER_MAGIC 0x7461636f
+#define OPENPROM_SUPER_MAGIC 0x9fa1
+#define QNX4_SUPER_MAGIC 0x002f /* qnx4 fs detection */
+#define QNX6_SUPER_MAGIC 0x68191122 /* qnx6 fs detection */
+
+#define REISERFS_SUPER_MAGIC 0x52654973 /* used by gcc */
+ /* used by file system utilities that
+ look at the superblock, etc. */
+#define REISERFS_SUPER_MAGIC_STRING "ReIsErFs"
+#define REISER2FS_SUPER_MAGIC_STRING "ReIsEr2Fs"
+#define REISER2FS_JR_SUPER_MAGIC_STRING "ReIsEr3Fs"
+
+#define SMB_SUPER_MAGIC 0x517B
+#define CGROUP_SUPER_MAGIC 0x27e0eb
+#define CGROUP2_SUPER_MAGIC 0x63677270
+
+#define RDTGROUP_SUPER_MAGIC 0x7655821
+
+#define STACK_END_MAGIC 0x57AC6E9D
+
+#define TRACEFS_MAGIC 0x74726163
+
+#define V9FS_MAGIC 0x01021997
+
+#define BDEVFS_MAGIC 0x62646576
+#define DAXFS_MAGIC 0x64646178
+#define BINFMTFS_MAGIC 0x42494e4d
+#define DEVPTS_SUPER_MAGIC 0x1cd1
+#define FUTEXFS_SUPER_MAGIC 0xBAD1DEA
+#define PIPEFS_MAGIC 0x50495045
+#define PROC_SUPER_MAGIC 0x9fa0
+#define SOCKFS_MAGIC 0x534F434B
+#define SYSFS_MAGIC 0x62656572
+#define USBDEVICE_SUPER_MAGIC 0x9fa2
+#define MTD_INODE_FS_MAGIC 0x11307854
+#define ANON_INODE_FS_MAGIC 0x09041934
+#define BTRFS_TEST_MAGIC 0x73727279
+#define NSFS_MAGIC 0x6e736673
+#define BPF_FS_MAGIC 0xcafe4a11
+#define AAFS_MAGIC 0x5a3c69f0
+
+/* Since UDF 2.01 is ISO 13346 based... */
+#define UDF_SUPER_MAGIC 0x15013346
+#define BALLOON_KVM_MAGIC 0x13661366
+#define ZSMALLOC_MAGIC 0x58295829
+
+#endif /* __LINUX_MAGIC_H__ */
diff --git a/include/linux/mpls.h b/include/uapi/linux/mpls.h
similarity index 61%
rename from include/linux/mpls.h
rename to include/uapi/linux/mpls.h
index a14b54b..9effbf9 100644
--- a/include/linux/mpls.h
+++ b/include/uapi/linux/mpls.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _MPLS_H
#define _MPLS_H
@@ -43,4 +44,34 @@
#define MPLS_LABEL_FIRST_UNRESERVED 16 /* RFC3032 */
+/* These are embedded into IFLA_STATS_AF_SPEC:
+ * [IFLA_STATS_AF_SPEC]
+ * -> [AF_MPLS]
+ * -> [MPLS_STATS_xxx]
+ *
+ * Attributes:
+ * [MPLS_STATS_LINK] = {
+ * struct mpls_link_stats
+ * }
+ */
+enum {
+ MPLS_STATS_UNSPEC, /* also used as 64bit pad attribute */
+ MPLS_STATS_LINK,
+ __MPLS_STATS_MAX,
+};
+
+#define MPLS_STATS_MAX (__MPLS_STATS_MAX - 1)
+
+struct mpls_link_stats {
+ __u64 rx_packets; /* total packets received */
+ __u64 tx_packets; /* total packets transmitted */
+ __u64 rx_bytes; /* total bytes received */
+ __u64 tx_bytes; /* total bytes transmitted */
+ __u64 rx_errors; /* bad packets received */
+ __u64 tx_errors; /* packet transmit problems */
+ __u64 rx_dropped; /* packet dropped on receive */
+ __u64 tx_dropped; /* packet dropped on transmit */
+ __u64 rx_noroute; /* no route for packet dest */
+};
+
#endif /* _MPLS_H */
diff --git a/include/linux/mpls_iptunnel.h b/include/uapi/linux/mpls_iptunnel.h
similarity index 85%
rename from include/linux/mpls_iptunnel.h
rename to include/uapi/linux/mpls_iptunnel.h
index 4132c3c..2c69b7d 100644
--- a/include/linux/mpls_iptunnel.h
+++ b/include/uapi/linux/mpls_iptunnel.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* mpls tunnel api
*
@@ -16,11 +17,13 @@
/* MPLS tunnel attributes
* [RTA_ENCAP] = {
* [MPLS_IPTUNNEL_DST]
+ * [MPLS_IPTUNNEL_TTL]
* }
*/
enum {
MPLS_IPTUNNEL_UNSPEC,
MPLS_IPTUNNEL_DST,
+ MPLS_IPTUNNEL_TTL,
__MPLS_IPTUNNEL_MAX,
};
#define MPLS_IPTUNNEL_MAX (__MPLS_IPTUNNEL_MAX - 1)
diff --git a/include/linux/neighbour.h b/include/uapi/linux/neighbour.h
similarity index 96%
rename from include/linux/neighbour.h
rename to include/uapi/linux/neighbour.h
index 788655b..904db61 100644
--- a/include/linux/neighbour.h
+++ b/include/uapi/linux/neighbour.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NEIGHBOUR_H
#define __LINUX_NEIGHBOUR_H
@@ -26,6 +27,7 @@
NDA_IFINDEX,
NDA_MASTER,
NDA_LINK_NETNSID,
+ NDA_SRC_VNI,
__NDA_MAX
};
@@ -40,6 +42,7 @@
#define NTF_MASTER 0x04
#define NTF_PROXY 0x08 /* == ATF_PUBL */
#define NTF_EXT_LEARNED 0x10
+#define NTF_OFFLOADED 0x20
#define NTF_ROUTER 0x80
/*
@@ -128,6 +131,7 @@
NDTPA_LOCKTIME, /* u64, msecs */
NDTPA_QUEUE_LENBYTES, /* u32 */
NDTPA_MCAST_REPROBES, /* u32 */
+ NDTPA_PAD,
__NDTPA_MAX
};
#define NDTPA_MAX (__NDTPA_MAX - 1)
@@ -160,6 +164,7 @@
NDTA_PARMS, /* nested TLV NDTPA_* */
NDTA_STATS, /* struct ndt_stats, read-only */
NDTA_GC_INTERVAL, /* u64, msecs */
+ NDTA_PAD,
__NDTA_MAX
};
#define NDTA_MAX (__NDTA_MAX - 1)
diff --git a/include/linux/net_namespace.h b/include/uapi/linux/net_namespace.h
similarity index 90%
rename from include/linux/net_namespace.h
rename to include/uapi/linux/net_namespace.h
index 9a92b7e..6d64d07 100644
--- a/include/linux/net_namespace.h
+++ b/include/uapi/linux/net_namespace.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* Copyright (c) 2015 6WIND S.A.
* Author: Nicolas Dichtel <nicolas.dichtel@6wind.com>
*
diff --git a/include/linux/netconf.h b/include/uapi/linux/netconf.h
similarity index 82%
rename from include/linux/netconf.h
rename to include/uapi/linux/netconf.h
index 7210fe4..86ac1eb 100644
--- a/include/linux/netconf.h
+++ b/include/uapi/linux/netconf.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_NETCONF_H_
#define _LINUX_NETCONF_H_
@@ -16,9 +17,11 @@
NETCONFA_MC_FORWARDING,
NETCONFA_PROXY_NEIGH,
NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
+ NETCONFA_INPUT,
__NETCONFA_MAX
};
#define NETCONFA_MAX (__NETCONFA_MAX - 1)
+#define NETCONFA_ALL -1
#define NETCONFA_IFINDEX_ALL -1
#define NETCONFA_IFINDEX_DEFAULT -2
diff --git a/include/linux/netdevice.h b/include/uapi/linux/netdevice.h
similarity index 96%
rename from include/linux/netdevice.h
rename to include/uapi/linux/netdevice.h
index 66fceb4..86d961c 100644
--- a/include/linux/netdevice.h
+++ b/include/uapi/linux/netdevice.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
diff --git a/include/linux/netfilter.h b/include/uapi/linux/netfilter.h
similarity index 92%
rename from include/linux/netfilter.h
rename to include/uapi/linux/netfilter.h
index b71b4c9..36378a0 100644
--- a/include/linux/netfilter.h
+++ b/include/uapi/linux/netfilter.h
@@ -1,9 +1,9 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NETFILTER_H
#define __LINUX_NETFILTER_H
#include <linux/types.h>
-#include <linux/sysctl.h>
#include <linux/in.h>
#include <linux/in6.h>
@@ -13,7 +13,7 @@
#define NF_STOLEN 2
#define NF_QUEUE 3
#define NF_REPEAT 4
-#define NF_STOP 5
+#define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */
#define NF_MAX_VERDICT NF_STOP
/* we overload the higher bits for encoding auxiliary data such as the queue
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h
new file mode 100644
index 0000000..13eeada
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,305 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
+ * Martin Josefsson <gandalf@wlug.westbo.se>
+ * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef _IP_SET_H
+#define _IP_SET_H
+
+#include <linux/types.h>
+
+/* The protocol version */
+#define IPSET_PROTOCOL 6
+
+/* The max length of strings including NUL: set and type identifiers */
+#define IPSET_MAXNAMELEN 32
+
+/* The maximum permissible comment length we will accept over netlink */
+#define IPSET_MAX_COMMENT_SIZE 255
+
+/* Message types and commands */
+enum ipset_cmd {
+ IPSET_CMD_NONE,
+ IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
+ IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
+ IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
+ IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
+ IPSET_CMD_RENAME, /* 5: Rename a set */
+ IPSET_CMD_SWAP, /* 6: Swap two sets */
+ IPSET_CMD_LIST, /* 7: List sets */
+ IPSET_CMD_SAVE, /* 8: Save sets */
+ IPSET_CMD_ADD, /* 9: Add an element to a set */
+ IPSET_CMD_DEL, /* 10: Delete an element from a set */
+ IPSET_CMD_TEST, /* 11: Test an element in a set */
+ IPSET_CMD_HEADER, /* 12: Get set header data only */
+ IPSET_CMD_TYPE, /* 13: Get set type */
+ IPSET_MSG_MAX, /* Netlink message commands */
+
+ /* Commands in userspace: */
+ IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
+ IPSET_CMD_HELP, /* 15: Get help */
+ IPSET_CMD_VERSION, /* 16: Get program version */
+ IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
+
+ IPSET_CMD_MAX,
+
+ IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
+};
+
+/* Attributes at command level */
+enum {
+ IPSET_ATTR_UNSPEC,
+ IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
+ IPSET_ATTR_SETNAME, /* 2: Name of the set */
+ IPSET_ATTR_TYPENAME, /* 3: Typename */
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
+ IPSET_ATTR_REVISION, /* 4: Settype revision */
+ IPSET_ATTR_FAMILY, /* 5: Settype family */
+ IPSET_ATTR_FLAGS, /* 6: Flags at command level */
+ IPSET_ATTR_DATA, /* 7: Nested attributes */
+ IPSET_ATTR_ADT, /* 8: Multiple data containers */
+ IPSET_ATTR_LINENO, /* 9: Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+ __IPSET_ATTR_CMD_MAX,
+};
+#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
+
+/* CADT specific attributes */
+enum {
+ IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
+ IPSET_ATTR_IP_TO, /* 2 */
+ IPSET_ATTR_CIDR, /* 3 */
+ IPSET_ATTR_PORT, /* 4 */
+ IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
+ IPSET_ATTR_PORT_TO, /* 5 */
+ IPSET_ATTR_TIMEOUT, /* 6 */
+ IPSET_ATTR_PROTO, /* 7 */
+ IPSET_ATTR_CADT_FLAGS, /* 8 */
+ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
+ IPSET_ATTR_MARK, /* 10 */
+ IPSET_ATTR_MARKMASK, /* 11 */
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16,
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC,
+ IPSET_ATTR_HASHSIZE,
+ IPSET_ATTR_MAXELEM,
+ IPSET_ATTR_NETMASK,
+ IPSET_ATTR_PROBES,
+ IPSET_ATTR_RESIZE,
+ IPSET_ATTR_SIZE,
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS,
+ IPSET_ATTR_REFERENCES,
+ IPSET_ATTR_MEMSIZE,
+
+ __IPSET_ATTR_CREATE_MAX,
+};
+#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
+
+/* ADT specific attributes */
+enum {
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
+ IPSET_ATTR_NAME,
+ IPSET_ATTR_NAMEREF,
+ IPSET_ATTR_IP2,
+ IPSET_ATTR_CIDR2,
+ IPSET_ATTR_IP2_TO,
+ IPSET_ATTR_IFACE,
+ IPSET_ATTR_BYTES,
+ IPSET_ATTR_PACKETS,
+ IPSET_ATTR_COMMENT,
+ IPSET_ATTR_SKBMARK,
+ IPSET_ATTR_SKBPRIO,
+ IPSET_ATTR_SKBQUEUE,
+ IPSET_ATTR_PAD,
+ __IPSET_ATTR_ADT_MAX,
+};
+#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
+
+/* IP specific attributes */
+enum {
+ IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IPADDR_IPV6,
+ __IPSET_ATTR_IPADDR_MAX,
+};
+#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
+
+/* Error codes */
+enum ipset_errno {
+ IPSET_ERR_PRIVATE = 4096,
+ IPSET_ERR_PROTOCOL,
+ IPSET_ERR_FIND_TYPE,
+ IPSET_ERR_MAX_SETS,
+ IPSET_ERR_BUSY,
+ IPSET_ERR_EXIST_SETNAME2,
+ IPSET_ERR_TYPE_MISMATCH,
+ IPSET_ERR_EXIST,
+ IPSET_ERR_INVALID_CIDR,
+ IPSET_ERR_INVALID_NETMASK,
+ IPSET_ERR_INVALID_FAMILY,
+ IPSET_ERR_TIMEOUT,
+ IPSET_ERR_REFERENCED,
+ IPSET_ERR_IPADDR_IPV4,
+ IPSET_ERR_IPADDR_IPV6,
+ IPSET_ERR_COUNTER,
+ IPSET_ERR_COMMENT,
+ IPSET_ERR_INVALID_MARKMASK,
+ IPSET_ERR_SKBINFO,
+
+ /* Type specific error codes */
+ IPSET_ERR_TYPE_SPECIFIC = 4352,
+};
+
+/* Flags at command level or match/target flags, lower half of cmdattrs*/
+enum ipset_cmd_flags {
+ IPSET_FLAG_BIT_EXIST = 0,
+ IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
+ IPSET_FLAG_BIT_LIST_SETNAME = 1,
+ IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
+ IPSET_FLAG_BIT_LIST_HEADER = 2,
+ IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
+ IPSET_FLAG_BIT_SKIP_COUNTER_UPDATE = 3,
+ IPSET_FLAG_SKIP_COUNTER_UPDATE =
+ (1 << IPSET_FLAG_BIT_SKIP_COUNTER_UPDATE),
+ IPSET_FLAG_BIT_SKIP_SUBCOUNTER_UPDATE = 4,
+ IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE =
+ (1 << IPSET_FLAG_BIT_SKIP_SUBCOUNTER_UPDATE),
+ IPSET_FLAG_BIT_MATCH_COUNTERS = 5,
+ IPSET_FLAG_MATCH_COUNTERS = (1 << IPSET_FLAG_BIT_MATCH_COUNTERS),
+ IPSET_FLAG_BIT_RETURN_NOMATCH = 7,
+ IPSET_FLAG_RETURN_NOMATCH = (1 << IPSET_FLAG_BIT_RETURN_NOMATCH),
+ IPSET_FLAG_BIT_MAP_SKBMARK = 8,
+ IPSET_FLAG_MAP_SKBMARK = (1 << IPSET_FLAG_BIT_MAP_SKBMARK),
+ IPSET_FLAG_BIT_MAP_SKBPRIO = 9,
+ IPSET_FLAG_MAP_SKBPRIO = (1 << IPSET_FLAG_BIT_MAP_SKBPRIO),
+ IPSET_FLAG_BIT_MAP_SKBQUEUE = 10,
+ IPSET_FLAG_MAP_SKBQUEUE = (1 << IPSET_FLAG_BIT_MAP_SKBQUEUE),
+ IPSET_FLAG_CMD_MAX = 15,
+};
+
+/* Flags at CADT attribute level, upper half of cmdattrs */
+enum ipset_cadt_flags {
+ IPSET_FLAG_BIT_BEFORE = 0,
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
+ IPSET_FLAG_BIT_PHYSDEV = 1,
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
+ IPSET_FLAG_BIT_NOMATCH = 2,
+ IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
+ IPSET_FLAG_BIT_WITH_COUNTERS = 3,
+ IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS),
+ IPSET_FLAG_BIT_WITH_COMMENT = 4,
+ IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT),
+ IPSET_FLAG_BIT_WITH_FORCEADD = 5,
+ IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD),
+ IPSET_FLAG_BIT_WITH_SKBINFO = 6,
+ IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO),
+ IPSET_FLAG_CADT_MAX = 15,
+};
+
+/* The flag bits which correspond to the non-extension create flags */
+enum ipset_create_flags {
+ IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
+ IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
+ IPSET_CREATE_FLAG_BIT_MAX = 7,
+};
+
+/* Commands with settype-specific attributes */
+enum ipset_adt {
+ IPSET_ADD,
+ IPSET_DEL,
+ IPSET_TEST,
+ IPSET_ADT_MAX,
+ IPSET_CREATE = IPSET_ADT_MAX,
+ IPSET_CADT_MAX,
+};
+
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+
+#define IPSET_INVALID_ID 65535
+
+enum ip_set_dim {
+ IPSET_DIM_ZERO = 0,
+ IPSET_DIM_ONE,
+ IPSET_DIM_TWO,
+ IPSET_DIM_THREE,
+ /* Max dimension in elements.
+ * If changed, new revision of iptables match/target is required.
+ */
+ IPSET_DIM_MAX = 6,
+ /* Backward compatibility: set match revision 2 */
+ IPSET_BIT_RETURN_NOMATCH = 7,
+};
+
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+ IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+ IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+ IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+ IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+ IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
+};
+
+enum {
+ IPSET_COUNTER_NONE = 0,
+ IPSET_COUNTER_EQ,
+ IPSET_COUNTER_NE,
+ IPSET_COUNTER_LT,
+ IPSET_COUNTER_GT,
+};
+
+/* Backward compatibility for set match v3 */
+struct ip_set_counter_match0 {
+ __u8 op;
+ __u64 value;
+};
+
+struct ip_set_counter_match {
+ __aligned_u64 value;
+ __u8 op;
+};
+
+/* Interface to iptables/ip6tables */
+
+#define SO_IP_SET 83
+
+union ip_set_name_index {
+ char name[IPSET_MAXNAMELEN];
+ ip_set_id_t index;
+};
+
+#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
+struct ip_set_req_get_set {
+ unsigned int op;
+ unsigned int version;
+ union ip_set_name_index set;
+};
+
+#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
+/* Uses ip_set_req_get_set */
+
+#define IP_SET_OP_GET_FNAME 0x00000008 /* Get set index and family */
+struct ip_set_req_get_set_family {
+ unsigned int op;
+ unsigned int version;
+ unsigned int family;
+ union ip_set_name_index set;
+};
+
+#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
+struct ip_set_req_version {
+ unsigned int op;
+ unsigned int version;
+};
+
+#endif /* _IP_SET_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/uapi/linux/netfilter/x_tables.h
similarity index 98%
rename from include/linux/netfilter/x_tables.h
rename to include/uapi/linux/netfilter/x_tables.h
index 4120970..ae2fd12 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/uapi/linux/netfilter/x_tables.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _X_TABLES_H
#define _X_TABLES_H
#include <linux/kernel.h>
diff --git a/include/uapi/linux/netfilter/xt_set.h b/include/uapi/linux/netfilter/xt_set.h
new file mode 100644
index 0000000..8c1ca66
--- /dev/null
+++ b/include/uapi/linux/netfilter/xt_set.h
@@ -0,0 +1,94 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _XT_SET_H
+#define _XT_SET_H
+
+#include <linux/types.h>
+#include <linux/netfilter/ipset/ip_set.h>
+
+/* Revision 0 interface: backward compatible with netfilter/iptables */
+
+/*
+ * Option flags for kernel operations (xt_set_info_v0)
+ */
+#define IPSET_SRC 0x01 /* Source match/add */
+#define IPSET_DST 0x02 /* Destination match/add */
+#define IPSET_MATCH_INV 0x04 /* Inverse matching */
+
+struct xt_set_info_v0 {
+ ip_set_id_t index;
+ union {
+ __u32 flags[IPSET_DIM_MAX + 1];
+ struct {
+ __u32 __flags[IPSET_DIM_MAX];
+ __u8 dim;
+ __u8 flags;
+ } compat;
+ } u;
+};
+
+/* match and target infos */
+struct xt_set_info_match_v0 {
+ struct xt_set_info_v0 match_set;
+};
+
+struct xt_set_info_target_v0 {
+ struct xt_set_info_v0 add_set;
+ struct xt_set_info_v0 del_set;
+};
+
+/* Revision 1 match and target */
+
+struct xt_set_info {
+ ip_set_id_t index;
+ __u8 dim;
+ __u8 flags;
+};
+
+/* match and target infos */
+struct xt_set_info_match_v1 {
+ struct xt_set_info match_set;
+};
+
+struct xt_set_info_target_v1 {
+ struct xt_set_info add_set;
+ struct xt_set_info del_set;
+};
+
+/* Revision 2 target */
+
+struct xt_set_info_target_v2 {
+ struct xt_set_info add_set;
+ struct xt_set_info del_set;
+ __u32 flags;
+ __u32 timeout;
+};
+
+/* Revision 3 match */
+
+struct xt_set_info_match_v3 {
+ struct xt_set_info match_set;
+ struct ip_set_counter_match0 packets;
+ struct ip_set_counter_match0 bytes;
+ __u32 flags;
+};
+
+/* Revision 3 target */
+
+struct xt_set_info_target_v3 {
+ struct xt_set_info add_set;
+ struct xt_set_info del_set;
+ struct xt_set_info map_set;
+ __u32 flags;
+ __u32 timeout;
+};
+
+/* Revision 4 match */
+
+struct xt_set_info_match_v4 {
+ struct xt_set_info match_set;
+ struct ip_set_counter_match packets;
+ struct ip_set_counter_match bytes;
+ __u32 flags;
+};
+
+#endif /*_XT_SET_H*/
diff --git a/include/linux/netfilter/xt_tcpudp.h b/include/uapi/linux/netfilter/xt_tcpudp.h
similarity index 94%
rename from include/linux/netfilter/xt_tcpudp.h
rename to include/uapi/linux/netfilter/xt_tcpudp.h
index 38aa7b3..658c169 100644
--- a/include/linux/netfilter/xt_tcpudp.h
+++ b/include/uapi/linux/netfilter/xt_tcpudp.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _XT_TCPUDP_H
#define _XT_TCPUDP_H
diff --git a/include/linux/netfilter_ipv4.h b/include/uapi/linux/netfilter_ipv4.h
similarity index 96%
rename from include/linux/netfilter_ipv4.h
rename to include/uapi/linux/netfilter_ipv4.h
index a5f4dc7..27ca143 100644
--- a/include/linux/netfilter_ipv4.h
+++ b/include/uapi/linux/netfilter_ipv4.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* IPv4-specific defines for netfilter.
* (C)1998 Rusty Russell -- This code is GPL.
*/
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/uapi/linux/netfilter_ipv4/ip_tables.h
similarity index 98%
rename from include/linux/netfilter_ipv4/ip_tables.h
rename to include/uapi/linux/netfilter_ipv4/ip_tables.h
index 38542b4..409cff7 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/uapi/linux/netfilter_ipv4/ip_tables.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* 25-Jul-1998 Major changes to allow for ip chain table
*
@@ -17,6 +18,7 @@
#include <linux/types.h>
+#include <linux/if.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter/x_tables.h>
diff --git a/include/uapi/linux/netfilter_ipv6.h b/include/uapi/linux/netfilter_ipv6.h
new file mode 100644
index 0000000..35f33d1
--- /dev/null
+++ b/include/uapi/linux/netfilter_ipv6.h
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* IPv6-specific defines for netfilter.
+ * (C)1998 Rusty Russell -- This code is GPL.
+ * (C)1999 David Jeffery
+ * this header was blatantly ripped from netfilter_ipv4.h
+ * it's amazing what adding a bunch of 6s can do =8^)
+ */
+#ifndef __LINUX_IP6_NETFILTER_H
+#define __LINUX_IP6_NETFILTER_H
+
+
+#include <linux/netfilter.h>
+
+/* only for userspace compatibility */
+
+#include <limits.h> /* for INT_MIN, INT_MAX */
+
+/* IP Cache bits. */
+/* Src IP address. */
+#define NFC_IP6_SRC 0x0001
+/* Dest IP address. */
+#define NFC_IP6_DST 0x0002
+/* Input device. */
+#define NFC_IP6_IF_IN 0x0004
+/* Output device. */
+#define NFC_IP6_IF_OUT 0x0008
+/* TOS. */
+#define NFC_IP6_TOS 0x0010
+/* Protocol. */
+#define NFC_IP6_PROTO 0x0020
+/* IP options. */
+#define NFC_IP6_OPTIONS 0x0040
+/* Frag & flags. */
+#define NFC_IP6_FRAG 0x0080
+
+
+/* Per-protocol information: only matters if proto match. */
+/* TCP flags. */
+#define NFC_IP6_TCPFLAGS 0x0100
+/* Source port. */
+#define NFC_IP6_SRC_PT 0x0200
+/* Dest port. */
+#define NFC_IP6_DST_PT 0x0400
+/* Something else about the proto */
+#define NFC_IP6_PROTO_UNKNOWN 0x2000
+
+/* IP6 Hooks */
+/* After promisc drops, checksum checks. */
+#define NF_IP6_PRE_ROUTING 0
+/* If the packet is destined for this box. */
+#define NF_IP6_LOCAL_IN 1
+/* If the packet is destined for another interface. */
+#define NF_IP6_FORWARD 2
+/* Packets coming from a local process. */
+#define NF_IP6_LOCAL_OUT 3
+/* Packets about to hit the wire. */
+#define NF_IP6_POST_ROUTING 4
+#define NF_IP6_NUMHOOKS 5
+
+
+enum nf_ip6_hook_priorities {
+ NF_IP6_PRI_FIRST = INT_MIN,
+ NF_IP6_PRI_CONNTRACK_DEFRAG = -400,
+ NF_IP6_PRI_RAW = -300,
+ NF_IP6_PRI_SELINUX_FIRST = -225,
+ NF_IP6_PRI_CONNTRACK = -200,
+ NF_IP6_PRI_MANGLE = -150,
+ NF_IP6_PRI_NAT_DST = -100,
+ NF_IP6_PRI_FILTER = 0,
+ NF_IP6_PRI_SECURITY = 50,
+ NF_IP6_PRI_NAT_SRC = 100,
+ NF_IP6_PRI_SELINUX_LAST = 225,
+ NF_IP6_PRI_CONNTRACK_HELPER = 300,
+ NF_IP6_PRI_LAST = INT_MAX,
+};
+
+
+#endif /* __LINUX_IP6_NETFILTER_H */
diff --git a/include/uapi/linux/netfilter_ipv6/ip6_tables.h b/include/uapi/linux/netfilter_ipv6/ip6_tables.h
new file mode 100644
index 0000000..7ae314b
--- /dev/null
+++ b/include/uapi/linux/netfilter_ipv6/ip6_tables.h
@@ -0,0 +1,270 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * 25-Jul-1998 Major changes to allow for ip chain table
+ *
+ * 3-Jan-2000 Named tables to allow packet selection for different uses.
+ */
+
+/*
+ * Format of an IP6 firewall descriptor
+ *
+ * src, dst, src_mask, dst_mask are always stored in network byte order.
+ * flags are stored in host byte order (of course).
+ * Port numbers are stored in HOST byte order.
+ */
+
+#ifndef _IP6_TABLES_H
+#define _IP6_TABLES_H
+
+#include <linux/types.h>
+
+#include <linux/if.h>
+#include <linux/netfilter_ipv6.h>
+
+#include <linux/netfilter/x_tables.h>
+
+#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
+#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
+#define ip6t_match xt_match
+#define ip6t_target xt_target
+#define ip6t_table xt_table
+#define ip6t_get_revision xt_get_revision
+#define ip6t_entry_match xt_entry_match
+#define ip6t_entry_target xt_entry_target
+#define ip6t_standard_target xt_standard_target
+#define ip6t_error_target xt_error_target
+#define ip6t_counters xt_counters
+#define IP6T_CONTINUE XT_CONTINUE
+#define IP6T_RETURN XT_RETURN
+
+/* Pre-iptables-1.4.0 */
+#include <linux/netfilter/xt_tcpudp.h>
+#define ip6t_tcp xt_tcp
+#define ip6t_udp xt_udp
+#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT
+#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT
+#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS
+#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION
+#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK
+#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT
+#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT
+#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK
+
+#define ip6t_counters_info xt_counters_info
+#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET
+#define IP6T_ERROR_TARGET XT_ERROR_TARGET
+#define IP6T_MATCH_ITERATE(e, fn, args...) \
+ XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args)
+#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \
+ XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args)
+
+/* Yes, Virginia, you have to zero the padding. */
+struct ip6t_ip6 {
+ /* Source and destination IP6 addr */
+ struct in6_addr src, dst;
+ /* Mask for src and dest IP6 addr */
+ struct in6_addr smsk, dmsk;
+ char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
+ unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
+
+ /* Upper protocol number
+ * - The allowed value is 0 (any) or protocol number of last parsable
+ * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or
+ * the non IPv6 extension headers.
+ * - The protocol numbers of IPv6 extension headers except of ESP and
+ * MH do not match any packets.
+ * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol.
+ */
+ __u16 proto;
+ /* TOS to match iff flags & IP6T_F_TOS */
+ __u8 tos;
+
+ /* Flags word */
+ __u8 flags;
+ /* Inverse flags */
+ __u8 invflags;
+};
+
+/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */
+#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
+ protocols */
+#define IP6T_F_TOS 0x02 /* Match the TOS. */
+#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */
+#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */
+
+/* Values for "inv" field in struct ip6t_ip6. */
+#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
+#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */
+#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */
+#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */
+#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */
+#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */
+#define IP6T_INV_PROTO XT_INV_PROTO
+#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */
+
+/* This structure defines each of the firewall rules. Consists of 3
+ parts which are 1) general IP header stuff 2) match specific
+ stuff 3) the target to perform if the rule matches */
+struct ip6t_entry {
+ struct ip6t_ip6 ipv6;
+
+ /* Mark with fields that we care about. */
+ unsigned int nfcache;
+
+ /* Size of ipt_entry + matches */
+ __u16 target_offset;
+ /* Size of ipt_entry + matches + target */
+ __u16 next_offset;
+
+ /* Back pointer */
+ unsigned int comefrom;
+
+ /* Packet and byte counters. */
+ struct xt_counters counters;
+
+ /* The matches (if any), then the target. */
+ unsigned char elems[0];
+};
+
+/* Standard entry */
+struct ip6t_standard {
+ struct ip6t_entry entry;
+ struct xt_standard_target target;
+};
+
+struct ip6t_error {
+ struct ip6t_entry entry;
+ struct xt_error_target target;
+};
+
+#define IP6T_ENTRY_INIT(__size) \
+{ \
+ .target_offset = sizeof(struct ip6t_entry), \
+ .next_offset = (__size), \
+}
+
+#define IP6T_STANDARD_INIT(__verdict) \
+{ \
+ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \
+ .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \
+ sizeof(struct xt_standard_target)), \
+ .target.verdict = -(__verdict) - 1, \
+}
+
+#define IP6T_ERROR_INIT \
+{ \
+ .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \
+ .target = XT_TARGET_INIT(XT_ERROR_TARGET, \
+ sizeof(struct xt_error_target)), \
+ .target.errorname = "ERROR", \
+}
+
+/*
+ * New IP firewall options for [gs]etsockopt at the RAW IP level.
+ * Unlike BSD Linux inherits IP options so you don't have to use
+ * a raw socket for this. Instead we check rights in the calls.
+ *
+ * ATTENTION: check linux/in6.h before adding new number here.
+ */
+#define IP6T_BASE_CTL 64
+
+#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL)
+#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1)
+#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS
+
+#define IP6T_SO_GET_INFO (IP6T_BASE_CTL)
+#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1)
+#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4)
+#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5)
+#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET
+
+/* obtain original address if REDIRECT'd connection */
+#define IP6T_SO_ORIGINAL_DST 80
+
+/* ICMP matching stuff */
+struct ip6t_icmp {
+ __u8 type; /* type to match */
+ __u8 code[2]; /* range of code */
+ __u8 invflags; /* Inverse flags */
+};
+
+/* Values for "inv" field for struct ipt_icmp. */
+#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */
+
+/* The argument to IP6T_SO_GET_INFO */
+struct ip6t_getinfo {
+ /* Which table: caller fills this in. */
+ char name[XT_TABLE_MAXNAMELEN];
+
+ /* Kernel fills these in. */
+ /* Which hook entry points are valid: bitmask */
+ unsigned int valid_hooks;
+
+ /* Hook entry points: one per netfilter hook. */
+ unsigned int hook_entry[NF_INET_NUMHOOKS];
+
+ /* Underflow points. */
+ unsigned int underflow[NF_INET_NUMHOOKS];
+
+ /* Number of entries */
+ unsigned int num_entries;
+
+ /* Size of entries. */
+ unsigned int size;
+};
+
+/* The argument to IP6T_SO_SET_REPLACE. */
+struct ip6t_replace {
+ /* Which table. */
+ char name[XT_TABLE_MAXNAMELEN];
+
+ /* Which hook entry points are valid: bitmask. You can't
+ change this. */
+ unsigned int valid_hooks;
+
+ /* Number of entries */
+ unsigned int num_entries;
+
+ /* Total size of new entries */
+ unsigned int size;
+
+ /* Hook entry points. */
+ unsigned int hook_entry[NF_INET_NUMHOOKS];
+
+ /* Underflow points. */
+ unsigned int underflow[NF_INET_NUMHOOKS];
+
+ /* Information about old entries: */
+ /* Number of counters (must be equal to current number of entries). */
+ unsigned int num_counters;
+ /* The old entries' counters. */
+ struct xt_counters *counters;
+
+ /* The entries (hang off end: not really an array). */
+ struct ip6t_entry entries[0];
+};
+
+/* The argument to IP6T_SO_GET_ENTRIES. */
+struct ip6t_get_entries {
+ /* Which table: user fills this in. */
+ char name[XT_TABLE_MAXNAMELEN];
+
+ /* User fills this in: total entry size. */
+ unsigned int size;
+
+ /* The entries. */
+ struct ip6t_entry entrytable[0];
+};
+
+/* Helper functions */
+static __inline__ struct xt_entry_target *
+ip6t_get_target(struct ip6t_entry *e)
+{
+ return (void *)e + e->target_offset;
+}
+
+/*
+ * Main firewall chains definitions and global var's definitions.
+ */
+
+#endif /* _IP6_TABLES_H */
diff --git a/include/linux/netlink.h b/include/uapi/linux/netlink.h
similarity index 71%
rename from include/linux/netlink.h
rename to include/uapi/linux/netlink.h
index 8a7ca5c..0b2c29b 100644
--- a/include/linux/netlink.h
+++ b/include/uapi/linux/netlink.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NETLINK_H
#define __LINUX_NETLINK_H
@@ -27,6 +28,7 @@
#define NETLINK_ECRYPTFS 19
#define NETLINK_RDMA 20
#define NETLINK_CRYPTO 21 /* Crypto layer */
+#define NETLINK_SMC 22 /* SMC monitoring */
#define NETLINK_INET_DIAG NETLINK_SOCK_DIAG
@@ -49,12 +51,12 @@
/* Flags values */
-#define NLM_F_REQUEST 1 /* It is request message. */
-#define NLM_F_MULTI 2 /* Multipart message, terminated by NLMSG_DONE */
-#define NLM_F_ACK 4 /* Reply with ack, with zero or error code */
-#define NLM_F_ECHO 8 /* Echo this request */
-#define NLM_F_DUMP_INTR 16 /* Dump was inconsistent due to sequence change */
-#define NLM_F_DUMP_FILTERED 32 /* Dump was filtered as requested */
+#define NLM_F_REQUEST 0x01 /* It is request message. */
+#define NLM_F_MULTI 0x02 /* Multipart message, terminated by NLMSG_DONE */
+#define NLM_F_ACK 0x04 /* Reply with ack, with zero or error code */
+#define NLM_F_ECHO 0x08 /* Echo this request */
+#define NLM_F_DUMP_INTR 0x10 /* Dump was inconsistent due to sequence change */
+#define NLM_F_DUMP_FILTERED 0x20 /* Dump was filtered as requested */
/* Modifiers to GET request */
#define NLM_F_ROOT 0x100 /* specify tree root */
@@ -68,6 +70,13 @@
#define NLM_F_CREATE 0x400 /* Create, if it does not exist */
#define NLM_F_APPEND 0x800 /* Add to end of list */
+/* Modifiers to DELETE request */
+#define NLM_F_NONREC 0x100 /* Do not delete recursively */
+
+/* Flags for ACK message */
+#define NLM_F_CAPPED 0x100 /* request was capped */
+#define NLM_F_ACK_TLVS 0x200 /* extended ACK TVLs were included */
+
/*
4.4BSD ADD NLM_F_CREATE|NLM_F_EXCL
4.4BSD CHANGE NLM_F_REPLACE
@@ -100,6 +109,37 @@
struct nlmsgerr {
int error;
struct nlmsghdr msg;
+ /*
+ * followed by the message contents unless NETLINK_CAP_ACK was set
+ * or the ACK indicates success (error == 0)
+ * message length is aligned with NLMSG_ALIGN()
+ */
+ /*
+ * followed by TLVs defined in enum nlmsgerr_attrs
+ * if NETLINK_EXT_ACK was set
+ */
+};
+
+/**
+ * enum nlmsgerr_attrs - nlmsgerr attributes
+ * @NLMSGERR_ATTR_UNUSED: unused
+ * @NLMSGERR_ATTR_MSG: error message string (string)
+ * @NLMSGERR_ATTR_OFFS: offset of the invalid attribute in the original
+ * message, counting from the beginning of the header (u32)
+ * @NLMSGERR_ATTR_COOKIE: arbitrary subsystem specific cookie to
+ * be used - in the success case - to identify a created
+ * object or operation or similar (binary)
+ * @__NLMSGERR_ATTR_MAX: number of attributes
+ * @NLMSGERR_ATTR_MAX: highest attribute number
+ */
+enum nlmsgerr_attrs {
+ NLMSGERR_ATTR_UNUSED,
+ NLMSGERR_ATTR_MSG,
+ NLMSGERR_ATTR_OFFS,
+ NLMSGERR_ATTR_COOKIE,
+
+ __NLMSGERR_ATTR_MAX,
+ NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1
};
#define NETLINK_ADD_MEMBERSHIP 1
@@ -112,6 +152,7 @@
#define NETLINK_LISTEN_ALL_NSID 8
#define NETLINK_LIST_MEMBERSHIPS 9
#define NETLINK_CAP_ACK 10
+#define NETLINK_EXT_ACK 11
struct nl_pktinfo {
__u32 group;
@@ -185,5 +226,22 @@
#define NLA_ALIGN(len) (((len) + NLA_ALIGNTO - 1) & ~(NLA_ALIGNTO - 1))
#define NLA_HDRLEN ((int) NLA_ALIGN(sizeof(struct nlattr)))
+/* Generic 32 bitflags attribute content sent to the kernel.
+ *
+ * The value is a bitmap that defines the values being set
+ * The selector is a bitmask that defines which value is legit
+ *
+ * Examples:
+ * value = 0x0, and selector = 0x1
+ * implies we are selecting bit 1 and we want to set its value to 0.
+ *
+ * value = 0x2, and selector = 0x2
+ * implies we are selecting bit 2 and we want to set its value to 1.
+ *
+ */
+struct nla_bitfield32 {
+ __u32 value;
+ __u32 selector;
+};
#endif /* __LINUX_NETLINK_H */
diff --git a/include/linux/netlink_diag.h b/include/uapi/linux/netlink_diag.h
similarity index 70%
rename from include/linux/netlink_diag.h
rename to include/uapi/linux/netlink_diag.h
index f2159d3..4cd0657 100644
--- a/include/linux/netlink_diag.h
+++ b/include/uapi/linux/netlink_diag.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __NETLINK_DIAG_H__
#define __NETLINK_DIAG_H__
@@ -38,6 +39,7 @@
NETLINK_DIAG_GROUPS,
NETLINK_DIAG_RX_RING,
NETLINK_DIAG_TX_RING,
+ NETLINK_DIAG_FLAGS,
__NETLINK_DIAG_MAX,
};
@@ -48,6 +50,16 @@
#define NDIAG_SHOW_MEMINFO 0x00000001 /* show memory info of a socket */
#define NDIAG_SHOW_GROUPS 0x00000002 /* show groups of a netlink socket */
+/* deprecated since 4.6 */
#define NDIAG_SHOW_RING_CFG 0x00000004 /* show ring configuration */
+#define NDIAG_SHOW_FLAGS 0x00000008 /* show flags of a netlink socket */
+
+/* flags */
+#define NDIAG_FLAG_CB_RUNNING 0x00000001
+#define NDIAG_FLAG_PKTINFO 0x00000002
+#define NDIAG_FLAG_BROADCAST_ERROR 0x00000004
+#define NDIAG_FLAG_NO_ENOBUFS 0x00000008
+#define NDIAG_FLAG_LISTEN_ALL_NSID 0x00000010
+#define NDIAG_FLAG_CAP_ACK 0x00000020
#endif
diff --git a/include/linux/packet_diag.h b/include/uapi/linux/packet_diag.h
similarity index 93%
rename from include/linux/packet_diag.h
rename to include/uapi/linux/packet_diag.h
index d08c63f..349ddf0 100644
--- a/include/linux/packet_diag.h
+++ b/include/uapi/linux/packet_diag.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __PACKET_DIAG_H__
#define __PACKET_DIAG_H__
@@ -64,7 +65,7 @@
__u32 pdmc_count;
__u16 pdmc_type;
__u16 pdmc_alen;
- __u8 pdmc_addr[MAX_ADDR_LEN];
+ __u8 pdmc_addr[32]; /* MAX_ADDR_LEN */
};
struct packet_diag_ring {
diff --git a/include/uapi/linux/param.h b/include/uapi/linux/param.h
new file mode 100644
index 0000000..94e0c57
--- /dev/null
+++ b/include/uapi/linux/param.h
@@ -0,0 +1,7 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_PARAM_H
+#define _LINUX_PARAM_H
+
+#include <asm/param.h>
+
+#endif
diff --git a/include/uapi/linux/pfkeyv2.h b/include/uapi/linux/pfkeyv2.h
new file mode 100644
index 0000000..d65b117
--- /dev/null
+++ b/include/uapi/linux/pfkeyv2.h
@@ -0,0 +1,384 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/* PF_KEY user interface, this is defined by rfc2367 so
+ * do not make arbitrary modifications or else this header
+ * file will not be compliant.
+ */
+
+#ifndef _LINUX_PFKEY2_H
+#define _LINUX_PFKEY2_H
+
+#include <linux/types.h>
+
+#define PF_KEY_V2 2
+#define PFKEYV2_REVISION 199806L
+
+struct sadb_msg {
+ __u8 sadb_msg_version;
+ __u8 sadb_msg_type;
+ __u8 sadb_msg_errno;
+ __u8 sadb_msg_satype;
+ __u16 sadb_msg_len;
+ __u16 sadb_msg_reserved;
+ __u32 sadb_msg_seq;
+ __u32 sadb_msg_pid;
+} __attribute__((packed));
+/* sizeof(struct sadb_msg) == 16 */
+
+struct sadb_ext {
+ __u16 sadb_ext_len;
+ __u16 sadb_ext_type;
+} __attribute__((packed));
+/* sizeof(struct sadb_ext) == 4 */
+
+struct sadb_sa {
+ __u16 sadb_sa_len;
+ __u16 sadb_sa_exttype;
+ __be32 sadb_sa_spi;
+ __u8 sadb_sa_replay;
+ __u8 sadb_sa_state;
+ __u8 sadb_sa_auth;
+ __u8 sadb_sa_encrypt;
+ __u32 sadb_sa_flags;
+} __attribute__((packed));
+/* sizeof(struct sadb_sa) == 16 */
+
+struct sadb_lifetime {
+ __u16 sadb_lifetime_len;
+ __u16 sadb_lifetime_exttype;
+ __u32 sadb_lifetime_allocations;
+ __u64 sadb_lifetime_bytes;
+ __u64 sadb_lifetime_addtime;
+ __u64 sadb_lifetime_usetime;
+} __attribute__((packed));
+/* sizeof(struct sadb_lifetime) == 32 */
+
+struct sadb_address {
+ __u16 sadb_address_len;
+ __u16 sadb_address_exttype;
+ __u8 sadb_address_proto;
+ __u8 sadb_address_prefixlen;
+ __u16 sadb_address_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_address) == 8 */
+
+struct sadb_key {
+ __u16 sadb_key_len;
+ __u16 sadb_key_exttype;
+ __u16 sadb_key_bits;
+ __u16 sadb_key_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_key) == 8 */
+
+struct sadb_ident {
+ __u16 sadb_ident_len;
+ __u16 sadb_ident_exttype;
+ __u16 sadb_ident_type;
+ __u16 sadb_ident_reserved;
+ __u64 sadb_ident_id;
+} __attribute__((packed));
+/* sizeof(struct sadb_ident) == 16 */
+
+struct sadb_sens {
+ __u16 sadb_sens_len;
+ __u16 sadb_sens_exttype;
+ __u32 sadb_sens_dpd;
+ __u8 sadb_sens_sens_level;
+ __u8 sadb_sens_sens_len;
+ __u8 sadb_sens_integ_level;
+ __u8 sadb_sens_integ_len;
+ __u32 sadb_sens_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_sens) == 16 */
+
+/* followed by:
+ __u64 sadb_sens_bitmap[sens_len];
+ __u64 sadb_integ_bitmap[integ_len]; */
+
+struct sadb_prop {
+ __u16 sadb_prop_len;
+ __u16 sadb_prop_exttype;
+ __u8 sadb_prop_replay;
+ __u8 sadb_prop_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_prop) == 8 */
+
+/* followed by:
+ struct sadb_comb sadb_combs[(sadb_prop_len +
+ sizeof(__u64) - sizeof(struct sadb_prop)) /
+ sizeof(struct sadb_comb)]; */
+
+struct sadb_comb {
+ __u8 sadb_comb_auth;
+ __u8 sadb_comb_encrypt;
+ __u16 sadb_comb_flags;
+ __u16 sadb_comb_auth_minbits;
+ __u16 sadb_comb_auth_maxbits;
+ __u16 sadb_comb_encrypt_minbits;
+ __u16 sadb_comb_encrypt_maxbits;
+ __u32 sadb_comb_reserved;
+ __u32 sadb_comb_soft_allocations;
+ __u32 sadb_comb_hard_allocations;
+ __u64 sadb_comb_soft_bytes;
+ __u64 sadb_comb_hard_bytes;
+ __u64 sadb_comb_soft_addtime;
+ __u64 sadb_comb_hard_addtime;
+ __u64 sadb_comb_soft_usetime;
+ __u64 sadb_comb_hard_usetime;
+} __attribute__((packed));
+/* sizeof(struct sadb_comb) == 72 */
+
+struct sadb_supported {
+ __u16 sadb_supported_len;
+ __u16 sadb_supported_exttype;
+ __u32 sadb_supported_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_supported) == 8 */
+
+/* followed by:
+ struct sadb_alg sadb_algs[(sadb_supported_len +
+ sizeof(__u64) - sizeof(struct sadb_supported)) /
+ sizeof(struct sadb_alg)]; */
+
+struct sadb_alg {
+ __u8 sadb_alg_id;
+ __u8 sadb_alg_ivlen;
+ __u16 sadb_alg_minbits;
+ __u16 sadb_alg_maxbits;
+ __u16 sadb_alg_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_alg) == 8 */
+
+struct sadb_spirange {
+ __u16 sadb_spirange_len;
+ __u16 sadb_spirange_exttype;
+ __u32 sadb_spirange_min;
+ __u32 sadb_spirange_max;
+ __u32 sadb_spirange_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_spirange) == 16 */
+
+struct sadb_x_kmprivate {
+ __u16 sadb_x_kmprivate_len;
+ __u16 sadb_x_kmprivate_exttype;
+ __u32 sadb_x_kmprivate_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_kmprivate) == 8 */
+
+struct sadb_x_sa2 {
+ __u16 sadb_x_sa2_len;
+ __u16 sadb_x_sa2_exttype;
+ __u8 sadb_x_sa2_mode;
+ __u8 sadb_x_sa2_reserved1;
+ __u16 sadb_x_sa2_reserved2;
+ __u32 sadb_x_sa2_sequence;
+ __u32 sadb_x_sa2_reqid;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_sa2) == 16 */
+
+struct sadb_x_policy {
+ __u16 sadb_x_policy_len;
+ __u16 sadb_x_policy_exttype;
+ __u16 sadb_x_policy_type;
+ __u8 sadb_x_policy_dir;
+ __u8 sadb_x_policy_reserved;
+ __u32 sadb_x_policy_id;
+ __u32 sadb_x_policy_priority;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_policy) == 16 */
+
+struct sadb_x_ipsecrequest {
+ __u16 sadb_x_ipsecrequest_len;
+ __u16 sadb_x_ipsecrequest_proto;
+ __u8 sadb_x_ipsecrequest_mode;
+ __u8 sadb_x_ipsecrequest_level;
+ __u16 sadb_x_ipsecrequest_reserved1;
+ __u32 sadb_x_ipsecrequest_reqid;
+ __u32 sadb_x_ipsecrequest_reserved2;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_ipsecrequest) == 16 */
+
+/* This defines the TYPE of Nat Traversal in use. Currently only one
+ * type of NAT-T is supported, draft-ietf-ipsec-udp-encaps-06
+ */
+struct sadb_x_nat_t_type {
+ __u16 sadb_x_nat_t_type_len;
+ __u16 sadb_x_nat_t_type_exttype;
+ __u8 sadb_x_nat_t_type_type;
+ __u8 sadb_x_nat_t_type_reserved[3];
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_type) == 8 */
+
+/* Pass a NAT Traversal port (Source or Dest port) */
+struct sadb_x_nat_t_port {
+ __u16 sadb_x_nat_t_port_len;
+ __u16 sadb_x_nat_t_port_exttype;
+ __be16 sadb_x_nat_t_port_port;
+ __u16 sadb_x_nat_t_port_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_nat_t_port) == 8 */
+
+/* Generic LSM security context */
+struct sadb_x_sec_ctx {
+ __u16 sadb_x_sec_len;
+ __u16 sadb_x_sec_exttype;
+ __u8 sadb_x_ctx_alg; /* LSMs: e.g., selinux == 1 */
+ __u8 sadb_x_ctx_doi;
+ __u16 sadb_x_ctx_len;
+} __attribute__((packed));
+/* sizeof(struct sadb_sec_ctx) = 8 */
+
+/* Used by MIGRATE to pass addresses IKE will use to perform
+ * negotiation with the peer */
+struct sadb_x_kmaddress {
+ __u16 sadb_x_kmaddress_len;
+ __u16 sadb_x_kmaddress_exttype;
+ __u32 sadb_x_kmaddress_reserved;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_kmaddress) == 8 */
+
+/* To specify the SA dump filter */
+struct sadb_x_filter {
+ __u16 sadb_x_filter_len;
+ __u16 sadb_x_filter_exttype;
+ __u32 sadb_x_filter_saddr[4];
+ __u32 sadb_x_filter_daddr[4];
+ __u16 sadb_x_filter_family;
+ __u8 sadb_x_filter_splen;
+ __u8 sadb_x_filter_dplen;
+} __attribute__((packed));
+/* sizeof(struct sadb_x_filter) == 40 */
+
+/* Message types */
+#define SADB_RESERVED 0
+#define SADB_GETSPI 1
+#define SADB_UPDATE 2
+#define SADB_ADD 3
+#define SADB_DELETE 4
+#define SADB_GET 5
+#define SADB_ACQUIRE 6
+#define SADB_REGISTER 7
+#define SADB_EXPIRE 8
+#define SADB_FLUSH 9
+#define SADB_DUMP 10
+#define SADB_X_PROMISC 11
+#define SADB_X_PCHANGE 12
+#define SADB_X_SPDUPDATE 13
+#define SADB_X_SPDADD 14
+#define SADB_X_SPDDELETE 15
+#define SADB_X_SPDGET 16
+#define SADB_X_SPDACQUIRE 17
+#define SADB_X_SPDDUMP 18
+#define SADB_X_SPDFLUSH 19
+#define SADB_X_SPDSETIDX 20
+#define SADB_X_SPDEXPIRE 21
+#define SADB_X_SPDDELETE2 22
+#define SADB_X_NAT_T_NEW_MAPPING 23
+#define SADB_X_MIGRATE 24
+#define SADB_MAX 24
+
+/* Security Association flags */
+#define SADB_SAFLAGS_PFS 1
+#define SADB_SAFLAGS_NOPMTUDISC 0x20000000
+#define SADB_SAFLAGS_DECAP_DSCP 0x40000000
+#define SADB_SAFLAGS_NOECN 0x80000000
+
+/* Security Association states */
+#define SADB_SASTATE_LARVAL 0
+#define SADB_SASTATE_MATURE 1
+#define SADB_SASTATE_DYING 2
+#define SADB_SASTATE_DEAD 3
+#define SADB_SASTATE_MAX 3
+
+/* Security Association types */
+#define SADB_SATYPE_UNSPEC 0
+#define SADB_SATYPE_AH 2
+#define SADB_SATYPE_ESP 3
+#define SADB_SATYPE_RSVP 5
+#define SADB_SATYPE_OSPFV2 6
+#define SADB_SATYPE_RIPV2 7
+#define SADB_SATYPE_MIP 8
+#define SADB_X_SATYPE_IPCOMP 9
+#define SADB_SATYPE_MAX 9
+
+/* Authentication algorithms */
+#define SADB_AALG_NONE 0
+#define SADB_AALG_MD5HMAC 2
+#define SADB_AALG_SHA1HMAC 3
+#define SADB_X_AALG_SHA2_256HMAC 5
+#define SADB_X_AALG_SHA2_384HMAC 6
+#define SADB_X_AALG_SHA2_512HMAC 7
+#define SADB_X_AALG_RIPEMD160HMAC 8
+#define SADB_X_AALG_AES_XCBC_MAC 9
+#define SADB_X_AALG_NULL 251 /* kame */
+#define SADB_AALG_MAX 251
+
+/* Encryption algorithms */
+#define SADB_EALG_NONE 0
+#define SADB_EALG_DESCBC 2
+#define SADB_EALG_3DESCBC 3
+#define SADB_X_EALG_CASTCBC 6
+#define SADB_X_EALG_BLOWFISHCBC 7
+#define SADB_EALG_NULL 11
+#define SADB_X_EALG_AESCBC 12
+#define SADB_X_EALG_AESCTR 13
+#define SADB_X_EALG_AES_CCM_ICV8 14
+#define SADB_X_EALG_AES_CCM_ICV12 15
+#define SADB_X_EALG_AES_CCM_ICV16 16
+#define SADB_X_EALG_AES_GCM_ICV8 18
+#define SADB_X_EALG_AES_GCM_ICV12 19
+#define SADB_X_EALG_AES_GCM_ICV16 20
+#define SADB_X_EALG_CAMELLIACBC 22
+#define SADB_X_EALG_NULL_AES_GMAC 23
+#define SADB_EALG_MAX 253 /* last EALG */
+/* private allocations should use 249-255 (RFC2407) */
+#define SADB_X_EALG_SERPENTCBC 252 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+#define SADB_X_EALG_TWOFISHCBC 253 /* draft-ietf-ipsec-ciph-aes-cbc-00 */
+
+/* Compression algorithms */
+#define SADB_X_CALG_NONE 0
+#define SADB_X_CALG_OUI 1
+#define SADB_X_CALG_DEFLATE 2
+#define SADB_X_CALG_LZS 3
+#define SADB_X_CALG_LZJH 4
+#define SADB_X_CALG_MAX 4
+
+/* Extension Header values */
+#define SADB_EXT_RESERVED 0
+#define SADB_EXT_SA 1
+#define SADB_EXT_LIFETIME_CURRENT 2
+#define SADB_EXT_LIFETIME_HARD 3
+#define SADB_EXT_LIFETIME_SOFT 4
+#define SADB_EXT_ADDRESS_SRC 5
+#define SADB_EXT_ADDRESS_DST 6
+#define SADB_EXT_ADDRESS_PROXY 7
+#define SADB_EXT_KEY_AUTH 8
+#define SADB_EXT_KEY_ENCRYPT 9
+#define SADB_EXT_IDENTITY_SRC 10
+#define SADB_EXT_IDENTITY_DST 11
+#define SADB_EXT_SENSITIVITY 12
+#define SADB_EXT_PROPOSAL 13
+#define SADB_EXT_SUPPORTED_AUTH 14
+#define SADB_EXT_SUPPORTED_ENCRYPT 15
+#define SADB_EXT_SPIRANGE 16
+#define SADB_X_EXT_KMPRIVATE 17
+#define SADB_X_EXT_POLICY 18
+#define SADB_X_EXT_SA2 19
+/* The next four entries are for setting up NAT Traversal */
+#define SADB_X_EXT_NAT_T_TYPE 20
+#define SADB_X_EXT_NAT_T_SPORT 21
+#define SADB_X_EXT_NAT_T_DPORT 22
+#define SADB_X_EXT_NAT_T_OA 23
+#define SADB_X_EXT_SEC_CTX 24
+/* Used with MIGRATE to pass @ to IKE for negotiation */
+#define SADB_X_EXT_KMADDRESS 25
+#define SADB_X_EXT_FILTER 26
+#define SADB_EXT_MAX 26
+
+/* Identity Extension values */
+#define SADB_IDENTTYPE_RESERVED 0
+#define SADB_IDENTTYPE_PREFIX 1
+#define SADB_IDENTTYPE_FQDN 2
+#define SADB_IDENTTYPE_USERFQDN 3
+#define SADB_IDENTTYPE_MAX 3
+
+#endif /* !(_LINUX_PFKEY2_H) */
diff --git a/include/linux/pkt_cls.h b/include/uapi/linux/pkt_cls.h
similarity index 66%
rename from include/linux/pkt_cls.h
rename to include/uapi/linux/pkt_cls.h
index a323146..46c5066 100644
--- a/include/linux/pkt_cls.h
+++ b/include/uapi/linux/pkt_cls.h
@@ -1,9 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_PKT_CLS_H
#define __LINUX_PKT_CLS_H
#include <linux/types.h>
#include <linux/pkt_sched.h>
+#define TC_COOKIE_MAX_SIZE 16
/* Action attributes */
enum {
@@ -12,6 +14,8 @@
TCA_ACT_OPTIONS,
TCA_ACT_INDEX,
TCA_ACT_STATS,
+ TCA_ACT_PAD,
+ TCA_ACT_COOKIE,
__TCA_ACT_MAX
};
@@ -34,7 +38,28 @@
#define TC_ACT_QUEUED 5
#define TC_ACT_REPEAT 6
#define TC_ACT_REDIRECT 7
-#define TC_ACT_JUMP 0x10000000
+#define TC_ACT_TRAP 8 /* For hw path, this means "trap to cpu"
+ * and don't further process the frame
+ * in hardware. For sw path, this is
+ * equivalent of TC_ACT_STOLEN - drop
+ * the skb and act like everything
+ * is alright.
+ */
+
+/* There is a special kind of actions called "extended actions",
+ * which need a value parameter. These have a local opcode located in
+ * the highest nibble, starting from 1. The rest of the bits
+ * are used to carry the value. These two parts together make
+ * a combined opcode.
+ */
+#define __TC_ACT_EXT_SHIFT 28
+#define __TC_ACT_EXT(local) ((local) << __TC_ACT_EXT_SHIFT)
+#define TC_ACT_EXT_VAL_MASK ((1 << __TC_ACT_EXT_SHIFT) - 1)
+#define TC_ACT_EXT_CMP(combined, opcode) \
+ (((combined) & (~TC_ACT_EXT_VAL_MASK)) == opcode)
+
+#define TC_ACT_JUMP __TC_ACT_EXT(1)
+#define TC_ACT_GOTO_CHAIN __TC_ACT_EXT(2)
/* Action type identifiers*/
enum {
@@ -60,8 +85,8 @@
__u32 mtu;
struct tc_ratespec rate;
struct tc_ratespec peakrate;
- int refcnt;
- int bindcnt;
+ int refcnt;
+ int bindcnt;
__u32 capab;
};
@@ -69,10 +94,11 @@
__u64 install;
__u64 lastuse;
__u64 expires;
+ __u64 firstuse;
};
struct tc_cnt {
- int refcnt;
+ int refcnt;
int bindcnt;
};
@@ -90,12 +116,20 @@
TCA_POLICE_PEAKRATE,
TCA_POLICE_AVRATE,
TCA_POLICE_RESULT,
+ TCA_POLICE_TM,
+ TCA_POLICE_PAD,
__TCA_POLICE_MAX
#define TCA_POLICE_RESULT TCA_POLICE_RESULT
};
#define TCA_POLICE_MAX (__TCA_POLICE_MAX - 1)
+/* tca flags definitions */
+#define TCA_CLS_FLAGS_SKIP_HW (1 << 0) /* don't offload filter to HW */
+#define TCA_CLS_FLAGS_SKIP_SW (1 << 1) /* don't use filter in SW */
+#define TCA_CLS_FLAGS_IN_HW (1 << 2) /* filter is offloaded to HW */
+#define TCA_CLS_FLAGS_NOT_IN_HW (1 << 3) /* filter isn't offloaded to HW */
+
/* U32 filters */
#define TC_U32_HTID(h) ((h)&0xFFF00000)
@@ -114,10 +148,12 @@
TCA_U32_DIVISOR,
TCA_U32_SEL,
TCA_U32_POLICE,
- TCA_U32_ACT,
+ TCA_U32_ACT,
TCA_U32_INDEV,
TCA_U32_PCNT,
TCA_U32_MARK,
+ TCA_U32_FLAGS,
+ TCA_U32_PAD,
__TCA_U32_MAX
};
@@ -332,6 +368,9 @@
TCA_BPF_FD,
TCA_BPF_NAME,
TCA_BPF_FLAGS,
+ TCA_BPF_FLAGS_GEN,
+ TCA_BPF_TAG,
+ TCA_BPF_ID,
__TCA_BPF_MAX,
};
@@ -362,11 +401,94 @@
TCA_FLOWER_KEY_TCP_DST, /* be16 */
TCA_FLOWER_KEY_UDP_SRC, /* be16 */
TCA_FLOWER_KEY_UDP_DST, /* be16 */
+
+ TCA_FLOWER_FLAGS,
+ TCA_FLOWER_KEY_VLAN_ID, /* be16 */
+ TCA_FLOWER_KEY_VLAN_PRIO, /* u8 */
+ TCA_FLOWER_KEY_VLAN_ETH_TYPE, /* be16 */
+
+ TCA_FLOWER_KEY_ENC_KEY_ID, /* be32 */
+ TCA_FLOWER_KEY_ENC_IPV4_SRC, /* be32 */
+ TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,/* be32 */
+ TCA_FLOWER_KEY_ENC_IPV4_DST, /* be32 */
+ TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,/* be32 */
+ TCA_FLOWER_KEY_ENC_IPV6_SRC, /* struct in6_addr */
+ TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,/* struct in6_addr */
+ TCA_FLOWER_KEY_ENC_IPV6_DST, /* struct in6_addr */
+ TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,/* struct in6_addr */
+
+ TCA_FLOWER_KEY_TCP_SRC_MASK, /* be16 */
+ TCA_FLOWER_KEY_TCP_DST_MASK, /* be16 */
+ TCA_FLOWER_KEY_UDP_SRC_MASK, /* be16 */
+ TCA_FLOWER_KEY_UDP_DST_MASK, /* be16 */
+ TCA_FLOWER_KEY_SCTP_SRC_MASK, /* be16 */
+ TCA_FLOWER_KEY_SCTP_DST_MASK, /* be16 */
+
+ TCA_FLOWER_KEY_SCTP_SRC, /* be16 */
+ TCA_FLOWER_KEY_SCTP_DST, /* be16 */
+
+ TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, /* be16 */
+ TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, /* be16 */
+ TCA_FLOWER_KEY_ENC_UDP_DST_PORT, /* be16 */
+ TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, /* be16 */
+
+ TCA_FLOWER_KEY_FLAGS, /* be32 */
+ TCA_FLOWER_KEY_FLAGS_MASK, /* be32 */
+
+ TCA_FLOWER_KEY_ICMPV4_CODE, /* u8 */
+ TCA_FLOWER_KEY_ICMPV4_CODE_MASK,/* u8 */
+ TCA_FLOWER_KEY_ICMPV4_TYPE, /* u8 */
+ TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,/* u8 */
+ TCA_FLOWER_KEY_ICMPV6_CODE, /* u8 */
+ TCA_FLOWER_KEY_ICMPV6_CODE_MASK,/* u8 */
+ TCA_FLOWER_KEY_ICMPV6_TYPE, /* u8 */
+ TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,/* u8 */
+
+ TCA_FLOWER_KEY_ARP_SIP, /* be32 */
+ TCA_FLOWER_KEY_ARP_SIP_MASK, /* be32 */
+ TCA_FLOWER_KEY_ARP_TIP, /* be32 */
+ TCA_FLOWER_KEY_ARP_TIP_MASK, /* be32 */
+ TCA_FLOWER_KEY_ARP_OP, /* u8 */
+ TCA_FLOWER_KEY_ARP_OP_MASK, /* u8 */
+ TCA_FLOWER_KEY_ARP_SHA, /* ETH_ALEN */
+ TCA_FLOWER_KEY_ARP_SHA_MASK, /* ETH_ALEN */
+ TCA_FLOWER_KEY_ARP_THA, /* ETH_ALEN */
+ TCA_FLOWER_KEY_ARP_THA_MASK, /* ETH_ALEN */
+
+ TCA_FLOWER_KEY_MPLS_TTL, /* u8 - 8 bits */
+ TCA_FLOWER_KEY_MPLS_BOS, /* u8 - 1 bit */
+ TCA_FLOWER_KEY_MPLS_TC, /* u8 - 3 bits */
+ TCA_FLOWER_KEY_MPLS_LABEL, /* be32 - 20 bits */
+
+ TCA_FLOWER_KEY_TCP_FLAGS, /* be16 */
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK, /* be16 */
+
+ TCA_FLOWER_KEY_IP_TOS, /* u8 */
+ TCA_FLOWER_KEY_IP_TOS_MASK, /* u8 */
+ TCA_FLOWER_KEY_IP_TTL, /* u8 */
+ TCA_FLOWER_KEY_IP_TTL_MASK, /* u8 */
+
__TCA_FLOWER_MAX,
};
#define TCA_FLOWER_MAX (__TCA_FLOWER_MAX - 1)
+enum {
+ TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
+};
+
+/* Match-all classifier */
+
+enum {
+ TCA_MATCHALL_UNSPEC,
+ TCA_MATCHALL_CLASSID,
+ TCA_MATCHALL_ACT,
+ TCA_MATCHALL_FLAGS,
+ __TCA_MATCHALL_MAX,
+};
+
+#define TCA_MATCHALL_MAX (__TCA_MATCHALL_MAX - 1)
+
/* Extended Matches */
struct tcf_ematch_tree_hdr {
diff --git a/include/linux/pkt_sched.h b/include/uapi/linux/pkt_sched.h
similarity index 97%
rename from include/linux/pkt_sched.h
rename to include/uapi/linux/pkt_sched.h
index 8cb18b4..703cd9d 100644
--- a/include/linux/pkt_sched.h
+++ b/include/uapi/linux/pkt_sched.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_PKT_SCHED_H
#define __LINUX_PKT_SCHED_H
@@ -179,6 +180,7 @@
TCA_TBF_PRATE64,
TCA_TBF_BURST,
TCA_TBF_PBURST,
+ TCA_TBF_PAD,
__TCA_TBF_MAX,
};
@@ -368,6 +370,7 @@
TCA_HTB_DIRECT_QLEN,
TCA_HTB_RATE64,
TCA_HTB_CEIL64,
+ TCA_HTB_PAD,
__TCA_HTB_MAX,
};
@@ -531,6 +534,7 @@
TCA_NETEM_RATE,
TCA_NETEM_ECN,
TCA_NETEM_RATE64,
+ TCA_NETEM_PAD,
__TCA_NETEM_MAX,
};
@@ -614,6 +618,14 @@
#define TC_QOPT_BITMASK 15
#define TC_QOPT_MAX_QUEUE 16
+enum {
+ TC_MQPRIO_HW_OFFLOAD_NONE, /* no offload requested */
+ TC_MQPRIO_HW_OFFLOAD_TCS, /* offload TCs, no queue counts */
+ __TC_MQPRIO_HW_OFFLOAD_MAX
+};
+
+#define TC_MQPRIO_HW_OFFLOAD_MAX (__TC_MQPRIO_HW_OFFLOAD_MAX - 1)
+
struct tc_mqprio_qopt {
__u8 num_tc;
__u8 prio_tc_map[TC_QOPT_BITMASK + 1];
@@ -715,6 +727,8 @@
TCA_FQ_CODEL_FLOWS,
TCA_FQ_CODEL_QUANTUM,
TCA_FQ_CODEL_CE_THRESHOLD,
+ TCA_FQ_CODEL_DROP_BATCH_SIZE,
+ TCA_FQ_CODEL_MEMORY_LIMIT,
__TCA_FQ_CODEL_MAX
};
@@ -739,6 +753,8 @@
__u32 new_flows_len; /* count of flows in new list */
__u32 old_flows_len; /* count of flows in old list */
__u32 ce_mark; /* packets above ce_threshold */
+ __u32 memory_usage; /* in bytes */
+ __u32 drop_overmemory;
};
struct tc_fq_codel_cl_stats {
@@ -785,6 +801,8 @@
TCA_FQ_ORPHAN_MASK, /* mask applied to orphaned skb hashes */
+ TCA_FQ_LOW_RATE_THRESHOLD, /* per packet delay under this rate */
+
__TCA_FQ_MAX
};
@@ -802,7 +820,7 @@
__u32 flows;
__u32 inactive_flows;
__u32 throttled_flows;
- __u32 pad;
+ __u32 unthrottle_latency_ns;
};
/* Heavy-Hitter Filter */
diff --git a/include/uapi/linux/posix_types.h b/include/uapi/linux/posix_types.h
new file mode 100644
index 0000000..9a7a740
--- /dev/null
+++ b/include/uapi/linux/posix_types.h
@@ -0,0 +1,38 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_POSIX_TYPES_H
+#define _LINUX_POSIX_TYPES_H
+
+#include <linux/stddef.h>
+
+/*
+ * This allows for 1024 file descriptors: if NR_OPEN is ever grown
+ * beyond that you'll have to change this too. But 1024 fd's seem to be
+ * enough even for such "real" unices like OSF/1, so hopefully this is
+ * one limit that doesn't have to be changed [again].
+ *
+ * Note that POSIX wants the FD_CLEAR(fd,fdsetp) defines to be in
+ * <sys/time.h> (and thus <linux/time.h>) - but this is a more logical
+ * place for them. Solved by having dummy defines in <sys/time.h>.
+ */
+
+/*
+ * This macro may have been defined in <gnu/types.h>. But we always
+ * use the one here.
+ */
+#undef __FD_SETSIZE
+#define __FD_SETSIZE 1024
+
+typedef struct {
+ unsigned long fds_bits[__FD_SETSIZE / (8 * sizeof(long))];
+} __kernel_fd_set;
+
+/* Type of a signal handler. */
+typedef void (*__kernel_sighandler_t)(int);
+
+/* Type of a SYSV IPC key. */
+typedef int __kernel_key_t;
+typedef int __kernel_mqd_t;
+
+#include <asm/posix_types.h>
+
+#endif /* _LINUX_POSIX_TYPES_H */
diff --git a/include/linux/rtnetlink.h b/include/uapi/linux/rtnetlink.h
similarity index 92%
rename from include/linux/rtnetlink.h
rename to include/uapi/linux/rtnetlink.h
index 5fc9337..af80fa0 100644
--- a/include/linux/rtnetlink.h
+++ b/include/uapi/linux/rtnetlink.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_RTNETLINK_H
#define __LINUX_RTNETLINK_H
@@ -122,6 +123,8 @@
RTM_NEWNETCONF = 80,
#define RTM_NEWNETCONF RTM_NEWNETCONF
+ RTM_DELNETCONF,
+#define RTM_DELNETCONF RTM_DELNETCONF
RTM_GETNETCONF = 82,
#define RTM_GETNETCONF RTM_GETNETCONF
@@ -139,6 +142,14 @@
RTM_GETNSID = 90,
#define RTM_GETNSID RTM_GETNSID
+ RTM_NEWSTATS = 92,
+#define RTM_NEWSTATS RTM_NEWSTATS
+ RTM_GETSTATS = 94,
+#define RTM_GETSTATS RTM_GETSTATS
+
+ RTM_NEWCACHEREPORT = 96,
+#define RTM_NEWCACHEREPORT RTM_NEWCACHEREPORT
+
__RTM_MAX,
#define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1)
};
@@ -271,6 +282,7 @@
#define RTM_F_EQUALIZE 0x400 /* Multipath equalizer: NI */
#define RTM_F_PREFIX 0x800 /* Prefix addresses */
#define RTM_F_LOOKUP_TABLE 0x1000 /* set rtm_table to FIB lookup result */
+#define RTM_F_FIB_MATCH 0x2000 /* return full fib lookup match */
/* Reserved table identifiers */
@@ -314,6 +326,7 @@
RTA_EXPIRES,
RTA_PAD,
RTA_UID,
+ RTA_TTL_PROPAGATE,
__RTA_MAX
};
@@ -345,8 +358,9 @@
#define RTNH_F_ONLINK 4 /* Gateway is forced on link */
#define RTNH_F_OFFLOAD 8 /* offloaded route */
#define RTNH_F_LINKDOWN 16 /* carrier-down on nexthop */
+#define RTNH_F_UNRESOLVED 32 /* The entry is unresolved (ipmr) */
-#define RTNH_COMPARE_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN)
+#define RTNH_COMPARE_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN | RTNH_F_OFFLOAD)
/* Macros to handle hexthops */
@@ -538,6 +552,9 @@
TCA_FCNT,
TCA_STATS2,
TCA_STAB,
+ TCA_PAD,
+ TCA_DUMP_INVISIBLE,
+ TCA_CHAIN,
__TCA_MAX
};
@@ -649,6 +666,12 @@
#define RTNLGRP_MPLS_ROUTE RTNLGRP_MPLS_ROUTE
RTNLGRP_NSID,
#define RTNLGRP_NSID RTNLGRP_NSID
+ RTNLGRP_MPLS_NETCONF,
+#define RTNLGRP_MPLS_NETCONF RTNLGRP_MPLS_NETCONF
+ RTNLGRP_IPV4_MROUTE_R,
+#define RTNLGRP_IPV4_MROUTE_R RTNLGRP_IPV4_MROUTE_R
+ RTNLGRP_IPV6_MROUTE_R,
+#define RTNLGRP_IPV6_MROUTE_R RTNLGRP_IPV6_MROUTE_R
__RTNLGRP_MAX
};
#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
@@ -659,10 +682,29 @@
unsigned char tca__pad1;
unsigned short tca__pad2;
};
+
+enum {
+ TCA_ROOT_UNSPEC,
+ TCA_ROOT_TAB,
+#define TCA_ACT_TAB TCA_ROOT_TAB
+#define TCAA_MAX TCA_ROOT_TAB
+ TCA_ROOT_FLAGS,
+ TCA_ROOT_COUNT,
+ TCA_ROOT_TIME_DELTA, /* in msecs */
+ __TCA_ROOT_MAX,
+#define TCA_ROOT_MAX (__TCA_ROOT_MAX - 1)
+};
+
#define TA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcamsg))))
#define TA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcamsg))
-#define TCA_ACT_TAB 1 /* attr type must be >=1 */
-#define TCAA_MAX 1
+/* tcamsg flags stored in attribute TCA_ROOT_FLAGS
+ *
+ * TCA_FLAG_LARGE_DUMP_ON user->kernel to request for larger than TCA_ACT_MAX_PRIO
+ * actions in a dump. All dump responses will contain the number of actions
+ * being dumped stored in for user app's consumption in TCA_ROOT_COUNT
+ *
+ */
+#define TCA_FLAG_LARGE_DUMP_ON (1 << 0)
/* New extended info filters for IFLA_EXT_MASK */
#define RTEXT_FILTER_VF (1 << 0)
diff --git a/include/uapi/linux/sctp.h b/include/uapi/linux/sctp.h
new file mode 100644
index 0000000..5c32dd3
--- /dev/null
+++ b/include/uapi/linux/sctp.h
@@ -0,0 +1,1086 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/* SCTP kernel implementation
+ * (C) Copyright IBM Corp. 2001, 2004
+ * Copyright (c) 1999-2000 Cisco, Inc.
+ * Copyright (c) 1999-2001 Motorola, Inc.
+ * Copyright (c) 2002 Intel Corp.
+ *
+ * This file is part of the SCTP kernel implementation
+ *
+ * This header represents the structures and constants needed to support
+ * the SCTP Extension to the Sockets API.
+ *
+ * This SCTP implementation is free software;
+ * you can redistribute it and/or modify it under the terms of
+ * the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * This SCTP implementation is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * ************************
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNU CC; see the file COPYING. If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Please send any bug reports or fixes you make to the
+ * email address(es):
+ * lksctp developers <linux-sctp@vger.kernel.org>
+ *
+ * Or submit a bug report through the following website:
+ * http://www.sf.net/projects/lksctp
+ *
+ * Written or modified by:
+ * La Monte H.P. Yarroll <piggy@acm.org>
+ * R. Stewart <randall@sctp.chicago.il.us>
+ * K. Morneau <kmorneau@cisco.com>
+ * Q. Xie <qxie1@email.mot.com>
+ * Karl Knutson <karl@athena.chicago.il.us>
+ * Jon Grimm <jgrimm@us.ibm.com>
+ * Daisy Chang <daisyc@us.ibm.com>
+ * Ryan Layer <rmlayer@us.ibm.com>
+ * Ardelle Fan <ardelle.fan@intel.com>
+ * Sridhar Samudrala <sri@us.ibm.com>
+ * Inaky Perez-Gonzalez <inaky.gonzalez@intel.com>
+ * Vlad Yasevich <vladislav.yasevich@hp.com>
+ *
+ * Any bugs reported given to us we will try to fix... any fixes shared will
+ * be incorporated into the next SCTP release.
+ */
+
+#ifndef _SCTP_H
+#define _SCTP_H
+
+#include <linux/types.h>
+#include <linux/socket.h>
+
+typedef __s32 sctp_assoc_t;
+
+/* The following symbols come from the Sockets API Extensions for
+ * SCTP <draft-ietf-tsvwg-sctpsocket-07.txt>.
+ */
+#define SCTP_RTOINFO 0
+#define SCTP_ASSOCINFO 1
+#define SCTP_INITMSG 2
+#define SCTP_NODELAY 3 /* Get/set nodelay option. */
+#define SCTP_AUTOCLOSE 4
+#define SCTP_SET_PEER_PRIMARY_ADDR 5
+#define SCTP_PRIMARY_ADDR 6
+#define SCTP_ADAPTATION_LAYER 7
+#define SCTP_DISABLE_FRAGMENTS 8
+#define SCTP_PEER_ADDR_PARAMS 9
+#define SCTP_DEFAULT_SEND_PARAM 10
+#define SCTP_EVENTS 11
+#define SCTP_I_WANT_MAPPED_V4_ADDR 12 /* Turn on/off mapped v4 addresses */
+#define SCTP_MAXSEG 13 /* Get/set maximum fragment. */
+#define SCTP_STATUS 14
+#define SCTP_GET_PEER_ADDR_INFO 15
+#define SCTP_DELAYED_ACK_TIME 16
+#define SCTP_DELAYED_ACK SCTP_DELAYED_ACK_TIME
+#define SCTP_DELAYED_SACK SCTP_DELAYED_ACK_TIME
+#define SCTP_CONTEXT 17
+#define SCTP_FRAGMENT_INTERLEAVE 18
+#define SCTP_PARTIAL_DELIVERY_POINT 19 /* Set/Get partial delivery point */
+#define SCTP_MAX_BURST 20 /* Set/Get max burst */
+#define SCTP_AUTH_CHUNK 21 /* Set only: add a chunk type to authenticate */
+#define SCTP_HMAC_IDENT 22
+#define SCTP_AUTH_KEY 23
+#define SCTP_AUTH_ACTIVE_KEY 24
+#define SCTP_AUTH_DELETE_KEY 25
+#define SCTP_PEER_AUTH_CHUNKS 26 /* Read only */
+#define SCTP_LOCAL_AUTH_CHUNKS 27 /* Read only */
+#define SCTP_GET_ASSOC_NUMBER 28 /* Read only */
+#define SCTP_GET_ASSOC_ID_LIST 29 /* Read only */
+#define SCTP_AUTO_ASCONF 30
+#define SCTP_PEER_ADDR_THLDS 31
+#define SCTP_RECVRCVINFO 32
+#define SCTP_RECVNXTINFO 33
+#define SCTP_DEFAULT_SNDINFO 34
+
+/* Internal Socket Options. Some of the sctp library functions are
+ * implemented using these socket options.
+ */
+#define SCTP_SOCKOPT_BINDX_ADD 100 /* BINDX requests for adding addrs */
+#define SCTP_SOCKOPT_BINDX_REM 101 /* BINDX requests for removing addrs. */
+#define SCTP_SOCKOPT_PEELOFF 102 /* peel off association. */
+/* Options 104-106 are deprecated and removed. Do not use this space */
+#define SCTP_SOCKOPT_CONNECTX_OLD 107 /* CONNECTX old requests. */
+#define SCTP_GET_PEER_ADDRS 108 /* Get all peer address. */
+#define SCTP_GET_LOCAL_ADDRS 109 /* Get all local address. */
+#define SCTP_SOCKOPT_CONNECTX 110 /* CONNECTX requests. */
+#define SCTP_SOCKOPT_CONNECTX3 111 /* CONNECTX requests (updated) */
+#define SCTP_GET_ASSOC_STATS 112 /* Read only */
+#define SCTP_PR_SUPPORTED 113
+#define SCTP_DEFAULT_PRINFO 114
+#define SCTP_PR_ASSOC_STATUS 115
+#define SCTP_PR_STREAM_STATUS 116
+#define SCTP_RECONFIG_SUPPORTED 117
+#define SCTP_ENABLE_STREAM_RESET 118
+#define SCTP_RESET_STREAMS 119
+#define SCTP_RESET_ASSOC 120
+#define SCTP_ADD_STREAMS 121
+#define SCTP_SOCKOPT_PEELOFF_FLAGS 122
+
+/* PR-SCTP policies */
+#define SCTP_PR_SCTP_NONE 0x0000
+#define SCTP_PR_SCTP_TTL 0x0010
+#define SCTP_PR_SCTP_RTX 0x0020
+#define SCTP_PR_SCTP_PRIO 0x0030
+#define SCTP_PR_SCTP_MAX SCTP_PR_SCTP_PRIO
+#define SCTP_PR_SCTP_MASK 0x0030
+
+#define __SCTP_PR_INDEX(x) ((x >> 4) - 1)
+#define SCTP_PR_INDEX(x) __SCTP_PR_INDEX(SCTP_PR_SCTP_ ## x)
+
+#define SCTP_PR_POLICY(x) ((x) & SCTP_PR_SCTP_MASK)
+#define SCTP_PR_SET_POLICY(flags, x) \
+ do { \
+ flags &= ~SCTP_PR_SCTP_MASK; \
+ flags |= x; \
+ } while (0)
+
+#define SCTP_PR_TTL_ENABLED(x) (SCTP_PR_POLICY(x) == SCTP_PR_SCTP_TTL)
+#define SCTP_PR_RTX_ENABLED(x) (SCTP_PR_POLICY(x) == SCTP_PR_SCTP_RTX)
+#define SCTP_PR_PRIO_ENABLED(x) (SCTP_PR_POLICY(x) == SCTP_PR_SCTP_PRIO)
+
+/* For enable stream reset */
+#define SCTP_ENABLE_RESET_STREAM_REQ 0x01
+#define SCTP_ENABLE_RESET_ASSOC_REQ 0x02
+#define SCTP_ENABLE_CHANGE_ASSOC_REQ 0x04
+#define SCTP_ENABLE_STRRESET_MASK 0x07
+
+#define SCTP_STREAM_RESET_INCOMING 0x01
+#define SCTP_STREAM_RESET_OUTGOING 0x02
+
+/* These are bit fields for msghdr->msg_flags. See section 5.1. */
+/* On user space Linux, these live in <bits/socket.h> as an enum. */
+enum sctp_msg_flags {
+ MSG_NOTIFICATION = 0x8000,
+#define MSG_NOTIFICATION MSG_NOTIFICATION
+};
+
+/* 5.3.1 SCTP Initiation Structure (SCTP_INIT)
+ *
+ * This cmsghdr structure provides information for initializing new
+ * SCTP associations with sendmsg(). The SCTP_INITMSG socket option
+ * uses this same data structure. This structure is not used for
+ * recvmsg().
+ *
+ * cmsg_level cmsg_type cmsg_data[]
+ * ------------ ------------ ----------------------
+ * IPPROTO_SCTP SCTP_INIT struct sctp_initmsg
+ */
+struct sctp_initmsg {
+ __u16 sinit_num_ostreams;
+ __u16 sinit_max_instreams;
+ __u16 sinit_max_attempts;
+ __u16 sinit_max_init_timeo;
+};
+
+/* 5.3.2 SCTP Header Information Structure (SCTP_SNDRCV)
+ *
+ * This cmsghdr structure specifies SCTP options for sendmsg() and
+ * describes SCTP header information about a received message through
+ * recvmsg().
+ *
+ * cmsg_level cmsg_type cmsg_data[]
+ * ------------ ------------ ----------------------
+ * IPPROTO_SCTP SCTP_SNDRCV struct sctp_sndrcvinfo
+ */
+struct sctp_sndrcvinfo {
+ __u16 sinfo_stream;
+ __u16 sinfo_ssn;
+ __u16 sinfo_flags;
+ __u32 sinfo_ppid;
+ __u32 sinfo_context;
+ __u32 sinfo_timetolive;
+ __u32 sinfo_tsn;
+ __u32 sinfo_cumtsn;
+ sctp_assoc_t sinfo_assoc_id;
+};
+
+/* 5.3.4 SCTP Send Information Structure (SCTP_SNDINFO)
+ *
+ * This cmsghdr structure specifies SCTP options for sendmsg().
+ *
+ * cmsg_level cmsg_type cmsg_data[]
+ * ------------ ------------ -------------------
+ * IPPROTO_SCTP SCTP_SNDINFO struct sctp_sndinfo
+ */
+struct sctp_sndinfo {
+ __u16 snd_sid;
+ __u16 snd_flags;
+ __u32 snd_ppid;
+ __u32 snd_context;
+ sctp_assoc_t snd_assoc_id;
+};
+
+/* 5.3.5 SCTP Receive Information Structure (SCTP_RCVINFO)
+ *
+ * This cmsghdr structure describes SCTP receive information
+ * about a received message through recvmsg().
+ *
+ * cmsg_level cmsg_type cmsg_data[]
+ * ------------ ------------ -------------------
+ * IPPROTO_SCTP SCTP_RCVINFO struct sctp_rcvinfo
+ */
+struct sctp_rcvinfo {
+ __u16 rcv_sid;
+ __u16 rcv_ssn;
+ __u16 rcv_flags;
+ __u32 rcv_ppid;
+ __u32 rcv_tsn;
+ __u32 rcv_cumtsn;
+ __u32 rcv_context;
+ sctp_assoc_t rcv_assoc_id;
+};
+
+/* 5.3.6 SCTP Next Receive Information Structure (SCTP_NXTINFO)
+ *
+ * This cmsghdr structure describes SCTP receive information
+ * of the next message that will be delivered through recvmsg()
+ * if this information is already available when delivering
+ * the current message.
+ *
+ * cmsg_level cmsg_type cmsg_data[]
+ * ------------ ------------ -------------------
+ * IPPROTO_SCTP SCTP_NXTINFO struct sctp_nxtinfo
+ */
+struct sctp_nxtinfo {
+ __u16 nxt_sid;
+ __u16 nxt_flags;
+ __u32 nxt_ppid;
+ __u32 nxt_length;
+ sctp_assoc_t nxt_assoc_id;
+};
+
+/*
+ * sinfo_flags: 16 bits (unsigned integer)
+ *
+ * This field may contain any of the following flags and is composed of
+ * a bitwise OR of these values.
+ */
+enum sctp_sinfo_flags {
+ SCTP_UNORDERED = (1 << 0), /* Send/receive message unordered. */
+ SCTP_ADDR_OVER = (1 << 1), /* Override the primary destination. */
+ SCTP_ABORT = (1 << 2), /* Send an ABORT message to the peer. */
+ SCTP_SACK_IMMEDIATELY = (1 << 3), /* SACK should be sent without delay. */
+ SCTP_NOTIFICATION = MSG_NOTIFICATION, /* Next message is not user msg but notification. */
+ SCTP_EOF = MSG_FIN, /* Initiate graceful shutdown process. */
+};
+
+typedef union {
+ __u8 raw;
+ struct sctp_initmsg init;
+ struct sctp_sndrcvinfo sndrcv;
+} sctp_cmsg_data_t;
+
+/* These are cmsg_types. */
+typedef enum sctp_cmsg_type {
+ SCTP_INIT, /* 5.2.1 SCTP Initiation Structure */
+#define SCTP_INIT SCTP_INIT
+ SCTP_SNDRCV, /* 5.2.2 SCTP Header Information Structure */
+#define SCTP_SNDRCV SCTP_SNDRCV
+ SCTP_SNDINFO, /* 5.3.4 SCTP Send Information Structure */
+#define SCTP_SNDINFO SCTP_SNDINFO
+ SCTP_RCVINFO, /* 5.3.5 SCTP Receive Information Structure */
+#define SCTP_RCVINFO SCTP_RCVINFO
+ SCTP_NXTINFO, /* 5.3.6 SCTP Next Receive Information Structure */
+#define SCTP_NXTINFO SCTP_NXTINFO
+} sctp_cmsg_t;
+
+/*
+ * 5.3.1.1 SCTP_ASSOC_CHANGE
+ *
+ * Communication notifications inform the ULP that an SCTP association
+ * has either begun or ended. The identifier for a new association is
+ * provided by this notificaion. The notification information has the
+ * following format:
+ *
+ */
+struct sctp_assoc_change {
+ __u16 sac_type;
+ __u16 sac_flags;
+ __u32 sac_length;
+ __u16 sac_state;
+ __u16 sac_error;
+ __u16 sac_outbound_streams;
+ __u16 sac_inbound_streams;
+ sctp_assoc_t sac_assoc_id;
+ __u8 sac_info[0];
+};
+
+/*
+ * sac_state: 32 bits (signed integer)
+ *
+ * This field holds one of a number of values that communicate the
+ * event that happened to the association. They include:
+ *
+ * Note: The following state names deviate from the API draft as
+ * the names clash too easily with other kernel symbols.
+ */
+enum sctp_sac_state {
+ SCTP_COMM_UP,
+ SCTP_COMM_LOST,
+ SCTP_RESTART,
+ SCTP_SHUTDOWN_COMP,
+ SCTP_CANT_STR_ASSOC,
+};
+
+/*
+ * 5.3.1.2 SCTP_PEER_ADDR_CHANGE
+ *
+ * When a destination address on a multi-homed peer encounters a change
+ * an interface details event is sent. The information has the
+ * following structure:
+ */
+struct sctp_paddr_change {
+ __u16 spc_type;
+ __u16 spc_flags;
+ __u32 spc_length;
+ struct sockaddr_storage spc_aaddr;
+ int spc_state;
+ int spc_error;
+ sctp_assoc_t spc_assoc_id;
+} __attribute__((packed, aligned(4)));
+
+/*
+ * spc_state: 32 bits (signed integer)
+ *
+ * This field holds one of a number of values that communicate the
+ * event that happened to the address. They include:
+ */
+enum sctp_spc_state {
+ SCTP_ADDR_AVAILABLE,
+ SCTP_ADDR_UNREACHABLE,
+ SCTP_ADDR_REMOVED,
+ SCTP_ADDR_ADDED,
+ SCTP_ADDR_MADE_PRIM,
+ SCTP_ADDR_CONFIRMED,
+};
+
+
+/*
+ * 5.3.1.3 SCTP_REMOTE_ERROR
+ *
+ * A remote peer may send an Operational Error message to its peer.
+ * This message indicates a variety of error conditions on an
+ * association. The entire error TLV as it appears on the wire is
+ * included in a SCTP_REMOTE_ERROR event. Please refer to the SCTP
+ * specification [SCTP] and any extensions for a list of possible
+ * error formats. SCTP error TLVs have the format:
+ */
+struct sctp_remote_error {
+ __u16 sre_type;
+ __u16 sre_flags;
+ __u32 sre_length;
+ __be16 sre_error;
+ sctp_assoc_t sre_assoc_id;
+ __u8 sre_data[0];
+};
+
+
+/*
+ * 5.3.1.4 SCTP_SEND_FAILED
+ *
+ * If SCTP cannot deliver a message it may return the message as a
+ * notification.
+ */
+struct sctp_send_failed {
+ __u16 ssf_type;
+ __u16 ssf_flags;
+ __u32 ssf_length;
+ __u32 ssf_error;
+ struct sctp_sndrcvinfo ssf_info;
+ sctp_assoc_t ssf_assoc_id;
+ __u8 ssf_data[0];
+};
+
+/*
+ * ssf_flags: 16 bits (unsigned integer)
+ *
+ * The flag value will take one of the following values
+ *
+ * SCTP_DATA_UNSENT - Indicates that the data was never put on
+ * the wire.
+ *
+ * SCTP_DATA_SENT - Indicates that the data was put on the wire.
+ * Note that this does not necessarily mean that the
+ * data was (or was not) successfully delivered.
+ */
+enum sctp_ssf_flags {
+ SCTP_DATA_UNSENT,
+ SCTP_DATA_SENT,
+};
+
+/*
+ * 5.3.1.5 SCTP_SHUTDOWN_EVENT
+ *
+ * When a peer sends a SHUTDOWN, SCTP delivers this notification to
+ * inform the application that it should cease sending data.
+ */
+struct sctp_shutdown_event {
+ __u16 sse_type;
+ __u16 sse_flags;
+ __u32 sse_length;
+ sctp_assoc_t sse_assoc_id;
+};
+
+/*
+ * 5.3.1.6 SCTP_ADAPTATION_INDICATION
+ *
+ * When a peer sends a Adaptation Layer Indication parameter , SCTP
+ * delivers this notification to inform the application
+ * that of the peers requested adaptation layer.
+ */
+struct sctp_adaptation_event {
+ __u16 sai_type;
+ __u16 sai_flags;
+ __u32 sai_length;
+ __u32 sai_adaptation_ind;
+ sctp_assoc_t sai_assoc_id;
+};
+
+/*
+ * 5.3.1.7 SCTP_PARTIAL_DELIVERY_EVENT
+ *
+ * When a receiver is engaged in a partial delivery of a
+ * message this notification will be used to indicate
+ * various events.
+ */
+struct sctp_pdapi_event {
+ __u16 pdapi_type;
+ __u16 pdapi_flags;
+ __u32 pdapi_length;
+ __u32 pdapi_indication;
+ sctp_assoc_t pdapi_assoc_id;
+};
+
+enum { SCTP_PARTIAL_DELIVERY_ABORTED=0, };
+
+/*
+ * 5.3.1.8. SCTP_AUTHENTICATION_EVENT
+ *
+ * When a receiver is using authentication this message will provide
+ * notifications regarding new keys being made active as well as errors.
+ */
+struct sctp_authkey_event {
+ __u16 auth_type;
+ __u16 auth_flags;
+ __u32 auth_length;
+ __u16 auth_keynumber;
+ __u16 auth_altkeynumber;
+ __u32 auth_indication;
+ sctp_assoc_t auth_assoc_id;
+};
+
+enum { SCTP_AUTH_NEWKEY = 0, };
+
+/*
+ * 6.1.9. SCTP_SENDER_DRY_EVENT
+ *
+ * When the SCTP stack has no more user data to send or retransmit, this
+ * notification is given to the user. Also, at the time when a user app
+ * subscribes to this event, if there is no data to be sent or
+ * retransmit, the stack will immediately send up this notification.
+ */
+struct sctp_sender_dry_event {
+ __u16 sender_dry_type;
+ __u16 sender_dry_flags;
+ __u32 sender_dry_length;
+ sctp_assoc_t sender_dry_assoc_id;
+};
+
+#define SCTP_STREAM_RESET_INCOMING_SSN 0x0001
+#define SCTP_STREAM_RESET_OUTGOING_SSN 0x0002
+#define SCTP_STREAM_RESET_DENIED 0x0004
+#define SCTP_STREAM_RESET_FAILED 0x0008
+struct sctp_stream_reset_event {
+ __u16 strreset_type;
+ __u16 strreset_flags;
+ __u32 strreset_length;
+ sctp_assoc_t strreset_assoc_id;
+ __u16 strreset_stream_list[];
+};
+
+#define SCTP_ASSOC_RESET_DENIED 0x0004
+#define SCTP_ASSOC_RESET_FAILED 0x0008
+struct sctp_assoc_reset_event {
+ __u16 assocreset_type;
+ __u16 assocreset_flags;
+ __u32 assocreset_length;
+ sctp_assoc_t assocreset_assoc_id;
+ __u32 assocreset_local_tsn;
+ __u32 assocreset_remote_tsn;
+};
+
+#define SCTP_ASSOC_CHANGE_DENIED 0x0004
+#define SCTP_ASSOC_CHANGE_FAILED 0x0008
+struct sctp_stream_change_event {
+ __u16 strchange_type;
+ __u16 strchange_flags;
+ __u32 strchange_length;
+ sctp_assoc_t strchange_assoc_id;
+ __u16 strchange_instrms;
+ __u16 strchange_outstrms;
+};
+
+/*
+ * Described in Section 7.3
+ * Ancillary Data and Notification Interest Options
+ */
+struct sctp_event_subscribe {
+ __u8 sctp_data_io_event;
+ __u8 sctp_association_event;
+ __u8 sctp_address_event;
+ __u8 sctp_send_failure_event;
+ __u8 sctp_peer_error_event;
+ __u8 sctp_shutdown_event;
+ __u8 sctp_partial_delivery_event;
+ __u8 sctp_adaptation_layer_event;
+ __u8 sctp_authentication_event;
+ __u8 sctp_sender_dry_event;
+ __u8 sctp_stream_reset_event;
+ __u8 sctp_assoc_reset_event;
+ __u8 sctp_stream_change_event;
+};
+
+/*
+ * 5.3.1 SCTP Notification Structure
+ *
+ * The notification structure is defined as the union of all
+ * notification types.
+ *
+ */
+union sctp_notification {
+ struct {
+ __u16 sn_type; /* Notification type. */
+ __u16 sn_flags;
+ __u32 sn_length;
+ } sn_header;
+ struct sctp_assoc_change sn_assoc_change;
+ struct sctp_paddr_change sn_paddr_change;
+ struct sctp_remote_error sn_remote_error;
+ struct sctp_send_failed sn_send_failed;
+ struct sctp_shutdown_event sn_shutdown_event;
+ struct sctp_adaptation_event sn_adaptation_event;
+ struct sctp_pdapi_event sn_pdapi_event;
+ struct sctp_authkey_event sn_authkey_event;
+ struct sctp_sender_dry_event sn_sender_dry_event;
+ struct sctp_stream_reset_event sn_strreset_event;
+ struct sctp_assoc_reset_event sn_assocreset_event;
+ struct sctp_stream_change_event sn_strchange_event;
+};
+
+/* Section 5.3.1
+ * All standard values for sn_type flags are greater than 2^15.
+ * Values from 2^15 and down are reserved.
+ */
+
+enum sctp_sn_type {
+ SCTP_SN_TYPE_BASE = (1<<15),
+ SCTP_ASSOC_CHANGE,
+#define SCTP_ASSOC_CHANGE SCTP_ASSOC_CHANGE
+ SCTP_PEER_ADDR_CHANGE,
+#define SCTP_PEER_ADDR_CHANGE SCTP_PEER_ADDR_CHANGE
+ SCTP_SEND_FAILED,
+#define SCTP_SEND_FAILED SCTP_SEND_FAILED
+ SCTP_REMOTE_ERROR,
+#define SCTP_REMOTE_ERROR SCTP_REMOTE_ERROR
+ SCTP_SHUTDOWN_EVENT,
+#define SCTP_SHUTDOWN_EVENT SCTP_SHUTDOWN_EVENT
+ SCTP_PARTIAL_DELIVERY_EVENT,
+#define SCTP_PARTIAL_DELIVERY_EVENT SCTP_PARTIAL_DELIVERY_EVENT
+ SCTP_ADAPTATION_INDICATION,
+#define SCTP_ADAPTATION_INDICATION SCTP_ADAPTATION_INDICATION
+ SCTP_AUTHENTICATION_EVENT,
+#define SCTP_AUTHENTICATION_INDICATION SCTP_AUTHENTICATION_EVENT
+ SCTP_SENDER_DRY_EVENT,
+#define SCTP_SENDER_DRY_EVENT SCTP_SENDER_DRY_EVENT
+ SCTP_STREAM_RESET_EVENT,
+#define SCTP_STREAM_RESET_EVENT SCTP_STREAM_RESET_EVENT
+ SCTP_ASSOC_RESET_EVENT,
+#define SCTP_ASSOC_RESET_EVENT SCTP_ASSOC_RESET_EVENT
+ SCTP_STREAM_CHANGE_EVENT,
+#define SCTP_STREAM_CHANGE_EVENT SCTP_STREAM_CHANGE_EVENT
+};
+
+/* Notification error codes used to fill up the error fields in some
+ * notifications.
+ * SCTP_PEER_ADDRESS_CHAGE : spc_error
+ * SCTP_ASSOC_CHANGE : sac_error
+ * These names should be potentially included in the draft 04 of the SCTP
+ * sockets API specification.
+ */
+typedef enum sctp_sn_error {
+ SCTP_FAILED_THRESHOLD,
+ SCTP_RECEIVED_SACK,
+ SCTP_HEARTBEAT_SUCCESS,
+ SCTP_RESPONSE_TO_USER_REQ,
+ SCTP_INTERNAL_ERROR,
+ SCTP_SHUTDOWN_GUARD_EXPIRES,
+ SCTP_PEER_FAULTY,
+} sctp_sn_error_t;
+
+/*
+ * 7.1.1 Retransmission Timeout Parameters (SCTP_RTOINFO)
+ *
+ * The protocol parameters used to initialize and bound retransmission
+ * timeout (RTO) are tunable. See [SCTP] for more information on how
+ * these parameters are used in RTO calculation.
+ */
+struct sctp_rtoinfo {
+ sctp_assoc_t srto_assoc_id;
+ __u32 srto_initial;
+ __u32 srto_max;
+ __u32 srto_min;
+};
+
+/*
+ * 7.1.2 Association Parameters (SCTP_ASSOCINFO)
+ *
+ * This option is used to both examine and set various association and
+ * endpoint parameters.
+ */
+struct sctp_assocparams {
+ sctp_assoc_t sasoc_assoc_id;
+ __u16 sasoc_asocmaxrxt;
+ __u16 sasoc_number_peer_destinations;
+ __u32 sasoc_peer_rwnd;
+ __u32 sasoc_local_rwnd;
+ __u32 sasoc_cookie_life;
+};
+
+/*
+ * 7.1.9 Set Peer Primary Address (SCTP_SET_PEER_PRIMARY_ADDR)
+ *
+ * Requests that the peer mark the enclosed address as the association
+ * primary. The enclosed address must be one of the association's
+ * locally bound addresses. The following structure is used to make a
+ * set primary request:
+ */
+struct sctp_setpeerprim {
+ sctp_assoc_t sspp_assoc_id;
+ struct sockaddr_storage sspp_addr;
+} __attribute__((packed, aligned(4)));
+
+/*
+ * 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR)
+ *
+ * Requests that the local SCTP stack use the enclosed peer address as
+ * the association primary. The enclosed address must be one of the
+ * association peer's addresses. The following structure is used to
+ * make a set peer primary request:
+ */
+struct sctp_prim {
+ sctp_assoc_t ssp_assoc_id;
+ struct sockaddr_storage ssp_addr;
+} __attribute__((packed, aligned(4)));
+
+/* For backward compatibility use, define the old name too */
+#define sctp_setprim sctp_prim
+
+/*
+ * 7.1.11 Set Adaptation Layer Indicator (SCTP_ADAPTATION_LAYER)
+ *
+ * Requests that the local endpoint set the specified Adaptation Layer
+ * Indication parameter for all future INIT and INIT-ACK exchanges.
+ */
+struct sctp_setadaptation {
+ __u32 ssb_adaptation_ind;
+};
+
+/*
+ * 7.1.13 Peer Address Parameters (SCTP_PEER_ADDR_PARAMS)
+ *
+ * Applications can enable or disable heartbeats for any peer address
+ * of an association, modify an address's heartbeat interval, force a
+ * heartbeat to be sent immediately, and adjust the address's maximum
+ * number of retransmissions sent before an address is considered
+ * unreachable. The following structure is used to access and modify an
+ * address's parameters:
+ */
+enum sctp_spp_flags {
+ SPP_HB_ENABLE = 1<<0, /*Enable heartbeats*/
+ SPP_HB_DISABLE = 1<<1, /*Disable heartbeats*/
+ SPP_HB = SPP_HB_ENABLE | SPP_HB_DISABLE,
+ SPP_HB_DEMAND = 1<<2, /*Send heartbeat immediately*/
+ SPP_PMTUD_ENABLE = 1<<3, /*Enable PMTU discovery*/
+ SPP_PMTUD_DISABLE = 1<<4, /*Disable PMTU discovery*/
+ SPP_PMTUD = SPP_PMTUD_ENABLE | SPP_PMTUD_DISABLE,
+ SPP_SACKDELAY_ENABLE = 1<<5, /*Enable SACK*/
+ SPP_SACKDELAY_DISABLE = 1<<6, /*Disable SACK*/
+ SPP_SACKDELAY = SPP_SACKDELAY_ENABLE | SPP_SACKDELAY_DISABLE,
+ SPP_HB_TIME_IS_ZERO = 1<<7, /* Set HB delay to 0 */
+};
+
+struct sctp_paddrparams {
+ sctp_assoc_t spp_assoc_id;
+ struct sockaddr_storage spp_address;
+ __u32 spp_hbinterval;
+ __u16 spp_pathmaxrxt;
+ __u32 spp_pathmtu;
+ __u32 spp_sackdelay;
+ __u32 spp_flags;
+} __attribute__((packed, aligned(4)));
+
+/*
+ * 7.1.18. Add a chunk that must be authenticated (SCTP_AUTH_CHUNK)
+ *
+ * This set option adds a chunk type that the user is requesting to be
+ * received only in an authenticated way. Changes to the list of chunks
+ * will only effect future associations on the socket.
+ */
+struct sctp_authchunk {
+ __u8 sauth_chunk;
+};
+
+/*
+ * 7.1.19. Get or set the list of supported HMAC Identifiers (SCTP_HMAC_IDENT)
+ *
+ * This option gets or sets the list of HMAC algorithms that the local
+ * endpoint requires the peer to use.
+ */
+/* This here is only used by user space as is. It might not be a good idea
+ * to export/reveal the whole structure with reserved fields etc.
+ */
+enum {
+ SCTP_AUTH_HMAC_ID_SHA1 = 1,
+ SCTP_AUTH_HMAC_ID_SHA256 = 3,
+};
+
+struct sctp_hmacalgo {
+ __u32 shmac_num_idents;
+ __u16 shmac_idents[];
+};
+
+/* Sadly, user and kernel space have different names for
+ * this structure member, so this is to not break anything.
+ */
+#define shmac_number_of_idents shmac_num_idents
+
+/*
+ * 7.1.20. Set a shared key (SCTP_AUTH_KEY)
+ *
+ * This option will set a shared secret key which is used to build an
+ * association shared key.
+ */
+struct sctp_authkey {
+ sctp_assoc_t sca_assoc_id;
+ __u16 sca_keynumber;
+ __u16 sca_keylength;
+ __u8 sca_key[];
+};
+
+/*
+ * 7.1.21. Get or set the active shared key (SCTP_AUTH_ACTIVE_KEY)
+ *
+ * This option will get or set the active shared key to be used to build
+ * the association shared key.
+ */
+
+struct sctp_authkeyid {
+ sctp_assoc_t scact_assoc_id;
+ __u16 scact_keynumber;
+};
+
+
+/*
+ * 7.1.23. Get or set delayed ack timer (SCTP_DELAYED_SACK)
+ *
+ * This option will effect the way delayed acks are performed. This
+ * option allows you to get or set the delayed ack time, in
+ * milliseconds. It also allows changing the delayed ack frequency.
+ * Changing the frequency to 1 disables the delayed sack algorithm. If
+ * the assoc_id is 0, then this sets or gets the endpoints default
+ * values. If the assoc_id field is non-zero, then the set or get
+ * effects the specified association for the one to many model (the
+ * assoc_id field is ignored by the one to one model). Note that if
+ * sack_delay or sack_freq are 0 when setting this option, then the
+ * current values will remain unchanged.
+ */
+struct sctp_sack_info {
+ sctp_assoc_t sack_assoc_id;
+ uint32_t sack_delay;
+ uint32_t sack_freq;
+};
+
+struct sctp_assoc_value {
+ sctp_assoc_t assoc_id;
+ uint32_t assoc_value;
+};
+
+/*
+ * 7.2.2 Peer Address Information
+ *
+ * Applications can retrieve information about a specific peer address
+ * of an association, including its reachability state, congestion
+ * window, and retransmission timer values. This information is
+ * read-only. The following structure is used to access this
+ * information:
+ */
+struct sctp_paddrinfo {
+ sctp_assoc_t spinfo_assoc_id;
+ struct sockaddr_storage spinfo_address;
+ __s32 spinfo_state;
+ __u32 spinfo_cwnd;
+ __u32 spinfo_srtt;
+ __u32 spinfo_rto;
+ __u32 spinfo_mtu;
+} __attribute__((packed, aligned(4)));
+
+/* Peer addresses's state. */
+/* UNKNOWN: Peer address passed by the upper layer in sendmsg or connect[x]
+ * calls.
+ * UNCONFIRMED: Peer address received in INIT/INIT-ACK address parameters.
+ * Not yet confirmed by a heartbeat and not available for data
+ * transfers.
+ * ACTIVE : Peer address confirmed, active and available for data transfers.
+ * INACTIVE: Peer address inactive and not available for data transfers.
+ */
+enum sctp_spinfo_state {
+ SCTP_INACTIVE,
+ SCTP_PF,
+ SCTP_ACTIVE,
+ SCTP_UNCONFIRMED,
+ SCTP_UNKNOWN = 0xffff /* Value used for transport state unknown */
+};
+
+/*
+ * 7.2.1 Association Status (SCTP_STATUS)
+ *
+ * Applications can retrieve current status information about an
+ * association, including association state, peer receiver window size,
+ * number of unacked data chunks, and number of data chunks pending
+ * receipt. This information is read-only. The following structure is
+ * used to access this information:
+ */
+struct sctp_status {
+ sctp_assoc_t sstat_assoc_id;
+ __s32 sstat_state;
+ __u32 sstat_rwnd;
+ __u16 sstat_unackdata;
+ __u16 sstat_penddata;
+ __u16 sstat_instrms;
+ __u16 sstat_outstrms;
+ __u32 sstat_fragmentation_point;
+ struct sctp_paddrinfo sstat_primary;
+};
+
+/*
+ * 7.2.3. Get the list of chunks the peer requires to be authenticated
+ * (SCTP_PEER_AUTH_CHUNKS)
+ *
+ * This option gets a list of chunks for a specified association that
+ * the peer requires to be received authenticated only.
+ */
+struct sctp_authchunks {
+ sctp_assoc_t gauth_assoc_id;
+ __u32 gauth_number_of_chunks;
+ uint8_t gauth_chunks[];
+};
+
+/* The broken spelling has been released already in lksctp-tools header,
+ * so don't break anyone, now that it's fixed.
+ */
+#define guth_number_of_chunks gauth_number_of_chunks
+
+/* Association states. */
+enum sctp_sstat_state {
+ SCTP_EMPTY = 0,
+ SCTP_CLOSED = 1,
+ SCTP_COOKIE_WAIT = 2,
+ SCTP_COOKIE_ECHOED = 3,
+ SCTP_ESTABLISHED = 4,
+ SCTP_SHUTDOWN_PENDING = 5,
+ SCTP_SHUTDOWN_SENT = 6,
+ SCTP_SHUTDOWN_RECEIVED = 7,
+ SCTP_SHUTDOWN_ACK_SENT = 8,
+};
+
+/*
+ * 8.2.6. Get the Current Identifiers of Associations
+ * (SCTP_GET_ASSOC_ID_LIST)
+ *
+ * This option gets the current list of SCTP association identifiers of
+ * the SCTP associations handled by a one-to-many style socket.
+ */
+struct sctp_assoc_ids {
+ __u32 gaids_number_of_ids;
+ sctp_assoc_t gaids_assoc_id[];
+};
+
+/*
+ * 8.3, 8.5 get all peer/local addresses in an association.
+ * This parameter struct is used by SCTP_GET_PEER_ADDRS and
+ * SCTP_GET_LOCAL_ADDRS socket options used internally to implement
+ * sctp_getpaddrs() and sctp_getladdrs() API.
+ */
+struct sctp_getaddrs_old {
+ sctp_assoc_t assoc_id;
+ int addr_num;
+ struct sockaddr *addrs;
+};
+
+struct sctp_getaddrs {
+ sctp_assoc_t assoc_id; /*input*/
+ __u32 addr_num; /*output*/
+ __u8 addrs[0]; /*output, variable size*/
+};
+
+/* A socket user request obtained via SCTP_GET_ASSOC_STATS that retrieves
+ * association stats. All stats are counts except sas_maxrto and
+ * sas_obs_rto_ipaddr. maxrto is the max observed rto + transport since
+ * the last call. Will return 0 when RTO was not update since last call
+ */
+struct sctp_assoc_stats {
+ sctp_assoc_t sas_assoc_id; /* Input */
+ /* Transport of observed max RTO */
+ struct sockaddr_storage sas_obs_rto_ipaddr;
+ __u64 sas_maxrto; /* Maximum Observed RTO for period */
+ __u64 sas_isacks; /* SACKs received */
+ __u64 sas_osacks; /* SACKs sent */
+ __u64 sas_opackets; /* Packets sent */
+ __u64 sas_ipackets; /* Packets received */
+ __u64 sas_rtxchunks; /* Retransmitted Chunks */
+ __u64 sas_outofseqtsns;/* TSN received > next expected */
+ __u64 sas_idupchunks; /* Dups received (ordered+unordered) */
+ __u64 sas_gapcnt; /* Gap Acknowledgements Received */
+ __u64 sas_ouodchunks; /* Unordered data chunks sent */
+ __u64 sas_iuodchunks; /* Unordered data chunks received */
+ __u64 sas_oodchunks; /* Ordered data chunks sent */
+ __u64 sas_iodchunks; /* Ordered data chunks received */
+ __u64 sas_octrlchunks; /* Control chunks sent */
+ __u64 sas_ictrlchunks; /* Control chunks received */
+};
+
+/*
+ * 8.1 sctp_bindx()
+ *
+ * The flags parameter is formed from the bitwise OR of zero or more of the
+ * following currently defined flags:
+ */
+#define SCTP_BINDX_ADD_ADDR 0x01
+#define SCTP_BINDX_REM_ADDR 0x02
+
+/* This is the structure that is passed as an argument(optval) to
+ * getsockopt(SCTP_SOCKOPT_PEELOFF).
+ */
+typedef struct {
+ sctp_assoc_t associd;
+ int sd;
+} sctp_peeloff_arg_t;
+
+typedef struct {
+ sctp_peeloff_arg_t p_arg;
+ unsigned flags;
+} sctp_peeloff_flags_arg_t;
+
+/*
+ * Peer Address Thresholds socket option
+ */
+struct sctp_paddrthlds {
+ sctp_assoc_t spt_assoc_id;
+ struct sockaddr_storage spt_address;
+ __u16 spt_pathmaxrxt;
+ __u16 spt_pathpfthld;
+};
+
+/*
+ * Socket Option for Getting the Association/Stream-Specific PR-SCTP Status
+ */
+struct sctp_prstatus {
+ sctp_assoc_t sprstat_assoc_id;
+ __u16 sprstat_sid;
+ __u16 sprstat_policy;
+ __u64 sprstat_abandoned_unsent;
+ __u64 sprstat_abandoned_sent;
+};
+
+struct sctp_default_prinfo {
+ sctp_assoc_t pr_assoc_id;
+ __u32 pr_value;
+ __u16 pr_policy;
+};
+
+struct sctp_info {
+ __u32 sctpi_tag;
+ __u32 sctpi_state;
+ __u32 sctpi_rwnd;
+ __u16 sctpi_unackdata;
+ __u16 sctpi_penddata;
+ __u16 sctpi_instrms;
+ __u16 sctpi_outstrms;
+ __u32 sctpi_fragmentation_point;
+ __u32 sctpi_inqueue;
+ __u32 sctpi_outqueue;
+ __u32 sctpi_overall_error;
+ __u32 sctpi_max_burst;
+ __u32 sctpi_maxseg;
+ __u32 sctpi_peer_rwnd;
+ __u32 sctpi_peer_tag;
+ __u8 sctpi_peer_capable;
+ __u8 sctpi_peer_sack;
+ __u16 __reserved1;
+
+ /* assoc status info */
+ __u64 sctpi_isacks;
+ __u64 sctpi_osacks;
+ __u64 sctpi_opackets;
+ __u64 sctpi_ipackets;
+ __u64 sctpi_rtxchunks;
+ __u64 sctpi_outofseqtsns;
+ __u64 sctpi_idupchunks;
+ __u64 sctpi_gapcnt;
+ __u64 sctpi_ouodchunks;
+ __u64 sctpi_iuodchunks;
+ __u64 sctpi_oodchunks;
+ __u64 sctpi_iodchunks;
+ __u64 sctpi_octrlchunks;
+ __u64 sctpi_ictrlchunks;
+
+ /* primary transport info */
+ struct sockaddr_storage sctpi_p_address;
+ __s32 sctpi_p_state;
+ __u32 sctpi_p_cwnd;
+ __u32 sctpi_p_srtt;
+ __u32 sctpi_p_rto;
+ __u32 sctpi_p_hbinterval;
+ __u32 sctpi_p_pathmaxrxt;
+ __u32 sctpi_p_sackdelay;
+ __u32 sctpi_p_sackfreq;
+ __u32 sctpi_p_ssthresh;
+ __u32 sctpi_p_partial_bytes_acked;
+ __u32 sctpi_p_flight_size;
+ __u16 sctpi_p_error;
+ __u16 __reserved2;
+
+ /* sctp sock info */
+ __u32 sctpi_s_autoclose;
+ __u32 sctpi_s_adaptation_ind;
+ __u32 sctpi_s_pd_point;
+ __u8 sctpi_s_nodelay;
+ __u8 sctpi_s_disable_fragments;
+ __u8 sctpi_s_v4mapped;
+ __u8 sctpi_s_frag_interleave;
+ __u32 sctpi_s_type;
+ __u32 __reserved3;
+};
+
+struct sctp_reset_streams {
+ sctp_assoc_t srs_assoc_id;
+ uint16_t srs_flags;
+ uint16_t srs_number_streams; /* 0 == ALL */
+ uint16_t srs_stream_list[]; /* list if srs_num_streams is not 0 */
+};
+
+struct sctp_add_streams {
+ sctp_assoc_t sas_assoc_id;
+ uint16_t sas_instrms;
+ uint16_t sas_outstrms;
+};
+
+#endif /* _SCTP_H */
diff --git a/include/uapi/linux/seg6.h b/include/uapi/linux/seg6.h
new file mode 100644
index 0000000..3f7be85
--- /dev/null
+++ b/include/uapi/linux/seg6.h
@@ -0,0 +1,55 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * SR-IPv6 implementation
+ *
+ * Author:
+ * David Lebrun <david.lebrun@uclouvain.be>
+ *
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_SEG6_H
+#define _LINUX_SEG6_H
+
+#include <linux/types.h>
+#include <linux/in6.h> /* For struct in6_addr. */
+
+/*
+ * SRH
+ */
+struct ipv6_sr_hdr {
+ __u8 nexthdr;
+ __u8 hdrlen;
+ __u8 type;
+ __u8 segments_left;
+ __u8 first_segment;
+ __u8 flags;
+ __u16 reserved;
+
+ struct in6_addr segments[0];
+};
+
+#define SR6_FLAG1_PROTECTED (1 << 6)
+#define SR6_FLAG1_OAM (1 << 5)
+#define SR6_FLAG1_ALERT (1 << 4)
+#define SR6_FLAG1_HMAC (1 << 3)
+
+#define SR6_TLV_INGRESS 1
+#define SR6_TLV_EGRESS 2
+#define SR6_TLV_OPAQUE 3
+#define SR6_TLV_PADDING 4
+#define SR6_TLV_HMAC 5
+
+#define sr_has_hmac(srh) ((srh)->flags & SR6_FLAG1_HMAC)
+
+struct sr6_tlv {
+ __u8 type;
+ __u8 len;
+ __u8 data[0];
+};
+
+#endif
diff --git a/include/uapi/linux/seg6_genl.h b/include/uapi/linux/seg6_genl.h
new file mode 100644
index 0000000..0c23052
--- /dev/null
+++ b/include/uapi/linux/seg6_genl.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_SEG6_GENL_H
+#define _LINUX_SEG6_GENL_H
+
+#define SEG6_GENL_NAME "SEG6"
+#define SEG6_GENL_VERSION 0x1
+
+enum {
+ SEG6_ATTR_UNSPEC,
+ SEG6_ATTR_DST,
+ SEG6_ATTR_DSTLEN,
+ SEG6_ATTR_HMACKEYID,
+ SEG6_ATTR_SECRET,
+ SEG6_ATTR_SECRETLEN,
+ SEG6_ATTR_ALGID,
+ SEG6_ATTR_HMACINFO,
+ __SEG6_ATTR_MAX,
+};
+
+#define SEG6_ATTR_MAX (__SEG6_ATTR_MAX - 1)
+
+enum {
+ SEG6_CMD_UNSPEC,
+ SEG6_CMD_SETHMAC,
+ SEG6_CMD_DUMPHMAC,
+ SEG6_CMD_SET_TUNSRC,
+ SEG6_CMD_GET_TUNSRC,
+ __SEG6_CMD_MAX,
+};
+
+#define SEG6_CMD_MAX (__SEG6_CMD_MAX - 1)
+
+#endif
diff --git a/include/uapi/linux/seg6_hmac.h b/include/uapi/linux/seg6_hmac.h
new file mode 100644
index 0000000..3fb3412
--- /dev/null
+++ b/include/uapi/linux/seg6_hmac.h
@@ -0,0 +1,23 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_SEG6_HMAC_H
+#define _LINUX_SEG6_HMAC_H
+
+#include <linux/types.h>
+#include <linux/seg6.h>
+
+#define SEG6_HMAC_SECRET_LEN 64
+#define SEG6_HMAC_FIELD_LEN 32
+
+struct sr6_tlv_hmac {
+ struct sr6_tlv tlvhdr;
+ __u16 reserved;
+ __be32 hmackeyid;
+ __u8 hmac[SEG6_HMAC_FIELD_LEN];
+};
+
+enum {
+ SEG6_HMAC_ALGO_SHA1 = 1,
+ SEG6_HMAC_ALGO_SHA256 = 2,
+};
+
+#endif
diff --git a/include/uapi/linux/seg6_iptunnel.h b/include/uapi/linux/seg6_iptunnel.h
new file mode 100644
index 0000000..3004e98
--- /dev/null
+++ b/include/uapi/linux/seg6_iptunnel.h
@@ -0,0 +1,41 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * SR-IPv6 implementation
+ *
+ * Author:
+ * David Lebrun <david.lebrun@uclouvain.be>
+ *
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_SEG6_IPTUNNEL_H
+#define _LINUX_SEG6_IPTUNNEL_H
+
+#include <linux/seg6.h> /* For struct ipv6_sr_hdr. */
+
+enum {
+ SEG6_IPTUNNEL_UNSPEC,
+ SEG6_IPTUNNEL_SRH,
+ __SEG6_IPTUNNEL_MAX,
+};
+#define SEG6_IPTUNNEL_MAX (__SEG6_IPTUNNEL_MAX - 1)
+
+struct seg6_iptunnel_encap {
+ int mode;
+ struct ipv6_sr_hdr srh[0];
+};
+
+#define SEG6_IPTUN_ENCAP_SIZE(x) ((sizeof(*x)) + (((x)->srh->hdrlen + 1) << 3))
+
+enum {
+ SEG6_IPTUN_MODE_INLINE,
+ SEG6_IPTUN_MODE_ENCAP,
+ SEG6_IPTUN_MODE_L2ENCAP,
+};
+
+
+#endif
diff --git a/include/uapi/linux/seg6_local.h b/include/uapi/linux/seg6_local.h
new file mode 100644
index 0000000..76b90d6
--- /dev/null
+++ b/include/uapi/linux/seg6_local.h
@@ -0,0 +1,68 @@
+/*
+ * SR-IPv6 implementation
+ *
+ * Author:
+ * David Lebrun <david.lebrun@uclouvain.be>
+ *
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_SEG6_LOCAL_H
+#define _LINUX_SEG6_LOCAL_H
+
+#include <linux/seg6.h>
+
+enum {
+ SEG6_LOCAL_UNSPEC,
+ SEG6_LOCAL_ACTION,
+ SEG6_LOCAL_SRH,
+ SEG6_LOCAL_TABLE,
+ SEG6_LOCAL_NH4,
+ SEG6_LOCAL_NH6,
+ SEG6_LOCAL_IIF,
+ SEG6_LOCAL_OIF,
+ __SEG6_LOCAL_MAX,
+};
+#define SEG6_LOCAL_MAX (__SEG6_LOCAL_MAX - 1)
+
+enum {
+ SEG6_LOCAL_ACTION_UNSPEC = 0,
+ /* node segment */
+ SEG6_LOCAL_ACTION_END = 1,
+ /* adjacency segment (IPv6 cross-connect) */
+ SEG6_LOCAL_ACTION_END_X = 2,
+ /* lookup of next seg NH in table */
+ SEG6_LOCAL_ACTION_END_T = 3,
+ /* decap and L2 cross-connect */
+ SEG6_LOCAL_ACTION_END_DX2 = 4,
+ /* decap and IPv6 cross-connect */
+ SEG6_LOCAL_ACTION_END_DX6 = 5,
+ /* decap and IPv4 cross-connect */
+ SEG6_LOCAL_ACTION_END_DX4 = 6,
+ /* decap and lookup of DA in v6 table */
+ SEG6_LOCAL_ACTION_END_DT6 = 7,
+ /* decap and lookup of DA in v4 table */
+ SEG6_LOCAL_ACTION_END_DT4 = 8,
+ /* binding segment with insertion */
+ SEG6_LOCAL_ACTION_END_B6 = 9,
+ /* binding segment with encapsulation */
+ SEG6_LOCAL_ACTION_END_B6_ENCAP = 10,
+ /* binding segment with MPLS encap */
+ SEG6_LOCAL_ACTION_END_BM = 11,
+ /* lookup last seg in table */
+ SEG6_LOCAL_ACTION_END_S = 12,
+ /* forward to SR-unaware VNF with static proxy */
+ SEG6_LOCAL_ACTION_END_AS = 13,
+ /* forward to SR-unaware VNF with masquerading */
+ SEG6_LOCAL_ACTION_END_AM = 14,
+
+ __SEG6_LOCAL_ACTION_MAX,
+};
+
+#define SEG6_LOCAL_ACTION_MAX (__SEG6_LOCAL_ACTION_MAX - 1)
+
+#endif
diff --git a/include/linux/sock_diag.h b/include/uapi/linux/sock_diag.h
similarity index 88%
rename from include/linux/sock_diag.h
rename to include/uapi/linux/sock_diag.h
index dafcb89..a69cf20 100644
--- a/include/linux/sock_diag.h
+++ b/include/uapi/linux/sock_diag.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __SOCK_DIAG_H__
#define __SOCK_DIAG_H__
@@ -20,6 +21,7 @@
SK_MEMINFO_WMEM_QUEUED,
SK_MEMINFO_OPTMEM,
SK_MEMINFO_BACKLOG,
+ SK_MEMINFO_DROPS,
SK_MEMINFO_VARS,
};
diff --git a/include/uapi/linux/socket.h b/include/uapi/linux/socket.h
new file mode 100644
index 0000000..268b948
--- /dev/null
+++ b/include/uapi/linux/socket.h
@@ -0,0 +1,22 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_SOCKET_H
+#define _LINUX_SOCKET_H
+
+/*
+ * Desired design of maximum size and alignment (see RFC2553)
+ */
+#define _K_SS_MAXSIZE 128 /* Implementation specific max size */
+#define _K_SS_ALIGNSIZE (__alignof__ (struct sockaddr *))
+ /* Implementation specific desired alignment */
+
+typedef unsigned short __kernel_sa_family_t;
+
+struct __kernel_sockaddr_storage {
+ __kernel_sa_family_t ss_family; /* address family */
+ /* Following field(s) are implementation specific */
+ char __data[_K_SS_MAXSIZE - sizeof(unsigned short)];
+ /* space to achieve desired size, */
+ /* _SS_MAXSIZE value minus size of ss_family */
+} __attribute__ ((aligned(_K_SS_ALIGNSIZE))); /* force desired alignment */
+
+#endif /* _LINUX_SOCKET_H */
diff --git a/include/uapi/linux/sockios.h b/include/uapi/linux/sockios.h
new file mode 100644
index 0000000..d393e9e
--- /dev/null
+++ b/include/uapi/linux/sockios.h
@@ -0,0 +1,153 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * INET An implementation of the TCP/IP protocol suite for the LINUX
+ * operating system. INET is implemented using the BSD Socket
+ * interface as the means of communication with the user level.
+ *
+ * Definitions of the socket-level I/O control calls.
+ *
+ * Version: @(#)sockios.h 1.0.2 03/09/93
+ *
+ * Authors: Ross Biro
+ * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+#ifndef _LINUX_SOCKIOS_H
+#define _LINUX_SOCKIOS_H
+
+#include <asm/sockios.h>
+
+/* Linux-specific socket ioctls */
+#define SIOCINQ FIONREAD
+#define SIOCOUTQ TIOCOUTQ /* output queue size (not sent + not acked) */
+
+#define SOCK_IOC_TYPE 0x89
+
+/* Routing table calls. */
+#define SIOCADDRT 0x890B /* add routing table entry */
+#define SIOCDELRT 0x890C /* delete routing table entry */
+#define SIOCRTMSG 0x890D /* unused */
+
+/* Socket configuration controls. */
+#define SIOCGIFNAME 0x8910 /* get iface name */
+#define SIOCSIFLINK 0x8911 /* set iface channel */
+#define SIOCGIFCONF 0x8912 /* get iface list */
+#define SIOCGIFFLAGS 0x8913 /* get flags */
+#define SIOCSIFFLAGS 0x8914 /* set flags */
+#define SIOCGIFADDR 0x8915 /* get PA address */
+#define SIOCSIFADDR 0x8916 /* set PA address */
+#define SIOCGIFDSTADDR 0x8917 /* get remote PA address */
+#define SIOCSIFDSTADDR 0x8918 /* set remote PA address */
+#define SIOCGIFBRDADDR 0x8919 /* get broadcast PA address */
+#define SIOCSIFBRDADDR 0x891a /* set broadcast PA address */
+#define SIOCGIFNETMASK 0x891b /* get network PA mask */
+#define SIOCSIFNETMASK 0x891c /* set network PA mask */
+#define SIOCGIFMETRIC 0x891d /* get metric */
+#define SIOCSIFMETRIC 0x891e /* set metric */
+#define SIOCGIFMEM 0x891f /* get memory address (BSD) */
+#define SIOCSIFMEM 0x8920 /* set memory address (BSD) */
+#define SIOCGIFMTU 0x8921 /* get MTU size */
+#define SIOCSIFMTU 0x8922 /* set MTU size */
+#define SIOCSIFNAME 0x8923 /* set interface name */
+#define SIOCSIFHWADDR 0x8924 /* set hardware address */
+#define SIOCGIFENCAP 0x8925 /* get/set encapsulations */
+#define SIOCSIFENCAP 0x8926
+#define SIOCGIFHWADDR 0x8927 /* Get hardware address */
+#define SIOCGIFSLAVE 0x8929 /* Driver slaving support */
+#define SIOCSIFSLAVE 0x8930
+#define SIOCADDMULTI 0x8931 /* Multicast address lists */
+#define SIOCDELMULTI 0x8932
+#define SIOCGIFINDEX 0x8933 /* name -> if_index mapping */
+#define SIOGIFINDEX SIOCGIFINDEX /* misprint compatibility :-) */
+#define SIOCSIFPFLAGS 0x8934 /* set/get extended flags set */
+#define SIOCGIFPFLAGS 0x8935
+#define SIOCDIFADDR 0x8936 /* delete PA address */
+#define SIOCSIFHWBROADCAST 0x8937 /* set hardware broadcast addr */
+#define SIOCGIFCOUNT 0x8938 /* get number of devices */
+
+#define SIOCGIFBR 0x8940 /* Bridging support */
+#define SIOCSIFBR 0x8941 /* Set bridging options */
+
+#define SIOCGIFTXQLEN 0x8942 /* Get the tx queue length */
+#define SIOCSIFTXQLEN 0x8943 /* Set the tx queue length */
+
+/* SIOCGIFDIVERT was: 0x8944 Frame diversion support */
+/* SIOCSIFDIVERT was: 0x8945 Set frame diversion options */
+
+#define SIOCETHTOOL 0x8946 /* Ethtool interface */
+
+#define SIOCGMIIPHY 0x8947 /* Get address of MII PHY in use. */
+#define SIOCGMIIREG 0x8948 /* Read MII PHY register. */
+#define SIOCSMIIREG 0x8949 /* Write MII PHY register. */
+
+#define SIOCWANDEV 0x894A /* get/set netdev parameters */
+
+#define SIOCOUTQNSD 0x894B /* output queue size (not sent only) */
+#define SIOCGSKNS 0x894C /* get socket network namespace */
+
+/* ARP cache control calls. */
+ /* 0x8950 - 0x8952 * obsolete calls, don't re-use */
+#define SIOCDARP 0x8953 /* delete ARP table entry */
+#define SIOCGARP 0x8954 /* get ARP table entry */
+#define SIOCSARP 0x8955 /* set ARP table entry */
+
+/* RARP cache control calls. */
+#define SIOCDRARP 0x8960 /* delete RARP table entry */
+#define SIOCGRARP 0x8961 /* get RARP table entry */
+#define SIOCSRARP 0x8962 /* set RARP table entry */
+
+/* Driver configuration calls */
+
+#define SIOCGIFMAP 0x8970 /* Get device parameters */
+#define SIOCSIFMAP 0x8971 /* Set device parameters */
+
+/* DLCI configuration calls */
+
+#define SIOCADDDLCI 0x8980 /* Create new DLCI device */
+#define SIOCDELDLCI 0x8981 /* Delete DLCI device */
+
+#define SIOCGIFVLAN 0x8982 /* 802.1Q VLAN support */
+#define SIOCSIFVLAN 0x8983 /* Set 802.1Q VLAN options */
+
+/* bonding calls */
+
+#define SIOCBONDENSLAVE 0x8990 /* enslave a device to the bond */
+#define SIOCBONDRELEASE 0x8991 /* release a slave from the bond*/
+#define SIOCBONDSETHWADDR 0x8992 /* set the hw addr of the bond */
+#define SIOCBONDSLAVEINFOQUERY 0x8993 /* rtn info about slave state */
+#define SIOCBONDINFOQUERY 0x8994 /* rtn info about bond state */
+#define SIOCBONDCHANGEACTIVE 0x8995 /* update to a new active slave */
+
+/* bridge calls */
+#define SIOCBRADDBR 0x89a0 /* create new bridge device */
+#define SIOCBRDELBR 0x89a1 /* remove bridge device */
+#define SIOCBRADDIF 0x89a2 /* add interface to bridge */
+#define SIOCBRDELIF 0x89a3 /* remove interface from bridge */
+
+/* hardware time stamping: parameters in linux/net_tstamp.h */
+#define SIOCSHWTSTAMP 0x89b0 /* set and get config */
+#define SIOCGHWTSTAMP 0x89b1 /* get config */
+
+/* Device private ioctl calls */
+
+/*
+ * These 16 ioctls are available to devices via the do_ioctl() device
+ * vector. Each device should include this file and redefine these names
+ * as their own. Because these are device dependent it is a good idea
+ * _NOT_ to issue them to random objects and hope.
+ *
+ * THESE IOCTLS ARE _DEPRECATED_ AND WILL DISAPPEAR IN 2.5.X -DaveM
+ */
+
+#define SIOCDEVPRIVATE 0x89F0 /* to 89FF */
+
+/*
+ * These 16 ioctl calls are protocol private
+ */
+
+#define SIOCPROTOPRIVATE 0x89E0 /* to 89EF */
+#endif /* _LINUX_SOCKIOS_H */
diff --git a/include/uapi/linux/stddef.h b/include/uapi/linux/stddef.h
new file mode 100644
index 0000000..23e025f
--- /dev/null
+++ b/include/uapi/linux/stddef.h
@@ -0,0 +1,6 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+
+
+#ifndef __always_inline
+#define __always_inline __inline__
+#endif
diff --git a/include/uapi/linux/sysinfo.h b/include/uapi/linux/sysinfo.h
new file mode 100644
index 0000000..435d5c2
--- /dev/null
+++ b/include/uapi/linux/sysinfo.h
@@ -0,0 +1,25 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_SYSINFO_H
+#define _LINUX_SYSINFO_H
+
+#include <linux/types.h>
+
+#define SI_LOAD_SHIFT 16
+struct sysinfo {
+ __kernel_long_t uptime; /* Seconds since boot */
+ __kernel_ulong_t loads[3]; /* 1, 5, and 15 minute load averages */
+ __kernel_ulong_t totalram; /* Total usable main memory size */
+ __kernel_ulong_t freeram; /* Available memory size */
+ __kernel_ulong_t sharedram; /* Amount of shared memory */
+ __kernel_ulong_t bufferram; /* Memory used by buffers */
+ __kernel_ulong_t totalswap; /* Total swap space size */
+ __kernel_ulong_t freeswap; /* swap space still available */
+ __u16 procs; /* Number of current processes */
+ __u16 pad; /* Explicit padding for m68k */
+ __kernel_ulong_t totalhigh; /* Total high memory size */
+ __kernel_ulong_t freehigh; /* Available high memory size */
+ __u32 mem_unit; /* Memory unit size in bytes */
+ char _f[20-2*sizeof(__kernel_ulong_t)-sizeof(__u32)]; /* Padding: libc5 uses this.. */
+};
+
+#endif /* _LINUX_SYSINFO_H */
diff --git a/include/linux/tc_act/tc_bpf.h b/include/uapi/linux/tc_act/tc_bpf.h
similarity index 84%
rename from include/linux/tc_act/tc_bpf.h
rename to include/uapi/linux/tc_act/tc_bpf.h
index 07f17cc..6e89a5d 100644
--- a/include/linux/tc_act/tc_bpf.h
+++ b/include/uapi/linux/tc_act/tc_bpf.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
*
@@ -26,6 +27,9 @@
TCA_ACT_BPF_OPS,
TCA_ACT_BPF_FD,
TCA_ACT_BPF_NAME,
+ TCA_ACT_BPF_PAD,
+ TCA_ACT_BPF_TAG,
+ TCA_ACT_BPF_ID,
__TCA_ACT_BPF_MAX,
};
#define TCA_ACT_BPF_MAX (__TCA_ACT_BPF_MAX - 1)
diff --git a/include/linux/tc_act/tc_connmark.h b/include/uapi/linux/tc_act/tc_connmark.h
similarity index 80%
rename from include/linux/tc_act/tc_connmark.h
rename to include/uapi/linux/tc_act/tc_connmark.h
index 994b097..80caa47 100644
--- a/include/linux/tc_act/tc_connmark.h
+++ b/include/uapi/linux/tc_act/tc_connmark.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __UAPI_TC_CONNMARK_H
#define __UAPI_TC_CONNMARK_H
@@ -15,6 +16,7 @@
TCA_CONNMARK_UNSPEC,
TCA_CONNMARK_PARMS,
TCA_CONNMARK_TM,
+ TCA_CONNMARK_PAD,
__TCA_CONNMARK_MAX
};
#define TCA_CONNMARK_MAX (__TCA_CONNMARK_MAX - 1)
diff --git a/include/linux/tc_act/tc_csum.h b/include/uapi/linux/tc_act/tc_csum.h
similarity index 77%
rename from include/linux/tc_act/tc_csum.h
rename to include/uapi/linux/tc_act/tc_csum.h
index a047c49..0ecf4d2 100644
--- a/include/linux/tc_act/tc_csum.h
+++ b/include/uapi/linux/tc_act/tc_csum.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_CSUM_H
#define __LINUX_TC_CSUM_H
@@ -10,6 +11,7 @@
TCA_CSUM_UNSPEC,
TCA_CSUM_PARMS,
TCA_CSUM_TM,
+ TCA_CSUM_PAD,
__TCA_CSUM_MAX
};
#define TCA_CSUM_MAX (__TCA_CSUM_MAX - 1)
@@ -20,7 +22,8 @@
TCA_CSUM_UPDATE_FLAG_IGMP = 4,
TCA_CSUM_UPDATE_FLAG_TCP = 8,
TCA_CSUM_UPDATE_FLAG_UDP = 16,
- TCA_CSUM_UPDATE_FLAG_UDPLITE = 32
+ TCA_CSUM_UPDATE_FLAG_UDPLITE = 32,
+ TCA_CSUM_UPDATE_FLAG_SCTP = 64,
};
struct tc_csum {
diff --git a/include/linux/tc_act/tc_defact.h b/include/uapi/linux/tc_act/tc_defact.h
similarity index 76%
rename from include/linux/tc_act/tc_defact.h
rename to include/uapi/linux/tc_act/tc_defact.h
index 17dddb4..e3ecd8b 100644
--- a/include/linux/tc_act/tc_defact.h
+++ b/include/uapi/linux/tc_act/tc_defact.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_DEF_H
#define __LINUX_TC_DEF_H
@@ -12,6 +13,7 @@
TCA_DEF_TM,
TCA_DEF_PARMS,
TCA_DEF_DATA,
+ TCA_DEF_PAD,
__TCA_DEF_MAX
};
#define TCA_DEF_MAX (__TCA_DEF_MAX - 1)
diff --git a/include/linux/tc_act/tc_gact.h b/include/uapi/linux/tc_act/tc_gact.h
similarity index 87%
rename from include/linux/tc_act/tc_gact.h
rename to include/uapi/linux/tc_act/tc_gact.h
index f7bf94e..94273c3 100644
--- a/include/linux/tc_act/tc_gact.h
+++ b/include/uapi/linux/tc_act/tc_gact.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_GACT_H
#define __LINUX_TC_GACT_H
@@ -25,6 +26,7 @@
TCA_GACT_TM,
TCA_GACT_PARMS,
TCA_GACT_PROB,
+ TCA_GACT_PAD,
__TCA_GACT_MAX
};
#define TCA_GACT_MAX (__TCA_GACT_MAX - 1)
diff --git a/include/uapi/linux/tc_act/tc_ife.h b/include/uapi/linux/tc_act/tc_ife.h
new file mode 100644
index 0000000..2f48490
--- /dev/null
+++ b/include/uapi/linux/tc_act/tc_ife.h
@@ -0,0 +1,33 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef __UAPI_TC_IFE_H
+#define __UAPI_TC_IFE_H
+
+#include <linux/types.h>
+#include <linux/pkt_cls.h>
+#include <linux/ife.h>
+
+#define TCA_ACT_IFE 25
+/* Flag bits for now just encoding/decoding; mutually exclusive */
+#define IFE_ENCODE 1
+#define IFE_DECODE 0
+
+struct tc_ife {
+ tc_gen;
+ __u16 flags;
+};
+
+/*XXX: We need to encode the total number of bytes consumed */
+enum {
+ TCA_IFE_UNSPEC,
+ TCA_IFE_PARMS,
+ TCA_IFE_TM,
+ TCA_IFE_DMAC,
+ TCA_IFE_SMAC,
+ TCA_IFE_TYPE,
+ TCA_IFE_METALST,
+ TCA_IFE_PAD,
+ __TCA_IFE_MAX
+};
+#define TCA_IFE_MAX (__TCA_IFE_MAX - 1)
+
+#endif
diff --git a/include/linux/tc_act/tc_ipt.h b/include/uapi/linux/tc_act/tc_ipt.h
similarity index 83%
rename from include/linux/tc_act/tc_ipt.h
rename to include/uapi/linux/tc_act/tc_ipt.h
index 130aaad..b743c8b 100644
--- a/include/linux/tc_act/tc_ipt.h
+++ b/include/uapi/linux/tc_act/tc_ipt.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_IPT_H
#define __LINUX_TC_IPT_H
@@ -14,6 +15,7 @@
TCA_IPT_CNT,
TCA_IPT_TM,
TCA_IPT_TARG,
+ TCA_IPT_PAD,
__TCA_IPT_MAX
};
#define TCA_IPT_MAX (__TCA_IPT_MAX - 1)
diff --git a/include/linux/tc_act/tc_mirred.h b/include/uapi/linux/tc_act/tc_mirred.h
similarity index 91%
rename from include/linux/tc_act/tc_mirred.h
rename to include/uapi/linux/tc_act/tc_mirred.h
index 7561750..020696e 100644
--- a/include/linux/tc_act/tc_mirred.h
+++ b/include/uapi/linux/tc_act/tc_mirred.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_MIR_H
#define __LINUX_TC_MIR_H
@@ -20,6 +21,7 @@
TCA_MIRRED_UNSPEC,
TCA_MIRRED_TM,
TCA_MIRRED_PARMS,
+ TCA_MIRRED_PAD,
__TCA_MIRRED_MAX
};
#define TCA_MIRRED_MAX (__TCA_MIRRED_MAX - 1)
diff --git a/include/linux/tc_act/tc_nat.h b/include/uapi/linux/tc_act/tc_nat.h
similarity index 82%
rename from include/linux/tc_act/tc_nat.h
rename to include/uapi/linux/tc_act/tc_nat.h
index 6663aeb..086be84 100644
--- a/include/linux/tc_act/tc_nat.h
+++ b/include/uapi/linux/tc_act/tc_nat.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_NAT_H
#define __LINUX_TC_NAT_H
@@ -10,6 +11,7 @@
TCA_NAT_UNSPEC,
TCA_NAT_PARMS,
TCA_NAT_TM,
+ TCA_NAT_PAD,
__TCA_NAT_MAX
};
#define TCA_NAT_MAX (__TCA_NAT_MAX - 1)
diff --git a/include/uapi/linux/tc_act/tc_pedit.h b/include/uapi/linux/tc_act/tc_pedit.h
new file mode 100644
index 0000000..162d109
--- /dev/null
+++ b/include/uapi/linux/tc_act/tc_pedit.h
@@ -0,0 +1,67 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef __LINUX_TC_PED_H
+#define __LINUX_TC_PED_H
+
+#include <linux/types.h>
+#include <linux/pkt_cls.h>
+
+#define TCA_ACT_PEDIT 7
+
+enum {
+ TCA_PEDIT_UNSPEC,
+ TCA_PEDIT_TM,
+ TCA_PEDIT_PARMS,
+ TCA_PEDIT_PAD,
+ TCA_PEDIT_PARMS_EX,
+ TCA_PEDIT_KEYS_EX,
+ TCA_PEDIT_KEY_EX,
+ __TCA_PEDIT_MAX
+};
+#define TCA_PEDIT_MAX (__TCA_PEDIT_MAX - 1)
+
+enum {
+ TCA_PEDIT_KEY_EX_HTYPE = 1,
+ TCA_PEDIT_KEY_EX_CMD = 2,
+ __TCA_PEDIT_KEY_EX_MAX
+};
+#define TCA_PEDIT_KEY_EX_MAX (__TCA_PEDIT_KEY_EX_MAX - 1)
+
+ /* TCA_PEDIT_KEY_EX_HDR_TYPE_NETWROK is a special case for legacy users. It
+ * means no specific header type - offset is relative to the network layer
+ */
+enum pedit_header_type {
+ TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK = 0,
+ TCA_PEDIT_KEY_EX_HDR_TYPE_ETH = 1,
+ TCA_PEDIT_KEY_EX_HDR_TYPE_IP4 = 2,
+ TCA_PEDIT_KEY_EX_HDR_TYPE_IP6 = 3,
+ TCA_PEDIT_KEY_EX_HDR_TYPE_TCP = 4,
+ TCA_PEDIT_KEY_EX_HDR_TYPE_UDP = 5,
+ __PEDIT_HDR_TYPE_MAX,
+};
+#define TCA_PEDIT_HDR_TYPE_MAX (__PEDIT_HDR_TYPE_MAX - 1)
+
+enum pedit_cmd {
+ TCA_PEDIT_KEY_EX_CMD_SET = 0,
+ TCA_PEDIT_KEY_EX_CMD_ADD = 1,
+ __PEDIT_CMD_MAX,
+};
+#define TCA_PEDIT_CMD_MAX (__PEDIT_CMD_MAX - 1)
+
+struct tc_pedit_key {
+ __u32 mask; /* AND */
+ __u32 val; /*XOR */
+ __u32 off; /*offset */
+ __u32 at;
+ __u32 offmask;
+ __u32 shift;
+};
+
+struct tc_pedit_sel {
+ tc_gen;
+ unsigned char nkeys;
+ unsigned char flags;
+ struct tc_pedit_key keys[0];
+};
+#define tc_pedit tc_pedit_sel
+
+#endif
diff --git a/include/uapi/linux/tc_act/tc_sample.h b/include/uapi/linux/tc_act/tc_sample.h
new file mode 100644
index 0000000..bd7e9f0
--- /dev/null
+++ b/include/uapi/linux/tc_act/tc_sample.h
@@ -0,0 +1,27 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef __LINUX_TC_SAMPLE_H
+#define __LINUX_TC_SAMPLE_H
+
+#include <linux/types.h>
+#include <linux/pkt_cls.h>
+#include <linux/if_ether.h>
+
+#define TCA_ACT_SAMPLE 26
+
+struct tc_sample {
+ tc_gen;
+};
+
+enum {
+ TCA_SAMPLE_UNSPEC,
+ TCA_SAMPLE_TM,
+ TCA_SAMPLE_PARMS,
+ TCA_SAMPLE_RATE,
+ TCA_SAMPLE_TRUNC_SIZE,
+ TCA_SAMPLE_PSAMPLE_GROUP,
+ TCA_SAMPLE_PAD,
+ __TCA_SAMPLE_MAX
+};
+#define TCA_SAMPLE_MAX (__TCA_SAMPLE_MAX - 1)
+
+#endif
diff --git a/include/linux/tc_act/tc_skbedit.h b/include/uapi/linux/tc_act/tc_skbedit.h
similarity index 87%
rename from include/linux/tc_act/tc_skbedit.h
rename to include/uapi/linux/tc_act/tc_skbedit.h
index 7a2e910..fbcfe27 100644
--- a/include/linux/tc_act/tc_skbedit.h
+++ b/include/uapi/linux/tc_act/tc_skbedit.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Copyright (c) 2008, Intel Corporation.
*
@@ -27,6 +28,8 @@
#define SKBEDIT_F_PRIORITY 0x1
#define SKBEDIT_F_QUEUE_MAPPING 0x2
#define SKBEDIT_F_MARK 0x4
+#define SKBEDIT_F_PTYPE 0x8
+#define SKBEDIT_F_MASK 0x10
struct tc_skbedit {
tc_gen;
@@ -39,6 +42,9 @@
TCA_SKBEDIT_PRIORITY,
TCA_SKBEDIT_QUEUE_MAPPING,
TCA_SKBEDIT_MARK,
+ TCA_SKBEDIT_PAD,
+ TCA_SKBEDIT_PTYPE,
+ TCA_SKBEDIT_MASK,
__TCA_SKBEDIT_MAX
};
#define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1)
diff --git a/include/uapi/linux/tc_act/tc_skbmod.h b/include/uapi/linux/tc_act/tc_skbmod.h
new file mode 100644
index 0000000..38c072f
--- /dev/null
+++ b/include/uapi/linux/tc_act/tc_skbmod.h
@@ -0,0 +1,40 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Copyright (c) 2016, Jamal Hadi Salim
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+*/
+
+#ifndef __LINUX_TC_SKBMOD_H
+#define __LINUX_TC_SKBMOD_H
+
+#include <linux/pkt_cls.h>
+
+#define TCA_ACT_SKBMOD 15
+
+#define SKBMOD_F_DMAC 0x1
+#define SKBMOD_F_SMAC 0x2
+#define SKBMOD_F_ETYPE 0x4
+#define SKBMOD_F_SWAPMAC 0x8
+
+struct tc_skbmod {
+ tc_gen;
+ __u64 flags;
+};
+
+enum {
+ TCA_SKBMOD_UNSPEC,
+ TCA_SKBMOD_TM,
+ TCA_SKBMOD_PARMS,
+ TCA_SKBMOD_DMAC,
+ TCA_SKBMOD_SMAC,
+ TCA_SKBMOD_ETYPE,
+ TCA_SKBMOD_PAD,
+ __TCA_SKBMOD_MAX
+};
+#define TCA_SKBMOD_MAX (__TCA_SKBMOD_MAX - 1)
+
+#endif
diff --git a/include/uapi/linux/tc_act/tc_tunnel_key.h b/include/uapi/linux/tc_act/tc_tunnel_key.h
new file mode 100644
index 0000000..72bbefe
--- /dev/null
+++ b/include/uapi/linux/tc_act/tc_tunnel_key.h
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
+/*
+ * Copyright (c) 2016, Amir Vadai <amir@vadai.me>
+ * Copyright (c) 2016, Mellanox Technologies. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ */
+
+#ifndef __LINUX_TC_TUNNEL_KEY_H
+#define __LINUX_TC_TUNNEL_KEY_H
+
+#include <linux/pkt_cls.h>
+
+#define TCA_ACT_TUNNEL_KEY 17
+
+#define TCA_TUNNEL_KEY_ACT_SET 1
+#define TCA_TUNNEL_KEY_ACT_RELEASE 2
+
+struct tc_tunnel_key {
+ tc_gen;
+ int t_action;
+};
+
+enum {
+ TCA_TUNNEL_KEY_UNSPEC,
+ TCA_TUNNEL_KEY_TM,
+ TCA_TUNNEL_KEY_PARMS,
+ TCA_TUNNEL_KEY_ENC_IPV4_SRC, /* be32 */
+ TCA_TUNNEL_KEY_ENC_IPV4_DST, /* be32 */
+ TCA_TUNNEL_KEY_ENC_IPV6_SRC, /* struct in6_addr */
+ TCA_TUNNEL_KEY_ENC_IPV6_DST, /* struct in6_addr */
+ TCA_TUNNEL_KEY_ENC_KEY_ID, /* be64 */
+ TCA_TUNNEL_KEY_PAD,
+ TCA_TUNNEL_KEY_ENC_DST_PORT, /* be16 */
+ TCA_TUNNEL_KEY_NO_CSUM, /* u8 */
+ __TCA_TUNNEL_KEY_MAX,
+};
+
+#define TCA_TUNNEL_KEY_MAX (__TCA_TUNNEL_KEY_MAX - 1)
+
+#endif
diff --git a/include/linux/tc_act/tc_vlan.h b/include/uapi/linux/tc_act/tc_vlan.h
similarity index 83%
rename from include/linux/tc_act/tc_vlan.h
rename to include/uapi/linux/tc_act/tc_vlan.h
index f7b8d44..0d7b5fd 100644
--- a/include/linux/tc_act/tc_vlan.h
+++ b/include/uapi/linux/tc_act/tc_vlan.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Copyright (c) 2014 Jiri Pirko <jiri@resnulli.us>
*
@@ -16,6 +17,7 @@
#define TCA_VLAN_ACT_POP 1
#define TCA_VLAN_ACT_PUSH 2
+#define TCA_VLAN_ACT_MODIFY 3
struct tc_vlan {
tc_gen;
@@ -28,6 +30,8 @@
TCA_VLAN_PARMS,
TCA_VLAN_PUSH_VLAN_ID,
TCA_VLAN_PUSH_VLAN_PROTOCOL,
+ TCA_VLAN_PAD,
+ TCA_VLAN_PUSH_VLAN_PRIORITY,
__TCA_VLAN_MAX,
};
#define TCA_VLAN_MAX (__TCA_VLAN_MAX - 1)
diff --git a/include/linux/tc_ematch/tc_em_cmp.h b/include/uapi/linux/tc_ematch/tc_em_cmp.h
similarity index 84%
rename from include/linux/tc_ematch/tc_em_cmp.h
rename to include/uapi/linux/tc_ematch/tc_em_cmp.h
index f34bb1b..2549d9d 100644
--- a/include/linux/tc_ematch/tc_em_cmp.h
+++ b/include/uapi/linux/tc_ematch/tc_em_cmp.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_EM_CMP_H
#define __LINUX_TC_EM_CMP_H
diff --git a/include/linux/tc_ematch/tc_em_meta.h b/include/uapi/linux/tc_ematch/tc_em_meta.h
similarity index 96%
rename from include/linux/tc_ematch/tc_em_meta.h
rename to include/uapi/linux/tc_ematch/tc_em_meta.h
index b11f8ce..cf30b5b 100644
--- a/include/linux/tc_ematch/tc_em_meta.h
+++ b/include/uapi/linux/tc_ematch/tc_em_meta.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_EM_META_H
#define __LINUX_TC_EM_META_H
diff --git a/include/linux/tc_ematch/tc_em_nbyte.h b/include/uapi/linux/tc_ematch/tc_em_nbyte.h
similarity index 75%
rename from include/linux/tc_ematch/tc_em_nbyte.h
rename to include/uapi/linux/tc_ematch/tc_em_nbyte.h
index 7172cfb..c76333f 100644
--- a/include/linux/tc_ematch/tc_em_nbyte.h
+++ b/include/uapi/linux/tc_ematch/tc_em_nbyte.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_EM_NBYTE_H
#define __LINUX_TC_EM_NBYTE_H
diff --git a/include/linux/tcp.h b/include/uapi/linux/tcp.h
similarity index 74%
rename from include/linux/tcp.h
rename to include/uapi/linux/tcp.h
index 1e9b4a6..9c99ba8 100644
--- a/include/linux/tcp.h
+++ b/include/uapi/linux/tcp.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
@@ -115,12 +116,25 @@
#define TCP_CC_INFO 26 /* Get Congestion Control (optional) info */
#define TCP_SAVE_SYN 27 /* Record SYN headers for new connections */
#define TCP_SAVED_SYN 28 /* Get SYN headers recorded for connection */
+#define TCP_REPAIR_WINDOW 29 /* Get/set window parameters */
+#define TCP_FASTOPEN_CONNECT 30 /* Attempt FastOpen with connect */
+#define TCP_ULP 31 /* Attach a ULP to a TCP connection */
+#define TCP_MD5SIG_EXT 32 /* TCP MD5 Signature with extensions */
struct tcp_repair_opt {
__u32 opt_code;
__u32 opt_val;
};
+struct tcp_repair_window {
+ __u32 snd_wl1;
+ __u32 snd_wnd;
+ __u32 max_window;
+
+ __u32 rcv_wnd;
+ __u32 rcv_wup;
+};
+
enum {
TCP_NO_QUEUE,
TCP_RECV_QUEUE,
@@ -157,6 +171,7 @@
__u8 tcpi_backoff;
__u8 tcpi_options;
__u8 tcpi_snd_wscale : 4, tcpi_rcv_wscale : 4;
+ __u8 tcpi_delivery_rate_app_limited:1;
__u32 tcpi_rto;
__u32 tcpi_ato;
@@ -196,17 +211,59 @@
__u64 tcpi_bytes_received; /* RFC4898 tcpEStatsAppHCThruOctetsReceived */
__u32 tcpi_segs_out; /* RFC4898 tcpEStatsPerfSegsOut */
__u32 tcpi_segs_in; /* RFC4898 tcpEStatsPerfSegsIn */
+
+ __u32 tcpi_notsent_bytes;
+ __u32 tcpi_min_rtt;
+ __u32 tcpi_data_segs_in; /* RFC4898 tcpEStatsDataSegsIn */
+ __u32 tcpi_data_segs_out; /* RFC4898 tcpEStatsDataSegsOut */
+
+ __u64 tcpi_delivery_rate;
+
+ __u64 tcpi_busy_time; /* Time (usec) busy sending data */
+ __u64 tcpi_rwnd_limited; /* Time (usec) limited by receive window */
+ __u64 tcpi_sndbuf_limited; /* Time (usec) limited by send buffer */
+};
+
+/* netlink attributes types for SCM_TIMESTAMPING_OPT_STATS */
+enum {
+ TCP_NLA_PAD,
+ TCP_NLA_BUSY, /* Time (usec) busy sending data */
+ TCP_NLA_RWND_LIMITED, /* Time (usec) limited by receive window */
+ TCP_NLA_SNDBUF_LIMITED, /* Time (usec) limited by send buffer */
+ TCP_NLA_DATA_SEGS_OUT, /* Data pkts sent including retransmission */
+ TCP_NLA_TOTAL_RETRANS, /* Data pkts retransmitted */
+ TCP_NLA_PACING_RATE, /* Pacing rate in bytes per second */
+ TCP_NLA_DELIVERY_RATE, /* Delivery rate in bytes per second */
+ TCP_NLA_SND_CWND, /* Sending congestion window */
+ TCP_NLA_REORDERING, /* Reordering metric */
+ TCP_NLA_MIN_RTT, /* minimum RTT */
+ TCP_NLA_RECUR_RETRANS, /* Recurring retransmits for the current pkt */
+ TCP_NLA_DELIVERY_RATE_APP_LMT, /* delivery rate application limited ? */
+
};
/* for TCP_MD5SIG socket option */
#define TCP_MD5SIG_MAXKEYLEN 80
+/* tcp_md5sig extension flags for TCP_MD5SIG_EXT */
+#define TCP_MD5SIG_FLAG_PREFIX 1 /* address prefix length */
+
struct tcp_md5sig {
struct __kernel_sockaddr_storage tcpm_addr; /* address associated */
- __u16 __tcpm_pad1; /* zero */
+ __u8 tcpm_flags; /* extension flags */
+ __u8 tcpm_prefixlen; /* address prefix */
__u16 tcpm_keylen; /* key length */
- __u32 __tcpm_pad2; /* zero */
+ __u32 __tcpm_pad; /* zero */
__u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* key (binary) */
};
+/* INET_DIAG_MD5SIG */
+struct tcp_diag_md5sig {
+ __u8 tcpm_family;
+ __u8 tcpm_prefixlen;
+ __u16 tcpm_keylen;
+ __be32 tcpm_addr[4];
+ __u8 tcpm_key[TCP_MD5SIG_MAXKEYLEN];
+};
+
#endif /* _LINUX_TCP_H */
diff --git a/include/linux/tcp_metrics.h b/include/uapi/linux/tcp_metrics.h
similarity index 94%
rename from include/linux/tcp_metrics.h
rename to include/uapi/linux/tcp_metrics.h
index 9353392..7cb4a17 100644
--- a/include/linux/tcp_metrics.h
+++ b/include/uapi/linux/tcp_metrics.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/* tcp_metrics.h - TCP Metrics Interface */
#ifndef _LINUX_TCP_METRICS_H
@@ -40,6 +41,7 @@
TCP_METRICS_ATTR_FOPEN_COOKIE, /* binary */
TCP_METRICS_ATTR_SADDR_IPV4, /* u32 */
TCP_METRICS_ATTR_SADDR_IPV6, /* binary */
+ TCP_METRICS_ATTR_PAD,
__TCP_METRICS_ATTR_MAX,
};
diff --git a/include/linux/tipc.h b/include/uapi/linux/tipc.h
similarity index 81%
rename from include/linux/tipc.h
rename to include/uapi/linux/tipc.h
index ebd3b63..665be99 100644
--- a/include/linux/tipc.h
+++ b/include/uapi/linux/tipc.h
@@ -1,7 +1,8 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
/*
* include/uapi/linux/tipc.h: Header for TIPC socket interface
*
- * Copyright (c) 2003-2006, Ericsson AB
+ * Copyright (c) 2003-2006, 2015-2016 Ericsson AB
* Copyright (c) 2005, 2010-2011, Wind River Systems
* All rights reserved.
*
@@ -60,26 +61,48 @@
__u32 upper;
};
+/* TIPC Address Size, Offset, Mask specification for Z.C.N
+ */
+#define TIPC_NODE_BITS 12
+#define TIPC_CLUSTER_BITS 12
+#define TIPC_ZONE_BITS 8
+
+#define TIPC_NODE_OFFSET 0
+#define TIPC_CLUSTER_OFFSET TIPC_NODE_BITS
+#define TIPC_ZONE_OFFSET (TIPC_CLUSTER_OFFSET + TIPC_CLUSTER_BITS)
+
+#define TIPC_NODE_SIZE ((1UL << TIPC_NODE_BITS) - 1)
+#define TIPC_CLUSTER_SIZE ((1UL << TIPC_CLUSTER_BITS) - 1)
+#define TIPC_ZONE_SIZE ((1UL << TIPC_ZONE_BITS) - 1)
+
+#define TIPC_NODE_MASK (TIPC_NODE_SIZE << TIPC_NODE_OFFSET)
+#define TIPC_CLUSTER_MASK (TIPC_CLUSTER_SIZE << TIPC_CLUSTER_OFFSET)
+#define TIPC_ZONE_MASK (TIPC_ZONE_SIZE << TIPC_ZONE_OFFSET)
+
+#define TIPC_ZONE_CLUSTER_MASK (TIPC_ZONE_MASK | TIPC_CLUSTER_MASK)
+
static __inline__ __u32 tipc_addr(unsigned int zone,
unsigned int cluster,
unsigned int node)
{
- return (zone << 24) | (cluster << 12) | node;
+ return (zone << TIPC_ZONE_OFFSET) |
+ (cluster << TIPC_CLUSTER_OFFSET) |
+ node;
}
static __inline__ unsigned int tipc_zone(__u32 addr)
{
- return addr >> 24;
+ return addr >> TIPC_ZONE_OFFSET;
}
static __inline__ unsigned int tipc_cluster(__u32 addr)
{
- return (addr >> 12) & 0xfff;
+ return (addr & TIPC_CLUSTER_MASK) >> TIPC_CLUSTER_OFFSET;
}
static __inline__ unsigned int tipc_node(__u32 addr)
{
- return addr & 0xfff;
+ return addr & TIPC_NODE_MASK;
}
/*
@@ -198,7 +221,7 @@
#define TIPC_DESTNAME 3 /* destination name */
/*
- * TIPC-specific socket option values
+ * TIPC-specific socket option names
*/
#define TIPC_IMPORTANCE 127 /* Default: TIPC_LOW_IMPORTANCE */
@@ -207,6 +230,8 @@
#define TIPC_CONN_TIMEOUT 130 /* Default: 8000 (ms) */
#define TIPC_NODE_RECVQ_DEPTH 131 /* Default: none (read only) */
#define TIPC_SOCK_RECVQ_DEPTH 132 /* Default: none (read only) */
+#define TIPC_MCAST_BROADCAST 133 /* Default: TIPC selects. No arg */
+#define TIPC_MCAST_REPLICAST 134 /* Default: TIPC selects. No arg */
/*
* Maximum sizes of TIPC bearer-related names (including terminating NULL)
diff --git a/include/linux/tipc_netlink.h b/include/uapi/linux/tipc_netlink.h
similarity index 85%
rename from include/linux/tipc_netlink.h
rename to include/uapi/linux/tipc_netlink.h
index 25eb645..469aa67 100644
--- a/include/linux/tipc_netlink.h
+++ b/include/uapi/linux/tipc_netlink.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
/*
* Copyright (c) 2014, Ericsson AB
* All rights reserved.
@@ -56,7 +57,12 @@
TIPC_NL_NET_GET,
TIPC_NL_NET_SET,
TIPC_NL_NAME_TABLE_GET,
+ TIPC_NL_MON_SET,
+ TIPC_NL_MON_GET,
+ TIPC_NL_MON_PEER_GET,
TIPC_NL_PEER_REMOVE,
+ TIPC_NL_BEARER_ADD,
+ TIPC_NL_UDP_GET_REMOTEIP,
__TIPC_NL_CMD_MAX,
TIPC_NL_CMD_MAX = __TIPC_NL_CMD_MAX - 1
@@ -73,6 +79,8 @@
TIPC_NLA_NODE, /* nest */
TIPC_NLA_NET, /* nest */
TIPC_NLA_NAME_TABLE, /* nest */
+ TIPC_NLA_MON, /* nest */
+ TIPC_NLA_MON_PEER, /* nest */
__TIPC_NLA_MAX,
TIPC_NLA_MAX = __TIPC_NLA_MAX - 1
@@ -94,6 +102,7 @@
TIPC_NLA_UDP_UNSPEC,
TIPC_NLA_UDP_LOCAL, /* sockaddr_storage */
TIPC_NLA_UDP_REMOTE, /* sockaddr_storage */
+ TIPC_NLA_UDP_MULTI_REMOTEIP, /* flag */
__TIPC_NLA_UDP_MAX,
TIPC_NLA_UDP_MAX = __TIPC_NLA_UDP_MAX - 1
@@ -167,6 +176,20 @@
TIPC_NLA_NAME_TABLE_MAX = __TIPC_NLA_NAME_TABLE_MAX - 1
};
+/* Monitor info */
+enum {
+ TIPC_NLA_MON_UNSPEC,
+ TIPC_NLA_MON_ACTIVATION_THRESHOLD, /* u32 */
+ TIPC_NLA_MON_REF, /* u32 */
+ TIPC_NLA_MON_ACTIVE, /* flag */
+ TIPC_NLA_MON_BEARER_NAME, /* string */
+ TIPC_NLA_MON_PEERCNT, /* u32 */
+ TIPC_NLA_MON_LISTGEN, /* u32 */
+
+ __TIPC_NLA_MON_MAX,
+ TIPC_NLA_MON_MAX = __TIPC_NLA_MON_MAX - 1
+};
+
/* Publication info */
enum {
TIPC_NLA_PUBL_UNSPEC,
@@ -183,6 +206,24 @@
TIPC_NLA_PUBL_MAX = __TIPC_NLA_PUBL_MAX - 1
};
+/* Monitor peer info */
+enum {
+ TIPC_NLA_MON_PEER_UNSPEC,
+
+ TIPC_NLA_MON_PEER_ADDR, /* u32 */
+ TIPC_NLA_MON_PEER_DOMGEN, /* u32 */
+ TIPC_NLA_MON_PEER_APPLIED, /* u32 */
+ TIPC_NLA_MON_PEER_UPMAP, /* u64 */
+ TIPC_NLA_MON_PEER_MEMBERS, /* tlv */
+ TIPC_NLA_MON_PEER_UP, /* flag */
+ TIPC_NLA_MON_PEER_HEAD, /* flag */
+ TIPC_NLA_MON_PEER_LOCAL, /* flag */
+ TIPC_NLA_MON_PEER_PAD, /* flag */
+
+ __TIPC_NLA_MON_PEER_MAX,
+ TIPC_NLA_MON_PEER_MAX = __TIPC_NLA_MON_PEER_MAX - 1
+};
+
/* Nest, connection info */
enum {
TIPC_NLA_CON_UNSPEC,
diff --git a/include/uapi/linux/types.h b/include/uapi/linux/types.h
new file mode 100644
index 0000000..b1c1087
--- /dev/null
+++ b/include/uapi/linux/types.h
@@ -0,0 +1,48 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _LINUX_TYPES_H
+#define _LINUX_TYPES_H
+
+#include <asm/types.h>
+
+#ifndef __ASSEMBLY__
+
+#include <linux/posix_types.h>
+
+
+/*
+ * Below are truly Linux-specific types that should never collide with
+ * any application/library that wants linux/types.h.
+ */
+
+#ifdef __CHECKER__
+#define __bitwise__ __attribute__((bitwise))
+#else
+#define __bitwise__
+#endif
+#define __bitwise __bitwise__
+
+typedef __u16 __bitwise __le16;
+typedef __u16 __bitwise __be16;
+typedef __u32 __bitwise __le32;
+typedef __u32 __bitwise __be32;
+typedef __u64 __bitwise __le64;
+typedef __u64 __bitwise __be64;
+
+typedef __u16 __bitwise __sum16;
+typedef __u32 __bitwise __wsum;
+
+/*
+ * aligned_u64 should be used in defining kernel<->userspace ABIs to avoid
+ * common 32/64-bit compat problems.
+ * 64-bit values align to 4-byte boundaries on x86_32 (and possibly other
+ * architectures) and to 8-byte boundaries on 64-bit architectures. The new
+ * aligned_64 type enforces 8-byte alignment so that structs containing
+ * aligned_64 values have the same alignment on 32-bit and 64-bit architectures.
+ * No conversions are necessary between 32-bit user-space and a 64-bit kernel.
+ */
+#define __aligned_u64 __u64 __attribute__((aligned(8)))
+#define __aligned_be64 __be64 __attribute__((aligned(8)))
+#define __aligned_le64 __le64 __attribute__((aligned(8)))
+
+#endif /* __ASSEMBLY__ */
+#endif /* _LINUX_TYPES_H */
diff --git a/include/linux/unix_diag.h b/include/uapi/linux/unix_diag.h
similarity index 94%
rename from include/linux/unix_diag.h
rename to include/uapi/linux/unix_diag.h
index 1eb0b8d..5c502fd 100644
--- a/include/linux/unix_diag.h
+++ b/include/uapi/linux/unix_diag.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __UNIX_DIAG_H__
#define __UNIX_DIAG_H__
diff --git a/include/linux/veth.h b/include/uapi/linux/veth.h
similarity index 71%
rename from include/linux/veth.h
rename to include/uapi/linux/veth.h
index 3354c1e..52b58e5 100644
--- a/include/linux/veth.h
+++ b/include/uapi/linux/veth.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __NET_VETH_H_
#define __NET_VETH_H_
diff --git a/include/linux/xfrm.h b/include/uapi/linux/xfrm.h
similarity index 96%
rename from include/linux/xfrm.h
rename to include/uapi/linux/xfrm.h
index b8f5451..93fb192 100644
--- a/include/linux/xfrm.h
+++ b/include/uapi/linux/xfrm.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_XFRM_H
#define _LINUX_XFRM_H
@@ -298,10 +299,13 @@
XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
XFRMA_MARK, /* struct xfrm_mark */
XFRMA_TFCPAD, /* __u32 */
- XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_esn */
+ XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_state_esn */
XFRMA_SA_EXTRA_FLAGS, /* __u32 */
XFRMA_PROTO, /* __u8 */
XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */
+ XFRMA_PAD,
+ XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */
+ XFRMA_OUTPUT_MARK, /* __u32 */
__XFRMA_MAX
#define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -493,6 +497,13 @@
__u8 dplen;
};
+struct xfrm_user_offload {
+ int ifindex;
+ __u8 flags;
+};
+#define XFRM_OFFLOAD_IPV6 1
+#define XFRM_OFFLOAD_INBOUND 2
+
/* backwards compatibility for userspace */
#define XFRMGRP_ACQUIRE 1
#define XFRMGRP_EXPIRE 2
diff --git a/include/uapi/rdma/rdma_netlink.h b/include/uapi/rdma/rdma_netlink.h
new file mode 100644
index 0000000..48fbf3c
--- /dev/null
+++ b/include/uapi/rdma/rdma_netlink.h
@@ -0,0 +1,308 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+#ifndef _RDMA_NETLINK_H
+#define _RDMA_NETLINK_H
+
+#include <linux/types.h>
+
+enum {
+ RDMA_NL_RDMA_CM = 1,
+ RDMA_NL_IWCM,
+ RDMA_NL_RSVD,
+ RDMA_NL_LS, /* RDMA Local Services */
+ RDMA_NL_NLDEV, /* RDMA device interface */
+ RDMA_NL_NUM_CLIENTS
+};
+
+enum {
+ RDMA_NL_GROUP_CM = 1,
+ RDMA_NL_GROUP_IWPM,
+ RDMA_NL_GROUP_LS,
+ RDMA_NL_NUM_GROUPS
+};
+
+#define RDMA_NL_GET_CLIENT(type) ((type & (((1 << 6) - 1) << 10)) >> 10)
+#define RDMA_NL_GET_OP(type) (type & ((1 << 10) - 1))
+#define RDMA_NL_GET_TYPE(client, op) ((client << 10) + op)
+
+enum {
+ RDMA_NL_RDMA_CM_ID_STATS = 0,
+ RDMA_NL_RDMA_CM_NUM_OPS
+};
+
+enum {
+ RDMA_NL_RDMA_CM_ATTR_SRC_ADDR = 1,
+ RDMA_NL_RDMA_CM_ATTR_DST_ADDR,
+ RDMA_NL_RDMA_CM_NUM_ATTR,
+};
+
+/* iwarp port mapper op-codes */
+enum {
+ RDMA_NL_IWPM_REG_PID = 0,
+ RDMA_NL_IWPM_ADD_MAPPING,
+ RDMA_NL_IWPM_QUERY_MAPPING,
+ RDMA_NL_IWPM_REMOVE_MAPPING,
+ RDMA_NL_IWPM_REMOTE_INFO,
+ RDMA_NL_IWPM_HANDLE_ERR,
+ RDMA_NL_IWPM_MAPINFO,
+ RDMA_NL_IWPM_MAPINFO_NUM,
+ RDMA_NL_IWPM_NUM_OPS
+};
+
+struct rdma_cm_id_stats {
+ __u32 qp_num;
+ __u32 bound_dev_if;
+ __u32 port_space;
+ __s32 pid;
+ __u8 cm_state;
+ __u8 node_type;
+ __u8 port_num;
+ __u8 qp_type;
+};
+
+enum {
+ IWPM_NLA_REG_PID_UNSPEC = 0,
+ IWPM_NLA_REG_PID_SEQ,
+ IWPM_NLA_REG_IF_NAME,
+ IWPM_NLA_REG_IBDEV_NAME,
+ IWPM_NLA_REG_ULIB_NAME,
+ IWPM_NLA_REG_PID_MAX
+};
+
+enum {
+ IWPM_NLA_RREG_PID_UNSPEC = 0,
+ IWPM_NLA_RREG_PID_SEQ,
+ IWPM_NLA_RREG_IBDEV_NAME,
+ IWPM_NLA_RREG_ULIB_NAME,
+ IWPM_NLA_RREG_ULIB_VER,
+ IWPM_NLA_RREG_PID_ERR,
+ IWPM_NLA_RREG_PID_MAX
+
+};
+
+enum {
+ IWPM_NLA_MANAGE_MAPPING_UNSPEC = 0,
+ IWPM_NLA_MANAGE_MAPPING_SEQ,
+ IWPM_NLA_MANAGE_ADDR,
+ IWPM_NLA_MANAGE_MAPPED_LOC_ADDR,
+ IWPM_NLA_RMANAGE_MAPPING_ERR,
+ IWPM_NLA_RMANAGE_MAPPING_MAX
+};
+
+#define IWPM_NLA_MANAGE_MAPPING_MAX 3
+#define IWPM_NLA_QUERY_MAPPING_MAX 4
+#define IWPM_NLA_MAPINFO_SEND_MAX 3
+
+enum {
+ IWPM_NLA_QUERY_MAPPING_UNSPEC = 0,
+ IWPM_NLA_QUERY_MAPPING_SEQ,
+ IWPM_NLA_QUERY_LOCAL_ADDR,
+ IWPM_NLA_QUERY_REMOTE_ADDR,
+ IWPM_NLA_RQUERY_MAPPED_LOC_ADDR,
+ IWPM_NLA_RQUERY_MAPPED_REM_ADDR,
+ IWPM_NLA_RQUERY_MAPPING_ERR,
+ IWPM_NLA_RQUERY_MAPPING_MAX
+};
+
+enum {
+ IWPM_NLA_MAPINFO_REQ_UNSPEC = 0,
+ IWPM_NLA_MAPINFO_ULIB_NAME,
+ IWPM_NLA_MAPINFO_ULIB_VER,
+ IWPM_NLA_MAPINFO_REQ_MAX
+};
+
+enum {
+ IWPM_NLA_MAPINFO_UNSPEC = 0,
+ IWPM_NLA_MAPINFO_LOCAL_ADDR,
+ IWPM_NLA_MAPINFO_MAPPED_ADDR,
+ IWPM_NLA_MAPINFO_MAX
+};
+
+enum {
+ IWPM_NLA_MAPINFO_NUM_UNSPEC = 0,
+ IWPM_NLA_MAPINFO_SEQ,
+ IWPM_NLA_MAPINFO_SEND_NUM,
+ IWPM_NLA_MAPINFO_ACK_NUM,
+ IWPM_NLA_MAPINFO_NUM_MAX
+};
+
+enum {
+ IWPM_NLA_ERR_UNSPEC = 0,
+ IWPM_NLA_ERR_SEQ,
+ IWPM_NLA_ERR_CODE,
+ IWPM_NLA_ERR_MAX
+};
+
+/*
+ * Local service operations:
+ * RESOLVE - The client requests the local service to resolve a path.
+ * SET_TIMEOUT - The local service requests the client to set the timeout.
+ * IP_RESOLVE - The client requests the local service to resolve an IP to GID.
+ */
+enum {
+ RDMA_NL_LS_OP_RESOLVE = 0,
+ RDMA_NL_LS_OP_SET_TIMEOUT,
+ RDMA_NL_LS_OP_IP_RESOLVE,
+ RDMA_NL_LS_NUM_OPS
+};
+
+/* Local service netlink message flags */
+#define RDMA_NL_LS_F_ERR 0x0100 /* Failed response */
+
+/*
+ * Local service resolve operation family header.
+ * The layout for the resolve operation:
+ * nlmsg header
+ * family header
+ * attributes
+ */
+
+/*
+ * Local service path use:
+ * Specify how the path(s) will be used.
+ * ALL - For connected CM operation (6 pathrecords)
+ * UNIDIRECTIONAL - For unidirectional UD (1 pathrecord)
+ * GMP - For miscellaneous GMP like operation (at least 1 reversible
+ * pathrecord)
+ */
+enum {
+ LS_RESOLVE_PATH_USE_ALL = 0,
+ LS_RESOLVE_PATH_USE_UNIDIRECTIONAL,
+ LS_RESOLVE_PATH_USE_GMP,
+ LS_RESOLVE_PATH_USE_MAX
+};
+
+#define LS_DEVICE_NAME_MAX 64
+
+struct rdma_ls_resolve_header {
+ __u8 device_name[LS_DEVICE_NAME_MAX];
+ __u8 port_num;
+ __u8 path_use;
+};
+
+struct rdma_ls_ip_resolve_header {
+ __u32 ifindex;
+};
+
+/* Local service attribute type */
+#define RDMA_NLA_F_MANDATORY (1 << 13)
+#define RDMA_NLA_TYPE_MASK (~(NLA_F_NESTED | NLA_F_NET_BYTEORDER | \
+ RDMA_NLA_F_MANDATORY))
+
+/*
+ * Local service attributes:
+ * Attr Name Size Byte order
+ * -----------------------------------------------------
+ * PATH_RECORD struct ib_path_rec_data
+ * TIMEOUT u32 cpu
+ * SERVICE_ID u64 cpu
+ * DGID u8[16] BE
+ * SGID u8[16] BE
+ * TCLASS u8
+ * PKEY u16 cpu
+ * QOS_CLASS u16 cpu
+ * IPV4 u32 BE
+ * IPV6 u8[16] BE
+ */
+enum {
+ LS_NLA_TYPE_UNSPEC = 0,
+ LS_NLA_TYPE_PATH_RECORD,
+ LS_NLA_TYPE_TIMEOUT,
+ LS_NLA_TYPE_SERVICE_ID,
+ LS_NLA_TYPE_DGID,
+ LS_NLA_TYPE_SGID,
+ LS_NLA_TYPE_TCLASS,
+ LS_NLA_TYPE_PKEY,
+ LS_NLA_TYPE_QOS_CLASS,
+ LS_NLA_TYPE_IPV4,
+ LS_NLA_TYPE_IPV6,
+ LS_NLA_TYPE_MAX
+};
+
+/* Local service DGID/SGID attribute: big endian */
+struct rdma_nla_ls_gid {
+ __u8 gid[16];
+};
+
+enum rdma_nldev_command {
+ RDMA_NLDEV_CMD_UNSPEC,
+
+ RDMA_NLDEV_CMD_GET, /* can dump */
+ RDMA_NLDEV_CMD_SET,
+ RDMA_NLDEV_CMD_NEW,
+ RDMA_NLDEV_CMD_DEL,
+
+ RDMA_NLDEV_CMD_PORT_GET, /* can dump */
+ RDMA_NLDEV_CMD_PORT_SET,
+ RDMA_NLDEV_CMD_PORT_NEW,
+ RDMA_NLDEV_CMD_PORT_DEL,
+
+ RDMA_NLDEV_NUM_OPS
+};
+
+enum rdma_nldev_attr {
+ /* don't change the order or add anything between, this is ABI! */
+ RDMA_NLDEV_ATTR_UNSPEC,
+
+ /* Identifier for ib_device */
+ RDMA_NLDEV_ATTR_DEV_INDEX, /* u32 */
+
+ RDMA_NLDEV_ATTR_DEV_NAME, /* string */
+ /*
+ * Device index together with port index are identifiers
+ * for port/link properties.
+ *
+ * For RDMA_NLDEV_CMD_GET commamnd, port index will return number
+ * of available ports in ib_device, while for port specific operations,
+ * it will be real port index as it appears in sysfs. Port index follows
+ * sysfs notation and starts from 1 for the first port.
+ */
+ RDMA_NLDEV_ATTR_PORT_INDEX, /* u32 */
+
+ /*
+ * Device and port capabilities
+ */
+ RDMA_NLDEV_ATTR_CAP_FLAGS, /* u64 */
+
+ /*
+ * FW version
+ */
+ RDMA_NLDEV_ATTR_FW_VERSION, /* string */
+
+ /*
+ * Node GUID (in host byte order) associated with the RDMA device.
+ */
+ RDMA_NLDEV_ATTR_NODE_GUID, /* u64 */
+
+ /*
+ * System image GUID (in host byte order) associated with
+ * this RDMA device and other devices which are part of a
+ * single system.
+ */
+ RDMA_NLDEV_ATTR_SYS_IMAGE_GUID, /* u64 */
+
+ /*
+ * Subnet prefix (in host byte order)
+ */
+ RDMA_NLDEV_ATTR_SUBNET_PREFIX, /* u64 */
+
+ /*
+ * Local Identifier (LID),
+ * According to IB specification, It is 16-bit address assigned
+ * by the Subnet Manager. Extended to be 32-bit for OmniPath users.
+ */
+ RDMA_NLDEV_ATTR_LID, /* u32 */
+ RDMA_NLDEV_ATTR_SM_LID, /* u32 */
+
+ /*
+ * LID mask control (LMC)
+ */
+ RDMA_NLDEV_ATTR_LMC, /* u8 */
+
+ RDMA_NLDEV_ATTR_PORT_STATE, /* u8 */
+ RDMA_NLDEV_ATTR_PORT_PHYS_STATE, /* u8 */
+
+ RDMA_NLDEV_ATTR_DEV_NODE_TYPE, /* u8 */
+
+ RDMA_NLDEV_ATTR_MAX
+};
+#endif /* _RDMA_NETLINK_H */
diff --git a/include/utils.h b/include/utils.h
index 7310f4e..10749fb 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -6,6 +6,7 @@
#include <resolv.h>
#include <stdlib.h>
#include <stdbool.h>
+#include <time.h>
#include "libnetlink.h"
#include "ll_map.h"
@@ -20,6 +21,7 @@
extern int resolve_hosts;
extern int oneline;
extern int brief;
+extern int json;
extern int timestamp;
extern int timestamp_short;
extern const char * _SL_;
@@ -27,19 +29,6 @@
extern int batch_mode;
extern bool do_all;
-#ifndef IPPROTO_ESP
-#define IPPROTO_ESP 50
-#endif
-#ifndef IPPROTO_AH
-#define IPPROTO_AH 51
-#endif
-#ifndef IPPROTO_COMP
-#define IPPROTO_COMP 108
-#endif
-#ifndef IPSEC_PROTO_ANY
-#define IPSEC_PROTO_ANY 255
-#endif
-
#ifndef CONFDIR
#define CONFDIR "/etc/iproute2"
#endif
@@ -61,7 +50,7 @@
__s16 bitlen;
/* These next two fields match rtvia */
__u16 family;
- __u32 data[8];
+ __u32 data[64];
} inet_prefix;
#define PREFIXLEN_SPECIFIED 1
@@ -87,9 +76,9 @@
#ifndef AF_MPLS
# define AF_MPLS 28
#endif
-
-/* Maximum number of labels the mpls helpers support */
-#define MPLS_MAX_LABELS 8
+#ifndef IPPROTO_MPLS
+#define IPPROTO_MPLS 137
+#endif
__u32 get_addr32(const char *name);
int get_addr_1(inet_prefix *dst, const char *arg, int family);
@@ -99,6 +88,7 @@
int mask2bits(__u32 netmask);
int get_addr_ila(__u64 *val, const char *arg);
+int get_hex(char c);
int get_integer(int *val, const char *arg, int base);
int get_unsigned(unsigned *val, const char *arg, int base);
int get_time_rtt(unsigned *val, const char *arg, int *raw);
@@ -112,20 +102,30 @@
int get_s16(__s16 *val, const char *arg, int base);
int get_u8(__u8 *val, const char *arg, int base);
int get_s8(__s8 *val, const char *arg, int base);
+int get_be64(__be64 *val, const char *arg, int base);
+int get_be32(__be32 *val, const char *arg, int base);
+int get_be16(__be16 *val, const char *arg, int base);
int get_addr64(__u64 *ap, const char *cp);
-char* hexstring_n2a(const __u8 *str, int len, char *buf, int blen);
-__u8* hexstring_a2n(const char *str, __u8 *buf, int blen);
+int hex2mem(const char *buf, uint8_t *mem, int count);
+char *hexstring_n2a(const __u8 *str, int len, char *buf, int blen);
+__u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len);
#define ADDR64_BUF_SIZE sizeof("xxxx:xxxx:xxxx:xxxx")
int addr64_n2a(__u64 addr, char *buff, size_t len);
int af_bit_len(int af);
int af_byte_len(int af);
-const char *format_host(int af, int len, const void *addr,
+const char *format_host_r(int af, int len, const void *addr,
char *buf, int buflen);
-const char *rt_addr_n2a(int af, int len, const void *addr,
+const char *format_host(int af, int lne, const void *addr);
+#define format_host_rta(af, rta) \
+ format_host(af, RTA_PAYLOAD(rta), RTA_DATA(rta))
+const char *rt_addr_n2a_r(int af, int len, const void *addr,
char *buf, int buflen);
+const char *rt_addr_n2a(int af, int len, const void *addr);
+#define rt_addr_n2a_rta(af, rta) \
+ rt_addr_n2a(af, RTA_PAYLOAD(rta), RTA_DATA(rta))
int read_family(const char *name);
const char *family_name(int family);
@@ -134,6 +134,8 @@
void invarg(const char *, const char *) __attribute__((noreturn));
void duparg(const char *, const char *) __attribute__((noreturn));
void duparg2(const char *, const char *) __attribute__((noreturn));
+int check_ifname(const char *);
+int get_ifname(char *, const char *);
int matches(const char *arg, const char *pattern);
int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits);
@@ -144,7 +146,7 @@
int ipx_pton(int af, const char *src, void *addr);
const char *mpls_ntop(int af, const void *addr, char *str, size_t len);
-int mpls_pton(int af, const char *src, void *addr);
+int mpls_pton(int af, const char *src, void *addr, size_t alen);
extern int __iproute2_hz_internal;
int __get_hz(void);
@@ -175,10 +177,32 @@
return group ? (1 << (group - 1)) : 0;
}
+/* courtesy of bridge-utils */
+static inline unsigned long __tv_to_jiffies(const struct timeval *tv)
+{
+ unsigned long long jif;
+
+ jif = 1000000ULL * tv->tv_sec + tv->tv_usec;
+
+ return jif/10000;
+}
+
+static inline void __jiffies_to_tv(struct timeval *tv, unsigned long jiffies)
+{
+ unsigned long long tvusec;
+
+ tvusec = 10000ULL*jiffies;
+ tv->tv_sec = tvusec/1000000;
+ tv->tv_usec = tvusec - 1000000 * tv->tv_sec;
+}
+
+void print_escape_buf(const __u8 *buf, size_t len, const char *escape);
int print_timestamp(FILE *fp);
void print_nlmsg_timestamp(FILE *fp, const struct nlmsghdr *n);
+#define BIT(nr) (1UL << (nr))
+
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
#define BUILD_BUG_ON(cond) ((void)sizeof(char[1 - 2 * !!(cond)]))
@@ -211,7 +235,12 @@
int makeargs(char *line, char *argv[], int maxargs);
int inet_get_addr(const char *src, __u32 *dst, struct in6_addr *dst6);
-struct iplink_req;
+struct iplink_req {
+ struct nlmsghdr n;
+ struct ifinfomsg i;
+ char buf[1024];
+};
+
int iplink_parse(int argc, char **argv, struct iplink_req *req,
char **name, char **type, char **link, char **dev,
int *group, int *index);
@@ -220,5 +249,17 @@
bool show_label);
char *int_to_str(int val, char *buf);
+int get_guid(__u64 *guid, const char *arg);
+int get_real_family(int rtm_type, int rtm_family);
+
+int cmd_exec(const char *cmd, char **argv, bool do_fork);
+int make_path(const char *path, mode_t mode);
+char *find_cgroup2_mount(void);
+int get_command_name(const char *pid, char *comm, size_t len);
+
+#ifdef NEED_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t size);
+size_t strlcat(char *dst, const char *src, size_t size);
+#endif
#endif /* __UTILS_H__ */
diff --git a/ip/Android.mk b/ip/Android.mk
index 5c45bc7..179611f 100644
--- a/ip/Android.mk
+++ b/ip/Android.mk
@@ -8,7 +8,8 @@
iplink_vlan.c link_veth.c link_gre.c iplink_can.c \
iplink_macvlan.c ipl2tp.c \
ipfou.c iptoken.c tcp_metrics.c ipnetconf.c \
- iproute_lwtunnel.c
+ iproute_lwtunnel.c iplink_xdp.c iplink_vrf.c iplink_xstats.c \
+ ipila.c ipmacsec.c ipseg6.c ipvrf.c
LOCAL_MODULE := ip
@@ -18,12 +19,13 @@
LOCAL_SHARED_LIBRARIES += libiprouteutil libnetlink
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include $(UAPI_INCLUDES)
LOCAL_CFLAGS := \
-O2 -g \
-W -Wall \
-Wno-implicit-function-declaration \
+ -Wno-int-conversion \
-Wno-missing-field-initializers \
-Wno-pointer-arith \
-Wno-sign-compare \
diff --git a/ip/Makefile b/ip/Makefile
index f3d2987..5a1c7ad 100644
--- a/ip/Makefile
+++ b/ip/Makefile
@@ -1,21 +1,19 @@
IPOBJ=ip.o ipaddress.o ipaddrlabel.o iproute.o iprule.o ipnetns.o \
rtm_map.o iptunnel.o ip6tunnel.o tunnel.o ipneigh.o ipntable.o iplink.o \
ipmaddr.o ipmonitor.o ipmroute.o ipprefix.o iptuntap.o iptoken.o \
- ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o \
- iplink_vlan.o link_veth.o link_gre.o iplink_can.o \
+ ipxfrm.o xfrm_state.o xfrm_policy.o xfrm_monitor.o iplink_dummy.o \
+ iplink_ifb.o iplink_nlmon.o iplink_team.o iplink_vcan.o iplink_vxcan.o \
+ iplink_vlan.o link_veth.o link_gre.o iplink_can.o iplink_xdp.o \
iplink_macvlan.o ipl2tp.o link_vti.o link_vti6.o \
iplink_vxlan.o tcp_metrics.o iplink_ipoib.o ipnetconf.o link_ip6tnl.o \
link_iptnl.o link_gre6.o iplink_bond.o iplink_bond_slave.o iplink_hsr.o \
iplink_bridge.o iplink_bridge_slave.o ipfou.o iplink_ipvlan.o \
- iplink_geneve.o iplink_vrf.o iproute_lwtunnel.o
+ iplink_geneve.o iplink_vrf.o iproute_lwtunnel.o ipmacsec.o ipila.o \
+ ipvrf.o iplink_xstats.o ipseg6.o
RTMONOBJ=rtmon.o
-include ../Config
-
-ifeq ($(IP_CONFIG_SETNS),y)
- CFLAGS += -DHAVE_SETNS
-endif
+include ../config.mk
ALLOBJ=$(IPOBJ) $(RTMONOBJ)
SCRIPTS=ifcfg rtpr routel routef
@@ -24,8 +22,10 @@
all: $(TARGETS) $(SCRIPTS)
ip: $(IPOBJ) $(LIBNETLINK)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
rtmon: $(RTMONOBJ)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
install: all
install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR)
diff --git a/ip/ifcfg b/ip/ifcfg
index 083d9df..30a2dc4 100644
--- a/ip/ifcfg
+++ b/ip/ifcfg
@@ -131,7 +131,7 @@
ip route add unreachable 224.0.0.0/24 >& /dev/null
ip route add unreachable 255.255.255.255 >& /dev/null
-if [ `ip link ls $dev | grep -c MULTICAST` -ge 1 ]; then
+if [ "`ip link ls $dev | grep -c MULTICAST`" -ge 1 ]; then
ip route add 224.0.0.0/4 dev $dev scope global >& /dev/null
fi
diff --git a/ip/ip.c b/ip/ip.c
index 5162100..c0eae95 100644
--- a/ip/ip.c
+++ b/ip/ip.c
@@ -30,9 +30,9 @@
int use_iec;
int show_stats;
int show_details;
-int resolve_hosts;
int oneline;
int brief;
+int json;
int timestamp;
const char *_SL_;
int force;
@@ -49,9 +49,10 @@
fprintf(stderr,
"Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }\n"
" ip [ -force ] -batch filename\n"
-"where OBJECT := { link | address | addrlabel | route | rule | neighbor | ntable |\n"
+"where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable |\n"
" tunnel | tuntap | maddress | mroute | mrule | monitor | xfrm |\n"
-" netns | l2tp | fou | tcp_metrics | token | netconf }\n"
+" netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila |\n"
+" vrf | sr }\n"
" OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\n"
" -h[uman-readable] | -iec |\n"
" -f[amily] { inet | inet6 | ipx | dnet | mpls | bridge | link } |\n"
@@ -84,6 +85,8 @@
{ "link", do_iplink },
{ "l2tp", do_ipl2tp },
{ "fou", do_ipfou },
+ { "ila", do_ipila },
+ { "macsec", do_ipmacsec },
{ "tunnel", do_iptunnel },
{ "tunl", do_iptunnel },
{ "tuntap", do_iptuntap },
@@ -97,6 +100,8 @@
{ "mrule", do_multirule },
{ "netns", do_netns },
{ "netconf", do_ipnetconf },
+ { "vrf", do_ipvrf},
+ { "sr", do_seg6 },
{ "help", do_help },
{ 0 }
};
@@ -259,6 +264,8 @@
#endif
} else if (matches(opt, "-brief") == 0) {
++brief;
+ } else if (matches(opt, "-json") == 0) {
+ ++json;
} else if (matches(opt, "-rcvbuf") == 0) {
unsigned int size;
@@ -293,6 +300,9 @@
_SL_ = oneline ? "\\" : "\n";
+ if (json)
+ check_if_color_enabled();
+
#ifndef ANDROID
if (batch_file)
return batch(batch_file);
diff --git a/ip/ip6tunnel.c b/ip/ip6tunnel.c
index 7a3cd04..bc44bef 100644
--- a/ip/ip6tunnel.c
+++ b/ip/ip6tunnel.c
@@ -50,7 +50,7 @@
fprintf(stderr, " [ mode { ip6ip6 | ipip6 | ip6gre | vti6 | any } ]\n");
fprintf(stderr, " [ remote ADDR local ADDR ] [ dev PHYS_DEV ]\n");
fprintf(stderr, " [ encaplimit ELIM ]\n");
- fprintf(stderr ," [ hoplimit TTL ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n");
+ fprintf(stderr, " [ hoplimit TTL ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n");
fprintf(stderr, " [ dscp inherit ]\n");
fprintf(stderr, " [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]\n");
fprintf(stderr, "\n");
@@ -77,10 +77,11 @@
printf("%s: %s/ipv6 remote %s local %s",
p->name,
tnl_strproto(p->proto),
- format_host(AF_INET6, 16, &p->raddr, s1, sizeof(s1)),
- rt_addr_n2a(AF_INET6, 16, &p->laddr, s2, sizeof(s2)));
+ format_host_r(AF_INET6, 16, &p->raddr, s1, sizeof(s1)),
+ rt_addr_n2a_r(AF_INET6, 16, &p->laddr, s2, sizeof(s2)));
if (p->link) {
const char *n = ll_index_to_name(p->link);
+
if (n)
printf(" dev %s", n);
}
@@ -96,6 +97,7 @@
printf(" tclass inherit");
else {
__u32 val = ntohl(p->flowinfo & IP6_FLOWINFO_TCLASS);
+
printf(" tclass 0x%02x", (__u8)(val >> 20));
}
@@ -109,16 +111,17 @@
if (p->flags & IP6_TNL_F_RCV_DSCP_COPY)
printf(" dscp inherit");
- if (p->proto == IPPROTO_GRE) {
- if ((p->i_flags & GRE_KEY) && (p->o_flags & GRE_KEY) && p->o_key == p->i_key)
- printf(" key %u", ntohl(p->i_key));
- else if ((p->i_flags | p->o_flags) & GRE_KEY) {
- if (p->i_flags & GRE_KEY)
- printf(" ikey %u", ntohl(p->i_key));
- if (p->o_flags & GRE_KEY)
- printf(" okey %u", ntohl(p->o_key));
- }
+ if ((p->i_flags & GRE_KEY) && (p->o_flags & GRE_KEY) &&
+ p->o_key == p->i_key)
+ printf(" key %u", ntohl(p->i_key));
+ else {
+ if (p->i_flags & GRE_KEY)
+ printf(" ikey %u", ntohl(p->i_key));
+ if (p->o_flags & GRE_KEY)
+ printf(" okey %u", ntohl(p->o_key));
+ }
+ if (p->proto == IPPROTO_GRE) {
if (p->i_flags & GRE_SEQ)
printf("%s Drop packets out of sequence.", _SL_);
if (p->i_flags & GRE_CSUM)
@@ -133,9 +136,7 @@
static int parse_args(int argc, char **argv, int cmd, struct ip6_tnl_parm2 *p)
{
int count = 0;
- char medium[IFNAMSIZ];
-
- memset(medium, 0, sizeof(medium));
+ const char *medium = NULL;
while (argc > 0) {
if (strcmp(*argv, "mode") == 0) {
@@ -158,11 +159,12 @@
strcmp(*argv, "any") == 0)
p->proto = 0;
else {
- fprintf(stderr,"Unknown tunnel mode \"%s\"\n", *argv);
+ fprintf(stderr, "Unknown tunnel mode \"%s\"\n", *argv);
exit(-1);
}
} else if (strcmp(*argv, "remote") == 0) {
inet_prefix raddr;
+
NEXT_ARG();
get_prefix(&raddr, *argv, preferred_family);
if (raddr.family == AF_UNSPEC)
@@ -170,6 +172,7 @@
memcpy(&p->raddr, &raddr.data, sizeof(p->raddr));
} else if (strcmp(*argv, "local") == 0) {
inet_prefix laddr;
+
NEXT_ARG();
get_prefix(&laddr, *argv, preferred_family);
if (laddr.family == AF_UNSPEC)
@@ -177,13 +180,14 @@
memcpy(&p->laddr, &laddr.data, sizeof(p->laddr));
} else if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
- strncpy(medium, *argv, IFNAMSIZ - 1);
+ medium = *argv;
} else if (strcmp(*argv, "encaplimit") == 0) {
NEXT_ARG();
if (strcmp(*argv, "none") == 0) {
p->flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
} else {
__u8 uval;
+
if (get_u8(&uval, *argv, 0) < -1)
invarg("invalid ELIM", *argv);
p->encap_limit = uval;
@@ -193,6 +197,7 @@
strcmp(*argv, "ttl") == 0 ||
strcmp(*argv, "hlim") == 0) {
__u8 uval;
+
NEXT_ARG();
if (get_u8(&uval, *argv, 0))
invarg("invalid TTL", *argv);
@@ -202,6 +207,7 @@
strcmp(*argv, "tos") == 0 ||
matches(*argv, "dsfield") == 0) {
__u8 uval;
+
NEXT_ARG();
p->flowinfo &= ~IP6_FLOWINFO_TCLASS;
if (strcmp(*argv, "inherit") == 0)
@@ -215,6 +221,7 @@
} else if (strcmp(*argv, "flowlabel") == 0 ||
strcmp(*argv, "fl") == 0) {
__u32 uval;
+
NEXT_ARG();
p->flowinfo &= ~IP6_FLOWINFO_FLOWLABEL;
if (strcmp(*argv, "inherit") == 0)
@@ -266,10 +273,11 @@
usage();
if (p->name[0])
duparg2("name", *argv);
- strncpy(p->name, *argv, IFNAMSIZ - 1);
+ if (get_ifname(p->name, *argv))
+ invarg("\"name\" not a valid ifname", *argv);
if (cmd == SIOCCHGTUNNEL && count == 0) {
- struct ip6_tnl_parm2 old_p;
- memset(&old_p, 0, sizeof(old_p));
+ struct ip6_tnl_parm2 old_p = {};
+
if (tnl_get_ioctl(*argv, &old_p))
return -1;
*p = old_p;
@@ -278,7 +286,7 @@
count++;
argc--; argv++;
}
- if (medium[0]) {
+ if (medium) {
p->link = ll_name_to_index(medium);
if (p->link == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", medium);
@@ -307,10 +315,10 @@
{
return ((!p1->link || p1->link == p2->link) &&
(!p1->name[0] || strcmp(p1->name, p2->name) == 0) &&
- (memcmp(&p1->laddr, &in6addr_any, sizeof(p1->laddr)) == 0 ||
- memcmp(&p1->laddr, &p2->laddr, sizeof(p1->laddr)) == 0) &&
- (memcmp(&p1->raddr, &in6addr_any, sizeof(p1->raddr)) == 0 ||
- memcmp(&p1->raddr, &p2->raddr, sizeof(p1->raddr)) == 0) &&
+ (IN6_IS_ADDR_UNSPECIFIED(&p1->laddr) ||
+ IN6_ARE_ADDR_EQUAL(&p1->laddr, &p2->laddr)) &&
+ (IN6_IS_ADDR_UNSPECIFIED(&p1->raddr) ||
+ IN6_ARE_ADDR_EQUAL(&p1->raddr, &p2->raddr)) &&
(!p1->proto || !p2->proto || p1->proto == p2->proto) &&
(!p1->encap_limit || p1->encap_limit == p2->encap_limit) &&
(!p1->hop_limit || p1->hop_limit == p2->hop_limit) &&
@@ -326,6 +334,7 @@
char buf[512];
int err = -1;
FILE *fp = fopen("/proc/net/dev", "r");
+
if (fp == NULL) {
perror("fopen");
return -1;
@@ -341,7 +350,7 @@
while (fgets(buf, sizeof(buf), fp) != NULL) {
char name[IFNAMSIZ];
int index, type;
- struct ip6_tnl_parm2 p1;
+ struct ip6_tnl_parm2 p1 = {};
char *ptr;
buf[sizeof(buf) - 1] = '\0';
@@ -362,7 +371,6 @@
}
if (type != ARPHRD_TUNNEL6 && type != ARPHRD_IP6GRE)
continue;
- memset(&p1, 0, sizeof(p1));
ip6_tnl_parm_init(&p1, 0);
if (type == ARPHRD_IP6GRE)
p1.proto = IPPROTO_GRE;
@@ -387,14 +395,14 @@
static int do_show(int argc, char **argv)
{
- struct ip6_tnl_parm2 p;
+ struct ip6_tnl_parm2 p;
ll_init_map(&rth);
ip6_tnl_parm_init(&p, 0);
p.proto = 0; /* default to any */
- if (parse_args(argc, argv, SIOCGETTUNNEL, &p) < 0)
- return -1;
+ if (parse_args(argc, argv, SIOCGETTUNNEL, &p) < 0)
+ return -1;
if (!p.name[0] || show_stats)
do_tunnels_list(&p);
@@ -405,7 +413,7 @@
printf("\n");
}
- return 0;
+ return 0;
}
static int do_add(int cmd, int argc, char **argv)
diff --git a/ip/ip_common.h b/ip/ip_common.h
index 9a846df..4b8b0a7 100644
--- a/ip/ip_common.h
+++ b/ip/ip_common.h
@@ -1,14 +1,42 @@
+#ifndef _IP_COMMON_H_
+#define _IP_COMMON_H_
+
+#include <stdbool.h>
+
+#include "json_print.h"
+
+struct link_filter {
+ int ifindex;
+ int family;
+ int oneline;
+ int showqueue;
+ inet_prefix pfx;
+ int scope, scopemask;
+ int flags, flagmask;
+ int up;
+ char *label;
+ int flushed;
+ char *flushb;
+ int flushp;
+ int flushe;
+ int group;
+ int master;
+ char *kind;
+ char *slave_kind;
+};
+
int get_operstate(const char *name);
int print_linkinfo(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg);
int print_linkinfo_brief(const struct sockaddr_nl *who,
- struct nlmsghdr *n, void *arg);
+ struct nlmsghdr *n, void *arg,
+ struct link_filter *filter);
int print_addrinfo(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg);
int print_addrlabel(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg);
int print_neigh(const struct sockaddr_nl *who,
- struct nlmsghdr *n, void *arg);
+ struct nlmsghdr *n, void *arg);
int ipaddr_list_link(int argc, char **argv);
void ipaddr_get_vf_rate(int, int *, int *, int);
void iplink_usage(void) __attribute__((noreturn));
@@ -31,6 +59,7 @@
struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg);
void netns_map_init(void);
+void netns_nsid_socket_init(void);
int print_nsid(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg);
int do_ipaddr(int argc, char **argv);
@@ -43,6 +72,7 @@
int do_ip6tunnel(int argc, char **argv);
int do_iptuntap(int argc, char **argv);
int do_iplink(int argc, char **argv);
+int do_ipmacsec(int argc, char **argv);
int do_ipmonitor(int argc, char **argv);
int do_multiaddr(int argc, char **argv);
int do_multiroute(int argc, char **argv);
@@ -51,14 +81,26 @@
int do_xfrm(int argc, char **argv);
int do_ipl2tp(int argc, char **argv);
int do_ipfou(int argc, char **argv);
+extern int do_ipila(int argc, char **argv);
int do_tcp_metrics(int argc, char **argv);
int do_ipnetconf(int argc, char **argv);
int do_iptoken(int argc, char **argv);
+int do_ipvrf(int argc, char **argv);
+void vrf_reset(void);
+int netns_identify_pid(const char *pidstr, char *name, int len);
+int do_seg6(int argc, char **argv);
+
int iplink_get(unsigned int flags, char *name, __u32 filt_mask);
+int iplink_ifla_xstats(int argc, char **argv);
+
+int ip_linkaddr_list(int family, req_filter_fn_t filter_fn,
+ struct nlmsg_chain *linfo, struct nlmsg_chain *ainfo);
+void free_nlmsg_chain(struct nlmsg_chain *info);
static inline int rtm_get_table(struct rtmsg *r, struct rtattr **tb)
{
__u32 table = r->rtm_table;
+
if (tb[RTA_TABLE])
table = rta_getattr_u32(tb[RTA_TABLE]);
return table;
@@ -66,10 +108,7 @@
extern struct rtnl_handle rth;
-#include <stdbool.h>
-
-struct link_util
-{
+struct link_util {
struct link_util *next;
const char *id;
int maxattr;
@@ -78,15 +117,33 @@
void (*print_opt)(struct link_util *, FILE *,
struct rtattr *[]);
void (*print_xstats)(struct link_util *, FILE *,
- struct rtattr *);
+ struct rtattr *);
void (*print_help)(struct link_util *, int, char **,
- FILE *);
- bool slave;
+ FILE *);
+ int (*parse_ifla_xstats)(struct link_util *,
+ int, char **);
+ int (*print_ifla_xstats)(const struct sockaddr_nl *,
+ struct nlmsghdr *, void *);
};
struct link_util *get_link_kind(const char *kind);
-struct link_util *get_link_slave_kind(const char *slave_kind);
+
+void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, size_t len);
+int bridge_parse_xstats(struct link_util *lu, int argc, char **argv);
+int bridge_print_xstats(const struct sockaddr_nl *who,
+ struct nlmsghdr *n, void *arg);
+
+__u32 ipvrf_get_table(const char *name);
+int name_is_vrf(const char *name);
#ifndef INFINITY_LIFE_TIME
#define INFINITY_LIFE_TIME 0xFFFFFFFFU
#endif
+
+#ifndef LABEL_MAX_MASK
+#define LABEL_MAX_MASK 0xFFFFFU
+#endif
+
+void print_num(FILE *fp, unsigned int width, uint64_t count);
+
+#endif /* _IP_COMMON_H_ */
diff --git a/ip/ipaddress.c b/ip/ipaddress.c
index 9d254d2..9e9a7e0 100644
--- a/ip/ipaddress.c
+++ b/ip/ipaddress.c
@@ -18,7 +18,7 @@
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <sys/ioctl.h>
+#include <sys/param.h>
#include <errno.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@@ -30,10 +30,12 @@
#include <linux/sockios.h>
#include <linux/net_namespace.h>
+#include "utils.h"
#include "rt_names.h"
#include "utils.h"
#include "ll_map.h"
#include "ip_common.h"
+#include "xdp.h"
#include "color.h"
enum {
@@ -42,26 +44,7 @@
IPADD_SAVE,
};
-static struct
-{
- int ifindex;
- int family;
- int oneline;
- int showqueue;
- inet_prefix pfx;
- int scope, scopemask;
- int flags, flagmask;
- int up;
- char *label;
- int flushed;
- char *flushb;
- int flushp;
- int flushe;
- int group;
- int master;
- char *kind;
-} filter;
-
+static struct link_filter filter;
static int do_link;
static void usage(void) __attribute__((noreturn));
@@ -74,8 +57,11 @@
fprintf(stderr, "Usage: ip address {add|change|replace} IFADDR dev IFNAME [ LIFETIME ]\n");
fprintf(stderr, " [ CONFFLAG-LIST ]\n");
fprintf(stderr, " ip address del IFADDR dev IFNAME [mngtmpaddr]\n");
- fprintf(stderr, " ip address {show|save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]\n");
+ fprintf(stderr, " ip address {save|flush} [ dev IFNAME ] [ scope SCOPE-ID ]\n");
fprintf(stderr, " [ to PREFIX ] [ FLAG-LIST ] [ label LABEL ] [up]\n");
+ fprintf(stderr, " ip address [ show [ dev IFNAME ] [ scope SCOPE-ID ] [ master DEVICE ]\n");
+ fprintf(stderr, " [ type TYPE ] [ to PREFIX ] [ FLAG-LIST ]\n");
+ fprintf(stderr, " [ label LABEL ] [up] [ vrf NAME ] ]\n");
fprintf(stderr, " ip address {showdump|restore}\n");
fprintf(stderr, "IFADDR := PREFIX | ADDR peer PREFIX\n");
fprintf(stderr, " [ broadcast ADDR ] [ anycast ADDR ]\n");
@@ -89,19 +75,24 @@
fprintf(stderr, "CONFFLAG := [ home | nodad | mngtmpaddr | noprefixroute | autojoin ]\n");
fprintf(stderr, "LIFETIME := [ valid_lft LFT ] [ preferred_lft LFT ]\n");
fprintf(stderr, "LFT := forever | SECONDS\n");
+ fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n");
+ fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan | lowpan |\n");
+ fprintf(stderr, " gre | gretap | erspan | ip6gre | ip6gretap | vti | nlmon | can |\n");
+ fprintf(stderr, " bond_slave | ipvlan | geneve | bridge_slave | vrf | hsr | macsec }\n");
exit(-1);
}
-static void print_link_flags(FILE *fp, unsigned flags, unsigned mdown)
+static void print_link_flags(FILE *fp, unsigned int flags, unsigned int mdown)
{
- fprintf(fp, "<");
+ open_json_array(PRINT_ANY, is_json_context() ? "flags" : "<");
if (flags & IFF_UP && !(flags & IFF_RUNNING))
- fprintf(fp, "NO-CARRIER%s", flags ? "," : "");
+ print_string(PRINT_ANY, NULL,
+ flags ? "%s," : "%s", "NO-CARRIER");
flags &= ~IFF_RUNNING;
-#define _PF(f) if (flags&IFF_##f) { \
- flags &= ~IFF_##f ; \
- fprintf(fp, #f "%s", flags ? "," : ""); }
+#define _PF(f) if (flags&IFF_##f) { \
+ flags &= ~IFF_##f ; \
+ print_string(PRINT_ANY, NULL, flags ? "%s," : "%s", #f); }
_PF(LOOPBACK);
_PF(BROADCAST);
_PF(POINTOPOINT);
@@ -122,10 +113,10 @@
_PF(ECHO);
#undef _PF
if (flags)
- fprintf(fp, "%x", flags);
+ print_hex(PRINT_ANY, NULL, "%x", flags);
if (mdown)
- fprintf(fp, ",M-DOWN");
- fprintf(fp, "> ");
+ print_string(PRINT_ANY, NULL, ",%s", "M-DOWN");
+ close_json_array(PRINT_ANY, "> ");
}
static const char *oper_states[] = {
@@ -135,24 +126,26 @@
static void print_operstate(FILE *f, __u8 state)
{
- if (state >= sizeof(oper_states)/sizeof(oper_states[0]))
- fprintf(f, "state %#x ", state);
- else {
- if (brief) {
- if (strcmp(oper_states[state], "UP") == 0)
- color_fprintf(f, COLOR_OPERSTATE_UP, "%-14s ", oper_states[state]);
- else if (strcmp(oper_states[state], "DOWN") == 0)
- color_fprintf(f, COLOR_OPERSTATE_DOWN, "%-14s ", oper_states[state]);
- else
- fprintf(f, "%-14s ", oper_states[state]);
- } else {
+ if (state >= ARRAY_SIZE(oper_states)) {
+ if (is_json_context())
+ print_uint(PRINT_JSON, "operstate_index", NULL, state);
+ else
+ print_0xhex(PRINT_FP, NULL, "state %#x", state);
+ } else if (brief) {
+ print_color_string(PRINT_ANY,
+ oper_state_color(state),
+ "operstate",
+ "%-14s ",
+ oper_states[state]);
+ } else {
+ if (is_json_context())
+ print_string(PRINT_JSON,
+ "operstate",
+ NULL, oper_states[state]);
+ else {
fprintf(f, "state ");
- if (strcmp(oper_states[state], "UP") == 0)
- color_fprintf(f, COLOR_OPERSTATE_UP, "%s ", oper_states[state]);
- else if (strcmp(oper_states[state], "DOWN") == 0)
- color_fprintf(f, COLOR_OPERSTATE_DOWN, "%s ", oper_states[state]);
- else
- fprintf(f, "%s ", oper_states[state]);
+ color_fprintf(f, oper_state_color(state),
+ "%s ", oper_states[state]);
}
}
}
@@ -161,7 +154,7 @@
{
int i;
- for (i = 0; i < sizeof(oper_states)/sizeof(oper_states[0]); i++)
+ for (i = 0; i < ARRAY_SIZE(oper_states); i++)
if (strcasecmp(name, oper_states[i]) == 0)
return i;
return -1;
@@ -172,15 +165,14 @@
int qlen;
if (tb[IFLA_TXQLEN])
- qlen = *(int *)RTA_DATA(tb[IFLA_TXQLEN]);
+ qlen = rta_getattr_u32(tb[IFLA_TXQLEN]);
else {
- struct ifreq ifr;
+ struct ifreq ifr = {};
int s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return;
- memset(&ifr, 0, sizeof(ifr));
strcpy(ifr.ifr_name, rta_getattr_str(tb[IFLA_IFNAME]));
if (ioctl(s, SIOCGIFTXQLEN, &ifr) < 0) {
fprintf(f, "ioctl(SIOCGIFTXQLEN) failed: %s\n", strerror(errno));
@@ -191,7 +183,7 @@
qlen = ifr.ifr_qlen;
}
if (qlen)
- fprintf(f, "qlen %d", qlen);
+ print_int(PRINT_ANY, "txqlen", "qlen %d", qlen);
}
static const char *link_modes[] = {
@@ -202,39 +194,55 @@
{
unsigned int mode = rta_getattr_u8(tb);
- if (mode >= sizeof(link_modes) / sizeof(link_modes[0]))
- fprintf(f, "mode %d ", mode);
+ if (mode >= ARRAY_SIZE(link_modes))
+ print_int(PRINT_ANY,
+ "linkmode_index",
+ "mode %d ",
+ mode);
else
- fprintf(f, "mode %s ", link_modes[mode]);
+ print_string(PRINT_ANY,
+ "linkmode",
+ "mode %s "
+ , link_modes[mode]);
}
-static char *parse_link_kind(struct rtattr *tb)
+static char *parse_link_kind(struct rtattr *tb, bool slave)
{
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
+ int attr = slave ? IFLA_INFO_SLAVE_KIND : IFLA_INFO_KIND;
parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb);
- if (linkinfo[IFLA_INFO_KIND])
- return RTA_DATA(linkinfo[IFLA_INFO_KIND]);
+ if (linkinfo[attr])
+ return RTA_DATA(linkinfo[attr]);
return "";
}
+static int match_link_kind(struct rtattr **tb, const char *kind, bool slave)
+{
+ if (!tb[IFLA_LINKINFO])
+ return -1;
+
+ return strcmp(parse_link_kind(tb[IFLA_LINKINFO], slave), kind);
+}
+
static void print_linktype(FILE *fp, struct rtattr *tb)
{
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct link_util *lu;
struct link_util *slave_lu;
- char *kind;
- char *slave_kind;
+ char slave[32];
parse_rtattr_nested(linkinfo, IFLA_INFO_MAX, tb);
+ open_json_object("linkinfo");
if (linkinfo[IFLA_INFO_KIND]) {
- kind = RTA_DATA(linkinfo[IFLA_INFO_KIND]);
+ const char *kind
+ = rta_getattr_str(linkinfo[IFLA_INFO_KIND]);
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " %s ", kind);
+ print_string(PRINT_FP, NULL, "%s", _SL_);
+ print_string(PRINT_ANY, "info_kind", " %s ", kind);
lu = get_link_kind(kind);
if (lu && lu->print_opt) {
@@ -245,21 +253,32 @@
linkinfo[IFLA_INFO_DATA]);
data = attr;
}
+ open_json_object("info_data");
lu->print_opt(lu, fp, data);
+ close_json_object();
if (linkinfo[IFLA_INFO_XSTATS] && show_stats &&
- lu->print_xstats)
+ lu->print_xstats) {
+ open_json_object("info_xstats");
lu->print_xstats(lu, fp, linkinfo[IFLA_INFO_XSTATS]);
+ close_json_object();
+ }
}
}
if (linkinfo[IFLA_INFO_SLAVE_KIND]) {
- slave_kind = RTA_DATA(linkinfo[IFLA_INFO_SLAVE_KIND]);
+ const char *slave_kind
+ = rta_getattr_str(linkinfo[IFLA_INFO_SLAVE_KIND]);
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " %s_slave ", slave_kind);
+ print_string(PRINT_FP, NULL, "%s", _SL_);
+ print_string(PRINT_ANY,
+ "info_slave_kind",
+ " %s_slave ",
+ slave_kind);
- slave_lu = get_link_slave_kind(slave_kind);
+ snprintf(slave, sizeof(slave), "%s_slave", slave_kind);
+
+ slave_lu = get_link_kind(slave);
if (slave_lu && slave_lu->print_opt) {
struct rtattr *attr[slave_lu->maxattr+1], **data = NULL;
@@ -268,9 +287,12 @@
linkinfo[IFLA_INFO_SLAVE_DATA]);
data = attr;
}
+ open_json_object("info_slave_data");
slave_lu->print_opt(slave_lu, fp, data);
+ close_json_object();
}
}
+ close_json_object();
}
static void print_af_spec(FILE *fp, struct rtattr *af_spec_attr)
@@ -286,21 +308,39 @@
if (tb[IFLA_INET6_ADDR_GEN_MODE]) {
__u8 mode = rta_getattr_u8(tb[IFLA_INET6_ADDR_GEN_MODE]);
+ SPRINT_BUF(b1);
+
switch (mode) {
case IN6_ADDR_GEN_MODE_EUI64:
- fprintf(fp, "addrgenmode eui64 ");
+ print_string(PRINT_ANY,
+ "inet6_addr_gen_mode",
+ "addrgenmode %s ",
+ "eui64");
break;
case IN6_ADDR_GEN_MODE_NONE:
- fprintf(fp, "addrgenmode none ");
+ print_string(PRINT_ANY,
+ "inet6_addr_gen_mode",
+ "addrgenmode %s ",
+ "none");
break;
case IN6_ADDR_GEN_MODE_STABLE_PRIVACY:
- fprintf(fp, "addrgenmode stable_secret ");
+ print_string(PRINT_ANY,
+ "inet6_addr_gen_mode",
+ "addrgenmode %s ",
+ "stable_secret");
break;
case IN6_ADDR_GEN_MODE_RANDOM:
- fprintf(fp, "addrgenmode random ");
+ print_string(PRINT_ANY,
+ "inet6_addr_gen_mode",
+ "addrgenmode %s ",
+ "random");
break;
default:
- fprintf(fp, "addrgenmode %#.2hhx ", mode);
+ snprintf(b1, sizeof(b1), "%#.2hhx", mode);
+ print_string(PRINT_ANY,
+ "inet6_addr_gen_mode",
+ "addrgenmode %s ",
+ b1);
break;
}
}
@@ -311,12 +351,9 @@
static void print_vfinfo(FILE *fp, struct rtattr *vfinfo)
{
struct ifla_vf_mac *vf_mac;
- struct ifla_vf_vlan *vf_vlan;
struct ifla_vf_tx_rate *vf_tx_rate;
- struct ifla_vf_spoofchk *vf_spoofchk;
- struct ifla_vf_link_state *vf_linkstate;
struct rtattr *vf[IFLA_VF_MAX + 1] = {};
- struct rtattr *tmp;
+
SPRINT_BUF(b1);
if (vfinfo->rta_type != IFLA_VF_INFO) {
@@ -327,72 +364,142 @@
parse_rtattr_nested(vf, IFLA_VF_MAX, vfinfo);
vf_mac = RTA_DATA(vf[IFLA_VF_MAC]);
- vf_vlan = RTA_DATA(vf[IFLA_VF_VLAN]);
vf_tx_rate = RTA_DATA(vf[IFLA_VF_TX_RATE]);
- /* Check if the spoof checking vf info type is supported by
- * this kernel.
- */
- tmp = (struct rtattr *)((char *)vf[IFLA_VF_TX_RATE] +
- vf[IFLA_VF_TX_RATE]->rta_len);
+ print_string(PRINT_FP, NULL, "%s ", _SL_);
+ print_int(PRINT_ANY, "vf", "vf %d ", vf_mac->vf);
+ print_string(PRINT_ANY, "mac", "MAC %s",
+ ll_addr_n2a((unsigned char *) &vf_mac->mac,
+ ETH_ALEN, 0, b1, sizeof(b1)));
- if (tmp->rta_type != IFLA_VF_SPOOFCHK)
- vf_spoofchk = NULL;
- else
- vf_spoofchk = RTA_DATA(vf[IFLA_VF_SPOOFCHK]);
+ if (vf[IFLA_VF_VLAN_LIST]) {
+ struct rtattr *i, *vfvlanlist = vf[IFLA_VF_VLAN_LIST];
+ int rem = RTA_PAYLOAD(vfvlanlist);
- if (vf_spoofchk) {
- /* Check if the link state vf info type is supported by
- * this kernel.
- */
- tmp = (struct rtattr *)((char *)vf[IFLA_VF_SPOOFCHK] +
- vf[IFLA_VF_SPOOFCHK]->rta_len);
+ open_json_array(PRINT_JSON, "vlan_list");
+ for (i = RTA_DATA(vfvlanlist);
+ RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ struct ifla_vf_vlan_info *vf_vlan_info = RTA_DATA(i);
+ SPRINT_BUF(b2);
- if (tmp->rta_type != IFLA_VF_LINK_STATE)
- vf_linkstate = NULL;
- else
- vf_linkstate = RTA_DATA(vf[IFLA_VF_LINK_STATE]);
- } else
- vf_linkstate = NULL;
+ open_json_object(NULL);
+ if (vf_vlan_info->vlan)
+ print_int(PRINT_ANY,
+ "vlan",
+ ", vlan %d",
+ vf_vlan_info->vlan);
+ if (vf_vlan_info->qos)
+ print_int(PRINT_ANY,
+ "qos",
+ ", qos %d",
+ vf_vlan_info->qos);
+ if (vf_vlan_info->vlan_proto &&
+ vf_vlan_info->vlan_proto != htons(ETH_P_8021Q))
+ print_string(PRINT_ANY,
+ "protocol",
+ ", vlan protocol %s",
+ ll_proto_n2a(
+ vf_vlan_info->vlan_proto,
+ b2, sizeof(b2)));
+ close_json_object();
+ }
+ close_json_array(PRINT_JSON, NULL);
+ } else {
+ struct ifla_vf_vlan *vf_vlan = RTA_DATA(vf[IFLA_VF_VLAN]);
- fprintf(fp, "%s vf %d MAC %s", _SL_, vf_mac->vf,
- ll_addr_n2a((unsigned char *)&vf_mac->mac,
- ETH_ALEN, 0, b1, sizeof(b1)));
- if (vf_vlan->vlan)
- fprintf(fp, ", vlan %d", vf_vlan->vlan);
- if (vf_vlan->qos)
- fprintf(fp, ", qos %d", vf_vlan->qos);
+ if (vf_vlan->vlan)
+ print_int(PRINT_ANY,
+ "vlan",
+ ", vlan %d",
+ vf_vlan->vlan);
+ if (vf_vlan->qos)
+ print_int(PRINT_ANY, "qos", ", qos %d", vf_vlan->qos);
+ }
+
if (vf_tx_rate->rate)
- fprintf(fp, ", tx rate %d (Mbps)", vf_tx_rate->rate);
+ print_int(PRINT_ANY,
+ "tx_rate",
+ ", tx rate %d (Mbps)",
+ vf_tx_rate->rate);
if (vf[IFLA_VF_RATE]) {
struct ifla_vf_rate *vf_rate = RTA_DATA(vf[IFLA_VF_RATE]);
+ int max_tx = vf_rate->max_tx_rate;
+ int min_tx = vf_rate->min_tx_rate;
- if (vf_rate->max_tx_rate)
- fprintf(fp, ", max_tx_rate %dMbps", vf_rate->max_tx_rate);
- if (vf_rate->min_tx_rate)
- fprintf(fp, ", min_tx_rate %dMbps", vf_rate->min_tx_rate);
+ if (is_json_context()) {
+ open_json_object("rate");
+ print_int(PRINT_JSON, "max_tx", NULL, max_tx);
+ print_int(PRINT_ANY, "min_tx", NULL, min_tx);
+ close_json_object();
+ } else {
+ if (max_tx)
+ fprintf(fp, ", max_tx_rate %dMbps", max_tx);
+ if (min_tx)
+ fprintf(fp, ", min_tx_rate %dMbps", min_tx);
+ }
}
- if (vf_spoofchk && vf_spoofchk->setting != -1) {
- if (vf_spoofchk->setting)
- fprintf(fp, ", spoof checking on");
- else
- fprintf(fp, ", spoof checking off");
+ if (vf[IFLA_VF_SPOOFCHK]) {
+ struct ifla_vf_spoofchk *vf_spoofchk =
+ RTA_DATA(vf[IFLA_VF_SPOOFCHK]);
+
+ if (vf_spoofchk->setting != -1)
+ print_bool(PRINT_ANY,
+ "spoofchk",
+ vf_spoofchk->setting ?
+ ", spoof checking on" : ", spoof checking off",
+ vf_spoofchk->setting);
}
- if (vf_linkstate) {
+
+ if (vf[IFLA_VF_LINK_STATE]) {
+ struct ifla_vf_link_state *vf_linkstate =
+ RTA_DATA(vf[IFLA_VF_LINK_STATE]);
+
if (vf_linkstate->link_state == IFLA_VF_LINK_STATE_AUTO)
- fprintf(fp, ", link-state auto");
+ print_string(PRINT_ANY,
+ "link_state",
+ ", link-state %s",
+ "auto");
else if (vf_linkstate->link_state == IFLA_VF_LINK_STATE_ENABLE)
- fprintf(fp, ", link-state enable");
+ print_string(PRINT_ANY,
+ "link_state",
+ ", link-state %s",
+ "enable");
else
- fprintf(fp, ", link-state disable");
+ print_string(PRINT_ANY,
+ "link_state",
+ ", link-state %s",
+ "disable");
}
+
+ if (vf[IFLA_VF_TRUST]) {
+ struct ifla_vf_trust *vf_trust = RTA_DATA(vf[IFLA_VF_TRUST]);
+
+ if (vf_trust->setting != -1)
+ print_bool(PRINT_ANY,
+ "trust",
+ vf_trust->setting ? ", trust on" : ", trust off",
+ vf_trust->setting);
+ }
+
+ if (vf[IFLA_VF_RSS_QUERY_EN]) {
+ struct ifla_vf_rss_query_en *rss_query =
+ RTA_DATA(vf[IFLA_VF_RSS_QUERY_EN]);
+
+ if (rss_query->setting != -1)
+ print_bool(PRINT_ANY,
+ "query_rss_en",
+ rss_query->setting ? ", query_rss on"
+ : ", query_rss off",
+ rss_query->setting);
+ }
+
if (vf[IFLA_VF_STATS] && show_stats)
print_vf_stats64(fp, vf[IFLA_VF_STATS]);
}
-static void print_num(FILE *fp, unsigned width, uint64_t count)
+void print_num(FILE *fp, unsigned int width, uint64_t count)
{
const char *prefix = "kMGTPE";
const unsigned int base = use_iec ? 1024 : 1000;
@@ -407,8 +514,9 @@
}
/* increase value by a factor of 1000/1024 and print
- * if result is something a human can read */
- for(;;) {
+ * if result is something a human can read
+ */
+ for (;;) {
powi *= base;
if (count / base < powi)
break;
@@ -426,14 +534,14 @@
}
snprintf(buf, sizeof(buf), "%.*f%c%s", precision,
- (double) count / powi, *prefix, use_iec ? "i" : "");
+ (double) count / powi, *prefix, use_iec ? "i" : "");
fprintf(fp, "%-*s ", width, buf);
}
static void print_vf_stats64(FILE *fp, struct rtattr *vfstats)
{
- struct rtattr *vf[IFLA_VF_STATS_MAX + 1] = {};
+ struct rtattr *vf[IFLA_VF_STATS_MAX + 1];
if (vfstats->rta_type != IFLA_VF_STATS) {
fprintf(stderr, "BUG: rta type is %d\n", vfstats->rta_type);
@@ -442,166 +550,367 @@
parse_rtattr_nested(vf, IFLA_VF_MAX, vfstats);
- /* RX stats */
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " RX: bytes packets mcast bcast %s", _SL_);
- fprintf(fp, " ");
+ if (is_json_context()) {
+ open_json_object("stats");
- print_num(fp, 10, *(__u64 *)RTA_DATA(vf[IFLA_VF_STATS_RX_BYTES]));
- print_num(fp, 8, *(__u64 *)RTA_DATA(vf[IFLA_VF_STATS_RX_PACKETS]));
- print_num(fp, 7, *(__u64 *)RTA_DATA(vf[IFLA_VF_STATS_MULTICAST]));
- print_num(fp, 7, *(__u64 *)RTA_DATA(vf[IFLA_VF_STATS_BROADCAST]));
+ /* RX stats */
+ open_json_object("rx");
+ print_uint(PRINT_JSON, "bytes", NULL,
+ rta_getattr_u64(vf[IFLA_VF_STATS_RX_BYTES]));
+ print_uint(PRINT_JSON, "packets", NULL,
+ rta_getattr_u64(vf[IFLA_VF_STATS_RX_PACKETS]));
+ print_uint(PRINT_JSON, "multicast", NULL,
+ rta_getattr_u64(vf[IFLA_VF_STATS_MULTICAST]));
+ print_uint(PRINT_JSON, "broadcast", NULL,
+ rta_getattr_u64(vf[IFLA_VF_STATS_BROADCAST]));
+ close_json_object();
- /* TX stats */
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " TX: bytes packets %s", _SL_);
- fprintf(fp, " ");
+ /* TX stats */
+ open_json_object("tx");
+ print_uint(PRINT_JSON, "tx_bytes", NULL,
+ rta_getattr_u64(vf[IFLA_VF_STATS_TX_BYTES]));
+ print_uint(PRINT_JSON, "tx_packets", NULL,
+ rta_getattr_u64(vf[IFLA_VF_STATS_TX_PACKETS]));
+ close_json_object();
+ close_json_object();
+ } else {
+ /* RX stats */
+ fprintf(fp, "%s", _SL_);
+ fprintf(fp, " RX: bytes packets mcast bcast %s", _SL_);
+ fprintf(fp, " ");
- print_num(fp, 10, *(__u64 *)RTA_DATA(vf[IFLA_VF_STATS_TX_BYTES]));
- print_num(fp, 8, *(__u64 *)RTA_DATA(vf[IFLA_VF_STATS_TX_PACKETS]));
+ print_num(fp, 10, rta_getattr_u64(vf[IFLA_VF_STATS_RX_BYTES]));
+ print_num(fp, 8, rta_getattr_u64(vf[IFLA_VF_STATS_RX_PACKETS]));
+ print_num(fp, 7, rta_getattr_u64(vf[IFLA_VF_STATS_MULTICAST]));
+ print_num(fp, 7, rta_getattr_u64(vf[IFLA_VF_STATS_BROADCAST]));
+
+ /* TX stats */
+ fprintf(fp, "%s", _SL_);
+ fprintf(fp, " TX: bytes packets %s", _SL_);
+ fprintf(fp, " ");
+
+ print_num(fp, 10, rta_getattr_u64(vf[IFLA_VF_STATS_TX_BYTES]));
+ print_num(fp, 8, rta_getattr_u64(vf[IFLA_VF_STATS_TX_PACKETS]));
+ }
}
static void print_link_stats64(FILE *fp, const struct rtnl_link_stats64 *s,
- const struct rtattr *carrier_changes)
+ const struct rtattr *carrier_changes)
{
- /* RX stats */
- fprintf(fp, " RX: bytes packets errors dropped overrun mcast %s%s",
- s->rx_compressed ? "compressed" : "", _SL_);
+ if (is_json_context()) {
+ open_json_object("stats644");
- fprintf(fp, " ");
- print_num(fp, 10, s->rx_bytes);
- print_num(fp, 8, s->rx_packets);
- print_num(fp, 7, s->rx_errors);
- print_num(fp, 7, s->rx_dropped);
- print_num(fp, 7, s->rx_over_errors);
- print_num(fp, 7, s->multicast);
- if (s->rx_compressed)
- print_num(fp, 7, s->rx_compressed);
+ /* RX stats */
+ open_json_object("rx");
+ print_uint(PRINT_JSON, "bytes", NULL, s->rx_bytes);
+ print_uint(PRINT_JSON, "packets", NULL, s->rx_packets);
+ print_uint(PRINT_JSON, "errors", NULL, s->rx_errors);
+ print_uint(PRINT_JSON, "dropped", NULL, s->rx_dropped);
+ print_uint(PRINT_JSON, "over_errors", NULL, s->rx_over_errors);
+ print_uint(PRINT_JSON, "multicast", NULL, s->multicast);
+ if (s->rx_compressed)
+ print_uint(PRINT_JSON,
+ "compressed",
+ NULL, s->rx_compressed);
- /* RX error stats */
- if (show_stats > 1) {
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " RX errors: length crc frame fifo missed%s", _SL_);
+ /* RX error stats */
+ if (show_stats > 1) {
+ print_uint(PRINT_JSON,
+ "length_errors",
+ NULL, s->rx_length_errors);
+ print_uint(PRINT_JSON,
+ "crc_errors",
+ NULL, s->rx_crc_errors);
+ print_uint(PRINT_JSON,
+ "frame_errors",
+ NULL, s->rx_frame_errors);
+ print_uint(PRINT_JSON,
+ "fifo_errors",
+ NULL, s->rx_fifo_errors);
+ print_uint(PRINT_JSON,
+ "missed_errors",
+ NULL, s->rx_missed_errors);
+ if (s->rx_nohandler)
+ print_uint(PRINT_JSON,
+ "nohandler", NULL, s->rx_nohandler);
+ }
+ close_json_object();
- fprintf(fp, " ");
- print_num(fp, 8, s->rx_length_errors);
- print_num(fp, 7, s->rx_crc_errors);
- print_num(fp, 7, s->rx_frame_errors);
- print_num(fp, 7, s->rx_fifo_errors);
- print_num(fp, 7, s->rx_missed_errors);
- }
- fprintf(fp, "%s", _SL_);
+ /* TX stats */
+ open_json_object("tx");
+ print_uint(PRINT_JSON, "bytes", NULL, s->tx_bytes);
+ print_uint(PRINT_JSON, "packets", NULL, s->tx_packets);
+ print_uint(PRINT_JSON, "errors", NULL, s->tx_errors);
+ print_uint(PRINT_JSON, "dropped", NULL, s->tx_dropped);
+ print_uint(PRINT_JSON,
+ "carrier_errors",
+ NULL, s->tx_carrier_errors);
+ print_uint(PRINT_JSON, "collisions", NULL, s->collisions);
+ if (s->tx_compressed)
+ print_uint(PRINT_JSON,
+ "compressed",
+ NULL, s->tx_compressed);
- /* TX stats */
- fprintf(fp, " TX: bytes packets errors dropped carrier collsns %s%s",
- s->tx_compressed ? "compressed" : "", _SL_);
+ /* TX error stats */
+ if (show_stats > 1) {
+ print_uint(PRINT_JSON,
+ "aborted_errors",
+ NULL, s->tx_aborted_errors);
+ print_uint(PRINT_JSON,
+ "fifo_errors",
+ NULL, s->tx_fifo_errors);
+ print_uint(PRINT_JSON,
+ "window_errors",
+ NULL, s->tx_window_errors);
+ print_uint(PRINT_JSON,
+ "heartbeat_errors",
+ NULL, s->tx_heartbeat_errors);
+ if (carrier_changes)
+ print_uint(PRINT_JSON, "carrier_changes", NULL,
+ rta_getattr_u32(carrier_changes));
+ }
+ close_json_object();
+ close_json_object();
+ } else {
+ /* RX stats */
+ fprintf(fp, " RX: bytes packets errors dropped overrun mcast %s%s",
+ s->rx_compressed ? "compressed" : "", _SL_);
- fprintf(fp, " ");
- print_num(fp, 10, s->tx_bytes);
- print_num(fp, 8, s->tx_packets);
- print_num(fp, 7, s->tx_errors);
- print_num(fp, 7, s->tx_dropped);
- print_num(fp, 7, s->tx_carrier_errors);
- print_num(fp, 7, s->collisions);
- if (s->tx_compressed)
- print_num(fp, 7, s->tx_compressed);
+ fprintf(fp, " ");
+ print_num(fp, 10, s->rx_bytes);
+ print_num(fp, 8, s->rx_packets);
+ print_num(fp, 7, s->rx_errors);
+ print_num(fp, 7, s->rx_dropped);
+ print_num(fp, 7, s->rx_over_errors);
+ print_num(fp, 7, s->multicast);
+ if (s->rx_compressed)
+ print_num(fp, 7, s->rx_compressed);
- /* TX error stats */
- if (show_stats > 1) {
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " TX errors: aborted fifo window heartbeat");
- if (carrier_changes)
- fprintf(fp, " transns");
+ /* RX error stats */
+ if (show_stats > 1) {
+ fprintf(fp, "%s", _SL_);
+ fprintf(fp, " RX errors: length crc frame fifo missed%s%s",
+ s->rx_nohandler ? " nohandler" : "", _SL_);
+
+ fprintf(fp, " ");
+ print_num(fp, 8, s->rx_length_errors);
+ print_num(fp, 7, s->rx_crc_errors);
+ print_num(fp, 7, s->rx_frame_errors);
+ print_num(fp, 7, s->rx_fifo_errors);
+ print_num(fp, 7, s->rx_missed_errors);
+ if (s->rx_nohandler)
+ print_num(fp, 7, s->rx_nohandler);
+
+ }
fprintf(fp, "%s", _SL_);
- fprintf(fp, " ");
- print_num(fp, 8, s->tx_aborted_errors);
- print_num(fp, 7, s->tx_fifo_errors);
- print_num(fp, 7, s->tx_window_errors);
- print_num(fp, 7, s->tx_heartbeat_errors);
- if (carrier_changes)
- print_num(fp, 7, *(uint32_t*)RTA_DATA(carrier_changes));
+ /* TX stats */
+ fprintf(fp, " TX: bytes packets errors dropped carrier collsns %s%s",
+ s->tx_compressed ? "compressed" : "", _SL_);
+
+ fprintf(fp, " ");
+ print_num(fp, 10, s->tx_bytes);
+ print_num(fp, 8, s->tx_packets);
+ print_num(fp, 7, s->tx_errors);
+ print_num(fp, 7, s->tx_dropped);
+ print_num(fp, 7, s->tx_carrier_errors);
+ print_num(fp, 7, s->collisions);
+ if (s->tx_compressed)
+ print_num(fp, 7, s->tx_compressed);
+
+ /* TX error stats */
+ if (show_stats > 1) {
+ fprintf(fp, "%s", _SL_);
+ fprintf(fp, " TX errors: aborted fifo window heartbeat");
+ if (carrier_changes)
+ fprintf(fp, " transns");
+ fprintf(fp, "%s", _SL_);
+
+ fprintf(fp, " ");
+ print_num(fp, 8, s->tx_aborted_errors);
+ print_num(fp, 7, s->tx_fifo_errors);
+ print_num(fp, 7, s->tx_window_errors);
+ print_num(fp, 7, s->tx_heartbeat_errors);
+ if (carrier_changes)
+ print_num(fp, 7,
+ rta_getattr_u32(carrier_changes));
+ }
}
}
static void print_link_stats32(FILE *fp, const struct rtnl_link_stats *s,
const struct rtattr *carrier_changes)
{
- /* RX stats */
- fprintf(fp, " RX: bytes packets errors dropped overrun mcast %s%s",
- s->rx_compressed ? "compressed" : "", _SL_);
+ if (is_json_context()) {
+ open_json_object("stats");
+
+ /* RX stats */
+ open_json_object("rx");
+ print_uint(PRINT_JSON, "bytes", NULL, s->rx_bytes);
+ print_uint(PRINT_JSON, "packets", NULL, s->rx_packets);
+ print_uint(PRINT_JSON, "errors", NULL, s->rx_errors);
+ print_uint(PRINT_JSON, "dropped", NULL, s->rx_dropped);
+ print_uint(PRINT_JSON, "over_errors", NULL, s->rx_over_errors);
+ print_uint(PRINT_JSON, "multicast", NULL, s->multicast);
+ if (s->rx_compressed)
+ print_int(PRINT_JSON,
+ "compressed",
+ NULL, s->rx_compressed);
+
+ /* RX error stats */
+ if (show_stats > 1) {
+ print_uint(PRINT_JSON,
+ "length_errors",
+ NULL, s->rx_length_errors);
+ print_uint(PRINT_JSON,
+ "crc_errors",
+ NULL, s->rx_crc_errors);
+ print_uint(PRINT_JSON,
+ "frame_errors",
+ NULL, s->rx_frame_errors);
+ print_uint(PRINT_JSON,
+ "fifo_errors",
+ NULL, s->rx_fifo_errors);
+ print_uint(PRINT_JSON,
+ "missed_errors",
+ NULL, s->rx_missed_errors);
+ if (s->rx_nohandler)
+ print_int(PRINT_JSON,
+ "nohandler",
+ NULL, s->rx_nohandler);
+ }
+ close_json_object();
+
+ /* TX stats */
+ open_json_object("tx");
+ print_uint(PRINT_JSON, "bytes", NULL, s->tx_bytes);
+ print_uint(PRINT_JSON, "packets", NULL, s->tx_packets);
+ print_uint(PRINT_JSON, "errors", NULL, s->tx_errors);
+ print_uint(PRINT_JSON, "dropped", NULL, s->tx_dropped);
+ print_uint(PRINT_JSON,
+ "carrier_errors",
+ NULL, s->tx_carrier_errors);
+ print_uint(PRINT_JSON, "collisions", NULL, s->collisions);
+ if (s->tx_compressed)
+ print_int(PRINT_JSON,
+ "compressed",
+ NULL, s->tx_compressed);
+
+ /* TX error stats */
+ if (show_stats > 1) {
+ print_uint(PRINT_JSON,
+ "aborted_errors",
+ NULL, s->tx_aborted_errors);
+ print_uint(PRINT_JSON,
+ "fifo_errors",
+ NULL, s->tx_fifo_errors);
+ print_uint(PRINT_JSON,
+ "window_errors",
+ NULL, s->tx_window_errors);
+ print_uint(PRINT_JSON,
+ "heartbeat_errors",
+ NULL, s->tx_heartbeat_errors);
+ if (carrier_changes)
+ print_uint(PRINT_JSON,
+ "carrier_changes",
+ NULL,
+ rta_getattr_u32(carrier_changes));
+ }
+
+ close_json_object();
+ close_json_object();
+ } else {
+ /* RX stats */
+ fprintf(fp, " RX: bytes packets errors dropped overrun mcast %s%s",
+ s->rx_compressed ? "compressed" : "", _SL_);
- fprintf(fp, " ");
- print_num(fp, 10, s->rx_bytes);
- print_num(fp, 8, s->rx_packets);
- print_num(fp, 7, s->rx_errors);
- print_num(fp, 7, s->rx_dropped);
- print_num(fp, 7, s->rx_over_errors);
- print_num(fp, 7, s->multicast);
- if (s->rx_compressed)
- print_num(fp, 7, s->rx_compressed);
+ fprintf(fp, " ");
+ print_num(fp, 10, s->rx_bytes);
+ print_num(fp, 8, s->rx_packets);
+ print_num(fp, 7, s->rx_errors);
+ print_num(fp, 7, s->rx_dropped);
+ print_num(fp, 7, s->rx_over_errors);
+ print_num(fp, 7, s->multicast);
+ if (s->rx_compressed)
+ print_num(fp, 7, s->rx_compressed);
- /* RX error stats */
- if (show_stats > 1) {
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " RX errors: length crc frame fifo missed%s", _SL_);
- fprintf(fp, " ");
- print_num(fp, 8, s->rx_length_errors);
- print_num(fp, 7, s->rx_crc_errors);
- print_num(fp, 7, s->rx_frame_errors);
- print_num(fp, 7, s->rx_fifo_errors);
- print_num(fp, 7, s->rx_missed_errors);
- }
- fprintf(fp, "%s", _SL_);
-
- /* TX stats */
- fprintf(fp, " TX: bytes packets errors dropped carrier collsns %s%s",
- s->tx_compressed ? "compressed" : "", _SL_);
-
- fprintf(fp, " ");
- print_num(fp, 10, s->tx_bytes);
- print_num(fp, 8, s->tx_packets);
- print_num(fp, 7, s->tx_errors);
- print_num(fp, 7, s->tx_dropped);
- print_num(fp, 7, s->tx_carrier_errors);
- print_num(fp, 7, s->collisions);
- if (s->tx_compressed)
- print_num(fp, 7, s->tx_compressed);
-
- /* TX error stats */
- if (show_stats > 1) {
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " TX errors: aborted fifo window heartbeat");
- if (carrier_changes)
- fprintf(fp, " transns");
+ /* RX error stats */
+ if (show_stats > 1) {
+ fprintf(fp, "%s", _SL_);
+ fprintf(fp, " RX errors: length crc frame fifo missed%s%s",
+ s->rx_nohandler ? " nohandler" : "", _SL_);
+ fprintf(fp, " ");
+ print_num(fp, 8, s->rx_length_errors);
+ print_num(fp, 7, s->rx_crc_errors);
+ print_num(fp, 7, s->rx_frame_errors);
+ print_num(fp, 7, s->rx_fifo_errors);
+ print_num(fp, 7, s->rx_missed_errors);
+ if (s->rx_nohandler)
+ print_num(fp, 7, s->rx_nohandler);
+ }
fprintf(fp, "%s", _SL_);
- fprintf(fp, " ");
- print_num(fp, 8, s->tx_aborted_errors);
- print_num(fp, 7, s->tx_fifo_errors);
- print_num(fp, 7, s->tx_window_errors);
- print_num(fp, 7, s->tx_heartbeat_errors);
- if (carrier_changes)
- print_num(fp, 7, *(uint32_t*)RTA_DATA(carrier_changes));
+ /* TX stats */
+ fprintf(fp, " TX: bytes packets errors dropped carrier collsns %s%s",
+ s->tx_compressed ? "compressed" : "", _SL_);
+
+ fprintf(fp, " ");
+ print_num(fp, 10, s->tx_bytes);
+ print_num(fp, 8, s->tx_packets);
+ print_num(fp, 7, s->tx_errors);
+ print_num(fp, 7, s->tx_dropped);
+ print_num(fp, 7, s->tx_carrier_errors);
+ print_num(fp, 7, s->collisions);
+ if (s->tx_compressed)
+ print_num(fp, 7, s->tx_compressed);
+
+ /* TX error stats */
+ if (show_stats > 1) {
+ fprintf(fp, "%s", _SL_);
+ fprintf(fp, " TX errors: aborted fifo window heartbeat");
+ if (carrier_changes)
+ fprintf(fp, " transns");
+ fprintf(fp, "%s", _SL_);
+
+ fprintf(fp, " ");
+ print_num(fp, 8, s->tx_aborted_errors);
+ print_num(fp, 7, s->tx_fifo_errors);
+ print_num(fp, 7, s->tx_window_errors);
+ print_num(fp, 7, s->tx_heartbeat_errors);
+ if (carrier_changes)
+ print_num(fp, 7,
+ rta_getattr_u32(carrier_changes));
+ }
}
}
static void __print_link_stats(FILE *fp, struct rtattr **tb)
{
- if (tb[IFLA_STATS64])
- print_link_stats64(fp, RTA_DATA(tb[IFLA_STATS64]),
- tb[IFLA_CARRIER_CHANGES]);
- else if (tb[IFLA_STATS])
- print_link_stats32(fp, RTA_DATA(tb[IFLA_STATS]),
- tb[IFLA_CARRIER_CHANGES]);
+ const struct rtattr *carrier_changes = tb[IFLA_CARRIER_CHANGES];
+
+ if (tb[IFLA_STATS64]) {
+ struct rtnl_link_stats64 stats = { 0 };
+
+ memcpy(&stats, RTA_DATA(tb[IFLA_STATS64]),
+ MIN(RTA_PAYLOAD(tb[IFLA_STATS64]), sizeof(stats)));
+
+ print_link_stats64(fp, &stats, carrier_changes);
+ } else if (tb[IFLA_STATS]) {
+ struct rtnl_link_stats stats = { 0 };
+
+ memcpy(&stats, RTA_DATA(tb[IFLA_STATS]),
+ MIN(RTA_PAYLOAD(tb[IFLA_STATS]), sizeof(stats)));
+
+ print_link_stats32(fp, &stats, carrier_changes);
+ }
}
static void print_link_stats(FILE *fp, struct nlmsghdr *n)
{
struct ifinfomsg *ifi = NLMSG_DATA(n);
- struct rtattr * tb[IFLA_MAX+1];
+ struct rtattr *tb[IFLA_MAX+1];
parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi),
n->nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)));
@@ -610,15 +919,16 @@
}
int print_linkinfo_brief(const struct sockaddr_nl *who,
- struct nlmsghdr *n, void *arg)
+ struct nlmsghdr *n, void *arg,
+ struct link_filter *pfilter)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct ifinfomsg *ifi = NLMSG_DATA(n);
- struct rtattr * tb[IFLA_MAX+1];
+ struct rtattr *tb[IFLA_MAX+1];
int len = n->nlmsg_len;
- char *name;
+ const char *name;
char buf[32] = { 0, };
- unsigned m_flag = 0;
+ unsigned int m_flag = 0;
if (n->nlmsg_type != RTM_NEWLINK && n->nlmsg_type != RTM_DELLINK)
return -1;
@@ -627,97 +937,127 @@
if (len < 0)
return -1;
- if (filter.ifindex && ifi->ifi_index != filter.ifindex)
+ if (!pfilter)
+ pfilter = &filter;
+
+ if (pfilter->ifindex && ifi->ifi_index != pfilter->ifindex)
return -1;
- if (filter.up && !(ifi->ifi_flags&IFF_UP))
+ if (pfilter->up && !(ifi->ifi_flags&IFF_UP))
return -1;
parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
if (tb[IFLA_IFNAME] == NULL) {
fprintf(stderr, "BUG: device with ifindex %d has nil ifname\n", ifi->ifi_index);
+ name = "<nil>";
+ } else {
+ name = rta_getattr_str(tb[IFLA_IFNAME]);
}
- if (filter.label &&
- (!filter.family || filter.family == AF_PACKET) &&
- fnmatch(filter.label, RTA_DATA(tb[IFLA_IFNAME]), 0))
+
+ if (pfilter->label &&
+ (!pfilter->family || pfilter->family == AF_PACKET) &&
+ fnmatch(pfilter->label, RTA_DATA(tb[IFLA_IFNAME]), 0))
return -1;
if (tb[IFLA_GROUP]) {
- int group = *(int*)RTA_DATA(tb[IFLA_GROUP]);
- if (filter.group != -1 && group != filter.group)
+ int group = rta_getattr_u32(tb[IFLA_GROUP]);
+
+ if (pfilter->group != -1 && group != pfilter->group)
return -1;
}
if (tb[IFLA_MASTER]) {
- int master = *(int*)RTA_DATA(tb[IFLA_MASTER]);
- if (filter.master > 0 && master != filter.master)
+ int master = rta_getattr_u32(tb[IFLA_MASTER]);
+
+ if (pfilter->master > 0 && master != pfilter->master)
return -1;
- }
- else if (filter.master > 0)
+ } else if (pfilter->master > 0)
return -1;
- if (filter.kind) {
- if (tb[IFLA_LINKINFO]) {
- char *kind = parse_link_kind(tb[IFLA_LINKINFO]);
+ if (pfilter->kind && match_link_kind(tb, pfilter->kind, 0))
+ return -1;
- if (strcmp(kind, filter.kind))
- return -1;
- } else {
- return -1;
- }
- }
+ if (pfilter->slave_kind && match_link_kind(tb, pfilter->slave_kind, 1))
+ return -1;
if (n->nlmsg_type == RTM_DELLINK)
- fprintf(fp, "Deleted ");
-
- name = (char *)(tb[IFLA_IFNAME] ? rta_getattr_str(tb[IFLA_IFNAME]) : "<nil>");
+ print_bool(PRINT_ANY, "deleted", "Deleted ", true);
if (tb[IFLA_LINK]) {
SPRINT_BUF(b1);
- int iflink = *(int*)RTA_DATA(tb[IFLA_LINK]);
- if (iflink == 0)
+ int iflink = rta_getattr_u32(tb[IFLA_LINK]);
+
+ if (iflink == 0) {
snprintf(buf, sizeof(buf), "%s@NONE", name);
- else {
- snprintf(buf, sizeof(buf),
- "%s@%s", name, ll_idx_n2a(iflink, b1));
+ print_null(PRINT_JSON, "link", NULL, NULL);
+ } else {
+ const char *link = ll_idx_n2a(iflink, b1);
+
+ print_string(PRINT_JSON, "link", NULL, link);
+ snprintf(buf, sizeof(buf), "%s@%s", name, link);
m_flag = ll_index_to_flags(iflink);
m_flag = !(m_flag & IFF_UP);
}
} else
snprintf(buf, sizeof(buf), "%s", name);
- fprintf(fp, "%-16s ", buf);
+ print_string(PRINT_FP, NULL, "%-16s ", buf);
+ print_string(PRINT_JSON, "ifname", NULL, name);
if (tb[IFLA_OPERSTATE])
print_operstate(fp, rta_getattr_u8(tb[IFLA_OPERSTATE]));
- if (filter.family == AF_PACKET) {
+ if (pfilter->family == AF_PACKET) {
SPRINT_BUF(b1);
+
if (tb[IFLA_ADDRESS]) {
- color_fprintf(fp, COLOR_MAC, "%s ",
- ll_addr_n2a(RTA_DATA(tb[IFLA_ADDRESS]),
- RTA_PAYLOAD(tb[IFLA_ADDRESS]),
- ifi->ifi_type,
- b1, sizeof(b1)));
+ print_color_string(PRINT_ANY, COLOR_MAC,
+ "address", "%s ",
+ ll_addr_n2a(
+ RTA_DATA(tb[IFLA_ADDRESS]),
+ RTA_PAYLOAD(tb[IFLA_ADDRESS]),
+ ifi->ifi_type,
+ b1, sizeof(b1)));
}
}
- if (filter.family == AF_PACKET)
+ if (pfilter->family == AF_PACKET) {
print_link_flags(fp, ifi->ifi_flags, m_flag);
-
- if (filter.family == AF_PACKET)
- fprintf(fp, "\n");
+ print_string(PRINT_FP, NULL, "%s", "\n");
+ }
fflush(fp);
return 0;
}
+static const char *link_events[] = {
+ [IFLA_EVENT_NONE] = "NONE",
+ [IFLA_EVENT_REBOOT] = "REBOOT",
+ [IFLA_EVENT_FEATURES] = "FEATURE CHANGE",
+ [IFLA_EVENT_BONDING_FAILOVER] = "BONDING FAILOVER",
+ [IFLA_EVENT_NOTIFY_PEERS] = "NOTIFY PEERS",
+ [IFLA_EVENT_IGMP_RESEND] = "RESEND IGMP",
+ [IFLA_EVENT_BONDING_OPTIONS] = "BONDING OPTION"
+};
+
+static void print_link_event(FILE *f, __u32 event)
+{
+ if (event >= ARRAY_SIZE(link_events))
+ print_int(PRINT_ANY, "event", "event %d ", event);
+ else {
+ if (event)
+ print_string(PRINT_ANY,
+ "event", "event %s ",
+ link_events[event]);
+ }
+}
+
int print_linkinfo(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct ifinfomsg *ifi = NLMSG_DATA(n);
- struct rtattr * tb[IFLA_MAX+1];
+ struct rtattr *tb[IFLA_MAX+1];
int len = n->nlmsg_len;
- unsigned m_flag = 0;
+ unsigned int m_flag = 0;
if (n->nlmsg_type != RTM_NEWLINK && n->nlmsg_type != RTM_DELLINK)
return 0;
@@ -732,88 +1072,93 @@
return 0;
parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
- if (tb[IFLA_IFNAME] == NULL) {
+ if (tb[IFLA_IFNAME] == NULL)
fprintf(stderr, "BUG: device with ifindex %d has nil ifname\n", ifi->ifi_index);
- }
+
if (filter.label &&
(!filter.family || filter.family == AF_PACKET) &&
fnmatch(filter.label, RTA_DATA(tb[IFLA_IFNAME]), 0))
return 0;
if (tb[IFLA_GROUP]) {
- int group = *(int*)RTA_DATA(tb[IFLA_GROUP]);
+ int group = rta_getattr_u32(tb[IFLA_GROUP]);
+
if (filter.group != -1 && group != filter.group)
return -1;
}
if (tb[IFLA_MASTER]) {
- int master = *(int*)RTA_DATA(tb[IFLA_MASTER]);
+ int master = rta_getattr_u32(tb[IFLA_MASTER]);
+
if (filter.master > 0 && master != filter.master)
return -1;
- }
- else if (filter.master > 0)
+ } else if (filter.master > 0)
return -1;
- if (filter.kind) {
- if (tb[IFLA_LINKINFO]) {
- char *kind = parse_link_kind(tb[IFLA_LINKINFO]);
+ if (filter.kind && match_link_kind(tb, filter.kind, 0))
+ return -1;
- if (strcmp(kind, filter.kind))
- return -1;
- } else {
- return -1;
- }
- }
+ if (filter.slave_kind && match_link_kind(tb, filter.slave_kind, 1))
+ return -1;
if (n->nlmsg_type == RTM_DELLINK)
- fprintf(fp, "Deleted ");
+ print_bool(PRINT_ANY, "deleted", "Deleted ", true);
- fprintf(fp, "%d: ", ifi->ifi_index);
- color_fprintf(fp, COLOR_IFNAME, "%s",
- tb[IFLA_IFNAME] ? rta_getattr_str(tb[IFLA_IFNAME]) : "<nil>");
+ print_int(PRINT_ANY, "ifindex", "%d: ", ifi->ifi_index);
+ if (tb[IFLA_IFNAME]) {
+ print_color_string(PRINT_ANY,
+ COLOR_IFNAME,
+ "ifname", "%s",
+ rta_getattr_str(tb[IFLA_IFNAME]));
+ } else {
+ print_null(PRINT_JSON, "ifname", NULL, NULL);
+ print_color_null(PRINT_FP, COLOR_IFNAME,
+ "ifname", "%s", "<nil>");
+ }
if (tb[IFLA_LINK]) {
- SPRINT_BUF(b1);
- int iflink = *(int*)RTA_DATA(tb[IFLA_LINK]);
+ int iflink = rta_getattr_u32(tb[IFLA_LINK]);
+
if (iflink == 0)
- fprintf(fp, "@NONE: ");
+ print_null(PRINT_ANY, "link", "@%s: ", "NONE");
else {
if (tb[IFLA_LINK_NETNSID])
- fprintf(fp, "@if%d: ", iflink);
+ print_int(PRINT_ANY,
+ "link_index", "@if%d: ", iflink);
else {
- fprintf(fp, "@%s: ", ll_idx_n2a(iflink, b1));
+ SPRINT_BUF(b1);
+
+ print_string(PRINT_ANY,
+ "link",
+ "@%s: ",
+ ll_idx_n2a(iflink, b1));
m_flag = ll_index_to_flags(iflink);
m_flag = !(m_flag & IFF_UP);
}
}
} else {
- fprintf(fp, ": ");
+ print_string(PRINT_FP, NULL, ": ", NULL);
}
print_link_flags(fp, ifi->ifi_flags, m_flag);
if (tb[IFLA_MTU])
- fprintf(fp, "mtu %u ", *(int*)RTA_DATA(tb[IFLA_MTU]));
+ print_int(PRINT_ANY,
+ "mtu", "mtu %u ",
+ rta_getattr_u32(tb[IFLA_MTU]));
+ if (tb[IFLA_XDP])
+ xdp_dump(fp, tb[IFLA_XDP], do_link, false);
if (tb[IFLA_QDISC])
- fprintf(fp, "qdisc %s ", rta_getattr_str(tb[IFLA_QDISC]));
+ print_string(PRINT_ANY,
+ "qdisc",
+ "qdisc %s ",
+ rta_getattr_str(tb[IFLA_QDISC]));
if (tb[IFLA_MASTER]) {
SPRINT_BUF(b1);
- fprintf(fp, "master %s ", ll_idx_n2a(*(int*)RTA_DATA(tb[IFLA_MASTER]), b1));
- }
- if (tb[IFLA_PHYS_PORT_ID]) {
- SPRINT_BUF(b1);
- fprintf(fp, "portid %s ",
- hexstring_n2a(RTA_DATA(tb[IFLA_PHYS_PORT_ID]),
- RTA_PAYLOAD(tb[IFLA_PHYS_PORT_ID]),
- b1, sizeof(b1)));
- }
-
- if (tb[IFLA_PHYS_SWITCH_ID]) {
- SPRINT_BUF(b1);
- fprintf(fp, "switchid %s ",
- hexstring_n2a(RTA_DATA(tb[IFLA_PHYS_SWITCH_ID]),
- RTA_PAYLOAD(tb[IFLA_PHYS_SWITCH_ID]),
- b1, sizeof(b1)));
+ print_string(PRINT_ANY,
+ "master",
+ "master %s ",
+ ll_idx_n2a(rta_getattr_u32(tb[IFLA_MASTER]), b1));
}
if (tb[IFLA_OPERSTATE])
@@ -824,79 +1169,173 @@
if (tb[IFLA_GROUP]) {
SPRINT_BUF(b1);
- int group = *(int*)RTA_DATA(tb[IFLA_GROUP]);
- fprintf(fp, "group %s ", rtnl_group_n2a(group, b1, sizeof(b1)));
+ int group = rta_getattr_u32(tb[IFLA_GROUP]);
+
+ print_string(PRINT_ANY,
+ "group",
+ "group %s ",
+ rtnl_group_n2a(group, b1, sizeof(b1)));
}
if (filter.showqueue)
print_queuelen(fp, tb);
+ if (tb[IFLA_EVENT])
+ print_link_event(fp, rta_getattr_u32(tb[IFLA_EVENT]));
+
if (!filter.family || filter.family == AF_PACKET || show_details) {
SPRINT_BUF(b1);
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " link/%s ", ll_type_n2a(ifi->ifi_type, b1, sizeof(b1)));
+ print_string(PRINT_FP, NULL, "%s", _SL_);
+ print_string(PRINT_ANY,
+ "link_type",
+ " link/%s ",
+ ll_type_n2a(ifi->ifi_type, b1, sizeof(b1)));
if (tb[IFLA_ADDRESS]) {
- color_fprintf(fp, COLOR_MAC, "%s",
- ll_addr_n2a(RTA_DATA(tb[IFLA_ADDRESS]),
- RTA_PAYLOAD(tb[IFLA_ADDRESS]),
- ifi->ifi_type,
- b1, sizeof(b1)));
+ print_color_string(PRINT_ANY,
+ COLOR_MAC,
+ "address",
+ "%s",
+ ll_addr_n2a(RTA_DATA(tb[IFLA_ADDRESS]),
+ RTA_PAYLOAD(tb[IFLA_ADDRESS]),
+ ifi->ifi_type,
+ b1, sizeof(b1)));
}
if (tb[IFLA_BROADCAST]) {
- if (ifi->ifi_flags&IFF_POINTOPOINT)
- fprintf(fp, " peer ");
- else
- fprintf(fp, " brd ");
- fprintf(fp, "%s", ll_addr_n2a(RTA_DATA(tb[IFLA_BROADCAST]),
- RTA_PAYLOAD(tb[IFLA_BROADCAST]),
- ifi->ifi_type,
- b1, sizeof(b1)));
+ if (ifi->ifi_flags&IFF_POINTOPOINT) {
+ print_string(PRINT_FP, NULL, " peer ", NULL);
+ print_bool(PRINT_JSON,
+ "link_pointtopoint", NULL, true);
+ } else {
+ print_string(PRINT_FP, NULL, " brd ", NULL);
+ }
+ print_color_string(PRINT_ANY,
+ COLOR_MAC,
+ "broadcast",
+ "%s",
+ ll_addr_n2a(RTA_DATA(tb[IFLA_BROADCAST]),
+ RTA_PAYLOAD(tb[IFLA_BROADCAST]),
+ ifi->ifi_type,
+ b1, sizeof(b1)));
}
}
if (tb[IFLA_LINK_NETNSID]) {
- int id = *(int*)RTA_DATA(tb[IFLA_LINK_NETNSID]);
+ int id = rta_getattr_u32(tb[IFLA_LINK_NETNSID]);
- if (id >= 0)
- fprintf(fp, " link-netnsid %d", id);
- else
- fprintf(fp, " link-netnsid unknown");
+ if (is_json_context()) {
+ print_int(PRINT_JSON, "link_netnsid", NULL, id);
+ } else {
+ if (id >= 0)
+ print_int(PRINT_FP, NULL,
+ " link-netnsid %d", id);
+ else
+ print_string(PRINT_FP, NULL,
+ " link-netnsid %s", "unknown");
+ }
}
if (tb[IFLA_PROTO_DOWN]) {
if (rta_getattr_u8(tb[IFLA_PROTO_DOWN]))
- fprintf(fp, " protodown on ");
+ print_bool(PRINT_ANY,
+ "proto_down", " protodown on ", true);
}
- if (tb[IFLA_PROMISCUITY] && show_details)
- fprintf(fp, " promiscuity %u ",
- *(int*)RTA_DATA(tb[IFLA_PROMISCUITY]));
+ if (show_details) {
+ if (tb[IFLA_PROMISCUITY])
+ print_uint(PRINT_ANY,
+ "promiscuity",
+ " promiscuity %u ",
+ rta_getattr_u32(tb[IFLA_PROMISCUITY]));
- if (tb[IFLA_LINKINFO] && show_details)
- print_linktype(fp, tb[IFLA_LINKINFO]);
+ if (tb[IFLA_LINKINFO])
+ print_linktype(fp, tb[IFLA_LINKINFO]);
- if (do_link && tb[IFLA_AF_SPEC] && show_details)
- print_af_spec(fp, tb[IFLA_AF_SPEC]);
+ if (do_link && tb[IFLA_AF_SPEC])
+ print_af_spec(fp, tb[IFLA_AF_SPEC]);
+
+ if (tb[IFLA_NUM_TX_QUEUES])
+ print_uint(PRINT_ANY,
+ "num_tx_queues",
+ "numtxqueues %u ",
+ rta_getattr_u32(tb[IFLA_NUM_TX_QUEUES]));
+
+ if (tb[IFLA_NUM_RX_QUEUES])
+ print_uint(PRINT_ANY,
+ "num_rx_queues",
+ "numrxqueues %u ",
+ rta_getattr_u32(tb[IFLA_NUM_RX_QUEUES]));
+
+ if (tb[IFLA_GSO_MAX_SIZE])
+ print_uint(PRINT_ANY,
+ "gso_max_size",
+ "gso_max_size %u ",
+ rta_getattr_u32(tb[IFLA_GSO_MAX_SIZE]));
+
+ if (tb[IFLA_GSO_MAX_SEGS])
+ print_uint(PRINT_ANY,
+ "gso_max_segs",
+ "gso_max_segs %u ",
+ rta_getattr_u32(tb[IFLA_GSO_MAX_SEGS]));
+
+ if (tb[IFLA_PHYS_PORT_NAME])
+ print_string(PRINT_ANY,
+ "phys_port_name",
+ "portname %s ",
+ rta_getattr_str(tb[IFLA_PHYS_PORT_NAME]));
+
+ if (tb[IFLA_PHYS_PORT_ID]) {
+ SPRINT_BUF(b1);
+ print_string(PRINT_ANY,
+ "phys_port_id",
+ "portid %s ",
+ hexstring_n2a(
+ RTA_DATA(tb[IFLA_PHYS_PORT_ID]),
+ RTA_PAYLOAD(tb[IFLA_PHYS_PORT_ID]),
+ b1, sizeof(b1)));
+ }
+
+ if (tb[IFLA_PHYS_SWITCH_ID]) {
+ SPRINT_BUF(b1);
+ print_string(PRINT_ANY,
+ "phys_switch_id",
+ "switchid %s ",
+ hexstring_n2a(RTA_DATA(tb[IFLA_PHYS_SWITCH_ID]),
+ RTA_PAYLOAD(tb[IFLA_PHYS_SWITCH_ID]),
+ b1, sizeof(b1)));
+ }
+ }
if ((do_link || show_details) && tb[IFLA_IFALIAS]) {
- fprintf(fp, "%s alias %s", _SL_,
- rta_getattr_str(tb[IFLA_IFALIAS]));
+ print_string(PRINT_FP, NULL, "%s ", _SL_);
+ print_string(PRINT_ANY,
+ "ifalias",
+ "alias %s",
+ rta_getattr_str(tb[IFLA_IFALIAS]));
}
+ if ((do_link || show_details) && tb[IFLA_XDP])
+ xdp_dump(fp, tb[IFLA_XDP], true, true);
+
if (do_link && show_stats) {
- fprintf(fp, "%s", _SL_);
+ print_string(PRINT_FP, NULL, "%s", _SL_);
__print_link_stats(fp, tb);
}
if ((do_link || show_details) && tb[IFLA_VFINFO_LIST] && tb[IFLA_NUM_VF]) {
struct rtattr *i, *vflist = tb[IFLA_VFINFO_LIST];
int rem = RTA_PAYLOAD(vflist);
- for (i = RTA_DATA(vflist); RTA_OK(i, rem); i = RTA_NEXT(i, rem))
+
+ open_json_array(PRINT_JSON, "vfinfo_list");
+ for (i = RTA_DATA(vflist); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ open_json_object(NULL);
print_vfinfo(fp, i);
+ close_json_object();
+ }
+ close_json_array(PRINT_JSON, NULL);
}
- fprintf(fp, "\n");
+ print_string(PRINT_FP, NULL, "\n", NULL);
fflush(fp);
return 1;
}
@@ -935,7 +1374,104 @@
struct rtattr *ifa_flags_attr)
{
return ifa_flags_attr ? rta_getattr_u32(ifa_flags_attr) :
- ifa->ifa_flags;
+ ifa->ifa_flags;
+}
+
+/* Mapping from argument to address flag mask */
+struct {
+ const char *name;
+ unsigned long value;
+} ifa_flag_names[] = {
+ { "secondary", IFA_F_SECONDARY },
+ { "temporary", IFA_F_SECONDARY },
+ { "nodad", IFA_F_NODAD },
+ { "optimistic", IFA_F_OPTIMISTIC },
+ { "dadfailed", IFA_F_DADFAILED },
+ { "home", IFA_F_HOMEADDRESS },
+ { "deprecated", IFA_F_DEPRECATED },
+ { "tentative", IFA_F_TENTATIVE },
+ { "permanent", IFA_F_PERMANENT },
+ { "mngtmpaddr", IFA_F_MANAGETEMPADDR },
+ { "noprefixroute", IFA_F_NOPREFIXROUTE },
+ { "autojoin", IFA_F_MCAUTOJOIN },
+ { "stable-privacy", IFA_F_STABLE_PRIVACY },
+};
+
+static void print_ifa_flags(FILE *fp, const struct ifaddrmsg *ifa,
+ unsigned int flags)
+{
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(ifa_flag_names); i++) {
+ unsigned long mask = ifa_flag_names[i].value;
+
+ if (mask == IFA_F_PERMANENT) {
+ if (!(flags & mask))
+ print_bool(PRINT_ANY,
+ "dynamic", "dynamic ", true);
+ } else if (flags & mask) {
+ if (mask == IFA_F_SECONDARY &&
+ ifa->ifa_family == AF_INET6) {
+ print_bool(PRINT_ANY,
+ "temporary", "temporary ", true);
+ } else {
+ print_string(PRINT_FP, NULL,
+ "%s ", ifa_flag_names[i].name);
+ print_bool(PRINT_JSON,
+ ifa_flag_names[i].name, NULL, true);
+ }
+ }
+
+ flags &= ~mask;
+ }
+
+ if (flags) {
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "%02x", flags);
+ print_string(PRINT_JSON, "ifa_flags", NULL, b1);
+ } else {
+ fprintf(fp, "flags %02x ", flags);
+ }
+ }
+
+}
+
+static int get_filter(const char *arg)
+{
+ unsigned int i;
+
+ /* Special cases */
+ if (strcmp(arg, "dynamic") == 0) {
+ filter.flags &= ~IFA_F_PERMANENT;
+ filter.flagmask |= IFA_F_PERMANENT;
+ } else if (strcmp(arg, "primary") == 0) {
+ filter.flags &= ~IFA_F_SECONDARY;
+ filter.flagmask |= IFA_F_SECONDARY;
+ } else if (*arg == '-') {
+ for (i = 0; i < ARRAY_SIZE(ifa_flag_names); i++) {
+ if (strcmp(arg + 1, ifa_flag_names[i].name))
+ continue;
+
+ filter.flags &= ifa_flag_names[i].value;
+ filter.flagmask |= ifa_flag_names[i].value;
+ return 0;
+ }
+
+ return -1;
+ } else {
+ for (i = 0; i < ARRAY_SIZE(ifa_flag_names); i++) {
+ if (strcmp(arg, ifa_flag_names[i].name))
+ continue;
+ filter.flags |= ifa_flag_names[i].value;
+ filter.flagmask |= ifa_flag_names[i].value;
+ return 0;
+ }
+ return -1;
+ }
+
+ return 0;
}
int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n,
@@ -944,11 +1480,9 @@
FILE *fp = arg;
struct ifaddrmsg *ifa = NLMSG_DATA(n);
int len = n->nlmsg_len;
- int deprecated = 0;
- /* Use local copy of ifa_flags to not interfere with filtering code */
unsigned int ifa_flags;
- struct rtattr * rta_tb[IFA_MAX+1];
- char abuf[256];
+ struct rtattr *rta_tb[IFA_MAX+1];
+
SPRINT_BUF(b1);
if (n->nlmsg_type != RTM_NEWADDR && n->nlmsg_type != RTM_DELADDR)
@@ -981,6 +1515,7 @@
if (filter.label) {
SPRINT_BUF(b1);
const char *label;
+
if (rta_tb[IFA_LABEL])
label = RTA_DATA(rta_tb[IFA_LABEL]);
else
@@ -990,9 +1525,8 @@
}
if (filter.pfx.family) {
if (rta_tb[IFA_LOCAL]) {
- inet_prefix dst;
- memset(&dst, 0, sizeof(dst));
- dst.family = ifa->ifa_family;
+ inet_prefix dst = { .family = ifa->ifa_family };
+
memcpy(&dst.data, RTA_DATA(rta_tb[IFA_LOCAL]), RTA_PAYLOAD(rta_tb[IFA_LOCAL]));
if (inet_addr_match(&dst, &filter.pfx, filter.pfx.bitlen))
return 0;
@@ -1004,183 +1538,164 @@
if (filter.flushb) {
struct nlmsghdr *fn;
+
if (NLMSG_ALIGN(filter.flushp) + n->nlmsg_len > filter.flushe) {
if (flush_update())
return -1;
}
- fn = (struct nlmsghdr*)(filter.flushb + NLMSG_ALIGN(filter.flushp));
+ fn = (struct nlmsghdr *)(filter.flushb + NLMSG_ALIGN(filter.flushp));
memcpy(fn, n, n->nlmsg_len);
fn->nlmsg_type = RTM_DELADDR;
fn->nlmsg_flags = NLM_F_REQUEST;
fn->nlmsg_seq = ++rth.seq;
- filter.flushp = (((char*)fn) + n->nlmsg_len) - filter.flushb;
+ filter.flushp = (((char *)fn) + n->nlmsg_len) - filter.flushb;
filter.flushed++;
if (show_stats < 2)
return 0;
}
if (n->nlmsg_type == RTM_DELADDR)
- fprintf(fp, "Deleted ");
+ print_bool(PRINT_ANY, "deleted", "Deleted ", true);
if (!brief) {
- if (filter.oneline || filter.flushb)
- fprintf(fp, "%u: %s", ifa->ifa_index, ll_index_to_name(ifa->ifa_index));
+ if (filter.oneline || filter.flushb) {
+ const char *dev = ll_index_to_name(ifa->ifa_index);
+
+ if (is_json_context()) {
+ print_int(PRINT_JSON,
+ "index", NULL, ifa->ifa_index);
+ print_string(PRINT_JSON, "dev", NULL, dev);
+ } else {
+ fprintf(fp, "%u: %s", ifa->ifa_index, dev);
+ }
+ }
+
+ int family = ifa->ifa_family;
+
if (ifa->ifa_family == AF_INET)
- fprintf(fp, " inet ");
+ print_string(PRINT_ANY, "family", " %s ", "inet");
else if (ifa->ifa_family == AF_INET6)
- fprintf(fp, " inet6 ");
+ print_string(PRINT_ANY, "family", " %s ", "inet6");
else if (ifa->ifa_family == AF_DECnet)
- fprintf(fp, " dnet ");
+ print_string(PRINT_ANY, "family", " %s ", "dnet");
else if (ifa->ifa_family == AF_IPX)
- fprintf(fp, " ipx ");
+ print_string(PRINT_ANY, "family", " %s ", "ipx");
else
- fprintf(fp, " family %d ", ifa->ifa_family);
+ print_int(PRINT_ANY,
+ "family_index",
+ " family %d ", family);
}
if (rta_tb[IFA_LOCAL]) {
- if (ifa->ifa_family == AF_INET)
- color_fprintf(fp, COLOR_INET, "%s", format_host(ifa->ifa_family,
- RTA_PAYLOAD(rta_tb[IFA_LOCAL]),
- RTA_DATA(rta_tb[IFA_LOCAL]),
- abuf, sizeof(abuf)));
- else if (ifa->ifa_family == AF_INET6)
- color_fprintf(fp, COLOR_INET6, "%s", format_host(ifa->ifa_family,
- RTA_PAYLOAD(rta_tb[IFA_LOCAL]),
- RTA_DATA(rta_tb[IFA_LOCAL]),
- abuf, sizeof(abuf)));
- else
- fprintf(fp, "%s", format_host(ifa->ifa_family,
- RTA_PAYLOAD(rta_tb[IFA_LOCAL]),
- RTA_DATA(rta_tb[IFA_LOCAL]),
- abuf, sizeof(abuf)));
-
- if (rta_tb[IFA_ADDRESS] == NULL ||
- memcmp(RTA_DATA(rta_tb[IFA_ADDRESS]), RTA_DATA(rta_tb[IFA_LOCAL]),
- ifa->ifa_family == AF_INET ? 4 : 16) == 0) {
- fprintf(fp, "/%d ", ifa->ifa_prefixlen);
- } else {
- fprintf(fp, " peer %s/%d ",
- format_host(ifa->ifa_family,
- RTA_PAYLOAD(rta_tb[IFA_ADDRESS]),
- RTA_DATA(rta_tb[IFA_ADDRESS]),
- abuf, sizeof(abuf)),
- ifa->ifa_prefixlen);
+ print_color_string(PRINT_ANY,
+ ifa_family_color(ifa->ifa_family),
+ "local", "%s",
+ format_host_rta(ifa->ifa_family,
+ rta_tb[IFA_LOCAL]));
+ if (rta_tb[IFA_ADDRESS] &&
+ memcmp(RTA_DATA(rta_tb[IFA_ADDRESS]),
+ RTA_DATA(rta_tb[IFA_LOCAL]),
+ ifa->ifa_family == AF_INET ? 4 : 16)) {
+ print_string(PRINT_FP, NULL, " %s ", "peer");
+ print_color_string(PRINT_ANY,
+ ifa_family_color(ifa->ifa_family),
+ "address",
+ "%s",
+ format_host_rta(ifa->ifa_family,
+ rta_tb[IFA_ADDRESS]));
}
+ print_int(PRINT_ANY, "prefixlen", "/%d ", ifa->ifa_prefixlen);
}
if (brief)
goto brief_exit;
if (rta_tb[IFA_BROADCAST]) {
- fprintf(fp, "brd %s ",
- format_host(ifa->ifa_family,
- RTA_PAYLOAD(rta_tb[IFA_BROADCAST]),
- RTA_DATA(rta_tb[IFA_BROADCAST]),
- abuf, sizeof(abuf)));
+ print_string(PRINT_FP, NULL, "%s ", "brd");
+ print_color_string(PRINT_ANY,
+ ifa_family_color(ifa->ifa_family),
+ "broadcast",
+ "%s ",
+ format_host_rta(ifa->ifa_family,
+ rta_tb[IFA_BROADCAST]));
}
+
if (rta_tb[IFA_ANYCAST]) {
- fprintf(fp, "any %s ",
- format_host(ifa->ifa_family,
- RTA_PAYLOAD(rta_tb[IFA_ANYCAST]),
- RTA_DATA(rta_tb[IFA_ANYCAST]),
- abuf, sizeof(abuf)));
+ print_string(PRINT_FP, NULL, "%s ", "any");
+ print_color_string(PRINT_ANY,
+ ifa_family_color(ifa->ifa_family),
+ "anycast",
+ "%s ",
+ format_host_rta(ifa->ifa_family,
+ rta_tb[IFA_ANYCAST]));
}
- fprintf(fp, "scope %s ", rtnl_rtscope_n2a(ifa->ifa_scope, b1, sizeof(b1)));
- if (ifa_flags & IFA_F_SECONDARY) {
- ifa_flags &= ~IFA_F_SECONDARY;
- if (ifa->ifa_family == AF_INET6)
- fprintf(fp, "temporary ");
- else
- fprintf(fp, "secondary ");
- }
- if (ifa_flags & IFA_F_TENTATIVE) {
- ifa_flags &= ~IFA_F_TENTATIVE;
- fprintf(fp, "tentative ");
- }
- if (ifa_flags & IFA_F_DEPRECATED) {
- ifa_flags &= ~IFA_F_DEPRECATED;
- deprecated = 1;
- fprintf(fp, "deprecated ");
- }
- if (ifa_flags & IFA_F_HOMEADDRESS) {
- ifa_flags &= ~IFA_F_HOMEADDRESS;
- fprintf(fp, "home ");
- }
- if (ifa_flags & IFA_F_NODAD) {
- ifa_flags &= ~IFA_F_NODAD;
- fprintf(fp, "nodad ");
- }
- if (ifa_flags & IFA_F_MANAGETEMPADDR) {
- ifa_flags &= ~IFA_F_MANAGETEMPADDR;
- fprintf(fp, "mngtmpaddr ");
- }
- if (ifa_flags & IFA_F_NOPREFIXROUTE) {
- ifa_flags &= ~IFA_F_NOPREFIXROUTE;
- fprintf(fp, "noprefixroute ");
- }
- if (ifa_flags & IFA_F_MCAUTOJOIN) {
- ifa_flags &= ~IFA_F_MCAUTOJOIN;
- fprintf(fp, "autojoin ");
- }
- if (!(ifa_flags & IFA_F_PERMANENT)) {
- fprintf(fp, "dynamic ");
- } else
- ifa_flags &= ~IFA_F_PERMANENT;
- if (ifa_flags & IFA_F_DADFAILED) {
- ifa_flags &= ~IFA_F_DADFAILED;
- fprintf(fp, "dadfailed ");
- }
- if (ifa_flags)
- fprintf(fp, "flags %02x ", ifa_flags);
+
+ print_string(PRINT_ANY,
+ "scope",
+ "scope %s ",
+ rtnl_rtscope_n2a(ifa->ifa_scope, b1, sizeof(b1)));
+
+ print_ifa_flags(fp, ifa, ifa_flags);
+
if (rta_tb[IFA_LABEL])
- fprintf(fp, "%s", rta_getattr_str(rta_tb[IFA_LABEL]));
+ print_string(PRINT_ANY,
+ "label",
+ "%s",
+ rta_getattr_str(rta_tb[IFA_LABEL]));
+
if (rta_tb[IFA_CACHEINFO]) {
struct ifa_cacheinfo *ci = RTA_DATA(rta_tb[IFA_CACHEINFO]);
- fprintf(fp, "%s", _SL_);
- fprintf(fp, " valid_lft ");
- if (ci->ifa_valid == INFINITY_LIFE_TIME)
- fprintf(fp, "forever");
- else
- fprintf(fp, "%usec", ci->ifa_valid);
- fprintf(fp, " preferred_lft ");
- if (ci->ifa_prefered == INFINITY_LIFE_TIME)
- fprintf(fp, "forever");
- else {
- if (deprecated)
- fprintf(fp, "%dsec", ci->ifa_prefered);
+
+ print_string(PRINT_FP, NULL, "%s", _SL_);
+ print_string(PRINT_FP, NULL, " valid_lft ", NULL);
+
+ if (ci->ifa_valid == INFINITY_LIFE_TIME) {
+ print_uint(PRINT_JSON,
+ "valid_life_time",
+ NULL, INFINITY_LIFE_TIME);
+ print_string(PRINT_FP, NULL, "%s", "forever");
+ } else {
+ print_uint(PRINT_ANY,
+ "valid_life_time", "%usec", ci->ifa_valid);
+ }
+
+ print_string(PRINT_FP, NULL, " preferred_lft ", NULL);
+ if (ci->ifa_prefered == INFINITY_LIFE_TIME) {
+ print_uint(PRINT_JSON,
+ "preferred_life_time",
+ NULL, INFINITY_LIFE_TIME);
+ print_string(PRINT_FP, NULL, "%s", "forever");
+ } else {
+ if (ifa_flags & IFA_F_DEPRECATED)
+ print_int(PRINT_ANY,
+ "preferred_life_time",
+ "%dsec",
+ ci->ifa_prefered);
else
- fprintf(fp, "%usec", ci->ifa_prefered);
+ print_uint(PRINT_ANY,
+ "preferred_life_time",
+ "%usec",
+ ci->ifa_prefered);
}
}
- fprintf(fp, "\n");
+ print_string(PRINT_FP, NULL, "%s", "\n");
brief_exit:
fflush(fp);
return 0;
}
-struct nlmsg_list
-{
- struct nlmsg_list *next;
- struct nlmsghdr h;
-};
-
-struct nlmsg_chain
-{
- struct nlmsg_list *head;
- struct nlmsg_list *tail;
-};
-
static int print_selected_addrinfo(struct ifinfomsg *ifi,
struct nlmsg_list *ainfo, FILE *fp)
{
- for ( ;ainfo ; ainfo = ainfo->next) {
+ open_json_array(PRINT_JSON, "addr_info");
+ for ( ; ainfo ; ainfo = ainfo->next) {
struct nlmsghdr *n = &ainfo->h;
struct ifaddrmsg *ifa = NLMSG_DATA(n);
if (n->nlmsg_type != RTM_NEWADDR)
continue;
- if (n->nlmsg_len < NLMSG_LENGTH(sizeof(ifa)))
+ if (n->nlmsg_len < NLMSG_LENGTH(sizeof(*ifa)))
return -1;
if (ifa->ifa_index != ifi->ifi_index ||
@@ -1190,10 +1705,14 @@
if (filter.up && !(ifi->ifi_flags&IFF_UP))
continue;
+ open_json_object(NULL);
print_addrinfo(NULL, n, fp);
+ close_json_object();
}
+ close_json_array(PRINT_JSON, NULL);
+
if (brief) {
- fprintf(fp, "\n");
+ print_string(PRINT_FP, NULL, "%s", "\n");
fflush(fp);
}
return 0;
@@ -1206,7 +1725,7 @@
struct nlmsg_chain *lchain = (struct nlmsg_chain *)arg;
struct nlmsg_list *h;
- h = malloc(n->nlmsg_len+sizeof(void*));
+ h = malloc(n->nlmsg_len+sizeof(void *));
if (h == NULL)
return -1;
@@ -1282,17 +1801,31 @@
{
struct ifaddrmsg *ifa = NLMSG_DATA(n);
- printf("if%d:\n", ifa->ifa_index);
+ open_json_object(NULL);
+ print_int(PRINT_ANY, "index", "if%d:\n", ifa->ifa_index);
print_addrinfo(NULL, n, stdout);
+ close_json_object();
return 0;
}
static int ipaddr_showdump(void)
{
+ int err;
+
if (ipadd_dump_check_magic())
exit(-1);
- exit(rtnl_from_file(stdin, &show_handler, NULL));
+ new_json_obj(json);
+ open_json_object(NULL);
+ open_json_array(PRINT_JSON, "addr_info");
+
+ err = rtnl_from_file(stdin, &show_handler, NULL);
+
+ close_json_array(PRINT_JSON, NULL);
+ close_json_object();
+ delete_json_obj();
+
+ exit(err);
}
static int restore_handler(const struct sockaddr_nl *nl,
@@ -1320,7 +1853,7 @@
exit(rtnl_from_file(stdin, &restore_handler, NULL));
}
-static void free_nlmsg_chain(struct nlmsg_chain *info)
+void free_nlmsg_chain(struct nlmsg_chain *info)
{
struct nlmsg_list *l, *n;
@@ -1335,7 +1868,7 @@
struct nlmsg_list *l, **lp;
lp = &linfo->head;
- while ( (l = *lp) != NULL) {
+ while ((l = *lp) != NULL) {
int ok = 0;
int missing_net_address = 1;
struct ifinfomsg *ifi = NLMSG_DATA(&l->h);
@@ -1365,9 +1898,10 @@
tb[IFA_LOCAL] = tb[IFA_ADDRESS];
if (filter.pfx.family && tb[IFA_LOCAL]) {
- inet_prefix dst;
- memset(&dst, 0, sizeof(dst));
- dst.family = ifa->ifa_family;
+ inet_prefix dst = {
+ .family = ifa->ifa_family
+ };
+
memcpy(&dst.data, RTA_DATA(tb[IFA_LOCAL]), RTA_PAYLOAD(tb[IFA_LOCAL]));
if (inet_addr_match(&dst, &filter.pfx, filter.pfx.bitlen))
continue;
@@ -1375,6 +1909,7 @@
if (filter.label) {
SPRINT_BUF(b1);
const char *label;
+
if (tb[IFA_LABEL])
label = RTA_DATA(tb[IFA_LABEL]);
else
@@ -1424,7 +1959,7 @@
if (round == 0)
printf("Nothing to flush.\n");
else
- printf("*** Flush is complete after %d round%s ***\n", round, round>1?"s":"");
+ printf("*** Flush is complete after %d round%s ***\n", round, round > 1?"s":"");
}
fflush(stdout);
return 0;
@@ -1451,10 +1986,73 @@
return 1;
}
+static int iplink_filter_req(struct nlmsghdr *nlh, int reqlen)
+{
+ int err;
+
+ err = addattr32(nlh, reqlen, IFLA_EXT_MASK, RTEXT_FILTER_VF);
+ if (err)
+ return err;
+
+ if (filter.master) {
+ err = addattr32(nlh, reqlen, IFLA_MASTER, filter.master);
+ if (err)
+ return err;
+ }
+
+ if (filter.kind) {
+ struct rtattr *linkinfo;
+
+ linkinfo = addattr_nest(nlh, reqlen, IFLA_LINKINFO);
+
+ err = addattr_l(nlh, reqlen, IFLA_INFO_KIND, filter.kind,
+ strlen(filter.kind));
+ if (err)
+ return err;
+
+ addattr_nest_end(nlh, linkinfo);
+ }
+
+ return 0;
+}
+
+/* fills in linfo with link data and optionally ainfo with address info
+ * caller can walk lists as desired and must call free_nlmsg_chain for
+ * both when done
+ */
+int ip_linkaddr_list(int family, req_filter_fn_t filter_fn,
+ struct nlmsg_chain *linfo, struct nlmsg_chain *ainfo)
+{
+ if (rtnl_wilddump_req_filter_fn(&rth, preferred_family, RTM_GETLINK,
+ filter_fn) < 0) {
+ perror("Cannot send dump request");
+ return 1;
+ }
+
+ if (rtnl_dump_filter(&rth, store_nlmsg, linfo) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return 1;
+ }
+
+ if (ainfo) {
+ if (rtnl_wilddump_request(&rth, family, RTM_GETADDR) < 0) {
+ perror("Cannot send dump request");
+ return 1;
+ }
+
+ if (rtnl_dump_filter(&rth, store_nlmsg, ainfo) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
static int ipaddr_list_flush_or_save(int argc, char **argv, int action)
{
struct nlmsg_chain linfo = { NULL, NULL};
- struct nlmsg_chain ainfo = { NULL, NULL};
+ struct nlmsg_chain _ainfo = { NULL, NULL}, *ainfo = NULL;
struct nlmsg_list *l;
char *filter_dev = NULL;
int no_link = 0;
@@ -1483,7 +2081,8 @@
if (filter.family == AF_UNSPEC)
filter.family = filter.pfx.family;
} else if (strcmp(*argv, "scope") == 0) {
- unsigned scope = 0;
+ unsigned int scope = 0;
+
NEXT_ARG();
filter.scopemask = -1;
if (rtnl_rtscope_a2n(&scope, *argv)) {
@@ -1495,52 +2094,8 @@
filter.scope = scope;
} else if (strcmp(*argv, "up") == 0) {
filter.up = 1;
- } else if (strcmp(*argv, "dynamic") == 0) {
- filter.flags &= ~IFA_F_PERMANENT;
- filter.flagmask |= IFA_F_PERMANENT;
- } else if (strcmp(*argv, "permanent") == 0) {
- filter.flags |= IFA_F_PERMANENT;
- filter.flagmask |= IFA_F_PERMANENT;
- } else if (strcmp(*argv, "secondary") == 0 ||
- strcmp(*argv, "temporary") == 0) {
- filter.flags |= IFA_F_SECONDARY;
- filter.flagmask |= IFA_F_SECONDARY;
- } else if (strcmp(*argv, "primary") == 0) {
- filter.flags &= ~IFA_F_SECONDARY;
- filter.flagmask |= IFA_F_SECONDARY;
- } else if (strcmp(*argv, "tentative") == 0) {
- filter.flags |= IFA_F_TENTATIVE;
- filter.flagmask |= IFA_F_TENTATIVE;
- } else if (strcmp(*argv, "-tentative") == 0) {
- filter.flags &= ~IFA_F_TENTATIVE;
- filter.flagmask |= IFA_F_TENTATIVE;
- } else if (strcmp(*argv, "deprecated") == 0) {
- filter.flags |= IFA_F_DEPRECATED;
- filter.flagmask |= IFA_F_DEPRECATED;
- } else if (strcmp(*argv, "-deprecated") == 0) {
- filter.flags &= ~IFA_F_DEPRECATED;
- filter.flagmask |= IFA_F_DEPRECATED;
- } else if (strcmp(*argv, "home") == 0) {
- filter.flags |= IFA_F_HOMEADDRESS;
- filter.flagmask |= IFA_F_HOMEADDRESS;
- } else if (strcmp(*argv, "nodad") == 0) {
- filter.flags |= IFA_F_NODAD;
- filter.flagmask |= IFA_F_NODAD;
- } else if (strcmp(*argv, "mngtmpaddr") == 0) {
- filter.flags |= IFA_F_MANAGETEMPADDR;
- filter.flagmask |= IFA_F_MANAGETEMPADDR;
- } else if (strcmp(*argv, "noprefixroute") == 0) {
- filter.flags |= IFA_F_NOPREFIXROUTE;
- filter.flagmask |= IFA_F_NOPREFIXROUTE;
- } else if (strcmp(*argv, "autojoin") == 0) {
- filter.flags |= IFA_F_MCAUTOJOIN;
- filter.flagmask |= IFA_F_MCAUTOJOIN;
- } else if (strcmp(*argv, "dadfailed") == 0) {
- filter.flags |= IFA_F_DADFAILED;
- filter.flagmask |= IFA_F_DADFAILED;
- } else if (strcmp(*argv, "-dadfailed") == 0) {
- filter.flags &= ~IFA_F_DADFAILED;
- filter.flagmask |= IFA_F_DADFAILED;
+ } else if (get_filter(*argv) == 0) {
+
} else if (strcmp(*argv, "label") == 0) {
NEXT_ARG();
filter.label = *argv;
@@ -1550,18 +2105,36 @@
invarg("Invalid \"group\" value\n", *argv);
} else if (strcmp(*argv, "master") == 0) {
int ifindex;
+
NEXT_ARG();
ifindex = ll_name_to_index(*argv);
if (!ifindex)
invarg("Device does not exist\n", *argv);
filter.master = ifindex;
- } else if (do_link && strcmp(*argv, "type") == 0) {
+ } else if (strcmp(*argv, "vrf") == 0) {
+ int ifindex;
+
NEXT_ARG();
- filter.kind = *argv;
- } else {
- if (strcmp(*argv, "dev") == 0) {
- NEXT_ARG();
+ ifindex = ll_name_to_index(*argv);
+ if (!ifindex)
+ invarg("Not a valid VRF name\n", *argv);
+ if (!name_is_vrf(*argv))
+ invarg("Not a valid VRF name\n", *argv);
+ filter.master = ifindex;
+ } else if (strcmp(*argv, "type") == 0) {
+ int soff;
+
+ NEXT_ARG();
+ soff = strlen(*argv) - strlen("_slave");
+ if (!strcmp(*argv + soff, "_slave")) {
+ (*argv)[soff] = '\0';
+ filter.slave_kind = *argv;
+ } else {
+ filter.kind = *argv;
}
+ } else {
+ if (strcmp(*argv, "dev") == 0)
+ NEXT_ARG();
else if (matches(*argv, "help") == 0)
usage();
if (filter_dev)
@@ -1600,6 +2173,12 @@
}
/*
+ * Initialize a json_writer and open an array object
+ * if -json was specified.
+ */
+ new_json_obj(json);
+
+ /*
* If only filter_dev present and none of the other
* link filters are present, use RTM_GETLINK to get
* the link device
@@ -1607,62 +2186,56 @@
if (filter_dev && filter.group == -1 && do_link == 1) {
if (iplink_get(0, filter_dev, RTEXT_FILTER_VF) < 0) {
perror("Cannot send link get request");
+ delete_json_obj();
exit(1);
}
+ delete_json_obj();
exit(0);
}
- if (rtnl_wilddump_request(&rth, preferred_family, RTM_GETLINK) < 0) {
- perror("Cannot send dump request");
- exit(1);
- }
-
- if (rtnl_dump_filter(&rth, store_nlmsg, &linfo) < 0) {
- fprintf(stderr, "Dump terminated\n");
- exit(1);
- }
-
if (filter.family != AF_PACKET) {
+ ainfo = &_ainfo;
+
if (filter.oneline)
no_link = 1;
-
- if (rtnl_wilddump_request(&rth, filter.family, RTM_GETADDR) < 0) {
- perror("Cannot send dump request");
- exit(1);
- }
-
- if (rtnl_dump_filter(&rth, store_nlmsg, &ainfo) < 0) {
- fprintf(stderr, "Dump terminated\n");
- exit(1);
- }
-
- ipaddr_filter(&linfo, &ainfo);
}
+ if (ip_linkaddr_list(filter.family, iplink_filter_req,
+ &linfo, ainfo) != 0)
+ goto out;
+
+ if (filter.family != AF_PACKET)
+ ipaddr_filter(&linfo, ainfo);
+
for (l = linfo.head; l; l = l->next) {
int res = 0;
struct ifinfomsg *ifi = NLMSG_DATA(&l->h);
+ open_json_object(NULL);
if (brief) {
- if (print_linkinfo_brief(NULL, &l->h, stdout) == 0)
+ if (print_linkinfo_brief(NULL, &l->h,
+ stdout, NULL) == 0)
if (filter.family != AF_PACKET)
print_selected_addrinfo(ifi,
- ainfo.head,
+ ainfo->head,
stdout);
} else if (no_link ||
- (res = print_linkinfo(NULL, &l->h, stdout)) >= 0) {
+ (res = print_linkinfo(NULL, &l->h, stdout)) >= 0) {
if (filter.family != AF_PACKET)
print_selected_addrinfo(ifi,
- ainfo.head, stdout);
+ ainfo->head, stdout);
if (res > 0 && !do_link && show_stats)
print_link_stats(stdout, &l->h);
}
+ close_json_object();
}
fflush(stdout);
- free_nlmsg_chain(&ainfo);
+out:
+ if (ainfo)
+ free_nlmsg_chain(ainfo);
free_nlmsg_chain(&linfo);
-
+ delete_json_obj();
return 0;
}
@@ -1740,7 +2313,7 @@
static int default_scope(inet_prefix *lcl)
{
if (lcl->family == AF_INET) {
- if (lcl->bytelen >= 1 && *(__u8*)&lcl->data == 127)
+ if (lcl->bytelen >= 1 && *(__u8 *)&lcl->data == 127)
return RT_SCOPE_HOST;
}
return 0;
@@ -1762,13 +2335,18 @@
struct nlmsghdr n;
struct ifaddrmsg ifa;
char buf[256];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .ifa.ifa_family = preferred_family,
+ };
char *d = NULL;
char *l = NULL;
char *lcl_arg = NULL;
char *valid_lftp = NULL;
char *preferred_lftp = NULL;
- inet_prefix lcl;
+ inet_prefix lcl = {};
inet_prefix peer;
int local_len = 0;
int peer_len = 0;
@@ -1777,16 +2355,8 @@
int scoped = 0;
__u32 preferred_lft = INFINITY_LIFE_TIME;
__u32 valid_lft = INFINITY_LIFE_TIME;
- struct ifa_cacheinfo cinfo;
unsigned int ifa_flags = 0;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST | flags;
- req.n.nlmsg_type = cmd;
- req.ifa.ifa_family = preferred_family;
-
while (argc > 0) {
if (strcmp(*argv, "peer") == 0 ||
strcmp(*argv, "remote") == 0) {
@@ -1803,6 +2373,7 @@
} else if (matches(*argv, "broadcast") == 0 ||
strcmp(*argv, "brd") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (brd_len)
duparg("broadcast", *argv);
@@ -1819,6 +2390,7 @@
}
} else if (strcmp(*argv, "anycast") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (any_len)
duparg("anycast", *argv);
@@ -1828,7 +2400,8 @@
addattr_l(&req.n, sizeof(req), IFA_ANYCAST, &addr.data, addr.bytelen);
any_len = addr.bytelen;
} else if (strcmp(*argv, "scope") == 0) {
- unsigned scope = 0;
+ unsigned int scope = 0;
+
NEXT_ARG();
if (rtnl_rtscope_a2n(&scope, *argv))
invarg("invalid scope value.", *argv);
@@ -1866,9 +2439,8 @@
} else if (strcmp(*argv, "autojoin") == 0) {
ifa_flags |= IFA_F_MCAUTOJOIN;
} else {
- if (strcmp(*argv, "local") == 0) {
+ if (strcmp(*argv, "local") == 0)
NEXT_ARG();
- }
if (matches(*argv, "help") == 0)
usage();
if (local_len)
@@ -1899,9 +2471,9 @@
if (peer_len == 0 && local_len) {
if (cmd == RTM_DELADDR && lcl.family == AF_INET && !(lcl.flags & PREFIXLEN_SPECIFIED)) {
fprintf(stderr,
- "Warning: Executing wildcard deletion to stay compatible with old scripts.\n" \
- " Explicitly specify the prefix length (%s/%d) to avoid this warning.\n" \
- " This special behaviour is likely to disappear in further releases,\n" \
+ "Warning: Executing wildcard deletion to stay compatible with old scripts.\n"
+ " Explicitly specify the prefix length (%s/%d) to avoid this warning.\n"
+ " This special behaviour is likely to disappear in further releases,\n"
" fix your scripts!\n", lcl_arg, local_len*8);
} else {
peer = lcl;
@@ -1914,6 +2486,7 @@
if (brd_len < 0 && cmd != RTM_DELADDR) {
inet_prefix brd;
int i;
+
if (req.ifa.ifa_family != AF_INET) {
fprintf(stderr, "Broadcast can be set only for IPv4 addresses\n");
return -1;
@@ -1939,6 +2512,8 @@
}
if (valid_lftp || preferred_lftp) {
+ struct ifa_cacheinfo cinfo = {};
+
if (!valid_lft) {
fprintf(stderr, "valid_lft is zero\n");
return -1;
@@ -1948,7 +2523,6 @@
return -1;
}
- memset(&cinfo, 0, sizeof(cinfo));
cinfo.ifa_prefered = preferred_lft;
cinfo.ifa_valid = valid_lft;
addattr_l(&req.n, sizeof(req), IFA_CACHEINFO, &cinfo,
diff --git a/ip/ipaddrlabel.c b/ip/ipaddrlabel.c
index f01bc26..1d324da 100644
--- a/ip/ipaddrlabel.c
+++ b/ip/ipaddrlabel.c
@@ -40,8 +40,8 @@
#include "utils.h"
#include "ip_common.h"
-#define IFAL_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrlblmsg))))
-#define IFAL_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrlblmsg))
+#define IFAL_RTA(r) ((struct rtattr *)(((char *)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrlblmsg))))
+#define IFAL_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct ifaddrlblmsg))
extern struct rtnl_handle rth;
@@ -49,17 +49,17 @@
static void usage(void)
{
- fprintf(stderr, "Usage: ip addrlabel [ list | add | del | flush ] prefix PREFIX [ dev DEV ] [ label LABEL ]\n");
+ fprintf(stderr, "Usage: ip addrlabel { add | del } prefix PREFIX [ dev DEV ] [ label LABEL ]\n");
+ fprintf(stderr, " ip addrlabel [ list | flush | help ]\n");
exit(-1);
}
int print_addrlabel(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct ifaddrlblmsg *ifal = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr *tb[IFAL_MAX+1];
- char abuf[256];
if (n->nlmsg_type != RTM_NEWADDRLABEL && n->nlmsg_type != RTM_DELADDRLABEL)
return 0;
@@ -75,10 +75,8 @@
if (tb[IFAL_ADDRESS]) {
fprintf(fp, "prefix %s/%u ",
- format_host(ifal->ifal_family,
- RTA_PAYLOAD(tb[IFAL_ADDRESS]),
- RTA_DATA(tb[IFAL_ADDRESS]),
- abuf, sizeof(abuf)),
+ format_host_rta(ifal->ifal_family,
+ tb[IFAL_ADDRESS]),
ifal->ifal_prefixlen);
}
@@ -87,6 +85,7 @@
if (tb[IFAL_LABEL] && RTA_PAYLOAD(tb[IFAL_LABEL]) == sizeof(uint32_t)) {
uint32_t label;
+
memcpy(&label, RTA_DATA(tb[IFAL_LABEL]), sizeof(label));
fprintf(fp, "label %u ", label);
}
@@ -127,24 +126,19 @@
struct {
struct nlmsghdr n;
struct ifaddrlblmsg ifal;
- char buf[1024];
- } req;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_type = cmd,
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrlblmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .ifal.ifal_family = preferred_family,
+ };
- inet_prefix prefix;
+ inet_prefix prefix = {};
uint32_t label = 0xffffffffUL;
char *p = NULL;
char *l = NULL;
- memset(&req, 0, sizeof(req));
- memset(&prefix, 0, sizeof(prefix));
-
- req.n.nlmsg_type = cmd;
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifaddrlblmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.ifal.ifal_family = preferred_family;
- req.ifal.ifal_prefixlen = 0;
- req.ifal.ifal_index = 0;
-
if (cmd == RTM_NEWADDRLABEL) {
req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL;
}
@@ -194,7 +188,7 @@
struct rtnl_handle rth2;
struct rtmsg *r = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[IFAL_MAX+1];
+ struct rtattr *tb[IFAL_MAX+1];
len -= NLMSG_LENGTH(sizeof(*r));
if (len < 0)
diff --git a/ip/ipfou.c b/ip/ipfou.c
index 8a86b18..00dbe15 100644
--- a/ip/ipfou.c
+++ b/ip/ipfou.c
@@ -25,8 +25,9 @@
static void usage(void)
{
- fprintf(stderr, "Usage: ip fou add port PORT { ipproto PROTO | gue }\n");
- fprintf(stderr, " ip fou del port PORT\n");
+ fprintf(stderr, "Usage: ip fou add port PORT "
+ "{ ipproto PROTO | gue } [ -6 ]\n");
+ fprintf(stderr, " ip fou del port PORT [ -6 ]\n");
fprintf(stderr, "\n");
fprintf(stderr, "Where: PROTO { ipproto-name | 1..255 }\n");
fprintf(stderr, " PORT { 1..65535 }\n");
@@ -50,14 +51,14 @@
__u8 ipproto, type;
bool gue_set = false;
int ipproto_set = 0;
+ unsigned short family = AF_INET;
while (argc > 0) {
if (!matches(*argv, "port")) {
NEXT_ARG();
- if (get_u16(&port, *argv, 0) || port == 0)
+ if (get_be16(&port, *argv, 0) || port == 0)
invarg("invalid port", *argv);
- port = htons(port);
port_set = 1;
} else if (!matches(*argv, "ipproto")) {
struct protoent *servptr;
@@ -72,6 +73,8 @@
ipproto_set = 1;
} else if (!matches(*argv, "gue")) {
gue_set = true;
+ } else if (!matches(*argv, "-6")) {
+ family = AF_INET6;
} else {
fprintf(stderr, "fou: unknown command \"%s\"?\n", *argv);
usage();
@@ -99,6 +102,7 @@
addattr16(n, 1024, FOU_ATTR_PORT, port);
addattr8(n, 1024, FOU_ATTR_TYPE, type);
+ addattr16(n, 1024, FOU_ATTR_AF, family);
if (ipproto_set)
addattr8(n, 1024, FOU_ATTR_IPPROTO, ipproto);
@@ -132,27 +136,19 @@
int do_ipfou(int argc, char **argv)
{
- if (genl_family < 0) {
- if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) {
- fprintf(stderr, "Cannot open generic netlink socket\n");
- exit(1);
- }
-
- genl_family = genl_resolve_family(&genl_rth, FOU_GENL_NAME);
- if (genl_family < 0)
- exit(1);
- }
-
if (argc < 1)
usage();
+ if (matches(*argv, "help") == 0)
+ usage();
+
+ if (genl_init_handle(&genl_rth, FOU_GENL_NAME, &genl_family))
+ exit(1);
+
if (matches(*argv, "add") == 0)
return do_add(argc-1, argv+1);
if (matches(*argv, "delete") == 0)
return do_del(argc-1, argv+1);
- if (matches(*argv, "help") == 0)
- usage();
-
fprintf(stderr, "Command \"%s\" is unknown, try \"ip fou help\".\n", *argv);
exit(-1);
}
diff --git a/ip/ipila.c b/ip/ipila.c
new file mode 100644
index 0000000..843cc16
--- /dev/null
+++ b/ip/ipila.c
@@ -0,0 +1,262 @@
+/*
+ * ipila.c ILA (Identifier Locator Addressing) support
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Tom Herbert <tom@herbertland.com>
+ */
+
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <net/if.h>
+#include <linux/ila.h>
+#include <linux/genetlink.h>
+#include <linux/ip.h>
+#include <arpa/inet.h>
+
+#include "libgenl.h"
+#include "utils.h"
+#include "ip_common.h"
+
+static void usage(void)
+{
+ fprintf(stderr, "Usage: ip ila add loc_match LOCATOR_MATCH "
+ "loc LOCATOR [ dev DEV ]\n");
+ fprintf(stderr, " ip ila del loc_match LOCATOR_MATCH "
+ "[ loc LOCATOR ] [ dev DEV ]\n");
+ fprintf(stderr, " ip ila list\n");
+ fprintf(stderr, "\n");
+
+ exit(-1);
+}
+
+/* netlink socket */
+static struct rtnl_handle genl_rth = { .fd = -1 };
+static int genl_family = -1;
+
+#define ILA_REQUEST(_req, _bufsiz, _cmd, _flags) \
+ GENL_REQUEST(_req, _bufsiz, genl_family, 0, \
+ ILA_GENL_VERSION, _cmd, _flags)
+
+#define ILA_RTA(g) ((struct rtattr *)(((char *)(g)) + \
+ NLMSG_ALIGN(sizeof(struct genlmsghdr))))
+
+#define ADDR_BUF_SIZE sizeof("xxxx:xxxx:xxxx:xxxx")
+
+static int print_addr64(__u64 addr, char *buff, size_t len)
+{
+ __u16 *words = (__u16 *)&addr;
+ __u16 v;
+ int i, ret;
+ size_t written = 0;
+ char *sep = ":";
+
+ for (i = 0; i < 4; i++) {
+ v = ntohs(words[i]);
+
+ if (i == 3)
+ sep = "";
+
+ ret = snprintf(&buff[written], len - written, "%x%s", v, sep);
+ if (ret < 0)
+ return ret;
+
+ written += ret;
+ }
+
+ return written;
+}
+
+static void print_ila_locid(FILE *fp, int attr, struct rtattr *tb[], int space)
+{
+ char abuf[256];
+ size_t blen;
+ int i;
+
+ if (tb[attr]) {
+ blen = print_addr64(rta_getattr_u32(tb[attr]),
+ abuf, sizeof(abuf));
+ fprintf(fp, "%s", abuf);
+ } else {
+ fprintf(fp, "-");
+ blen = 1;
+ }
+
+ for (i = 0; i < space - blen; i++)
+ fprintf(fp, " ");
+}
+
+static int print_ila_mapping(const struct sockaddr_nl *who,
+ struct nlmsghdr *n, void *arg)
+{
+ FILE *fp = (FILE *)arg;
+ struct genlmsghdr *ghdr;
+ struct rtattr *tb[ILA_ATTR_MAX + 1];
+ int len = n->nlmsg_len;
+
+ if (n->nlmsg_type != genl_family)
+ return 0;
+
+ len -= NLMSG_LENGTH(GENL_HDRLEN);
+ if (len < 0)
+ return -1;
+
+ ghdr = NLMSG_DATA(n);
+ parse_rtattr(tb, ILA_ATTR_MAX, (void *) ghdr + GENL_HDRLEN, len);
+
+ print_ila_locid(fp, ILA_ATTR_LOCATOR_MATCH, tb, ADDR_BUF_SIZE);
+ print_ila_locid(fp, ILA_ATTR_LOCATOR, tb, ADDR_BUF_SIZE);
+
+ if (tb[ILA_ATTR_IFINDEX])
+ fprintf(fp, "%s", ll_index_to_name(rta_getattr_u32(tb[ILA_ATTR_IFINDEX])));
+ else
+ fprintf(fp, "-");
+ fprintf(fp, "\n");
+
+ return 0;
+}
+
+#define NLMSG_BUF_SIZE 4096
+
+static int do_list(int argc, char **argv)
+{
+ ILA_REQUEST(req, 1024, ILA_CMD_GET, NLM_F_REQUEST | NLM_F_DUMP);
+
+ if (argc > 0) {
+ fprintf(stderr, "\"ip ila show\" does not take "
+ "any arguments.\n");
+ return -1;
+ }
+
+ if (rtnl_send(&genl_rth, (void *)&req, req.n.nlmsg_len) < 0) {
+ perror("Cannot send dump request");
+ exit(1);
+ }
+
+ if (rtnl_dump_filter(&genl_rth, print_ila_mapping, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+static int ila_parse_opt(int argc, char **argv, struct nlmsghdr *n,
+ bool adding)
+{
+ __u64 locator = 0;
+ __u64 locator_match = 0;
+ int ifindex = 0;
+ bool loc_set = false;
+ bool loc_match_set = false;
+ bool ifindex_set = false;
+
+ while (argc > 0) {
+ if (!matches(*argv, "loc")) {
+ NEXT_ARG();
+
+ if (get_addr64(&locator, *argv) < 0) {
+ fprintf(stderr, "Bad locator: %s\n", *argv);
+ return -1;
+ }
+ loc_set = true;
+ } else if (!matches(*argv, "loc_match")) {
+ NEXT_ARG();
+
+ if (get_addr64(&locator_match, *argv) < 0) {
+ fprintf(stderr, "Bad locator to match: %s\n",
+ *argv);
+ return -1;
+ }
+ loc_match_set = true;
+ } else if (!matches(*argv, "dev")) {
+ NEXT_ARG();
+
+ ifindex = ll_name_to_index(*argv);
+ if (ifindex == 0) {
+ fprintf(stderr, "No such interface: %s\n",
+ *argv);
+ return -1;
+ }
+ ifindex_set = true;
+ } else {
+ usage();
+ return -1;
+ }
+ argc--, argv++;
+ }
+
+ if (adding) {
+ if (!loc_set) {
+ fprintf(stderr, "ila: missing locator\n");
+ return -1;
+ }
+ if (!loc_match_set) {
+ fprintf(stderr, "ila: missing locator0match\n");
+ return -1;
+ }
+ }
+
+ if (loc_match_set)
+ addattr64(n, 1024, ILA_ATTR_LOCATOR_MATCH, locator_match);
+
+ if (loc_set)
+ addattr64(n, 1024, ILA_ATTR_LOCATOR, locator);
+
+ if (ifindex_set)
+ addattr32(n, 1024, ILA_ATTR_IFINDEX, ifindex);
+
+ return 0;
+}
+
+static int do_add(int argc, char **argv)
+{
+ ILA_REQUEST(req, 1024, ILA_CMD_ADD, NLM_F_REQUEST);
+
+ ila_parse_opt(argc, argv, &req.n, true);
+
+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0)
+ return -2;
+
+ return 0;
+}
+
+static int do_del(int argc, char **argv)
+{
+ ILA_REQUEST(req, 1024, ILA_CMD_DEL, NLM_F_REQUEST);
+
+ ila_parse_opt(argc, argv, &req.n, false);
+
+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0)
+ return -2;
+
+ return 0;
+}
+
+int do_ipila(int argc, char **argv)
+{
+ if (argc < 1)
+ usage();
+
+ if (matches(*argv, "help") == 0)
+ usage();
+
+ if (genl_init_handle(&genl_rth, ILA_GENL_NAME, &genl_family))
+ exit(1);
+
+ if (matches(*argv, "add") == 0)
+ return do_add(argc-1, argv+1);
+ if (matches(*argv, "delete") == 0)
+ return do_del(argc-1, argv+1);
+ if (matches(*argv, "list") == 0)
+ return do_list(argc-1, argv+1);
+
+ fprintf(stderr, "Command \"%s\" is unknown, try \"ip ila help\".\n",
+ *argv);
+ exit(-1);
+}
diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c
index f050880..1e37b17 100644
--- a/ip/ipl2tp.c
+++ b/ip/ipl2tp.c
@@ -56,13 +56,15 @@
uint16_t pw_type;
uint16_t mtu;
- int udp_csum:1;
- int recv_seq:1;
- int send_seq:1;
- int lns_mode:1;
- int data_seq:2;
- int tunnel:1;
- int session:1;
+ unsigned int udp6_csum_tx:1;
+ unsigned int udp6_csum_rx:1;
+ unsigned int udp_csum:1;
+ unsigned int recv_seq:1;
+ unsigned int send_seq:1;
+ unsigned int lns_mode:1;
+ unsigned int data_seq:2;
+ unsigned int tunnel:1;
+ unsigned int session:1;
int reorder_timeout;
const char *ifname;
uint8_t l2spec_type;
@@ -108,15 +110,23 @@
if (p->local_ip.family == AF_INET6)
local_attr = L2TP_ATTR_IP6_SADDR;
- addattr_l(&req.n, 1024, local_attr, &p->local_ip.data, p->local_ip.bytelen);
+ addattr_l(&req.n, 1024, local_attr, &p->local_ip.data,
+ p->local_ip.bytelen);
if (p->peer_ip.family == AF_INET6)
peer_attr = L2TP_ATTR_IP6_DADDR;
- addattr_l(&req.n, 1024, peer_attr, &p->peer_ip.data, p->peer_ip.bytelen);
+ addattr_l(&req.n, 1024, peer_attr, &p->peer_ip.data,
+ p->peer_ip.bytelen);
if (p->encap == L2TP_ENCAPTYPE_UDP) {
addattr16(&req.n, 1024, L2TP_ATTR_UDP_SPORT, p->local_udp_port);
addattr16(&req.n, 1024, L2TP_ATTR_UDP_DPORT, p->peer_udp_port);
+ if (p->udp_csum)
+ addattr8(&req.n, 1024, L2TP_ATTR_UDP_CSUM, 1);
+ if (!p->udp6_csum_tx)
+ addattr(&req.n, 1024, L2TP_ATTR_UDP_ZERO_CSUM6_TX);
+ if (!p->udp6_csum_rx)
+ addattr(&req.n, 1024, L2TP_ATTR_UDP_ZERO_CSUM6_RX);
}
if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0)
@@ -151,19 +161,28 @@
addattr8(&req.n, 1024, L2TP_ATTR_L2SPEC_TYPE, p->l2spec_type);
addattr8(&req.n, 1024, L2TP_ATTR_L2SPEC_LEN, p->l2spec_len);
- if (p->mtu) addattr16(&req.n, 1024, L2TP_ATTR_MTU, p->mtu);
- if (p->recv_seq) addattr(&req.n, 1024, L2TP_ATTR_RECV_SEQ);
- if (p->send_seq) addattr(&req.n, 1024, L2TP_ATTR_SEND_SEQ);
- if (p->lns_mode) addattr(&req.n, 1024, L2TP_ATTR_LNS_MODE);
- if (p->data_seq) addattr8(&req.n, 1024, L2TP_ATTR_DATA_SEQ, p->data_seq);
- if (p->reorder_timeout) addattr64(&req.n, 1024, L2TP_ATTR_RECV_TIMEOUT,
+ if (p->mtu)
+ addattr16(&req.n, 1024, L2TP_ATTR_MTU, p->mtu);
+ if (p->recv_seq)
+ addattr8(&req.n, 1024, L2TP_ATTR_RECV_SEQ, 1);
+ if (p->send_seq)
+ addattr8(&req.n, 1024, L2TP_ATTR_SEND_SEQ, 1);
+ if (p->lns_mode)
+ addattr(&req.n, 1024, L2TP_ATTR_LNS_MODE);
+ if (p->data_seq)
+ addattr8(&req.n, 1024, L2TP_ATTR_DATA_SEQ, p->data_seq);
+ if (p->reorder_timeout)
+ addattr64(&req.n, 1024, L2TP_ATTR_RECV_TIMEOUT,
p->reorder_timeout);
- if (p->offset) addattr16(&req.n, 1024, L2TP_ATTR_OFFSET, p->offset);
- if (p->cookie_len) addattr_l(&req.n, 1024, L2TP_ATTR_COOKIE,
- p->cookie, p->cookie_len);
- if (p->peer_cookie_len) addattr_l(&req.n, 1024, L2TP_ATTR_PEER_COOKIE,
- p->peer_cookie, p->peer_cookie_len);
- if (p->ifname && p->ifname[0])
+ if (p->offset)
+ addattr16(&req.n, 1024, L2TP_ATTR_OFFSET, p->offset);
+ if (p->cookie_len)
+ addattr_l(&req.n, 1024, L2TP_ATTR_COOKIE,
+ p->cookie, p->cookie_len);
+ if (p->peer_cookie_len)
+ addattr_l(&req.n, 1024, L2TP_ATTR_PEER_COOKIE,
+ p->peer_cookie, p->peer_cookie_len);
+ if (p->ifname)
addattrstrz(&req.n, 1024, L2TP_ATTR_IFNAME, p->ifname);
if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0)
@@ -205,14 +224,37 @@
p->tunnel_id,
p->encap == L2TP_ENCAPTYPE_UDP ? "UDP" :
p->encap == L2TP_ENCAPTYPE_IP ? "IP" : "??");
- printf(" From %s ", inet_ntop(p->local_ip.family, p->local_ip.data, buf, sizeof(buf)));
- printf("to %s\n", inet_ntop(p->peer_ip.family, p->peer_ip.data, buf, sizeof(buf)));
+ printf(" From %s ",
+ inet_ntop(p->local_ip.family, p->local_ip.data,
+ buf, sizeof(buf)));
+ printf("to %s\n",
+ inet_ntop(p->peer_ip.family, p->peer_ip.data,
+ buf, sizeof(buf)));
printf(" Peer tunnel %u\n",
p->peer_tunnel_id);
- if (p->encap == L2TP_ENCAPTYPE_UDP)
+ if (p->encap == L2TP_ENCAPTYPE_UDP) {
printf(" UDP source / dest ports: %hu/%hu\n",
p->local_udp_port, p->peer_udp_port);
+
+ switch (p->local_ip.family) {
+ case AF_INET:
+ printf(" UDP checksum: %s\n",
+ p->udp_csum ? "enabled" : "disabled");
+ break;
+ case AF_INET6:
+ printf(" UDP checksum: %s%s%s%s\n",
+ p->udp6_csum_tx && p->udp6_csum_rx
+ ? "enabled" : "",
+ p->udp6_csum_tx && !p->udp6_csum_rx
+ ? "tx" : "",
+ !p->udp6_csum_tx && p->udp6_csum_rx
+ ? "rx" : "",
+ !p->udp6_csum_tx && !p->udp6_csum_rx
+ ? "disabled" : "");
+ break;
+ }
+ }
}
static void print_session(struct l2tp_data *data)
@@ -224,9 +266,9 @@
printf(" Peer session %u, tunnel %u\n",
p->peer_session_id, p->peer_tunnel_id);
- if (p->ifname != NULL) {
+ if (p->ifname != NULL)
printf(" interface name: %s\n", p->ifname);
- }
+
printf(" offset %u, peer offset %u\n",
p->offset, p->peer_offset);
if (p->cookie_len > 0)
@@ -238,6 +280,14 @@
printf(" reorder timeout: %u\n", p->reorder_timeout);
else
printf("\n");
+ if (p->send_seq || p->recv_seq) {
+ printf(" sequence numbering:");
+ if (p->send_seq)
+ printf(" send");
+ if (p->recv_seq)
+ printf(" recv");
+ printf("\n");
+ }
}
static int get_response(struct nlmsghdr *n, void *arg)
@@ -281,7 +331,12 @@
if (attrs[L2TP_ATTR_L2SPEC_LEN])
p->l2spec_len = rta_getattr_u8(attrs[L2TP_ATTR_L2SPEC_LEN]);
- p->udp_csum = !!attrs[L2TP_ATTR_UDP_CSUM];
+ if (attrs[L2TP_ATTR_UDP_CSUM])
+ p->udp_csum = !!rta_getattr_u8(attrs[L2TP_ATTR_UDP_CSUM]);
+
+ p->udp6_csum_tx = !attrs[L2TP_ATTR_UDP_ZERO_CSUM6_TX];
+ p->udp6_csum_rx = !attrs[L2TP_ATTR_UDP_ZERO_CSUM6_RX];
+
if (attrs[L2TP_ATTR_COOKIE])
memcpy(p->cookie, RTA_DATA(attrs[L2TP_ATTR_COOKIE]),
p->cookie_len = RTA_PAYLOAD(attrs[L2TP_ATTR_COOKIE]));
@@ -290,8 +345,10 @@
memcpy(p->peer_cookie, RTA_DATA(attrs[L2TP_ATTR_PEER_COOKIE]),
p->peer_cookie_len = RTA_PAYLOAD(attrs[L2TP_ATTR_PEER_COOKIE]));
- p->recv_seq = !!attrs[L2TP_ATTR_RECV_SEQ];
- p->send_seq = !!attrs[L2TP_ATTR_SEND_SEQ];
+ if (attrs[L2TP_ATTR_RECV_SEQ])
+ p->recv_seq = !!rta_getattr_u8(attrs[L2TP_ATTR_RECV_SEQ]);
+ if (attrs[L2TP_ATTR_SEND_SEQ])
+ p->send_seq = !!rta_getattr_u8(attrs[L2TP_ATTR_SEND_SEQ]);
if (attrs[L2TP_ATTR_RECV_TIMEOUT])
p->reorder_timeout = rta_getattr_u64(attrs[L2TP_ATTR_RECV_TIMEOUT]);
@@ -355,7 +412,8 @@
return 0;
}
-static int session_nlmsg(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
+static int session_nlmsg(const struct sockaddr_nl *who,
+ struct nlmsghdr *n, void *arg)
{
int ret = get_response(n, arg);
@@ -375,7 +433,8 @@
if (p->config.tunnel_id && p->config.session_id) {
addattr32(&req.n, 128, L2TP_ATTR_CONN_ID, p->config.tunnel_id);
- addattr32(&req.n, 128, L2TP_ATTR_SESSION_ID, p->config.session_id);
+ addattr32(&req.n, 128, L2TP_ATTR_SESSION_ID,
+ p->config.session_id);
}
if (rtnl_send(&genl_rth, &req, req.n.nlmsg_len) < 0)
@@ -389,7 +448,8 @@
return 0;
}
-static int tunnel_nlmsg(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
+static int tunnel_nlmsg(const struct sockaddr_nl *who,
+ struct nlmsghdr *n, void *arg)
{
int ret = get_response(n, arg);
@@ -425,68 +485,37 @@
* Command parser
*****************************************************************************/
-static int hex(char ch)
-{
- if ((ch >= 'a') && (ch <= 'f'))
- return ch - 'a' + 10;
- if ((ch >= '0') && (ch <= '9'))
- return ch - '0';
- if ((ch >= 'A') && (ch <= 'F'))
- return ch - 'A' + 10;
- return -1;
-}
-
-static int hex2mem(const char *buf, uint8_t *mem, int count)
-{
- int i, j;
- int c;
-
- for (i = 0, j = 0; i < count; i++, j += 2) {
- c = hex(buf[j]);
- if (c < 0)
- goto err;
-
- mem[i] = c << 4;
-
- c = hex(buf[j + 1]);
- if (c < 0)
- goto err;
-
- mem[i] |= c;
- }
-
- return 0;
-
-err:
- return -1;
-}
-
static void usage(void) __attribute__((noreturn));
static void usage(void)
{
- fprintf(stderr, "Usage: ip l2tp add tunnel\n");
- fprintf(stderr, " remote ADDR local ADDR\n");
- fprintf(stderr, " tunnel_id ID peer_tunnel_id ID\n");
- fprintf(stderr, " [ encap { ip | udp } ]\n");
- fprintf(stderr, " [ udp_sport PORT ] [ udp_dport PORT ]\n");
- fprintf(stderr, "Usage: ip l2tp add session [ name NAME ]\n");
- fprintf(stderr, " tunnel_id ID\n");
- fprintf(stderr, " session_id ID peer_session_id ID\n");
- fprintf(stderr, " [ cookie HEXSTR ] [ peer_cookie HEXSTR ]\n");
- fprintf(stderr, " [ offset OFFSET ] [ peer_offset OFFSET ]\n");
- fprintf(stderr, " [ l2spec_type L2SPEC ]\n");
- fprintf(stderr, " ip l2tp del tunnel tunnel_id ID\n");
- fprintf(stderr, " ip l2tp del session tunnel_id ID session_id ID\n");
- fprintf(stderr, " ip l2tp show tunnel [ tunnel_id ID ]\n");
- fprintf(stderr, " ip l2tp show session [ tunnel_id ID ] [ session_id ID ]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "Where: NAME := STRING\n");
- fprintf(stderr, " ADDR := { IP_ADDRESS | any }\n");
- fprintf(stderr, " PORT := { 0..65535 }\n");
- fprintf(stderr, " ID := { 1..4294967295 }\n");
- fprintf(stderr, " HEXSTR := { 8 or 16 hex digits (4 / 8 bytes) }\n");
- fprintf(stderr, " L2SPEC := { none | default }\n");
+ fprintf(stderr, "Usage: ip l2tp add tunnel\n"
+ " remote ADDR local ADDR\n"
+ " tunnel_id ID peer_tunnel_id ID\n"
+ " [ encap { ip | udp } ]\n"
+ " [ udp_sport PORT ] [ udp_dport PORT ]\n"
+ " [ udp_csum { on | off } ]\n"
+ " [ udp6_csum_tx { on | off } ]\n"
+ " [ udp6_csum_rx { on | off } ]\n"
+ "Usage: ip l2tp add session [ name NAME ]\n"
+ " tunnel_id ID\n"
+ " session_id ID peer_session_id ID\n"
+ " [ cookie HEXSTR ] [ peer_cookie HEXSTR ]\n"
+ " [ offset OFFSET ] [ peer_offset OFFSET ]\n"
+ " [ seq { none | send | recv | both } ]\n"
+ " [ l2spec_type L2SPEC ]\n"
+ " ip l2tp del tunnel tunnel_id ID\n"
+ " ip l2tp del session tunnel_id ID session_id ID\n"
+ " ip l2tp show tunnel [ tunnel_id ID ]\n"
+ " ip l2tp show session [ tunnel_id ID ] [ session_id ID ]\n"
+ "\n"
+ "Where: NAME := STRING\n"
+ " ADDR := { IP_ADDRESS | any }\n"
+ " PORT := { 0..65535 }\n"
+ " ID := { 1..4294967295 }\n"
+ " HEXSTR := { 8 or 16 hex digits (4 / 8 bytes) }\n"
+ " L2SPEC := { none | default }\n");
+
exit(-1);
}
@@ -500,6 +529,8 @@
/* Defaults */
p->l2spec_type = L2TP_L2SPECTYPE_DEFAULT;
p->l2spec_len = 4;
+ p->udp6_csum_rx = 1;
+ p->udp6_csum_tx = 1;
while (argc > 0) {
if (strcmp(*argv, "encap") == 0) {
@@ -514,6 +545,8 @@
}
} else if (strcmp(*argv, "name") == 0) {
NEXT_ARG();
+ if (check_ifname(*argv))
+ invarg("\"name\" not a valid ifname", *argv);
p->ifname = *argv;
} else if (strcmp(*argv, "remote") == 0) {
NEXT_ARG();
@@ -526,6 +559,7 @@
} else if ((strcmp(*argv, "tunnel_id") == 0) ||
(strcmp(*argv, "tid") == 0)) {
__u32 uval;
+
NEXT_ARG();
if (get_u32(&uval, *argv, 0))
invarg("invalid ID\n", *argv);
@@ -533,6 +567,7 @@
} else if ((strcmp(*argv, "peer_tunnel_id") == 0) ||
(strcmp(*argv, "ptid") == 0)) {
__u32 uval;
+
NEXT_ARG();
if (get_u32(&uval, *argv, 0))
invarg("invalid ID\n", *argv);
@@ -540,6 +575,7 @@
} else if ((strcmp(*argv, "session_id") == 0) ||
(strcmp(*argv, "sid") == 0)) {
__u32 uval;
+
NEXT_ARG();
if (get_u32(&uval, *argv, 0))
invarg("invalid ID\n", *argv);
@@ -547,36 +583,68 @@
} else if ((strcmp(*argv, "peer_session_id") == 0) ||
(strcmp(*argv, "psid") == 0)) {
__u32 uval;
+
NEXT_ARG();
if (get_u32(&uval, *argv, 0))
invarg("invalid ID\n", *argv);
p->peer_session_id = uval;
} else if (strcmp(*argv, "udp_sport") == 0) {
__u16 uval;
+
NEXT_ARG();
if (get_u16(&uval, *argv, 0))
invarg("invalid port\n", *argv);
p->local_udp_port = uval;
} else if (strcmp(*argv, "udp_dport") == 0) {
__u16 uval;
+
NEXT_ARG();
if (get_u16(&uval, *argv, 0))
invarg("invalid port\n", *argv);
p->peer_udp_port = uval;
+ } else if (strcmp(*argv, "udp_csum") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "on") == 0)
+ p->udp_csum = 1;
+ else if (strcmp(*argv, "off") == 0)
+ p->udp_csum = 0;
+ else
+ invarg("invalid option for udp_csum\n", *argv);
+ } else if (strcmp(*argv, "udp6_csum_rx") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "on") == 0)
+ p->udp6_csum_rx = 1;
+ else if (strcmp(*argv, "off") == 0)
+ p->udp6_csum_rx = 0;
+ else
+ invarg("invalid option for udp6_csum_rx\n"
+ , *argv);
+ } else if (strcmp(*argv, "udp6_csum_tx") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "on") == 0)
+ p->udp6_csum_tx = 1;
+ else if (strcmp(*argv, "off") == 0)
+ p->udp6_csum_tx = 0;
+ else
+ invarg("invalid option for udp6_csum_tx\n"
+ , *argv);
} else if (strcmp(*argv, "offset") == 0) {
__u8 uval;
+
NEXT_ARG();
if (get_u8(&uval, *argv, 0))
invarg("invalid offset\n", *argv);
p->offset = uval;
} else if (strcmp(*argv, "peer_offset") == 0) {
__u8 uval;
+
NEXT_ARG();
if (get_u8(&uval, *argv, 0))
invarg("invalid offset\n", *argv);
p->peer_offset = uval;
} else if (strcmp(*argv, "cookie") == 0) {
int slen;
+
NEXT_ARG();
slen = strlen(*argv);
if ((slen != 8) && (slen != 16))
@@ -587,6 +655,7 @@
invarg("cookie must be a hex string\n", *argv);
} else if (strcmp(*argv, "peer_cookie") == 0) {
int slen;
+
NEXT_ARG();
slen = strlen(*argv);
if ((slen != 8) && (slen != 16))
@@ -604,7 +673,26 @@
p->l2spec_type = L2TP_L2SPECTYPE_NONE;
p->l2spec_len = 0;
} else {
- fprintf(stderr, "Unknown layer2specific header type \"%s\"\n", *argv);
+ fprintf(stderr,
+ "Unknown layer2specific header type \"%s\"\n",
+ *argv);
+ exit(-1);
+ }
+ } else if (strcmp(*argv, "seq") == 0) {
+ NEXT_ARG();
+ if (strcasecmp(*argv, "both") == 0) {
+ p->recv_seq = 1;
+ p->send_seq = 1;
+ } else if (strcasecmp(*argv, "recv") == 0) {
+ p->recv_seq = 1;
+ } else if (strcasecmp(*argv, "send") == 0) {
+ p->send_seq = 1;
+ } else if (strcasecmp(*argv, "none") == 0) {
+ p->recv_seq = 0;
+ p->send_seq = 0;
+ } else {
+ fprintf(stderr,
+ "Unknown seq value \"%s\"\n", *argv);
exit(-1);
}
} else if (strcmp(*argv, "tunnel") == 0) {
@@ -720,20 +808,12 @@
int do_ipl2tp(int argc, char **argv)
{
- if (genl_family < 0) {
- if (rtnl_open_byproto(&genl_rth, 0, NETLINK_GENERIC) < 0) {
- fprintf(stderr, "Cannot open generic netlink socket\n");
- exit(1);
- }
-
- genl_family = genl_resolve_family(&genl_rth, L2TP_GENL_NAME);
- if (genl_family < 0)
- exit(1);
- }
-
- if (argc < 1)
+ if (argc < 1 || !matches(*argv, "help"))
usage();
+ if (genl_init_handle(&genl_rth, L2TP_GENL_NAME, &genl_family))
+ exit(1);
+
if (matches(*argv, "add") == 0)
return do_add(argc-1, argv+1);
if (matches(*argv, "delete") == 0)
@@ -742,9 +822,8 @@
matches(*argv, "lst") == 0 ||
matches(*argv, "list") == 0)
return do_show(argc-1, argv+1);
- if (matches(*argv, "help") == 0)
- usage();
- fprintf(stderr, "Command \"%s\" is unknown, try \"ip l2tp help\".\n", *argv);
+ fprintf(stderr,
+ "Command \"%s\" is unknown, try \"ip l2tp help\".\n", *argv);
exit(-1);
}
diff --git a/ip/iplink.c b/ip/iplink.c
index 5ab9d61..e4b81b5 100644
--- a/ip/iplink.c
+++ b/ip/iplink.c
@@ -26,12 +26,13 @@
#include <arpa/inet.h>
#include <string.h>
#include <sys/ioctl.h>
-#include <linux/sockios.h>
#include <stdbool.h>
+#include <linux/mpls.h>
#include "rt_names.h"
#include "utils.h"
#include "ip_common.h"
+#include "xdp.h"
#include "namespace.h"
#define IPLINK_IOCTL_COMPAT 1
@@ -45,56 +46,75 @@
void iplink_usage(void)
{
if (iplink_have_newlink()) {
- fprintf(stderr, "Usage: ip link add [link DEV] [ name ] NAME\n");
- fprintf(stderr, " [ txqueuelen PACKETS ]\n");
- fprintf(stderr, " [ address LLADDR ]\n");
- fprintf(stderr, " [ broadcast LLADDR ]\n");
- fprintf(stderr, " [ mtu MTU ] [index IDX ]\n");
- fprintf(stderr, " [ numtxqueues QUEUE_COUNT ]\n");
- fprintf(stderr, " [ numrxqueues QUEUE_COUNT ]\n");
- fprintf(stderr, " type TYPE [ ARGS ]\n");
- fprintf(stderr, " ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, " ip link set { DEVICE | dev DEVICE | group DEVGROUP } [ { up | down } ]\n");
+ fprintf(stderr,
+ "Usage: ip link add [link DEV] [ name ] NAME\n"
+ " [ txqueuelen PACKETS ]\n"
+ " [ address LLADDR ]\n"
+ " [ broadcast LLADDR ]\n"
+ " [ mtu MTU ] [index IDX ]\n"
+ " [ numtxqueues QUEUE_COUNT ]\n"
+ " [ numrxqueues QUEUE_COUNT ]\n"
+ " type TYPE [ ARGS ]\n"
+ "\n"
+ " ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]\n"
+ "\n"
+ " ip link set { DEVICE | dev DEVICE | group DEVGROUP }\n"
+ " [ { up | down } ]\n"
+ " [ type TYPE ARGS ]\n");
} else
- fprintf(stderr, "Usage: ip link set DEVICE [ { up | down } ]\n");
+ fprintf(stderr,
+ "Usage: ip link set DEVICE [ { up | down } ]\n");
- fprintf(stderr, " [ arp { on | off } ]\n");
- fprintf(stderr, " [ dynamic { on | off } ]\n");
- fprintf(stderr, " [ multicast { on | off } ]\n");
- fprintf(stderr, " [ allmulticast { on | off } ]\n");
- fprintf(stderr, " [ promisc { on | off } ]\n");
- fprintf(stderr, " [ trailers { on | off } ]\n");
- fprintf(stderr, " [ txqueuelen PACKETS ]\n");
- fprintf(stderr, " [ name NEWNAME ]\n");
- fprintf(stderr, " [ address LLADDR ]\n");
- fprintf(stderr, " [ broadcast LLADDR ]\n");
- fprintf(stderr, " [ mtu MTU ]\n");
- fprintf(stderr, " [ netns PID ]\n");
- fprintf(stderr, " [ netns NAME ]\n");
- fprintf(stderr, " [ link-netnsid ID ]\n");
- fprintf(stderr, " [ alias NAME ]\n");
- fprintf(stderr, " [ vf NUM [ mac LLADDR ]\n");
- fprintf(stderr, " [ vlan VLANID [ qos VLAN-QOS ] ]\n");
+ fprintf(stderr,
+ " [ arp { on | off } ]\n"
+ " [ dynamic { on | off } ]\n"
+ " [ multicast { on | off } ]\n"
+ " [ allmulticast { on | off } ]\n"
+ " [ promisc { on | off } ]\n"
+ " [ trailers { on | off } ]\n"
+ " [ carrier { on | off } ]\n"
+ " [ txqueuelen PACKETS ]\n"
+ " [ name NEWNAME ]\n"
+ " [ address LLADDR ]\n"
+ " [ broadcast LLADDR ]\n"
+ " [ mtu MTU ]\n"
+ " [ netns { PID | NAME } ]\n"
+ " [ link-netnsid ID ]\n"
+ " [ alias NAME ]\n"
+ " [ vf NUM [ mac LLADDR ]\n"
+ " [ vlan VLANID [ qos VLAN-QOS ] [ proto VLAN-PROTO ] ]\n"
+ " [ rate TXRATE ]\n"
+ " [ max_tx_rate TXRATE ]\n"
+ " [ min_tx_rate TXRATE ]\n"
+ " [ spoofchk { on | off} ]\n"
+ " [ query_rss { on | off} ]\n"
+ " [ state { auto | enable | disable} ] ]\n"
+ " [ trust { on | off} ] ]\n"
+ " [ node_guid { eui64 } ]\n"
+ " [ port_guid { eui64 } ]\n"
+ " [ xdp { off |\n"
+ " object FILE [ section NAME ] [ verbose ] |\n"
+ " pinned FILE } ]\n"
+ " [ master DEVICE ][ vrf NAME ]\n"
+ " [ nomaster ]\n"
+ " [ addrgenmode { eui64 | none | stable_secret | random } ]\n"
+ " [ protodown { on | off } ]\n"
+ "\n"
+ " ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE]\n");
- fprintf(stderr, " [ rate TXRATE ] ]\n");
-
- fprintf(stderr, " [ spoofchk { on | off} ] ]\n");
- fprintf(stderr, " [ query_rss { on | off} ] ]\n");
- fprintf(stderr, " [ state { auto | enable | disable} ] ]\n");
- fprintf(stderr, " [ master DEVICE ]\n");
- fprintf(stderr, " [ nomaster ]\n");
- fprintf(stderr, " [ addrgenmode { eui64 | none | stable_secret | random } ]\n");
- fprintf(stderr, " [ protodown { on | off } ]\n");
- fprintf(stderr, " ip link show [ DEVICE | group GROUP ] [up] [master DEV] [type TYPE]\n");
+ fprintf(stderr, "\n ip link xstats type TYPE [ ARGS ]\n");
+ fprintf(stderr, "\n ip link afstats [ dev DEVICE ]\n");
if (iplink_have_newlink()) {
- fprintf(stderr, " ip link help [ TYPE ]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n");
- fprintf(stderr, " bridge | bond | ipoib | ip6tnl | ipip | sit | vxlan |\n");
- fprintf(stderr, " gre | gretap | ip6gre | ip6gretap | vti | nlmon |\n");
- fprintf(stderr, " bond_slave | ipvlan | geneve | bridge_slave | vrf }\n");
+ fprintf(stderr,
+ "\n"
+ " ip link help [ TYPE ]\n"
+ "\n"
+ "TYPE := { vlan | veth | vcan | dummy | ifb | macvlan | macvtap |\n"
+ " bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |\n"
+ " gre | gretap | erspan | ip6gre | ip6gretap | vti | nlmon |\n"
+ " team_slave | bond_slave | ipvlan | geneve | bridge_slave |\n"
+ " vrf | macsec }\n");
}
exit(-1);
}
@@ -115,15 +135,14 @@
static void *BODY; /* cached dlopen(NULL) handle */
static struct link_util *linkutil_list;
-static struct link_util *__get_link_kind(const char *id, bool slave)
+struct link_util *get_link_kind(const char *id)
{
void *dlh;
char buf[256];
struct link_util *l;
for (l = linkutil_list; l; l = l->next)
- if (strcmp(l->id, id) == 0 &&
- l->slave == slave)
+ if (strcmp(l->id, id) == 0)
return l;
snprintf(buf, sizeof(buf), LIBDIR "/ip/link_%s.so", id);
@@ -138,10 +157,7 @@
}
}
- if (slave)
- snprintf(buf, sizeof(buf), "%s_slave_link_util", id);
- else
- snprintf(buf, sizeof(buf), "%s_link_util", id);
+ snprintf(buf, sizeof(buf), "%s_link_util", id);
l = dlsym(dlh, buf);
if (l == NULL)
return NULL;
@@ -151,16 +167,6 @@
return l;
}
-struct link_util *get_link_kind(const char *id)
-{
- return __get_link_kind(id, false);
-}
-
-struct link_util *get_link_slave_kind(const char *id)
-{
- return __get_link_kind(id, true);
-}
-
static int get_link_mode(const char *mode)
{
if (strcasecmp(mode, "default") == 0)
@@ -206,16 +212,14 @@
struct nlmsghdr n;
struct ifinfomsg i;
char buf[1024];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,
+ .n.nlmsg_type = RTM_NEWLINK,
+ .i.ifi_family = AF_UNSPEC,
+ };
if (have_rtnl_newlink < 0) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
- req.n.nlmsg_type = RTM_NEWLINK;
- req.i.ifi_family = AF_UNSPEC;
-
if (rtnl_send(&rth, &req.n, req.n.nlmsg_len) < 0) {
perror("request send failed");
exit(1);
@@ -231,11 +235,89 @@
}
#endif /* ! IPLINK_IOCTL_COMPAT */
-struct iplink_req {
- struct nlmsghdr n;
- struct ifinfomsg i;
- char buf[1024];
-};
+static int nl_get_ll_addr_len(unsigned int dev_index)
+{
+ int len;
+ struct iplink_req req = {
+ .n = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .nlmsg_type = RTM_GETLINK,
+ .nlmsg_flags = NLM_F_REQUEST
+ },
+ .i = {
+ .ifi_family = preferred_family,
+ .ifi_index = dev_index,
+ }
+ };
+ struct rtattr *tb[IFLA_MAX+1];
+
+ if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0)
+ return -1;
+
+ len = req.n.nlmsg_len - NLMSG_LENGTH(sizeof(req.i));
+ if (len < 0)
+ return -1;
+
+ parse_rtattr_flags(tb, IFLA_MAX, IFLA_RTA(&req.i), len, NLA_F_NESTED);
+ if (!tb[IFLA_ADDRESS])
+ return -1;
+
+ return RTA_PAYLOAD(tb[IFLA_ADDRESS]);
+}
+
+static void iplink_parse_vf_vlan_info(int vf, int *argcp, char ***argvp,
+ struct ifla_vf_vlan_info *ivvip)
+{
+ int argc = *argcp;
+ char **argv = *argvp;
+
+ NEXT_ARG();
+ if (get_unsigned(&ivvip->vlan, *argv, 0))
+ invarg("Invalid \"vlan\" value\n", *argv);
+
+ ivvip->vf = vf;
+ ivvip->qos = 0;
+ ivvip->vlan_proto = htons(ETH_P_8021Q);
+ if (NEXT_ARG_OK()) {
+ NEXT_ARG();
+ if (matches(*argv, "qos") == 0) {
+ NEXT_ARG();
+ if (get_unsigned(&ivvip->qos, *argv, 0))
+ invarg("Invalid \"qos\" value\n", *argv);
+ } else {
+ /* rewind arg */
+ PREV_ARG();
+ }
+ }
+ if (NEXT_ARG_OK()) {
+ NEXT_ARG();
+ if (matches(*argv, "proto") == 0) {
+ NEXT_ARG();
+ if (ll_proto_a2n(&ivvip->vlan_proto, *argv))
+ invarg("protocol is invalid\n", *argv);
+ if (ivvip->vlan_proto != htons(ETH_P_8021AD) &&
+ ivvip->vlan_proto != htons(ETH_P_8021Q)) {
+ SPRINT_BUF(b1);
+ SPRINT_BUF(b2);
+ char msg[64 + sizeof(b1) + sizeof(b2)];
+
+ sprintf(msg,
+ "Invalid \"vlan protocol\" value - supported %s, %s\n",
+ ll_proto_n2a(htons(ETH_P_8021Q),
+ b1, sizeof(b1)),
+ ll_proto_n2a(htons(ETH_P_8021AD),
+ b2, sizeof(b2)));
+ invarg(msg, *argv);
+ }
+ } else {
+ /* rewind arg */
+ PREV_ARG();
+ }
+ }
+
+ *argcp = argc;
+ *argvp = argv;
+}
static int iplink_parse_vf(int vf, int *argcp, char ***argvp,
struct iplink_req *req, int dev_index)
@@ -273,35 +355,58 @@
while (NEXT_ARG_OK()) {
NEXT_ARG();
if (matches(*argv, "mac") == 0) {
- struct ifla_vf_mac ivm;
+ struct ifla_vf_mac ivm = { 0 };
+ int halen = nl_get_ll_addr_len(dev_index);
NEXT_ARG();
ivm.vf = vf;
len = ll_addr_a2n((char *)ivm.mac, 32, *argv);
if (len < 0)
return -1;
- addattr_l(&req->n, sizeof(*req), IFLA_VF_MAC, &ivm, sizeof(ivm));
- } else if (matches(*argv, "vlan") == 0) {
- struct ifla_vf_vlan ivv;
-
- NEXT_ARG();
- if (get_unsigned(&ivv.vlan, *argv, 0))
- invarg("Invalid \"vlan\" value\n", *argv);
-
- ivv.vf = vf;
- ivv.qos = 0;
- if (NEXT_ARG_OK()) {
- NEXT_ARG();
- if (matches(*argv, "qos") == 0) {
- NEXT_ARG();
- if (get_unsigned(&ivv.qos, *argv, 0))
- invarg("Invalid \"qos\" value\n", *argv);
- } else {
- /* rewind arg */
- PREV_ARG();
- }
+ if (halen > 0 && len != halen) {
+ fprintf(stderr,
+ "Invalid address length %d - must be %d bytes\n",
+ len, halen);
+ return -1;
}
- addattr_l(&req->n, sizeof(*req), IFLA_VF_VLAN, &ivv, sizeof(ivv));
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_MAC,
+ &ivm, sizeof(ivm));
+ } else if (matches(*argv, "vlan") == 0) {
+ struct ifla_vf_vlan_info ivvi;
+
+ iplink_parse_vf_vlan_info(vf, &argc, &argv, &ivvi);
+ /* support the old interface in case of older kernel*/
+ if (ivvi.vlan_proto == htons(ETH_P_8021Q)) {
+ struct ifla_vf_vlan ivv;
+
+ ivv.vf = ivvi.vf;
+ ivv.vlan = ivvi.vlan;
+ ivv.qos = ivvi.qos;
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_VF_VLAN, &ivv, sizeof(ivv));
+ } else {
+ struct rtattr *vfvlanlist;
+
+ vfvlanlist = addattr_nest(&req->n, sizeof(*req),
+ IFLA_VF_VLAN_LIST);
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_VF_VLAN_INFO, &ivvi,
+ sizeof(ivvi));
+
+ while (NEXT_ARG_OK()) {
+ NEXT_ARG();
+ if (matches(*argv, "vlan") != 0) {
+ PREV_ARG();
+ break;
+ }
+ iplink_parse_vf_vlan_info(vf, &argc,
+ &argv, &ivvi);
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_VF_VLAN_INFO, &ivvi,
+ sizeof(ivvi));
+ }
+ addattr_nest_end(&req->n, vfvlanlist);
+ }
} else if (matches(*argv, "rate") == 0) {
struct ifla_vf_tx_rate ivt;
@@ -341,7 +446,8 @@
else
return on_off("spoofchk", *argv);
ivs.vf = vf;
- addattr_l(&req->n, sizeof(*req), IFLA_VF_SPOOFCHK, &ivs, sizeof(ivs));
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_SPOOFCHK,
+ &ivs, sizeof(ivs));
} else if (matches(*argv, "query_rss") == 0) {
struct ifla_vf_rss_query_en ivs;
@@ -354,7 +460,22 @@
else
return on_off("query_rss", *argv);
ivs.vf = vf;
- addattr_l(&req->n, sizeof(*req), IFLA_VF_RSS_QUERY_EN, &ivs, sizeof(ivs));
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_RSS_QUERY_EN,
+ &ivs, sizeof(ivs));
+
+ } else if (matches(*argv, "trust") == 0) {
+ struct ifla_vf_trust ivt;
+
+ NEXT_ARG();
+ if (matches(*argv, "on") == 0)
+ ivt.setting = 1;
+ else if (matches(*argv, "off") == 0)
+ ivt.setting = 0;
+ else
+ invarg("Invalid \"trust\" value\n", *argv);
+ ivt.vf = vf;
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_TRUST,
+ &ivt, sizeof(ivt));
} else if (matches(*argv, "state") == 0) {
struct ifla_vf_link_state ivl;
@@ -369,7 +490,30 @@
else
invarg("Invalid \"state\" value\n", *argv);
ivl.vf = vf;
- addattr_l(&req->n, sizeof(*req), IFLA_VF_LINK_STATE, &ivl, sizeof(ivl));
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_LINK_STATE,
+ &ivl, sizeof(ivl));
+ } else if (matches(*argv, "node_guid") == 0) {
+ struct ifla_vf_guid ivg;
+
+ NEXT_ARG();
+ ivg.vf = vf;
+ if (get_guid(&ivg.guid, *argv)) {
+ invarg("Invalid GUID format\n", *argv);
+ return -1;
+ }
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_IB_NODE_GUID,
+ &ivg, sizeof(ivg));
+ } else if (matches(*argv, "port_guid") == 0) {
+ struct ifla_vf_guid ivg;
+
+ NEXT_ARG();
+ ivg.vf = vf;
+ if (get_guid(&ivg.guid, *argv)) {
+ invarg("Invalid GUID format\n", *argv);
+ return -1;
+ }
+ addattr_l(&req->n, sizeof(*req), IFLA_VF_IB_PORT_GUID,
+ &ivg, sizeof(ivg));
} else {
/* rewind arg */
PREV_ARG();
@@ -415,6 +559,7 @@
int numrxqueues = -1;
int dev_index = 0;
int link_netnsid = -1;
+ int addr_len = 0;
*group = -1;
ret = argc;
@@ -428,6 +573,8 @@
req->i.ifi_flags &= ~IFF_UP;
} else if (strcmp(*argv, "name") == 0) {
NEXT_ARG();
+ if (check_ifname(*argv))
+ invarg("\"name\" not a valid ifname", *argv);
*name = *argv;
} else if (strcmp(*argv, "index") == 0) {
NEXT_ARG();
@@ -439,17 +586,19 @@
*link = *argv;
} else if (matches(*argv, "address") == 0) {
NEXT_ARG();
- len = ll_addr_a2n(abuf, sizeof(abuf), *argv);
- if (len < 0)
+ addr_len = ll_addr_a2n(abuf, sizeof(abuf), *argv);
+ if (addr_len < 0)
return -1;
- addattr_l(&req->n, sizeof(*req), IFLA_ADDRESS, abuf, len);
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_ADDRESS, abuf, addr_len);
} else if (matches(*argv, "broadcast") == 0 ||
strcmp(*argv, "brd") == 0) {
NEXT_ARG();
len = ll_addr_a2n(abuf, sizeof(abuf), *argv);
if (len < 0)
return -1;
- addattr_l(&req->n, sizeof(*req), IFLA_BROADCAST, abuf, len);
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_BROADCAST, abuf, len);
} else if (matches(*argv, "txqueuelen") == 0 ||
strcmp(*argv, "qlen") == 0 ||
matches(*argv, "txqlen") == 0) {
@@ -458,7 +607,8 @@
duparg("txqueuelen", *argv);
if (get_integer(&qlen, *argv, 0))
invarg("Invalid \"txqueuelen\" value\n", *argv);
- addattr_l(&req->n, sizeof(*req), IFLA_TXQLEN, &qlen, 4);
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_TXQLEN, &qlen, 4);
} else if (strcmp(*argv, "mtu") == 0) {
NEXT_ARG();
if (mtu != -1)
@@ -466,15 +616,29 @@
if (get_integer(&mtu, *argv, 0))
invarg("Invalid \"mtu\" value\n", *argv);
addattr_l(&req->n, sizeof(*req), IFLA_MTU, &mtu, 4);
+ } else if (strcmp(*argv, "xdpgeneric") == 0 ||
+ strcmp(*argv, "xdpdrv") == 0 ||
+ strcmp(*argv, "xdpoffload") == 0 ||
+ strcmp(*argv, "xdp") == 0) {
+ bool generic = strcmp(*argv, "xdpgeneric") == 0;
+ bool drv = strcmp(*argv, "xdpdrv") == 0;
+ bool offload = strcmp(*argv, "xdpoffload") == 0;
+
+ NEXT_ARG();
+ if (xdp_parse(&argc, &argv, req, generic, drv,
+ offload))
+ exit(-1);
} else if (strcmp(*argv, "netns") == 0) {
NEXT_ARG();
if (netns != -1)
duparg("netns", *argv);
netns = netns_get_fd(*argv);
if (netns >= 0)
- addattr_l(&req->n, sizeof(*req), IFLA_NET_NS_FD, &netns, 4);
+ addattr_l(&req->n, sizeof(*req), IFLA_NET_NS_FD,
+ &netns, 4);
else if (get_integer(&netns, *argv, 0) == 0)
- addattr_l(&req->n, sizeof(*req), IFLA_NET_NS_PID, &netns, 4);
+ addattr_l(&req->n, sizeof(*req),
+ IFLA_NET_NS_PID, &netns, 4);
else
invarg("Invalid \"netns\" value\n", *argv);
} else if (strcmp(*argv, "multicast") == 0) {
@@ -527,6 +691,18 @@
req->i.ifi_flags |= IFF_NOARP;
else
return on_off("arp", *argv);
+ } else if (strcmp(*argv, "carrier") == 0) {
+ int carrier;
+
+ NEXT_ARG();
+ if (strcmp(*argv, "on") == 0)
+ carrier = 1;
+ else if (strcmp(*argv, "off") == 0)
+ carrier = 0;
+ else
+ return on_off("carrier", *argv);
+
+ addattr8(&req->n, sizeof(*req), IFLA_CARRIER, carrier);
} else if (strcmp(*argv, "vf") == 0) {
struct rtattr *vflist;
@@ -552,6 +728,17 @@
invarg("Device does not exist\n", *argv);
addattr_l(&req->n, sizeof(*req), IFLA_MASTER,
&ifindex, 4);
+ } else if (strcmp(*argv, "vrf") == 0) {
+ int ifindex;
+
+ NEXT_ARG();
+ ifindex = ll_name_to_index(*argv);
+ if (!ifindex)
+ invarg("Not a valid VRF name\n", *argv);
+ if (!name_is_vrf(*argv))
+ invarg("Not a valid VRF name\n", *argv);
+ addattr_l(&req->n, sizeof(*req), IFLA_MASTER,
+ &ifindex, sizeof(ifindex));
} else if (matches(*argv, "nomaster") == 0) {
int ifindex = 0;
@@ -606,7 +793,8 @@
if (numtxqueues != -1)
duparg("numtxqueues", *argv);
if (get_integer(&numtxqueues, *argv, 0))
- invarg("Invalid \"numtxqueues\" value\n", *argv);
+ invarg("Invalid \"numtxqueues\" value\n",
+ *argv);
addattr_l(&req->n, sizeof(*req), IFLA_NUM_TX_QUEUES,
&numtxqueues, 4);
} else if (matches(*argv, "numrxqueues") == 0) {
@@ -614,7 +802,8 @@
if (numrxqueues != -1)
duparg("numrxqueues", *argv);
if (get_integer(&numrxqueues, *argv, 0))
- invarg("Invalid \"numrxqueues\" value\n", *argv);
+ invarg("Invalid \"numrxqueues\" value\n",
+ *argv);
addattr_l(&req->n, sizeof(*req), IFLA_NUM_RX_QUEUES,
&numrxqueues, 4);
} else if (matches(*argv, "addrgenmode") == 0) {
@@ -624,10 +813,12 @@
NEXT_ARG();
mode = get_addr_gen_mode(*argv);
if (mode < 0)
- invarg("Invalid address generation mode\n", *argv);
+ invarg("Invalid address generation mode\n",
+ *argv);
afs = addattr_nest(&req->n, sizeof(*req), IFLA_AF_SPEC);
afs6 = addattr_nest(&req->n, sizeof(*req), AF_INET6);
- addattr8(&req->n, sizeof(*req), IFLA_INET6_ADDR_GEN_MODE, mode);
+ addattr8(&req->n, sizeof(*req),
+ IFLA_INET6_ADDR_GEN_MODE, mode);
addattr_nest_end(&req->n, afs6);
addattr_nest_end(&req->n, afs);
} else if (matches(*argv, "link-netnsid") == 0) {
@@ -635,7 +826,8 @@
if (link_netnsid != -1)
duparg("link-netnsid", *argv);
if (get_integer(&link_netnsid, *argv, 0))
- invarg("Invalid \"link-netnsid\" value\n", *argv);
+ invarg("Invalid \"link-netnsid\" value\n",
+ *argv);
addattr32(&req->n, sizeof(*req), IFLA_LINK_NETNSID,
link_netnsid);
} else if (strcmp(*argv, "protodown") == 0) {
@@ -658,18 +850,30 @@
NEXT_ARG();
if (*dev)
duparg2("dev", *argv);
+ if (check_ifname(*argv))
+ invarg("\"dev\" not a valid ifname", *argv);
*dev = *argv;
dev_index = ll_name_to_index(*dev);
}
argc--; argv++;
}
+ if (dev_index && addr_len) {
+ int halen = nl_get_ll_addr_len(dev_index);
+
+ if (halen >= 0 && halen != addr_len) {
+ fprintf(stderr,
+ "Invalid address length %d - must be %d bytes\n",
+ addr_len, halen);
+ return -1;
+ }
+ }
+
return ret - argc;
}
static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
{
- int len;
char *dev = NULL;
char *name = NULL;
char *link = NULL;
@@ -677,17 +881,16 @@
int index = -1;
int group;
struct link_util *lu = NULL;
- struct iplink_req req;
+ struct iplink_req req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .i.ifi_family = preferred_family,
+ };
int ret;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.i.ifi_family = preferred_family;
-
- ret = iplink_parse(argc, argv, &req, &name, &type, &link, &dev, &group, &index);
+ ret = iplink_parse(argc, argv,
+ &req, &name, &type, &link, &dev, &group, &index);
if (ret < 0)
return ret;
@@ -700,14 +903,14 @@
&group, sizeof(group));
else {
if (argc) {
- fprintf(stderr, "Garbage instead of arguments "
- "\"%s ...\". Try \"ip link "
- "help\".\n", *argv);
+ fprintf(stderr,
+ "Garbage instead of arguments \"%s ...\". Try \"ip link help\".\n",
+ *argv);
return -1;
}
if (flags & NLM_F_CREATE) {
- fprintf(stderr, "group cannot be used when "
- "creating devices.\n");
+ fprintf(stderr,
+ "group cannot be used when creating devices.\n");
return -1;
}
@@ -721,13 +924,13 @@
if (!(flags & NLM_F_CREATE)) {
if (!dev) {
- fprintf(stderr, "Not enough information: \"dev\" "
- "argument is required.\n");
+ fprintf(stderr,
+ "Not enough information: \"dev\" argument is required.\n");
exit(-1);
}
if (cmd == RTM_NEWLINK && index != -1) {
- fprintf(stderr, "index can be used only when "
- "creating devices.\n");
+ fprintf(stderr,
+ "index can be used only when creating devices.\n");
exit(-1);
}
@@ -760,38 +963,28 @@
}
if (name) {
- len = strlen(name) + 1;
- if (len == 1)
- invarg("\"\" is not a valid device identifier\n", "name");
- if (len > IFNAMSIZ)
- invarg("\"name\" too long\n", name);
- addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, len);
+ addattr_l(&req.n, sizeof(req),
+ IFLA_IFNAME, name, strlen(name) + 1);
}
if (type) {
struct rtattr *linkinfo;
- char slavebuf[128], *ulinep = strchr(type, '_');
+ char *ulinep = strchr(type, '_');
int iflatype;
linkinfo = addattr_nest(&req.n, sizeof(req), IFLA_LINKINFO);
addattr_l(&req.n, sizeof(req), IFLA_INFO_KIND, type,
strlen(type));
- if (ulinep && !strcmp(ulinep, "_slave")) {
- strncpy(slavebuf, type, sizeof(slavebuf));
- slavebuf[sizeof(slavebuf) - 1] = '\0';
- ulinep = strchr(slavebuf, '_');
- /* check in case it was after sizeof(slavebuf) - 1*/
- if (ulinep)
- *ulinep = '\0';
- lu = get_link_slave_kind(slavebuf);
+ lu = get_link_kind(type);
+ if (ulinep && !strcmp(ulinep, "_slave"))
iflatype = IFLA_INFO_SLAVE_DATA;
- } else {
- lu = get_link_kind(type);
+ else
iflatype = IFLA_INFO_DATA;
- }
if (lu && argc) {
- struct rtattr *data = addattr_nest(&req.n, sizeof(req), iflatype);
+ struct rtattr *data
+ = addattr_nest(&req.n,
+ sizeof(req), iflatype);
if (lu->parse_opt &&
lu->parse_opt(lu, argc, argv, &req.n))
@@ -801,14 +994,15 @@
} else if (argc) {
if (matches(*argv, "help") == 0)
usage();
- fprintf(stderr, "Garbage instead of arguments \"%s ...\". "
- "Try \"ip link help\".\n", *argv);
+ fprintf(stderr,
+ "Garbage instead of arguments \"%s ...\". Try \"ip link help\".\n",
+ *argv);
return -1;
}
addattr_nest_end(&req.n, linkinfo);
} else if (flags & NLM_F_CREATE) {
- fprintf(stderr, "Not enough information: \"type\" argument "
- "is required\n");
+ fprintf(stderr,
+ "Not enough information: \"type\" argument is required\n");
return -1;
}
@@ -820,38 +1014,37 @@
int iplink_get(unsigned int flags, char *name, __u32 filt_mask)
{
- int len;
- struct iplink_req req;
+ struct iplink_req req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ };
struct {
struct nlmsghdr n;
- char buf[16384];
+ char buf[32768];
} answer;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
-
if (name) {
- len = strlen(name) + 1;
- if (len == 1)
- invarg("\"\" is not a valid device identifier\n",
- "name");
- if (len > IFNAMSIZ)
- invarg("\"name\" too long\n", name);
- addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, len);
+ addattr_l(&req.n, sizeof(req),
+ IFLA_IFNAME, name, strlen(name) + 1);
}
addattr32(&req.n, sizeof(req), IFLA_EXT_MASK, filt_mask);
if (rtnl_talk(&rth, &req.n, &answer.n, sizeof(answer)) < 0)
return -2;
+ if (answer.n.nlmsg_len > sizeof(answer.buf)) {
+ fprintf(stderr, "Message truncated from %u to %zu\n",
+ answer.n.nlmsg_len, sizeof(answer.buf));
+ return -2;
+ }
+ open_json_object(NULL);
if (brief)
- print_linkinfo_brief(NULL, &answer.n, stdout);
+ print_linkinfo_brief(NULL, &answer.n, stdout, NULL);
else
print_linkinfo(NULL, &answer.n, stdout);
+ close_json_object();
return 0;
}
@@ -927,16 +1120,14 @@
static int set_qlen(const char *dev, int qlen)
{
- struct ifreq ifr;
+ struct ifreq ifr = { .ifr_qlen = qlen };
int s;
s = get_ctl_fd();
if (s < 0)
return -1;
- memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
- ifr.ifr_qlen = qlen;
if (ioctl(s, SIOCSIFTXQLEN, &ifr) < 0) {
perror("SIOCSIFXQLEN");
close(s);
@@ -949,16 +1140,14 @@
static int set_mtu(const char *dev, int mtu)
{
- struct ifreq ifr;
+ struct ifreq ifr = { .ifr_mtu = mtu };
int s;
s = get_ctl_fd();
if (s < 0)
return -1;
- memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
- ifr.ifr_mtu = mtu;
if (ioctl(s, SIOCSIFMTU, &ifr) < 0) {
perror("SIOCSIFMTU");
close(s);
@@ -971,8 +1160,11 @@
static int get_address(const char *dev, int *htype)
{
- struct ifreq ifr;
- struct sockaddr_ll me;
+ struct ifreq ifr = {};
+ struct sockaddr_ll me = {
+ .sll_family = AF_PACKET,
+ .sll_protocol = htons(ETH_P_LOOP),
+ };
socklen_t alen;
int s;
@@ -982,7 +1174,6 @@
return -1;
}
- memset(&ifr, 0, sizeof(ifr));
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
if (ioctl(s, SIOCGIFINDEX, &ifr) < 0) {
perror("SIOCGIFINDEX");
@@ -990,10 +1181,7 @@
return -1;
}
- memset(&me, 0, sizeof(me));
- me.sll_family = AF_PACKET;
me.sll_ifindex = ifr.ifr_ifindex;
- me.sll_protocol = htons(ETH_P_LOOP);
if (bind(s, (struct sockaddr *)&me, sizeof(me)) == -1) {
perror("bind");
close(s);
@@ -1023,7 +1211,9 @@
if (alen < 0)
return -1;
if (alen != halen) {
- fprintf(stderr, "Wrong address (%s) length: expected %d bytes\n", lla, halen);
+ fprintf(stderr,
+ "Wrong address (%s) length: expected %d bytes\n",
+ lla, halen);
return -1;
}
return 0;
@@ -1067,6 +1257,8 @@
flags &= ~IFF_UP;
} else if (strcmp(*argv, "name") == 0) {
NEXT_ARG();
+ if (check_ifname(*argv))
+ invarg("\"name\" not a valid ifname", *argv);
newname = *argv;
} else if (matches(*argv, "address") == 0) {
NEXT_ARG();
@@ -1157,13 +1349,16 @@
if (dev)
duparg2("dev", *argv);
+ if (check_ifname(*argv))
+ invarg("\"dev\" not a valid ifname", *argv);
dev = *argv;
}
argc--; argv++;
}
if (!dev) {
- fprintf(stderr, "Not enough of information: \"dev\" argument is required.\n");
+ fprintf(stderr,
+ "Not enough of information: \"dev\" argument is required.\n");
exit(-1);
}
@@ -1172,18 +1367,18 @@
if (halen < 0)
return -1;
if (newaddr) {
- if (parse_address(dev, htype, halen, newaddr, &ifr0) < 0)
+ if (parse_address(dev, htype, halen,
+ newaddr, &ifr0) < 0)
return -1;
}
if (newbrd) {
- if (parse_address(dev, htype, halen, newbrd, &ifr1) < 0)
+ if (parse_address(dev, htype, halen,
+ newbrd, &ifr1) < 0)
return -1;
}
}
if (newname && strcmp(dev, newname)) {
- if (strlen(newname) == 0)
- invarg("\"\" is not a valid device identifier\n", "name");
if (do_changename(dev, newname) < 0)
return -1;
dev = newname;
@@ -1212,6 +1407,150 @@
}
#endif /* IPLINK_IOCTL_COMPAT */
+static void print_mpls_stats(FILE *fp, struct rtattr *attr)
+{
+ struct rtattr *mrtb[MPLS_STATS_MAX+1];
+ struct mpls_link_stats *stats;
+
+ parse_rtattr(mrtb, MPLS_STATS_MAX, RTA_DATA(attr),
+ RTA_PAYLOAD(attr));
+ if (!mrtb[MPLS_STATS_LINK])
+ return;
+
+ stats = RTA_DATA(mrtb[MPLS_STATS_LINK]);
+
+ fprintf(fp, " mpls:\n");
+ fprintf(fp, " RX: bytes packets errors dropped noroute\n");
+ fprintf(fp, " ");
+ print_num(fp, 10, stats->rx_bytes);
+ print_num(fp, 8, stats->rx_packets);
+ print_num(fp, 7, stats->rx_errors);
+ print_num(fp, 8, stats->rx_dropped);
+ print_num(fp, 7, stats->rx_noroute);
+ fprintf(fp, "\n");
+ fprintf(fp, " TX: bytes packets errors dropped\n");
+ fprintf(fp, " ");
+ print_num(fp, 10, stats->tx_bytes);
+ print_num(fp, 8, stats->tx_packets);
+ print_num(fp, 7, stats->tx_errors);
+ print_num(fp, 7, stats->tx_dropped);
+ fprintf(fp, "\n");
+}
+
+static void print_af_stats_attr(FILE *fp, int ifindex, struct rtattr *attr)
+{
+ bool if_printed = false;
+ struct rtattr *i;
+ int rem;
+
+ rem = RTA_PAYLOAD(attr);
+ for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ if (preferred_family != AF_UNSPEC &&
+ i->rta_type != preferred_family)
+ continue;
+
+ if (!if_printed) {
+ fprintf(fp, "%u: %s\n", ifindex,
+ ll_index_to_name(ifindex));
+ if_printed = true;
+ }
+
+ switch (i->rta_type) {
+ case AF_MPLS:
+ print_mpls_stats(fp, i);
+ break;
+ default:
+ fprintf(fp, " unknown af(%d)\n", i->rta_type);
+ break;
+ }
+ }
+}
+
+struct af_stats_ctx {
+ FILE *fp;
+ int ifindex;
+};
+
+static int print_af_stats(const struct sockaddr_nl *who,
+ struct nlmsghdr *n,
+ void *arg)
+{
+ struct if_stats_msg *ifsm = NLMSG_DATA(n);
+ struct rtattr *tb[IFLA_STATS_MAX+1];
+ int len = n->nlmsg_len;
+ struct af_stats_ctx *ctx = arg;
+ FILE *fp = ctx->fp;
+
+ len -= NLMSG_LENGTH(sizeof(*ifsm));
+ if (len < 0) {
+ fprintf(stderr, "BUG: wrong nlmsg len %d\n", len);
+ return -1;
+ }
+
+ if (ctx->ifindex && ifsm->ifindex != ctx->ifindex)
+ return 0;
+
+ parse_rtattr(tb, IFLA_STATS_MAX, IFLA_STATS_RTA(ifsm), len);
+
+ if (tb[IFLA_STATS_AF_SPEC])
+ print_af_stats_attr(fp, ifsm->ifindex, tb[IFLA_STATS_AF_SPEC]);
+
+ fflush(fp);
+ return 0;
+}
+
+static int iplink_afstats(int argc, char **argv)
+{
+ __u32 filt_mask = IFLA_STATS_FILTER_BIT(IFLA_STATS_AF_SPEC);
+ const char *filter_dev = NULL;
+ struct af_stats_ctx ctx = {
+ .fp = stdout,
+ .ifindex = 0,
+ };
+
+ while (argc > 0) {
+ if (strcmp(*argv, "dev") == 0) {
+ NEXT_ARG();
+ if (filter_dev)
+ duparg2("dev", *argv);
+ filter_dev = *argv;
+ } else if (matches(*argv, "help") == 0) {
+ usage();
+ } else {
+ fprintf(stderr,
+ "Command \"%s\" is unknown, try \"ip link help\".\n",
+ *argv);
+ exit(-1);
+ }
+
+ argv++; argc--;
+ }
+
+ if (filter_dev) {
+ ctx.ifindex = ll_name_to_index(filter_dev);
+ if (ctx.ifindex <= 0) {
+ fprintf(stderr,
+ "Device \"%s\" does not exist.\n",
+ filter_dev);
+ return -1;
+ }
+ }
+
+ if (rtnl_wilddump_stats_req_filter(&rth, AF_UNSPEC,
+ RTM_GETSTATS,
+ filt_mask) < 0) {
+ perror("Cannont send dump request");
+ return 1;
+ }
+
+ if (rtnl_dump_filter(&rth, print_af_stats, &ctx) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return 1;
+ }
+
+ return 0;
+}
+
static void do_help(int argc, char **argv)
{
struct link_util *lu = NULL;
@@ -1261,6 +1600,14 @@
matches(*argv, "list") == 0)
return ipaddr_list_link(argc-1, argv+1);
+ if (matches(*argv, "xstats") == 0)
+ return iplink_ifla_xstats(argc-1, argv+1);
+
+ if (matches(*argv, "afstats") == 0) {
+ iplink_afstats(argc-1, argv+1);
+ return 0;
+ }
+
if (matches(*argv, "help") == 0) {
do_help(argc-1, argv+1);
return 0;
diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c
index cb2f045..2b5cf4f 100644
--- a/ip/iplink_bond.c
+++ b/ip/iplink_bond.c
@@ -133,7 +133,7 @@
" [ min_links MIN_LINKS ]\n"
" [ lp_interval LP_INTERVAL ]\n"
" [ packets_per_slave PACKETS_PER_SLAVE ]\n"
- " [ tlb_dynamic_lb TLB_DYNAMIC_LB ]\n"
+ " [ tlb_dynamic_lb TLB_DYNAMIC_LB ]\n"
" [ lacp_rate LACP_RATE ]\n"
" [ ad_select AD_SELECT ]\n"
" [ ad_user_port_key PORTKEY ]\n"
@@ -166,7 +166,7 @@
__u32 miimon, updelay, downdelay, arp_interval, arp_validate;
__u32 arp_all_targets, resend_igmp, min_links, lp_interval;
__u32 packets_per_slave;
- unsigned ifindex;
+ unsigned int ifindex;
while (argc > 0) {
if (matches(*argv, "mode") == 0) {
@@ -209,7 +209,7 @@
invarg("invalid arp_interval", *argv);
addattr32(n, 1024, IFLA_BOND_ARP_INTERVAL, arp_interval);
} else if (matches(*argv, "arp_ip_target") == 0) {
- struct rtattr * nest = addattr_nest(n, 1024,
+ struct rtattr *nest = addattr_nest(n, 1024,
IFLA_BOND_ARP_IP_TARGET);
if (NEXT_ARG_OK()) {
NEXT_ARG();
@@ -217,8 +217,9 @@
char *target = strtok(targets, ",");
int i;
- for(i = 0; target && i < BOND_MAX_ARP_TARGETS; i++) {
+ for (i = 0; target && i < BOND_MAX_ARP_TARGETS; i++) {
__u32 addr = get_addr32(target);
+
addattr32(n, 1024, i, addr);
target = strtok(NULL, ",");
}
@@ -368,15 +369,15 @@
static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
- unsigned ifindex;
+ unsigned int ifindex;
if (!tb)
return;
if (tb[IFLA_BOND_MODE]) {
const char *mode = get_name(mode_tbl,
- rta_getattr_u8(tb[IFLA_BOND_MODE]));
- fprintf(f, "mode %s ", mode);
+ rta_getattr_u8(tb[IFLA_BOND_MODE]));
+ print_string(PRINT_ANY, "mode", "mode %s ", mode);
}
if (tb[IFLA_BOND_ACTIVE_SLAVE] &&
@@ -385,66 +386,97 @@
const char *n = if_indextoname(ifindex, buf);
if (n)
- fprintf(f, "active_slave %s ", n);
+ print_string(PRINT_ANY,
+ "active_slave",
+ "active_slave %s ",
+ n);
else
- fprintf(f, "active_slave %u ", ifindex);
+ print_uint(PRINT_ANY,
+ "active_slave_index",
+ "active_slave %u ",
+ ifindex);
}
if (tb[IFLA_BOND_MIIMON])
- fprintf(f, "miimon %u ", rta_getattr_u32(tb[IFLA_BOND_MIIMON]));
+ print_uint(PRINT_ANY,
+ "miimon",
+ "miimon %u ",
+ rta_getattr_u32(tb[IFLA_BOND_MIIMON]));
if (tb[IFLA_BOND_UPDELAY])
- fprintf(f, "updelay %u ", rta_getattr_u32(tb[IFLA_BOND_UPDELAY]));
+ print_uint(PRINT_ANY,
+ "updelay",
+ "updelay %u ",
+ rta_getattr_u32(tb[IFLA_BOND_UPDELAY]));
if (tb[IFLA_BOND_DOWNDELAY])
- fprintf(f, "downdelay %u ",
- rta_getattr_u32(tb[IFLA_BOND_DOWNDELAY]));
+ print_uint(PRINT_ANY,
+ "downdelay",
+ "downdelay %u ",
+ rta_getattr_u32(tb[IFLA_BOND_DOWNDELAY]));
if (tb[IFLA_BOND_USE_CARRIER])
- fprintf(f, "use_carrier %u ",
- rta_getattr_u8(tb[IFLA_BOND_USE_CARRIER]));
+ print_uint(PRINT_ANY,
+ "use_carrier",
+ "use_carrier %u ",
+ rta_getattr_u8(tb[IFLA_BOND_USE_CARRIER]));
if (tb[IFLA_BOND_ARP_INTERVAL])
- fprintf(f, "arp_interval %u ",
- rta_getattr_u32(tb[IFLA_BOND_ARP_INTERVAL]));
+ print_uint(PRINT_ANY,
+ "arp_interval",
+ "arp_interval %u ",
+ rta_getattr_u32(tb[IFLA_BOND_ARP_INTERVAL]));
if (tb[IFLA_BOND_ARP_IP_TARGET]) {
struct rtattr *iptb[BOND_MAX_ARP_TARGETS + 1];
- char buf[INET_ADDRSTRLEN];
int i;
parse_rtattr_nested(iptb, BOND_MAX_ARP_TARGETS,
- tb[IFLA_BOND_ARP_IP_TARGET]);
+ tb[IFLA_BOND_ARP_IP_TARGET]);
- if (iptb[0])
- fprintf(f, "arp_ip_target ");
+ if (iptb[0]) {
+ open_json_array(PRINT_JSON, "arp_ip_target");
+ print_string(PRINT_FP, NULL, "arp_ip_target ", NULL);
+ }
for (i = 0; i < BOND_MAX_ARP_TARGETS; i++) {
if (iptb[i])
- fprintf(f, "%s",
- rt_addr_n2a(AF_INET,
- RTA_PAYLOAD(iptb[i]),
- RTA_DATA(iptb[i]),
- buf,
- INET_ADDRSTRLEN));
- if (i < BOND_MAX_ARP_TARGETS-1 && iptb[i+1])
+ print_string(PRINT_ANY,
+ NULL,
+ "%s",
+ rt_addr_n2a_rta(AF_INET, iptb[i]));
+ if (!is_json_context()
+ && i < BOND_MAX_ARP_TARGETS-1
+ && iptb[i+1])
fprintf(f, ",");
}
- if (iptb[0])
- fprintf(f, " ");
+ if (iptb[0]) {
+ print_string(PRINT_FP, NULL, " ", NULL);
+ close_json_array(PRINT_JSON, NULL);
+ }
}
if (tb[IFLA_BOND_ARP_VALIDATE]) {
- const char *arp_validate = get_name(arp_validate_tbl,
- rta_getattr_u32(tb[IFLA_BOND_ARP_VALIDATE]));
- fprintf(f, "arp_validate %s ", arp_validate);
+ __u32 arp_v = rta_getattr_u32(tb[IFLA_BOND_ARP_VALIDATE]);
+ const char *arp_validate = get_name(arp_validate_tbl, arp_v);
+
+ if (!arp_v && is_json_context())
+ print_null(PRINT_JSON, "arp_validate", NULL, NULL);
+ else
+ print_string(PRINT_ANY,
+ "arp_validate",
+ "arp_validate %s ",
+ arp_validate);
}
if (tb[IFLA_BOND_ARP_ALL_TARGETS]) {
const char *arp_all_targets = get_name(arp_all_targets_tbl,
- rta_getattr_u32(tb[IFLA_BOND_ARP_ALL_TARGETS]));
- fprintf(f, "arp_all_targets %s ", arp_all_targets);
+ rta_getattr_u32(tb[IFLA_BOND_ARP_ALL_TARGETS]));
+ print_string(PRINT_ANY,
+ "arp_all_targets",
+ "arp_all_targets %s ",
+ arp_all_targets);
}
if (tb[IFLA_BOND_PRIMARY] &&
@@ -453,123 +485,176 @@
const char *n = if_indextoname(ifindex, buf);
if (n)
- fprintf(f, "primary %s ", n);
+ print_string(PRINT_ANY, "primary", "primary %s ", n);
else
- fprintf(f, "primary %u ", ifindex);
+ print_uint(PRINT_ANY,
+ "primary_index",
+ "primary %u ",
+ ifindex);
}
if (tb[IFLA_BOND_PRIMARY_RESELECT]) {
const char *primary_reselect = get_name(primary_reselect_tbl,
- rta_getattr_u8(tb[IFLA_BOND_PRIMARY_RESELECT]));
- fprintf(f, "primary_reselect %s ", primary_reselect);
+ rta_getattr_u8(tb[IFLA_BOND_PRIMARY_RESELECT]));
+ print_string(PRINT_ANY,
+ "primary_reselect",
+ "primary_reselect %s ",
+ primary_reselect);
}
if (tb[IFLA_BOND_FAIL_OVER_MAC]) {
const char *fail_over_mac = get_name(fail_over_mac_tbl,
- rta_getattr_u8(tb[IFLA_BOND_FAIL_OVER_MAC]));
- fprintf(f, "fail_over_mac %s ", fail_over_mac);
+ rta_getattr_u8(tb[IFLA_BOND_FAIL_OVER_MAC]));
+ print_string(PRINT_ANY,
+ "fail_over_mac",
+ "fail_over_mac %s ",
+ fail_over_mac);
}
if (tb[IFLA_BOND_XMIT_HASH_POLICY]) {
const char *xmit_hash_policy = get_name(xmit_hash_policy_tbl,
- rta_getattr_u8(tb[IFLA_BOND_XMIT_HASH_POLICY]));
- fprintf(f, "xmit_hash_policy %s ", xmit_hash_policy);
+ rta_getattr_u8(tb[IFLA_BOND_XMIT_HASH_POLICY]));
+ print_string(PRINT_ANY,
+ "xmit_hash_policy",
+ "xmit_hash_policy %s ",
+ xmit_hash_policy);
}
if (tb[IFLA_BOND_RESEND_IGMP])
- fprintf(f, "resend_igmp %u ",
- rta_getattr_u32(tb[IFLA_BOND_RESEND_IGMP]));
+ print_uint(PRINT_ANY,
+ "resend_igmp",
+ "resend_igmp %u ",
+ rta_getattr_u32(tb[IFLA_BOND_RESEND_IGMP]));
if (tb[IFLA_BOND_NUM_PEER_NOTIF])
- fprintf(f, "num_grat_arp %u ",
- rta_getattr_u8(tb[IFLA_BOND_NUM_PEER_NOTIF]));
+ print_uint(PRINT_ANY,
+ "num_peer_notif",
+ "num_grat_arp %u ",
+ rta_getattr_u8(tb[IFLA_BOND_NUM_PEER_NOTIF]));
if (tb[IFLA_BOND_ALL_SLAVES_ACTIVE])
- fprintf(f, "all_slaves_active %u ",
- rta_getattr_u8(tb[IFLA_BOND_ALL_SLAVES_ACTIVE]));
+ print_uint(PRINT_ANY,
+ "all_slaves_active",
+ "all_slaves_active %u ",
+ rta_getattr_u8(tb[IFLA_BOND_ALL_SLAVES_ACTIVE]));
if (tb[IFLA_BOND_MIN_LINKS])
- fprintf(f, "min_links %u ",
- rta_getattr_u32(tb[IFLA_BOND_MIN_LINKS]));
+ print_uint(PRINT_ANY,
+ "min_links",
+ "min_links %u ",
+ rta_getattr_u32(tb[IFLA_BOND_MIN_LINKS]));
if (tb[IFLA_BOND_LP_INTERVAL])
- fprintf(f, "lp_interval %u ",
- rta_getattr_u32(tb[IFLA_BOND_LP_INTERVAL]));
+ print_uint(PRINT_ANY,
+ "lp_interval",
+ "lp_interval %u ",
+ rta_getattr_u32(tb[IFLA_BOND_LP_INTERVAL]));
if (tb[IFLA_BOND_PACKETS_PER_SLAVE])
- fprintf(f, "packets_per_slave %u ",
- rta_getattr_u32(tb[IFLA_BOND_PACKETS_PER_SLAVE]));
+ print_uint(PRINT_ANY,
+ "packets_per_slave",
+ "packets_per_slave %u ",
+ rta_getattr_u32(tb[IFLA_BOND_PACKETS_PER_SLAVE]));
if (tb[IFLA_BOND_AD_LACP_RATE]) {
const char *lacp_rate = get_name(lacp_rate_tbl,
- rta_getattr_u8(tb[IFLA_BOND_AD_LACP_RATE]));
- fprintf(f, "lacp_rate %s ", lacp_rate);
+ rta_getattr_u8(tb[IFLA_BOND_AD_LACP_RATE]));
+ print_string(PRINT_ANY,
+ "ad_lacp_rate",
+ "lacp_rate %s ",
+ lacp_rate);
}
if (tb[IFLA_BOND_AD_SELECT]) {
const char *ad_select = get_name(ad_select_tbl,
- rta_getattr_u8(tb[IFLA_BOND_AD_SELECT]));
- fprintf(f, "ad_select %s ", ad_select);
+ rta_getattr_u8(tb[IFLA_BOND_AD_SELECT]));
+ print_string(PRINT_ANY,
+ "ad_select",
+ "ad_select %s ",
+ ad_select);
}
if (tb[IFLA_BOND_AD_INFO]) {
struct rtattr *adtb[IFLA_BOND_AD_INFO_MAX + 1];
parse_rtattr_nested(adtb, IFLA_BOND_AD_INFO_MAX,
- tb[IFLA_BOND_AD_INFO]);
+ tb[IFLA_BOND_AD_INFO]);
+
+ open_json_object("ad_info");
if (adtb[IFLA_BOND_AD_INFO_AGGREGATOR])
- fprintf(f, "ad_aggregator %d ",
- rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_AGGREGATOR]));
+ print_int(PRINT_ANY,
+ "aggregator",
+ "ad_aggregator %d ",
+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_AGGREGATOR]));
if (adtb[IFLA_BOND_AD_INFO_NUM_PORTS])
- fprintf(f, "ad_num_ports %d ",
- rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_NUM_PORTS]));
+ print_int(PRINT_ANY,
+ "num_ports",
+ "ad_num_ports %d ",
+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_NUM_PORTS]));
if (adtb[IFLA_BOND_AD_INFO_ACTOR_KEY])
- fprintf(f, "ad_actor_key %d ",
- rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_ACTOR_KEY]));
+ print_int(PRINT_ANY,
+ "actor_key",
+ "ad_actor_key %d ",
+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_ACTOR_KEY]));
if (adtb[IFLA_BOND_AD_INFO_PARTNER_KEY])
- fprintf(f, "ad_partner_key %d ",
- rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_PARTNER_KEY]));
+ print_int(PRINT_ANY,
+ "partner_key",
+ "ad_partner_key %d ",
+ rta_getattr_u16(adtb[IFLA_BOND_AD_INFO_PARTNER_KEY]));
if (adtb[IFLA_BOND_AD_INFO_PARTNER_MAC]) {
unsigned char *p =
RTA_DATA(adtb[IFLA_BOND_AD_INFO_PARTNER_MAC]);
SPRINT_BUF(b);
- fprintf(f, "ad_partner_mac %s ",
- ll_addr_n2a(p, ETH_ALEN, 0, b, sizeof(b)));
+ print_string(PRINT_ANY,
+ "partner_mac",
+ "ad_partner_mac %s ",
+ ll_addr_n2a(p, ETH_ALEN, 0, b, sizeof(b)));
}
+
+ close_json_object();
}
if (tb[IFLA_BOND_AD_ACTOR_SYS_PRIO]) {
- fprintf(f, "ad_actor_sys_prio %u ",
- rta_getattr_u16(tb[IFLA_BOND_AD_ACTOR_SYS_PRIO]));
+ print_uint(PRINT_ANY,
+ "ad_actor_sys_prio",
+ "ad_actor_sys_prio %u ",
+ rta_getattr_u16(tb[IFLA_BOND_AD_ACTOR_SYS_PRIO]));
}
if (tb[IFLA_BOND_AD_USER_PORT_KEY]) {
- fprintf(f, "ad_user_port_key %u ",
- rta_getattr_u16(tb[IFLA_BOND_AD_USER_PORT_KEY]));
+ print_uint(PRINT_ANY,
+ "ad_user_port_key",
+ "ad_user_port_key %u ",
+ rta_getattr_u16(tb[IFLA_BOND_AD_USER_PORT_KEY]));
}
if (tb[IFLA_BOND_AD_ACTOR_SYSTEM]) {
/* We assume the l2 address is an Ethernet MAC address */
SPRINT_BUF(b1);
- fprintf(f, "ad_actor_system %s ",
- ll_addr_n2a(RTA_DATA(tb[IFLA_BOND_AD_ACTOR_SYSTEM]),
- RTA_PAYLOAD(tb[IFLA_BOND_AD_ACTOR_SYSTEM]),
- 1 /*ARPHDR_ETHER*/, b1, sizeof(b1)));
+
+ print_string(PRINT_ANY,
+ "ad_actor_system",
+ "ad_actor_system %s ",
+ ll_addr_n2a(RTA_DATA(tb[IFLA_BOND_AD_ACTOR_SYSTEM]),
+ RTA_PAYLOAD(tb[IFLA_BOND_AD_ACTOR_SYSTEM]),
+ 1 /*ARPHDR_ETHER*/, b1, sizeof(b1)));
}
if (tb[IFLA_BOND_TLB_DYNAMIC_LB]) {
- fprintf(f, "tlb_dynamic_lb %u ",
- rta_getattr_u8(tb[IFLA_BOND_TLB_DYNAMIC_LB]));
+ print_uint(PRINT_ANY,
+ "tlb_dynamic_lb",
+ "tlb_dynamic_lb %u ",
+ rta_getattr_u8(tb[IFLA_BOND_TLB_DYNAMIC_LB]));
}
}
static void bond_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_explain(f);
}
diff --git a/ip/iplink_bond_slave.c b/ip/iplink_bond_slave.c
index 9b569b1..67219c6 100644
--- a/ip/iplink_bond_slave.c
+++ b/ip/iplink_bond_slave.c
@@ -17,6 +17,16 @@
#include "utils.h"
#include "ip_common.h"
+static void print_explain(FILE *f)
+{
+ fprintf(f, "Usage: ... bond_slave [ queue_id ID ]\n");
+}
+
+static void explain(void)
+{
+ print_explain(stderr);
+}
+
static const char *slave_states[] = {
[BOND_STATE_ACTIVE] = "ACTIVE",
[BOND_STATE_BACKUP] = "BACKUP",
@@ -26,10 +36,13 @@
{
unsigned int state = rta_getattr_u8(tb);
- if (state >= sizeof(slave_states) / sizeof(slave_states[0]))
- fprintf(f, "state %d ", state);
+ if (state >= ARRAY_SIZE(slave_states))
+ print_int(PRINT_ANY, "state_index", "state %d ", state);
else
- fprintf(f, "state %s ", slave_states[state]);
+ print_string(PRINT_ANY,
+ "state",
+ "state %s ",
+ slave_states[state]);
}
static const char *slave_mii_status[] = {
@@ -43,10 +56,16 @@
{
unsigned int status = rta_getattr_u8(tb);
- if (status >= sizeof(slave_mii_status) / sizeof(slave_mii_status[0]))
- fprintf(f, "mii_status %d ", status);
+ if (status >= ARRAY_SIZE(slave_mii_status))
+ print_int(PRINT_ANY,
+ "mii_status_index",
+ "mii_status %d ",
+ status);
else
- fprintf(f, "mii_status %s ", slave_mii_status[status]);
+ print_string(PRINT_ANY,
+ "mii_status",
+ "mii_status %s ",
+ slave_mii_status[status]);
}
static void bond_slave_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
@@ -62,30 +81,42 @@
print_slave_mii_status(f, tb[IFLA_BOND_SLAVE_MII_STATUS]);
if (tb[IFLA_BOND_SLAVE_LINK_FAILURE_COUNT])
- fprintf(f, "link_failure_count %d ",
- rta_getattr_u32(tb[IFLA_BOND_SLAVE_LINK_FAILURE_COUNT]));
+ print_int(PRINT_ANY,
+ "link_failure_count",
+ "link_failure_count %d ",
+ rta_getattr_u32(tb[IFLA_BOND_SLAVE_LINK_FAILURE_COUNT]));
if (tb[IFLA_BOND_SLAVE_PERM_HWADDR])
- fprintf(f, "perm_hwaddr %s ",
- ll_addr_n2a(RTA_DATA(tb[IFLA_BOND_SLAVE_PERM_HWADDR]),
- RTA_PAYLOAD(tb[IFLA_BOND_SLAVE_PERM_HWADDR]),
- 0, b1, sizeof(b1)));
+ print_string(PRINT_ANY,
+ "perm_hwaddr",
+ "perm_hwaddr %s ",
+ ll_addr_n2a(RTA_DATA(tb[IFLA_BOND_SLAVE_PERM_HWADDR]),
+ RTA_PAYLOAD(tb[IFLA_BOND_SLAVE_PERM_HWADDR]),
+ 0, b1, sizeof(b1)));
if (tb[IFLA_BOND_SLAVE_QUEUE_ID])
- fprintf(f, "queue_id %d ",
- rta_getattr_u16(tb[IFLA_BOND_SLAVE_QUEUE_ID]));
+ print_int(PRINT_ANY,
+ "queue_id",
+ "queue_id %d ",
+ rta_getattr_u16(tb[IFLA_BOND_SLAVE_QUEUE_ID]));
if (tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID])
- fprintf(f, "ad_aggregator_id %d ",
- rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID]));
+ print_int(PRINT_ANY,
+ "ad_aggregator_id",
+ "ad_aggregator_id %d ",
+ rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_AGGREGATOR_ID]));
if (tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE])
- fprintf(f, "ad_actor_oper_port_state %d\n",
- rta_getattr_u8(tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE]));
+ print_int(PRINT_ANY,
+ "ad_actor_oper_port_state",
+ "ad_actor_oper_port_state %d ",
+ rta_getattr_u8(tb[IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE]));
if (tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE])
- fprintf(f, "ad_partner_oper_port_state %d\n",
- rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE]));
+ print_int(PRINT_ANY,
+ "ad_partner_oper_port_state",
+ "ad_partner_oper_port_state %d ",
+ rta_getattr_u16(tb[IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE]));
}
static int bond_slave_parse_opt(struct link_util *lu, int argc, char **argv,
@@ -99,6 +130,13 @@
if (get_u16(&queue_id, *argv, 0))
invarg("queue_id is invalid", *argv);
addattr16(n, 1024, IFLA_BOND_SLAVE_QUEUE_ID, queue_id);
+ } else {
+ if (matches(*argv, "help") != 0)
+ fprintf(stderr,
+ "bond_slave: unknown option \"%s\"?\n",
+ *argv);
+ explain();
+ return -1;
}
argc--, argv++;
}
@@ -106,10 +144,16 @@
return 0;
}
+static void bond_slave_print_help(struct link_util *lu, int argc, char **argv,
+ FILE *f)
+{
+ print_explain(f);
+}
+
struct link_util bond_slave_link_util = {
- .id = "bond",
+ .id = "bond_slave",
.maxattr = IFLA_BOND_SLAVE_MAX,
.print_opt = bond_slave_print_opt,
.parse_opt = bond_slave_parse_opt,
- .slave = true,
+ .print_help = bond_slave_print_help,
};
diff --git a/ip/iplink_bridge.c b/ip/iplink_bridge.c
index 0080409..d325098 100644
--- a/ip/iplink_bridge.c
+++ b/ip/iplink_bridge.c
@@ -12,23 +12,55 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <netinet/in.h>
+#include <netinet/ether.h>
#include <linux/if_link.h>
+#include <linux/if_bridge.h>
+#include <net/if.h>
#include "rt_names.h"
#include "utils.h"
#include "ip_common.h"
+static unsigned int xstats_print_attr;
+static int filter_index;
+
static void print_explain(FILE *f)
{
fprintf(f,
- "Usage: ... bridge [ forward_delay FORWARD_DELAY ]\n"
+ "Usage: ... bridge [ fdb_flush ]\n"
+ " [ forward_delay FORWARD_DELAY ]\n"
" [ hello_time HELLO_TIME ]\n"
" [ max_age MAX_AGE ]\n"
" [ ageing_time AGEING_TIME ]\n"
" [ stp_state STP_STATE ]\n"
" [ priority PRIORITY ]\n"
+ " [ group_fwd_mask MASK ]\n"
+ " [ group_address ADDRESS ]\n"
" [ vlan_filtering VLAN_FILTERING ]\n"
" [ vlan_protocol VLAN_PROTOCOL ]\n"
+ " [ vlan_default_pvid VLAN_DEFAULT_PVID ]\n"
+ " [ vlan_stats_enabled VLAN_STATS_ENABLED ]\n"
+ " [ mcast_snooping MULTICAST_SNOOPING ]\n"
+ " [ mcast_router MULTICAST_ROUTER ]\n"
+ " [ mcast_query_use_ifaddr MCAST_QUERY_USE_IFADDR ]\n"
+ " [ mcast_querier MULTICAST_QUERIER ]\n"
+ " [ mcast_hash_elasticity HASH_ELASTICITY ]\n"
+ " [ mcast_hash_max HASH_MAX ]\n"
+ " [ mcast_last_member_count LAST_MEMBER_COUNT ]\n"
+ " [ mcast_startup_query_count STARTUP_QUERY_COUNT ]\n"
+ " [ mcast_last_member_interval LAST_MEMBER_INTERVAL ]\n"
+ " [ mcast_membership_interval MEMBERSHIP_INTERVAL ]\n"
+ " [ mcast_querier_interval QUERIER_INTERVAL ]\n"
+ " [ mcast_query_interval QUERY_INTERVAL ]\n"
+ " [ mcast_query_response_interval QUERY_RESPONSE_INTERVAL ]\n"
+ " [ mcast_startup_query_interval STARTUP_QUERY_INTERVAL ]\n"
+ " [ mcast_stats_enabled MCAST_STATS_ENABLED ]\n"
+ " [ mcast_igmp_version IGMP_VERSION ]\n"
+ " [ mcast_mld_version MLD_VERSION ]\n"
+ " [ nf_call_iptables NF_CALL_IPTABLES ]\n"
+ " [ nf_call_ip6tables NF_CALL_IP6TABLES ]\n"
+ " [ nf_call_arptables NF_CALL_ARPTABLES ]\n"
"\n"
"Where: VLAN_PROTOCOL := { 802.1Q | 802.1ad }\n"
);
@@ -39,6 +71,14 @@
print_explain(stderr);
}
+void br_dump_bridge_id(const struct ifla_bridge_id *id, char *buf, size_t len)
+{
+ char eaddr[32];
+
+ ether_ntoa_r((const struct ether_addr *)id->addr, eaddr);
+ snprintf(buf, len, "%.2x%.2x.%s", id->prio[0], id->prio[1], eaddr);
+}
+
static int bridge_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
@@ -87,20 +127,238 @@
__u8 vlan_filter;
NEXT_ARG();
- if (get_u8(&vlan_filter, *argv, 0)) {
+ if (get_u8(&vlan_filter, *argv, 0))
invarg("invalid vlan_filtering", *argv);
- return -1;
- }
+
addattr8(n, 1024, IFLA_BR_VLAN_FILTERING, vlan_filter);
} else if (matches(*argv, "vlan_protocol") == 0) {
__u16 vlan_proto;
NEXT_ARG();
- if (ll_proto_a2n(&vlan_proto, *argv)) {
+ if (ll_proto_a2n(&vlan_proto, *argv))
invarg("invalid vlan_protocol", *argv);
- return -1;
- }
+
addattr16(n, 1024, IFLA_BR_VLAN_PROTOCOL, vlan_proto);
+ } else if (matches(*argv, "group_fwd_mask") == 0) {
+ __u16 fwd_mask;
+
+ NEXT_ARG();
+ if (get_u16(&fwd_mask, *argv, 0))
+ invarg("invalid group_fwd_mask", *argv);
+
+ addattr16(n, 1024, IFLA_BR_GROUP_FWD_MASK, fwd_mask);
+ } else if (matches(*argv, "group_address") == 0) {
+ char llabuf[32];
+ int len;
+
+ NEXT_ARG();
+ len = ll_addr_a2n(llabuf, sizeof(llabuf), *argv);
+ if (len < 0)
+ return -1;
+ addattr_l(n, 1024, IFLA_BR_GROUP_ADDR, llabuf, len);
+ } else if (matches(*argv, "fdb_flush") == 0) {
+ addattr(n, 1024, IFLA_BR_FDB_FLUSH);
+ } else if (matches(*argv, "vlan_default_pvid") == 0) {
+ __u16 default_pvid;
+
+ NEXT_ARG();
+ if (get_u16(&default_pvid, *argv, 0))
+ invarg("invalid vlan_default_pvid", *argv);
+
+ addattr16(n, 1024, IFLA_BR_VLAN_DEFAULT_PVID,
+ default_pvid);
+ } else if (matches(*argv, "vlan_stats_enabled") == 0) {
+ __u8 vlan_stats_enabled;
+
+ NEXT_ARG();
+ if (get_u8(&vlan_stats_enabled, *argv, 0))
+ invarg("invalid vlan_stats_enabled", *argv);
+ addattr8(n, 1024, IFLA_BR_VLAN_STATS_ENABLED,
+ vlan_stats_enabled);
+ } else if (matches(*argv, "mcast_router") == 0) {
+ __u8 mcast_router;
+
+ NEXT_ARG();
+ if (get_u8(&mcast_router, *argv, 0))
+ invarg("invalid mcast_router", *argv);
+
+ addattr8(n, 1024, IFLA_BR_MCAST_ROUTER, mcast_router);
+ } else if (matches(*argv, "mcast_snooping") == 0) {
+ __u8 mcast_snoop;
+
+ NEXT_ARG();
+ if (get_u8(&mcast_snoop, *argv, 0))
+ invarg("invalid mcast_snooping", *argv);
+
+ addattr8(n, 1024, IFLA_BR_MCAST_SNOOPING, mcast_snoop);
+ } else if (matches(*argv, "mcast_query_use_ifaddr") == 0) {
+ __u8 mcast_qui;
+
+ NEXT_ARG();
+ if (get_u8(&mcast_qui, *argv, 0))
+ invarg("invalid mcast_query_use_ifaddr",
+ *argv);
+
+ addattr8(n, 1024, IFLA_BR_MCAST_QUERY_USE_IFADDR,
+ mcast_qui);
+ } else if (matches(*argv, "mcast_querier") == 0) {
+ __u8 mcast_querier;
+
+ NEXT_ARG();
+ if (get_u8(&mcast_querier, *argv, 0))
+ invarg("invalid mcast_querier", *argv);
+
+ addattr8(n, 1024, IFLA_BR_MCAST_QUERIER, mcast_querier);
+ } else if (matches(*argv, "mcast_hash_elasticity") == 0) {
+ __u32 mcast_hash_el;
+
+ NEXT_ARG();
+ if (get_u32(&mcast_hash_el, *argv, 0))
+ invarg("invalid mcast_hash_elasticity",
+ *argv);
+
+ addattr32(n, 1024, IFLA_BR_MCAST_HASH_ELASTICITY,
+ mcast_hash_el);
+ } else if (matches(*argv, "mcast_hash_max") == 0) {
+ __u32 mcast_hash_max;
+
+ NEXT_ARG();
+ if (get_u32(&mcast_hash_max, *argv, 0))
+ invarg("invalid mcast_hash_max", *argv);
+
+ addattr32(n, 1024, IFLA_BR_MCAST_HASH_MAX,
+ mcast_hash_max);
+ } else if (matches(*argv, "mcast_last_member_count") == 0) {
+ __u32 mcast_lmc;
+
+ NEXT_ARG();
+ if (get_u32(&mcast_lmc, *argv, 0))
+ invarg("invalid mcast_last_member_count",
+ *argv);
+
+ addattr32(n, 1024, IFLA_BR_MCAST_LAST_MEMBER_CNT,
+ mcast_lmc);
+ } else if (matches(*argv, "mcast_startup_query_count") == 0) {
+ __u32 mcast_sqc;
+
+ NEXT_ARG();
+ if (get_u32(&mcast_sqc, *argv, 0))
+ invarg("invalid mcast_startup_query_count",
+ *argv);
+
+ addattr32(n, 1024, IFLA_BR_MCAST_STARTUP_QUERY_CNT,
+ mcast_sqc);
+ } else if (matches(*argv, "mcast_last_member_interval") == 0) {
+ __u64 mcast_last_member_intvl;
+
+ NEXT_ARG();
+ if (get_u64(&mcast_last_member_intvl, *argv, 0))
+ invarg("invalid mcast_last_member_interval",
+ *argv);
+
+ addattr64(n, 1024, IFLA_BR_MCAST_LAST_MEMBER_INTVL,
+ mcast_last_member_intvl);
+ } else if (matches(*argv, "mcast_membership_interval") == 0) {
+ __u64 mcast_membership_intvl;
+
+ NEXT_ARG();
+ if (get_u64(&mcast_membership_intvl, *argv, 0))
+ invarg("invalid mcast_membership_interval",
+ *argv);
+
+ addattr64(n, 1024, IFLA_BR_MCAST_MEMBERSHIP_INTVL,
+ mcast_membership_intvl);
+ } else if (matches(*argv, "mcast_querier_interval") == 0) {
+ __u64 mcast_querier_intvl;
+
+ NEXT_ARG();
+ if (get_u64(&mcast_querier_intvl, *argv, 0))
+ invarg("invalid mcast_querier_interval",
+ *argv);
+
+ addattr64(n, 1024, IFLA_BR_MCAST_QUERIER_INTVL,
+ mcast_querier_intvl);
+ } else if (matches(*argv, "mcast_query_interval") == 0) {
+ __u64 mcast_query_intvl;
+
+ NEXT_ARG();
+ if (get_u64(&mcast_query_intvl, *argv, 0))
+ invarg("invalid mcast_query_interval",
+ *argv);
+
+ addattr64(n, 1024, IFLA_BR_MCAST_QUERY_INTVL,
+ mcast_query_intvl);
+ } else if (!matches(*argv, "mcast_query_response_interval")) {
+ __u64 mcast_query_resp_intvl;
+
+ NEXT_ARG();
+ if (get_u64(&mcast_query_resp_intvl, *argv, 0))
+ invarg("invalid mcast_query_response_interval",
+ *argv);
+
+ addattr64(n, 1024, IFLA_BR_MCAST_QUERY_RESPONSE_INTVL,
+ mcast_query_resp_intvl);
+ } else if (!matches(*argv, "mcast_startup_query_interval")) {
+ __u64 mcast_startup_query_intvl;
+
+ NEXT_ARG();
+ if (get_u64(&mcast_startup_query_intvl, *argv, 0))
+ invarg("invalid mcast_startup_query_interval",
+ *argv);
+
+ addattr64(n, 1024, IFLA_BR_MCAST_STARTUP_QUERY_INTVL,
+ mcast_startup_query_intvl);
+ } else if (matches(*argv, "mcast_stats_enabled") == 0) {
+ __u8 mcast_stats_enabled;
+
+ NEXT_ARG();
+ if (get_u8(&mcast_stats_enabled, *argv, 0))
+ invarg("invalid mcast_stats_enabled", *argv);
+ addattr8(n, 1024, IFLA_BR_MCAST_STATS_ENABLED,
+ mcast_stats_enabled);
+ } else if (matches(*argv, "mcast_igmp_version") == 0) {
+ __u8 igmp_version;
+
+ NEXT_ARG();
+ if (get_u8(&igmp_version, *argv, 0))
+ invarg("invalid mcast_igmp_version", *argv);
+ addattr8(n, 1024, IFLA_BR_MCAST_IGMP_VERSION,
+ igmp_version);
+ } else if (matches(*argv, "mcast_mld_version") == 0) {
+ __u8 mld_version;
+
+ NEXT_ARG();
+ if (get_u8(&mld_version, *argv, 0))
+ invarg("invalid mcast_mld_version", *argv);
+ addattr8(n, 1024, IFLA_BR_MCAST_MLD_VERSION,
+ mld_version);
+ } else if (matches(*argv, "nf_call_iptables") == 0) {
+ __u8 nf_call_ipt;
+
+ NEXT_ARG();
+ if (get_u8(&nf_call_ipt, *argv, 0))
+ invarg("invalid nf_call_iptables", *argv);
+
+ addattr8(n, 1024, IFLA_BR_NF_CALL_IPTABLES,
+ nf_call_ipt);
+ } else if (matches(*argv, "nf_call_ip6tables") == 0) {
+ __u8 nf_call_ip6t;
+
+ NEXT_ARG();
+ if (get_u8(&nf_call_ip6t, *argv, 0))
+ invarg("invalid nf_call_ip6tables", *argv);
+
+ addattr8(n, 1024, IFLA_BR_NF_CALL_IP6TABLES,
+ nf_call_ip6t);
+ } else if (matches(*argv, "nf_call_arptables") == 0) {
+ __u8 nf_call_arpt;
+
+ NEXT_ARG();
+ if (get_u8(&nf_call_arpt, *argv, 0))
+ invarg("invalid nf_call_arptables", *argv);
+
+ addattr8(n, 1024, IFLA_BR_NF_CALL_ARPTABLES,
+ nf_call_arpt);
} else if (matches(*argv, "help") == 0) {
explain();
return -1;
@@ -115,58 +373,449 @@
return 0;
}
+static void _bridge_print_timer(FILE *f,
+ const char *attr,
+ struct rtattr *timer)
+{
+ struct timeval tv;
+
+ __jiffies_to_tv(&tv, rta_getattr_u64(timer));
+ if (is_json_context()) {
+ json_writer_t *jw = get_json_writer();
+
+ jsonw_name(jw, attr);
+ jsonw_printf(jw, "%i.%.2i",
+ (int)tv.tv_sec,
+ (int)tv.tv_usec / 10000);
+ } else {
+ fprintf(f, "%s %4i.%.2i ", attr, (int)tv.tv_sec,
+ (int)tv.tv_usec / 10000);
+ }
+}
+
static void bridge_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
if (!tb)
return;
if (tb[IFLA_BR_FORWARD_DELAY])
- fprintf(f, "forward_delay %u ",
- rta_getattr_u32(tb[IFLA_BR_FORWARD_DELAY]));
+ print_uint(PRINT_ANY,
+ "forward_delay",
+ "forward_delay %u ",
+ rta_getattr_u32(tb[IFLA_BR_FORWARD_DELAY]));
if (tb[IFLA_BR_HELLO_TIME])
- fprintf(f, "hello_time %u ",
- rta_getattr_u32(tb[IFLA_BR_HELLO_TIME]));
+ print_uint(PRINT_ANY,
+ "hello_time",
+ "hello_time %u ",
+ rta_getattr_u32(tb[IFLA_BR_HELLO_TIME]));
if (tb[IFLA_BR_MAX_AGE])
- fprintf(f, "max_age %u ",
- rta_getattr_u32(tb[IFLA_BR_MAX_AGE]));
+ print_uint(PRINT_ANY,
+ "max_age",
+ "max_age %u ",
+ rta_getattr_u32(tb[IFLA_BR_MAX_AGE]));
if (tb[IFLA_BR_AGEING_TIME])
- fprintf(f, "ageing_time %u ",
- rta_getattr_u32(tb[IFLA_BR_AGEING_TIME]));
+ print_uint(PRINT_ANY,
+ "ageing_time",
+ "ageing_time %u ",
+ rta_getattr_u32(tb[IFLA_BR_AGEING_TIME]));
if (tb[IFLA_BR_STP_STATE])
- fprintf(f, "stp_state %u ",
- rta_getattr_u32(tb[IFLA_BR_STP_STATE]));
+ print_uint(PRINT_ANY,
+ "stp_state",
+ "stp_state %u ",
+ rta_getattr_u32(tb[IFLA_BR_STP_STATE]));
if (tb[IFLA_BR_PRIORITY])
- fprintf(f, "priority %u ",
- rta_getattr_u16(tb[IFLA_BR_PRIORITY]));
+ print_uint(PRINT_ANY,
+ "priority",
+ "priority %u ",
+ rta_getattr_u16(tb[IFLA_BR_PRIORITY]));
if (tb[IFLA_BR_VLAN_FILTERING])
- fprintf(f, "vlan_filtering %u ",
- rta_getattr_u8(tb[IFLA_BR_VLAN_FILTERING]));
+ print_uint(PRINT_ANY,
+ "vlan_filtering",
+ "vlan_filtering %u ",
+ rta_getattr_u8(tb[IFLA_BR_VLAN_FILTERING]));
if (tb[IFLA_BR_VLAN_PROTOCOL]) {
SPRINT_BUF(b1);
- fprintf(f, "vlan_protocol %s ",
- ll_proto_n2a(rta_getattr_u16(tb[IFLA_BR_VLAN_PROTOCOL]),
- b1, sizeof(b1)));
+ print_string(PRINT_ANY,
+ "vlan_protocol",
+ "vlan_protocol %s ",
+ ll_proto_n2a(rta_getattr_u16(tb[IFLA_BR_VLAN_PROTOCOL]),
+ b1, sizeof(b1)));
}
+
+ if (tb[IFLA_BR_BRIDGE_ID]) {
+ char bridge_id[32];
+
+ br_dump_bridge_id(RTA_DATA(tb[IFLA_BR_BRIDGE_ID]), bridge_id,
+ sizeof(bridge_id));
+ print_string(PRINT_ANY,
+ "bridge_id",
+ "bridge_id %s ",
+ bridge_id);
+ }
+
+ if (tb[IFLA_BR_ROOT_ID]) {
+ char root_id[32];
+
+ br_dump_bridge_id(RTA_DATA(tb[IFLA_BR_BRIDGE_ID]), root_id,
+ sizeof(root_id));
+ print_string(PRINT_ANY,
+ "root_id",
+ "designated_root %s ",
+ root_id);
+ }
+
+ if (tb[IFLA_BR_ROOT_PORT])
+ print_uint(PRINT_ANY,
+ "root_port",
+ "root_port %u ",
+ rta_getattr_u16(tb[IFLA_BR_ROOT_PORT]));
+
+ if (tb[IFLA_BR_ROOT_PATH_COST])
+ print_uint(PRINT_ANY,
+ "root_path_cost",
+ "root_path_cost %u ",
+ rta_getattr_u32(tb[IFLA_BR_ROOT_PATH_COST]));
+
+ if (tb[IFLA_BR_TOPOLOGY_CHANGE])
+ print_uint(PRINT_ANY,
+ "topology_change",
+ "topology_change %u ",
+ rta_getattr_u8(tb[IFLA_BR_TOPOLOGY_CHANGE]));
+
+ if (tb[IFLA_BR_TOPOLOGY_CHANGE_DETECTED])
+ print_uint(PRINT_ANY,
+ "topology_change_detected",
+ "topology_change_detected %u ",
+ rta_getattr_u8(tb[IFLA_BR_TOPOLOGY_CHANGE_DETECTED]));
+
+ if (tb[IFLA_BR_HELLO_TIMER])
+ _bridge_print_timer(f, "hello_timer", tb[IFLA_BR_HELLO_TIMER]);
+
+ if (tb[IFLA_BR_TCN_TIMER])
+ _bridge_print_timer(f, "tcn_timer", tb[IFLA_BR_TCN_TIMER]);
+
+ if (tb[IFLA_BR_TOPOLOGY_CHANGE_TIMER])
+ _bridge_print_timer(f, "topology_change_timer",
+ tb[IFLA_BR_TOPOLOGY_CHANGE_TIMER]);
+
+ if (tb[IFLA_BR_GC_TIMER])
+ _bridge_print_timer(f, "gc_timer", tb[IFLA_BR_GC_TIMER]);
+
+ if (tb[IFLA_BR_VLAN_DEFAULT_PVID])
+ print_uint(PRINT_ANY,
+ "vlan_default_pvid",
+ "vlan_default_pvid %u ",
+ rta_getattr_u16(tb[IFLA_BR_VLAN_DEFAULT_PVID]));
+
+ if (tb[IFLA_BR_VLAN_STATS_ENABLED])
+ print_uint(PRINT_ANY,
+ "vlan_stats_enabled",
+ "vlan_stats_enabled %u ",
+ rta_getattr_u8(tb[IFLA_BR_VLAN_STATS_ENABLED]));
+
+ if (tb[IFLA_BR_GROUP_FWD_MASK])
+ print_0xhex(PRINT_ANY,
+ "group_fwd_mask",
+ "group_fwd_mask %#x ",
+ rta_getattr_u16(tb[IFLA_BR_GROUP_FWD_MASK]));
+
+ if (tb[IFLA_BR_GROUP_ADDR]) {
+ SPRINT_BUF(mac);
+
+ print_string(PRINT_ANY,
+ "group_addr",
+ "group_address %s ",
+ ll_addr_n2a(RTA_DATA(tb[IFLA_BR_GROUP_ADDR]),
+ RTA_PAYLOAD(tb[IFLA_BR_GROUP_ADDR]),
+ 1 /*ARPHDR_ETHER*/, mac, sizeof(mac)));
+ }
+
+ if (tb[IFLA_BR_MCAST_SNOOPING])
+ print_uint(PRINT_ANY,
+ "mcast_snooping",
+ "mcast_snooping %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_SNOOPING]));
+
+ if (tb[IFLA_BR_MCAST_ROUTER])
+ print_uint(PRINT_ANY,
+ "mcast_router",
+ "mcast_router %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_ROUTER]));
+
+ if (tb[IFLA_BR_MCAST_QUERY_USE_IFADDR])
+ print_uint(PRINT_ANY,
+ "mcast_query_use_ifaddr",
+ "mcast_query_use_ifaddr %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_QUERY_USE_IFADDR]));
+
+ if (tb[IFLA_BR_MCAST_QUERIER])
+ print_uint(PRINT_ANY,
+ "mcast_querier",
+ "mcast_querier %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_QUERIER]));
+
+ if (tb[IFLA_BR_MCAST_HASH_ELASTICITY])
+ print_uint(PRINT_ANY,
+ "mcast_hash_elasticity",
+ "mcast_hash_elasticity %u ",
+ rta_getattr_u32(tb[IFLA_BR_MCAST_HASH_ELASTICITY]));
+
+ if (tb[IFLA_BR_MCAST_HASH_MAX])
+ print_uint(PRINT_ANY,
+ "mcast_hash_max",
+ "mcast_hash_max %u ",
+ rta_getattr_u32(tb[IFLA_BR_MCAST_HASH_MAX]));
+
+ if (tb[IFLA_BR_MCAST_LAST_MEMBER_CNT])
+ print_uint(PRINT_ANY,
+ "mcast_last_member_cnt",
+ "mcast_last_member_count %u ",
+ rta_getattr_u32(tb[IFLA_BR_MCAST_LAST_MEMBER_CNT]));
+
+ if (tb[IFLA_BR_MCAST_STARTUP_QUERY_CNT])
+ print_uint(PRINT_ANY,
+ "mcast_startup_query_cnt",
+ "mcast_startup_query_count %u ",
+ rta_getattr_u32(tb[IFLA_BR_MCAST_STARTUP_QUERY_CNT]));
+
+ if (tb[IFLA_BR_MCAST_LAST_MEMBER_INTVL])
+ print_lluint(PRINT_ANY,
+ "mcast_last_member_intvl",
+ "mcast_last_member_interval %llu ",
+ rta_getattr_u64(tb[IFLA_BR_MCAST_LAST_MEMBER_INTVL]));
+
+ if (tb[IFLA_BR_MCAST_MEMBERSHIP_INTVL])
+ print_lluint(PRINT_ANY,
+ "mcast_membership_intvl",
+ "mcast_membership_interval %llu ",
+ rta_getattr_u64(tb[IFLA_BR_MCAST_MEMBERSHIP_INTVL]));
+
+ if (tb[IFLA_BR_MCAST_QUERIER_INTVL])
+ print_lluint(PRINT_ANY,
+ "mcast_querier_intvl",
+ "mcast_querier_interval %llu ",
+ rta_getattr_u64(tb[IFLA_BR_MCAST_QUERIER_INTVL]));
+
+ if (tb[IFLA_BR_MCAST_QUERY_INTVL])
+ print_lluint(PRINT_ANY,
+ "mcast_query_intvl",
+ "mcast_query_interval %llu ",
+ rta_getattr_u64(tb[IFLA_BR_MCAST_QUERY_INTVL]));
+
+ if (tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL])
+ print_lluint(PRINT_ANY,
+ "mcast_query_response_intvl",
+ "mcast_query_response_interval %llu ",
+ rta_getattr_u64(tb[IFLA_BR_MCAST_QUERY_RESPONSE_INTVL]));
+
+ if (tb[IFLA_BR_MCAST_STARTUP_QUERY_INTVL])
+ print_lluint(PRINT_ANY,
+ "mcast_startup_query_intvl",
+ "mcast_startup_query_interval %llu ",
+ rta_getattr_u64(tb[IFLA_BR_MCAST_STARTUP_QUERY_INTVL]));
+
+ if (tb[IFLA_BR_MCAST_STATS_ENABLED])
+ print_uint(PRINT_ANY,
+ "mcast_stats_enabled",
+ "mcast_stats_enabled %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_STATS_ENABLED]));
+
+ if (tb[IFLA_BR_MCAST_IGMP_VERSION])
+ print_uint(PRINT_ANY,
+ "mcast_igmp_version",
+ "mcast_igmp_version %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_IGMP_VERSION]));
+
+ if (tb[IFLA_BR_MCAST_MLD_VERSION])
+ print_uint(PRINT_ANY,
+ "mcast_mld_version",
+ "mcast_mld_version %u ",
+ rta_getattr_u8(tb[IFLA_BR_MCAST_MLD_VERSION]));
+
+ if (tb[IFLA_BR_NF_CALL_IPTABLES])
+ print_uint(PRINT_ANY,
+ "nf_call_iptables",
+ "nf_call_iptables %u ",
+ rta_getattr_u8(tb[IFLA_BR_NF_CALL_IPTABLES]));
+
+ if (tb[IFLA_BR_NF_CALL_IP6TABLES])
+ print_uint(PRINT_ANY,
+ "nf_call_ip6tables",
+ "nf_call_ip6tables %u ",
+ rta_getattr_u8(tb[IFLA_BR_NF_CALL_IP6TABLES]));
+
+ if (tb[IFLA_BR_NF_CALL_ARPTABLES])
+ print_uint(PRINT_ANY,
+ "nf_call_arptables",
+ "nf_call_arptables %u ",
+ rta_getattr_u8(tb[IFLA_BR_NF_CALL_ARPTABLES]));
}
static void bridge_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_explain(f);
}
+static void bridge_print_xstats_help(struct link_util *lu, FILE *f)
+{
+ fprintf(f, "Usage: ... %s [ igmp ] [ dev DEVICE ]\n", lu->id);
+}
+
+static void bridge_print_stats_attr(FILE *f, struct rtattr *attr, int ifindex)
+{
+ struct rtattr *brtb[LINK_XSTATS_TYPE_MAX+1];
+ struct br_mcast_stats *mstats;
+ struct rtattr *i, *list;
+ const char *ifname = "";
+ int rem;
+
+ parse_rtattr(brtb, LINK_XSTATS_TYPE_MAX, RTA_DATA(attr),
+ RTA_PAYLOAD(attr));
+ if (!brtb[LINK_XSTATS_TYPE_BRIDGE])
+ return;
+
+ list = brtb[LINK_XSTATS_TYPE_BRIDGE];
+ rem = RTA_PAYLOAD(list);
+ for (i = RTA_DATA(list); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ if (xstats_print_attr && i->rta_type != xstats_print_attr)
+ continue;
+ switch (i->rta_type) {
+ case BRIDGE_XSTATS_MCAST:
+ mstats = RTA_DATA(i);
+ ifname = ll_index_to_name(ifindex);
+ fprintf(f, "%-16s\n", ifname);
+ fprintf(f, "%-16s IGMP queries:\n", "");
+ fprintf(f, "%-16s RX: v1 %llu v2 %llu v3 %llu\n",
+ "",
+ mstats->igmp_v1queries[BR_MCAST_DIR_RX],
+ mstats->igmp_v2queries[BR_MCAST_DIR_RX],
+ mstats->igmp_v3queries[BR_MCAST_DIR_RX]);
+ fprintf(f, "%-16s TX: v1 %llu v2 %llu v3 %llu\n",
+ "",
+ mstats->igmp_v1queries[BR_MCAST_DIR_TX],
+ mstats->igmp_v2queries[BR_MCAST_DIR_TX],
+ mstats->igmp_v3queries[BR_MCAST_DIR_TX]);
+
+ fprintf(f, "%-16s IGMP reports:\n", "");
+ fprintf(f, "%-16s RX: v1 %llu v2 %llu v3 %llu\n",
+ "",
+ mstats->igmp_v1reports[BR_MCAST_DIR_RX],
+ mstats->igmp_v2reports[BR_MCAST_DIR_RX],
+ mstats->igmp_v3reports[BR_MCAST_DIR_RX]);
+ fprintf(f, "%-16s TX: v1 %llu v2 %llu v3 %llu\n",
+ "",
+ mstats->igmp_v1reports[BR_MCAST_DIR_TX],
+ mstats->igmp_v2reports[BR_MCAST_DIR_TX],
+ mstats->igmp_v3reports[BR_MCAST_DIR_TX]);
+
+ fprintf(f, "%-16s IGMP leaves: RX: %llu TX: %llu\n",
+ "",
+ mstats->igmp_leaves[BR_MCAST_DIR_RX],
+ mstats->igmp_leaves[BR_MCAST_DIR_TX]);
+
+ fprintf(f, "%-16s IGMP parse errors: %llu\n",
+ "", mstats->igmp_parse_errors);
+
+ fprintf(f, "%-16s MLD queries:\n", "");
+ fprintf(f, "%-16s RX: v1 %llu v2 %llu\n",
+ "",
+ mstats->mld_v1queries[BR_MCAST_DIR_RX],
+ mstats->mld_v2queries[BR_MCAST_DIR_RX]);
+ fprintf(f, "%-16s TX: v1 %llu v2 %llu\n",
+ "",
+ mstats->mld_v1queries[BR_MCAST_DIR_TX],
+ mstats->mld_v2queries[BR_MCAST_DIR_TX]);
+
+ fprintf(f, "%-16s MLD reports:\n", "");
+ fprintf(f, "%-16s RX: v1 %llu v2 %llu\n",
+ "",
+ mstats->mld_v1reports[BR_MCAST_DIR_RX],
+ mstats->mld_v2reports[BR_MCAST_DIR_RX]);
+ fprintf(f, "%-16s TX: v1 %llu v2 %llu\n",
+ "",
+ mstats->mld_v1reports[BR_MCAST_DIR_TX],
+ mstats->mld_v2reports[BR_MCAST_DIR_TX]);
+
+ fprintf(f, "%-16s MLD leaves: RX: %llu TX: %llu\n",
+ "",
+ mstats->mld_leaves[BR_MCAST_DIR_RX],
+ mstats->mld_leaves[BR_MCAST_DIR_TX]);
+
+ fprintf(f, "%-16s MLD parse errors: %llu\n",
+ "", mstats->mld_parse_errors);
+ break;
+ }
+ }
+}
+
+int bridge_print_xstats(const struct sockaddr_nl *who,
+ struct nlmsghdr *n, void *arg)
+{
+ struct if_stats_msg *ifsm = NLMSG_DATA(n);
+ struct rtattr *tb[IFLA_STATS_MAX+1];
+ int len = n->nlmsg_len;
+ FILE *fp = arg;
+
+ len -= NLMSG_LENGTH(sizeof(*ifsm));
+ if (len < 0) {
+ fprintf(stderr, "BUG: wrong nlmsg len %d\n", len);
+ return -1;
+ }
+ if (filter_index && filter_index != ifsm->ifindex)
+ return 0;
+
+ parse_rtattr(tb, IFLA_STATS_MAX, IFLA_STATS_RTA(ifsm), len);
+ if (tb[IFLA_STATS_LINK_XSTATS])
+ bridge_print_stats_attr(fp, tb[IFLA_STATS_LINK_XSTATS],
+ ifsm->ifindex);
+
+ if (tb[IFLA_STATS_LINK_XSTATS_SLAVE])
+ bridge_print_stats_attr(fp, tb[IFLA_STATS_LINK_XSTATS_SLAVE],
+ ifsm->ifindex);
+
+ return 0;
+}
+
+int bridge_parse_xstats(struct link_util *lu, int argc, char **argv)
+{
+ while (argc > 0) {
+ if (strcmp(*argv, "igmp") == 0 || strcmp(*argv, "mcast") == 0) {
+ xstats_print_attr = BRIDGE_XSTATS_MCAST;
+ } else if (strcmp(*argv, "dev") == 0) {
+ NEXT_ARG();
+ filter_index = if_nametoindex(*argv);
+ if (filter_index == 0) {
+ fprintf(stderr, "Cannot find device \"%s\"\n",
+ *argv);
+ return -1;
+ }
+ } else if (strcmp(*argv, "help") == 0) {
+ bridge_print_xstats_help(lu, stdout);
+ exit(0);
+ } else {
+ invarg("unknown attribute", *argv);
+ }
+ argc--; argv++;
+ }
+
+ return 0;
+}
+
struct link_util bridge_link_util = {
.id = "bridge",
.maxattr = IFLA_BR_MAX,
.parse_opt = bridge_parse_opt,
.print_opt = bridge_print_opt,
.print_help = bridge_print_help,
+ .parse_ifla_xstats = bridge_parse_xstats,
+ .print_ifla_xstats = bridge_print_xstats,
};
diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c
index 4593872..80272b0 100644
--- a/ip/iplink_bridge_slave.c
+++ b/ip/iplink_bridge_slave.c
@@ -22,13 +22,21 @@
static void print_explain(FILE *f)
{
fprintf(f,
- "Usage: ... bridge_slave [ state STATE ] [ priority PRIO ] [cost COST ]\n"
+ "Usage: ... bridge_slave [ fdb_flush ]\n"
+ " [ state STATE ]\n"
+ " [ priority PRIO ]\n"
+ " [ cost COST ]\n"
" [ guard {on | off} ]\n"
- " [ hairpin {on | off} ] \n"
+ " [ hairpin {on | off} ]\n"
" [ fastleave {on | off} ]\n"
" [ root_block {on | off} ]\n"
" [ learning {on | off} ]\n"
" [ flood {on | off} ]\n"
+ " [ proxy_arp {on | off} ]\n"
+ " [ proxy_arp_wifi {on | off} ]\n"
+ " [ mcast_router MULTICAST_ROUTER ]\n"
+ " [ mcast_fast_leave {on | off} ]\n"
+ " [ mcast_flood {on | off} ]\n"
);
}
@@ -48,14 +56,52 @@
static void print_portstate(FILE *f, __u8 state)
{
if (state <= BR_STATE_BLOCKING)
- fprintf(f, "state %s ", port_states[state]);
+ print_string(PRINT_ANY,
+ "state",
+ "state %s ",
+ port_states[state]);
else
- fprintf(f, "state (%d) ", state);
+ print_int(PRINT_ANY, "state_index", "state (%d) ", state);
}
-static void print_onoff(FILE *f, char *flag, __u8 val)
+static void _print_onoff(FILE *f, char *json_flag, char *flag, __u8 val)
{
- fprintf(f, "%s %s ", flag, val ? "on" : "off");
+ if (is_json_context())
+ print_bool(PRINT_JSON, flag, NULL, val);
+ else
+ fprintf(f, "%s %s ", flag, val ? "on" : "off");
+}
+
+static void _print_hex(FILE *f,
+ const char *json_attr,
+ const char *attr,
+ __u16 val)
+{
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%x", val);
+ print_string(PRINT_JSON, json_attr, NULL, b1);
+ } else {
+ fprintf(f, "%s 0x%x ", attr, val);
+ }
+}
+
+static void _print_timer(FILE *f, const char *attr, struct rtattr *timer)
+{
+ struct timeval tv;
+
+ __jiffies_to_tv(&tv, rta_getattr_u64(timer));
+ if (is_json_context()) {
+ json_writer_t *jw = get_json_writer();
+
+ jsonw_name(jw, attr);
+ jsonw_printf(jw, "%i.%.2i",
+ (int)tv.tv_sec, (int)tv.tv_usec / 10000);
+ } else {
+ fprintf(f, "%s %4i.%.2i ", attr, (int)tv.tv_sec,
+ (int)tv.tv_usec / 10000);
+ }
}
static void bridge_slave_print_opt(struct link_util *lu, FILE *f,
@@ -68,36 +114,130 @@
print_portstate(f, rta_getattr_u8(tb[IFLA_BRPORT_STATE]));
if (tb[IFLA_BRPORT_PRIORITY])
- fprintf(f, "priority %d ",
- rta_getattr_u16(tb[IFLA_BRPORT_PRIORITY]));
+ print_int(PRINT_ANY,
+ "priority",
+ "priority %d ",
+ rta_getattr_u16(tb[IFLA_BRPORT_PRIORITY]));
if (tb[IFLA_BRPORT_COST])
- fprintf(f, "cost %d ",
- rta_getattr_u32(tb[IFLA_BRPORT_COST]));
+ print_int(PRINT_ANY,
+ "cost",
+ "cost %d ",
+ rta_getattr_u32(tb[IFLA_BRPORT_COST]));
if (tb[IFLA_BRPORT_MODE])
- print_onoff(f, "hairpin",
- rta_getattr_u8(tb[IFLA_BRPORT_MODE]));
+ _print_onoff(f, "mode", "hairpin",
+ rta_getattr_u8(tb[IFLA_BRPORT_MODE]));
if (tb[IFLA_BRPORT_GUARD])
- print_onoff(f, "guard",
- rta_getattr_u8(tb[IFLA_BRPORT_GUARD]));
+ _print_onoff(f, "guard", "guard",
+ rta_getattr_u8(tb[IFLA_BRPORT_GUARD]));
if (tb[IFLA_BRPORT_PROTECT])
- print_onoff(f, "root_block",
- rta_getattr_u8(tb[IFLA_BRPORT_PROTECT]));
+ _print_onoff(f, "protect", "root_block",
+ rta_getattr_u8(tb[IFLA_BRPORT_PROTECT]));
if (tb[IFLA_BRPORT_FAST_LEAVE])
- print_onoff(f, "fastleave",
- rta_getattr_u8(tb[IFLA_BRPORT_FAST_LEAVE]));
+ _print_onoff(f, "fast_leave", "fastleave",
+ rta_getattr_u8(tb[IFLA_BRPORT_FAST_LEAVE]));
if (tb[IFLA_BRPORT_LEARNING])
- print_onoff(f, "learning",
- rta_getattr_u8(tb[IFLA_BRPORT_LEARNING]));
+ _print_onoff(f, "learning", "learning",
+ rta_getattr_u8(tb[IFLA_BRPORT_LEARNING]));
if (tb[IFLA_BRPORT_UNICAST_FLOOD])
- print_onoff(f, "flood",
- rta_getattr_u8(tb[IFLA_BRPORT_UNICAST_FLOOD]));
+ _print_onoff(f, "unicast_flood", "flood",
+ rta_getattr_u8(tb[IFLA_BRPORT_UNICAST_FLOOD]));
+
+ if (tb[IFLA_BRPORT_ID])
+ _print_hex(f, "id", "port_id",
+ rta_getattr_u16(tb[IFLA_BRPORT_ID]));
+
+ if (tb[IFLA_BRPORT_NO])
+ _print_hex(f, "no", "port_no",
+ rta_getattr_u16(tb[IFLA_BRPORT_NO]));
+
+ if (tb[IFLA_BRPORT_DESIGNATED_PORT])
+ print_uint(PRINT_ANY,
+ "designated_port",
+ "designated_port %u ",
+ rta_getattr_u16(tb[IFLA_BRPORT_DESIGNATED_PORT]));
+
+ if (tb[IFLA_BRPORT_DESIGNATED_COST])
+ print_uint(PRINT_ANY,
+ "designated_cost",
+ "designated_cost %u ",
+ rta_getattr_u16(tb[IFLA_BRPORT_DESIGNATED_COST]));
+
+ if (tb[IFLA_BRPORT_BRIDGE_ID]) {
+ char bridge_id[32];
+
+ br_dump_bridge_id(RTA_DATA(tb[IFLA_BRPORT_BRIDGE_ID]),
+ bridge_id, sizeof(bridge_id));
+ print_string(PRINT_ANY,
+ "bridge_id",
+ "designated_bridge %s ",
+ bridge_id);
+ }
+
+ if (tb[IFLA_BRPORT_ROOT_ID]) {
+ char root_id[32];
+
+ br_dump_bridge_id(RTA_DATA(tb[IFLA_BRPORT_ROOT_ID]),
+ root_id, sizeof(root_id));
+ print_string(PRINT_ANY,
+ "root_id",
+ "designated_root %s ", root_id);
+ }
+
+ if (tb[IFLA_BRPORT_HOLD_TIMER])
+ _print_timer(f, "hold_timer", tb[IFLA_BRPORT_HOLD_TIMER]);
+
+ if (tb[IFLA_BRPORT_MESSAGE_AGE_TIMER])
+ _print_timer(f, "message_age_timer",
+ tb[IFLA_BRPORT_MESSAGE_AGE_TIMER]);
+
+ if (tb[IFLA_BRPORT_FORWARD_DELAY_TIMER])
+ _print_timer(f, "forward_delay_timer",
+ tb[IFLA_BRPORT_FORWARD_DELAY_TIMER]);
+
+ if (tb[IFLA_BRPORT_TOPOLOGY_CHANGE_ACK])
+ print_uint(PRINT_ANY,
+ "topology_change_ack",
+ "topology_change_ack %u ",
+ rta_getattr_u8(tb[IFLA_BRPORT_TOPOLOGY_CHANGE_ACK]));
+
+ if (tb[IFLA_BRPORT_CONFIG_PENDING])
+ print_uint(PRINT_ANY,
+ "config_pending",
+ "config_pending %u ",
+ rta_getattr_u8(tb[IFLA_BRPORT_CONFIG_PENDING]));
+
+ if (tb[IFLA_BRPORT_PROXYARP])
+ _print_onoff(f, "proxyarp", "proxy_arp",
+ rta_getattr_u8(tb[IFLA_BRPORT_PROXYARP]));
+
+ if (tb[IFLA_BRPORT_PROXYARP_WIFI])
+ _print_onoff(f, "proxyarp_wifi", "proxy_arp_wifi",
+ rta_getattr_u8(tb[IFLA_BRPORT_PROXYARP_WIFI]));
+
+ if (tb[IFLA_BRPORT_MULTICAST_ROUTER])
+ print_uint(PRINT_ANY,
+ "multicast_router",
+ "mcast_router %u ",
+ rta_getattr_u8(tb[IFLA_BRPORT_MULTICAST_ROUTER]));
+
+ if (tb[IFLA_BRPORT_FAST_LEAVE])
+ // not printing any json here because
+ // we already printed fast_leave before
+ print_string(PRINT_FP,
+ NULL,
+ "mcast_fast_leave %s ",
+ rta_getattr_u8(tb[IFLA_BRPORT_FAST_LEAVE]) ? "on" : "off");
+
+ if (tb[IFLA_BRPORT_MCAST_FLOOD])
+ _print_onoff(f, "mcast_flood", "mcast_flood",
+ rta_getattr_u8(tb[IFLA_BRPORT_MCAST_FLOOD]));
}
static void bridge_slave_parse_on_off(char *arg_name, char *arg_val,
@@ -123,7 +263,9 @@
__u32 cost;
while (argc > 0) {
- if (matches(*argv, "state") == 0) {
+ if (matches(*argv, "fdb_flush") == 0) {
+ addattr(n, 1024, IFLA_BRPORT_FLUSH);
+ } else if (matches(*argv, "state") == 0) {
NEXT_ARG();
if (get_u8(&state, *argv, 0))
invarg("state is invalid", *argv);
@@ -162,6 +304,30 @@
NEXT_ARG();
bridge_slave_parse_on_off("flood", *argv, n,
IFLA_BRPORT_UNICAST_FLOOD);
+ } else if (matches(*argv, "mcast_flood") == 0) {
+ NEXT_ARG();
+ bridge_slave_parse_on_off("mcast_flood", *argv, n,
+ IFLA_BRPORT_MCAST_FLOOD);
+ } else if (matches(*argv, "proxy_arp") == 0) {
+ NEXT_ARG();
+ bridge_slave_parse_on_off("proxy_arp", *argv, n,
+ IFLA_BRPORT_PROXYARP);
+ } else if (matches(*argv, "proxy_arp_wifi") == 0) {
+ NEXT_ARG();
+ bridge_slave_parse_on_off("proxy_arp_wifi", *argv, n,
+ IFLA_BRPORT_PROXYARP_WIFI);
+ } else if (matches(*argv, "mcast_router") == 0) {
+ __u8 mcast_router;
+
+ NEXT_ARG();
+ if (get_u8(&mcast_router, *argv, 0))
+ invarg("invalid mcast_router", *argv);
+ addattr8(n, 1024, IFLA_BRPORT_MULTICAST_ROUTER,
+ mcast_router);
+ } else if (matches(*argv, "mcast_fast_leave") == 0) {
+ NEXT_ARG();
+ bridge_slave_parse_on_off("mcast_fast_leave", *argv, n,
+ IFLA_BRPORT_FAST_LEAVE);
} else if (matches(*argv, "help") == 0) {
explain();
return -1;
@@ -184,10 +350,11 @@
}
struct link_util bridge_slave_link_util = {
- .id = "bridge",
+ .id = "bridge_slave",
.maxattr = IFLA_BRPORT_MAX,
.print_opt = bridge_slave_print_opt,
.parse_opt = bridge_slave_parse_opt,
.print_help = bridge_slave_print_help,
- .slave = true,
+ .parse_ifla_xstats = bridge_parse_xstats,
+ .print_ifla_xstats = bridge_print_xstats,
};
diff --git a/ip/iplink_can.c b/ip/iplink_can.c
index f1b089d..587413d 100644
--- a/ip/iplink_can.c
+++ b/ip/iplink_can.c
@@ -23,13 +23,11 @@
{
fprintf(f,
"Usage: ip link set DEVICE type can\n"
- "\t[ bitrate BITRATE [ sample-point SAMPLE-POINT] ] | \n"
- "\t[ tq TQ prop-seg PROP_SEG phase-seg1 PHASE-SEG1\n "
- "\t phase-seg2 PHASE-SEG2 [ sjw SJW ] ]\n"
+ "\t[ bitrate BITRATE [ sample-point SAMPLE-POINT] ] |\n"
+ "\t[ tq TQ prop-seg PROP_SEG phase-seg1 PHASE-SEG1\n \t phase-seg2 PHASE-SEG2 [ sjw SJW ] ]\n"
"\n"
- "\t[ dbitrate BITRATE [ dsample-point SAMPLE-POINT] ] | \n"
- "\t[ dtq TQ dprop-seg PROP_SEG dphase-seg1 PHASE-SEG1\n "
- "\t dphase-seg2 PHASE-SEG2 [ dsjw SJW ] ]\n"
+ "\t[ dbitrate BITRATE [ dsample-point SAMPLE-POINT] ] |\n"
+ "\t[ dtq TQ dprop-seg PROP_SEG dphase-seg1 PHASE-SEG1\n \t dphase-seg2 PHASE-SEG2 [ dsjw SJW ] ]\n"
"\n"
"\t[ loopback { on | off } ]\n"
"\t[ listen-only { on | off } ]\n"
@@ -43,6 +41,8 @@
"\t[ restart-ms TIME-MS ]\n"
"\t[ restart ]\n"
"\n"
+ "\t[ termination { 0..65535 } ]\n"
+ "\n"
"\tWhere: BITRATE := { 1..1000000 }\n"
"\t SAMPLE-POINT := { 0.000..0.999 }\n"
"\t TQ := { NUMBER }\n"
@@ -73,7 +73,7 @@
return 0;
}
-static void set_ctrlmode(char* name, char *arg,
+static void set_ctrlmode(char *name, char *arg,
struct can_ctrlmode *cm, __u32 flags)
{
if (strcmp(arg, "on") == 0) {
@@ -89,11 +89,11 @@
static void print_ctrlmode(FILE *f, __u32 cm)
{
- fprintf(f, "<");
-#define _PF(cmflag, cmname) \
- if (cm & cmflag) { \
- cm &= ~cmflag; \
- fprintf(f, "%s%s", cmname, cm ? "," : ""); \
+ open_json_array(PRINT_ANY, is_json_context() ? "ctrlmode" : "<");
+#define _PF(cmflag, cmname) \
+ if (cm & cmflag) { \
+ cm &= ~cmflag; \
+ print_string(PRINT_ANY, NULL, cm ? "%s," : "%s", cmname); \
}
_PF(CAN_CTRLMODE_LOOPBACK, "LOOPBACK");
_PF(CAN_CTRLMODE_LISTENONLY, "LISTEN-ONLY");
@@ -105,18 +105,16 @@
_PF(CAN_CTRLMODE_PRESUME_ACK, "PRESUME-ACK");
#undef _PF
if (cm)
- fprintf(f, "%x", cm);
- fprintf(f, "> ");
+ print_hex(PRINT_ANY, NULL, "%x", cm);
+ close_json_array(PRINT_ANY, "> ");
}
static int can_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
- struct can_bittiming bt, dbt;
+ struct can_bittiming bt = {}, dbt = {};
struct can_ctrlmode cm = {0, 0};
- memset(&bt, 0, sizeof(bt));
- memset(&dbt, 0, sizeof(dbt));
while (argc > 0) {
if (matches(*argv, "bitrate") == 0) {
NEXT_ARG();
@@ -224,6 +222,14 @@
if (get_u32(&val, *argv, 0))
invarg("invalid \"restart-ms\" value\n", *argv);
addattr32(n, 1024, IFLA_CAN_RESTART_MS, val);
+ } else if (matches(*argv, "termination") == 0) {
+ __u16 val;
+
+ NEXT_ARG();
+ if (get_u16(&val, *argv, 0))
+ invarg("invalid \"termination\" value\n",
+ *argv);
+ addattr16(n, 1024, IFLA_CAN_TERMINATION, val);
} else if (matches(*argv, "help") == 0) {
usage();
return -1;
@@ -245,7 +251,7 @@
return 0;
}
-static const char *can_state_names[] = {
+static const char *can_state_names[CAN_STATE_MAX] = {
[CAN_STATE_ERROR_ACTIVE] = "ERROR-ACTIVE",
[CAN_STATE_ERROR_WARNING] = "ERROR-WARNING",
[CAN_STATE_ERROR_PASSIVE] = "ERROR-PASSIVE",
@@ -254,6 +260,14 @@
[CAN_STATE_SLEEPING] = "SLEEPING"
};
+static void can_print_json_timing_min_max(const char *attr, int min, int max)
+{
+ open_json_object(attr);
+ print_int(PRINT_JSON, "min", NULL, min);
+ print_int(PRINT_JSON, "max", NULL, max);
+ close_json_object();
+}
+
static void can_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
if (!tb)
@@ -267,79 +281,267 @@
}
if (tb[IFLA_CAN_STATE]) {
- int *state = RTA_DATA(tb[IFLA_CAN_STATE]);
+ uint32_t state = rta_getattr_u32(tb[IFLA_CAN_STATE]);
- fprintf(f, "state %s ", *state <= CAN_STATE_MAX ?
- can_state_names[*state] : "UNKNOWN");
+ fprintf(f, "state %s ", state < CAN_STATE_MAX ?
+ can_state_names[state] : "UNKNOWN");
}
if (tb[IFLA_CAN_BERR_COUNTER]) {
struct can_berr_counter *bc =
RTA_DATA(tb[IFLA_CAN_BERR_COUNTER]);
- fprintf(f, "(berr-counter tx %d rx %d) ", bc->txerr, bc->rxerr);
+ if (is_json_context()) {
+ open_json_object("berr_counter");
+ print_int(PRINT_JSON, "tx", NULL, bc->txerr);
+ print_int(PRINT_JSON, "rx", NULL, bc->rxerr);
+ close_json_object();
+ } else {
+ fprintf(f, "(berr-counter tx %d rx %d) ",
+ bc->txerr, bc->rxerr);
+ }
}
if (tb[IFLA_CAN_RESTART_MS]) {
__u32 *restart_ms = RTA_DATA(tb[IFLA_CAN_RESTART_MS]);
- fprintf(f, "restart-ms %d ", *restart_ms);
+ print_int(PRINT_ANY,
+ "restart_ms",
+ "restart-ms %d ",
+ *restart_ms);
}
- if (tb[IFLA_CAN_BITTIMING]) {
+ /* bittiming is irrelevant if fixed bitrate is defined */
+ if (tb[IFLA_CAN_BITTIMING] && !tb[IFLA_CAN_BITRATE_CONST]) {
struct can_bittiming *bt = RTA_DATA(tb[IFLA_CAN_BITTIMING]);
- fprintf(f, "\n "
- "bitrate %d sample-point %.3f ",
- bt->bitrate, (float)bt->sample_point / 1000.);
- fprintf(f, "\n "
- "tq %d prop-seg %d phase-seg1 %d phase-seg2 %d sjw %d",
- bt->tq, bt->prop_seg, bt->phase_seg1, bt->phase_seg2,
- bt->sjw);
+ if (is_json_context()) {
+ open_json_object("bittiming");
+ print_int(PRINT_ANY, "bitrate", NULL, bt->bitrate);
+ jsonw_float_field_fmt(get_json_writer(),
+ "sample_point", "%.3f",
+ (float) bt->sample_point / 1000.);
+ print_int(PRINT_ANY, "tq", NULL, bt->tq);
+ print_int(PRINT_ANY, "prop_seg", NULL, bt->prop_seg);
+ print_int(PRINT_ANY, "phase_seg1",
+ NULL, bt->phase_seg1);
+ print_int(PRINT_ANY, "phase_seg2",
+ NULL, bt->phase_seg2);
+ print_int(PRINT_ANY, "sjw", NULL, bt->sjw);
+ close_json_object();
+ } else {
+ fprintf(f, "\n bitrate %d sample-point %.3f ",
+ bt->bitrate, (float) bt->sample_point / 1000.);
+ fprintf(f,
+ "\n tq %d prop-seg %d phase-seg1 %d phase-seg2 %d sjw %d",
+ bt->tq, bt->prop_seg,
+ bt->phase_seg1, bt->phase_seg2,
+ bt->sjw);
+ }
}
- if (tb[IFLA_CAN_BITTIMING_CONST]) {
+ /* bittiming const is irrelevant if fixed bitrate is defined */
+ if (tb[IFLA_CAN_BITTIMING_CONST] && !tb[IFLA_CAN_BITRATE_CONST]) {
struct can_bittiming_const *btc =
RTA_DATA(tb[IFLA_CAN_BITTIMING_CONST]);
- fprintf(f, "\n "
- "%s: tseg1 %d..%d tseg2 %d..%d "
- "sjw 1..%d brp %d..%d brp-inc %d",
- btc->name, btc->tseg1_min, btc->tseg1_max,
- btc->tseg2_min, btc->tseg2_max, btc->sjw_max,
- btc->brp_min, btc->brp_max, btc->brp_inc);
+ if (is_json_context()) {
+ open_json_object("bittiming_const");
+ print_string(PRINT_JSON, "name", NULL, btc->name);
+ can_print_json_timing_min_max("tseg1",
+ btc->tseg1_min,
+ btc->tseg1_max);
+ can_print_json_timing_min_max("tseg2",
+ btc->tseg2_min,
+ btc->tseg2_max);
+ can_print_json_timing_min_max("sjw", 1, btc->sjw_max);
+ can_print_json_timing_min_max("brp",
+ btc->brp_min,
+ btc->brp_max);
+ print_int(PRINT_JSON, "brp_inc", NULL, btc->brp_inc);
+ close_json_object();
+ } else {
+ fprintf(f, "\n %s: tseg1 %d..%d tseg2 %d..%d "
+ "sjw 1..%d brp %d..%d brp-inc %d",
+ btc->name, btc->tseg1_min, btc->tseg1_max,
+ btc->tseg2_min, btc->tseg2_max, btc->sjw_max,
+ btc->brp_min, btc->brp_max, btc->brp_inc);
+ }
}
- if (tb[IFLA_CAN_DATA_BITTIMING]) {
+ if (tb[IFLA_CAN_BITRATE_CONST]) {
+ __u32 *bitrate_const = RTA_DATA(tb[IFLA_CAN_BITRATE_CONST]);
+ int bitrate_cnt = RTA_PAYLOAD(tb[IFLA_CAN_BITRATE_CONST]) /
+ sizeof(*bitrate_const);
+ int i;
+ __u32 bitrate = 0;
+
+ if (tb[IFLA_CAN_BITTIMING]) {
+ struct can_bittiming *bt =
+ RTA_DATA(tb[IFLA_CAN_BITTIMING]);
+ bitrate = bt->bitrate;
+ }
+
+ if (is_json_context()) {
+ print_uint(PRINT_JSON,
+ "bittiming_bitrate",
+ NULL, bitrate);
+ open_json_array(PRINT_JSON, "bitrate_const");
+ for (i = 0; i < bitrate_cnt; ++i)
+ print_uint(PRINT_JSON, NULL, NULL,
+ bitrate_const[i]);
+ close_json_array(PRINT_JSON, NULL);
+ } else {
+ fprintf(f, "\n bitrate %u", bitrate);
+ fprintf(f, "\n [");
+
+ for (i = 0; i < bitrate_cnt - 1; ++i) {
+ /* This will keep lines below 80 signs */
+ if (!(i % 6) && i)
+ fprintf(f, "\n ");
+
+ fprintf(f, "%8u, ", bitrate_const[i]);
+ }
+
+ if (!(i % 6) && i)
+ fprintf(f, "\n ");
+ fprintf(f, "%8u ]", bitrate_const[i]);
+ }
+ }
+
+ /* data bittiming is irrelevant if fixed bitrate is defined */
+ if (tb[IFLA_CAN_DATA_BITTIMING] && !tb[IFLA_CAN_DATA_BITRATE_CONST]) {
struct can_bittiming *dbt =
RTA_DATA(tb[IFLA_CAN_DATA_BITTIMING]);
- fprintf(f, "\n "
- "dbitrate %d dsample-point %.3f ",
- dbt->bitrate, (float)dbt->sample_point / 1000.);
- fprintf(f, "\n "
- "dtq %d dprop-seg %d dphase-seg1 %d "
- "dphase-seg2 %d dsjw %d",
- dbt->tq, dbt->prop_seg, dbt->phase_seg1,
- dbt->phase_seg2, dbt->sjw);
+ if (is_json_context()) {
+ open_json_object("data_bittiming");
+ print_int(PRINT_JSON, "bitrate", NULL, dbt->bitrate);
+ jsonw_float_field_fmt(get_json_writer(),
+ "sample_point",
+ "%.3f",
+ (float) dbt->sample_point / 1000.);
+ print_int(PRINT_JSON, "tq", NULL, dbt->tq);
+ print_int(PRINT_JSON, "prop_seg", NULL, dbt->prop_seg);
+ print_int(PRINT_JSON, "phase_seg1",
+ NULL, dbt->phase_seg1);
+ print_int(PRINT_JSON, "phase_seg2",
+ NULL, dbt->phase_seg2);
+ print_int(PRINT_JSON, "sjw", NULL, dbt->sjw);
+ close_json_object();
+ } else {
+ fprintf(f, "\n dbitrate %d dsample-point %.3f ",
+ dbt->bitrate,
+ (float) dbt->sample_point / 1000.);
+ fprintf(f, "\n dtq %d dprop-seg %d dphase-seg1 %d "
+ "dphase-seg2 %d dsjw %d",
+ dbt->tq, dbt->prop_seg, dbt->phase_seg1,
+ dbt->phase_seg2, dbt->sjw);
+ }
}
- if (tb[IFLA_CAN_DATA_BITTIMING_CONST]) {
+ /* data bittiming const is irrelevant if fixed bitrate is defined */
+ if (tb[IFLA_CAN_DATA_BITTIMING_CONST] &&
+ !tb[IFLA_CAN_DATA_BITRATE_CONST]) {
struct can_bittiming_const *dbtc =
RTA_DATA(tb[IFLA_CAN_DATA_BITTIMING_CONST]);
- fprintf(f, "\n "
- "%s: dtseg1 %d..%d dtseg2 %d..%d "
- "dsjw 1..%d dbrp %d..%d dbrp-inc %d",
- dbtc->name, dbtc->tseg1_min, dbtc->tseg1_max,
- dbtc->tseg2_min, dbtc->tseg2_max, dbtc->sjw_max,
- dbtc->brp_min, dbtc->brp_max, dbtc->brp_inc);
+ if (is_json_context()) {
+ open_json_object("data_bittiming_const");
+ print_string(PRINT_JSON, "name", NULL, dbtc->name);
+ can_print_json_timing_min_max("tseg1",
+ dbtc->tseg1_min,
+ dbtc->tseg1_max);
+ can_print_json_timing_min_max("tseg2",
+ dbtc->tseg2_min,
+ dbtc->tseg2_max);
+ can_print_json_timing_min_max("sjw", 1, dbtc->sjw_max);
+ can_print_json_timing_min_max("brp",
+ dbtc->brp_min,
+ dbtc->brp_max);
+
+ print_int(PRINT_JSON, "brp_inc", NULL, dbtc->brp_inc);
+ close_json_object();
+ } else {
+ fprintf(f, "\n %s: dtseg1 %d..%d dtseg2 %d..%d "
+ "dsjw 1..%d dbrp %d..%d dbrp-inc %d",
+ dbtc->name, dbtc->tseg1_min, dbtc->tseg1_max,
+ dbtc->tseg2_min, dbtc->tseg2_max, dbtc->sjw_max,
+ dbtc->brp_min, dbtc->brp_max, dbtc->brp_inc);
+ }
+ }
+
+ if (tb[IFLA_CAN_DATA_BITRATE_CONST]) {
+ __u32 *dbitrate_const =
+ RTA_DATA(tb[IFLA_CAN_DATA_BITRATE_CONST]);
+ int dbitrate_cnt =
+ RTA_PAYLOAD(tb[IFLA_CAN_DATA_BITRATE_CONST]) /
+ sizeof(*dbitrate_const);
+ int i;
+ __u32 dbitrate = 0;
+
+ if (tb[IFLA_CAN_DATA_BITTIMING]) {
+ struct can_bittiming *dbt =
+ RTA_DATA(tb[IFLA_CAN_DATA_BITTIMING]);
+ dbitrate = dbt->bitrate;
+ }
+
+ if (is_json_context()) {
+ print_uint(PRINT_JSON, "data_bittiming_bitrate",
+ NULL, dbitrate);
+ open_json_array(PRINT_JSON, "data_bitrate_const");
+ for (i = 0; i < dbitrate_cnt; ++i)
+ print_uint(PRINT_JSON, NULL, NULL,
+ dbitrate_const[i]);
+ close_json_array(PRINT_JSON, NULL);
+ } else {
+ fprintf(f, "\n dbitrate %u", dbitrate);
+ fprintf(f, "\n [");
+
+ for (i = 0; i < dbitrate_cnt - 1; ++i) {
+ /* This will keep lines below 80 signs */
+ if (!(i % 6) && i)
+ fprintf(f, "\n ");
+
+ fprintf(f, "%8u, ", dbitrate_const[i]);
+ }
+
+ if (!(i % 6) && i)
+ fprintf(f, "\n ");
+ fprintf(f, "%8u ]", dbitrate_const[i]);
+ }
+ }
+
+ if (tb[IFLA_CAN_TERMINATION_CONST] && tb[IFLA_CAN_TERMINATION]) {
+ __u16 *trm = RTA_DATA(tb[IFLA_CAN_TERMINATION]);
+ __u16 *trm_const = RTA_DATA(tb[IFLA_CAN_TERMINATION_CONST]);
+ int trm_cnt = RTA_PAYLOAD(tb[IFLA_CAN_TERMINATION_CONST]) /
+ sizeof(*trm_const);
+ int i;
+
+ if (is_json_context()) {
+ print_hu(PRINT_JSON, "termination", NULL, *trm);
+ open_json_array(PRINT_JSON, "termination_const");
+ for (i = 0; i < trm_cnt; ++i)
+ print_hu(PRINT_JSON, NULL, NULL, trm_const[i]);
+ close_json_array(PRINT_JSON, NULL);
+ } else {
+ fprintf(f, "\n termination %hu [ ", *trm);
+
+ for (i = 0; i < trm_cnt - 1; ++i)
+ fprintf(f, "%hu, ", trm_const[i]);
+
+ fprintf(f, "%hu ]", trm_const[i]);
+ }
}
if (tb[IFLA_CAN_CLOCK]) {
struct can_clock *clock = RTA_DATA(tb[IFLA_CAN_CLOCK]);
- fprintf(f, "\n clock %d", clock->freq);
+ print_int(PRINT_ANY,
+ "clock",
+ "\n clock %d",
+ clock->freq);
}
}
@@ -351,18 +553,32 @@
if (xstats && RTA_PAYLOAD(xstats) == sizeof(*stats)) {
stats = RTA_DATA(xstats);
- fprintf(f, "\n "
- "re-started bus-errors arbit-lost "
- "error-warn error-pass bus-off");
- fprintf(f, "\n %-10d %-10d %-10d %-10d %-10d %-10d",
- stats->restarts, stats->bus_error,
- stats->arbitration_lost, stats->error_warning,
- stats->error_passive, stats->bus_off);
+
+ if (is_json_context()) {
+ print_int(PRINT_JSON, "restarts",
+ NULL, stats->restarts);
+ print_int(PRINT_JSON, "bus_error",
+ NULL, stats->bus_error);
+ print_int(PRINT_JSON, "arbitration_lost",
+ NULL, stats->arbitration_lost);
+ print_int(PRINT_JSON, "error_warning",
+ NULL, stats->error_warning);
+ print_int(PRINT_JSON, "error_passive",
+ NULL, stats->error_passive);
+ print_int(PRINT_JSON, "bus_off", NULL, stats->bus_off);
+ } else {
+ fprintf(f, "\n re-started bus-errors arbit-lost "
+ "error-warn error-pass bus-off");
+ fprintf(f, "\n %-10d %-10d %-10d %-10d %-10d %-10d",
+ stats->restarts, stats->bus_error,
+ stats->arbitration_lost, stats->error_warning,
+ stats->error_passive, stats->bus_off);
+ }
}
}
static void can_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_usage(f);
}
diff --git a/ip/iplink_dummy.c b/ip/iplink_dummy.c
new file mode 100644
index 0000000..cf78ea5
--- /dev/null
+++ b/ip/iplink_dummy.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void dummy_print_help(struct link_util *lu,
+ int argc, char **argv, FILE *f)
+{
+ fprintf(f, "Usage: ... dummy\n");
+}
+
+struct link_util dummy_link_util = {
+ .id = "dummy",
+ .print_help = dummy_print_help,
+};
diff --git a/ip/iplink_geneve.c b/ip/iplink_geneve.c
index 1345479..f0f1d1c 100644
--- a/ip/iplink_geneve.c
+++ b/ip/iplink_geneve.c
@@ -15,15 +15,28 @@
#include "utils.h"
#include "ip_common.h"
+#define GENEVE_ATTRSET(attrs, type) (((attrs) & (1L << (type))) != 0)
+
static void print_explain(FILE *f)
{
- fprintf(f, "Usage: ... geneve id VNI remote ADDR\n");
- fprintf(f, " [ ttl TTL ] [ tos TOS ]\n");
- fprintf(f, "\n");
- fprintf(f, "Where: VNI := 0-16777215\n");
- fprintf(f, " ADDR := IP_ADDRESS\n");
- fprintf(f, " TOS := { NUMBER | inherit }\n");
- fprintf(f, " TTL := { 1..255 | inherit }\n");
+ fprintf(f,
+ "Usage: ... geneve id VNI\n"
+ " remote ADDR\n"
+ " [ ttl TTL ]\n"
+ " [ tos TOS ]\n"
+ " [ flowlabel LABEL ]\n"
+ " [ dstport PORT ]\n"
+ " [ [no]external ]\n"
+ " [ [no]udpcsum ]\n"
+ " [ [no]udp6zerocsumtx ]\n"
+ " [ [no]udp6zerocsumrx ]\n"
+ "\n"
+ "Where: VNI := 0-16777215\n"
+ " ADDR := IP_ADDRESS\n"
+ " TOS := { NUMBER | inherit }\n"
+ " TTL := { 1..255 | inherit }\n"
+ " LABEL := 0-1048575\n"
+ );
}
static void explain(void)
@@ -31,26 +44,46 @@
print_explain(stderr);
}
+static void check_duparg(__u64 *attrs, int type, const char *key,
+ const char *argv)
+{
+ if (!GENEVE_ATTRSET(*attrs, type)) {
+ *attrs |= (1L << type);
+ return;
+ }
+ duparg2(key, argv);
+}
+
static int geneve_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
__u32 vni = 0;
- int vni_set = 0;
__u32 daddr = 0;
struct in6_addr daddr6 = IN6ADDR_ANY_INIT;
+ __u32 label = 0;
__u8 ttl = 0;
__u8 tos = 0;
+ __u16 dstport = 0;
+ bool metadata = 0;
+ __u8 udpcsum = 0;
+ __u8 udp6zerocsumtx = 0;
+ __u8 udp6zerocsumrx = 0;
+ __u64 attrs = 0;
+ bool set_op = (n->nlmsg_type == RTM_NEWLINK &&
+ !(n->nlmsg_flags & NLM_F_CREATE));
while (argc > 0) {
if (!matches(*argv, "id") ||
!matches(*argv, "vni")) {
NEXT_ARG();
+ check_duparg(&attrs, IFLA_GENEVE_ID, "id", *argv);
if (get_u32(&vni, *argv, 0) ||
vni >= 1u << 24)
invarg("invalid id", *argv);
- vni_set = 1;
} else if (!matches(*argv, "remote")) {
NEXT_ARG();
+ check_duparg(&attrs, IFLA_GENEVE_REMOTE, "remote",
+ *argv);
if (!inet_get_addr(*argv, &daddr, &daddr6)) {
fprintf(stderr, "Invalid address \"%s\"\n", *argv);
return -1;
@@ -59,9 +92,10 @@
invarg("invalid remote address", *argv);
} else if (!matches(*argv, "ttl") ||
!matches(*argv, "hoplimit")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
+ check_duparg(&attrs, IFLA_GENEVE_TTL, "ttl", *argv);
if (strcmp(*argv, "inherit") != 0) {
if (get_unsigned(&uval, *argv, 0))
invarg("invalid TTL", *argv);
@@ -74,12 +108,62 @@
__u32 uval;
NEXT_ARG();
+ check_duparg(&attrs, IFLA_GENEVE_TOS, "tos", *argv);
if (strcmp(*argv, "inherit") != 0) {
if (rtnl_dsfield_a2n(&uval, *argv))
invarg("bad TOS value", *argv);
tos = uval;
} else
tos = 1;
+ } else if (!matches(*argv, "label") ||
+ !matches(*argv, "flowlabel")) {
+ __u32 uval;
+
+ NEXT_ARG();
+ check_duparg(&attrs, IFLA_GENEVE_LABEL, "flowlabel",
+ *argv);
+ if (get_u32(&uval, *argv, 0) ||
+ (uval & ~LABEL_MAX_MASK))
+ invarg("invalid flowlabel", *argv);
+ label = htonl(uval);
+ } else if (!matches(*argv, "dstport")) {
+ NEXT_ARG();
+ check_duparg(&attrs, IFLA_GENEVE_PORT, "dstport",
+ *argv);
+ if (get_u16(&dstport, *argv, 0))
+ invarg("dstport", *argv);
+ } else if (!matches(*argv, "external")) {
+ check_duparg(&attrs, IFLA_GENEVE_COLLECT_METADATA,
+ *argv, *argv);
+ metadata = true;
+ } else if (!matches(*argv, "noexternal")) {
+ check_duparg(&attrs, IFLA_GENEVE_COLLECT_METADATA,
+ *argv, *argv);
+ metadata = false;
+ } else if (!matches(*argv, "udpcsum")) {
+ check_duparg(&attrs, IFLA_GENEVE_UDP_CSUM, *argv,
+ *argv);
+ udpcsum = 1;
+ } else if (!matches(*argv, "noudpcsum")) {
+ check_duparg(&attrs, IFLA_GENEVE_UDP_CSUM, *argv,
+ *argv);
+ udpcsum = 0;
+ } else if (!matches(*argv, "udp6zerocsumtx")) {
+ check_duparg(&attrs, IFLA_GENEVE_UDP_ZERO_CSUM6_TX,
+ *argv, *argv);
+ udp6zerocsumtx = 1;
+ } else if (!matches(*argv, "noudp6zerocsumtx")) {
+ check_duparg(&attrs, IFLA_GENEVE_UDP_ZERO_CSUM6_TX,
+ *argv, *argv);
+ udp6zerocsumtx = 0;
+ } else if (!matches(*argv, "udp6zerocsumrx")) {
+ check_duparg(&attrs, IFLA_GENEVE_UDP_ZERO_CSUM6_RX,
+ *argv, *argv);
+ udp6zerocsumrx = 1;
+ } else if (!matches(*argv, "noudp6zerocsumrx")) {
+ check_duparg(&attrs, IFLA_GENEVE_UDP_ZERO_CSUM6_RX,
+ *argv, *argv);
+ udp6zerocsumrx = 0;
} else if (matches(*argv, "help") == 0) {
explain();
return -1;
@@ -91,23 +175,51 @@
argc--, argv++;
}
- if (!vni_set) {
- fprintf(stderr, "geneve: missing virtual network identifier\n");
+ if (metadata && GENEVE_ATTRSET(attrs, IFLA_GENEVE_ID)) {
+ fprintf(stderr, "geneve: both 'external' and vni cannot be specified\n");
return -1;
}
- if (!daddr && memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) == 0) {
- fprintf(stderr, "geneve: remote link partner not specified\n");
- return -1;
+ if (!metadata) {
+ /* parameter checking make sense only for full geneve tunnels */
+ if (!GENEVE_ATTRSET(attrs, IFLA_GENEVE_ID)) {
+ fprintf(stderr, "geneve: missing virtual network identifier\n");
+ return -1;
+ }
+
+ /* If we are modifying the geneve device, then we only need the
+ * ID (VNI) to identify the geneve device, and we do not need
+ * the remote IP.
+ */
+ if (!set_op && !daddr && IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
+ fprintf(stderr, "geneve: remote link partner not specified\n");
+ return -1;
+ }
}
addattr32(n, 1024, IFLA_GENEVE_ID, vni);
if (daddr)
addattr_l(n, 1024, IFLA_GENEVE_REMOTE, &daddr, 4);
- if (memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) != 0)
- addattr_l(n, 1024, IFLA_GENEVE_REMOTE6, &daddr6, sizeof(struct in6_addr));
- addattr8(n, 1024, IFLA_GENEVE_TTL, ttl);
- addattr8(n, 1024, IFLA_GENEVE_TOS, tos);
+ if (!IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
+ addattr_l(n, 1024, IFLA_GENEVE_REMOTE6, &daddr6,
+ sizeof(struct in6_addr));
+ }
+ if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_LABEL))
+ addattr32(n, 1024, IFLA_GENEVE_LABEL, label);
+ if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_TTL))
+ addattr8(n, 1024, IFLA_GENEVE_TTL, ttl);
+ if (!set_op || GENEVE_ATTRSET(attrs, IFLA_GENEVE_TOS))
+ addattr8(n, 1024, IFLA_GENEVE_TOS, tos);
+ if (dstport)
+ addattr16(n, 1024, IFLA_GENEVE_PORT, htons(dstport));
+ if (metadata)
+ addattr(n, 1024, IFLA_GENEVE_COLLECT_METADATA);
+ if (GENEVE_ATTRSET(attrs, IFLA_GENEVE_UDP_CSUM))
+ addattr8(n, 1024, IFLA_GENEVE_UDP_CSUM, udpcsum);
+ if (GENEVE_ATTRSET(attrs, IFLA_GENEVE_UDP_ZERO_CSUM6_TX))
+ addattr8(n, 1024, IFLA_GENEVE_UDP_ZERO_CSUM6_TX, udp6zerocsumtx);
+ if (GENEVE_ATTRSET(attrs, IFLA_GENEVE_UDP_ZERO_CSUM6_RX))
+ addattr8(n, 1024, IFLA_GENEVE_UDP_ZERO_CSUM6_RX, udp6zerocsumrx);
return 0;
}
@@ -115,7 +227,6 @@
static void geneve_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
__u32 vni;
- char s1[1024];
__u8 tos;
if (!tb)
@@ -126,35 +237,110 @@
return;
vni = rta_getattr_u32(tb[IFLA_GENEVE_ID]);
- fprintf(f, "id %u ", vni);
+ print_uint(PRINT_ANY, "id", "id %u ", vni);
if (tb[IFLA_GENEVE_REMOTE]) {
__be32 addr = rta_getattr_u32(tb[IFLA_GENEVE_REMOTE]);
+
if (addr)
- fprintf(f, "remote %s ",
- format_host(AF_INET, 4, &addr, s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "remote",
+ "remote %s ",
+ format_host(AF_INET, 4, &addr));
} else if (tb[IFLA_GENEVE_REMOTE6]) {
struct in6_addr addr;
+
memcpy(&addr, RTA_DATA(tb[IFLA_GENEVE_REMOTE6]), sizeof(struct in6_addr));
- if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) {
- if (IN6_IS_ADDR_MULTICAST(&addr))
- fprintf(f, "remote %s ",
- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1)));
+ if (!IN6_IS_ADDR_UNSPECIFIED(&addr)) {
+ if (!IN6_IS_ADDR_MULTICAST(&addr))
+ print_string(PRINT_ANY,
+ "remote6",
+ "remote %s ",
+ format_host(AF_INET6,
+ sizeof(struct in6_addr),
+ &addr));
}
}
if (tb[IFLA_GENEVE_TTL]) {
__u8 ttl = rta_getattr_u8(tb[IFLA_GENEVE_TTL]);
+
if (ttl)
- fprintf(f, "ttl %d ", ttl);
+ print_int(PRINT_ANY, "ttl", "ttl %d ", ttl);
}
if (tb[IFLA_GENEVE_TOS] &&
(tos = rta_getattr_u8(tb[IFLA_GENEVE_TOS]))) {
- if (tos == 1)
- fprintf(f, "tos inherit ");
- else
- fprintf(f, "tos %#x ", tos);
+ if (is_json_context()) {
+ print_0xhex(PRINT_JSON, "tos", "%#x", tos);
+ } else {
+ if (tos == 1) {
+ print_string(PRINT_FP,
+ "tos",
+ "tos %s ",
+ "inherit");
+ } else {
+ fprintf(f, "tos %#x ", tos);
+ }
+ }
+ }
+
+ if (tb[IFLA_GENEVE_LABEL]) {
+ __u32 label = rta_getattr_u32(tb[IFLA_GENEVE_LABEL]);
+
+ if (label)
+ print_0xhex(PRINT_ANY,
+ "label",
+ "flowlabel %#x ",
+ ntohl(label));
+ }
+
+ if (tb[IFLA_GENEVE_PORT])
+ print_uint(PRINT_ANY,
+ "port",
+ "dstport %u ",
+ rta_getattr_be16(tb[IFLA_GENEVE_PORT]));
+
+ if (tb[IFLA_GENEVE_COLLECT_METADATA])
+ print_bool(PRINT_ANY, "collect_metadata", "external ", true);
+
+ if (tb[IFLA_GENEVE_UDP_CSUM]) {
+ if (is_json_context()) {
+ print_bool(PRINT_JSON,
+ "udp_csum",
+ NULL,
+ rta_getattr_u8(tb[IFLA_GENEVE_UDP_CSUM]));
+ } else {
+ if (!rta_getattr_u8(tb[IFLA_GENEVE_UDP_CSUM]))
+ fputs("no", f);
+ fputs("udpcsum ", f);
+ }
+ }
+
+ if (tb[IFLA_GENEVE_UDP_ZERO_CSUM6_TX]) {
+ if (is_json_context()) {
+ print_bool(PRINT_JSON,
+ "udp_zero_csum6_tx",
+ NULL,
+ rta_getattr_u8(tb[IFLA_GENEVE_UDP_ZERO_CSUM6_TX]));
+ } else {
+ if (!rta_getattr_u8(tb[IFLA_GENEVE_UDP_ZERO_CSUM6_TX]))
+ fputs("no", f);
+ fputs("udp6zerocsumtx ", f);
+ }
+ }
+
+ if (tb[IFLA_GENEVE_UDP_ZERO_CSUM6_RX]) {
+ if (is_json_context()) {
+ print_bool(PRINT_JSON,
+ "udp_zero_csum6_rx",
+ NULL,
+ rta_getattr_u8(tb[IFLA_GENEVE_UDP_ZERO_CSUM6_RX]));
+ } else {
+ if (!rta_getattr_u8(tb[IFLA_GENEVE_UDP_ZERO_CSUM6_RX]))
+ fputs("no", f);
+ fputs("udp6zerocsumrx ", f);
+ }
}
}
diff --git a/ip/iplink_hsr.c b/ip/iplink_hsr.c
index 65fbec8..c673ccf 100644
--- a/ip/iplink_hsr.c
+++ b/ip/iplink_hsr.c
@@ -25,7 +25,7 @@
{
fprintf(f,
"Usage:\tip link add name NAME type hsr slave1 SLAVE1-IF slave2 SLAVE2-IF\n"
-"\t[ supervision ADDR-BYTE ]\n"
+"\t[ supervision ADDR-BYTE ] [version VERSION]\n"
"\n"
"NAME\n"
" name of new hsr device (e.g. hsr0)\n"
@@ -33,7 +33,9 @@
" the two slave devices bound to the HSR device\n"
"ADDR-BYTE\n"
" 0-255; the last byte of the multicast address used for HSR supervision\n"
-" frames (default = 0)\n");
+" frames (default = 0)\n"
+"VERSION\n"
+" 0,1; the protocol version to be used. (default = 0)\n");
}
static void usage(void)
@@ -46,6 +48,7 @@
{
int ifindex;
unsigned char multicast_spec;
+ unsigned char protocol_version;
while (argc > 0) {
if (matches(*argv, "supervision") == 0) {
@@ -54,6 +57,13 @@
invarg("ADDR-BYTE is invalid", *argv);
addattr_l(n, 1024, IFLA_HSR_MULTICAST_SPEC,
&multicast_spec, 1);
+ } else if (matches(*argv, "version") == 0) {
+ NEXT_ARG();
+ if (!(get_u8(&protocol_version, *argv, 0) == 0 ||
+ get_u8(&protocol_version, *argv, 0) == 1))
+ invarg("version is invalid", *argv);
+ addattr_l(n, 1024, IFLA_HSR_VERSION,
+ &protocol_version, 1);
} else if (matches(*argv, "slave1") == 0) {
NEXT_ARG();
ifindex = ll_name_to_index(*argv);
@@ -100,30 +110,36 @@
RTA_PAYLOAD(tb[IFLA_HSR_SUPERVISION_ADDR]) < ETH_ALEN)
return;
- fprintf(f, "slave1 ");
if (tb[IFLA_HSR_SLAVE1])
- fprintf(f, "%s ",
- ll_index_to_name(rta_getattr_u32(tb[IFLA_HSR_SLAVE1])));
+ print_string(PRINT_ANY,
+ "slave1",
+ "slave1 %s ",
+ ll_index_to_name(rta_getattr_u32(tb[IFLA_HSR_SLAVE1])));
else
- fprintf(f, "<none> ");
+ print_null(PRINT_ANY, "slave1", "slave1 %s ", "<none>");
- fprintf(f, "slave2 ");
if (tb[IFLA_HSR_SLAVE2])
- fprintf(f, "%s ",
- ll_index_to_name(rta_getattr_u32(tb[IFLA_HSR_SLAVE2])));
+ print_string(PRINT_ANY,
+ "slave2",
+ "slave2 %s ",
+ ll_index_to_name(rta_getattr_u32(tb[IFLA_HSR_SLAVE2])));
else
- fprintf(f, "<none> ");
+ print_null(PRINT_ANY, "slave2", "slave2 %s ", "<none>");
if (tb[IFLA_HSR_SEQ_NR])
- fprintf(f, "sequence %d ",
- rta_getattr_u16(tb[IFLA_HSR_SEQ_NR]));
+ print_int(PRINT_ANY,
+ "seq_nr",
+ "sequence %d ",
+ rta_getattr_u16(tb[IFLA_HSR_SEQ_NR]));
if (tb[IFLA_HSR_SUPERVISION_ADDR])
- fprintf(f, "supervision %s ",
- ll_addr_n2a(RTA_DATA(tb[IFLA_HSR_SUPERVISION_ADDR]),
- RTA_PAYLOAD(tb[IFLA_HSR_SUPERVISION_ADDR]),
- ARPHRD_VOID,
- b1, sizeof(b1)));
+ print_string(PRINT_ANY,
+ "supervision_addr",
+ "supervision %s ",
+ ll_addr_n2a(RTA_DATA(tb[IFLA_HSR_SUPERVISION_ADDR]),
+ RTA_PAYLOAD(tb[IFLA_HSR_SUPERVISION_ADDR]),
+ ARPHRD_VOID,
+ b1, sizeof(b1)));
}
static void hsr_print_help(struct link_util *lu, int argc, char **argv,
@@ -134,7 +150,7 @@
struct link_util hsr_link_util = {
.id = "hsr",
- .maxattr = IFLA_VLAN_MAX,
+ .maxattr = IFLA_HSR_MAX,
.parse_opt = hsr_parse_opt,
.print_opt = hsr_print_opt,
.print_help = hsr_print_help,
diff --git a/ip/iplink_ifb.c b/ip/iplink_ifb.c
new file mode 100644
index 0000000..d7dc8f9
--- /dev/null
+++ b/ip/iplink_ifb.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void ifb_print_help(struct link_util *lu,
+ int argc, char **argv, FILE *f)
+{
+ fprintf(f, "Usage: ... ifb\n");
+}
+
+struct link_util ifb_link_util = {
+ .id = "ifb",
+ .print_help = ifb_print_help,
+};
diff --git a/ip/iplink_ipoib.c b/ip/iplink_ipoib.c
index 6087cbe..e69bda0 100644
--- a/ip/iplink_ipoib.c
+++ b/ip/iplink_ipoib.c
@@ -22,8 +22,9 @@
static void print_explain(FILE *f)
{
fprintf(f,
- "Usage: ... ipoib [pkey PKEY] [mode {datagram | connected}]"
- "[umcast {0|1}]\n"
+ "Usage: ... ipoib [ pkey PKEY ]\n"
+ " [ mode {datagram | connected} ]\n"
+ " [ umcast {0|1} ]\n"
"\n"
"PKEY := 0x8001-0xffff\n"
);
@@ -36,8 +37,7 @@
static int mode_arg(void)
{
- fprintf(stderr, "Error: argument of \"mode\" must be \"datagram\""
- "or \"connected\"\n");
+ fprintf(stderr, "Error: argument of \"mode\" must be \"datagram\"or \"connected\"\n");
return -1;
}
@@ -91,23 +91,43 @@
RTA_PAYLOAD(tb[IFLA_IPOIB_PKEY]) < sizeof(__u16))
return;
- fprintf(f, "pkey %#.4x ", rta_getattr_u16(tb[IFLA_IPOIB_PKEY]));
+ __u16 pkey = rta_getattr_u16(tb[IFLA_IPOIB_PKEY]);
+
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "%#.4x", pkey);
+ print_string(PRINT_JSON, "key", NULL, b1);
+ } else {
+ fprintf(f, "pkey %#.4x ", pkey);
+ }
if (!tb[IFLA_IPOIB_MODE] ||
RTA_PAYLOAD(tb[IFLA_IPOIB_MODE]) < sizeof(__u16))
return;
mode = rta_getattr_u16(tb[IFLA_IPOIB_MODE]);
- fprintf(f, "mode %s ",
+
+ const char *mode_str =
mode == IPOIB_MODE_DATAGRAM ? "datagram" :
- mode == IPOIB_MODE_CONNECTED ? "connected" :
- "unknown");
+ mode == IPOIB_MODE_CONNECTED ? "connected" : "unknown";
+
+ print_string(PRINT_ANY, "mode", "mode %s ", mode_str);
if (!tb[IFLA_IPOIB_UMCAST] ||
RTA_PAYLOAD(tb[IFLA_IPOIB_UMCAST]) < sizeof(__u16))
return;
- fprintf(f, "umcast %.4x ", rta_getattr_u16(tb[IFLA_IPOIB_UMCAST]));
+ __u16 umcast = rta_getattr_u16(tb[IFLA_IPOIB_UMCAST]);
+
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "%.4x", umcast);
+ print_string(PRINT_JSON, "umcast", NULL, b1);
+ } else {
+ fprintf(f, "umcast %.4x ", umcast);
+ }
}
static void ipoib_print_help(struct link_util *lu, int argc, char **argv,
diff --git a/ip/iplink_ipvlan.c b/ip/iplink_ipvlan.c
index e08fc39..9f48309 100644
--- a/ip/iplink_ipvlan.c
+++ b/ip/iplink_ipvlan.c
@@ -20,19 +20,7 @@
static void ipvlan_explain(FILE *f)
{
- fprintf(f, "Usage: ... ipvlan [ mode { l2 | l3 } ]\n");
-}
-
-static void explain(void)
-{
- ipvlan_explain(stderr);
-}
-
-static int mode_arg(void)
-{
- fprintf(stderr, "Error: argument of \"mode\" must be either \"l2\", "
- "or \"l3\"\n");
- return -1;
+ fprintf(f, "Usage: ... ipvlan [ mode { l2 | l3 | l3s } ]\n");
}
static int ipvlan_parse_opt(struct link_util *lu, int argc, char **argv,
@@ -41,26 +29,31 @@
while (argc > 0) {
if (matches(*argv, "mode") == 0) {
__u16 mode = 0;
+
NEXT_ARG();
if (strcmp(*argv, "l2") == 0)
mode = IPVLAN_MODE_L2;
else if (strcmp(*argv, "l3") == 0)
mode = IPVLAN_MODE_L3;
- else
- return mode_arg();
-
+ else if (strcmp(*argv, "l3s") == 0)
+ mode = IPVLAN_MODE_L3S;
+ else {
+ fprintf(stderr, "Error: argument of \"mode\" must be either \"l2\", \"l3\" or \"l3s\"\n");
+ return -1;
+ }
addattr16(n, 1024, IFLA_IPVLAN_MODE, mode);
} else if (matches(*argv, "help") == 0) {
- explain();
+ ipvlan_explain(stderr);
return -1;
} else {
fprintf(stderr, "ipvlan: unknown option \"%s\"?\n",
*argv);
- explain();
+ ipvlan_explain(stderr);
return -1;
}
- argc--, argv++;
+ argc--;
+ argv++;
}
return 0;
@@ -75,10 +68,11 @@
if (tb[IFLA_IPVLAN_MODE]) {
if (RTA_PAYLOAD(tb[IFLA_IPVLAN_MODE]) == sizeof(__u16)) {
__u16 mode = rta_getattr_u16(tb[IFLA_IPVLAN_MODE]);
+ const char *mode_str = mode == IPVLAN_MODE_L2 ? "l2" :
+ mode == IPVLAN_MODE_L3 ? "l3" :
+ mode == IPVLAN_MODE_L3S ? "l3s" : "unknown";
- fprintf(f, " mode %s ",
- mode == IPVLAN_MODE_L2 ? "l2" :
- mode == IPVLAN_MODE_L3 ? "l3" : "unknown");
+ print_string(PRINT_ANY, "mode", " mode %s ", mode_str);
}
}
}
diff --git a/ip/iplink_macvlan.c b/ip/iplink_macvlan.c
index f195e81..b966a61 100644
--- a/ip/iplink_macvlan.c
+++ b/ip/iplink_macvlan.c
@@ -15,6 +15,7 @@
#include <string.h>
#include <sys/socket.h>
#include <linux/if_link.h>
+#include <linux/if_ether.h>
#include "rt_names.h"
#include "utils.h"
@@ -29,7 +30,12 @@
static void print_explain(struct link_util *lu, FILE *f)
{
fprintf(f,
- "Usage: ... %s mode { private | vepa | bridge | passthru [nopromisc] }\n",
+ "Usage: ... %s mode MODE [flag MODE_FLAG] MODE_OPTS\n"
+ "\n"
+ "MODE: private | vepa | bridge | passthru | source\n"
+ "MODE_FLAG: null | nopromisc\n"
+ "MODE_OPTS: for mode \"source\":\n"
+ "\tmacaddr { { add | del } <macaddr> | set [ <macaddr> [ <macaddr> ... ] ] | flush }\n",
lu->id
);
}
@@ -39,11 +45,21 @@
print_explain(lu, stderr);
}
+
static int mode_arg(const char *arg)
{
- fprintf(stderr, "Error: argument of \"mode\" must be \"private\", "
- "\"vepa\", \"bridge\" or \"passthru\", not \"%s\"\n", arg);
- return -1;
+ fprintf(stderr,
+ "Error: argument of \"mode\" must be \"private\", \"vepa\", \"bridge\", \"passthru\" or \"source\", not \"%s\"\n",
+ arg);
+ return -1;
+}
+
+static int flag_arg(const char *arg)
+{
+ fprintf(stderr,
+ "Error: argument of \"flag\" must be \"nopromisc\" or \"null\", not \"%s\"\n",
+ arg);
+ return -1;
}
static int macvlan_parse_opt(struct link_util *lu, int argc, char **argv,
@@ -51,6 +67,10 @@
{
__u32 mode = 0;
__u16 flags = 0;
+ __u32 mac_mode = 0;
+ int has_flags = 0;
+ char mac[ETH_ALEN];
+ struct rtattr *nmac;
while (argc > 0) {
if (matches(*argv, "mode") == 0) {
@@ -64,10 +84,72 @@
mode = MACVLAN_MODE_BRIDGE;
else if (strcmp(*argv, "passthru") == 0)
mode = MACVLAN_MODE_PASSTHRU;
+ else if (strcmp(*argv, "source") == 0)
+ mode = MACVLAN_MODE_SOURCE;
else
return mode_arg(*argv);
+ } else if (matches(*argv, "flag") == 0) {
+ NEXT_ARG();
+
+ if (strcmp(*argv, "nopromisc") == 0)
+ flags |= MACVLAN_FLAG_NOPROMISC;
+ else if (strcmp(*argv, "null") == 0)
+ flags |= 0;
+ else
+ return flag_arg(*argv);
+
+ has_flags = 1;
+
+ } else if (matches(*argv, "macaddr") == 0) {
+ NEXT_ARG();
+
+ if (strcmp(*argv, "add") == 0) {
+ mac_mode = MACVLAN_MACADDR_ADD;
+ } else if (strcmp(*argv, "del") == 0) {
+ mac_mode = MACVLAN_MACADDR_DEL;
+ } else if (strcmp(*argv, "set") == 0) {
+ mac_mode = MACVLAN_MACADDR_SET;
+ } else if (strcmp(*argv, "flush") == 0) {
+ mac_mode = MACVLAN_MACADDR_FLUSH;
+ } else {
+ explain(lu);
+ return -1;
+ }
+
+ addattr32(n, 1024, IFLA_MACVLAN_MACADDR_MODE, mac_mode);
+
+ if (mac_mode == MACVLAN_MACADDR_ADD ||
+ mac_mode == MACVLAN_MACADDR_DEL) {
+ NEXT_ARG();
+
+ if (ll_addr_a2n(mac, sizeof(mac),
+ *argv) != ETH_ALEN)
+ return -1;
+
+ addattr_l(n, 1024, IFLA_MACVLAN_MACADDR, &mac,
+ ETH_ALEN);
+ }
+
+ if (mac_mode == MACVLAN_MACADDR_SET) {
+ nmac = addattr_nest(n, 1024,
+ IFLA_MACVLAN_MACADDR_DATA);
+ while (NEXT_ARG_OK()) {
+ NEXT_ARG_FWD();
+
+ if (ll_addr_a2n(mac, sizeof(mac),
+ *argv) != ETH_ALEN) {
+ PREV_ARG();
+ break;
+ }
+
+ addattr_l(n, 1024, IFLA_MACVLAN_MACADDR,
+ &mac, ETH_ALEN);
+ }
+ addattr_nest_end(n, nmac);
+ }
} else if (matches(*argv, "nopromisc") == 0) {
flags |= MACVLAN_FLAG_NOPROMISC;
+ has_flags = 1;
} else if (matches(*argv, "help") == 0) {
explain(lu);
return -1;
@@ -82,7 +164,7 @@
if (mode)
addattr32(n, 1024, IFLA_MACVLAN_MODE, mode);
- if (flags) {
+ if (has_flags) {
if (flags & MACVLAN_FLAG_NOPROMISC &&
mode != MACVLAN_MODE_PASSTHRU) {
pfx_err(lu, "nopromisc flag only valid in passthru mode");
@@ -98,6 +180,10 @@
{
__u32 mode;
__u16 flags;
+ __u32 count;
+ unsigned char *addr;
+ int len;
+ struct rtattr *rta;
if (!tb)
return;
@@ -107,24 +193,66 @@
return;
mode = rta_getattr_u32(tb[IFLA_MACVLAN_MODE]);
- fprintf(f, " mode %s ",
- mode == MACVLAN_MODE_PRIVATE ? "private"
- : mode == MACVLAN_MODE_VEPA ? "vepa"
- : mode == MACVLAN_MODE_BRIDGE ? "bridge"
- : mode == MACVLAN_MODE_PASSTHRU ? "passthru"
- : "unknown");
+ print_string(PRINT_ANY,
+ "mode",
+ "mode %s ",
+ mode == MACVLAN_MODE_PRIVATE ? "private"
+ : mode == MACVLAN_MODE_VEPA ? "vepa"
+ : mode == MACVLAN_MODE_BRIDGE ? "bridge"
+ : mode == MACVLAN_MODE_PASSTHRU ? "passthru"
+ : mode == MACVLAN_MODE_SOURCE ? "source"
+ : "unknown");
if (!tb[IFLA_MACVLAN_FLAGS] ||
RTA_PAYLOAD(tb[IFLA_MACVLAN_FLAGS]) < sizeof(__u16))
+ flags = 0;
+ else
+ flags = rta_getattr_u16(tb[IFLA_MACVLAN_FLAGS]);
+
+ if (flags & MACVLAN_FLAG_NOPROMISC)
+ print_bool(PRINT_ANY, "nopromisc", "nopromisc ", true);
+
+ /* in source mode, there are more options to print */
+
+ if (mode != MACVLAN_MODE_SOURCE)
return;
- flags = rta_getattr_u16(tb[IFLA_MACVLAN_FLAGS]);
- if (flags & MACVLAN_FLAG_NOPROMISC)
- fprintf(f, "nopromisc ");
+ if (!tb[IFLA_MACVLAN_MACADDR_COUNT] ||
+ RTA_PAYLOAD(tb[IFLA_MACVLAN_MACADDR_COUNT]) < sizeof(__u32))
+ return;
+
+ count = rta_getattr_u32(tb[IFLA_MACVLAN_MACADDR_COUNT]);
+ print_int(PRINT_ANY, "macaddr_count", "remotes (%d) ", count);
+
+ if (!tb[IFLA_MACVLAN_MACADDR_DATA])
+ return;
+
+ rta = RTA_DATA(tb[IFLA_MACVLAN_MACADDR_DATA]);
+ len = RTA_PAYLOAD(tb[IFLA_MACVLAN_MACADDR_DATA]);
+
+ open_json_array(PRINT_JSON, "macaddr_data");
+ for (; RTA_OK(rta, len); rta = RTA_NEXT(rta, len)) {
+ if (rta->rta_type != IFLA_MACVLAN_MACADDR ||
+ RTA_PAYLOAD(rta) < 6)
+ continue;
+ addr = RTA_DATA(rta);
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1),
+ "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x", addr[0],
+ addr[1], addr[2], addr[3], addr[4], addr[5]);
+ print_string(PRINT_JSON, NULL, NULL, b1);
+ } else {
+ fprintf(f, "%.2x:%.2x:%.2x:%.2x:%.2x:%.2x ", addr[0],
+ addr[1], addr[2], addr[3], addr[4], addr[5]);
+ }
+ }
+ close_json_array(PRINT_JSON, NULL);
}
static void macvlan_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_explain(lu, f);
}
diff --git a/ip/iplink_nlmon.c b/ip/iplink_nlmon.c
new file mode 100644
index 0000000..51d5919
--- /dev/null
+++ b/ip/iplink_nlmon.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void nlmon_print_help(struct link_util *lu,
+ int argc, char **argv, FILE *f)
+{
+ fprintf(f, "Usage: ... nlmon\n");
+}
+
+struct link_util nlmon_link_util = {
+ .id = "nlmon",
+ .print_help = nlmon_print_help,
+};
diff --git a/ip/iplink_team.c b/ip/iplink_team.c
new file mode 100644
index 0000000..6225268
--- /dev/null
+++ b/ip/iplink_team.c
@@ -0,0 +1,25 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void team_print_help(struct link_util *lu,
+ int argc, char **argv, FILE *f)
+{
+ fprintf(f, "Usage: ... team\n");
+}
+
+static void team_slave_print_help(struct link_util *lu,
+ int argc, char **argv, FILE *f)
+{
+ fprintf(f, "Usage: ... team_slave\n");
+}
+
+struct link_util team_link_util = {
+ .id = "team",
+ .print_help = team_print_help,
+}, team_slave_link_util = {
+ .id = "team_slave",
+ .print_help = team_slave_print_help,
+};
diff --git a/ip/iplink_vcan.c b/ip/iplink_vcan.c
new file mode 100644
index 0000000..b7ae15f
--- /dev/null
+++ b/ip/iplink_vcan.c
@@ -0,0 +1,16 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void vcan_print_help(struct link_util *lu,
+ int argc, char **argv, FILE *f)
+{
+ fprintf(f, "Usage: ... vcan\n");
+}
+
+struct link_util vcan_link_util = {
+ .id = "vcan",
+ .print_help = vcan_print_help,
+};
diff --git a/ip/iplink_vlan.c b/ip/iplink_vlan.c
index 5bd766f..4d78cf9 100644
--- a/ip/iplink_vlan.c
+++ b/ip/iplink_vlan.c
@@ -21,15 +21,17 @@
static void print_explain(FILE *f)
{
fprintf(f,
- "Usage: ... vlan [ protocol VLANPROTO ] id VLANID"
- " [ FLAG-LIST ]\n"
- " [ ingress-qos-map QOS-MAP ] [ egress-qos-map QOS-MAP ]\n"
+ "Usage: ... vlan id VLANID\n"
+ " [ protocol VLANPROTO ]\n"
+ " [ reorder_hdr { on | off } ]\n"
+ " [ gvrp { on | off } ]\n"
+ " [ mvrp { on | off } ]\n"
+ " [ loose_binding { on | off } ]\n"
+ " [ ingress-qos-map QOS-MAP ]\n"
+ " [ egress-qos-map QOS-MAP ]\n"
"\n"
- "VLANPROTO: [ 802.1Q / 802.1ad ]\n"
"VLANID := 0-4095\n"
- "FLAG-LIST := [ FLAG-LIST ] FLAG\n"
- "FLAG := [ reorder_hdr { on | off } ] [ gvrp { on | off } ] [ mvrp { on | off } ]\n"
- " [ loose_binding { on | off } ]\n"
+ "VLANPROTO: [ 802.1Q / 802.1ad ]\n"
"QOS-MAP := [ QOS-MAP ] QOS-MAPPING\n"
"QOS-MAPPING := FROM:TO\n"
);
@@ -162,42 +164,57 @@
return 0;
}
-static void vlan_print_map(FILE *f, char *name, struct rtattr *attr)
+static void vlan_print_map(FILE *f,
+ const char *name_json,
+ const char *name_fp,
+ struct rtattr *attr)
{
struct ifla_vlan_qos_mapping *m;
struct rtattr *i;
int rem;
- fprintf(f, "\n %s { ", name);
+ open_json_array(PRINT_JSON, name_json);
+ print_string(PRINT_FP, NULL, "\n %s { ", name_fp);
rem = RTA_PAYLOAD(attr);
for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
m = RTA_DATA(i);
- fprintf(f, "%u:%u ", m->from, m->to);
+
+ if (is_json_context()) {
+ open_json_object(NULL);
+ print_uint(PRINT_JSON, "from", NULL, m->from);
+ print_uint(PRINT_JSON, "to", NULL, m->to);
+ close_json_object();
+ } else {
+ fprintf(f, "%u:%u ", m->from, m->to);
+ }
}
- fprintf(f, "} ");
+
+ close_json_array(PRINT_JSON, NULL);
+ print_string(PRINT_FP, NULL, "%s ", "}");
}
static void vlan_print_flags(FILE *fp, __u32 flags)
{
- fprintf(fp, "<");
-#define _PF(f) if (flags & VLAN_FLAG_##f) { \
- flags &= ~ VLAN_FLAG_##f; \
- fprintf(fp, #f "%s", flags ? "," : ""); \
- }
+ open_json_array(PRINT_ANY, is_json_context() ? "flags" : "<");
+#define _PF(f) if (flags & VLAN_FLAG_##f) { \
+ flags &= ~VLAN_FLAG_##f; \
+ print_string(PRINT_ANY, NULL, flags ? "%s," : "%s", #f); \
+ }
_PF(REORDER_HDR);
_PF(GVRP);
_PF(MVRP);
_PF(LOOSE_BINDING);
#undef _PF
if (flags)
- fprintf(fp, "%x", flags);
- fprintf(fp, "> ");
+ print_hex(PRINT_ANY, NULL, "%x", flags);
+ close_json_array(PRINT_ANY, "> ");
}
static void vlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
struct ifla_vlan_flags *flags;
+
SPRINT_BUF(b1);
if (!tb)
@@ -211,13 +228,19 @@
return;
if (tb[IFLA_VLAN_PROTOCOL])
- fprintf(f, "protocol %s ",
- ll_proto_n2a(rta_getattr_u16(tb[IFLA_VLAN_PROTOCOL]),
+ print_string(PRINT_ANY,
+ "protocol",
+ "protocol %s ",
+ ll_proto_n2a(
+ rta_getattr_u16(tb[IFLA_VLAN_PROTOCOL]),
b1, sizeof(b1)));
else
- fprintf(f, "protocol 802.1q ");
+ print_string(PRINT_ANY, "protocol", "protocol %s ", "802.1q");
- fprintf(f, "id %u ", rta_getattr_u16(tb[IFLA_VLAN_ID]));
+ print_uint(PRINT_ANY,
+ "id",
+ "id %u ",
+ rta_getattr_u16(tb[IFLA_VLAN_ID]));
if (tb[IFLA_VLAN_FLAGS]) {
if (RTA_PAYLOAD(tb[IFLA_VLAN_FLAGS]) < sizeof(*flags))
@@ -226,13 +249,19 @@
vlan_print_flags(f, flags->flags);
}
if (tb[IFLA_VLAN_INGRESS_QOS])
- vlan_print_map(f, "ingress-qos-map", tb[IFLA_VLAN_INGRESS_QOS]);
+ vlan_print_map(f,
+ "ingress_qos",
+ "ingress-qos-map",
+ tb[IFLA_VLAN_INGRESS_QOS]);
if (tb[IFLA_VLAN_EGRESS_QOS])
- vlan_print_map(f, "egress-qos-map", tb[IFLA_VLAN_EGRESS_QOS]);
+ vlan_print_map(f,
+ "egress_qos",
+ "egress-qos-map",
+ tb[IFLA_VLAN_EGRESS_QOS]);
}
static void vlan_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_explain(f);
}
diff --git a/ip/iplink_vrf.c b/ip/iplink_vrf.c
index 9b4b772..7a1bb5e 100644
--- a/ip/iplink_vrf.c
+++ b/ip/iplink_vrf.c
@@ -13,6 +13,7 @@
#include <string.h>
#include <sys/socket.h>
#include <linux/if_link.h>
+#include <errno.h>
#include "rt_names.h"
#include "utils.h"
@@ -20,7 +21,7 @@
static void vrf_explain(FILE *f)
{
- fprintf(f, "Usage: ... vrf table TABLEID \n");
+ fprintf(f, "Usage: ... vrf table TABLEID\n");
}
static void explain(void)
@@ -61,11 +62,28 @@
return;
if (tb[IFLA_VRF_TABLE])
- fprintf(f, "table %u ", rta_getattr_u32(tb[IFLA_VRF_TABLE]));
+ print_uint(PRINT_ANY,
+ "table",
+ "table %u ",
+ rta_getattr_u32(tb[IFLA_VRF_TABLE]));
+}
+
+static void vrf_slave_print_opt(struct link_util *lu, FILE *f,
+ struct rtattr *tb[])
+{
+ if (!tb)
+ return;
+
+ if (tb[IFLA_VRF_PORT_TABLE]) {
+ print_uint(PRINT_ANY,
+ "table",
+ "table %u ",
+ rta_getattr_u32(tb[IFLA_VRF_PORT_TABLE]));
+ }
}
static void vrf_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
vrf_explain(f);
}
@@ -77,3 +95,134 @@
.print_opt = vrf_print_opt,
.print_help = vrf_print_help,
};
+
+struct link_util vrf_slave_link_util = {
+ .id = "vrf_slave",
+ .maxattr = IFLA_VRF_PORT_MAX,
+ .print_opt = vrf_slave_print_opt,
+};
+
+/* returns table id if name is a VRF device */
+__u32 ipvrf_get_table(const char *name)
+{
+ struct {
+ struct nlmsghdr n;
+ struct ifinfomsg i;
+ char buf[1024];
+ } req = {
+ .n = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .nlmsg_flags = NLM_F_REQUEST,
+ .nlmsg_type = RTM_GETLINK,
+ },
+ .i = {
+ .ifi_family = preferred_family,
+ },
+ };
+ struct {
+ struct nlmsghdr n;
+ char buf[8192];
+ } answer;
+ struct rtattr *tb[IFLA_MAX+1];
+ struct rtattr *li[IFLA_INFO_MAX+1];
+ struct rtattr *vrf_attr[IFLA_VRF_MAX + 1];
+ struct ifinfomsg *ifi;
+ __u32 tb_id = 0;
+ int len;
+
+ addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, strlen(name) + 1);
+
+ if (rtnl_talk_suppress_rtnl_errmsg(&rth, &req.n,
+ &answer.n, sizeof(answer)) < 0) {
+ /* special case "default" vrf to be the main table */
+ if (errno == ENODEV && !strcmp(name, "default"))
+ if (rtnl_rttable_a2n(&tb_id, "main"))
+ fprintf(stderr,
+ "BUG: RTTable \"main\" not found.\n");
+
+ return tb_id;
+ }
+
+ ifi = NLMSG_DATA(&answer.n);
+ len = answer.n.nlmsg_len - NLMSG_LENGTH(sizeof(*ifi));
+ if (len < 0) {
+ fprintf(stderr, "BUG: Invalid response to link query.\n");
+ return 0;
+ }
+
+ parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
+
+ if (!tb[IFLA_LINKINFO])
+ return 0;
+
+ parse_rtattr_nested(li, IFLA_INFO_MAX, tb[IFLA_LINKINFO]);
+
+ if (!li[IFLA_INFO_KIND] || !li[IFLA_INFO_DATA])
+ return 0;
+
+ if (strcmp(RTA_DATA(li[IFLA_INFO_KIND]), "vrf"))
+ return 0;
+
+ parse_rtattr_nested(vrf_attr, IFLA_VRF_MAX, li[IFLA_INFO_DATA]);
+ if (vrf_attr[IFLA_VRF_TABLE])
+ tb_id = rta_getattr_u32(vrf_attr[IFLA_VRF_TABLE]);
+
+ if (!tb_id)
+ fprintf(stderr, "BUG: VRF %s is missing table id\n", name);
+
+ return tb_id;
+}
+
+int name_is_vrf(const char *name)
+{
+ struct {
+ struct nlmsghdr n;
+ struct ifinfomsg i;
+ char buf[1024];
+ } req = {
+ .n = {
+ .nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .nlmsg_flags = NLM_F_REQUEST,
+ .nlmsg_type = RTM_GETLINK,
+ },
+ .i = {
+ .ifi_family = preferred_family,
+ },
+ };
+ struct {
+ struct nlmsghdr n;
+ char buf[8192];
+ } answer;
+ struct rtattr *tb[IFLA_MAX+1];
+ struct rtattr *li[IFLA_INFO_MAX+1];
+ struct ifinfomsg *ifi;
+ int len;
+
+ addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, strlen(name) + 1);
+
+ if (rtnl_talk_suppress_rtnl_errmsg(&rth, &req.n,
+ &answer.n, sizeof(answer)) < 0)
+ return 0;
+
+ ifi = NLMSG_DATA(&answer.n);
+ len = answer.n.nlmsg_len - NLMSG_LENGTH(sizeof(*ifi));
+ if (len < 0) {
+ fprintf(stderr, "BUG: Invalid response to link query.\n");
+ return 0;
+ }
+
+ parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
+
+ if (!tb[IFLA_LINKINFO])
+ return 0;
+
+ parse_rtattr_nested(li, IFLA_INFO_MAX, tb[IFLA_LINKINFO]);
+
+ if (!li[IFLA_INFO_KIND])
+ return 0;
+
+ if (strcmp(RTA_DATA(li[IFLA_INFO_KIND]), "vrf"))
+ return 0;
+
+ return ifi->ifi_index;
+}
diff --git a/ip/iplink_vxcan.c b/ip/iplink_vxcan.c
new file mode 100644
index 0000000..680f640
--- /dev/null
+++ b/ip/iplink_vxcan.c
@@ -0,0 +1,99 @@
+/*
+ * iplink_vxcan.c vxcan device support (Virtual CAN Tunnel)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Author: Oliver Hartkopp <socketcan@hartkopp.net>
+ * Based on: link_veth.c from Pavel Emelianov <xemul@openvz.org>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <net/if.h>
+#include <linux/can/vxcan.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void print_usage(FILE *f)
+{
+ printf("Usage: ip link <options> type vxcan [peer <options>]\n"
+ "To get <options> type 'ip link add help'\n");
+}
+
+static void usage(void)
+{
+ print_usage(stderr);
+}
+
+static int vxcan_parse_opt(struct link_util *lu, int argc, char **argv,
+ struct nlmsghdr *hdr)
+{
+ char *dev = NULL;
+ char *name = NULL;
+ char *link = NULL;
+ char *type = NULL;
+ int index = 0;
+ int err, len;
+ struct rtattr *data;
+ int group;
+ struct ifinfomsg *ifm, *peer_ifm;
+ unsigned int ifi_flags, ifi_change;
+
+ if (strcmp(argv[0], "peer") != 0) {
+ usage();
+ return -1;
+ }
+
+ ifm = NLMSG_DATA(hdr);
+ ifi_flags = ifm->ifi_flags;
+ ifi_change = ifm->ifi_change;
+ ifm->ifi_flags = 0;
+ ifm->ifi_change = 0;
+
+ data = NLMSG_TAIL(hdr);
+ addattr_l(hdr, 1024, VXCAN_INFO_PEER, NULL, 0);
+
+ hdr->nlmsg_len += sizeof(struct ifinfomsg);
+
+ err = iplink_parse(argc - 1, argv + 1, (struct iplink_req *)hdr,
+ &name, &type, &link, &dev, &group, &index);
+ if (err < 0)
+ return err;
+
+ if (name) {
+ len = strlen(name) + 1;
+ if (len > IFNAMSIZ)
+ invarg("\"name\" too long\n", *argv);
+ addattr_l(hdr, 1024, IFLA_IFNAME, name, len);
+ }
+
+ peer_ifm = RTA_DATA(data);
+ peer_ifm->ifi_index = index;
+ peer_ifm->ifi_flags = ifm->ifi_flags;
+ peer_ifm->ifi_change = ifm->ifi_change;
+ ifm->ifi_flags = ifi_flags;
+ ifm->ifi_change = ifi_change;
+
+ if (group != -1)
+ addattr32(hdr, 1024, IFLA_GROUP, group);
+
+ data->rta_len = (void *)NLMSG_TAIL(hdr) - (void *)data;
+ return argc - 1 - err;
+}
+
+static void vxcan_print_help(struct link_util *lu, int argc, char **argv,
+ FILE *f)
+{
+ print_usage(f);
+}
+
+struct link_util vxcan_link_util = {
+ .id = "vxcan",
+ .parse_opt = vxcan_parse_opt,
+ .print_help = vxcan_print_help,
+};
diff --git a/ip/iplink_vxlan.c b/ip/iplink_vxlan.c
index ede8482..a0530dd 100644
--- a/ip/iplink_vxlan.c
+++ b/ip/iplink_vxlan.c
@@ -21,22 +21,39 @@
#include "utils.h"
#include "ip_common.h"
+#define VXLAN_ATTRSET(attrs, type) (((attrs) & (1L << (type))) != 0)
+
static void print_explain(FILE *f)
{
- fprintf(f, "Usage: ... vxlan id VNI [ { group | remote } IP_ADDRESS ] [ local ADDR ]\n");
- fprintf(f, " [ ttl TTL ] [ tos TOS ] [ dev PHYS_DEV ]\n");
- fprintf(f, " [ dstport PORT ] [ srcport MIN MAX ]\n");
- fprintf(f, " [ [no]learning ] [ [no]proxy ] [ [no]rsc ]\n");
- fprintf(f, " [ [no]l2miss ] [ [no]l3miss ]\n");
- fprintf(f, " [ ageing SECONDS ] [ maxaddress NUMBER ]\n");
- fprintf(f, " [ [no]udpcsum ] [ [no]udp6zerocsumtx ] [ [no]udp6zerocsumrx ]\n");
- fprintf(f, " [ [no]remcsumtx ] [ [no]remcsumrx ]\n");
- fprintf(f, " [ [no]external ] [ gbp ]\n");
- fprintf(f, "\n");
- fprintf(f, "Where: VNI := 0-16777215\n");
- fprintf(f, " ADDR := { IP_ADDRESS | any }\n");
- fprintf(f, " TOS := { NUMBER | inherit }\n");
- fprintf(f, " TTL := { 1..255 | inherit }\n");
+ fprintf(f,
+ "Usage: ... vxlan id VNI\n"
+ " [ { group | remote } IP_ADDRESS ]\n"
+ " [ local ADDR ]\n"
+ " [ ttl TTL ]\n"
+ " [ tos TOS ]\n"
+ " [ flowlabel LABEL ]\n"
+ " [ dev PHYS_DEV ]\n"
+ " [ dstport PORT ]\n"
+ " [ srcport MIN MAX ]\n"
+ " [ [no]learning ]\n"
+ " [ [no]proxy ]\n"
+ " [ [no]rsc ]\n"
+ " [ [no]l2miss ]\n"
+ " [ [no]l3miss ]\n"
+ " [ ageing SECONDS ]\n"
+ " [ maxaddress NUMBER ]\n"
+ " [ [no]udpcsum ]\n"
+ " [ [no]udp6zerocsumtx ]\n"
+ " [ [no]udp6zerocsumrx ]\n"
+ " [ [no]remcsumtx ] [ [no]remcsumrx ]\n"
+ " [ [no]external ] [ gbp ] [ gpe ]\n"
+ "\n"
+ "Where: VNI := 0-16777215\n"
+ " ADDR := { IP_ADDRESS | any }\n"
+ " TOS := { NUMBER | inherit }\n"
+ " TTL := { 1..255 | inherit }\n"
+ " LABEL := 0-1048575\n"
+ );
}
static void explain(void)
@@ -44,49 +61,50 @@
print_explain(stderr);
}
+static void check_duparg(__u64 *attrs, int type, const char *key,
+ const char *argv)
+{
+ if (!VXLAN_ATTRSET(*attrs, type)) {
+ *attrs |= (1L << type);
+ return;
+ }
+ duparg2(key, argv);
+}
+
static int vxlan_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
__u32 vni = 0;
- int vni_set = 0;
- __u32 saddr = 0;
__u32 gaddr = 0;
__u32 daddr = 0;
- struct in6_addr saddr6 = IN6ADDR_ANY_INIT;
struct in6_addr gaddr6 = IN6ADDR_ANY_INIT;
struct in6_addr daddr6 = IN6ADDR_ANY_INIT;
- unsigned link = 0;
- __u8 tos = 0;
- __u8 ttl = 0;
__u8 learning = 1;
- __u8 proxy = 0;
- __u8 rsc = 0;
- __u8 l2miss = 0;
- __u8 l3miss = 0;
- __u8 noage = 0;
- __u32 age = 0;
- __u32 maxaddr = 0;
__u16 dstport = 0;
- __u8 udpcsum = 0;
- __u8 udp6zerocsumtx = 0;
- __u8 udp6zerocsumrx = 0;
- __u8 remcsumtx = 0;
- __u8 remcsumrx = 0;
__u8 metadata = 0;
- __u8 gbp = 0;
- int dst_port_set = 0;
- struct ifla_vxlan_port_range range = { 0, 0 };
+ __u64 attrs = 0;
+ bool set_op = (n->nlmsg_type == RTM_NEWLINK &&
+ !(n->nlmsg_flags & NLM_F_CREATE));
while (argc > 0) {
if (!matches(*argv, "id") ||
!matches(*argv, "vni")) {
+ /* We will add ID attribute outside of the loop since we
+ * need to consider metadata information as well.
+ */
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_ID, "id", *argv);
if (get_u32(&vni, *argv, 0) ||
vni >= 1u << 24)
invarg("invalid id", *argv);
- vni_set = 1;
} else if (!matches(*argv, "group")) {
+ if (daddr || !IN6_IS_ADDR_UNSPECIFIED(&daddr6)) {
+ fprintf(stderr, "vxlan: both group and remote");
+ fprintf(stderr, " cannot be specified\n");
+ return -1;
+ }
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_GROUP, "group", *argv);
if (!inet_get_addr(*argv, &gaddr, &gaddr6)) {
fprintf(stderr, "Invalid address \"%s\"\n", *argv);
return -1;
@@ -94,7 +112,13 @@
if (!IN6_IS_ADDR_MULTICAST(&gaddr6) && !IN_MULTICAST(ntohl(gaddr)))
invarg("invalid group address", *argv);
} else if (!matches(*argv, "remote")) {
+ if (gaddr || !IN6_IS_ADDR_UNSPECIFIED(&gaddr6)) {
+ fprintf(stderr, "vxlan: both group and remote");
+ fprintf(stderr, " cannot be specified\n");
+ return -1;
+ }
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_GROUP, "remote", *argv);
if (!inet_get_addr(*argv, &daddr, &daddr6)) {
fprintf(stderr, "Invalid address \"%s\"\n", *argv);
return -1;
@@ -102,7 +126,11 @@
if (IN6_IS_ADDR_MULTICAST(&daddr6) || IN_MULTICAST(ntohl(daddr)))
invarg("invalid remote address", *argv);
} else if (!matches(*argv, "local")) {
+ __u32 saddr = 0;
+ struct in6_addr saddr6 = IN6ADDR_ANY_INIT;
+
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_LOCAL, "local", *argv);
if (strcmp(*argv, "any")) {
if (!inet_get_addr(*argv, &saddr, &saddr6)) {
fprintf(stderr, "Invalid address \"%s\"\n", *argv);
@@ -112,19 +140,31 @@
if (IN_MULTICAST(ntohl(saddr)) || IN6_IS_ADDR_MULTICAST(&saddr6))
invarg("invalid local address", *argv);
+
+ if (saddr)
+ addattr_l(n, 1024, IFLA_VXLAN_LOCAL, &saddr, 4);
+ else if (!IN6_IS_ADDR_UNSPECIFIED(&saddr6))
+ addattr_l(n, 1024, IFLA_VXLAN_LOCAL6, &saddr6,
+ sizeof(struct in6_addr));
} else if (!matches(*argv, "dev")) {
+ unsigned int link;
+
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_LINK, "dev", *argv);
link = if_nametoindex(*argv);
if (link == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n",
*argv);
exit(-1);
}
+ addattr32(n, 1024, IFLA_VXLAN_LINK, link);
} else if (!matches(*argv, "ttl") ||
!matches(*argv, "hoplimit")) {
- unsigned uval;
+ unsigned int uval;
+ __u8 ttl = 0;
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_TTL, "ttl", *argv);
if (strcmp(*argv, "inherit") != 0) {
if (get_unsigned(&uval, *argv, 0))
invarg("invalid TTL", *argv);
@@ -132,91 +172,163 @@
invarg("TTL must be <= 255", *argv);
ttl = uval;
}
+ addattr8(n, 1024, IFLA_VXLAN_TTL, ttl);
} else if (!matches(*argv, "tos") ||
!matches(*argv, "dsfield")) {
__u32 uval;
+ __u8 tos;
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_TOS, "tos", *argv);
if (strcmp(*argv, "inherit") != 0) {
if (rtnl_dsfield_a2n(&uval, *argv))
invarg("bad TOS value", *argv);
tos = uval;
} else
tos = 1;
- } else if (!matches(*argv, "ageing")) {
+ addattr8(n, 1024, IFLA_VXLAN_TOS, tos);
+ } else if (!matches(*argv, "label") ||
+ !matches(*argv, "flowlabel")) {
+ __u32 uval;
+
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_LABEL, "flowlabel",
+ *argv);
+ if (get_u32(&uval, *argv, 0) ||
+ (uval & ~LABEL_MAX_MASK))
+ invarg("invalid flowlabel", *argv);
+ addattr32(n, 1024, IFLA_VXLAN_LABEL, htonl(uval));
+ } else if (!matches(*argv, "ageing")) {
+ __u32 age;
+
+ NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_AGEING, "ageing",
+ *argv);
if (strcmp(*argv, "none") == 0)
- noage = 1;
+ age = 0;
else if (get_u32(&age, *argv, 0))
invarg("ageing timer", *argv);
+ addattr32(n, 1024, IFLA_VXLAN_AGEING, age);
} else if (!matches(*argv, "maxaddress")) {
+ __u32 maxaddr;
+
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_LIMIT,
+ "maxaddress", *argv);
if (strcmp(*argv, "unlimited") == 0)
maxaddr = 0;
else if (get_u32(&maxaddr, *argv, 0))
invarg("max addresses", *argv);
+ addattr32(n, 1024, IFLA_VXLAN_LIMIT, maxaddr);
} else if (!matches(*argv, "port") ||
!matches(*argv, "srcport")) {
- __u16 minport, maxport;
+ struct ifla_vxlan_port_range range = { 0, 0 };
+
NEXT_ARG();
- if (get_u16(&minport, *argv, 0))
+ check_duparg(&attrs, IFLA_VXLAN_PORT_RANGE, "srcport",
+ *argv);
+ if (get_be16(&range.low, *argv, 0))
invarg("min port", *argv);
NEXT_ARG();
- if (get_u16(&maxport, *argv, 0))
+ if (get_be16(&range.high, *argv, 0))
invarg("max port", *argv);
- range.low = htons(minport);
- range.high = htons(maxport);
- } else if (!matches(*argv, "dstport")){
+ if (range.low || range.high) {
+ addattr_l(n, 1024, IFLA_VXLAN_PORT_RANGE,
+ &range, sizeof(range));
+ }
+ } else if (!matches(*argv, "dstport")) {
NEXT_ARG();
+ check_duparg(&attrs, IFLA_VXLAN_PORT, "dstport", *argv);
if (get_u16(&dstport, *argv, 0))
invarg("dst port", *argv);
- dst_port_set = 1;
} else if (!matches(*argv, "nolearning")) {
+ check_duparg(&attrs, IFLA_VXLAN_LEARNING, *argv, *argv);
learning = 0;
} else if (!matches(*argv, "learning")) {
+ check_duparg(&attrs, IFLA_VXLAN_LEARNING, *argv, *argv);
learning = 1;
} else if (!matches(*argv, "noproxy")) {
- proxy = 0;
+ check_duparg(&attrs, IFLA_VXLAN_PROXY, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_PROXY, 0);
} else if (!matches(*argv, "proxy")) {
- proxy = 1;
+ check_duparg(&attrs, IFLA_VXLAN_PROXY, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_PROXY, 1);
} else if (!matches(*argv, "norsc")) {
- rsc = 0;
+ check_duparg(&attrs, IFLA_VXLAN_RSC, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_RSC, 0);
} else if (!matches(*argv, "rsc")) {
- rsc = 1;
+ check_duparg(&attrs, IFLA_VXLAN_RSC, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_RSC, 1);
} else if (!matches(*argv, "nol2miss")) {
- l2miss = 0;
+ check_duparg(&attrs, IFLA_VXLAN_L2MISS, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_L2MISS, 0);
} else if (!matches(*argv, "l2miss")) {
- l2miss = 1;
+ check_duparg(&attrs, IFLA_VXLAN_L2MISS, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_L2MISS, 1);
} else if (!matches(*argv, "nol3miss")) {
- l3miss = 0;
+ check_duparg(&attrs, IFLA_VXLAN_L3MISS, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_L3MISS, 0);
} else if (!matches(*argv, "l3miss")) {
- l3miss = 1;
+ check_duparg(&attrs, IFLA_VXLAN_L3MISS, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_L3MISS, 1);
} else if (!matches(*argv, "udpcsum")) {
- udpcsum = 1;
+ check_duparg(&attrs, IFLA_VXLAN_UDP_CSUM, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_UDP_CSUM, 1);
} else if (!matches(*argv, "noudpcsum")) {
- udpcsum = 0;
+ check_duparg(&attrs, IFLA_VXLAN_UDP_CSUM, *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_UDP_CSUM, 0);
} else if (!matches(*argv, "udp6zerocsumtx")) {
- udp6zerocsumtx = 1;
+ check_duparg(&attrs, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, 1);
} else if (!matches(*argv, "noudp6zerocsumtx")) {
- udp6zerocsumtx = 0;
+ check_duparg(&attrs, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, 0);
} else if (!matches(*argv, "udp6zerocsumrx")) {
- udp6zerocsumrx = 1;
+ check_duparg(&attrs, IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, 1);
} else if (!matches(*argv, "noudp6zerocsumrx")) {
- udp6zerocsumrx = 0;
+ check_duparg(&attrs, IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, 0);
} else if (!matches(*argv, "remcsumtx")) {
- remcsumtx = 1;
+ check_duparg(&attrs, IFLA_VXLAN_REMCSUM_TX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_REMCSUM_TX, 1);
} else if (!matches(*argv, "noremcsumtx")) {
- remcsumtx = 0;
+ check_duparg(&attrs, IFLA_VXLAN_REMCSUM_TX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_REMCSUM_TX, 0);
} else if (!matches(*argv, "remcsumrx")) {
- remcsumrx = 1;
+ check_duparg(&attrs, IFLA_VXLAN_REMCSUM_RX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_REMCSUM_RX, 1);
} else if (!matches(*argv, "noremcsumrx")) {
- remcsumrx = 0;
+ check_duparg(&attrs, IFLA_VXLAN_REMCSUM_RX,
+ *argv, *argv);
+ addattr8(n, 1024, IFLA_VXLAN_REMCSUM_RX, 0);
} else if (!matches(*argv, "external")) {
+ check_duparg(&attrs, IFLA_VXLAN_COLLECT_METADATA,
+ *argv, *argv);
metadata = 1;
+ learning = 0;
+ /* we will add LEARNING attribute outside of the loop */
+ addattr8(n, 1024, IFLA_VXLAN_COLLECT_METADATA,
+ metadata);
} else if (!matches(*argv, "noexternal")) {
+ check_duparg(&attrs, IFLA_VXLAN_COLLECT_METADATA,
+ *argv, *argv);
metadata = 0;
+ addattr8(n, 1024, IFLA_VXLAN_COLLECT_METADATA,
+ metadata);
} else if (!matches(*argv, "gbp")) {
- gbp = 1;
+ check_duparg(&attrs, IFLA_VXLAN_GBP, *argv, *argv);
+ addattr_l(n, 1024, IFLA_VXLAN_GBP, NULL, 0);
+ } else if (!matches(*argv, "gpe")) {
+ check_duparg(&attrs, IFLA_VXLAN_GPE, *argv, *argv);
+ addattr_l(n, 1024, IFLA_VXLAN_GPE, NULL, 0);
} else if (matches(*argv, "help") == 0) {
explain();
return -1;
@@ -228,24 +340,26 @@
argc--, argv++;
}
- if (metadata && vni_set) {
+ if (metadata && VXLAN_ATTRSET(attrs, IFLA_VXLAN_ID)) {
fprintf(stderr, "vxlan: both 'external' and vni cannot be specified\n");
return -1;
}
- if (!metadata && !vni_set) {
+ if (!metadata && !VXLAN_ATTRSET(attrs, IFLA_VXLAN_ID)) {
fprintf(stderr, "vxlan: missing virtual network identifier\n");
return -1;
}
- if ((gaddr && daddr) ||
- (memcmp(&gaddr6, &in6addr_any, sizeof(gaddr6)) &&
- memcmp(&daddr6, &in6addr_any, sizeof(daddr6)))) {
- fprintf(stderr, "vxlan: both group and remote cannot be specified\n");
+ if ((gaddr || !IN6_IS_ADDR_UNSPECIFIED(&gaddr6)) &&
+ !VXLAN_ATTRSET(attrs, IFLA_VXLAN_LINK)) {
+ fprintf(stderr, "vxlan: 'group' requires 'dev' to be specified\n");
return -1;
}
- if (!dst_port_set) {
+ if (!VXLAN_ATTRSET(attrs, IFLA_VXLAN_PORT) &&
+ VXLAN_ATTRSET(attrs, IFLA_VXLAN_GPE)) {
+ dstport = 4790;
+ } else if (!VXLAN_ATTRSET(attrs, IFLA_VXLAN_PORT) && !set_op) {
fprintf(stderr, "vxlan: destination port not specified\n"
"Will use Linux kernel default (non-standard value)\n");
fprintf(stderr,
@@ -258,58 +372,30 @@
addattr_l(n, 1024, IFLA_VXLAN_GROUP, &gaddr, 4);
else if (daddr)
addattr_l(n, 1024, IFLA_VXLAN_GROUP, &daddr, 4);
- if (memcmp(&gaddr6, &in6addr_any, sizeof(gaddr6)) != 0)
+ else if (!IN6_IS_ADDR_UNSPECIFIED(&gaddr6))
addattr_l(n, 1024, IFLA_VXLAN_GROUP6, &gaddr6, sizeof(struct in6_addr));
- else if (memcmp(&daddr6, &in6addr_any, sizeof(daddr6)) != 0)
+ else if (!IN6_IS_ADDR_UNSPECIFIED(&daddr6))
+ addattr_l(n, 1024, IFLA_VXLAN_GROUP6, &daddr6, sizeof(struct in6_addr));
+ else if (preferred_family == AF_INET)
+ addattr_l(n, 1024, IFLA_VXLAN_GROUP, &daddr, 4);
+ else if (preferred_family == AF_INET6)
addattr_l(n, 1024, IFLA_VXLAN_GROUP6, &daddr6, sizeof(struct in6_addr));
- if (saddr)
- addattr_l(n, 1024, IFLA_VXLAN_LOCAL, &saddr, 4);
- else if (memcmp(&saddr6, &in6addr_any, sizeof(saddr6)) != 0)
- addattr_l(n, 1024, IFLA_VXLAN_LOCAL6, &saddr6, sizeof(struct in6_addr));
+ if (!set_op || VXLAN_ATTRSET(attrs, IFLA_VXLAN_LEARNING))
+ addattr8(n, 1024, IFLA_VXLAN_LEARNING, learning);
- if (link)
- addattr32(n, 1024, IFLA_VXLAN_LINK, link);
- addattr8(n, 1024, IFLA_VXLAN_TTL, ttl);
- addattr8(n, 1024, IFLA_VXLAN_TOS, tos);
- addattr8(n, 1024, IFLA_VXLAN_LEARNING, learning);
- addattr8(n, 1024, IFLA_VXLAN_PROXY, proxy);
- addattr8(n, 1024, IFLA_VXLAN_RSC, rsc);
- addattr8(n, 1024, IFLA_VXLAN_L2MISS, l2miss);
- addattr8(n, 1024, IFLA_VXLAN_L3MISS, l3miss);
- addattr8(n, 1024, IFLA_VXLAN_UDP_CSUM, udpcsum);
- addattr8(n, 1024, IFLA_VXLAN_UDP_ZERO_CSUM6_TX, udp6zerocsumtx);
- addattr8(n, 1024, IFLA_VXLAN_UDP_ZERO_CSUM6_RX, udp6zerocsumrx);
- addattr8(n, 1024, IFLA_VXLAN_REMCSUM_TX, remcsumtx);
- addattr8(n, 1024, IFLA_VXLAN_REMCSUM_RX, remcsumrx);
- addattr8(n, 1024, IFLA_VXLAN_COLLECT_METADATA, metadata);
-
- if (noage)
- addattr32(n, 1024, IFLA_VXLAN_AGEING, 0);
- else if (age)
- addattr32(n, 1024, IFLA_VXLAN_AGEING, age);
- if (maxaddr)
- addattr32(n, 1024, IFLA_VXLAN_LIMIT, maxaddr);
- if (range.low || range.high)
- addattr_l(n, 1024, IFLA_VXLAN_PORT_RANGE,
- &range, sizeof(range));
if (dstport)
addattr16(n, 1024, IFLA_VXLAN_PORT, htons(dstport));
- if (gbp)
- addattr_l(n, 1024, IFLA_VXLAN_GBP, NULL, 0);
-
-
return 0;
}
static void vxlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
__u32 vni;
- unsigned link;
+ unsigned int link;
__u8 tos;
__u32 maxaddr;
- char s1[1024];
char s2[64];
if (!tb)
@@ -320,42 +406,64 @@
return;
vni = rta_getattr_u32(tb[IFLA_VXLAN_ID]);
- fprintf(f, "id %u ", vni);
+ print_uint(PRINT_ANY, "id", "id %u ", vni);
if (tb[IFLA_VXLAN_GROUP]) {
__be32 addr = rta_getattr_u32(tb[IFLA_VXLAN_GROUP]);
+
if (addr) {
if (IN_MULTICAST(ntohl(addr)))
- fprintf(f, "group %s ",
- format_host(AF_INET, 4, &addr, s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "group",
+ "group %s ",
+ format_host(AF_INET, 4, &addr));
else
- fprintf(f, "remote %s ",
- format_host(AF_INET, 4, &addr, s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "remote",
+ "remote %s ",
+ format_host(AF_INET, 4, &addr));
}
} else if (tb[IFLA_VXLAN_GROUP6]) {
struct in6_addr addr;
+
memcpy(&addr, RTA_DATA(tb[IFLA_VXLAN_GROUP6]), sizeof(struct in6_addr));
- if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0) {
+ if (!IN6_IS_ADDR_UNSPECIFIED(&addr)) {
if (IN6_IS_ADDR_MULTICAST(&addr))
- fprintf(f, "group %s ",
- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "group6",
+ "group %s ",
+ format_host(AF_INET6,
+ sizeof(struct in6_addr),
+ &addr));
else
- fprintf(f, "remote %s ",
- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "remote6",
+ "remote %s ",
+ format_host(AF_INET6,
+ sizeof(struct in6_addr),
+ &addr));
}
}
if (tb[IFLA_VXLAN_LOCAL]) {
__be32 addr = rta_getattr_u32(tb[IFLA_VXLAN_LOCAL]);
+
if (addr)
- fprintf(f, "local %s ",
- format_host(AF_INET, 4, &addr, s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "local",
+ "local %s ",
+ format_host(AF_INET, 4, &addr));
} else if (tb[IFLA_VXLAN_LOCAL6]) {
struct in6_addr addr;
+
memcpy(&addr, RTA_DATA(tb[IFLA_VXLAN_LOCAL6]), sizeof(struct in6_addr));
- if (memcmp(&addr, &in6addr_any, sizeof(addr)) != 0)
- fprintf(f, "local %s ",
- format_host(AF_INET6, sizeof(struct in6_addr), &addr, s1, sizeof(s1)));
+ if (!IN6_IS_ADDR_UNSPECIFIED(&addr))
+ print_string(PRINT_ANY,
+ "local6",
+ "local %s ",
+ format_host(AF_INET6,
+ sizeof(struct in6_addr),
+ &addr));
}
if (tb[IFLA_VXLAN_LINK] &&
@@ -363,92 +471,155 @@
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_uint(PRINT_ANY, "link_index", "dev %u ", link);
}
if (tb[IFLA_VXLAN_PORT_RANGE]) {
const struct ifla_vxlan_port_range *r
= RTA_DATA(tb[IFLA_VXLAN_PORT_RANGE]);
- fprintf(f, "srcport %u %u ", ntohs(r->low), ntohs(r->high));
+ if (is_json_context()) {
+ open_json_object("port_range");
+ print_uint(PRINT_JSON, "low", NULL, ntohs(r->low));
+ print_uint(PRINT_JSON, "high", NULL, ntohs(r->high));
+ close_json_object();
+ } else {
+ fprintf(f, "srcport %u %u ",
+ ntohs(r->low), ntohs(r->high));
+ }
}
if (tb[IFLA_VXLAN_PORT])
- fprintf(f, "dstport %u ",
- ntohs(rta_getattr_u16(tb[IFLA_VXLAN_PORT])));
+ print_uint(PRINT_ANY,
+ "port",
+ "dstport %u ",
+ rta_getattr_be16(tb[IFLA_VXLAN_PORT]));
- if (tb[IFLA_VXLAN_LEARNING] &&
- !rta_getattr_u8(tb[IFLA_VXLAN_LEARNING]))
- fputs("nolearning ", f);
+ if (tb[IFLA_VXLAN_LEARNING]) {
+ __u8 learning = rta_getattr_u8(tb[IFLA_VXLAN_LEARNING]);
+
+ print_bool(PRINT_JSON, "learning", NULL, learning);
+ if (!learning)
+ print_bool(PRINT_FP, NULL, "nolearning ", true);
+ }
if (tb[IFLA_VXLAN_PROXY] && rta_getattr_u8(tb[IFLA_VXLAN_PROXY]))
- fputs("proxy ", f);
+ print_bool(PRINT_ANY, "proxy", "proxy ", true);
if (tb[IFLA_VXLAN_RSC] && rta_getattr_u8(tb[IFLA_VXLAN_RSC]))
- fputs("rsc ", f);
+ print_bool(PRINT_ANY, "rsc", "rsc ", true);
if (tb[IFLA_VXLAN_L2MISS] && rta_getattr_u8(tb[IFLA_VXLAN_L2MISS]))
- fputs("l2miss ", f);
+ print_bool(PRINT_ANY, "l2miss", "l2miss ", true);
if (tb[IFLA_VXLAN_L3MISS] && rta_getattr_u8(tb[IFLA_VXLAN_L3MISS]))
- fputs("l3miss ", f);
+ print_bool(PRINT_ANY, "l3miss", "l3miss ", true);
if (tb[IFLA_VXLAN_TOS] &&
(tos = rta_getattr_u8(tb[IFLA_VXLAN_TOS]))) {
- if (tos == 1)
- fprintf(f, "tos inherit ");
- else
- fprintf(f, "tos %#x ", tos);
+ if (is_json_context()) {
+ print_0xhex(PRINT_JSON, "tos", "%#x", tos);
+ } else {
+ if (tos == 1)
+ fprintf(f, "tos %s ", "inherit");
+ else
+ fprintf(f, "tos %#x ", tos);
+ }
}
if (tb[IFLA_VXLAN_TTL]) {
__u8 ttl = rta_getattr_u8(tb[IFLA_VXLAN_TTL]);
+
if (ttl)
- fprintf(f, "ttl %d ", ttl);
+ print_int(PRINT_ANY, "ttl", "ttl %d ", ttl);
+ else
+ print_int(PRINT_JSON, "ttl", NULL, ttl);
+ }
+
+ if (tb[IFLA_VXLAN_LABEL]) {
+ __u32 label = rta_getattr_u32(tb[IFLA_VXLAN_LABEL]);
+
+ if (label)
+ print_0xhex(PRINT_ANY,
+ "label",
+ "flowlabel %#x ",
+ ntohl(label));
}
if (tb[IFLA_VXLAN_AGEING]) {
__u32 age = rta_getattr_u32(tb[IFLA_VXLAN_AGEING]);
+
if (age == 0)
- fprintf(f, "ageing none ");
+ print_uint(PRINT_ANY, "ageing", "ageing none ", 0);
else
- fprintf(f, "ageing %u ", age);
+ print_uint(PRINT_ANY, "ageing", "ageing %u ", age);
}
if (tb[IFLA_VXLAN_LIMIT] &&
((maxaddr = rta_getattr_u32(tb[IFLA_VXLAN_LIMIT])) != 0))
- fprintf(f, "maxaddr %u ", maxaddr);
+ print_uint(PRINT_ANY, "limit", "maxaddr %u ", maxaddr);
- if (tb[IFLA_VXLAN_UDP_CSUM] && rta_getattr_u8(tb[IFLA_VXLAN_UDP_CSUM]))
- fputs("udpcsum ", f);
+ if (tb[IFLA_VXLAN_UDP_CSUM]) {
+ __u8 udp_csum = rta_getattr_u8(tb[IFLA_VXLAN_UDP_CSUM]);
- if (tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX] &&
- rta_getattr_u8(tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]))
- fputs("udp6zerocsumtx ", f);
+ if (is_json_context()) {
+ print_bool(PRINT_ANY, "udp_csum", NULL, udp_csum);
+ } else {
+ if (!udp_csum)
+ fputs("no", f);
+ fputs("udpcsum ", f);
+ }
+ }
- if (tb[IFLA_VXLAN_UDP_ZERO_CSUM6_RX] &&
- rta_getattr_u8(tb[IFLA_VXLAN_UDP_ZERO_CSUM6_RX]))
- fputs("udp6zerocsumrx ", f);
+ if (tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]) {
+ __u8 csum6 = rta_getattr_u8(tb[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]);
+
+ if (is_json_context()) {
+ print_bool(PRINT_ANY,
+ "udp_zero_csum6_tx", NULL, csum6);
+ } else {
+ if (!csum6)
+ fputs("no", f);
+ fputs("udp6zerocsumtx ", f);
+ }
+ }
+
+ if (tb[IFLA_VXLAN_UDP_ZERO_CSUM6_RX]) {
+ __u8 csum6 = rta_getattr_u8(tb[IFLA_VXLAN_UDP_ZERO_CSUM6_RX]);
+
+ if (is_json_context()) {
+ print_bool(PRINT_ANY,
+ "udp_zero_csum6_rx",
+ NULL,
+ csum6);
+ } else {
+ if (!csum6)
+ fputs("no", f);
+ fputs("udp6zerocsumrx ", f);
+ }
+ }
if (tb[IFLA_VXLAN_REMCSUM_TX] &&
rta_getattr_u8(tb[IFLA_VXLAN_REMCSUM_TX]))
- fputs("remcsumtx ", f);
+ print_bool(PRINT_ANY, "remcsum_tx", "remcsumtx ", true);
if (tb[IFLA_VXLAN_REMCSUM_RX] &&
rta_getattr_u8(tb[IFLA_VXLAN_REMCSUM_RX]))
- fputs("remcsumrx ", f);
+ print_bool(PRINT_ANY, "remcsum_rx", "remcsumrx ", true);
if (tb[IFLA_VXLAN_COLLECT_METADATA] &&
rta_getattr_u8(tb[IFLA_VXLAN_COLLECT_METADATA]))
- fputs("external ", f);
+ print_bool(PRINT_ANY, "collect_metadata", "external ", true);
if (tb[IFLA_VXLAN_GBP])
- fputs("gbp ", f);
+ print_bool(PRINT_ANY, "gbp", "gbp ", true);
+ if (tb[IFLA_VXLAN_GPE])
+ print_bool(PRINT_ANY, "gpe", "gpe ", true);
}
static void vxlan_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_explain(f);
}
diff --git a/ip/iplink_xdp.c b/ip/iplink_xdp.c
new file mode 100644
index 0000000..2d2953a
--- /dev/null
+++ b/ip/iplink_xdp.c
@@ -0,0 +1,141 @@
+/*
+ * iplink_xdp.c XDP program loader
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Daniel Borkmann <daniel@iogearbox.net>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <linux/bpf.h>
+
+#include "json_print.h"
+#include "xdp.h"
+#include "bpf_util.h"
+
+extern int force;
+
+struct xdp_req {
+ struct iplink_req *req;
+ __u32 flags;
+};
+
+static void xdp_ebpf_cb(void *raw, int fd, const char *annotation)
+{
+ struct xdp_req *xdp = raw;
+ struct iplink_req *req = xdp->req;
+ struct rtattr *xdp_attr;
+
+ xdp_attr = addattr_nest(&req->n, sizeof(*req), IFLA_XDP);
+ addattr32(&req->n, sizeof(*req), IFLA_XDP_FD, fd);
+ if (xdp->flags)
+ addattr32(&req->n, sizeof(*req), IFLA_XDP_FLAGS, xdp->flags);
+ addattr_nest_end(&req->n, xdp_attr);
+}
+
+static const struct bpf_cfg_ops bpf_cb_ops = {
+ .ebpf_cb = xdp_ebpf_cb,
+};
+
+static int xdp_delete(struct xdp_req *xdp)
+{
+ xdp_ebpf_cb(xdp, -1, NULL);
+ return 0;
+}
+
+int xdp_parse(int *argc, char ***argv, struct iplink_req *req, bool generic,
+ bool drv, bool offload)
+{
+ struct bpf_cfg_in cfg = {
+ .argc = *argc,
+ .argv = *argv,
+ };
+ struct xdp_req xdp = {
+ .req = req,
+ };
+
+ if (!force)
+ xdp.flags |= XDP_FLAGS_UPDATE_IF_NOEXIST;
+ if (generic)
+ xdp.flags |= XDP_FLAGS_SKB_MODE;
+ if (drv)
+ xdp.flags |= XDP_FLAGS_DRV_MODE;
+ if (offload)
+ xdp.flags |= XDP_FLAGS_HW_MODE;
+
+ if (*argc == 1) {
+ if (strcmp(**argv, "none") == 0 ||
+ strcmp(**argv, "off") == 0)
+ return xdp_delete(&xdp);
+ }
+
+ if (bpf_parse_common(BPF_PROG_TYPE_XDP, &cfg, &bpf_cb_ops, &xdp))
+ return -1;
+
+ *argc = cfg.argc;
+ *argv = cfg.argv;
+ return 0;
+}
+
+static void xdp_dump_json(struct rtattr *tb[IFLA_XDP_MAX + 1])
+{
+ __u32 prog_id = 0;
+ __u8 mode;
+
+ mode = rta_getattr_u8(tb[IFLA_XDP_ATTACHED]);
+ if (tb[IFLA_XDP_PROG_ID])
+ prog_id = rta_getattr_u32(tb[IFLA_XDP_PROG_ID]);
+
+ open_json_object("xdp");
+ print_uint(PRINT_JSON, "mode", NULL, mode);
+ if (prog_id)
+ bpf_dump_prog_info(NULL, prog_id);
+ close_json_object();
+}
+
+void xdp_dump(FILE *fp, struct rtattr *xdp, bool link, bool details)
+{
+ struct rtattr *tb[IFLA_XDP_MAX + 1];
+ __u32 prog_id = 0;
+ __u8 mode;
+
+ parse_rtattr_nested(tb, IFLA_XDP_MAX, xdp);
+
+ if (!tb[IFLA_XDP_ATTACHED])
+ return;
+
+ mode = rta_getattr_u8(tb[IFLA_XDP_ATTACHED]);
+ if (mode == XDP_ATTACHED_NONE)
+ return;
+ else if (is_json_context())
+ return details ? (void)0 : xdp_dump_json(tb);
+ else if (details && link)
+ fprintf(fp, "%s prog/xdp", _SL_);
+ else if (mode == XDP_ATTACHED_DRV)
+ fprintf(fp, "xdp");
+ else if (mode == XDP_ATTACHED_SKB)
+ fprintf(fp, "xdpgeneric");
+ else if (mode == XDP_ATTACHED_HW)
+ fprintf(fp, "xdpoffload");
+ else
+ fprintf(fp, "xdp[%u]", mode);
+
+ if (tb[IFLA_XDP_PROG_ID])
+ prog_id = rta_getattr_u32(tb[IFLA_XDP_PROG_ID]);
+ if (!details) {
+ if (prog_id && !link)
+ fprintf(fp, "/id:%u", prog_id);
+ fprintf(fp, " ");
+ return;
+ }
+
+ if (prog_id) {
+ fprintf(fp, " ");
+ bpf_dump_prog_info(fp, prog_id);
+ }
+}
diff --git a/ip/iplink_xstats.c b/ip/iplink_xstats.c
new file mode 100644
index 0000000..10f953b
--- /dev/null
+++ b/ip/iplink_xstats.c
@@ -0,0 +1,81 @@
+/*
+ * iplink_stats.c Extended statistics commands
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <linux/if_link.h>
+#include <netinet/ether.h>
+
+#include "utils.h"
+#include "ip_common.h"
+
+static void print_explain(FILE *f)
+{
+ fprintf(f, "Usage: ... xstats type TYPE [ ARGS ]\n");
+}
+
+int iplink_ifla_xstats(int argc, char **argv)
+{
+ struct link_util *lu = NULL;
+ __u32 filt_mask;
+
+ if (!argc) {
+ fprintf(stderr, "xstats: missing argument\n");
+ return -1;
+ }
+
+ if (matches(*argv, "type") == 0) {
+ NEXT_ARG();
+ lu = get_link_kind(*argv);
+ if (!lu)
+ invarg("invalid type", *argv);
+ } else if (matches(*argv, "help") == 0) {
+ print_explain(stdout);
+ return 0;
+ } else {
+ invarg("unknown argument", *argv);
+ }
+
+ if (!lu) {
+ print_explain(stderr);
+ return -1;
+ }
+
+ if (!lu->print_ifla_xstats) {
+ fprintf(stderr, "xstats: link type %s doesn't support xstats\n",
+ lu->id);
+ return -1;
+ }
+
+ if (lu->parse_ifla_xstats &&
+ lu->parse_ifla_xstats(lu, argc-1, argv+1))
+ return -1;
+
+ if (strstr(lu->id, "_slave"))
+ filt_mask = IFLA_STATS_FILTER_BIT(IFLA_STATS_LINK_XSTATS_SLAVE);
+ else
+ filt_mask = IFLA_STATS_FILTER_BIT(IFLA_STATS_LINK_XSTATS);
+
+ if (rtnl_wilddump_stats_req_filter(&rth, AF_UNSPEC,
+ RTM_GETSTATS,
+ filt_mask) < 0) {
+ perror("Cannont send dump request");
+ return -1;
+ }
+
+ if (rtnl_dump_filter(&rth, lu->print_ifla_xstats, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
new file mode 100644
index 0000000..ecc371a
--- /dev/null
+++ b/ip/ipmacsec.c
@@ -0,0 +1,1316 @@
+/*
+ * ipmacsec.c "ip macsec".
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Sabrina Dubroca <sd@queasysnail.net>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <linux/genetlink.h>
+#include <linux/if_ether.h>
+#include <linux/if_macsec.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "ip_common.h"
+#include "ll_map.h"
+#include "libgenl.h"
+
+static const char *values_on_off[] = { "off", "on" };
+
+static const char *VALIDATE_STR[] = {
+ [MACSEC_VALIDATE_DISABLED] = "disabled",
+ [MACSEC_VALIDATE_CHECK] = "check",
+ [MACSEC_VALIDATE_STRICT] = "strict",
+};
+
+struct sci {
+ __u64 sci;
+ __u16 port;
+ char abuf[6];
+};
+
+struct sa_desc {
+ __u8 an;
+ __u32 pn;
+ __u8 key_id[MACSEC_KEYID_LEN];
+ __u32 key_len;
+ __u8 key[MACSEC_MAX_KEY_LEN];
+ __u8 active;
+};
+
+struct cipher_args {
+ __u64 id;
+ __u8 icv_len;
+};
+
+struct txsc_desc {
+ int ifindex;
+ __u64 sci;
+ __be16 port;
+ struct cipher_args cipher;
+ __u32 window;
+ enum macsec_validation_type validate;
+ __u8 encoding_sa;
+};
+
+struct rxsc_desc {
+ int ifindex;
+ __u64 sci;
+ __u8 active;
+};
+
+#define MACSEC_BUFLEN 1024
+
+
+/* netlink socket */
+static struct rtnl_handle genl_rth;
+static int genl_family = -1;
+
+#define MACSEC_GENL_REQ(_req, _bufsiz, _cmd, _flags) \
+ GENL_REQUEST(_req, _bufsiz, genl_family, 0, MACSEC_GENL_VERSION, \
+ _cmd, _flags)
+
+
+static void ipmacsec_usage(void)
+{
+ fprintf(stderr, "Usage: ip macsec add DEV tx sa { 0..3 } [ OPTS ] key ID KEY\n");
+ fprintf(stderr, " ip macsec set DEV tx sa { 0..3 } [ OPTS ]\n");
+ fprintf(stderr, " ip macsec del DEV tx sa { 0..3 }\n");
+ fprintf(stderr, " ip macsec add DEV rx SCI [ on | off ]\n");
+ fprintf(stderr, " ip macsec set DEV rx SCI [ on | off ]\n");
+ fprintf(stderr, " ip macsec del DEV rx SCI\n");
+ fprintf(stderr, " ip macsec add DEV rx SCI sa { 0..3 } [ OPTS ] key ID KEY\n");
+ fprintf(stderr, " ip macsec set DEV rx SCI sa { 0..3 } [ OPTS ]\n");
+ fprintf(stderr, " ip macsec del DEV rx SCI sa { 0..3 }\n");
+ fprintf(stderr, " ip macsec show\n");
+ fprintf(stderr, " ip macsec show DEV\n");
+ fprintf(stderr, "where OPTS := [ pn <u32> ] [ on | off ]\n");
+ fprintf(stderr, " ID := 128-bit hex string\n");
+ fprintf(stderr, " KEY := 128-bit hex string\n");
+ fprintf(stderr, " SCI := { sci <u64> | port { 1..2^16-1 } address <lladdr> }\n");
+
+ exit(-1);
+}
+
+static int one_of(const char *msg, const char *realval, const char **list,
+ size_t len, int *index)
+{
+ int i;
+
+ for (i = 0; i < len; i++) {
+ if (matches(realval, list[i]) == 0) {
+ *index = i;
+ return 0;
+ }
+ }
+
+ fprintf(stderr, "Error: argument of \"%s\" must be one of ", msg);
+ for (i = 0; i < len; i++)
+ fprintf(stderr, "\"%s\", ", list[i]);
+ fprintf(stderr, "not \"%s\"\n", realval);
+ return -1;
+}
+
+static int get_an(__u8 *val, const char *arg)
+{
+ int ret = get_u8(val, arg, 0);
+
+ if (ret)
+ return ret;
+
+ if (*val > 3)
+ return -1;
+
+ return 0;
+}
+
+static int get_sci(__u64 *sci, const char *arg)
+{
+ return get_be64(sci, arg, 16);
+}
+
+static int get_port(__be16 *port, const char *arg)
+{
+ return get_be16(port, arg, 0);
+}
+
+#define _STR(a) #a
+#define STR(a) _STR(a)
+
+static void get_icvlen(__u8 *icvlen, char *arg)
+{
+ int ret = get_u8(icvlen, arg, 10);
+
+ if (ret)
+ invarg("expected ICV length", arg);
+
+ if (*icvlen < MACSEC_MIN_ICV_LEN || *icvlen > MACSEC_STD_ICV_LEN)
+ invarg("ICV length must be in the range {"
+ STR(MACSEC_MIN_ICV_LEN) ".." STR(MACSEC_STD_ICV_LEN)
+ "}", arg);
+}
+
+static bool get_sa(int *argcp, char ***argvp, __u8 *an)
+{
+ int argc = *argcp;
+ char **argv = *argvp;
+ int ret;
+
+ if (argc <= 0 || strcmp(*argv, "sa") != 0)
+ return false;
+
+ NEXT_ARG();
+ ret = get_an(an, *argv);
+ if (ret)
+ invarg("expected an { 0..3 }", *argv);
+ argc--; argv++;
+
+ *argvp = argv;
+ *argcp = argc;
+ return true;
+}
+
+static int parse_sa_args(int *argcp, char ***argvp, struct sa_desc *sa)
+{
+ int argc = *argcp;
+ char **argv = *argvp;
+ int ret;
+ bool active_set = false;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "pn") == 0) {
+ if (sa->pn != 0)
+ duparg2("pn", "pn");
+ NEXT_ARG();
+ ret = get_u32(&sa->pn, *argv, 0);
+ if (ret)
+ invarg("expected pn", *argv);
+ if (sa->pn == 0)
+ invarg("expected pn != 0", *argv);
+ } else if (strcmp(*argv, "key") == 0) {
+ unsigned int len;
+
+ NEXT_ARG();
+ if (!hexstring_a2n(*argv, sa->key_id, MACSEC_KEYID_LEN,
+ &len))
+ invarg("expected key id", *argv);
+ NEXT_ARG();
+ if (!hexstring_a2n(*argv, sa->key, MACSEC_MAX_KEY_LEN,
+ &sa->key_len))
+ invarg("expected key", *argv);
+ } else if (strcmp(*argv, "on") == 0) {
+ if (active_set)
+ duparg2("on/off", "on");
+ sa->active = true;
+ active_set = true;
+ } else if (strcmp(*argv, "off") == 0) {
+ if (active_set)
+ duparg2("on/off", "off");
+ sa->active = false;
+ active_set = true;
+ } else {
+ fprintf(stderr, "macsec: unknown command \"%s\"?\n",
+ *argv);
+ ipmacsec_usage();
+ }
+
+ argv++; argc--;
+ }
+
+ *argvp = argv;
+ *argcp = argc;
+ return 0;
+}
+
+static __u64 make_sci(char *addr, __be16 port)
+{
+ __u64 sci;
+
+ memcpy(&sci, addr, ETH_ALEN);
+ memcpy(((char *)&sci) + ETH_ALEN, &port, sizeof(port));
+
+ return sci;
+}
+
+static bool sci_complete(bool sci, bool port, bool addr, bool port_only)
+{
+ return sci || (port && (addr || port_only));
+}
+
+static int get_sci_portaddr(struct sci *sci, int *argcp, char ***argvp,
+ bool port_only, bool optional)
+{
+ int argc = *argcp;
+ char **argv = *argvp;
+ int ret;
+ bool p = false, a = false, s = false;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "sci") == 0) {
+ if (p)
+ invarg("expected address", *argv);
+ if (a)
+ invarg("expected port", *argv);
+ NEXT_ARG();
+ ret = get_sci(&sci->sci, *argv);
+ if (ret)
+ invarg("expected sci", *argv);
+ s = true;
+ } else if (strcmp(*argv, "port") == 0) {
+ NEXT_ARG();
+ ret = get_port(&sci->port, *argv);
+ if (ret)
+ invarg("expected port", *argv);
+ if (sci->port == 0)
+ invarg("expected port != 0", *argv);
+ p = true;
+ } else if (strcmp(*argv, "address") == 0) {
+ NEXT_ARG();
+ ret = ll_addr_a2n(sci->abuf, sizeof(sci->abuf), *argv);
+ if (ret < 0)
+ invarg("expected lladdr", *argv);
+ a = true;
+ } else if (optional) {
+ break;
+ } else {
+ invarg("expected sci, port, or address", *argv);
+ }
+
+ argv++; argc--;
+
+ if (sci_complete(s, p, a, port_only))
+ break;
+ }
+
+ if (!optional && !sci_complete(s, p, a, port_only))
+ return -1;
+
+ if (p && a)
+ sci->sci = make_sci(sci->abuf, sci->port);
+
+ *argvp = argv;
+ *argcp = argc;
+
+ return p || a || s;
+}
+
+static bool parse_rxsci(int *argcp, char ***argvp, struct rxsc_desc *rxsc,
+ struct sa_desc *rxsa)
+{
+ struct sci sci = { 0 };
+
+ if (*argcp == 0 ||
+ get_sci_portaddr(&sci, argcp, argvp, false, false) < 0) {
+ fprintf(stderr, "expected sci\n");
+ ipmacsec_usage();
+ }
+
+ rxsc->sci = sci.sci;
+
+ return get_sa(argcp, argvp, &rxsa->an);
+}
+
+static int parse_rxsci_args(int *argcp, char ***argvp, struct rxsc_desc *rxsc)
+{
+ int argc = *argcp;
+ char **argv = *argvp;
+ bool active_set = false;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "on") == 0) {
+ if (active_set)
+ duparg2("on/off", "on");
+ rxsc->active = true;
+ active_set = true;
+ } else if (strcmp(*argv, "off") == 0) {
+ if (active_set)
+ duparg2("on/off", "off");
+ rxsc->active = false;
+ active_set = true;
+ } else {
+ fprintf(stderr, "macsec: unknown command \"%s\"?\n",
+ *argv);
+ ipmacsec_usage();
+ }
+
+ argv++; argc--;
+ }
+
+ *argvp = argv;
+ *argcp = argc;
+ return 0;
+}
+
+enum cmd {
+ CMD_ADD,
+ CMD_DEL,
+ CMD_UPD,
+ __CMD_MAX
+};
+
+static const enum macsec_nl_commands macsec_commands[__CMD_MAX][2][2] = {
+ [CMD_ADD] = {
+ [0] = {-1, MACSEC_CMD_ADD_RXSC},
+ [1] = {MACSEC_CMD_ADD_TXSA, MACSEC_CMD_ADD_RXSA},
+ },
+ [CMD_UPD] = {
+ [0] = {-1, MACSEC_CMD_UPD_RXSC},
+ [1] = {MACSEC_CMD_UPD_TXSA, MACSEC_CMD_UPD_RXSA},
+ },
+ [CMD_DEL] = {
+ [0] = {-1, MACSEC_CMD_DEL_RXSC},
+ [1] = {MACSEC_CMD_DEL_TXSA, MACSEC_CMD_DEL_RXSA},
+ },
+};
+
+static int do_modify_nl(enum cmd c, enum macsec_nl_commands cmd, int ifindex,
+ struct rxsc_desc *rxsc, struct sa_desc *sa)
+{
+ struct rtattr *attr_sa;
+
+ MACSEC_GENL_REQ(req, MACSEC_BUFLEN, cmd, NLM_F_REQUEST);
+
+ addattr32(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_IFINDEX, ifindex);
+ if (rxsc) {
+ struct rtattr *attr_rxsc;
+
+ attr_rxsc = addattr_nest(&req.n, MACSEC_BUFLEN,
+ MACSEC_ATTR_RXSC_CONFIG);
+ addattr64(&req.n, MACSEC_BUFLEN,
+ MACSEC_RXSC_ATTR_SCI, rxsc->sci);
+ if (c != CMD_DEL && rxsc->active != 0xff)
+ addattr8(&req.n, MACSEC_BUFLEN,
+ MACSEC_RXSC_ATTR_ACTIVE, rxsc->active);
+
+ addattr_nest_end(&req.n, attr_rxsc);
+ }
+
+ if (sa->an == 0xff)
+ goto talk;
+
+ attr_sa = addattr_nest(&req.n, MACSEC_BUFLEN, MACSEC_ATTR_SA_CONFIG);
+
+ addattr8(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_AN, sa->an);
+
+ if (c != CMD_DEL) {
+ if (sa->pn)
+ addattr32(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_PN,
+ sa->pn);
+
+ if (sa->key_len) {
+ addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_KEYID,
+ sa->key_id, MACSEC_KEYID_LEN);
+ addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_KEY,
+ sa->key, sa->key_len);
+ }
+
+ if (sa->active != 0xff) {
+ addattr8(&req.n, MACSEC_BUFLEN,
+ MACSEC_SA_ATTR_ACTIVE, sa->active);
+ }
+ }
+
+ addattr_nest_end(&req.n, attr_sa);
+
+talk:
+ if (rtnl_talk(&genl_rth, &req.n, NULL, 0) < 0)
+ return -2;
+
+ return 0;
+}
+
+static bool check_sa_args(enum cmd c, struct sa_desc *sa)
+{
+ if (c == CMD_ADD) {
+ if (!sa->key_len) {
+ fprintf(stderr, "cannot create SA without key\n");
+ return -1;
+ }
+
+ if (sa->pn == 0) {
+ fprintf(stderr, "must specify a packet number != 0\n");
+ return -1;
+ }
+ } else if (c == CMD_UPD) {
+ if (sa->key_len) {
+ fprintf(stderr, "cannot change key on SA\n");
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static int do_modify_txsa(enum cmd c, int argc, char **argv, int ifindex)
+{
+ struct sa_desc txsa = {0};
+ enum macsec_nl_commands cmd;
+
+ txsa.an = 0xff;
+ txsa.active = 0xff;
+
+ if (argc == 0 || !get_sa(&argc, &argv, &txsa.an))
+ ipmacsec_usage();
+
+ if (c == CMD_DEL)
+ goto modify;
+
+ if (parse_sa_args(&argc, &argv, &txsa))
+ return -1;
+
+ if (check_sa_args(c, &txsa))
+ return -1;
+
+modify:
+ cmd = macsec_commands[c][1][0];
+ return do_modify_nl(c, cmd, ifindex, NULL, &txsa);
+}
+
+static int do_modify_rxsci(enum cmd c, int argc, char **argv, int ifindex)
+{
+ struct rxsc_desc rxsc = {0};
+ struct sa_desc rxsa = {0};
+ bool sa_set;
+ enum macsec_nl_commands cmd;
+
+ rxsc.ifindex = ifindex;
+ rxsc.active = 0xff;
+ rxsa.an = 0xff;
+ rxsa.active = 0xff;
+
+ sa_set = parse_rxsci(&argc, &argv, &rxsc, &rxsa);
+
+ if (c == CMD_DEL)
+ goto modify;
+
+ if (sa_set && (parse_sa_args(&argc, &argv, &rxsa) ||
+ check_sa_args(c, &rxsa)))
+ return -1;
+ if (!sa_set && parse_rxsci_args(&argc, &argv, &rxsc))
+ return -1;
+
+modify:
+ cmd = macsec_commands[c][sa_set][1];
+ return do_modify_nl(c, cmd, rxsc.ifindex, &rxsc, &rxsa);
+}
+
+static int do_modify(enum cmd c, int argc, char **argv)
+{
+ int ifindex;
+
+ if (argc == 0)
+ ipmacsec_usage();
+
+ ifindex = ll_name_to_index(*argv);
+ if (!ifindex) {
+ fprintf(stderr, "Device \"%s\" does not exist.\n", *argv);
+ return -1;
+ }
+ argc--; argv++;
+
+ if (argc == 0)
+ ipmacsec_usage();
+
+ if (strcmp(*argv, "tx") == 0)
+ return do_modify_txsa(c, argc-1, argv+1, ifindex);
+ if (strcmp(*argv, "rx") == 0)
+ return do_modify_rxsci(c, argc-1, argv+1, ifindex);
+
+ ipmacsec_usage();
+ return -1;
+}
+
+/* dump/show */
+static struct {
+ int ifindex;
+ __u64 sci;
+} filter;
+
+static int validate_dump(struct rtattr **attrs)
+{
+ return attrs[MACSEC_ATTR_IFINDEX] && attrs[MACSEC_ATTR_SECY] &&
+ attrs[MACSEC_ATTR_TXSA_LIST] && attrs[MACSEC_ATTR_RXSC_LIST] &&
+ attrs[MACSEC_ATTR_TXSC_STATS] && attrs[MACSEC_ATTR_SECY_STATS];
+
+}
+
+static int validate_secy_dump(struct rtattr **attrs)
+{
+ return attrs[MACSEC_SECY_ATTR_SCI] &&
+ attrs[MACSEC_SECY_ATTR_ENCODING_SA] &&
+ attrs[MACSEC_SECY_ATTR_CIPHER_SUITE] &&
+ attrs[MACSEC_SECY_ATTR_ICV_LEN] &&
+ attrs[MACSEC_SECY_ATTR_PROTECT] &&
+ attrs[MACSEC_SECY_ATTR_REPLAY] &&
+ attrs[MACSEC_SECY_ATTR_OPER] &&
+ attrs[MACSEC_SECY_ATTR_VALIDATE] &&
+ attrs[MACSEC_SECY_ATTR_ENCRYPT] &&
+ attrs[MACSEC_SECY_ATTR_INC_SCI] &&
+ attrs[MACSEC_SECY_ATTR_ES] &&
+ attrs[MACSEC_SECY_ATTR_SCB];
+}
+
+static void print_flag(FILE *f, struct rtattr *attrs[], const char *desc,
+ int field)
+{
+ if (attrs[field]) {
+ const char *v = values_on_off[!!rta_getattr_u8(attrs[field])];
+
+ if (is_json_context())
+ print_string(PRINT_JSON, desc, NULL, v);
+ else
+ fprintf(f, "%s %s ", desc, v);
+ }
+}
+
+#define DEFAULT_CIPHER_NAME "GCM-AES-128"
+
+static const char *cs_id_to_name(__u64 cid)
+{
+ switch (cid) {
+ case MACSEC_DEFAULT_CIPHER_ID:
+ case MACSEC_DEFAULT_CIPHER_ALT:
+ return DEFAULT_CIPHER_NAME;
+ default:
+ return "(unknown)";
+ }
+}
+
+static void print_cipher_suite(const char *prefix, __u64 cid, __u8 icv_len)
+{
+ printf("%scipher suite: %s, using ICV length %d\n", prefix,
+ cs_id_to_name(cid), icv_len);
+}
+
+static void print_attrs(const char *prefix, struct rtattr *attrs[])
+{
+ print_flag(stdout, attrs, "protect", MACSEC_SECY_ATTR_PROTECT);
+
+ if (attrs[MACSEC_SECY_ATTR_VALIDATE]) {
+ __u8 val = rta_getattr_u8(attrs[MACSEC_SECY_ATTR_VALIDATE]);
+
+ printf("validate %s ", VALIDATE_STR[val]);
+ }
+
+ print_flag(stdout, attrs, "sc", MACSEC_RXSC_ATTR_ACTIVE);
+ print_flag(stdout, attrs, "sa", MACSEC_SA_ATTR_ACTIVE);
+ print_flag(stdout, attrs, "encrypt", MACSEC_SECY_ATTR_ENCRYPT);
+ print_flag(stdout, attrs, "send_sci", MACSEC_SECY_ATTR_INC_SCI);
+ print_flag(stdout, attrs, "end_station", MACSEC_SECY_ATTR_ES);
+ print_flag(stdout, attrs, "scb", MACSEC_SECY_ATTR_SCB);
+
+ print_flag(stdout, attrs, "replay", MACSEC_SECY_ATTR_REPLAY);
+ if (attrs[MACSEC_SECY_ATTR_WINDOW]) {
+ printf("window %d ",
+ rta_getattr_u32(attrs[MACSEC_SECY_ATTR_WINDOW]));
+ }
+
+ if (attrs[MACSEC_SECY_ATTR_CIPHER_SUITE] &&
+ attrs[MACSEC_SECY_ATTR_ICV_LEN]) {
+ printf("\n");
+ print_cipher_suite(prefix,
+ rta_getattr_u64(attrs[MACSEC_SECY_ATTR_CIPHER_SUITE]),
+ rta_getattr_u8(attrs[MACSEC_SECY_ATTR_ICV_LEN]));
+ }
+
+}
+
+static void print_one_stat(const char **names, struct rtattr **attr, int idx,
+ bool long_stat)
+{
+ int pad = strlen(names[idx]) + 1;
+
+ if (attr[idx]) {
+ if (long_stat)
+ printf("%*llu", pad, rta_getattr_u64(attr[idx]));
+ else
+ printf("%*u", pad, rta_getattr_u32(attr[idx]));
+ } else {
+ printf("%*c", pad, '-');
+ }
+}
+
+static const char *txsc_stats_names[NUM_MACSEC_TXSC_STATS_ATTR] = {
+ [MACSEC_TXSC_STATS_ATTR_OUT_PKTS_PROTECTED] = "OutPktsProtected",
+ [MACSEC_TXSC_STATS_ATTR_OUT_PKTS_ENCRYPTED] = "OutPktsEncrypted",
+ [MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_PROTECTED] = "OutOctetsProtected",
+ [MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_ENCRYPTED] = "OutOctetsEncrypted",
+};
+
+static void print_txsc_stats(const char *prefix, struct rtattr *attr)
+{
+ struct rtattr *stats[MACSEC_TXSC_STATS_ATTR_MAX + 1];
+ int i;
+
+ if (!attr || show_stats == 0)
+ return;
+
+ parse_rtattr_nested(stats, MACSEC_TXSC_STATS_ATTR_MAX + 1, attr);
+ printf("%sstats:", prefix);
+
+ for (i = 1; i < NUM_MACSEC_TXSC_STATS_ATTR; i++) {
+ if (!txsc_stats_names[i])
+ continue;
+ printf(" %s", txsc_stats_names[i]);
+ }
+
+ printf("\n%s ", prefix);
+
+ for (i = 1; i < NUM_MACSEC_TXSC_STATS_ATTR; i++) {
+ if (!txsc_stats_names[i])
+ continue;
+ print_one_stat(txsc_stats_names, stats, i, true);
+ }
+
+ printf("\n");
+}
+
+static const char *secy_stats_names[NUM_MACSEC_SECY_STATS_ATTR] = {
+ [MACSEC_SECY_STATS_ATTR_OUT_PKTS_UNTAGGED] = "OutPktsUntagged",
+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_UNTAGGED] = "InPktsUntagged",
+ [MACSEC_SECY_STATS_ATTR_OUT_PKTS_TOO_LONG] = "OutPktsTooLong",
+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_TAG] = "InPktsNoTag",
+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_BAD_TAG] = "InPktsBadTag",
+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_UNKNOWN_SCI] = "InPktsUnknownSCI",
+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_SCI] = "InPktsNoSCI",
+ [MACSEC_SECY_STATS_ATTR_IN_PKTS_OVERRUN] = "InPktsOverrun",
+};
+
+static void print_secy_stats(const char *prefix, struct rtattr *attr)
+{
+ struct rtattr *stats[MACSEC_SECY_STATS_ATTR_MAX + 1];
+ int i;
+
+ if (!attr || show_stats == 0)
+ return;
+
+ parse_rtattr_nested(stats, MACSEC_SECY_STATS_ATTR_MAX + 1, attr);
+ printf("%sstats:", prefix);
+
+ for (i = 1; i < NUM_MACSEC_SECY_STATS_ATTR; i++) {
+ if (!secy_stats_names[i])
+ continue;
+ printf(" %s", secy_stats_names[i]);
+ }
+
+ printf("\n%s ", prefix);
+
+ for (i = 1; i < NUM_MACSEC_SECY_STATS_ATTR; i++) {
+ if (!secy_stats_names[i])
+ continue;
+ print_one_stat(secy_stats_names, stats, i, true);
+ }
+
+ printf("\n");
+}
+
+static const char *rxsa_stats_names[NUM_MACSEC_SA_STATS_ATTR] = {
+ [MACSEC_SA_STATS_ATTR_IN_PKTS_OK] = "InPktsOK",
+ [MACSEC_SA_STATS_ATTR_IN_PKTS_INVALID] = "InPktsInvalid",
+ [MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_VALID] = "InPktsNotValid",
+ [MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_USING_SA] = "InPktsNotUsingSA",
+ [MACSEC_SA_STATS_ATTR_IN_PKTS_UNUSED_SA] = "InPktsUnusedSA",
+};
+
+static void print_rxsa_stats(const char *prefix, struct rtattr *attr)
+{
+ struct rtattr *stats[MACSEC_SA_STATS_ATTR_MAX + 1];
+ int i;
+
+ if (!attr || show_stats == 0)
+ return;
+
+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr);
+ printf("%s%s ", prefix, prefix);
+
+ for (i = 1; i < NUM_MACSEC_SA_STATS_ATTR; i++) {
+ if (!rxsa_stats_names[i])
+ continue;
+ printf(" %s", rxsa_stats_names[i]);
+ }
+
+ printf("\n%s%s ", prefix, prefix);
+
+ for (i = 1; i < NUM_MACSEC_SA_STATS_ATTR; i++) {
+ if (!rxsa_stats_names[i])
+ continue;
+ print_one_stat(rxsa_stats_names, stats, i, false);
+ }
+
+ printf("\n");
+}
+
+static const char *txsa_stats_names[NUM_MACSEC_SA_STATS_ATTR] = {
+ [MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED] = "OutPktsProtected",
+ [MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED] = "OutPktsEncrypted",
+};
+
+static void print_txsa_stats(const char *prefix, struct rtattr *attr)
+{
+ struct rtattr *stats[MACSEC_SA_STATS_ATTR_MAX + 1];
+
+ if (!attr || show_stats == 0)
+ return;
+
+ parse_rtattr_nested(stats, MACSEC_SA_STATS_ATTR_MAX + 1, attr);
+ printf("%s%s %s %s\n", prefix, prefix,
+ txsa_stats_names[MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED],
+ txsa_stats_names[MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED]);
+ printf("%s%s ", prefix, prefix);
+
+ print_one_stat(txsa_stats_names, stats,
+ MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED, false);
+ print_one_stat(txsa_stats_names, stats,
+ MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED, false);
+ printf("\n");
+}
+
+static void print_tx_sc(const char *prefix, __u64 sci, __u8 encoding_sa,
+ struct rtattr *txsc_stats, struct rtattr *secy_stats,
+ struct rtattr *sa)
+{
+ struct rtattr *sa_attr[MACSEC_SA_ATTR_MAX + 1];
+ struct rtattr *a;
+ int rem;
+
+ printf("%sTXSC: %016llx on SA %d\n", prefix, ntohll(sci), encoding_sa);
+ print_secy_stats(prefix, secy_stats);
+ print_txsc_stats(prefix, txsc_stats);
+
+ rem = RTA_PAYLOAD(sa);
+ for (a = RTA_DATA(sa); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) {
+ SPRINT_BUF(keyid);
+ bool state;
+
+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a);
+ state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]);
+ printf("%s%s%d: PN %u, state %s, key %s\n", prefix, prefix,
+ rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_AN]),
+ rta_getattr_u32(sa_attr[MACSEC_SA_ATTR_PN]),
+ values_on_off[state],
+ hexstring_n2a(RTA_DATA(sa_attr[MACSEC_SA_ATTR_KEYID]),
+ RTA_PAYLOAD(sa_attr[MACSEC_SA_ATTR_KEYID]),
+ keyid, sizeof(keyid)));
+ print_txsa_stats(prefix, sa_attr[MACSEC_SA_ATTR_STATS]);
+ }
+}
+
+static const char *rxsc_stats_names[NUM_MACSEC_RXSC_STATS_ATTR] = {
+ [MACSEC_RXSC_STATS_ATTR_IN_OCTETS_VALIDATED] = "InOctetsValidated",
+ [MACSEC_RXSC_STATS_ATTR_IN_OCTETS_DECRYPTED] = "InOctetsDecrypted",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNCHECKED] = "InPktsUnchecked",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_DELAYED] = "InPktsDelayed",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_OK] = "InPktsOK",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_INVALID] = "InPktsInvalid",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_LATE] = "InPktsLate",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_VALID] = "InPktsNotValid",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_USING_SA] = "InPktsNotUsingSA",
+ [MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNUSED_SA] = "InPktsUnusedSA",
+};
+
+static void print_rxsc_stats(const char *prefix, struct rtattr *attr)
+{
+ struct rtattr *stats[MACSEC_RXSC_STATS_ATTR_MAX + 1];
+ int i;
+
+ if (!attr || show_stats == 0)
+ return;
+
+ parse_rtattr_nested(stats, MACSEC_RXSC_STATS_ATTR_MAX + 1, attr);
+ printf("%sstats:", prefix);
+ for (i = 1; i < NUM_MACSEC_RXSC_STATS_ATTR; i++) {
+ if (!rxsc_stats_names[i])
+ continue;
+ printf(" %s", rxsc_stats_names[i]);
+ }
+
+ printf("\n%s ", prefix);
+
+ for (i = 1; i < NUM_MACSEC_RXSC_STATS_ATTR; i++) {
+ if (!rxsc_stats_names[i])
+ continue;
+ print_one_stat(rxsc_stats_names, stats, i, true);
+ }
+
+ printf("\n");
+}
+
+static void print_rx_sc(const char *prefix, __u64 sci, __u8 active,
+ struct rtattr *rxsc_stats, struct rtattr *sa)
+{
+ struct rtattr *sa_attr[MACSEC_SA_ATTR_MAX + 1];
+ struct rtattr *a;
+ int rem;
+
+ printf("%sRXSC: %016llx, state %s\n", prefix, ntohll(sci),
+ values_on_off[!!active]);
+ print_rxsc_stats(prefix, rxsc_stats);
+
+ rem = RTA_PAYLOAD(sa);
+ for (a = RTA_DATA(sa); RTA_OK(a, rem); a = RTA_NEXT(a, rem)) {
+ SPRINT_BUF(keyid);
+ bool state;
+
+ parse_rtattr_nested(sa_attr, MACSEC_SA_ATTR_MAX + 1, a);
+ state = rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_ACTIVE]);
+ printf("%s%s%d: PN %u, state %s, key %s\n", prefix, prefix,
+ rta_getattr_u8(sa_attr[MACSEC_SA_ATTR_AN]),
+ rta_getattr_u32(sa_attr[MACSEC_SA_ATTR_PN]),
+ values_on_off[state],
+ hexstring_n2a(RTA_DATA(sa_attr[MACSEC_SA_ATTR_KEYID]),
+ RTA_PAYLOAD(sa_attr[MACSEC_SA_ATTR_KEYID]),
+ keyid, sizeof(keyid)));
+ print_rxsa_stats(prefix, sa_attr[MACSEC_SA_ATTR_STATS]);
+ }
+}
+
+static int process(const struct sockaddr_nl *who, struct nlmsghdr *n,
+ void *arg)
+{
+ struct genlmsghdr *ghdr;
+ struct rtattr *attrs[MACSEC_ATTR_MAX + 1], *sc, *c;
+ struct rtattr *attrs_secy[MACSEC_SECY_ATTR_MAX + 1];
+ int len = n->nlmsg_len;
+ int ifindex;
+ __u64 sci;
+ __u8 encoding_sa;
+ int rem;
+
+ if (n->nlmsg_type != genl_family)
+ return -1;
+
+ len -= NLMSG_LENGTH(GENL_HDRLEN);
+ if (len < 0)
+ return -1;
+
+ ghdr = NLMSG_DATA(n);
+ if (ghdr->cmd != MACSEC_CMD_GET_TXSC)
+ return 0;
+
+ parse_rtattr(attrs, MACSEC_ATTR_MAX, (void *) ghdr + GENL_HDRLEN, len);
+ if (!validate_dump(attrs)) {
+ printf("incomplete dump message\n");
+ return -1;
+ }
+
+ ifindex = rta_getattr_u32(attrs[MACSEC_ATTR_IFINDEX]);
+ parse_rtattr_nested(attrs_secy, MACSEC_SECY_ATTR_MAX + 1,
+ attrs[MACSEC_ATTR_SECY]);
+
+ if (!validate_secy_dump(attrs_secy)) {
+ printf("incomplete dump message\n");
+ return -1;
+ }
+
+ sci = rta_getattr_u64(attrs_secy[MACSEC_SECY_ATTR_SCI]);
+ encoding_sa = rta_getattr_u8(attrs_secy[MACSEC_SECY_ATTR_ENCODING_SA]);
+
+ if (filter.ifindex && ifindex != filter.ifindex)
+ return 0;
+
+ if (filter.sci && sci != filter.sci)
+ return 0;
+
+ printf("%d: %s: ", ifindex, ll_index_to_name(ifindex));
+ print_attrs(" ", attrs_secy);
+
+ print_tx_sc(" ", sci, encoding_sa,
+ attrs[MACSEC_ATTR_TXSC_STATS],
+ attrs[MACSEC_ATTR_SECY_STATS],
+ attrs[MACSEC_ATTR_TXSA_LIST]);
+
+ if (!attrs[MACSEC_ATTR_RXSC_LIST])
+ return 0;
+
+ sc = attrs[MACSEC_ATTR_RXSC_LIST];
+ rem = RTA_PAYLOAD(sc);
+ for (c = RTA_DATA(sc); RTA_OK(c, rem); c = RTA_NEXT(c, rem)) {
+ struct rtattr *sc_attr[MACSEC_RXSC_ATTR_MAX + 1];
+
+ parse_rtattr_nested(sc_attr, MACSEC_RXSC_ATTR_MAX + 1, c);
+ print_rx_sc(" ",
+ rta_getattr_u64(sc_attr[MACSEC_RXSC_ATTR_SCI]),
+ rta_getattr_u32(sc_attr[MACSEC_RXSC_ATTR_ACTIVE]),
+ sc_attr[MACSEC_RXSC_ATTR_STATS],
+ sc_attr[MACSEC_RXSC_ATTR_SA_LIST]);
+ }
+
+ return 0;
+}
+
+static int do_dump(int ifindex)
+{
+ MACSEC_GENL_REQ(req, MACSEC_BUFLEN, MACSEC_CMD_GET_TXSC,
+ NLM_F_REQUEST | NLM_F_DUMP);
+
+ memset(&filter, 0, sizeof(filter));
+ filter.ifindex = ifindex;
+
+ req.n.nlmsg_seq = genl_rth.dump = ++genl_rth.seq;
+ if (rtnl_send(&genl_rth, &req, req.n.nlmsg_len) < 0) {
+ perror("Failed to send dump request");
+ exit(1);
+ }
+
+ if (rtnl_dump_filter(&genl_rth, process, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ exit(1);
+ }
+
+ return 0;
+}
+
+static int do_show(int argc, char **argv)
+{
+ int ifindex;
+
+ if (argc == 0)
+ return do_dump(0);
+
+ ifindex = ll_name_to_index(*argv);
+ if (ifindex == 0) {
+ fprintf(stderr, "Device \"%s\" does not exist.\n", *argv);
+ return -1;
+ }
+
+ argc--, argv++;
+ if (argc == 0)
+ return do_dump(ifindex);
+
+ ipmacsec_usage();
+ return -1;
+}
+
+int do_ipmacsec(int argc, char **argv)
+{
+ if (argc < 1)
+ ipmacsec_usage();
+
+ if (matches(*argv, "help") == 0)
+ ipmacsec_usage();
+
+ if (genl_init_handle(&genl_rth, MACSEC_GENL_NAME, &genl_family))
+ exit(1);
+
+ if (matches(*argv, "show") == 0)
+ return do_show(argc-1, argv+1);
+
+ if (matches(*argv, "add") == 0)
+ return do_modify(CMD_ADD, argc-1, argv+1);
+ if (matches(*argv, "set") == 0)
+ return do_modify(CMD_UPD, argc-1, argv+1);
+ if (matches(*argv, "delete") == 0)
+ return do_modify(CMD_DEL, argc-1, argv+1);
+
+ fprintf(stderr, "Command \"%s\" is unknown, try \"ip macsec help\".\n",
+ *argv);
+ exit(-1);
+}
+
+/* device creation */
+static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
+{
+ if (!tb)
+ return;
+
+ if (tb[IFLA_MACSEC_SCI]) {
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "%016llx",
+ ntohll(rta_getattr_u64(tb[IFLA_MACSEC_SCI])));
+ print_string(PRINT_JSON, "sci", NULL, b1);
+ } else {
+ fprintf(f, "sci %016llx ",
+ ntohll(rta_getattr_u64(tb[IFLA_MACSEC_SCI])));
+ }
+ }
+
+ print_flag(f, tb, "protect", IFLA_MACSEC_PROTECT);
+
+ if (tb[IFLA_MACSEC_CIPHER_SUITE]) {
+ __u64 csid = rta_getattr_u64(tb[IFLA_MACSEC_CIPHER_SUITE]);
+
+ print_string(PRINT_ANY,
+ "cipher_suite",
+ "cipher %s ",
+ cs_id_to_name(csid));
+ }
+
+ if (tb[IFLA_MACSEC_ICV_LEN]) {
+ if (is_json_context()) {
+ char b2[4];
+
+ snprintf(b2, sizeof(b2), "%hhu",
+ rta_getattr_u8(tb[IFLA_MACSEC_ICV_LEN]));
+ print_uint(PRINT_JSON, "icv_len", NULL, atoi(b2));
+ } else {
+ fprintf(f, "icvlen %hhu ",
+ rta_getattr_u8(tb[IFLA_MACSEC_ICV_LEN]));
+ }
+ }
+
+ if (tb[IFLA_MACSEC_ENCODING_SA]) {
+ if (is_json_context()) {
+ char b2[4];
+
+ snprintf(b2, sizeof(b2), "%hhu",
+ rta_getattr_u8(tb[IFLA_MACSEC_ENCODING_SA]));
+ print_uint(PRINT_JSON, "encoding_sa", NULL, atoi(b2));
+ } else {
+ fprintf(f, "encodingsa %hhu ",
+ rta_getattr_u8(tb[IFLA_MACSEC_ENCODING_SA]));
+ }
+ }
+
+ if (tb[IFLA_MACSEC_VALIDATION]) {
+ __u8 val = rta_getattr_u8(tb[IFLA_MACSEC_VALIDATION]);
+
+ print_string(PRINT_ANY,
+ "validation",
+ "validate %s ",
+ VALIDATE_STR[val]);
+ }
+
+ const char *inc_sci, *es, *replay;
+
+ if (is_json_context()) {
+ inc_sci = "inc_sci";
+ replay = "replay_protect";
+ es = "es";
+ } else {
+ inc_sci = "send_sci";
+ es = "end_station";
+ replay = "replay";
+ }
+
+ print_flag(f, tb, "encrypt", IFLA_MACSEC_ENCRYPT);
+ print_flag(f, tb, inc_sci, IFLA_MACSEC_INC_SCI);
+ print_flag(f, tb, es, IFLA_MACSEC_ES);
+ print_flag(f, tb, "scb", IFLA_MACSEC_SCB);
+ print_flag(f, tb, replay, IFLA_MACSEC_REPLAY_PROTECT);
+
+ if (tb[IFLA_MACSEC_WINDOW])
+ print_int(PRINT_ANY,
+ "window",
+ "window %d ",
+ rta_getattr_u32(tb[IFLA_MACSEC_WINDOW]));
+}
+
+static bool check_txsc_flags(bool es, bool scb, bool sci)
+{
+ if (sci && (es || scb))
+ return false;
+ if (es && scb)
+ return false;
+ return true;
+}
+
+static void usage(FILE *f)
+{
+ fprintf(f,
+ "Usage: ... macsec [ [ address <lladdr> ] port { 1..2^16-1 } | sci <u64> ]\n"
+ " [ cipher { default | gcm-aes-128 } ]\n"
+ " [ icvlen { 8..16 } ]\n"
+ " [ encrypt { on | off } ]\n"
+ " [ send_sci { on | off } ]\n"
+ " [ end_station { on | off } ]\n"
+ " [ scb { on | off } ]\n"
+ " [ protect { on | off } ]\n"
+ " [ replay { on | off} window { 0..2^32-1 } ]\n"
+ " [ validate { strict | check | disabled } ]\n"
+ " [ encodingsa { 0..3 } ]\n"
+ );
+}
+
+static int macsec_parse_opt(struct link_util *lu, int argc, char **argv,
+ struct nlmsghdr *hdr)
+{
+ int ret;
+ __u8 encoding_sa = 0xff;
+ __u32 window = -1;
+ struct cipher_args cipher = {0};
+ enum macsec_validation_type validate;
+ bool es = false, scb = false, send_sci = false;
+ int replay_protect = -1;
+ struct sci sci = { 0 };
+
+ ret = get_sci_portaddr(&sci, &argc, &argv, true, true);
+ if (ret < 0) {
+ fprintf(stderr, "expected sci\n");
+ return -1;
+ }
+
+ if (ret > 0) {
+ if (sci.sci)
+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_SCI,
+ &sci.sci, sizeof(sci.sci));
+ else
+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_PORT,
+ &sci.port, sizeof(sci.port));
+ }
+
+ while (argc > 0) {
+ if (strcmp(*argv, "cipher") == 0) {
+ NEXT_ARG();
+ if (cipher.id)
+ duparg("cipher", *argv);
+ if (strcmp(*argv, "default") == 0 ||
+ strcmp(*argv, "gcm-aes-128") == 0 ||
+ strcmp(*argv, "GCM-AES-128") == 0)
+ cipher.id = MACSEC_DEFAULT_CIPHER_ID;
+ else
+ invarg("expected: default or gcm-aes-128",
+ *argv);
+ } else if (strcmp(*argv, "icvlen") == 0) {
+ NEXT_ARG();
+ if (cipher.icv_len)
+ duparg("icvlen", *argv);
+ get_icvlen(&cipher.icv_len, *argv);
+ } else if (strcmp(*argv, "encrypt") == 0) {
+ NEXT_ARG();
+ int i;
+
+ ret = one_of("encrypt", *argv, values_on_off,
+ ARRAY_SIZE(values_on_off), &i);
+ if (ret != 0)
+ return ret;
+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ENCRYPT, i);
+ } else if (strcmp(*argv, "send_sci") == 0) {
+ NEXT_ARG();
+ int i;
+
+ ret = one_of("send_sci", *argv, values_on_off,
+ ARRAY_SIZE(values_on_off), &i);
+ if (ret != 0)
+ return ret;
+ send_sci = i;
+ addattr8(hdr, MACSEC_BUFLEN,
+ IFLA_MACSEC_INC_SCI, send_sci);
+ } else if (strcmp(*argv, "end_station") == 0) {
+ NEXT_ARG();
+ int i;
+
+ ret = one_of("end_station", *argv, values_on_off,
+ ARRAY_SIZE(values_on_off), &i);
+ if (ret != 0)
+ return ret;
+ es = i;
+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ES, es);
+ } else if (strcmp(*argv, "scb") == 0) {
+ NEXT_ARG();
+ int i;
+
+ ret = one_of("scb", *argv, values_on_off,
+ ARRAY_SIZE(values_on_off), &i);
+ if (ret != 0)
+ return ret;
+ scb = i;
+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_SCB, scb);
+ } else if (strcmp(*argv, "protect") == 0) {
+ NEXT_ARG();
+ int i;
+
+ ret = one_of("protect", *argv, values_on_off,
+ ARRAY_SIZE(values_on_off), &i);
+ if (ret != 0)
+ return ret;
+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_PROTECT, i);
+ } else if (strcmp(*argv, "replay") == 0) {
+ NEXT_ARG();
+ int i;
+
+ ret = one_of("replay", *argv, values_on_off,
+ ARRAY_SIZE(values_on_off), &i);
+ if (ret != 0)
+ return ret;
+ replay_protect = !!i;
+ } else if (strcmp(*argv, "window") == 0) {
+ NEXT_ARG();
+ ret = get_u32(&window, *argv, 0);
+ if (ret)
+ invarg("expected replay window size", *argv);
+ } else if (strcmp(*argv, "validate") == 0) {
+ NEXT_ARG();
+ ret = one_of("validate", *argv,
+ VALIDATE_STR, ARRAY_SIZE(VALIDATE_STR),
+ (int *)&validate);
+ if (ret != 0)
+ return ret;
+ addattr8(hdr, MACSEC_BUFLEN,
+ IFLA_MACSEC_VALIDATION, validate);
+ } else if (strcmp(*argv, "encodingsa") == 0) {
+ if (encoding_sa != 0xff)
+ duparg2("encodingsa", "encodingsa");
+ NEXT_ARG();
+ ret = get_an(&encoding_sa, *argv);
+ if (ret)
+ invarg("expected an { 0..3 }", *argv);
+ } else {
+ fprintf(stderr, "macsec: unknown command \"%s\"?\n",
+ *argv);
+ usage(stderr);
+ return -1;
+ }
+
+ argv++; argc--;
+ }
+
+ if (!check_txsc_flags(es, scb, send_sci)) {
+ fprintf(stderr, "invalid combination of send_sci/end_station/scb\n");
+ return -1;
+ }
+
+ if (window != -1 && replay_protect == -1) {
+ fprintf(stderr,
+ "replay window set, but replay protection not enabled. did you mean 'replay on window %u'?\n",
+ window);
+ return -1;
+ } else if (window == -1 && replay_protect == 1) {
+ fprintf(stderr,
+ "replay protection enabled, but no window set. did you mean 'replay on window VALUE'?\n");
+ return -1;
+ }
+
+ if (cipher.id)
+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_CIPHER_SUITE,
+ &cipher.id, sizeof(cipher.id));
+ if (cipher.icv_len)
+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ICV_LEN,
+ &cipher.icv_len, sizeof(cipher.icv_len));
+
+ if (replay_protect != -1) {
+ addattr32(hdr, MACSEC_BUFLEN, IFLA_MACSEC_WINDOW, window);
+ addattr8(hdr, MACSEC_BUFLEN, IFLA_MACSEC_REPLAY_PROTECT,
+ replay_protect);
+ }
+
+ if (encoding_sa != 0xff) {
+ addattr_l(hdr, MACSEC_BUFLEN, IFLA_MACSEC_ENCODING_SA,
+ &encoding_sa, sizeof(encoding_sa));
+ }
+
+ return 0;
+}
+
+static void macsec_print_help(struct link_util *lu, int argc, char **argv,
+ FILE *f)
+{
+ usage(f);
+}
+
+struct link_util macsec_link_util = {
+ .id = "macsec",
+ .maxattr = IFLA_MACSEC_MAX,
+ .parse_opt = macsec_parse_opt,
+ .print_help = macsec_print_help,
+ .print_opt = macsec_print_opt,
+};
diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c
index cbd6d11..46b86a3 100644
--- a/ip/ipmaddr.c
+++ b/ip/ipmaddr.c
@@ -50,6 +50,7 @@
while (*str && (len < 2 * size)) {
int tmp;
+
if (str[1] == 0)
return -1;
if (sscanf(str, "%02x", &tmp) != 1)
@@ -61,8 +62,7 @@
return len;
}
-struct ma_info
-{
+struct ma_info {
struct ma_info *next;
int index;
int users;
@@ -93,19 +93,16 @@
while (fgets(buf, sizeof(buf), fp)) {
char hexa[256];
- struct ma_info m;
+ struct ma_info m = { .addr.family = AF_PACKET };
int len;
int st;
- memset(&m, 0, sizeof(m));
sscanf(buf, "%d%s%d%d%s", &m.index, m.name, &m.users, &st,
hexa);
if (filter.dev && strcmp(filter.dev, m.name))
continue;
- m.addr.family = AF_PACKET;
-
- len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof (m.addr.data));
+ len = parse_hex(hexa, (unsigned char *)&m.addr.data, sizeof(m.addr.data));
if (len >= 0) {
struct ma_info *ma = malloc(sizeof(m));
@@ -122,34 +119,38 @@
static void read_igmp(struct ma_info **result_p)
{
- struct ma_info m;
+ struct ma_info m = {
+ .addr.family = AF_INET,
+ .addr.bitlen = 32,
+ .addr.bytelen = 4,
+ };
char buf[256];
FILE *fp = fopen("/proc/net/igmp", "r");
if (!fp)
return;
- memset(&m, 0, sizeof(m));
if (!fgets(buf, sizeof(buf), fp)) {
fclose(fp);
return;
}
- m.addr.family = AF_INET;
- m.addr.bitlen = 32;
- m.addr.bytelen = 4;
-
while (fgets(buf, sizeof(buf), fp)) {
struct ma_info *ma;
if (buf[0] != '\t') {
+ size_t len;
+
sscanf(buf, "%d%s", &m.index, m.name);
+ len = strlen(m.name);
+ if (m.name[len - 1] == ':')
+ m.name[len - 1] = '\0';
continue;
}
if (filter.dev && strcmp(filter.dev, m.name))
continue;
- sscanf(buf, "%08x%d", (__u32*)&m.addr.data, &m.users);
+ sscanf(buf, "%08x%d", (__u32 *)&m.addr.data, &m.users);
ma = malloc(sizeof(m));
memcpy(ma, &m, sizeof(m));
@@ -169,18 +170,15 @@
while (fgets(buf, sizeof(buf), fp)) {
char hexa[256];
- struct ma_info m;
+ struct ma_info m = { .addr.family = AF_INET6 };
int len;
- memset(&m, 0, sizeof(m));
sscanf(buf, "%d%s%s%d", &m.index, m.name, hexa, &m.users);
if (filter.dev && strcmp(filter.dev, m.name))
continue;
- m.addr.family = AF_INET6;
-
- len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof (m.addr.data));
+ len = parse_hex(hexa, (unsigned char *)&m.addr.data, sizeof(m.addr.data));
if (len >= 0) {
struct ma_info *ma = malloc(sizeof(m));
@@ -200,12 +198,11 @@
if (list->addr.family == AF_PACKET) {
SPRINT_BUF(b1);
- fprintf(fp, "link %s", ll_addr_n2a((unsigned char*)list->addr.data,
+ fprintf(fp, "link %s", ll_addr_n2a((unsigned char *)list->addr.data,
list->addr.bytelen, 0,
b1, sizeof(b1)));
} else {
- char abuf[256];
- switch(list->addr.family) {
+ switch (list->addr.family) {
case AF_INET:
fprintf(fp, "inet ");
break;
@@ -218,9 +215,7 @@
}
fprintf(fp, "%s",
format_host(list->addr.family,
- -1,
- list->addr.data,
- abuf, sizeof(abuf)));
+ -1, list->addr.data));
}
if (list->users != 1)
fprintf(fp, " users %d", list->users);
@@ -256,8 +251,7 @@
if (1) {
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
- }
- else if (matches(*argv, "help") == 0)
+ } else if (matches(*argv, "help") == 0)
usage();
if (filter.dev)
duparg2("dev", *argv);
@@ -278,11 +272,9 @@
static int multiaddr_modify(int cmd, int argc, char **argv)
{
- struct ifreq ifr;
+ struct ifreq ifr = {};
int fd;
- memset(&ifr, 0, sizeof(ifr));
-
if (cmd == RTM_NEWADDR)
cmd = SIOCADDMULTI;
else
@@ -293,7 +285,8 @@
NEXT_ARG();
if (ifr.ifr_name[0])
duparg("dev", *argv);
- strncpy(ifr.ifr_name, *argv, IFNAMSIZ);
+ if (get_ifname(ifr.ifr_name, *argv))
+ invarg("\"dev\" not a valid ifname", *argv);
} else {
if (matches(*argv, "address") == 0) {
NEXT_ARG();
@@ -320,7 +313,7 @@
perror("Cannot create socket");
exit(1);
}
- if (ioctl(fd, cmd, (char*)&ifr) != 0) {
+ if (ioctl(fd, cmd, (char *)&ifr) != 0) {
perror("ioctl");
exit(1);
}
diff --git a/ip/ipmonitor.c b/ip/ipmonitor.c
index 99a237f..3171d47 100644
--- a/ip/ipmonitor.c
+++ b/ip/ipmonitor.c
@@ -30,8 +30,7 @@
static void usage(void)
{
- fprintf(stderr, "Usage: ip monitor [ all | LISTofOBJECTS ] [ FILE ] "
- "[ label ] [all-nsid] [dev DEVICE]\n");
+ fprintf(stderr, "Usage: ip monitor [ all | LISTofOBJECTS ] [ FILE ] [ label ] [all-nsid] [dev DEVICE]\n");
fprintf(stderr, "LISTofOBJECTS := link | address | route | mroute | prefix |\n");
fprintf(stderr, " neigh | netconf | rule | nsid\n");
fprintf(stderr, "FILE := file FILENAME\n");
@@ -58,7 +57,7 @@
struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
if (n->nlmsg_type == RTM_NEWROUTE || n->nlmsg_type == RTM_DELROUTE) {
struct rtmsg *r = NLMSG_DATA(n);
@@ -139,8 +138,8 @@
}
if (n->nlmsg_type != NLMSG_ERROR && n->nlmsg_type != NLMSG_NOOP &&
n->nlmsg_type != NLMSG_DONE) {
- fprintf(fp, "Unknown message: type=0x%08x(%d) flags=0x%08x(%d)"
- "len=0x%08x(%d)\n", n->nlmsg_type, n->nlmsg_type,
+ fprintf(fp, "Unknown message: type=0x%08x(%d) flags=0x%08x(%d)len=0x%08x(%d)\n",
+ n->nlmsg_type, n->nlmsg_type,
n->nlmsg_flags, n->nlmsg_flags, n->nlmsg_len,
n->nlmsg_len);
}
@@ -150,17 +149,17 @@
int do_ipmonitor(int argc, char **argv)
{
char *file = NULL;
- unsigned groups = 0;
- int llink=0;
- int laddr=0;
- int lroute=0;
- int lmroute=0;
- int lprefix=0;
- int lneigh=0;
- int lnetconf=0;
- int lrule=0;
- int lnsid=0;
- int ifindex=0;
+ unsigned int groups = 0;
+ int llink = 0;
+ int laddr = 0;
+ int lroute = 0;
+ int lmroute = 0;
+ int lprefix = 0;
+ int lneigh = 0;
+ int lnetconf = 0;
+ int lrule = 0;
+ int lnsid = 0;
+ int ifindex = 0;
groups |= nl_mgrp(RTNLGRP_LINK);
groups |= nl_mgrp(RTNLGRP_IPV4_IFADDR);
@@ -177,6 +176,7 @@
groups |= nl_mgrp(RTNLGRP_IPV4_RULE);
groups |= nl_mgrp(RTNLGRP_IPV6_RULE);
groups |= nl_mgrp(RTNLGRP_NSID);
+ groups |= nl_mgrp(RTNLGRP_MPLS_NETCONF);
rtnl_close(&rth);
@@ -186,22 +186,20 @@
file = *argv;
} else if (matches(*argv, "label") == 0) {
prefix_banner = 1;
- } else if (matches(*argv, "all-nsid") == 0) {
- listen_all_nsid = 1;
} else if (matches(*argv, "link") == 0) {
- llink=1;
+ llink = 1;
groups = 0;
} else if (matches(*argv, "address") == 0) {
- laddr=1;
+ laddr = 1;
groups = 0;
} else if (matches(*argv, "route") == 0) {
- lroute=1;
+ lroute = 1;
groups = 0;
} else if (matches(*argv, "mroute") == 0) {
- lmroute=1;
+ lmroute = 1;
groups = 0;
} else if (matches(*argv, "prefix") == 0) {
- lprefix=1;
+ lprefix = 1;
groups = 0;
} else if (matches(*argv, "neigh") == 0) {
lneigh = 1;
@@ -216,7 +214,9 @@
lnsid = 1;
groups = 0;
} else if (strcmp(*argv, "all") == 0) {
- prefix_banner=1;
+ prefix_banner = 1;
+ } else if (matches(*argv, "all-nsid") == 0) {
+ listen_all_nsid = 1;
} else if (matches(*argv, "help") == 0) {
usage();
} else if (strcmp(*argv, "dev") == 0) {
@@ -272,6 +272,8 @@
groups |= nl_mgrp(RTNLGRP_IPV4_NETCONF);
if (!preferred_family || preferred_family == AF_INET6)
groups |= nl_mgrp(RTNLGRP_IPV6_NETCONF);
+ if (!preferred_family || preferred_family == AF_MPLS)
+ groups |= nl_mgrp(RTNLGRP_MPLS_NETCONF);
}
if (lrule) {
if (!preferred_family || preferred_family == AF_INET)
@@ -302,6 +304,7 @@
exit(1);
ll_init_map(&rth);
+ netns_nsid_socket_init();
netns_map_init();
if (rtnl_listen(&rth, accept_msg, stdout) < 0)
diff --git a/ip/ipmroute.c b/ip/ipmroute.c
index fffa9e2..b51c23c 100644
--- a/ip/ipmroute.c
+++ b/ip/ipmroute.c
@@ -44,8 +44,7 @@
exit(-1);
}
-struct rtfilter
-{
+struct rtfilter {
int tb;
int af;
int iif;
@@ -55,12 +54,12 @@
int print_mroute(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct rtmsg *r = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[RTA_MAX+1];
- char abuf[256];
+ struct rtattr *tb[RTA_MAX+1];
char obuf[256];
+
SPRINT_BUF(b1);
__u32 table;
int iif = 0;
@@ -90,7 +89,7 @@
return 0;
if (tb[RTA_IIF])
- iif = *(int*)RTA_DATA(tb[RTA_IIF]);
+ iif = rta_getattr_u32(tb[RTA_IIF]);
if (filter.iif && filter.iif != iif)
return 0;
@@ -98,44 +97,34 @@
return 0;
if (tb[RTA_DST] && filter.mdst.bitlen > 0) {
- inet_prefix dst;
+ inet_prefix dst = { .family = r->rtm_family };
- memset(&dst, 0, sizeof(dst));
- dst.family = r->rtm_family;
memcpy(&dst.data, RTA_DATA(tb[RTA_DST]), RTA_PAYLOAD(tb[RTA_DST]));
if (inet_addr_match(&dst, &filter.mdst, filter.mdst.bitlen))
return 0;
}
if (tb[RTA_SRC] && filter.msrc.bitlen > 0) {
- inet_prefix src;
+ inet_prefix src = { .family = r->rtm_family };
- memset(&src, 0, sizeof(src));
- src.family = r->rtm_family;
memcpy(&src.data, RTA_DATA(tb[RTA_SRC]), RTA_PAYLOAD(tb[RTA_SRC]));
if (inet_addr_match(&src, &filter.msrc, filter.msrc.bitlen))
return 0;
}
- family = r->rtm_family == RTNL_FAMILY_IPMR ? AF_INET : AF_INET6;
+ family = get_real_family(r->rtm_type, r->rtm_family);
if (n->nlmsg_type == RTM_DELROUTE)
fprintf(fp, "Deleted ");
if (tb[RTA_SRC])
len = snprintf(obuf, sizeof(obuf),
- "(%s, ", rt_addr_n2a(family,
- RTA_PAYLOAD(tb[RTA_SRC]),
- RTA_DATA(tb[RTA_SRC]),
- abuf, sizeof(abuf)));
+ "(%s, ", rt_addr_n2a_rta(family, tb[RTA_SRC]));
else
len = sprintf(obuf, "(unknown, ");
if (tb[RTA_DST])
snprintf(obuf + len, sizeof(obuf) - len,
- "%s)", rt_addr_n2a(family,
- RTA_PAYLOAD(tb[RTA_DST]),
- RTA_DATA(tb[RTA_DST]),
- abuf, sizeof(abuf)));
+ "%s)", rt_addr_n2a_rta(family, tb[RTA_DST]));
else
snprintf(obuf + len, sizeof(obuf) - len, "unknown) ");
@@ -170,6 +159,8 @@
nh = RTNH_NEXT(nh);
}
}
+ fprintf(fp, " State: %s",
+ r->rtm_flags & RTNH_F_UNRESOLVED ? "unresolved" : "resolved");
if (show_stats && tb[RTA_MFC_STATS]) {
struct rta_mfc_stats *mfcs = RTA_DATA(tb[RTA_MFC_STATS]);
@@ -180,6 +171,18 @@
fprintf(fp, ", %"PRIu64" arrived on wrong iif.",
(uint64_t)mfcs->mfcs_wrong_if);
}
+ if (show_stats && tb[RTA_EXPIRES]) {
+ struct timeval tv;
+
+ __jiffies_to_tv(&tv, rta_getattr_u64(tb[RTA_EXPIRES]));
+ fprintf(fp, ", Age %4i.%.2i", (int)tv.tv_sec,
+ (int)tv.tv_usec/10000);
+ }
+
+ if (table && (table != RT_TABLE_MAIN || show_details > 0) && !filter.tb)
+ fprintf(fp, " Table: %s",
+ rtnl_rttable_n2a(table, b1, sizeof(b1)));
+
fprintf(fp, "\n");
fflush(fp);
return 0;
@@ -212,6 +215,7 @@
while (argc > 0) {
if (matches(*argv, "table") == 0) {
__u32 tid;
+
NEXT_ARG();
if (rtnl_rttable_a2n(&tid, *argv)) {
if (strcmp(*argv, "all") == 0) {
diff --git a/ip/ipneigh.c b/ip/ipneigh.c
index 92b7cd6..9c38a60 100644
--- a/ip/ipneigh.c
+++ b/ip/ipneigh.c
@@ -31,7 +31,7 @@
static struct
{
int family;
- int index;
+ int index;
int state;
int unused_only;
inet_prefix pfx;
@@ -46,14 +46,16 @@
static void usage(void)
{
- fprintf(stderr, "Usage: ip neigh { add | del | change | replace } { ADDR [ lladdr LLADDR ]\n"
- " [ nud { permanent | noarp | stale | reachable } ]\n"
- " | proxy ADDR } [ dev DEV ]\n");
- fprintf(stderr, " ip neigh {show|flush} [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n");
+ fprintf(stderr, "Usage: ip neigh { add | del | change | replace }\n"
+ " { ADDR [ lladdr LLADDR ] [ nud STATE ] | proxy ADDR } [ dev DEV ]\n");
+ fprintf(stderr, " ip neigh { show | flush } [ proxy ] [ to PREFIX ] [ dev DEV ] [ nud STATE ]\n");
+ fprintf(stderr, " [ vrf NAME ]\n\n");
+ fprintf(stderr, "STATE := { permanent | noarp | stale | reachable | none |\n"
+ " incomplete | delay | probe | failed }\n");
exit(-1);
}
-static int nud_state_a2n(unsigned *state, const char *arg)
+static int nud_state_a2n(unsigned int *state, const char *arg)
{
if (matches(arg, "permanent") == 0)
*state = NUD_PERMANENT;
@@ -76,7 +78,7 @@
else {
if (get_unsigned(state, arg, 0))
return -1;
- if (*state>=0x100 || (*state&((*state)-1)))
+ if (*state >= 0x100 || (*state&((*state)-1)))
return -1;
}
return 0;
@@ -98,23 +100,21 @@
struct {
struct nlmsghdr n;
struct ndmsg ndm;
- char buf[256];
- } req;
+ char buf[256];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .ndm.ndm_family = preferred_family,
+ .ndm.ndm_state = NUD_PERMANENT,
+ };
char *dev = NULL;
int dst_ok = 0;
int dev_ok = 0;
int lladdr_ok = 0;
- char * lla = NULL;
+ char *lla = NULL;
inet_prefix dst;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.ndm.ndm_family = preferred_family;
- req.ndm.ndm_state = NUD_PERMANENT;
-
while (argc > 0) {
if (matches(*argv, "lladdr") == 0) {
NEXT_ARG();
@@ -123,7 +123,8 @@
lla = *argv;
lladdr_ok = 1;
} else if (strcmp(*argv, "nud") == 0) {
- unsigned state;
+ unsigned int state;
+
NEXT_ARG();
if (nud_state_a2n(&state, *argv))
invarg("nud state is bad", *argv);
@@ -192,11 +193,10 @@
int print_neigh(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct ndmsg *r = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[NDA_MAX+1];
- char abuf[256];
+ struct rtattr *tb[NDA_MAX+1];
static int logit = 1;
if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH &&
@@ -222,7 +222,7 @@
if (!(filter.state&r->ndm_state) &&
!(r->ndm_flags & NTF_PROXY) &&
(r->ndm_state || !(filter.state&0x100)) &&
- (r->ndm_family != AF_DECnet))
+ (r->ndm_family != AF_DECnet))
return 0;
if (filter.master && !(n->nlmsg_flags & NLM_F_DUMP_FILTERED)) {
@@ -237,9 +237,8 @@
if (tb[NDA_DST]) {
if (filter.pfx.family) {
- inet_prefix dst;
- memset(&dst, 0, sizeof(dst));
- dst.family = r->ndm_family;
+ inet_prefix dst = { .family = r->ndm_family };
+
memcpy(&dst.data, RTA_DATA(tb[NDA_DST]), RTA_PAYLOAD(tb[NDA_DST]));
if (inet_addr_match(&dst, &filter.pfx, filter.pfx.bitlen))
return 0;
@@ -247,22 +246,24 @@
}
if (filter.unused_only && tb[NDA_CACHEINFO]) {
struct nda_cacheinfo *ci = RTA_DATA(tb[NDA_CACHEINFO]);
+
if (ci->ndm_refcnt)
return 0;
}
if (filter.flushb) {
struct nlmsghdr *fn;
+
if (NLMSG_ALIGN(filter.flushp) + n->nlmsg_len > filter.flushe) {
if (flush_update())
return -1;
}
- fn = (struct nlmsghdr*)(filter.flushb + NLMSG_ALIGN(filter.flushp));
+ fn = (struct nlmsghdr *)(filter.flushb + NLMSG_ALIGN(filter.flushp));
memcpy(fn, n, n->nlmsg_len);
fn->nlmsg_type = RTM_DELNEIGH;
fn->nlmsg_flags = NLM_F_REQUEST;
fn->nlmsg_seq = ++rth.seq;
- filter.flushp = (((char*)fn) + n->nlmsg_len) - filter.flushb;
+ filter.flushp = (((char *)fn) + n->nlmsg_len) - filter.flushb;
filter.flushed++;
if (show_stats < 2)
return 0;
@@ -274,10 +275,7 @@
fprintf(fp, "miss ");
if (tb[NDA_DST]) {
fprintf(fp, "%s ",
- format_host(r->ndm_family,
- RTA_PAYLOAD(tb[NDA_DST]),
- RTA_DATA(tb[NDA_DST]),
- abuf, sizeof(abuf)));
+ format_host_rta(r->ndm_family, tb[NDA_DST]));
}
if (!filter.index && r->ndm_ifindex)
fprintf(fp, "dev %s ", ll_index_to_name(r->ndm_ifindex));
@@ -306,11 +304,13 @@
if (tb[NDA_PROBES] && show_stats) {
__u32 p = rta_getattr_u32(tb[NDA_PROBES]);
+
fprintf(fp, " probes %u", p);
}
if (r->ndm_state) {
int nud = r->ndm_state;
+
fprintf(fp, " ");
#define PRINT_FLAG(f) if (nud & NUD_##f) { \
@@ -343,16 +343,14 @@
struct {
struct nlmsghdr n;
struct ndmsg ndm;
- char buf[256];
- } req;
+ char buf[256];
+ } req = {
+ .n.nlmsg_type = RTM_GETNEIGH,
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)),
+ };
char *filter_dev = NULL;
int state_given = 0;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_type = RTM_GETNEIGH;
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg));
-
ipneigh_reset_filter(0);
if (!filter.family)
@@ -375,16 +373,29 @@
filter_dev = *argv;
} else if (strcmp(*argv, "master") == 0) {
int ifindex;
+
NEXT_ARG();
ifindex = ll_name_to_index(*argv);
if (!ifindex)
invarg("Device does not exist\n", *argv);
addattr32(&req.n, sizeof(req), NDA_MASTER, ifindex);
filter.master = ifindex;
+ } else if (strcmp(*argv, "vrf") == 0) {
+ int ifindex;
+
+ NEXT_ARG();
+ ifindex = ll_name_to_index(*argv);
+ if (!ifindex)
+ invarg("Not a valid VRF name\n", *argv);
+ if (!name_is_vrf(*argv))
+ invarg("Not a valid VRF name\n", *argv);
+ addattr32(&req.n, sizeof(req), NDA_MASTER, ifindex);
+ filter.master = ifindex;
} else if (strcmp(*argv, "unused") == 0) {
filter.unused_only = 1;
} else if (strcmp(*argv, "nud") == 0) {
- unsigned state;
+ unsigned int state;
+
NEXT_ARG();
if (!state_given) {
state_given = 1;
@@ -425,6 +436,8 @@
addattr32(&req.n, sizeof(req), NDA_IFINDEX, filter.index);
}
+ req.ndm.ndm_family = filter.family;
+
if (flush) {
int round = 0;
char flushb[4096-512];
@@ -432,10 +445,9 @@
filter.flushb = flushb;
filter.flushp = 0;
filter.flushe = sizeof(flushb);
- filter.state &= ~NUD_FAILED;
while (round < MAX_ROUNDS) {
- if (rtnl_wilddump_request(&rth, filter.family, RTM_GETNEIGH) < 0) {
+ if (rtnl_dump_request_n(&rth, &req.n) < 0) {
perror("Cannot send dump request");
exit(1);
}
@@ -449,7 +461,7 @@
if (round == 0)
printf("Nothing to flush.\n");
else
- printf("*** Flush is complete after %d round%s ***\n", round, round>1?"s":"");
+ printf("*** Flush is complete after %d round%s ***\n", round, round > 1?"s":"");
}
fflush(stdout);
return 0;
@@ -461,14 +473,13 @@
printf("\n*** Round %d, deleting %d entries ***\n", round, filter.flushed);
fflush(stdout);
}
+ filter.state &= ~NUD_FAILED;
}
printf("*** Flush not complete bailing out after %d rounds\n",
MAX_ROUNDS);
return 1;
}
- req.ndm.ndm_family = filter.family;
-
if (rtnl_dump_request_n(&rth, &req.n) < 0) {
perror("Cannot send dump request");
exit(1);
diff --git a/ip/ipnetconf.c b/ip/ipnetconf.c
index eca6eee..696e3dd 100644
--- a/ip/ipnetconf.c
+++ b/ip/ipnetconf.c
@@ -19,13 +19,13 @@
#include <sys/time.h>
#include <sys/socket.h>
#include <netinet/in.h>
+#include <errno.h>
#include "rt_names.h"
#include "utils.h"
#include "ip_common.h"
-static struct
-{
+static struct {
int family;
int ifindex;
} filter;
@@ -38,15 +38,25 @@
exit(-1);
}
-#define NETCONF_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct netconfmsg))))
+static void print_onoff(FILE *f, const char *flag, __u32 val)
+{
+ fprintf(f, "%s %s ", flag, val ? "on" : "off");
+}
+
+static struct rtattr *netconf_rta(struct netconfmsg *ncm)
+{
+ return (struct rtattr *)((char *)ncm
+ + NLMSG_ALIGN(sizeof(struct netconfmsg)));
+}
int print_netconf(const struct sockaddr_nl *who, struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct netconfmsg *ncm = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr *tb[NETCONFA_MAX+1];
+ int ifindex = 0;
if (n->nlmsg_type == NLMSG_ERROR)
return -1;
@@ -65,9 +75,15 @@
if (filter.family && filter.family != ncm->ncm_family)
return 0;
- parse_rtattr(tb, NETCONFA_MAX, NETCONF_RTA(ncm),
+ parse_rtattr(tb, NETCONFA_MAX, netconf_rta(ncm),
NLMSG_PAYLOAD(n, sizeof(*ncm)));
+ if (tb[NETCONFA_IFINDEX])
+ ifindex = rta_getattr_u32(tb[NETCONFA_IFINDEX]);
+
+ if (filter.ifindex && filter.ifindex != ifindex)
+ return 0;
+
switch (ncm->ncm_family) {
case AF_INET:
fprintf(fp, "ipv4 ");
@@ -75,15 +91,16 @@
case AF_INET6:
fprintf(fp, "ipv6 ");
break;
+ case AF_MPLS:
+ fprintf(fp, "mpls ");
+ break;
default:
fprintf(fp, "unknown ");
break;
}
if (tb[NETCONFA_IFINDEX]) {
- int *ifindex = (int *)RTA_DATA(tb[NETCONFA_IFINDEX]);
-
- switch (*ifindex) {
+ switch (ifindex) {
case NETCONFA_IFINDEX_ALL:
fprintf(fp, "all ");
break;
@@ -91,16 +108,16 @@
fprintf(fp, "default ");
break;
default:
- fprintf(fp, "dev %s ", ll_index_to_name(*ifindex));
+ fprintf(fp, "dev %s ", ll_index_to_name(ifindex));
break;
}
}
if (tb[NETCONFA_FORWARDING])
- fprintf(fp, "forwarding %s ",
- *(int *)RTA_DATA(tb[NETCONFA_FORWARDING])?"on":"off");
+ print_onoff(fp, "forwarding",
+ rta_getattr_u32(tb[NETCONFA_FORWARDING]));
if (tb[NETCONFA_RP_FILTER]) {
- int rp_filter = *(int *)RTA_DATA(tb[NETCONFA_RP_FILTER]);
+ __u32 rp_filter = rta_getattr_u32(tb[NETCONFA_RP_FILTER]);
if (rp_filter == 0)
fprintf(fp, "rp_filter off ");
@@ -112,12 +129,19 @@
fprintf(fp, "rp_filter unknown mode ");
}
if (tb[NETCONFA_MC_FORWARDING])
- fprintf(fp, "mc_forwarding %d ",
- *(int *)RTA_DATA(tb[NETCONFA_MC_FORWARDING]));
+ print_onoff(fp, "mc_forwarding",
+ rta_getattr_u32(tb[NETCONFA_MC_FORWARDING]));
if (tb[NETCONFA_PROXY_NEIGH])
- fprintf(fp, "proxy_neigh %s ",
- *(int *)RTA_DATA(tb[NETCONFA_PROXY_NEIGH])?"on":"off");
+ print_onoff(fp, "proxy_neigh",
+ rta_getattr_u32(tb[NETCONFA_PROXY_NEIGH]));
+
+ if (tb[NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN])
+ print_onoff(fp, "ignore_routes_with_linkdown",
+ rta_getattr_u32(tb[NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN]));
+
+ if (tb[NETCONFA_INPUT])
+ print_onoff(fp, "input", rta_getattr_u32(tb[NETCONFA_INPUT]));
fprintf(fp, "\n");
fflush(fp);
@@ -142,12 +166,14 @@
struct nlmsghdr n;
struct netconfmsg ncm;
char buf[1024];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct netconfmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,
+ .n.nlmsg_type = RTM_GETNETCONF,
+ };
ipnetconf_reset_filter(0);
filter.family = preferred_family;
- if (filter.family == AF_UNSPEC)
- filter.family = AF_INET;
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
@@ -163,15 +189,11 @@
}
ll_init_map(&rth);
- if (filter.ifindex) {
- memset(&req, 0, sizeof(req));
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct netconfmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
- req.n.nlmsg_type = RTM_GETNETCONF;
+
+ if (filter.ifindex && filter.family != AF_UNSPEC) {
req.ncm.ncm_family = filter.family;
- if (filter.ifindex)
- addattr_l(&req.n, sizeof(req), NETCONFA_IFINDEX,
- &filter.ifindex, sizeof(filter.ifindex));
+ addattr_l(&req.n, sizeof(req), NETCONFA_IFINDEX,
+ &filter.ifindex, sizeof(filter.ifindex));
if (rtnl_send(&rth, &req.n, req.n.nlmsg_len) < 0) {
perror("Can not send request");
@@ -179,16 +201,26 @@
}
rtnl_listen(&rth, print_netconf, stdout);
} else {
+ rth.flags = RTNL_HANDLE_F_SUPPRESS_NLERR;
dump:
if (rtnl_wilddump_request(&rth, filter.family, RTM_GETNETCONF) < 0) {
perror("Cannot send dump request");
exit(1);
}
if (rtnl_dump_filter(&rth, print_netconf2, stdout) < 0) {
+ /* kernel does not support netconf dump on AF_UNSPEC;
+ * fall back to requesting by family
+ */
+ if (errno == EOPNOTSUPP &&
+ filter.family == AF_UNSPEC) {
+ filter.family = AF_INET;
+ goto dump;
+ }
+ perror("RTNETLINK answers");
fprintf(stderr, "Dump terminated\n");
exit(1);
}
- if (preferred_family == AF_UNSPEC) {
+ if (preferred_family == AF_UNSPEC && filter.family == AF_INET) {
preferred_family = AF_INET6;
filter.family = AF_INET6;
goto dump;
diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index 088096f..bad7933 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -18,7 +18,7 @@
#include <linux/net_namespace.h>
#include "utils.h"
-#include "hlist.h"
+#include "list.h"
#include "ip_common.h"
#include "namespace.h"
@@ -61,20 +61,19 @@
struct nlmsghdr n;
struct rtgenmsg g;
char buf[1024];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETNSID,
+ .g.rtgen_family = AF_UNSPEC,
+ };
int fd;
if (have_rtnl_getnsid < 0) {
- memset(&req, 0, sizeof(req));
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETNSID;
- req.g.rtgen_family = AF_UNSPEC;
-
fd = open("/proc/self/ns/net", O_RDONLY);
if (fd < 0) {
- perror("open(\"/proc/self/ns/net\")");
- exit(1);
+ have_rtnl_getnsid = 0;
+ return 0;
}
addattr32(&req.n, 1024, NETNSA_FD, fd);
@@ -96,17 +95,16 @@
struct nlmsghdr n;
struct rtgenmsg g;
char buf[1024];
- } req, answer;
+ } answer, req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETNSID,
+ .g.rtgen_family = AF_UNSPEC,
+ };
struct rtattr *tb[NETNSA_MAX + 1];
struct rtgenmsg *rthdr;
int len, fd;
- memset(&req, 0, sizeof(req));
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETNSID;
- req.g.rtgen_family = AF_UNSPEC;
-
fd = netns_get_fd(name);
if (fd < 0)
return fd;
@@ -172,7 +170,7 @@
if (netns_map_get_by_nsid(nsid) != NULL)
return -EEXIST;
- c = malloc(sizeof(*c) + strlen(name));
+ c = malloc(sizeof(*c) + strlen(name) + 1);
if (c == NULL) {
perror("malloc");
return -ENOMEM;
@@ -196,6 +194,18 @@
free(c);
}
+void netns_nsid_socket_init(void)
+{
+ if (rtnsh.fd > -1 || !ipnetns_have_nsid())
+ return;
+
+ if (rtnl_open(&rtnsh, 0) < 0) {
+ fprintf(stderr, "Cannot open rtnetlink\n");
+ exit(1);
+ }
+
+}
+
void netns_map_init(void)
{
static int initialized;
@@ -206,11 +216,6 @@
if (initialized || !ipnetns_have_nsid())
return;
- if (rtnl_open(&rtnsh, 0) < 0) {
- fprintf(stderr, "Cannot open rtnetlink\n");
- exit(1);
- }
-
dir = opendir(NETNS_RUN_DIR);
if (!dir)
return;
@@ -352,43 +357,10 @@
return 0;
}
-static int cmd_exec(const char *cmd, char **argv, bool do_fork)
-{
- fflush(stdout);
- if (do_fork) {
- int status;
- pid_t pid;
-
- pid = fork();
- if (pid < 0) {
- perror("fork");
- exit(1);
- }
-
- if (pid != 0) {
- /* Parent */
- if (waitpid(pid, &status, 0) < 0) {
- perror("waitpid");
- exit(1);
- }
-
- if (WIFEXITED(status)) {
- return WEXITSTATUS(status);
- }
-
- exit(1);
- }
- }
-
- if (execvp(cmd, argv) < 0)
- fprintf(stderr, "exec of \"%s\" failed: %s\n",
- cmd, strerror(errno));
- _exit(1);
-}
-
static int on_netns_exec(char *nsname, void *arg)
{
char **argv = arg;
+
cmd_exec(argv[1], argv + 1, true);
return 0;
}
@@ -415,6 +387,11 @@
if (netns_switch(argv[0]))
return -1;
+ /* we just changed namespaces. clear any vrf association
+ * with prior namespace before exec'ing command
+ */
+ vrf_reset();
+
/* ip must return the status of the child,
* but do_cmd() will add a minus to this,
* so let's add another one here to cancel it.
@@ -426,6 +403,7 @@
static int is_pid(const char *str)
{
int ch;
+
for (; (ch = *str); str++) {
if (!isdigit(ch))
return 0;
@@ -470,9 +448,10 @@
strerror(errno));
return -1;
}
- while((entry = readdir(dir))) {
+ while ((entry = readdir(dir))) {
char pid_net_path[PATH_MAX];
struct stat st;
+
if (!is_pid(entry->d_name))
continue;
snprintf(pid_net_path, sizeof(pid_net_path), "/proc/%s/ns/net",
@@ -489,28 +468,15 @@
}
-static int netns_identify(int argc, char **argv)
+int netns_identify_pid(const char *pidstr, char *name, int len)
{
- const char *pidstr;
char net_path[PATH_MAX];
int netns;
struct stat netst;
DIR *dir;
struct dirent *entry;
- if (argc < 1) {
- pidstr = "self";
- } else if (argc > 1) {
- fprintf(stderr, "extra arguments specified\n");
- return -1;
- } else {
- pidstr = argv[0];
- if (!is_pid(pidstr)) {
- fprintf(stderr, "Specified string '%s' is not a pid\n",
- pidstr);
- return -1;
- }
- }
+ name[0] = '\0';
snprintf(net_path, sizeof(net_path), "/proc/%s/ns/net", pidstr);
netns = open(net_path, O_RDONLY);
@@ -535,7 +501,7 @@
return -1;
}
- while((entry = readdir(dir))) {
+ while ((entry = readdir(dir))) {
char name_path[PATH_MAX];
struct stat st;
@@ -552,7 +518,7 @@
if ((st.st_dev == netst.st_dev) &&
(st.st_ino == netst.st_ino)) {
- printf("%s\n", entry->d_name);
+ strlcpy(name, entry->d_name, len);
}
}
closedir(dir);
@@ -560,6 +526,33 @@
}
+static int netns_identify(int argc, char **argv)
+{
+ const char *pidstr;
+ char name[256];
+ int rc;
+
+ if (argc < 1) {
+ pidstr = "self";
+ } else if (argc > 1) {
+ fprintf(stderr, "extra arguments specified\n");
+ return -1;
+ } else {
+ pidstr = argv[0];
+ if (!is_pid(pidstr)) {
+ fprintf(stderr, "Specified string '%s' is not a pid\n",
+ pidstr);
+ return -1;
+ }
+ }
+
+ rc = netns_identify_pid(pidstr, name, sizeof(name));
+ if (!rc)
+ printf("%s\n", name);
+
+ return rc;
+}
+
static int on_netns_del(char *nsname, void *arg)
{
char netns_path[PATH_MAX];
@@ -642,7 +635,7 @@
}
/* Upgrade NETNS_RUN_DIR to a mount point */
- if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND, NULL)) {
+ if (mount(NETNS_RUN_DIR, NETNS_RUN_DIR, "none", MS_BIND | MS_REC, NULL)) {
fprintf(stderr, "mount --bind %s %s failed: %s\n",
NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
return -1;
@@ -682,15 +675,14 @@
struct nlmsghdr n;
struct rtgenmsg g;
char buf[1024];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_NEWNSID,
+ .g.rtgen_family = AF_UNSPEC,
+ };
int fd, err = 0;
- memset(&req, 0, sizeof(req));
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_NEWNSID;
- req.g.rtgen_family = AF_UNSPEC;
-
fd = netns_get_fd(name);
if (fd < 0)
return fd;
@@ -708,7 +700,8 @@
{
char netns_path[PATH_MAX];
const char *name;
- int netns, nsid;
+ unsigned int nsid;
+ int netns;
if (argc < 1) {
fprintf(stderr, "No netns name specified\n");
@@ -719,7 +712,8 @@
return -1;
}
name = argv[0];
- nsid = atoi(argv[1]);
+ if (get_unsigned(&nsid, argv[1], 0))
+ invarg("Invalid \"netnsid\" value\n", argv[1]);
snprintf(netns_path, sizeof(netns_path), "%s/%s", NETNS_RUN_DIR, name);
netns = open(netns_path, O_RDONLY | O_CLOEXEC);
@@ -737,6 +731,7 @@
char buf[4096];
struct inotify_event *event;
int fd;
+
fd = inotify_init();
if (fd < 0) {
fprintf(stderr, "inotify_init failed: %s\n",
@@ -752,8 +747,9 @@
strerror(errno));
return -1;
}
- for(;;) {
+ for (;;) {
ssize_t len = read(fd, buf, sizeof(buf));
+
if (len < 0) {
fprintf(stderr, "read failed: %s\n",
strerror(errno));
@@ -771,19 +767,36 @@
return 0;
}
+static int invalid_name(const char *name)
+{
+ return !*name || strlen(name) > NAME_MAX ||
+ strchr(name, '/') || !strcmp(name, ".") || !strcmp(name, "..");
+}
+
int do_netns(int argc, char **argv)
{
- netns_map_init();
+ netns_nsid_socket_init();
- if (argc < 1)
+ if (argc < 1) {
+ netns_map_init();
return netns_list(0, NULL);
+ }
+
+ if (argc > 1 && invalid_name(argv[1])) {
+ fprintf(stderr, "Invalid netns name \"%s\"\n", argv[1]);
+ exit(-1);
+ }
if ((matches(*argv, "list") == 0) || (matches(*argv, "show") == 0) ||
- (matches(*argv, "lst") == 0))
+ (matches(*argv, "lst") == 0)) {
+ netns_map_init();
return netns_list(argc-1, argv+1);
+ }
- if ((matches(*argv, "list-id") == 0))
+ if ((matches(*argv, "list-id") == 0)) {
+ netns_map_init();
return netns_list_id(argc-1, argv+1);
+ }
if (matches(*argv, "help") == 0)
return usage();
diff --git a/ip/ipntable.c b/ip/ipntable.c
index 6eb84e7..88236ce 100644
--- a/ip/ipntable.c
+++ b/ip/ipntable.c
@@ -35,9 +35,9 @@
static struct
{
int family;
- int index;
+ int index;
#define NONE_DEV (-1)
- char name[1024];
+ const char *name;
} filter;
static void usage(void) __attribute__((noreturn));
@@ -52,7 +52,7 @@
"PARMS := [ base_reachable MSEC ] [ retrans MSEC ] [ gc_stale MSEC ]\n"
" [ delay_probe MSEC ] [ queue LEN ]\n"
- " [ app_probs VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]\n"
+ " [ app_probes VAL ] [ ucast_probes VAL ] [ mcast_probes VAL ]\n"
" [ anycast_delay MSEC ] [ proxy_delay MSEC ] [ proxy_queue LEN ]\n"
" [ locktime MSEC ]\n"
);
@@ -65,27 +65,20 @@
struct {
struct nlmsghdr n;
struct ndtmsg ndtm;
- char buf[1024];
- } req;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndtmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .ndtm.ndtm_family = preferred_family,
+ };
char *namep = NULL;
char *threshsp = NULL;
char *gc_intp = NULL;
- char parms_buf[1024];
+ char parms_buf[1024] = {};
struct rtattr *parms_rta = (struct rtattr *)parms_buf;
int parms_change = 0;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndtmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
-
- req.ndtm.ndtm_family = preferred_family;
- req.ndtm.ndtm_pad1 = 0;
- req.ndtm.ndtm_pad2 = 0;
-
- memset(&parms_buf, 0, sizeof(parms_buf));
-
parms_rta->rta_type = NDTA_PARMS;
parms_rta->rta_len = RTA_LENGTH(0);
@@ -209,8 +202,6 @@
if (get_u32(&queue, *argv, 0))
invarg("\"queue\" value is invalid", *argv);
- if (!parms_rta)
- parms_rta = (struct rtattr *)&parms_buf;
rta_addattr32(parms_rta, sizeof(parms_buf),
NDTPA_QUEUE_LEN, queue);
parms_change = 1;
@@ -322,15 +313,13 @@
static const char *ntable_strtime_delta(__u32 msec)
{
static char str[32];
- struct timeval now;
+ struct timeval now = {};
time_t t;
struct tm *tp;
if (msec == 0)
goto error;
- memset(&now, 0, sizeof(now));
-
if (gettimeofday(&now, NULL) < 0) {
perror("gettimeofday");
goto error;
@@ -351,7 +340,7 @@
static int print_ntable(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct ndtmsg *ndtm = NLMSG_DATA(n);
int len = n->nlmsg_len;
struct rtattr *tb[NDTA_MAX+1];
@@ -378,7 +367,7 @@
if (tb[NDTA_NAME]) {
const char *name = rta_getattr_str(tb[NDTA_NAME]);
- if (strlen(filter.name) > 0 && strcmp(filter.name, name))
+ if (filter.name && strcmp(filter.name, name))
return 0;
}
if (tb[NDTA_PARMS]) {
@@ -407,6 +396,7 @@
if (tb[NDTA_NAME]) {
const char *name = rta_getattr_str(tb[NDTA_NAME]);
+
fprintf(fp, "%s ", name);
}
@@ -419,18 +409,22 @@
if (tb[NDTA_THRESH1]) {
__u32 thresh1 = rta_getattr_u32(tb[NDTA_THRESH1]);
+
fprintf(fp, "thresh1 %u ", thresh1);
}
if (tb[NDTA_THRESH2]) {
__u32 thresh2 = rta_getattr_u32(tb[NDTA_THRESH2]);
+
fprintf(fp, "thresh2 %u ", thresh2);
}
if (tb[NDTA_THRESH3]) {
__u32 thresh3 = rta_getattr_u32(tb[NDTA_THRESH3]);
+
fprintf(fp, "thresh3 %u ", thresh3);
}
if (tb[NDTA_GC_INTERVAL]) {
unsigned long long gc_int = rta_getattr_u64(tb[NDTA_GC_INTERVAL]);
+
fprintf(fp, "gc_int %llu ", gc_int);
}
@@ -480,18 +474,22 @@
if (tpb[NDTPA_REFCNT]) {
__u32 refcnt = rta_getattr_u32(tpb[NDTPA_REFCNT]);
+
fprintf(fp, "refcnt %u ", refcnt);
}
if (tpb[NDTPA_REACHABLE_TIME]) {
unsigned long long reachable = rta_getattr_u64(tpb[NDTPA_REACHABLE_TIME]);
+
fprintf(fp, "reachable %llu ", reachable);
}
if (tpb[NDTPA_BASE_REACHABLE_TIME]) {
unsigned long long breachable = rta_getattr_u64(tpb[NDTPA_BASE_REACHABLE_TIME]);
+
fprintf(fp, "base_reachable %llu ", breachable);
}
if (tpb[NDTPA_RETRANS_TIME]) {
unsigned long long retrans = rta_getattr_u64(tpb[NDTPA_RETRANS_TIME]);
+
fprintf(fp, "retrans %llu ", retrans);
}
@@ -501,14 +499,17 @@
if (tpb[NDTPA_GC_STALETIME]) {
unsigned long long gc_stale = rta_getattr_u64(tpb[NDTPA_GC_STALETIME]);
+
fprintf(fp, "gc_stale %llu ", gc_stale);
}
if (tpb[NDTPA_DELAY_PROBE_TIME]) {
unsigned long long delay_probe = rta_getattr_u64(tpb[NDTPA_DELAY_PROBE_TIME]);
+
fprintf(fp, "delay_probe %llu ", delay_probe);
}
if (tpb[NDTPA_QUEUE_LEN]) {
__u32 queue = rta_getattr_u32(tpb[NDTPA_QUEUE_LEN]);
+
fprintf(fp, "queue %u ", queue);
}
@@ -518,14 +519,17 @@
if (tpb[NDTPA_APP_PROBES]) {
__u32 aprobe = rta_getattr_u32(tpb[NDTPA_APP_PROBES]);
+
fprintf(fp, "app_probes %u ", aprobe);
}
if (tpb[NDTPA_UCAST_PROBES]) {
__u32 uprobe = rta_getattr_u32(tpb[NDTPA_UCAST_PROBES]);
+
fprintf(fp, "ucast_probes %u ", uprobe);
}
if (tpb[NDTPA_MCAST_PROBES]) {
__u32 mprobe = rta_getattr_u32(tpb[NDTPA_MCAST_PROBES]);
+
fprintf(fp, "mcast_probes %u ", mprobe);
}
@@ -535,18 +539,22 @@
if (tpb[NDTPA_ANYCAST_DELAY]) {
unsigned long long anycast_delay = rta_getattr_u64(tpb[NDTPA_ANYCAST_DELAY]);
+
fprintf(fp, "anycast_delay %llu ", anycast_delay);
}
if (tpb[NDTPA_PROXY_DELAY]) {
unsigned long long proxy_delay = rta_getattr_u64(tpb[NDTPA_PROXY_DELAY]);
+
fprintf(fp, "proxy_delay %llu ", proxy_delay);
}
if (tpb[NDTPA_PROXY_QLEN]) {
__u32 pqueue = rta_getattr_u32(tpb[NDTPA_PROXY_QLEN]);
+
fprintf(fp, "proxy_queue %u ", pqueue);
}
if (tpb[NDTPA_LOCKTIME]) {
unsigned long long locktime = rta_getattr_u64(tpb[NDTPA_LOCKTIME]);
+
fprintf(fp, "locktime %llu ", locktime);
}
@@ -623,7 +631,7 @@
} else if (strcmp(*argv, "name") == 0) {
NEXT_ARG();
- strncpy(filter.name, *argv, sizeof(filter.name));
+ filter.name = *argv;
} else
invarg("unknown", *argv);
diff --git a/ip/ipprefix.c b/ip/ipprefix.c
index ee51f04..20f23ca 100644
--- a/ip/ipprefix.c
+++ b/ip/ipprefix.c
@@ -37,10 +37,10 @@
int print_prefix(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct prefixmsg *prefix = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[RTA_MAX+1];
+ struct rtattr *tb[RTA_MAX+1];
int family = preferred_family;
if (n->nlmsg_type != RTM_NEWPREFIX) {
@@ -71,22 +71,11 @@
parse_rtattr(tb, RTA_MAX, RTM_RTA(prefix), len);
- fprintf(fp, "prefix ");
-
if (tb[PREFIX_ADDRESS]) {
- struct in6_addr *pfx;
- char abuf[256];
-
- pfx = (struct in6_addr *)RTA_DATA(tb[PREFIX_ADDRESS]);
-
- memset(abuf, '\0', sizeof(abuf));
- fprintf(fp, "%s", rt_addr_n2a(family,
- RTA_PAYLOAD(tb[PREFIX_ADDRESS]),
- pfx,
- abuf, sizeof(abuf)));
+ fprintf(fp, "prefix %s/%u",
+ rt_addr_n2a_rta(family, tb[PREFIX_ADDRESS]),
+ prefix->prefix_len);
}
- fprintf(fp, "/%u ", prefix->prefix_len);
-
fprintf(fp, "dev %s ", ll_index_to_name(prefix->prefix_ifindex));
if (prefix->prefix_flags & IF_PREFIX_ONLINK)
@@ -95,8 +84,8 @@
fprintf(fp, "autoconf ");
if (tb[PREFIX_CACHEINFO]) {
- struct prefix_cacheinfo *pc;
- pc = (struct prefix_cacheinfo *)RTA_DATA(tb[PREFIX_CACHEINFO]);
+ const struct prefix_cacheinfo *pc
+ = RTA_DATA(tb[PREFIX_CACHEINFO]);
fprintf(fp, "valid %u ", pc->valid_time);
fprintf(fp, "preferred %u ", pc->preferred_time);
diff --git a/ip/iproute.c b/ip/iproute.c
index 7f81145..e81bc05 100644
--- a/ip/iproute.c
+++ b/ip/iproute.c
@@ -48,7 +48,7 @@
[RTAX_SSTHRESH] = "ssthresh",
[RTAX_CWND] = "cwnd",
[RTAX_ADVMSS] = "advmss",
- [RTAX_REORDERING]="reordering",
+ [RTAX_REORDERING] = "reordering",
[RTAX_HOPLIMIT] = "hoplimit",
[RTAX_INITCWND] = "initcwnd",
[RTAX_FEATURES] = "features",
@@ -65,30 +65,33 @@
fprintf(stderr, " ip route save SELECTOR\n");
fprintf(stderr, " ip route restore\n");
fprintf(stderr, " ip route showdump\n");
- fprintf(stderr, " ip route get ADDRESS [ from ADDRESS iif STRING ]\n");
+ fprintf(stderr, " ip route get [ ROUTE_GET_FLAGS ] ADDRESS\n");
+ fprintf(stderr, " [ from ADDRESS iif STRING ]\n");
fprintf(stderr, " [ oif STRING ] [ tos TOS ]\n");
- fprintf(stderr, " [ mark NUMBER ] [ uid NUMBER ]\n");
+ fprintf(stderr, " [ mark NUMBER ] [ vrf NAME ]\n");
+ fprintf(stderr, " [ uid NUMBER ]\n");
fprintf(stderr, " ip route { add | del | change | append | replace } ROUTE\n");
fprintf(stderr, "SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ]\n");
- fprintf(stderr, " [ table TABLE_ID ] [ proto RTPROTO ]\n");
+ fprintf(stderr, " [ table TABLE_ID ] [ vrf NAME ] [ proto RTPROTO ]\n");
fprintf(stderr, " [ type TYPE ] [ scope SCOPE ]\n");
fprintf(stderr, "ROUTE := NODE_SPEC [ INFO_SPEC ]\n");
fprintf(stderr, "NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ]\n");
fprintf(stderr, " [ table TABLE_ID ] [ proto RTPROTO ]\n");
fprintf(stderr, " [ scope SCOPE ] [ metric METRIC ]\n");
+ fprintf(stderr, " [ ttl-propagate { enabled | disabled } ]\n");
fprintf(stderr, "INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]...\n");
fprintf(stderr, "NH := [ encap ENCAPTYPE ENCAPHDR ] [ via [ FAMILY ] ADDRESS ]\n");
fprintf(stderr, " [ dev STRING ] [ weight NUMBER ] NHFLAGS\n");
fprintf(stderr, "FAMILY := [ inet | inet6 | ipx | dnet | mpls | bridge | link ]\n");
fprintf(stderr, "OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ as [ to ] ADDRESS ]\n");
fprintf(stderr, " [ rtt TIME ] [ rttvar TIME ] [ reordering NUMBER ]\n");
- fprintf(stderr, " [ window NUMBER] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n");
+ fprintf(stderr, " [ window NUMBER ] [ cwnd NUMBER ] [ initcwnd NUMBER ]\n");
fprintf(stderr, " [ ssthresh NUMBER ] [ realms REALM ] [ src ADDRESS ]\n");
fprintf(stderr, " [ rto_min TIME ] [ hoplimit NUMBER ] [ initrwnd NUMBER ]\n");
fprintf(stderr, " [ features FEATURES ] [ quickack BOOL ] [ congctl NAME ]\n");
fprintf(stderr, " [ pref PREF ] [ expires TIME ]\n");
- fprintf(stderr, "TYPE := [ unicast | local | broadcast | multicast | throw |\n");
- fprintf(stderr, " unreachable | prohibit | blackhole | nat ]\n");
+ fprintf(stderr, "TYPE := { unicast | local | broadcast | multicast | throw |\n");
+ fprintf(stderr, " unreachable | prohibit | blackhole | nat }\n");
fprintf(stderr, "TABLE_ID := [ local | main | default | all | NUMBER ]\n");
fprintf(stderr, "SCOPE := [ host | link | global | NUMBER ]\n");
fprintf(stderr, "NHFLAGS := [ onlink | pervasive ]\n");
@@ -97,8 +100,11 @@
fprintf(stderr, "TIME := NUMBER[s|ms]\n");
fprintf(stderr, "BOOL := [1|0]\n");
fprintf(stderr, "FEATURES := ecn\n");
- fprintf(stderr, "ENCAPTYPE := [ mpls | ip | ip6 ]\n");
- fprintf(stderr, "ENCAPHDR := [ MPLSLABEL ]\n");
+ fprintf(stderr, "ENCAPTYPE := [ mpls | ip | ip6 | seg6 | seg6local ]\n");
+ fprintf(stderr, "ENCAPHDR := [ MPLSLABEL | SEG6HDR ]\n");
+ fprintf(stderr, "SEG6HDR := [ mode SEGMODE ] segs ADDR1,ADDRi,ADDRn [hmac HMACKEYID] [cleanup]\n");
+ fprintf(stderr, "SEGMODE := [ encap | inline ]\n");
+ fprintf(stderr, "ROUTE_GET_FLAGS := [ fibmatch ]\n");
exit(-1);
}
@@ -113,7 +119,7 @@
int flushe;
int protocol, protocolmask;
int scope, scopemask;
- int type, typemask;
+ __u64 typemask;
int tos, tosmask;
int iif, iifmask;
int oif, oifmask;
@@ -131,7 +137,7 @@
{
if (rtnl_send_check(&rth, filter.flushb, filter.flushp) < 0) {
perror("Failed to send flush request");
- return -1;
+ return -2;
}
filter.flushp = 0;
return 0;
@@ -140,10 +146,10 @@
static int filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
{
struct rtmsg *r = NLMSG_DATA(n);
- inet_prefix dst;
- inet_prefix src;
- inet_prefix via;
- inet_prefix prefsrc;
+ inet_prefix dst = { .family = r->rtm_family };
+ inet_prefix src = { .family = r->rtm_family };
+ inet_prefix via = { .family = r->rtm_family };
+ inet_prefix prefsrc = { .family = r->rtm_family };
__u32 table;
static int ip6_multiple_tables;
@@ -178,7 +184,8 @@
return 0;
if ((filter.scope^r->rtm_scope)&filter.scopemask)
return 0;
- if ((filter.type^r->rtm_type)&filter.typemask)
+
+ if (filter.typemask && !(filter.typemask & (1 << r->rtm_type)))
return 0;
if ((filter.tos^r->rtm_tos)&filter.tosmask)
return 0;
@@ -198,8 +205,10 @@
return 0;
if (filter.rvia.family) {
int family = r->rtm_family;
+
if (tb[RTA_VIA]) {
struct rtvia *via = RTA_DATA(tb[RTA_VIA]);
+
family = via->rtvia_family;
}
if (family != filter.rvia.family)
@@ -208,31 +217,24 @@
if (filter.rprefsrc.family && r->rtm_family != filter.rprefsrc.family)
return 0;
- memset(&dst, 0, sizeof(dst));
- dst.family = r->rtm_family;
if (tb[RTA_DST])
memcpy(&dst.data, RTA_DATA(tb[RTA_DST]), (r->rtm_dst_len+7)/8);
if (filter.rsrc.family || filter.msrc.family) {
- memset(&src, 0, sizeof(src));
- src.family = r->rtm_family;
if (tb[RTA_SRC])
memcpy(&src.data, RTA_DATA(tb[RTA_SRC]), (r->rtm_src_len+7)/8);
}
- if (filter.rvia.bitlen>0) {
- memset(&via, 0, sizeof(via));
- via.family = r->rtm_family;
+ if (filter.rvia.bitlen > 0) {
if (tb[RTA_GATEWAY])
memcpy(&via.data, RTA_DATA(tb[RTA_GATEWAY]), host_len/8);
if (tb[RTA_VIA]) {
size_t len = RTA_PAYLOAD(tb[RTA_VIA]) - 2;
struct rtvia *rtvia = RTA_DATA(tb[RTA_VIA]);
+
via.family = rtvia->rtvia_family;
memcpy(&via.data, rtvia->rtvia_addr, len);
}
}
- if (filter.rprefsrc.bitlen>0) {
- memset(&prefsrc, 0, sizeof(prefsrc));
- prefsrc.family = r->rtm_family;
+ if (filter.rprefsrc.bitlen > 0) {
if (tb[RTA_PREFSRC])
memcpy(&prefsrc.data, RTA_DATA(tb[RTA_PREFSRC]), host_len/8);
}
@@ -255,6 +257,7 @@
return 0;
if (filter.realmmask) {
__u32 realms = 0;
+
if (tb[RTA_FLOW])
realms = rta_getattr_u32(tb[RTA_FLOW]);
if ((realms^filter.realm)&filter.realmmask)
@@ -262,22 +265,25 @@
}
if (filter.iifmask) {
int iif = 0;
+
if (tb[RTA_IIF])
- iif = *(int*)RTA_DATA(tb[RTA_IIF]);
+ iif = rta_getattr_u32(tb[RTA_IIF]);
if ((iif^filter.iif)&filter.iifmask)
return 0;
}
if (filter.oifmask) {
int oif = 0;
+
if (tb[RTA_OIF])
- oif = *(int*)RTA_DATA(tb[RTA_OIF]);
+ oif = rta_getattr_u32(tb[RTA_OIF]);
if ((oif^filter.oif)&filter.oifmask)
return 0;
}
if (filter.markmask) {
int mark = 0;
+
if (tb[RTA_MARK])
- mark = *(int *)RTA_DATA(tb[RTA_MARK]);
+ mark = rta_getattr_u32(tb[RTA_MARK]);
if ((mark ^ filter.mark) & filter.markmask)
return 0;
}
@@ -286,7 +292,7 @@
r->rtm_dst_len == 0 &&
r->rtm_type == RTN_UNREACHABLE &&
tb[RTA_PRIORITY] &&
- *(int*)RTA_DATA(tb[RTA_PRIORITY]) == -1)
+ rta_getattr_u32(tb[RTA_PRIORITY]) == -1)
return 0;
return 1;
@@ -297,30 +303,31 @@
unsigned int of = features;
if (features & RTAX_FEATURE_ECN) {
- fprintf(fp, " ecn");
+ fprintf(fp, "ecn ");
features &= ~RTAX_FEATURE_ECN;
}
if (features)
- fprintf(fp, " 0x%x", of);
+ fprintf(fp, "0x%x ", of);
}
int print_route(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct rtmsg *r = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[RTA_MAX+1];
- char abuf[256];
- int host_len;
+ struct rtattr *tb[RTA_MAX+1];
+ int host_len, family;
__u32 table;
+ int ret;
+
SPRINT_BUF(b1);
static int hz;
if (n->nlmsg_type != RTM_NEWROUTE && n->nlmsg_type != RTM_DELROUTE) {
fprintf(stderr, "Not a route: %08x %08x %08x\n",
n->nlmsg_len, n->nlmsg_type, n->nlmsg_flags);
- return 0;
+ return -1;
}
if (filter.flushb && n->nlmsg_type != RTM_NEWROUTE)
return 0;
@@ -340,16 +347,17 @@
if (filter.flushb) {
struct nlmsghdr *fn;
+
if (NLMSG_ALIGN(filter.flushp) + n->nlmsg_len > filter.flushe) {
- if (flush_update())
- return -1;
+ if ((ret = flush_update()) < 0)
+ return ret;
}
- fn = (struct nlmsghdr*)(filter.flushb + NLMSG_ALIGN(filter.flushp));
+ fn = (struct nlmsghdr *)(filter.flushb + NLMSG_ALIGN(filter.flushp));
memcpy(fn, n, n->nlmsg_len);
fn->nlmsg_type = RTM_DELROUTE;
fn->nlmsg_flags = NLM_F_REQUEST;
fn->nlmsg_seq = ++rth.seq;
- filter.flushp = (((char*)fn) + n->nlmsg_len) - filter.flushb;
+ filter.flushp = (((char *)fn) + n->nlmsg_len) - filter.flushb;
filter.flushed++;
if (show_stats < 2)
return 0;
@@ -357,23 +365,19 @@
if (n->nlmsg_type == RTM_DELROUTE)
fprintf(fp, "Deleted ");
- if ((r->rtm_type != RTN_UNICAST || show_details > 0) && !filter.type)
+ if ((r->rtm_type != RTN_UNICAST || show_details > 0) &&
+ (!filter.typemask || (filter.typemask & (1 << r->rtm_type))))
fprintf(fp, "%s ", rtnl_rtntype_n2a(r->rtm_type, b1, sizeof(b1)));
if (tb[RTA_DST]) {
+ family = get_real_family(r->rtm_type, r->rtm_family);
if (r->rtm_dst_len != host_len) {
- fprintf(fp, "%s/%u ", rt_addr_n2a(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_DST]),
- RTA_DATA(tb[RTA_DST]),
- abuf, sizeof(abuf)),
- r->rtm_dst_len
- );
+ fprintf(fp, "%s/%u ",
+ rt_addr_n2a_rta(family, tb[RTA_DST]),
+ r->rtm_dst_len);
} else {
- fprintf(fp, "%s ", format_host(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_DST]),
- RTA_DATA(tb[RTA_DST]),
- abuf, sizeof(abuf))
- );
+ fprintf(fp, "%s ",
+ format_host_rta(family, tb[RTA_DST]));
}
} else if (r->rtm_dst_len) {
fprintf(fp, "0/%d ", r->rtm_dst_len);
@@ -381,29 +385,21 @@
fprintf(fp, "default ");
}
if (tb[RTA_SRC]) {
+ family = get_real_family(r->rtm_type, r->rtm_family);
if (r->rtm_src_len != host_len) {
- fprintf(fp, "from %s/%u ", rt_addr_n2a(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_SRC]),
- RTA_DATA(tb[RTA_SRC]),
- abuf, sizeof(abuf)),
- r->rtm_src_len
- );
+ fprintf(fp, "from %s/%u ",
+ rt_addr_n2a_rta(family, tb[RTA_SRC]),
+ r->rtm_src_len);
} else {
- fprintf(fp, "from %s ", format_host(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_SRC]),
- RTA_DATA(tb[RTA_SRC]),
- abuf, sizeof(abuf))
- );
+ fprintf(fp, "from %s ",
+ format_host_rta(family, tb[RTA_SRC]));
}
} else if (r->rtm_src_len) {
fprintf(fp, "from 0/%u ", r->rtm_src_len);
}
if (tb[RTA_NEWDST]) {
- fprintf(fp, "as to %s ", format_host(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_NEWDST]),
- RTA_DATA(tb[RTA_NEWDST]),
- abuf, sizeof(abuf))
- );
+ fprintf(fp, "as to %s ",
+ format_host_rta(r->rtm_family, tb[RTA_NEWDST]));
}
if (tb[RTA_ENCAP])
@@ -416,42 +412,36 @@
if (tb[RTA_GATEWAY] && filter.rvia.bitlen != host_len) {
fprintf(fp, "via %s ",
- format_host(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_GATEWAY]),
- RTA_DATA(tb[RTA_GATEWAY]),
- abuf, sizeof(abuf)));
+ format_host_rta(r->rtm_family, tb[RTA_GATEWAY]));
}
if (tb[RTA_VIA]) {
size_t len = RTA_PAYLOAD(tb[RTA_VIA]) - 2;
struct rtvia *via = RTA_DATA(tb[RTA_VIA]);
+
fprintf(fp, "via %s %s ",
family_name(via->rtvia_family),
- format_host(via->rtvia_family, len, via->rtvia_addr,
- abuf, sizeof(abuf)));
+ format_host(via->rtvia_family, len, via->rtvia_addr));
}
if (tb[RTA_OIF] && filter.oifmask != -1)
- fprintf(fp, "dev %s ", ll_index_to_name(*(int*)RTA_DATA(tb[RTA_OIF])));
+ fprintf(fp, "dev %s ", ll_index_to_name(rta_getattr_u32(tb[RTA_OIF])));
if (table && (table != RT_TABLE_MAIN || show_details > 0) && !filter.tb)
- fprintf(fp, " table %s ", rtnl_rttable_n2a(table, b1, sizeof(b1)));
+ fprintf(fp, "table %s ", rtnl_rttable_n2a(table, b1, sizeof(b1)));
if (!(r->rtm_flags&RTM_F_CLONED)) {
if ((r->rtm_protocol != RTPROT_BOOT || show_details > 0) && filter.protocolmask != -1)
- fprintf(fp, " proto %s ", rtnl_rtprot_n2a(r->rtm_protocol, b1, sizeof(b1)));
+ fprintf(fp, "proto %s ", rtnl_rtprot_n2a(r->rtm_protocol, b1, sizeof(b1)));
if ((r->rtm_scope != RT_SCOPE_UNIVERSE || show_details > 0) && filter.scopemask != -1)
- fprintf(fp, " scope %s ", rtnl_rtscope_n2a(r->rtm_scope, b1, sizeof(b1)));
+ fprintf(fp, "scope %s ", rtnl_rtscope_n2a(r->rtm_scope, b1, sizeof(b1)));
}
if (tb[RTA_PREFSRC] && filter.rprefsrc.bitlen != host_len) {
/* Do not use format_host(). It is our local addr
and symbolic name will not be useful.
*/
- fprintf(fp, " src %s ",
- rt_addr_n2a(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_PREFSRC]),
- RTA_DATA(tb[RTA_PREFSRC]),
- abuf, sizeof(abuf)));
+ fprintf(fp, "src %s ",
+ rt_addr_n2a_rta(r->rtm_family, tb[RTA_PREFSRC]));
}
if (tb[RTA_PRIORITY])
- fprintf(fp, " metric %u ", rta_getattr_u32(tb[RTA_PRIORITY]));
+ fprintf(fp, "metric %u ", rta_getattr_u32(tb[RTA_PRIORITY]));
if (r->rtm_flags & RTNH_F_DEAD)
fprintf(fp, "dead ");
if (r->rtm_flags & RTNH_F_ONLINK)
@@ -464,19 +454,23 @@
fprintf(fp, "notify ");
if (r->rtm_flags & RTNH_F_LINKDOWN)
fprintf(fp, "linkdown ");
+ if (r->rtm_flags & RTNH_F_UNRESOLVED)
+ fprintf(fp, "unresolved ");
if (tb[RTA_MARK]) {
- unsigned int mark = *(unsigned int*)RTA_DATA(tb[RTA_MARK]);
+ unsigned int mark = rta_getattr_u32(tb[RTA_MARK]);
+
if (mark) {
if (mark >= 16)
- fprintf(fp, " mark 0x%x", mark);
+ fprintf(fp, "mark 0x%x ", mark);
else
- fprintf(fp, " mark %u", mark);
+ fprintf(fp, "mark %u ", mark);
}
}
if (tb[RTA_FLOW] && filter.realmmask != ~0U) {
__u32 to = rta_getattr_u32(tb[RTA_FLOW]);
__u32 from = to>>16;
+
to &= 0xFFFF;
fprintf(fp, "realm%s ", from ? "s" : "");
if (from) {
@@ -496,7 +490,7 @@
fprintf(fp, "%s cache ", _SL_);
-#define PRTFL(fl,flname) if (flags&RTCF_##fl) { \
+#define PRTFL(fl, flname) if (flags&RTCF_##fl) { \
flags &= ~RTCF_##fl; \
fprintf(fp, "%s" flname "%s", first ? "<" : "", flags ? "," : "> "); \
first = 0; }
@@ -519,28 +513,30 @@
fprintf(fp, "%s%x> ", first ? "<" : "", flags);
if (tb[RTA_CACHEINFO]) {
struct rta_cacheinfo *ci = RTA_DATA(tb[RTA_CACHEINFO]);
+
if (!hz)
hz = get_user_hz();
if (ci->rta_expires != 0)
- fprintf(fp, " expires %dsec", ci->rta_expires/hz);
+ fprintf(fp, "expires %dsec ", ci->rta_expires/hz);
if (ci->rta_error != 0)
- fprintf(fp, " error %d", ci->rta_error);
+ fprintf(fp, "error %d ", ci->rta_error);
if (show_stats) {
if (ci->rta_clntref)
- fprintf(fp, " users %d", ci->rta_clntref);
+ fprintf(fp, "users %d ", ci->rta_clntref);
if (ci->rta_used != 0)
- fprintf(fp, " used %d", ci->rta_used);
+ fprintf(fp, "used %d ", ci->rta_used);
if (ci->rta_lastuse != 0)
- fprintf(fp, " age %dsec", ci->rta_lastuse/hz);
+ fprintf(fp, "age %dsec ", ci->rta_lastuse/hz);
}
if (ci->rta_id)
- fprintf(fp, " ipid 0x%04x", ci->rta_id);
+ fprintf(fp, "ipid 0x%04x ", ci->rta_id);
if (ci->rta_ts || ci->rta_tsage)
- fprintf(fp, " ts 0x%x tsage %dsec",
+ fprintf(fp, "ts 0x%x tsage %dsec ",
ci->rta_ts, ci->rta_tsage);
}
} else if (r->rtm_family == AF_INET6) {
struct rta_cacheinfo *ci = NULL;
+
if (tb[RTA_CACHEINFO])
ci = RTA_DATA(tb[RTA_CACHEINFO]);
if ((r->rtm_flags & RTM_F_CLONED) || (ci && ci->rta_expires)) {
@@ -549,58 +545,58 @@
if (r->rtm_flags & RTM_F_CLONED)
fprintf(fp, "%s cache ", _SL_);
if (ci->rta_expires)
- fprintf(fp, " expires %dsec", ci->rta_expires/hz);
+ fprintf(fp, "expires %dsec ", ci->rta_expires/hz);
if (ci->rta_error != 0)
- fprintf(fp, " error %d", ci->rta_error);
+ fprintf(fp, "error %d ", ci->rta_error);
if (show_stats) {
if (ci->rta_clntref)
- fprintf(fp, " users %d", ci->rta_clntref);
+ fprintf(fp, "users %d ", ci->rta_clntref);
if (ci->rta_used != 0)
- fprintf(fp, " used %d", ci->rta_used);
+ fprintf(fp, "used %d ", ci->rta_used);
if (ci->rta_lastuse != 0)
- fprintf(fp, " age %dsec", ci->rta_lastuse/hz);
+ fprintf(fp, "age %dsec ", ci->rta_lastuse/hz);
}
} else if (ci) {
if (ci->rta_error != 0)
- fprintf(fp, " error %d", ci->rta_error);
+ fprintf(fp, "error %d ", ci->rta_error);
}
}
if (tb[RTA_METRICS]) {
int i;
- unsigned mxlock = 0;
+ unsigned int mxlock = 0;
struct rtattr *mxrta[RTAX_MAX+1];
parse_rtattr(mxrta, RTAX_MAX, RTA_DATA(tb[RTA_METRICS]),
RTA_PAYLOAD(tb[RTA_METRICS]));
if (mxrta[RTAX_LOCK])
- mxlock = *(unsigned*)RTA_DATA(mxrta[RTAX_LOCK]);
+ mxlock = rta_getattr_u32(mxrta[RTAX_LOCK]);
- for (i=2; i<= RTAX_MAX; i++) {
- __u32 val;
+ for (i = 2; i <= RTAX_MAX; i++) {
+ __u32 val = 0U;
- if (mxrta[i] == NULL)
+ if (mxrta[i] == NULL && !(mxlock & (1 << i)))
continue;
- if (i != RTAX_CC_ALGO)
+ if (mxrta[i] != NULL && i != RTAX_CC_ALGO)
val = rta_getattr_u32(mxrta[i]);
if (i == RTAX_HOPLIMIT && (int)val == -1)
continue;
- if (i < sizeof(mx_names)/sizeof(char*) && mx_names[i])
- fprintf(fp, " %s", mx_names[i]);
+ if (i < sizeof(mx_names)/sizeof(char *) && mx_names[i])
+ fprintf(fp, "%s ", mx_names[i]);
else
- fprintf(fp, " metric %d", i);
+ fprintf(fp, "metric %d ", i);
if (mxlock & (1<<i))
- fprintf(fp, " lock");
+ fprintf(fp, "lock ");
switch (i) {
case RTAX_FEATURES:
print_rtax_features(fp, val);
break;
default:
- fprintf(fp, " %u", val);
+ fprintf(fp, "%u ", val);
break;
case RTAX_RTT:
@@ -612,22 +608,23 @@
val /= 4;
if (val >= 1000)
- fprintf(fp, " %gs", val/1e3);
+ fprintf(fp, "%gs ", val/1e3);
else
- fprintf(fp, " %ums", val);
+ fprintf(fp, "%ums ", val);
break;
case RTAX_CC_ALGO:
- fprintf(fp, " %s", rta_getattr_str(mxrta[i]));
+ fprintf(fp, "%s ", rta_getattr_str(mxrta[i]));
break;
}
}
}
if (tb[RTA_IIF] && filter.iifmask != -1) {
- fprintf(fp, " iif %s", ll_index_to_name(*(int*)RTA_DATA(tb[RTA_IIF])));
+ fprintf(fp, "iif %s ",
+ ll_index_to_name(rta_getattr_u32(tb[RTA_IIF])));
}
if (tb[RTA_MULTIPATH]) {
struct rtnexthop *nh = RTA_DATA(tb[RTA_MULTIPATH]);
- int first = 0;
+ int first = 1;
len = RTA_PAYLOAD(tb[RTA_MULTIPATH]);
@@ -637,12 +634,14 @@
if (nh->rtnh_len > len)
break;
if (r->rtm_flags&RTM_F_CLONED && r->rtm_type == RTN_MULTICAST) {
- if (first)
- fprintf(fp, " Oifs:");
- else
+ if (first) {
+ fprintf(fp, "Oifs: ");
+ first = 0;
+ } else {
fprintf(fp, " ");
+ }
} else
- fprintf(fp, "%s\tnexthop", _SL_);
+ fprintf(fp, "%s\tnexthop ", _SL_);
if (nh->rtnh_len > sizeof(*nh)) {
parse_rtattr(tb, RTA_MAX, RTNH_DATA(nh), nh->rtnh_len - sizeof(*nh));
@@ -650,58 +649,67 @@
lwt_print_encap(fp,
tb[RTA_ENCAP_TYPE],
tb[RTA_ENCAP]);
-
+ if (tb[RTA_NEWDST]) {
+ fprintf(fp, "as to %s ",
+ format_host_rta(r->rtm_family,
+ tb[RTA_NEWDST]));
+ }
if (tb[RTA_GATEWAY]) {
- fprintf(fp, " via %s ",
- format_host(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_GATEWAY]),
- RTA_DATA(tb[RTA_GATEWAY]),
- abuf, sizeof(abuf)));
+ fprintf(fp, "via %s ",
+ format_host_rta(r->rtm_family,
+ tb[RTA_GATEWAY]));
}
if (tb[RTA_VIA]) {
size_t len = RTA_PAYLOAD(tb[RTA_VIA]) - 2;
struct rtvia *via = RTA_DATA(tb[RTA_VIA]);
+
fprintf(fp, "via %s %s ",
family_name(via->rtvia_family),
- format_host(via->rtvia_family, len, via->rtvia_addr,
- abuf, sizeof(abuf)));
+ format_host(via->rtvia_family, len, via->rtvia_addr));
}
if (tb[RTA_FLOW]) {
__u32 to = rta_getattr_u32(tb[RTA_FLOW]);
__u32 from = to>>16;
+
to &= 0xFFFF;
- fprintf(fp, " realm%s ", from ? "s" : "");
+ fprintf(fp, "realm%s ", from ? "s" : "");
if (from) {
fprintf(fp, "%s/",
rtnl_rtrealm_n2a(from, b1, sizeof(b1)));
}
- fprintf(fp, "%s",
+ fprintf(fp, "%s ",
rtnl_rtrealm_n2a(to, b1, sizeof(b1)));
}
}
if (r->rtm_flags&RTM_F_CLONED && r->rtm_type == RTN_MULTICAST) {
- fprintf(fp, " %s", ll_index_to_name(nh->rtnh_ifindex));
+ fprintf(fp, "%s", ll_index_to_name(nh->rtnh_ifindex));
if (nh->rtnh_hops != 1)
fprintf(fp, "(ttl>%d)", nh->rtnh_hops);
+ fprintf(fp, " ");
} else {
- fprintf(fp, " dev %s", ll_index_to_name(nh->rtnh_ifindex));
- fprintf(fp, " weight %d", nh->rtnh_hops+1);
+ fprintf(fp, "dev %s ", ll_index_to_name(nh->rtnh_ifindex));
+ if (r->rtm_family != AF_MPLS)
+ fprintf(fp, "weight %d ",
+ nh->rtnh_hops+1);
}
if (nh->rtnh_flags & RTNH_F_DEAD)
- fprintf(fp, " dead");
+ fprintf(fp, "dead ");
if (nh->rtnh_flags & RTNH_F_ONLINK)
- fprintf(fp, " onlink");
+ fprintf(fp, "onlink ");
if (nh->rtnh_flags & RTNH_F_PERVASIVE)
- fprintf(fp, " pervasive");
+ fprintf(fp, "pervasive ");
+ if (nh->rtnh_flags & RTNH_F_OFFLOAD)
+ fprintf(fp, "offload ");
if (nh->rtnh_flags & RTNH_F_LINKDOWN)
- fprintf(fp, " linkdown");
+ fprintf(fp, "linkdown ");
len -= NLMSG_ALIGN(nh->rtnh_len);
nh = RTNH_NEXT(nh);
}
}
if (tb[RTA_PREF]) {
unsigned int pref = rta_getattr_u8(tb[RTA_PREF]);
- fprintf(fp, " pref ");
+
+ fprintf(fp, "pref ");
switch (pref) {
case ICMPV6_ROUTER_PREF_LOW:
@@ -717,6 +725,13 @@
fprintf(fp, "%u", pref);
}
}
+ if (tb[RTA_TTL_PROPAGATE]) {
+ fprintf(fp, "ttl-propagate ");
+ if (rta_getattr_u8(tb[RTA_TTL_PROPAGATE]))
+ fprintf(fp, "enabled");
+ else
+ fprintf(fp, "disabled");
+ }
fprintf(fp, "\n");
fflush(fp);
return 0;
@@ -733,6 +748,7 @@
if (strcmp(*argv, "via") == 0) {
inet_prefix addr;
int family;
+
NEXT_ARG();
family = read_family(*argv);
if (family == AF_UNSPEC)
@@ -747,16 +763,17 @@
rtnh->rtnh_len += sizeof(struct rtattr) + addr.bytelen;
} else {
rta_addattr_l(rta, 4096, RTA_VIA, &addr.family, addr.bytelen+2);
- rtnh->rtnh_len += sizeof(struct rtattr) + addr.bytelen+2;
+ rtnh->rtnh_len += RTA_SPACE(addr.bytelen+2);
}
} else if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
if ((rtnh->rtnh_ifindex = ll_name_to_index(*argv)) == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", *argv);
- exit(1);
+ return -1;
}
} else if (strcmp(*argv, "weight") == 0) {
- unsigned w;
+ unsigned int w;
+
NEXT_ARG();
if (get_unsigned(&w, *argv, 0) || w == 0 || w > 256)
invarg("\"weight\" is invalid\n", *argv);
@@ -765,6 +782,7 @@
rtnh->rtnh_flags |= RTNH_F_ONLINK;
} else if (matches(*argv, "realms") == 0) {
__u32 realm;
+
NEXT_ARG();
if (get_rt_realms_or_raw(&realm, *argv))
invarg("\"realm\" value is invalid\n", *argv);
@@ -775,6 +793,16 @@
lwt_parse_encap(rta, 4096, &argc, &argv);
rtnh->rtnh_len += rta->rta_len - len;
+ } else if (strcmp(*argv, "as") == 0) {
+ inet_prefix addr;
+
+ NEXT_ARG();
+ if (strcmp(*argv, "to") == 0)
+ NEXT_ARG();
+ get_addr(&addr, *argv, r->rtm_family);
+ rta_addattr_l(rta, 4096, RTA_NEWDST, &addr.data,
+ addr.bytelen);
+ rtnh->rtnh_len += sizeof(struct rtattr) + addr.bytelen;
} else
break;
}
@@ -787,7 +815,7 @@
int argc, char **argv)
{
char buf[1024];
- struct rtattr *rta = (void*)buf;
+ struct rtattr *rta = (void *)buf;
struct rtnexthop *rtnh;
rta->rta_type = RTA_MULTIPATH;
@@ -815,16 +843,23 @@
return 0;
}
-static int iproute_modify(int cmd, unsigned flags, int argc, char **argv)
+static int iproute_modify(int cmd, unsigned int flags, int argc, char **argv)
{
struct {
struct nlmsghdr n;
struct rtmsg r;
- char buf[1024];
- } req;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .r.rtm_family = preferred_family,
+ .r.rtm_table = RT_TABLE_MAIN,
+ .r.rtm_scope = RT_SCOPE_NOWHERE,
+ };
char mxbuf[256];
- struct rtattr * mxrta = (void*)mxbuf;
- unsigned mxlock = 0;
+ struct rtattr *mxrta = (void *)mxbuf;
+ unsigned int mxlock = 0;
char *d = NULL;
int gw_ok = 0;
int dst_ok = 0;
@@ -833,16 +868,6 @@
int table_ok = 0;
int raw = 0;
int type_ok = 0;
- static int hz;
-
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.r.rtm_family = preferred_family;
- req.r.rtm_table = RT_TABLE_MAIN;
- req.r.rtm_scope = RT_SCOPE_NOWHERE;
if (cmd != RTM_DELROUTE) {
req.r.rtm_protocol = RTPROT_BOOT;
@@ -856,6 +881,7 @@
while (argc > 0) {
if (strcmp(*argv, "src") == 0) {
inet_prefix addr;
+
NEXT_ARG();
get_addr(&addr, *argv, req.r.rtm_family);
if (req.r.rtm_family == AF_UNSPEC)
@@ -863,6 +889,7 @@
addattr_l(&req.n, sizeof(req), RTA_PREFSRC, &addr.data, addr.bytelen);
} else if (strcmp(*argv, "as") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (strcmp(*argv, "to") == 0) {
NEXT_ARG();
@@ -874,6 +901,11 @@
} else if (strcmp(*argv, "via") == 0) {
inet_prefix addr;
int family;
+
+ if (gw_ok) {
+ invarg("use nexthop syntax to specify multiple via\n",
+ *argv);
+ }
gw_ok = 1;
NEXT_ARG();
family = read_family(*argv);
@@ -885,11 +917,14 @@
if (req.r.rtm_family == AF_UNSPEC)
req.r.rtm_family = addr.family;
if (addr.family == req.r.rtm_family)
- addattr_l(&req.n, sizeof(req), RTA_GATEWAY, &addr.data, addr.bytelen);
+ addattr_l(&req.n, sizeof(req), RTA_GATEWAY,
+ &addr.data, addr.bytelen);
else
- addattr_l(&req.n, sizeof(req), RTA_VIA, &addr.family, addr.bytelen+2);
+ addattr_l(&req.n, sizeof(req), RTA_VIA,
+ &addr.family, addr.bytelen+2);
} else if (strcmp(*argv, "from") == 0) {
inet_prefix addr;
+
NEXT_ARG();
get_prefix(&addr, *argv, req.r.rtm_family);
if (req.r.rtm_family == AF_UNSPEC)
@@ -900,35 +935,38 @@
} else if (strcmp(*argv, "tos") == 0 ||
matches(*argv, "dsfield") == 0) {
__u32 tos;
+
NEXT_ARG();
if (rtnl_dsfield_a2n(&tos, *argv))
invarg("\"tos\" value is invalid\n", *argv);
req.r.rtm_tos = tos;
- } else if (strcmp(*argv, "expires") == 0 ) {
+ } else if (strcmp(*argv, "expires") == 0) {
__u32 expires;
+
NEXT_ARG();
if (get_u32(&expires, *argv, 0))
invarg("\"expires\" value is invalid\n", *argv);
- if (!hz)
- hz = get_user_hz();
- addattr32(&req.n, sizeof(req), RTA_EXPIRES, expires*hz);
+ addattr32(&req.n, sizeof(req), RTA_EXPIRES, expires);
} else if (matches(*argv, "metric") == 0 ||
matches(*argv, "priority") == 0 ||
strcmp(*argv, "preference") == 0) {
__u32 metric;
+
NEXT_ARG();
if (get_u32(&metric, *argv, 0))
invarg("\"metric\" value is invalid\n", *argv);
addattr32(&req.n, sizeof(req), RTA_PRIORITY, metric);
} else if (strcmp(*argv, "scope") == 0) {
__u32 scope = 0;
+
NEXT_ARG();
if (rtnl_rtscope_a2n(&scope, *argv))
invarg("invalid \"scope\" value\n", *argv);
req.r.rtm_scope = scope;
scope_ok = 1;
} else if (strcmp(*argv, "mtu") == 0) {
- unsigned mtu;
+ unsigned int mtu;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_MTU);
@@ -938,7 +976,8 @@
invarg("\"mtu\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_MTU, mtu);
} else if (strcmp(*argv, "hoplimit") == 0) {
- unsigned hoplimit;
+ unsigned int hoplimit;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_HOPLIMIT);
@@ -948,7 +987,8 @@
invarg("\"hoplimit\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_HOPLIMIT, hoplimit);
} else if (strcmp(*argv, "advmss") == 0) {
- unsigned mss;
+ unsigned int mss;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_ADVMSS);
@@ -958,7 +998,8 @@
invarg("\"mss\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_ADVMSS, mss);
} else if (matches(*argv, "reordering") == 0) {
- unsigned reord;
+ unsigned int reord;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_REORDERING);
@@ -968,7 +1009,8 @@
invarg("\"reordering\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_REORDERING, reord);
} else if (strcmp(*argv, "rtt") == 0) {
- unsigned rtt;
+ unsigned int rtt;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_RTT);
@@ -979,7 +1021,8 @@
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_RTT,
(raw) ? rtt : rtt * 8);
} else if (strcmp(*argv, "rto_min") == 0) {
- unsigned rto_min;
+ unsigned int rto_min;
+
NEXT_ARG();
mxlock |= (1<<RTAX_RTO_MIN);
if (get_time_rtt(&rto_min, *argv, &raw))
@@ -988,7 +1031,8 @@
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_RTO_MIN,
rto_min);
} else if (matches(*argv, "window") == 0) {
- unsigned win;
+ unsigned int win;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_WINDOW);
@@ -998,7 +1042,8 @@
invarg("\"window\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_WINDOW, win);
} else if (matches(*argv, "cwnd") == 0) {
- unsigned win;
+ unsigned int win;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_CWND);
@@ -1008,7 +1053,8 @@
invarg("\"cwnd\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_CWND, win);
} else if (matches(*argv, "initcwnd") == 0) {
- unsigned win;
+ unsigned int win;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_INITCWND);
@@ -1018,7 +1064,8 @@
invarg("\"initcwnd\" value is invalid\n", *argv);
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_INITCWND, win);
} else if (matches(*argv, "initrwnd") == 0) {
- unsigned win;
+ unsigned int win;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_INITRWND);
@@ -1042,7 +1089,8 @@
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_FEATURES, features);
} else if (matches(*argv, "quickack") == 0) {
- unsigned quickack;
+ unsigned int quickack;
+
NEXT_ARG();
if (get_unsigned(&quickack, *argv, 0))
invarg("\"quickack\" value is invalid\n", *argv);
@@ -1058,7 +1106,8 @@
rta_addattr_l(mxrta, sizeof(mxbuf), RTAX_CC_ALGO, *argv,
strlen(*argv));
} else if (matches(*argv, "rttvar") == 0) {
- unsigned win;
+ unsigned int win;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_RTTVAR);
@@ -1069,7 +1118,8 @@
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_RTTVAR,
(raw) ? win : win * 4);
} else if (matches(*argv, "ssthresh") == 0) {
- unsigned win;
+ unsigned int win;
+
NEXT_ARG();
if (strcmp(*argv, "lock") == 0) {
mxlock |= (1<<RTAX_SSTHRESH);
@@ -1080,6 +1130,7 @@
rta_addattr32(mxrta, sizeof(mxbuf), RTAX_SSTHRESH, win);
} else if (matches(*argv, "realms") == 0) {
__u32 realm;
+
NEXT_ARG();
if (get_rt_realms_or_raw(&realm, *argv))
invarg("\"realm\" value is invalid\n", *argv);
@@ -1091,12 +1142,14 @@
break;
} else if (matches(*argv, "protocol") == 0) {
__u32 prot;
+
NEXT_ARG();
if (rtnl_rtprot_a2n(&prot, *argv))
invarg("\"protocol\" value is invalid\n", *argv);
req.r.rtm_protocol = prot;
} else if (matches(*argv, "table") == 0) {
__u32 tid;
+
NEXT_ARG();
if (rtnl_rttable_a2n(&tid, *argv))
invarg("\"table\" value is invalid\n", *argv);
@@ -1107,12 +1160,27 @@
addattr32(&req.n, sizeof(req), RTA_TABLE, tid);
}
table_ok = 1;
+ } else if (matches(*argv, "vrf") == 0) {
+ __u32 tid;
+
+ NEXT_ARG();
+ tid = ipvrf_get_table(*argv);
+ if (tid == 0)
+ invarg("Invalid VRF\n", *argv);
+ if (tid < 256)
+ req.r.rtm_table = tid;
+ else {
+ req.r.rtm_table = RT_TABLE_UNSPEC;
+ addattr32(&req.n, sizeof(req), RTA_TABLE, tid);
+ }
+ table_ok = 1;
} else if (strcmp(*argv, "dev") == 0 ||
strcmp(*argv, "oif") == 0) {
NEXT_ARG();
d = *argv;
} else if (matches(*argv, "pref") == 0) {
__u8 pref;
+
NEXT_ARG();
if (strcmp(*argv, "low") == 0)
pref = ICMPV6_ROUTER_PREF_LOW;
@@ -1125,7 +1193,7 @@
addattr8(&req.n, sizeof(req), RTA_PREF, pref);
} else if (strcmp(*argv, "encap") == 0) {
char buf[1024];
- struct rtattr *rta = (void*)buf;
+ struct rtattr *rta = (void *)buf;
rta->rta_type = RTA_ENCAP;
rta->rta_len = RTA_LENGTH(0);
@@ -1134,6 +1202,20 @@
if (rta->rta_len > RTA_LENGTH(0))
addraw_l(&req.n, 1024, RTA_DATA(rta), RTA_PAYLOAD(rta));
+ } else if (strcmp(*argv, "ttl-propagate") == 0) {
+ __u8 ttl_prop;
+
+ NEXT_ARG();
+ if (matches(*argv, "enabled") == 0)
+ ttl_prop = 1;
+ else if (matches(*argv, "disabled") == 0)
+ ttl_prop = 0;
+ else
+ invarg("\"ttl-propagate\" value is invalid\n",
+ *argv);
+
+ addattr8(&req.n, sizeof(req), RTA_TTL_PROPAGATE,
+ ttl_prop);
} else {
int type;
inet_prefix dst;
@@ -1166,16 +1248,14 @@
if (!dst_ok)
usage();
- if (d || nhs_ok) {
+ if (d) {
int idx;
- if (d) {
- if ((idx = ll_name_to_index(d)) == 0) {
- fprintf(stderr, "Cannot find device \"%s\"\n", d);
- return -1;
- }
- addattr32(&req.n, sizeof(req), RTA_OIF, idx);
+ if ((idx = ll_name_to_index(d)) == 0) {
+ fprintf(stderr, "Cannot find device \"%s\"\n", d);
+ return -1;
}
+ addattr32(&req.n, sizeof(req), RTA_OIF, idx);
}
if (mxrta->rta_len > RTA_LENGTH(0)) {
@@ -1231,22 +1311,17 @@
struct {
struct nlmsghdr nlh;
struct rtmsg rtm;
- } req;
- struct sockaddr_nl nladdr;
+ } req = {
+ .nlh.nlmsg_len = sizeof(req),
+ .nlh.nlmsg_type = RTM_GETROUTE,
+ .nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_REQUEST,
+ .nlh.nlmsg_seq = rth->dump = ++rth->seq,
+ .rtm.rtm_family = family,
+ .rtm.rtm_flags = RTM_F_CLONED,
+ };
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
- memset(&nladdr, 0, sizeof(nladdr));
- memset(&req, 0, sizeof(req));
- nladdr.nl_family = AF_NETLINK;
-
- req.nlh.nlmsg_len = sizeof(req);
- req.nlh.nlmsg_type = RTM_GETROUTE;
- req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_REQUEST;
- req.nlh.nlmsg_pid = 0;
- req.nlh.nlmsg_seq = rth->dump = ++rth->seq;
- req.rtm.rtm_family = family;
- req.rtm.rtm_flags |= RTM_F_CLONED;
-
- return sendto(rth->fd, (void*)&req, sizeof(req), 0, (struct sockaddr*)&nladdr, sizeof(nladdr));
+ return sendto(rth->fd, (void *)&req, sizeof(req), 0, (struct sockaddr *)&nladdr, sizeof(nladdr));
}
static int iproute_flush_cache(void)
@@ -1254,19 +1329,19 @@
#define ROUTE_FLUSH_PATH "/proc/sys/net/ipv4/route/flush"
int len;
- int flush_fd = open (ROUTE_FLUSH_PATH, O_WRONLY);
+ int flush_fd = open(ROUTE_FLUSH_PATH, O_WRONLY);
char *buffer = "-1";
if (flush_fd < 0) {
- fprintf (stderr, "Cannot open \"%s\": %s\n",
+ fprintf(stderr, "Cannot open \"%s\": %s\n",
ROUTE_FLUSH_PATH, strerror(errno));
return -1;
}
- len = strlen (buffer);
+ len = strlen(buffer);
- if ((write (flush_fd, (void *)buffer, len)) < len) {
- fprintf (stderr, "Cannot flush routing cache\n");
+ if ((write(flush_fd, (void *)buffer, len)) < len) {
+ fprintf(stderr, "Cannot flush routing cache\n");
close(flush_fd);
return -1;
}
@@ -1326,6 +1401,7 @@
char *od = NULL;
unsigned int mark = 0;
rtnl_filter_t filter_fn;
+ int ret;
if (action == IPROUTE_SAVE) {
if (save_route_prep())
@@ -1346,6 +1422,7 @@
while (argc > 0) {
if (matches(*argv, "table") == 0) {
__u32 tid;
+
NEXT_ARG();
if (rtnl_rttable_a2n(&tid, *argv)) {
if (strcmp(*argv, "all") == 0) {
@@ -1359,12 +1436,22 @@
}
} else
filter.tb = tid;
+ } else if (matches(*argv, "vrf") == 0) {
+ __u32 tid;
+
+ NEXT_ARG();
+ tid = ipvrf_get_table(*argv);
+ if (tid == 0)
+ invarg("Invalid VRF\n", *argv);
+ filter.tb = tid;
+ filter.typemask = ~(1 << RTN_LOCAL | 1<<RTN_BROADCAST);
} else if (matches(*argv, "cached") == 0 ||
matches(*argv, "cloned") == 0) {
filter.cloned = 1;
} else if (strcmp(*argv, "tos") == 0 ||
matches(*argv, "dsfield") == 0) {
__u32 tos;
+
NEXT_ARG();
if (rtnl_dsfield_a2n(&tos, *argv))
invarg("TOS value is invalid\n", *argv);
@@ -1372,6 +1459,7 @@
filter.tosmask = -1;
} else if (matches(*argv, "protocol") == 0) {
__u32 prot = 0;
+
NEXT_ARG();
filter.protocolmask = -1;
if (rtnl_rtprot_a2n(&prot, *argv)) {
@@ -1383,6 +1471,7 @@
filter.protocol = prot;
} else if (matches(*argv, "scope") == 0) {
__u32 scope = 0;
+
NEXT_ARG();
filter.scopemask = -1;
if (rtnl_rtscope_a2n(&scope, *argv)) {
@@ -1394,11 +1483,11 @@
filter.scope = scope;
} else if (matches(*argv, "type") == 0) {
int type;
+
NEXT_ARG();
- filter.typemask = -1;
if (rtnl_rtntype_a2n(&type, *argv))
invarg("node type value is invalid\n", *argv);
- filter.type = type;
+ filter.typemask = (1<<type);
} else if (strcmp(*argv, "dev") == 0 ||
strcmp(*argv, "oif") == 0) {
NEXT_ARG();
@@ -1408,10 +1497,12 @@
id = *argv;
} else if (strcmp(*argv, "mark") == 0) {
NEXT_ARG();
- get_unsigned(&mark, *argv, 0);
+ if (get_unsigned(&mark, *argv, 0))
+ invarg("invalid mark value", *argv);
filter.markmask = -1;
} else if (strcmp(*argv, "via") == 0) {
int family;
+
NEXT_ARG();
family = read_family(*argv);
if (family == AF_UNSPEC)
@@ -1424,6 +1515,7 @@
get_prefix(&filter.rprefsrc, *argv, do_ipv6);
} else if (matches(*argv, "realms") == 0) {
__u32 realm;
+
NEXT_ARG();
if (get_rt_realms_or_raw(&realm, *argv))
invarg("invalid realms\n", *argv);
@@ -1519,31 +1611,31 @@
for (;;) {
if (rtnl_wilddump_request(&rth, do_ipv6, RTM_GETROUTE) < 0) {
perror("Cannot send dump request");
- exit(1);
+ return -2;
}
filter.flushed = 0;
if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) {
fprintf(stderr, "Flush terminated\n");
- exit(1);
+ return -2;
}
if (filter.flushed == 0) {
if (show_stats) {
if (round == 0 && (!filter.cloned || do_ipv6 == AF_INET6))
printf("Nothing to flush.\n");
else
- printf("*** Flush is complete after %d round%s ***\n", round, round>1?"s":"");
+ printf("*** Flush is complete after %d round%s ***\n", round, round > 1?"s":"");
}
fflush(stdout);
return 0;
}
round++;
- if (flush_update() < 0)
- exit(1);
+ if ((ret = flush_update()) < 0)
+ return ret;
if (time(0) - start > 30) {
printf("\n*** Flush not completed after %ld seconds, %d entries remain ***\n",
(long)(time(0) - start), filter.flushed);
- exit(1);
+ return -1;
}
if (show_stats) {
@@ -1556,21 +1648,21 @@
if (!filter.cloned) {
if (rtnl_wilddump_request(&rth, do_ipv6, RTM_GETROUTE) < 0) {
perror("Cannot send dump request");
- exit(1);
+ return -2;
}
} else {
if (rtnl_rtcache_request(&rth, do_ipv6) < 0) {
perror("Cannot send dump request");
- exit(1);
+ return -2;
}
}
if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) {
fprintf(stderr, "Dump terminated\n");
- exit(1);
+ return -2;
}
- exit(0);
+ return 0;
}
@@ -1579,41 +1671,35 @@
struct {
struct nlmsghdr n;
struct rtmsg r;
- char buf[1024];
- } req;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETROUTE,
+ .r.rtm_family = preferred_family,
+ };
char *idev = NULL;
char *odev = NULL;
int connected = 0;
+ int fib_match = 0;
int from_ok = 0;
unsigned int mark = 0;
- memset(&req, 0, sizeof(req));
-
iproute_reset_filter(0);
filter.cloned = 2;
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETROUTE;
- req.r.rtm_family = preferred_family;
- req.r.rtm_table = 0;
- req.r.rtm_protocol = 0;
- req.r.rtm_scope = 0;
- req.r.rtm_type = 0;
- req.r.rtm_src_len = 0;
- req.r.rtm_dst_len = 0;
- req.r.rtm_tos = 0;
-
while (argc > 0) {
if (strcmp(*argv, "tos") == 0 ||
matches(*argv, "dsfield") == 0) {
__u32 tos;
+
NEXT_ARG();
if (rtnl_dsfield_a2n(&tos, *argv))
invarg("TOS value is invalid\n", *argv);
req.r.rtm_tos = tos;
} else if (matches(*argv, "from") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (matches(*argv, "help") == 0)
usage();
@@ -1629,7 +1715,8 @@
idev = *argv;
} else if (matches(*argv, "mark") == 0) {
NEXT_ARG();
- get_unsigned(&mark, *argv, 0);
+ if (get_unsigned(&mark, *argv, 0))
+ invarg("invalid mark value", *argv);
} else if (matches(*argv, "oif") == 0 ||
strcmp(*argv, "dev") == 0) {
NEXT_ARG();
@@ -1638,6 +1725,11 @@
req.r.rtm_flags |= RTM_F_NOTIFY;
} else if (matches(*argv, "connected") == 0) {
connected = 1;
+ } else if (matches(*argv, "vrf") == 0) {
+ NEXT_ARG();
+ if (!name_is_vrf(*argv))
+ invarg("Invalid VRF\n", *argv);
+ odev = *argv;
} else if (matches(*argv, "uid") == 0) {
uid_t uid;
@@ -1645,8 +1737,21 @@
if (get_unsigned(&uid, *argv, 0))
invarg("invalid UID\n", *argv);
addattr32(&req.n, sizeof(req), RTA_UID, uid);
+ } else if (matches(*argv, "fibmatch") == 0) {
+ fib_match = 1;
+ } else if (strcmp(*argv, "as") == 0) {
+ inet_prefix addr;
+
+ NEXT_ARG();
+ if (strcmp(*argv, "to") == 0)
+ NEXT_ARG();
+ get_addr(&addr, *argv, req.r.rtm_family);
+ if (req.r.rtm_family == AF_UNSPEC)
+ req.r.rtm_family = addr.family;
+ addattr_l(&req.n, sizeof(req), RTA_NEWDST, &addr.data, addr.bytelen);
} else {
inet_prefix addr;
+
if (strcmp(*argv, "to") == 0) {
NEXT_ARG();
}
@@ -1664,7 +1769,7 @@
if (req.r.rtm_dst_len == 0) {
fprintf(stderr, "need at least a destination address\n");
- exit(1);
+ return -1;
}
if (idev || odev) {
@@ -1692,6 +1797,8 @@
req.r.rtm_family = AF_INET;
req.r.rtm_flags |= RTM_F_LOOKUP_TABLE;
+ if (fib_match)
+ req.r.rtm_flags |= RTM_F_FIB_MATCH;
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0)
return -2;
@@ -1699,11 +1806,11 @@
if (connected && !from_ok) {
struct rtmsg *r = NLMSG_DATA(&req.n);
int len = req.n.nlmsg_len;
- struct rtattr * tb[RTA_MAX+1];
+ struct rtattr *tb[RTA_MAX+1];
- if (print_route(NULL, &req.n, (void*)stdout) < 0) {
+ if (print_route(NULL, &req.n, (void *)stdout) < 0) {
fprintf(stderr, "An error :-)\n");
- exit(1);
+ return -1;
}
if (req.n.nlmsg_type != RTM_NEWROUTE) {
@@ -1740,7 +1847,7 @@
return -2;
}
- if (print_route(NULL, &req.n, (void*)stdout) < 0) {
+ if (print_route(NULL, &req.n, (void *)stdout) < 0) {
fprintf(stderr, "An error :-)\n");
return -1;
}
@@ -1748,12 +1855,42 @@
return 0;
}
+static int rtattr_cmp(const struct rtattr *rta1, const struct rtattr *rta2)
+{
+ if (!rta1 || !rta2 || rta1->rta_len != rta2->rta_len)
+ return 1;
+
+ return memcmp(RTA_DATA(rta1), RTA_DATA(rta2), RTA_PAYLOAD(rta1));
+}
+
static int restore_handler(const struct sockaddr_nl *nl,
struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg)
{
- int ret;
+ struct rtmsg *r = NLMSG_DATA(n);
+ struct rtattr *tb[RTA_MAX+1];
+ int len = n->nlmsg_len - NLMSG_LENGTH(sizeof(*r));
+ int ret, prio = *(int *)arg;
+ parse_rtattr(tb, RTA_MAX, RTM_RTA(r), len);
+
+ /* Restore routes in correct order:
+ * 0. ones for local addresses,
+ * 1. ones for local networks,
+ * 2. others (remote networks/hosts).
+ */
+ if (!prio && !tb[RTA_GATEWAY] && (!tb[RTA_PREFSRC] ||
+ !rtattr_cmp(tb[RTA_PREFSRC], tb[RTA_DST])))
+ goto restore;
+ else if (prio == 1 && !tb[RTA_GATEWAY] && tb[RTA_PREFSRC] &&
+ rtattr_cmp(tb[RTA_PREFSRC], tb[RTA_DST]))
+ goto restore;
+ else if (prio == 2 && tb[RTA_GATEWAY])
+ goto restore;
+
+ return 0;
+
+restore:
n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK;
ll_init_map(&rth);
@@ -1786,10 +1923,31 @@
static int iproute_restore(void)
{
- if (route_dump_check_magic())
- exit(-1);
+ int pos, prio;
- exit(rtnl_from_file(stdin, &restore_handler, NULL));
+ if (route_dump_check_magic())
+ return -1;
+
+ pos = ftell(stdin);
+ if (pos == -1) {
+ perror("Failed to restore: ftell");
+ return -1;
+ }
+
+ for (prio = 0; prio < 3; prio++) {
+ int err;
+
+ err = rtnl_from_file(stdin, &restore_handler, &prio);
+ if (err)
+ return -2;
+
+ if (fseek(stdin, pos, SEEK_SET) == -1) {
+ perror("Failed to restore: fseek");
+ return -1;
+ }
+ }
+
+ return 0;
}
static int show_handler(const struct sockaddr_nl *nl,
@@ -1803,9 +1961,12 @@
static int iproute_showdump(void)
{
if (route_dump_check_magic())
- exit(-1);
+ return -1;
- exit(rtnl_from_file(stdin, &show_handler, NULL));
+ if (rtnl_from_file(stdin, &show_handler, NULL))
+ return -2;
+
+ return 0;
}
void iproute_reset_filter(int ifindex)
diff --git a/ip/iproute_lwtunnel.c b/ip/iproute_lwtunnel.c
index 7074906..1c8adbe 100644
--- a/ip/iproute_lwtunnel.c
+++ b/ip/iproute_lwtunnel.c
@@ -7,7 +7,7 @@
* 2 of the License, or (at your option) any later version.
*
* Authors: Roopa Prabhu, <roopa@cumulusnetworks.com>
- * Thomas Graf <tgraf@suug.ch>
+ * Thomas Graf <tgraf@suug.ch>
*
*/
@@ -24,20 +24,13 @@
#include "rt_names.h"
#include "utils.h"
#include "iproute_lwtunnel.h"
+#include "bpf_util.h"
-static int read_encap_type(const char *name)
-{
- if (strcmp(name, "mpls") == 0)
- return LWTUNNEL_ENCAP_MPLS;
- else if (strcmp(name, "ip") == 0)
- return LWTUNNEL_ENCAP_IP;
- else if (strcmp(name, "ip6") == 0)
- return LWTUNNEL_ENCAP_IP6;
- else if (strcmp(name, "ila") == 0)
- return LWTUNNEL_ENCAP_ILA;
- else
- return LWTUNNEL_ENCAP_NONE;
-}
+#include <linux/seg6.h>
+#include <linux/seg6_iptunnel.h>
+#include <linux/seg6_hmac.h>
+#include <linux/seg6_local.h>
+#include <net/if.h>
static const char *format_encap_type(int type)
{
@@ -50,48 +43,234 @@
return "ip6";
case LWTUNNEL_ENCAP_ILA:
return "ila";
+ case LWTUNNEL_ENCAP_BPF:
+ return "bpf";
+ case LWTUNNEL_ENCAP_SEG6:
+ return "seg6";
+ case LWTUNNEL_ENCAP_SEG6_LOCAL:
+ return "seg6local";
default:
return "unknown";
}
}
+static void encap_type_usage(void)
+{
+ int i;
+
+ fprintf(stderr, "Usage: ip route ... encap TYPE [ OPTIONS ] [...]\n");
+
+ for (i = 1; i <= LWTUNNEL_ENCAP_MAX; i++)
+ fprintf(stderr, "%s %s\n", format_encap_type(i),
+ i == 1 ? "TYPE := " : " ");
+
+ exit(-1);
+}
+
+static int read_encap_type(const char *name)
+{
+ if (strcmp(name, "mpls") == 0)
+ return LWTUNNEL_ENCAP_MPLS;
+ else if (strcmp(name, "ip") == 0)
+ return LWTUNNEL_ENCAP_IP;
+ else if (strcmp(name, "ip6") == 0)
+ return LWTUNNEL_ENCAP_IP6;
+ else if (strcmp(name, "ila") == 0)
+ return LWTUNNEL_ENCAP_ILA;
+ else if (strcmp(name, "bpf") == 0)
+ return LWTUNNEL_ENCAP_BPF;
+ else if (strcmp(name, "seg6") == 0)
+ return LWTUNNEL_ENCAP_SEG6;
+ else if (strcmp(name, "seg6local") == 0)
+ return LWTUNNEL_ENCAP_SEG6_LOCAL;
+ else if (strcmp(name, "help") == 0)
+ encap_type_usage();
+
+ return LWTUNNEL_ENCAP_NONE;
+}
+
+static void print_srh(FILE *fp, struct ipv6_sr_hdr *srh)
+{
+ int i;
+
+ fprintf(fp, "segs %d [ ", srh->first_segment + 1);
+
+ for (i = srh->first_segment; i >= 0; i--)
+ fprintf(fp, "%s ",
+ rt_addr_n2a(AF_INET6, 16, &srh->segments[i]));
+
+ fprintf(fp, "] ");
+
+ if (sr_has_hmac(srh)) {
+ unsigned int offset = ((srh->hdrlen + 1) << 3) - 40;
+ struct sr6_tlv_hmac *tlv;
+
+ tlv = (struct sr6_tlv_hmac *)((char *)srh + offset);
+ fprintf(fp, "hmac 0x%X ", ntohl(tlv->hmackeyid));
+ }
+}
+
+static const char *seg6_mode_types[] = {
+ [SEG6_IPTUN_MODE_INLINE] = "inline",
+ [SEG6_IPTUN_MODE_ENCAP] = "encap",
+ [SEG6_IPTUN_MODE_L2ENCAP] = "l2encap",
+};
+
+static const char *format_seg6mode_type(int mode)
+{
+ if (mode < 0 || mode > ARRAY_SIZE(seg6_mode_types))
+ return "<unknown>";
+
+ return seg6_mode_types[mode];
+}
+
+static int read_seg6mode_type(const char *mode)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(seg6_mode_types); i++) {
+ if (strcmp(mode, seg6_mode_types[i]) == 0)
+ return i;
+ }
+
+ return -1;
+}
+
+static void print_encap_seg6(FILE *fp, struct rtattr *encap)
+{
+ struct rtattr *tb[SEG6_IPTUNNEL_MAX+1];
+ struct seg6_iptunnel_encap *tuninfo;
+
+ parse_rtattr_nested(tb, SEG6_IPTUNNEL_MAX, encap);
+
+ if (!tb[SEG6_IPTUNNEL_SRH])
+ return;
+
+ tuninfo = RTA_DATA(tb[SEG6_IPTUNNEL_SRH]);
+ fprintf(fp, "mode %s ", format_seg6mode_type(tuninfo->mode));
+
+ print_srh(fp, tuninfo->srh);
+}
+
+static const char *seg6_action_names[SEG6_LOCAL_ACTION_MAX + 1] = {
+ [SEG6_LOCAL_ACTION_END] = "End",
+ [SEG6_LOCAL_ACTION_END_X] = "End.X",
+ [SEG6_LOCAL_ACTION_END_T] = "End.T",
+ [SEG6_LOCAL_ACTION_END_DX2] = "End.DX2",
+ [SEG6_LOCAL_ACTION_END_DX6] = "End.DX6",
+ [SEG6_LOCAL_ACTION_END_DX4] = "End.DX4",
+ [SEG6_LOCAL_ACTION_END_DT6] = "End.DT6",
+ [SEG6_LOCAL_ACTION_END_DT4] = "End.DT4",
+ [SEG6_LOCAL_ACTION_END_B6] = "End.B6",
+ [SEG6_LOCAL_ACTION_END_B6_ENCAP] = "End.B6.Encaps",
+ [SEG6_LOCAL_ACTION_END_BM] = "End.BM",
+ [SEG6_LOCAL_ACTION_END_S] = "End.S",
+ [SEG6_LOCAL_ACTION_END_AS] = "End.AS",
+ [SEG6_LOCAL_ACTION_END_AM] = "End.AM",
+};
+
+static const char *format_action_type(int action)
+{
+ if (action < 0 || action > SEG6_LOCAL_ACTION_MAX)
+ return "<invalid>";
+
+ return seg6_action_names[action] ?: "<unknown>";
+}
+
+static int read_action_type(const char *name)
+{
+ int i;
+
+ for (i = 0; i < SEG6_LOCAL_ACTION_MAX + 1; i++) {
+ if (!seg6_action_names[i])
+ continue;
+
+ if (strcmp(seg6_action_names[i], name) == 0)
+ return i;
+ }
+
+ return SEG6_LOCAL_ACTION_UNSPEC;
+}
+
+static void print_encap_seg6local(FILE *fp, struct rtattr *encap)
+{
+ struct rtattr *tb[SEG6_LOCAL_MAX + 1];
+ char ifbuf[IFNAMSIZ];
+ int action;
+
+ parse_rtattr_nested(tb, SEG6_LOCAL_MAX, encap);
+
+ if (!tb[SEG6_LOCAL_ACTION])
+ return;
+
+ action = rta_getattr_u32(tb[SEG6_LOCAL_ACTION]);
+
+ fprintf(fp, "action %s ", format_action_type(action));
+
+ if (tb[SEG6_LOCAL_SRH]) {
+ fprintf(fp, "srh ");
+ print_srh(fp, RTA_DATA(tb[SEG6_LOCAL_SRH]));
+ }
+
+ if (tb[SEG6_LOCAL_TABLE])
+ fprintf(fp, "table %u ", rta_getattr_u32(tb[SEG6_LOCAL_TABLE]));
+
+ if (tb[SEG6_LOCAL_NH4]) {
+ fprintf(fp, "nh4 %s ",
+ rt_addr_n2a_rta(AF_INET, tb[SEG6_LOCAL_NH4]));
+ }
+
+ if (tb[SEG6_LOCAL_NH6]) {
+ fprintf(fp, "nh6 %s ",
+ rt_addr_n2a_rta(AF_INET6, tb[SEG6_LOCAL_NH6]));
+ }
+
+ if (tb[SEG6_LOCAL_IIF]) {
+ int iif = rta_getattr_u32(tb[SEG6_LOCAL_IIF]);
+
+ fprintf(fp, "iif %s ",
+ if_indextoname(iif, ifbuf) ?: "<unknown>");
+ }
+
+ if (tb[SEG6_LOCAL_OIF]) {
+ int oif = rta_getattr_u32(tb[SEG6_LOCAL_OIF]);
+
+ fprintf(fp, "oif %s ",
+ if_indextoname(oif, ifbuf) ?: "<unknown>");
+ }
+}
+
static void print_encap_mpls(FILE *fp, struct rtattr *encap)
{
struct rtattr *tb[MPLS_IPTUNNEL_MAX+1];
- char abuf[256];
parse_rtattr_nested(tb, MPLS_IPTUNNEL_MAX, encap);
if (tb[MPLS_IPTUNNEL_DST])
- fprintf(fp, " %s ", format_host(AF_MPLS,
- RTA_PAYLOAD(tb[MPLS_IPTUNNEL_DST]),
- RTA_DATA(tb[MPLS_IPTUNNEL_DST]),
- abuf, sizeof(abuf)));
+ fprintf(fp, " %s ",
+ format_host_rta(AF_MPLS, tb[MPLS_IPTUNNEL_DST]));
+ if (tb[MPLS_IPTUNNEL_TTL])
+ fprintf(fp, "ttl %u ",
+ rta_getattr_u8(tb[MPLS_IPTUNNEL_TTL]));
}
static void print_encap_ip(FILE *fp, struct rtattr *encap)
{
struct rtattr *tb[LWTUNNEL_IP_MAX+1];
- char abuf[256];
parse_rtattr_nested(tb, LWTUNNEL_IP_MAX, encap);
if (tb[LWTUNNEL_IP_ID])
- fprintf(fp, "id %llu ", ntohll(rta_getattr_u64(tb[LWTUNNEL_IP_ID])));
+ fprintf(fp, "id %llu ",
+ ntohll(rta_getattr_u64(tb[LWTUNNEL_IP_ID])));
if (tb[LWTUNNEL_IP_SRC])
fprintf(fp, "src %s ",
- rt_addr_n2a(AF_INET,
- RTA_PAYLOAD(tb[LWTUNNEL_IP_SRC]),
- RTA_DATA(tb[LWTUNNEL_IP_SRC]),
- abuf, sizeof(abuf)));
+ rt_addr_n2a_rta(AF_INET, tb[LWTUNNEL_IP_SRC]));
if (tb[LWTUNNEL_IP_DST])
fprintf(fp, "dst %s ",
- rt_addr_n2a(AF_INET,
- RTA_PAYLOAD(tb[LWTUNNEL_IP_DST]),
- RTA_DATA(tb[LWTUNNEL_IP_DST]),
- abuf, sizeof(abuf)));
+ rt_addr_n2a_rta(AF_INET, tb[LWTUNNEL_IP_DST]));
if (tb[LWTUNNEL_IP_TTL])
fprintf(fp, "ttl %d ", rta_getattr_u8(tb[LWTUNNEL_IP_TTL]));
@@ -100,6 +279,32 @@
fprintf(fp, "tos %d ", rta_getattr_u8(tb[LWTUNNEL_IP_TOS]));
}
+static char *ila_csum_mode2name(__u8 csum_mode)
+{
+ switch (csum_mode) {
+ case ILA_CSUM_ADJUST_TRANSPORT:
+ return "adj-transport";
+ case ILA_CSUM_NEUTRAL_MAP:
+ return "neutral-map";
+ case ILA_CSUM_NO_ACTION:
+ return "no-action";
+ default:
+ return "unknown";
+ }
+}
+
+static int ila_csum_name2mode(char *name)
+{
+ if (strcmp(name, "adj-transport") == 0)
+ return ILA_CSUM_ADJUST_TRANSPORT;
+ else if (strcmp(name, "neutral-map") == 0)
+ return ILA_CSUM_NEUTRAL_MAP;
+ else if (strcmp(name, "no-action") == 0)
+ return ILA_CSUM_NO_ACTION;
+ else
+ return -1;
+}
+
static void print_encap_ila(FILE *fp, struct rtattr *encap)
{
struct rtattr *tb[ILA_ATTR_MAX+1];
@@ -109,43 +314,70 @@
if (tb[ILA_ATTR_LOCATOR]) {
char abuf[ADDR64_BUF_SIZE];
- addr64_n2a(*(__u64 *)RTA_DATA(tb[ILA_ATTR_LOCATOR]),
+ addr64_n2a(rta_getattr_u64(tb[ILA_ATTR_LOCATOR]),
abuf, sizeof(abuf));
fprintf(fp, " %s ", abuf);
}
+
+ if (tb[ILA_ATTR_CSUM_MODE])
+ fprintf(fp, " csum-mode %s ",
+ ila_csum_mode2name(rta_getattr_u8(tb[ILA_ATTR_CSUM_MODE])));
}
static void print_encap_ip6(FILE *fp, struct rtattr *encap)
{
struct rtattr *tb[LWTUNNEL_IP6_MAX+1];
- char abuf[256];
parse_rtattr_nested(tb, LWTUNNEL_IP6_MAX, encap);
if (tb[LWTUNNEL_IP6_ID])
- fprintf(fp, "id %llu ", ntohll(rta_getattr_u64(tb[LWTUNNEL_IP6_ID])));
+ fprintf(fp, "id %llu ",
+ ntohll(rta_getattr_u64(tb[LWTUNNEL_IP6_ID])));
if (tb[LWTUNNEL_IP6_SRC])
fprintf(fp, "src %s ",
- rt_addr_n2a(AF_INET6,
- RTA_PAYLOAD(tb[LWTUNNEL_IP6_SRC]),
- RTA_DATA(tb[LWTUNNEL_IP6_SRC]),
- abuf, sizeof(abuf)));
+ rt_addr_n2a_rta(AF_INET6, tb[LWTUNNEL_IP6_SRC]));
if (tb[LWTUNNEL_IP6_DST])
fprintf(fp, "dst %s ",
- rt_addr_n2a(AF_INET6,
- RTA_PAYLOAD(tb[LWTUNNEL_IP6_DST]),
- RTA_DATA(tb[LWTUNNEL_IP6_DST]),
- abuf, sizeof(abuf)));
+ rt_addr_n2a_rta(AF_INET6, tb[LWTUNNEL_IP6_DST]));
if (tb[LWTUNNEL_IP6_HOPLIMIT])
- fprintf(fp, "hoplimit %d ", rta_getattr_u8(tb[LWTUNNEL_IP6_HOPLIMIT]));
+ fprintf(fp, "hoplimit %d ",
+ rta_getattr_u8(tb[LWTUNNEL_IP6_HOPLIMIT]));
if (tb[LWTUNNEL_IP6_TC])
fprintf(fp, "tc %d ", rta_getattr_u8(tb[LWTUNNEL_IP6_TC]));
}
+static void print_encap_bpf_prog(FILE *fp, struct rtattr *encap,
+ const char *str)
+{
+ struct rtattr *tb[LWT_BPF_PROG_MAX+1];
+
+ parse_rtattr_nested(tb, LWT_BPF_PROG_MAX, encap);
+ fprintf(fp, "%s ", str);
+
+ if (tb[LWT_BPF_PROG_NAME])
+ fprintf(fp, "%s ", rta_getattr_str(tb[LWT_BPF_PROG_NAME]));
+}
+
+static void print_encap_bpf(FILE *fp, struct rtattr *encap)
+{
+ struct rtattr *tb[LWT_BPF_MAX+1];
+
+ parse_rtattr_nested(tb, LWT_BPF_MAX, encap);
+
+ if (tb[LWT_BPF_IN])
+ print_encap_bpf_prog(fp, tb[LWT_BPF_IN], "in");
+ if (tb[LWT_BPF_OUT])
+ print_encap_bpf_prog(fp, tb[LWT_BPF_OUT], "out");
+ if (tb[LWT_BPF_XMIT])
+ print_encap_bpf_prog(fp, tb[LWT_BPF_XMIT], "xmit");
+ if (tb[LWT_BPF_XMIT_HEADROOM])
+ fprintf(fp, "%d ", rta_getattr_u32(tb[LWT_BPF_XMIT_HEADROOM]));
+}
+
void lwt_print_encap(FILE *fp, struct rtattr *encap_type,
struct rtattr *encap)
{
@@ -171,30 +403,287 @@
case LWTUNNEL_ENCAP_IP6:
print_encap_ip6(fp, encap);
break;
+ case LWTUNNEL_ENCAP_BPF:
+ print_encap_bpf(fp, encap);
+ break;
+ case LWTUNNEL_ENCAP_SEG6:
+ print_encap_seg6(fp, encap);
+ break;
+ case LWTUNNEL_ENCAP_SEG6_LOCAL:
+ print_encap_seg6local(fp, encap);
+ break;
}
}
-static int parse_encap_mpls(struct rtattr *rta, size_t len, int *argcp, char ***argvp)
+static struct ipv6_sr_hdr *parse_srh(char *segbuf, int hmac, bool encap)
+{
+ struct ipv6_sr_hdr *srh;
+ int nsegs = 0;
+ int srhlen;
+ char *s;
+ int i;
+
+ s = segbuf;
+ for (i = 0; *s; *s++ == ',' ? i++ : *s);
+ nsegs = i + 1;
+
+ if (!encap)
+ nsegs++;
+
+ srhlen = 8 + 16*nsegs;
+
+ if (hmac)
+ srhlen += 40;
+
+ srh = malloc(srhlen);
+ memset(srh, 0, srhlen);
+
+ srh->hdrlen = (srhlen >> 3) - 1;
+ srh->type = 4;
+ srh->segments_left = nsegs - 1;
+ srh->first_segment = nsegs - 1;
+
+ if (hmac)
+ srh->flags |= SR6_FLAG1_HMAC;
+
+ i = srh->first_segment;
+ for (s = strtok(segbuf, ","); s; s = strtok(NULL, ",")) {
+ inet_get_addr(s, NULL, &srh->segments[i]);
+ i--;
+ }
+
+ if (hmac) {
+ struct sr6_tlv_hmac *tlv;
+
+ tlv = (struct sr6_tlv_hmac *)((char *)srh + srhlen - 40);
+ tlv->tlvhdr.type = SR6_TLV_HMAC;
+ tlv->tlvhdr.len = 38;
+ tlv->hmackeyid = htonl(hmac);
+ }
+
+ return srh;
+}
+
+static int parse_encap_seg6(struct rtattr *rta, size_t len, int *argcp,
+ char ***argvp)
+{
+ int mode_ok = 0, segs_ok = 0, hmac_ok = 0;
+ struct seg6_iptunnel_encap *tuninfo;
+ struct ipv6_sr_hdr *srh;
+ char **argv = *argvp;
+ char segbuf[1024];
+ int argc = *argcp;
+ int encap = -1;
+ __u32 hmac = 0;
+ int srhlen;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "mode") == 0) {
+ NEXT_ARG();
+ if (mode_ok++)
+ duparg2("mode", *argv);
+ encap = read_seg6mode_type(*argv);
+ if (encap < 0)
+ invarg("\"mode\" value is invalid\n", *argv);
+ } else if (strcmp(*argv, "segs") == 0) {
+ NEXT_ARG();
+ if (segs_ok++)
+ duparg2("segs", *argv);
+ if (encap == -1)
+ invarg("\"segs\" provided before \"mode\"\n",
+ *argv);
+
+ strlcpy(segbuf, *argv, 1024);
+ } else if (strcmp(*argv, "hmac") == 0) {
+ NEXT_ARG();
+ if (hmac_ok++)
+ duparg2("hmac", *argv);
+ get_u32(&hmac, *argv, 0);
+ } else {
+ break;
+ }
+ argc--; argv++;
+ }
+
+ srh = parse_srh(segbuf, hmac, encap);
+ srhlen = (srh->hdrlen + 1) << 3;
+
+ tuninfo = malloc(sizeof(*tuninfo) + srhlen);
+ memset(tuninfo, 0, sizeof(*tuninfo) + srhlen);
+
+ tuninfo->mode = encap;
+
+ memcpy(tuninfo->srh, srh, srhlen);
+
+ rta_addattr_l(rta, len, SEG6_IPTUNNEL_SRH, tuninfo,
+ sizeof(*tuninfo) + srhlen);
+
+ free(tuninfo);
+ free(srh);
+
+ *argcp = argc + 1;
+ *argvp = argv - 1;
+
+ return 0;
+}
+
+static int parse_encap_seg6local(struct rtattr *rta, size_t len, int *argcp,
+ char ***argvp)
+{
+ int segs_ok = 0, hmac_ok = 0, table_ok = 0, nh4_ok = 0, nh6_ok = 0;
+ int iif_ok = 0, oif_ok = 0, action_ok = 0, srh_ok = 0;
+ __u32 action = 0, table, iif, oif;
+ struct ipv6_sr_hdr *srh;
+ char **argv = *argvp;
+ int argc = *argcp;
+ char segbuf[1024];
+ inet_prefix addr;
+ __u32 hmac = 0;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "action") == 0) {
+ NEXT_ARG();
+ if (action_ok++)
+ duparg2("action", *argv);
+ action = read_action_type(*argv);
+ if (!action)
+ invarg("\"action\" value is invalid\n", *argv);
+ rta_addattr32(rta, len, SEG6_LOCAL_ACTION, action);
+ } else if (strcmp(*argv, "table") == 0) {
+ NEXT_ARG();
+ if (table_ok++)
+ duparg2("table", *argv);
+ get_u32(&table, *argv, 0);
+ rta_addattr32(rta, len, SEG6_LOCAL_TABLE, table);
+ } else if (strcmp(*argv, "nh4") == 0) {
+ NEXT_ARG();
+ if (nh4_ok++)
+ duparg2("nh4", *argv);
+ get_addr(&addr, *argv, AF_INET);
+ rta_addattr_l(rta, len, SEG6_LOCAL_NH4, &addr.data,
+ addr.bytelen);
+ } else if (strcmp(*argv, "nh6") == 0) {
+ NEXT_ARG();
+ if (nh6_ok++)
+ duparg2("nh6", *argv);
+ get_addr(&addr, *argv, AF_INET6);
+ rta_addattr_l(rta, len, SEG6_LOCAL_NH6, &addr.data,
+ addr.bytelen);
+ } else if (strcmp(*argv, "iif") == 0) {
+ NEXT_ARG();
+ if (iif_ok++)
+ duparg2("iif", *argv);
+ iif = if_nametoindex(*argv);
+ if (!iif)
+ invarg("\"iif\" interface not found\n", *argv);
+ rta_addattr32(rta, len, SEG6_LOCAL_IIF, iif);
+ } else if (strcmp(*argv, "oif") == 0) {
+ NEXT_ARG();
+ if (oif_ok++)
+ duparg2("oif", *argv);
+ oif = if_nametoindex(*argv);
+ if (!oif)
+ invarg("\"oif\" interface not found\n", *argv);
+ rta_addattr32(rta, len, SEG6_LOCAL_OIF, oif);
+ } else if (strcmp(*argv, "srh") == 0) {
+ NEXT_ARG();
+ if (srh_ok++)
+ duparg2("srh", *argv);
+ if (strcmp(*argv, "segs") != 0)
+ invarg("missing \"segs\" attribute for srh\n",
+ *argv);
+ NEXT_ARG();
+ if (segs_ok++)
+ duparg2("segs", *argv);
+ strncpy(segbuf, *argv, 1024);
+ segbuf[1023] = 0;
+ if (!NEXT_ARG_OK())
+ break;
+ NEXT_ARG();
+ if (strcmp(*argv, "hmac") == 0) {
+ NEXT_ARG();
+ if (hmac_ok++)
+ duparg2("hmac", *argv);
+ get_u32(&hmac, *argv, 0);
+ } else {
+ continue;
+ }
+ } else {
+ break;
+ }
+ argc--; argv++;
+ }
+
+ if (!action) {
+ fprintf(stderr, "Missing action type\n");
+ exit(-1);
+ }
+
+ if (srh_ok) {
+ int srhlen;
+
+ srh = parse_srh(segbuf, hmac,
+ action == SEG6_LOCAL_ACTION_END_B6_ENCAP);
+ srhlen = (srh->hdrlen + 1) << 3;
+ rta_addattr_l(rta, len, SEG6_LOCAL_SRH, srh, srhlen);
+ free(srh);
+ }
+
+ *argcp = argc + 1;
+ *argvp = argv - 1;
+
+ return 0;
+}
+
+static int parse_encap_mpls(struct rtattr *rta, size_t len,
+ int *argcp, char ***argvp)
{
inet_prefix addr;
int argc = *argcp;
char **argv = *argvp;
+ int ttl_ok = 0;
if (get_addr(&addr, *argv, AF_MPLS)) {
- fprintf(stderr, "Error: an inet address is expected rather than \"%s\".\n", *argv);
+ fprintf(stderr,
+ "Error: an inet address is expected rather than \"%s\".\n",
+ *argv);
exit(1);
}
rta_addattr_l(rta, len, MPLS_IPTUNNEL_DST, &addr.data,
addr.bytelen);
- *argcp = argc;
- *argvp = argv;
+ argc--;
+ argv++;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "ttl") == 0) {
+ __u8 ttl;
+
+ NEXT_ARG();
+ if (ttl_ok++)
+ duparg2("ttl", *argv);
+ if (get_u8(&ttl, *argv, 0))
+ invarg("\"ttl\" value is invalid\n", *argv);
+ rta_addattr8(rta, len, MPLS_IPTUNNEL_TTL, ttl);
+ } else {
+ break;
+ }
+ argc--; argv++;
+ }
+
+ /* argv is currently the first unparsed argument,
+ * but the lwt_parse_encap() caller will move to the next,
+ * so step back
+ */
+ *argcp = argc + 1;
+ *argvp = argv - 1;
return 0;
}
-static int parse_encap_ip(struct rtattr *rta, size_t len, int *argcp, char ***argvp)
+static int parse_encap_ip(struct rtattr *rta, size_t len,
+ int *argcp, char ***argvp)
{
int id_ok = 0, dst_ok = 0, tos_ok = 0, ttl_ok = 0;
char **argv = *argvp;
@@ -203,21 +692,25 @@
while (argc > 0) {
if (strcmp(*argv, "id") == 0) {
__u64 id;
+
NEXT_ARG();
if (id_ok++)
duparg2("id", *argv);
- if (get_u64(&id, *argv, 0))
+ if (get_be64(&id, *argv, 0))
invarg("\"id\" value is invalid\n", *argv);
- rta_addattr64(rta, len, LWTUNNEL_IP_ID, htonll(id));
+ rta_addattr64(rta, len, LWTUNNEL_IP_ID, id);
} else if (strcmp(*argv, "dst") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (dst_ok++)
duparg2("dst", *argv);
get_addr(&addr, *argv, AF_INET);
- rta_addattr_l(rta, len, LWTUNNEL_IP_DST, &addr.data, addr.bytelen);
+ rta_addattr_l(rta, len, LWTUNNEL_IP_DST,
+ &addr.data, addr.bytelen);
} else if (strcmp(*argv, "tos") == 0) {
__u32 tos;
+
NEXT_ARG();
if (tos_ok++)
duparg2("tos", *argv);
@@ -226,6 +719,7 @@
rta_addattr8(rta, len, LWTUNNEL_IP_TOS, tos);
} else if (strcmp(*argv, "ttl") == 0) {
__u8 ttl;
+
NEXT_ARG();
if (ttl_ok++)
duparg2("ttl", *argv);
@@ -240,7 +734,8 @@
/* argv is currently the first unparsed argument,
* but the lwt_parse_encap() caller will move to the next,
- * so step back */
+ * so step back
+ */
*argcp = argc + 1;
*argvp = argv - 1;
@@ -259,15 +754,42 @@
exit(1);
}
+ argc--; argv++;
+
rta_addattr64(rta, 1024, ILA_ATTR_LOCATOR, locator);
- *argcp = argc;
- *argvp = argv;
+ while (argc > 0) {
+ if (strcmp(*argv, "csum-mode") == 0) {
+ int csum_mode;
+
+ NEXT_ARG();
+
+ csum_mode = ila_csum_name2mode(*argv);
+ if (csum_mode < 0)
+ invarg("\"csum-mode\" value is invalid\n",
+ *argv);
+
+ rta_addattr8(rta, 1024, ILA_ATTR_CSUM_MODE,
+ (__u8)csum_mode);
+
+ argc--; argv++;
+ } else {
+ break;
+ }
+ }
+
+ /* argv is currently the first unparsed argument,
+ * but the lwt_parse_encap() caller will move to the next,
+ * so step back
+ */
+ *argcp = argc + 1;
+ *argvp = argv - 1;
return 0;
}
-static int parse_encap_ip6(struct rtattr *rta, size_t len, int *argcp, char ***argvp)
+static int parse_encap_ip6(struct rtattr *rta, size_t len,
+ int *argcp, char ***argvp)
{
int id_ok = 0, dst_ok = 0, tos_ok = 0, ttl_ok = 0;
char **argv = *argvp;
@@ -276,21 +798,25 @@
while (argc > 0) {
if (strcmp(*argv, "id") == 0) {
__u64 id;
+
NEXT_ARG();
if (id_ok++)
duparg2("id", *argv);
- if (get_u64(&id, *argv, 0))
+ if (get_be64(&id, *argv, 0))
invarg("\"id\" value is invalid\n", *argv);
- rta_addattr64(rta, len, LWTUNNEL_IP6_ID, htonll(id));
+ rta_addattr64(rta, len, LWTUNNEL_IP6_ID, id);
} else if (strcmp(*argv, "dst") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (dst_ok++)
duparg2("dst", *argv);
get_addr(&addr, *argv, AF_INET6);
- rta_addattr_l(rta, len, LWTUNNEL_IP6_DST, &addr.data, addr.bytelen);
+ rta_addattr_l(rta, len, LWTUNNEL_IP6_DST,
+ &addr.data, addr.bytelen);
} else if (strcmp(*argv, "tc") == 0) {
__u32 tc;
+
NEXT_ARG();
if (tos_ok++)
duparg2("tc", *argv);
@@ -299,11 +825,13 @@
rta_addattr8(rta, len, LWTUNNEL_IP6_TC, tc);
} else if (strcmp(*argv, "hoplimit") == 0) {
__u8 hoplimit;
+
NEXT_ARG();
if (ttl_ok++)
duparg2("hoplimit", *argv);
if (get_u8(&hoplimit, *argv, 0))
- invarg("\"hoplimit\" value is invalid\n", *argv);
+ invarg("\"hoplimit\" value is invalid\n",
+ *argv);
rta_addattr8(rta, len, LWTUNNEL_IP6_HOPLIMIT, hoplimit);
} else {
break;
@@ -313,7 +841,114 @@
/* argv is currently the first unparsed argument,
* but the lwt_parse_encap() caller will move to the next,
- * so step back */
+ * so step back
+ */
+ *argcp = argc + 1;
+ *argvp = argv - 1;
+
+ return 0;
+}
+
+struct lwt_x {
+ struct rtattr *rta;
+ size_t len;
+};
+
+static void bpf_lwt_cb(void *lwt_ptr, int fd, const char *annotation)
+{
+ struct lwt_x *x = lwt_ptr;
+
+ rta_addattr32(x->rta, x->len, LWT_BPF_PROG_FD, fd);
+ rta_addattr_l(x->rta, x->len, LWT_BPF_PROG_NAME, annotation,
+ strlen(annotation) + 1);
+}
+
+static const struct bpf_cfg_ops bpf_cb_ops = {
+ .ebpf_cb = bpf_lwt_cb,
+};
+
+static int lwt_parse_bpf(struct rtattr *rta, size_t len,
+ int *argcp, char ***argvp,
+ int attr, const enum bpf_prog_type bpf_type)
+{
+ struct bpf_cfg_in cfg = {
+ .argc = *argcp,
+ .argv = *argvp,
+ };
+ struct lwt_x x = {
+ .rta = rta,
+ .len = len,
+ };
+ struct rtattr *nest;
+ int err;
+
+ nest = rta_nest(rta, len, attr);
+ err = bpf_parse_common(bpf_type, &cfg, &bpf_cb_ops, &x);
+ if (err < 0) {
+ fprintf(stderr, "Failed to parse eBPF program: %s\n",
+ strerror(-err));
+ return -1;
+ }
+ rta_nest_end(rta, nest);
+
+ *argcp = cfg.argc;
+ *argvp = cfg.argv;
+
+ return 0;
+}
+
+static void lwt_bpf_usage(void)
+{
+ fprintf(stderr, "Usage: ip route ... encap bpf [ in BPF ] [ out BPF ] [ xmit BPF ] [...]\n");
+ fprintf(stderr, "BPF := obj FILE [ section NAME ] [ verbose ]\n");
+ exit(-1);
+}
+
+static int parse_encap_bpf(struct rtattr *rta, size_t len, int *argcp,
+ char ***argvp)
+{
+ char **argv = *argvp;
+ int argc = *argcp;
+ int headroom_set = 0;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "in") == 0) {
+ NEXT_ARG();
+ if (lwt_parse_bpf(rta, len, &argc, &argv, LWT_BPF_IN,
+ BPF_PROG_TYPE_LWT_IN) < 0)
+ return -1;
+ } else if (strcmp(*argv, "out") == 0) {
+ NEXT_ARG();
+ if (lwt_parse_bpf(rta, len, &argc, &argv, LWT_BPF_OUT,
+ BPF_PROG_TYPE_LWT_OUT) < 0)
+ return -1;
+ } else if (strcmp(*argv, "xmit") == 0) {
+ NEXT_ARG();
+ if (lwt_parse_bpf(rta, len, &argc, &argv, LWT_BPF_XMIT,
+ BPF_PROG_TYPE_LWT_XMIT) < 0)
+ return -1;
+ } else if (strcmp(*argv, "headroom") == 0) {
+ unsigned int headroom;
+
+ NEXT_ARG();
+ if (get_unsigned(&headroom, *argv, 0) || headroom == 0)
+ invarg("headroom is invalid\n", *argv);
+ if (!headroom_set)
+ rta_addattr32(rta, 1024, LWT_BPF_XMIT_HEADROOM,
+ headroom);
+ headroom_set = 1;
+ } else if (strcmp(*argv, "help") == 0) {
+ lwt_bpf_usage();
+ } else {
+ break;
+ }
+ NEXT_ARG_FWD();
+ }
+
+ /* argv is currently the first unparsed argument,
+ * but the lwt_parse_encap() caller will move to the next,
+ * so step back
+ */
*argcp = argc + 1;
*argvp = argv - 1;
@@ -334,7 +969,8 @@
NEXT_ARG();
if (argc <= 1) {
- fprintf(stderr, "Error: unexpected end of line after \"encap\"\n");
+ fprintf(stderr,
+ "Error: unexpected end of line after \"encap\"\n");
exit(-1);
}
@@ -352,6 +988,16 @@
case LWTUNNEL_ENCAP_IP6:
parse_encap_ip6(rta, len, &argc, &argv);
break;
+ case LWTUNNEL_ENCAP_BPF:
+ if (parse_encap_bpf(rta, len, &argc, &argv) < 0)
+ exit(-1);
+ break;
+ case LWTUNNEL_ENCAP_SEG6:
+ parse_encap_seg6(rta, len, &argc, &argv);
+ break;
+ case LWTUNNEL_ENCAP_SEG6_LOCAL:
+ parse_encap_seg6local(rta, len, &argc, &argv);
+ break;
default:
fprintf(stderr, "Error: unsupported encap type\n");
break;
diff --git a/ip/iprule.c b/ip/iprule.c
index ac835ab..36c57fa 100644
--- a/ip/iprule.c
+++ b/ip/iprule.c
@@ -20,6 +20,7 @@
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <string.h>
+#include <linux/if.h>
#include <linux/fib_rules.h>
#include <errno.h>
@@ -27,35 +28,156 @@
#include "utils.h"
#include "ip_common.h"
+enum list_action {
+ IPRULE_LIST,
+ IPRULE_FLUSH,
+ IPRULE_SAVE,
+};
+
extern struct rtnl_handle rth;
static void usage(void) __attribute__((noreturn));
static void usage(void)
{
- fprintf(stderr, "Usage: ip rule [ list | add | del | flush | save ] SELECTOR ACTION\n");
- fprintf(stderr, " ip rule restore\n");
- fprintf(stderr, "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n");
- fprintf(stderr, " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ uidrange UID1-UID2 ]\n");
- fprintf(stderr, "ACTION := [ table TABLE_ID ]\n");
- fprintf(stderr, " [ realms [SRCREALM/]DSTREALM ]\n");
- fprintf(stderr, " [ goto NUMBER ]\n");
- fprintf(stderr, " SUPPRESSOR\n");
- fprintf(stderr, "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n");
- fprintf(stderr, " [ suppress_ifgroup DEVGROUP ]\n");
- fprintf(stderr, "TABLE_ID := [ local | main | default | NUMBER ]\n");
+ fprintf(stderr,
+ "Usage: ip rule { add | del } SELECTOR ACTION\n"
+ " ip rule { flush | save | restore }\n"
+ " ip rule [ list [ SELECTOR ]]\n"
+ "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"
+ " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n"
+ " [ uidrange NUMBER-NUMBER ]\n"
+ "ACTION := [ table TABLE_ID ]\n"
+ " [ nat ADDRESS ]\n"
+ " [ realms [SRCREALM/]DSTREALM ]\n"
+ " [ goto NUMBER ]\n"
+ " SUPPRESSOR\n"
+ "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n"
+ " [ suppress_ifgroup DEVGROUP ]\n"
+ "TABLE_ID := [ local | main | default | NUMBER ]\n");
exit(-1);
}
+static struct
+{
+ int not;
+ int l3mdev;
+ int iifmask, oifmask, uidrange;
+ unsigned int tb;
+ unsigned int tos, tosmask;
+ unsigned int pref, prefmask;
+ unsigned int fwmark, fwmask;
+ char iif[IFNAMSIZ];
+ char oif[IFNAMSIZ];
+ struct fib_rule_uid_range range;
+ inet_prefix src;
+ inet_prefix dst;
+} filter;
+
+static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
+{
+ struct rtmsg *r = NLMSG_DATA(n);
+ inet_prefix src = { .family = r->rtm_family };
+ inet_prefix dst = { .family = r->rtm_family };
+ __u32 table;
+
+ if (preferred_family != AF_UNSPEC && r->rtm_family != preferred_family)
+ return false;
+
+ if (filter.prefmask &&
+ filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0))
+ return false;
+ if (filter.not && !(r->rtm_flags & FIB_RULE_INVERT))
+ return false;
+
+ if (filter.src.family) {
+ if (tb[FRA_SRC]) {
+ memcpy(&src.data, RTA_DATA(tb[FRA_SRC]),
+ (r->rtm_src_len + 7) / 8);
+ }
+ if (filter.src.family != r->rtm_family ||
+ filter.src.bitlen > r->rtm_src_len ||
+ inet_addr_match(&src, &filter.src, filter.src.bitlen))
+ return false;
+ }
+
+ if (filter.dst.family) {
+ if (tb[FRA_DST]) {
+ memcpy(&dst.data, RTA_DATA(tb[FRA_DST]),
+ (r->rtm_dst_len + 7) / 8);
+ }
+ if (filter.dst.family != r->rtm_family ||
+ filter.dst.bitlen > r->rtm_dst_len ||
+ inet_addr_match(&dst, &filter.dst, filter.dst.bitlen))
+ return false;
+ }
+
+ if (filter.tosmask && filter.tos ^ r->rtm_tos)
+ return false;
+
+ if (filter.fwmark) {
+ __u32 mark = 0;
+
+ if (tb[FRA_FWMARK])
+ mark = rta_getattr_u32(tb[FRA_FWMARK]);
+ if (filter.fwmark ^ mark)
+ return false;
+ }
+ if (filter.fwmask) {
+ __u32 mask = 0;
+
+ if (tb[FRA_FWMASK])
+ mask = rta_getattr_u32(tb[FRA_FWMASK]);
+ if (filter.fwmask ^ mask)
+ return false;
+ }
+
+ if (filter.iifmask) {
+ if (tb[FRA_IFNAME]) {
+ if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0)
+ return false;
+ } else {
+ return false;
+ }
+ }
+
+ if (filter.oifmask) {
+ if (tb[FRA_OIFNAME]) {
+ if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0)
+ return false;
+ } else {
+ return false;
+ }
+ }
+
+ if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV])))
+ return false;
+
+ if (filter.uidrange) {
+ struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
+
+ if (!tb[FRA_UID_RANGE] ||
+ r->start != filter.range.start ||
+ r->end != filter.range.end)
+ return false;
+ }
+
+ table = rtm_get_table(r, tb);
+ if (filter.tb > 0 && filter.tb ^ table)
+ return false;
+
+ return true;
+}
+
int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct rtmsg *r = NLMSG_DATA(n);
int len = n->nlmsg_len;
int host_len = -1;
__u32 table;
- struct rtattr * tb[FRA_MAX+1];
- char abuf[256];
+ struct rtattr *tb[FRA_MAX+1];
+
SPRINT_BUF(b1);
if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE)
@@ -69,11 +191,15 @@
host_len = af_bit_len(r->rtm_family);
+ if (!filter_nlmsg(n, tb, host_len))
+ return 0;
+
if (n->nlmsg_type == RTM_DELRULE)
fprintf(fp, "Deleted ");
if (tb[FRA_PRIORITY])
- fprintf(fp, "%u:\t", *(unsigned*)RTA_DATA(tb[FRA_PRIORITY]));
+ fprintf(fp, "%u:\t",
+ rta_getattr_u32(tb[FRA_PRIORITY]));
else
fprintf(fp, "0:\t");
@@ -82,18 +208,12 @@
if (tb[FRA_SRC]) {
if (r->rtm_src_len != host_len) {
- fprintf(fp, "from %s/%u ", rt_addr_n2a(r->rtm_family,
- RTA_PAYLOAD(tb[FRA_SRC]),
- RTA_DATA(tb[FRA_SRC]),
- abuf, sizeof(abuf)),
- r->rtm_src_len
- );
+ fprintf(fp, "from %s/%u ",
+ rt_addr_n2a_rta(r->rtm_family, tb[FRA_SRC]),
+ r->rtm_src_len);
} else {
- fprintf(fp, "from %s ", format_host(r->rtm_family,
- RTA_PAYLOAD(tb[FRA_SRC]),
- RTA_DATA(tb[FRA_SRC]),
- abuf, sizeof(abuf))
- );
+ fprintf(fp, "from %s ",
+ format_host_rta(r->rtm_family, tb[FRA_SRC]));
}
} else if (r->rtm_src_len) {
fprintf(fp, "from 0/%d ", r->rtm_src_len);
@@ -103,17 +223,12 @@
if (tb[FRA_DST]) {
if (r->rtm_dst_len != host_len) {
- fprintf(fp, "to %s/%u ", rt_addr_n2a(r->rtm_family,
- RTA_PAYLOAD(tb[FRA_DST]),
- RTA_DATA(tb[FRA_DST]),
- abuf, sizeof(abuf)),
- r->rtm_dst_len
- );
+ fprintf(fp, "to %s/%u ",
+ rt_addr_n2a_rta(r->rtm_family, tb[FRA_DST]),
+ r->rtm_dst_len);
} else {
- fprintf(fp, "to %s ", format_host(r->rtm_family,
- RTA_PAYLOAD(tb[FRA_DST]),
- RTA_DATA(tb[FRA_DST]),
- abuf, sizeof(abuf)));
+ fprintf(fp, "to %s ",
+ format_host_rta(r->rtm_family, tb[FRA_DST]));
}
} else if (r->rtm_dst_len) {
fprintf(fp, "to 0/%d ", r->rtm_dst_len);
@@ -121,7 +236,8 @@
if (r->rtm_tos) {
SPRINT_BUF(b1);
- fprintf(fp, "tos %s ", rtnl_dsfield_n2a(r->rtm_tos, b1, sizeof(b1)));
+ fprintf(fp, "tos %s ",
+ rtnl_dsfield_n2a(r->rtm_tos, b1, sizeof(b1)));
}
if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) {
@@ -149,6 +265,11 @@
fprintf(fp, "[detached] ");
}
+ if (tb[FRA_L3MDEV]) {
+ if (rta_getattr_u8(tb[FRA_L3MDEV]))
+ fprintf(fp, "lookup [l3mdev-table] ");
+ }
+
if (tb[FRA_UID_RANGE]) {
struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
@@ -157,19 +278,22 @@
table = rtm_get_table(r, tb);
if (table) {
- fprintf(fp, "lookup %s ", rtnl_rttable_n2a(table, b1, sizeof(b1)));
+ fprintf(fp, "lookup %s ",
+ rtnl_rttable_n2a(table, b1, sizeof(b1)));
if (tb[FRA_SUPPRESS_PREFIXLEN]) {
int pl = rta_getattr_u32(tb[FRA_SUPPRESS_PREFIXLEN]);
- if (pl != -1) {
+
+ if (pl != -1)
fprintf(fp, "suppress_prefixlength %d ", pl);
- }
}
if (tb[FRA_SUPPRESS_IFGROUP]) {
int group = rta_getattr_u32(tb[FRA_SUPPRESS_IFGROUP]);
+
if (group != -1) {
SPRINT_BUF(b1);
- fprintf(fp, "suppress_ifgroup %s ", rtnl_group_n2a(group, b1, sizeof(b1)));
+ fprintf(fp, "suppress_ifgroup %s ",
+ rtnl_group_n2a(group, b1, sizeof(b1)));
}
}
}
@@ -177,6 +301,7 @@
if (tb[FRA_FLOW]) {
__u32 to = rta_getattr_u32(tb[FRA_FLOW]);
__u32 from = to>>16;
+
to &= 0xFFFF;
if (from) {
fprintf(fp, "realms %s/",
@@ -189,10 +314,8 @@
if (r->rtm_type == RTN_NAT) {
if (tb[RTA_GATEWAY]) {
fprintf(fp, "map-to %s ",
- format_host(r->rtm_family,
- RTA_PAYLOAD(tb[RTA_GATEWAY]),
- RTA_DATA(tb[RTA_GATEWAY]),
- abuf, sizeof(abuf)));
+ format_host_rta(r->rtm_family,
+ tb[RTA_GATEWAY]));
} else
fprintf(fp, "masquerade");
} else if (r->rtm_type == FR_ACT_GOTO) {
@@ -206,7 +329,9 @@
} else if (r->rtm_type == FR_ACT_NOP)
fprintf(fp, "nop");
else if (r->rtm_type != RTN_UNICAST)
- fprintf(fp, "%s", rtnl_rtntype_n2a(r->rtm_type, b1, sizeof(b1)));
+ fprintf(fp, "%s",
+ rtnl_rtntype_n2a(r->rtm_type,
+ b1, sizeof(b1)));
fprintf(fp, "\n");
fflush(fp);
@@ -233,7 +358,8 @@
return 0;
}
-static int save_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
+static int save_rule(const struct sockaddr_nl *who,
+ struct nlmsghdr *n, void *arg)
{
int ret;
@@ -246,24 +372,144 @@
return ret == n->nlmsg_len ? 0 : ret;
}
-static int iprule_list_or_save(int argc, char **argv, int save)
+static int flush_rule(const struct sockaddr_nl *who, struct nlmsghdr *n,
+ void *arg)
{
- rtnl_filter_t filter = print_rule;
+ struct rtnl_handle rth2;
+ struct rtmsg *r = NLMSG_DATA(n);
+ int len = n->nlmsg_len;
+ struct rtattr *tb[FRA_MAX+1];
+
+ len -= NLMSG_LENGTH(sizeof(*r));
+ if (len < 0)
+ return -1;
+
+ parse_rtattr(tb, FRA_MAX, RTM_RTA(r), len);
+
+ if (tb[FRA_PRIORITY]) {
+ n->nlmsg_type = RTM_DELRULE;
+ n->nlmsg_flags = NLM_F_REQUEST;
+
+ if (rtnl_open(&rth2, 0) < 0)
+ return -1;
+
+ if (rtnl_talk(&rth2, n, NULL, 0) < 0)
+ return -2;
+
+ rtnl_close(&rth2);
+ }
+
+ return 0;
+}
+
+static int iprule_list_flush_or_save(int argc, char **argv, int action)
+{
+ rtnl_filter_t filter_fn;
int af = preferred_family;
if (af == AF_UNSPEC)
af = AF_INET;
- if (argc > 0) {
+ if (action != IPRULE_LIST && argc > 0) {
fprintf(stderr, "\"ip rule %s\" does not take any arguments.\n",
- save ? "save" : "show");
+ action == IPRULE_SAVE ? "save" : "flush");
return -1;
}
- if (save) {
+ switch (action) {
+ case IPRULE_SAVE:
if (save_rule_prep())
return -1;
- filter = save_rule;
+ filter_fn = save_rule;
+ break;
+ case IPRULE_FLUSH:
+ filter_fn = flush_rule;
+ break;
+ default:
+ filter_fn = print_rule;
+ }
+
+ memset(&filter, 0, sizeof(filter));
+
+ while (argc > 0) {
+ if (matches(*argv, "preference") == 0 ||
+ matches(*argv, "order") == 0 ||
+ matches(*argv, "priority") == 0) {
+ __u32 pref;
+
+ NEXT_ARG();
+ if (get_u32(&pref, *argv, 0))
+ invarg("preference value is invalid\n", *argv);
+ filter.pref = pref;
+ filter.prefmask = 1;
+ } else if (strcmp(*argv, "not") == 0) {
+ filter.not = 1;
+ } else if (strcmp(*argv, "tos") == 0) {
+ __u32 tos;
+
+ NEXT_ARG();
+ if (rtnl_dsfield_a2n(&tos, *argv))
+ invarg("TOS value is invalid\n", *argv);
+ filter.tos = tos;
+ filter.tosmask = 1;
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ char *slash;
+ __u32 fwmark, fwmask;
+
+ NEXT_ARG();
+ slash = strchr(*argv, '/');
+ if (slash != NULL)
+ *slash = '\0';
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("fwmark value is invalid\n", *argv);
+ filter.fwmark = fwmark;
+ if (slash) {
+ if (get_u32(&fwmask, slash+1, 0))
+ invarg("fwmask value is invalid\n",
+ slash+1);
+ filter.fwmask = fwmask;
+ }
+ } else if (strcmp(*argv, "dev") == 0 ||
+ strcmp(*argv, "iif") == 0) {
+ NEXT_ARG();
+ if (get_ifname(filter.iif, *argv))
+ invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
+ filter.iifmask = 1;
+ } else if (strcmp(*argv, "oif") == 0) {
+ NEXT_ARG();
+ if (get_ifname(filter.oif, *argv))
+ invarg("\"oif\" not a valid ifname", *argv);
+ filter.oifmask = 1;
+ } else if (strcmp(*argv, "l3mdev") == 0) {
+ filter.l3mdev = 1;
+ } else if (strcmp(*argv, "uidrange") == 0) {
+ NEXT_ARG();
+ filter.uidrange = 1;
+ if (sscanf(*argv, "%u-%u",
+ &filter.range.start,
+ &filter.range.end) != 2)
+ invarg("invalid UID range\n", *argv);
+
+ } else if (matches(*argv, "lookup") == 0 ||
+ matches(*argv, "table") == 0) {
+ __u32 tid;
+
+ NEXT_ARG();
+ if (rtnl_rttable_a2n(&tid, *argv))
+ invarg("table id value is invalid\n", *argv);
+ filter.tb = tid;
+ } else if (matches(*argv, "from") == 0 ||
+ matches(*argv, "src") == 0) {
+ NEXT_ARG();
+ get_prefix(&filter.src, *argv, af);
+ } else {
+ if (matches(*argv, "dst") == 0 ||
+ matches(*argv, "to") == 0) {
+ NEXT_ARG();
+ }
+ get_prefix(&filter.dst, *argv, af);
+ }
+ argc--; argv++;
}
if (rtnl_wilddump_request(&rth, af, RTM_GETRULE) < 0) {
@@ -271,7 +517,7 @@
return 1;
}
- if (rtnl_dump_filter(&rth, filter, stdout) < 0) {
+ if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) {
fprintf(stderr, "Dump terminated\n");
return 1;
}
@@ -291,7 +537,8 @@
ret = fread(&magic, sizeof(magic), 1, stdin);
if (magic != rule_dump_magic) {
- fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n", ret, magic);
+ fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n",
+ ret, magic);
return -1;
}
@@ -326,49 +573,57 @@
static int iprule_modify(int cmd, int argc, char **argv)
{
+ int l3mdev_rule = 0;
int table_ok = 0;
+ __u32 tid = 0;
struct {
struct nlmsghdr n;
struct rtmsg r;
- char buf[1024];
- } req;
-
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_type = cmd;
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.r.rtm_family = preferred_family;
- req.r.rtm_protocol = RTPROT_BOOT;
- req.r.rtm_scope = RT_SCOPE_UNIVERSE;
- req.r.rtm_table = 0;
- req.r.rtm_type = RTN_UNSPEC;
- req.r.rtm_flags = 0;
+ char buf[1024];
+ } req = {
+ .n.nlmsg_type = cmd,
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .r.rtm_family = preferred_family,
+ .r.rtm_protocol = RTPROT_BOOT,
+ .r.rtm_scope = RT_SCOPE_UNIVERSE,
+ .r.rtm_type = RTN_UNSPEC,
+ };
if (cmd == RTM_NEWRULE) {
req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL;
req.r.rtm_type = RTN_UNICAST;
}
+ if (cmd == RTM_DELRULE && argc == 0) {
+ fprintf(stderr, "\"ip rule del\" requires arguments.\n");
+ return -1;
+ }
+
while (argc > 0) {
if (strcmp(*argv, "not") == 0) {
req.r.rtm_flags |= FIB_RULE_INVERT;
} else if (strcmp(*argv, "from") == 0) {
inet_prefix dst;
+
NEXT_ARG();
get_prefix(&dst, *argv, req.r.rtm_family);
req.r.rtm_src_len = dst.bitlen;
- addattr_l(&req.n, sizeof(req), FRA_SRC, &dst.data, dst.bytelen);
+ addattr_l(&req.n, sizeof(req), FRA_SRC,
+ &dst.data, dst.bytelen);
} else if (strcmp(*argv, "to") == 0) {
inet_prefix dst;
+
NEXT_ARG();
get_prefix(&dst, *argv, req.r.rtm_family);
req.r.rtm_dst_len = dst.bitlen;
- addattr_l(&req.n, sizeof(req), FRA_DST, &dst.data, dst.bytelen);
+ addattr_l(&req.n, sizeof(req), FRA_DST,
+ &dst.data, dst.bytelen);
} else if (matches(*argv, "preference") == 0 ||
matches(*argv, "order") == 0 ||
matches(*argv, "priority") == 0) {
__u32 pref;
+
NEXT_ARG();
if (get_u32(&pref, *argv, 0))
invarg("preference value is invalid\n", *argv);
@@ -376,6 +631,7 @@
} else if (strcmp(*argv, "tos") == 0 ||
matches(*argv, "dsfield") == 0) {
__u32 tos;
+
NEXT_ARG();
if (rtnl_dsfield_a2n(&tos, *argv))
invarg("TOS value is invalid\n", *argv);
@@ -383,26 +639,31 @@
} else if (strcmp(*argv, "fwmark") == 0) {
char *slash;
__u32 fwmark, fwmask;
+
NEXT_ARG();
- if ((slash = strchr(*argv, '/')) != NULL)
+
+ slash = strchr(*argv, '/');
+ if (slash != NULL)
*slash = '\0';
if (get_u32(&fwmark, *argv, 0))
invarg("fwmark value is invalid\n", *argv);
addattr32(&req.n, sizeof(req), FRA_FWMARK, fwmark);
if (slash) {
if (get_u32(&fwmask, slash+1, 0))
- invarg("fwmask value is invalid\n", slash+1);
- addattr32(&req.n, sizeof(req), FRA_FWMASK, fwmask);
+ invarg("fwmask value is invalid\n",
+ slash+1);
+ addattr32(&req.n, sizeof(req),
+ FRA_FWMASK, fwmask);
}
} else if (matches(*argv, "realms") == 0) {
__u32 realm;
+
NEXT_ARG();
if (get_rt_realms_or_raw(&realm, *argv))
invarg("invalid realms\n", *argv);
addattr32(&req.n, sizeof(req), FRA_FLOW, realm);
} else if (matches(*argv, "table") == 0 ||
strcmp(*argv, "lookup") == 0) {
- __u32 tid;
NEXT_ARG();
if (rtnl_rttable_a2n(&tid, *argv))
invarg("invalid table ID\n", *argv);
@@ -416,24 +677,40 @@
} else if (matches(*argv, "suppress_prefixlength") == 0 ||
strcmp(*argv, "sup_pl") == 0) {
int pl;
+
NEXT_ARG();
if (get_s32(&pl, *argv, 0) || pl < 0)
- invarg("suppress_prefixlength value is invalid\n", *argv);
- addattr32(&req.n, sizeof(req), FRA_SUPPRESS_PREFIXLEN, pl);
+ invarg("suppress_prefixlength value is invalid\n",
+ *argv);
+ addattr32(&req.n, sizeof(req),
+ FRA_SUPPRESS_PREFIXLEN, pl);
} else if (matches(*argv, "suppress_ifgroup") == 0 ||
strcmp(*argv, "sup_group") == 0) {
NEXT_ARG();
int group;
+
if (rtnl_group_a2n(&group, *argv))
- invarg("Invalid \"suppress_ifgroup\" value\n", *argv);
- addattr32(&req.n, sizeof(req), FRA_SUPPRESS_IFGROUP, group);
+ invarg("Invalid \"suppress_ifgroup\" value\n",
+ *argv);
+ addattr32(&req.n, sizeof(req),
+ FRA_SUPPRESS_IFGROUP, group);
} else if (strcmp(*argv, "dev") == 0 ||
strcmp(*argv, "iif") == 0) {
NEXT_ARG();
- addattr_l(&req.n, sizeof(req), FRA_IFNAME, *argv, strlen(*argv)+1);
+ if (check_ifname(*argv))
+ invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
+ addattr_l(&req.n, sizeof(req), FRA_IFNAME,
+ *argv, strlen(*argv)+1);
} else if (strcmp(*argv, "oif") == 0) {
NEXT_ARG();
- addattr_l(&req.n, sizeof(req), FRA_OIFNAME, *argv, strlen(*argv)+1);
+ if (check_ifname(*argv))
+ invarg("\"oif\" not a valid ifname", *argv);
+ addattr_l(&req.n, sizeof(req), FRA_OIFNAME,
+ *argv, strlen(*argv)+1);
+ } else if (strcmp(*argv, "l3mdev") == 0) {
+ addattr8(&req.n, sizeof(req), FRA_L3MDEV, 1);
+ table_ok = 1;
+ l3mdev_rule = 1;
} else if (strcmp(*argv, "uidrange") == 0) {
struct fib_rule_uid_range r;
@@ -446,23 +723,26 @@
matches(*argv, "map-to") == 0) {
NEXT_ARG();
fprintf(stderr, "Warning: route NAT is deprecated\n");
- addattr32(&req.n, sizeof(req), RTA_GATEWAY, get_addr32(*argv));
+ addattr32(&req.n, sizeof(req), RTA_GATEWAY,
+ get_addr32(*argv));
req.r.rtm_type = RTN_NAT;
} else {
int type;
- if (strcmp(*argv, "type") == 0) {
+ if (strcmp(*argv, "type") == 0)
NEXT_ARG();
- }
+
if (matches(*argv, "help") == 0)
usage();
else if (matches(*argv, "goto") == 0) {
__u32 target;
+
type = FR_ACT_GOTO;
NEXT_ARG();
if (get_u32(&target, *argv, 0))
invarg("invalid target\n", *argv);
- addattr32(&req.n, sizeof(req), FRA_GOTO, target);
+ addattr32(&req.n, sizeof(req),
+ FRA_GOTO, target);
} else if (matches(*argv, "nop") == 0)
type = FR_ACT_NOP;
else if (rtnl_rtntype_a2n(&type, *argv))
@@ -474,6 +754,12 @@
argv++;
}
+ if (l3mdev_rule && tid != 0) {
+ fprintf(stderr,
+ "table can not be specified for l3mdev rules\n");
+ return -EINVAL;
+ }
+
if (req.r.rtm_family == AF_UNSPEC)
req.r.rtm_family = AF_INET;
@@ -486,71 +772,16 @@
return 0;
}
-
-static int flush_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
-{
- struct rtnl_handle rth2;
- struct rtmsg *r = NLMSG_DATA(n);
- int len = n->nlmsg_len;
- struct rtattr * tb[FRA_MAX+1];
-
- len -= NLMSG_LENGTH(sizeof(*r));
- if (len < 0)
- return -1;
-
- parse_rtattr(tb, FRA_MAX, RTM_RTA(r), len);
-
- if (tb[FRA_PRIORITY]) {
- n->nlmsg_type = RTM_DELRULE;
- n->nlmsg_flags = NLM_F_REQUEST;
-
- if (rtnl_open(&rth2, 0) < 0)
- return -1;
-
- if (rtnl_talk(&rth2, n, NULL, 0) < 0)
- return -2;
-
- rtnl_close(&rth2);
- }
-
- return 0;
-}
-
-static int iprule_flush(int argc, char **argv)
-{
- int af = preferred_family;
-
- if (af == AF_UNSPEC)
- af = AF_INET;
-
- if (argc > 0) {
- fprintf(stderr, "\"ip rule flush\" does not allow arguments\n");
- return -1;
- }
-
- if (rtnl_wilddump_request(&rth, af, RTM_GETRULE) < 0) {
- perror("Cannot send dump request");
- return 1;
- }
-
- if (rtnl_dump_filter(&rth, flush_rule, NULL) < 0) {
- fprintf(stderr, "Flush terminated\n");
- return 1;
- }
-
- return 0;
-}
-
int do_iprule(int argc, char **argv)
{
if (argc < 1) {
- return iprule_list_or_save(0, NULL, 0);
+ return iprule_list_flush_or_save(0, NULL, IPRULE_LIST);
} else if (matches(argv[0], "list") == 0 ||
matches(argv[0], "lst") == 0 ||
matches(argv[0], "show") == 0) {
- return iprule_list_or_save(argc-1, argv+1, 0);
+ return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_LIST);
} else if (matches(argv[0], "save") == 0) {
- return iprule_list_or_save(argc-1, argv+1, 1);
+ return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_SAVE);
} else if (matches(argv[0], "restore") == 0) {
return iprule_restore();
} else if (matches(argv[0], "add") == 0) {
@@ -558,11 +789,12 @@
} else if (matches(argv[0], "delete") == 0) {
return iprule_modify(RTM_DELRULE, argc-1, argv+1);
} else if (matches(argv[0], "flush") == 0) {
- return iprule_flush(argc-1, argv+1);
+ return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_FLUSH);
} else if (matches(argv[0], "help") == 0)
usage();
- fprintf(stderr, "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv);
+ fprintf(stderr,
+ "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv);
exit(-1);
}
@@ -580,7 +812,8 @@
case RTNL_FAMILY_IP6MR:
break;
default:
- fprintf(stderr, "Multicast rules are only supported for IPv4/IPv6, was: %i\n",
+ fprintf(stderr,
+ "Multicast rules are only supported for IPv4/IPv6, was: %i\n",
preferred_family);
exit(-1);
}
diff --git a/ip/ipseg6.c b/ip/ipseg6.c
new file mode 100644
index 0000000..db60b34
--- /dev/null
+++ b/ip/ipseg6.c
@@ -0,0 +1,240 @@
+/*
+ * seg6.c "ip sr/seg6"
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * version 2 as published by the Free Software Foundation;
+ *
+ * Author: David Lebrun <david.lebrun@uclouvain.be>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <sys/ioctl.h>
+#include <linux/if.h>
+
+#include <linux/genetlink.h>
+#include <linux/seg6_genl.h>
+#include <linux/seg6_hmac.h>
+
+#include "utils.h"
+#include "ip_common.h"
+#include "libgenl.h"
+
+#define HMAC_KEY_PROMPT "Enter secret for HMAC key ID (blank to delete): "
+
+static void usage(void)
+{
+ fprintf(stderr, "Usage: ip sr { COMMAND | help }\n");
+ fprintf(stderr, " ip sr hmac show\n");
+ fprintf(stderr, " ip sr hmac set KEYID ALGO\n");
+ fprintf(stderr, " ip sr tunsrc show\n");
+ fprintf(stderr, " ip sr tunsrc set ADDRESS\n");
+ fprintf(stderr, "where ALGO := { sha1 | sha256 }\n");
+ exit(-1);
+}
+
+static struct rtnl_handle grth = { .fd = -1 };
+static int genl_family = -1;
+
+#define SEG6_REQUEST(_req, _bufsiz, _cmd, _flags) \
+ GENL_REQUEST(_req, _bufsiz, genl_family, 0, \
+ SEG6_GENL_VERSION, _cmd, _flags)
+
+static struct {
+ unsigned int cmd;
+ struct in6_addr addr;
+ __u32 keyid;
+ const char *pass;
+ __u8 alg_id;
+} opts;
+
+static int process_msg(const struct sockaddr_nl *who, struct nlmsghdr *n,
+ void *arg)
+{
+ struct rtattr *attrs[SEG6_ATTR_MAX + 1];
+ struct genlmsghdr *ghdr;
+ FILE *fp = (FILE *)arg;
+ int len = n->nlmsg_len;
+
+ if (n->nlmsg_type != genl_family)
+ return -1;
+
+ len -= NLMSG_LENGTH(GENL_HDRLEN);
+ if (len < 0)
+ return -1;
+
+ ghdr = NLMSG_DATA(n);
+
+ parse_rtattr(attrs, SEG6_ATTR_MAX, (void *)ghdr + GENL_HDRLEN, len);
+
+ switch (ghdr->cmd) {
+ case SEG6_CMD_DUMPHMAC:
+ {
+ char secret[64];
+ char *algstr;
+ __u8 slen = rta_getattr_u8(attrs[SEG6_ATTR_SECRETLEN]);
+ __u8 alg_id = rta_getattr_u8(attrs[SEG6_ATTR_ALGID]);
+
+ memset(secret, 0, 64);
+
+ if (slen > 63) {
+ fprintf(stderr, "HMAC secret length %d > 63, "
+ "truncated\n", slen);
+ slen = 63;
+ }
+ memcpy(secret, RTA_DATA(attrs[SEG6_ATTR_SECRET]), slen);
+
+ switch (alg_id) {
+ case SEG6_HMAC_ALGO_SHA1:
+ algstr = "sha1";
+ break;
+ case SEG6_HMAC_ALGO_SHA256:
+ algstr = "sha256";
+ break;
+ default:
+ algstr = "<unknown>";
+ }
+
+ fprintf(fp, "hmac %u ",
+ rta_getattr_u32(attrs[SEG6_ATTR_HMACKEYID]));
+ fprintf(fp, "algo %s ", algstr);
+ fprintf(fp, "secret \"%s\" ", secret);
+
+ fprintf(fp, "\n");
+ break;
+ }
+ case SEG6_CMD_GET_TUNSRC:
+ {
+ fprintf(fp, "tunsrc addr %s\n",
+ rt_addr_n2a(AF_INET6, 16,
+ RTA_DATA(attrs[SEG6_ATTR_DST])));
+ break;
+ }
+ }
+
+ return 0;
+}
+
+static int seg6_do_cmd(void)
+{
+ SEG6_REQUEST(req, 1024, opts.cmd, NLM_F_REQUEST);
+ int repl = 0, dump = 0;
+
+ if (genl_family < 0) {
+ if (rtnl_open_byproto(&grth, 0, NETLINK_GENERIC) < 0) {
+ fprintf(stderr, "Cannot open generic netlink socket\n");
+ exit(1);
+ }
+ genl_family = genl_resolve_family(&grth, SEG6_GENL_NAME);
+ if (genl_family < 0)
+ exit(1);
+ req.n.nlmsg_type = genl_family;
+ }
+
+ switch (opts.cmd) {
+ case SEG6_CMD_SETHMAC:
+ {
+ addattr32(&req.n, sizeof(req), SEG6_ATTR_HMACKEYID, opts.keyid);
+ addattr8(&req.n, sizeof(req), SEG6_ATTR_SECRETLEN,
+ strlen(opts.pass));
+ addattr8(&req.n, sizeof(req), SEG6_ATTR_ALGID, opts.alg_id);
+ if (strlen(opts.pass))
+ addattr_l(&req.n, sizeof(req), SEG6_ATTR_SECRET,
+ opts.pass, strlen(opts.pass));
+ break;
+ }
+ case SEG6_CMD_SET_TUNSRC:
+ addattr_l(&req.n, sizeof(req), SEG6_ATTR_DST, &opts.addr,
+ sizeof(struct in6_addr));
+ break;
+ case SEG6_CMD_DUMPHMAC:
+ dump = 1;
+ break;
+ case SEG6_CMD_GET_TUNSRC:
+ repl = 1;
+ break;
+ }
+
+ if (!repl && !dump) {
+ if (rtnl_talk(&grth, &req.n, NULL, 0) < 0)
+ return -1;
+ } else if (repl) {
+ if (rtnl_talk(&grth, &req.n, &req.n, sizeof(req)) < 0)
+ return -2;
+ if (process_msg(NULL, &req.n, stdout) < 0) {
+ fprintf(stderr, "Error parsing reply\n");
+ exit(1);
+ }
+ } else {
+ req.n.nlmsg_flags |= NLM_F_DUMP;
+ req.n.nlmsg_seq = grth.dump = ++grth.seq;
+ if (rtnl_send(&grth, &req, req.n.nlmsg_len) < 0) {
+ perror("Failed to send dump request");
+ exit(1);
+ }
+
+ if (rtnl_dump_filter(&grth, process_msg, stdout) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ exit(1);
+ }
+ }
+
+ return 0;
+}
+
+int do_seg6(int argc, char **argv)
+{
+ if (argc < 1 || matches(*argv, "help") == 0)
+ usage();
+
+ memset(&opts, 0, sizeof(opts));
+
+ if (matches(*argv, "hmac") == 0) {
+ NEXT_ARG();
+ if (matches(*argv, "show") == 0) {
+ opts.cmd = SEG6_CMD_DUMPHMAC;
+ } else if (matches(*argv, "set") == 0) {
+ NEXT_ARG();
+ if (get_u32(&opts.keyid, *argv, 0) || opts.keyid == 0)
+ invarg("hmac KEYID value is invalid", *argv);
+ NEXT_ARG();
+ if (strcmp(*argv, "sha1") == 0) {
+ opts.alg_id = SEG6_HMAC_ALGO_SHA1;
+ } else if (strcmp(*argv, "sha256") == 0) {
+ opts.alg_id = SEG6_HMAC_ALGO_SHA256;
+ } else {
+ invarg("hmac ALGO value is invalid", *argv);
+ }
+ opts.cmd = SEG6_CMD_SETHMAC;
+#ifndef __BIONIC__
+ opts.pass = getpass(HMAC_KEY_PROMPT);
+#endif
+ } else {
+ invarg("unknown", *argv);
+ }
+ } else if (matches(*argv, "tunsrc") == 0) {
+ NEXT_ARG();
+ if (matches(*argv, "show") == 0) {
+ opts.cmd = SEG6_CMD_GET_TUNSRC;
+ } else if (matches(*argv, "set") == 0) {
+ NEXT_ARG();
+ opts.cmd = SEG6_CMD_SET_TUNSRC;
+ if (!inet_get_addr(*argv, NULL, &opts.addr))
+ invarg("tunsrc ADDRESS value is invalid",
+ *argv);
+ } else {
+ invarg("unknown", *argv);
+ }
+ } else {
+ invarg("unknown", *argv);
+ }
+
+ return seg6_do_cmd();
+}
diff --git a/ip/iptoken.c b/ip/iptoken.c
index 428f133..1869f76 100644
--- a/ip/iptoken.c
+++ b/ip/iptoken.c
@@ -38,7 +38,7 @@
static void usage(void)
{
- fprintf(stderr, "Usage: ip token [ list | set | get ] [ TOKEN ] [ dev DEV ]\n");
+ fprintf(stderr, "Usage: ip token [ list | set | del | get ] [ TOKEN ] [ dev DEV ]\n");
exit(-1);
}
@@ -51,7 +51,6 @@
int len = n->nlmsg_len;
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *ltb[IFLA_INET6_MAX + 1];
- char abuf[256];
if (n->nlmsg_type != RTM_NEWLINK)
return -1;
@@ -79,13 +78,9 @@
return -1;
}
- fprintf(fp, "token %s ",
- format_host(ifi->ifi_family,
- RTA_PAYLOAD(ltb[IFLA_INET6_TOKEN]),
- RTA_DATA(ltb[IFLA_INET6_TOKEN]),
- abuf, sizeof(abuf)));
- fprintf(fp, "dev %s ", ll_index_to_name(ifi->ifi_index));
- fprintf(fp, "\n");
+ fprintf(fp, "token %s dev %s\n",
+ format_host_rta(ifi->ifi_family, ltb[IFLA_INET6_TOKEN]),
+ ll_index_to_name(ifi->ifi_index));
fflush(fp);
return 0;
@@ -94,10 +89,7 @@
static int iptoken_list(int argc, char **argv)
{
int af = AF_INET6;
- struct rtnl_dump_args da;
-
- memset(&da, 0, sizeof(da));
- da.fp = stdout;
+ struct rtnl_dump_args da = { .fp = stdout };
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
@@ -122,24 +114,21 @@
return 0;
}
-static int iptoken_set(int argc, char **argv)
+static int iptoken_set(int argc, char **argv, bool delete)
{
struct {
struct nlmsghdr n;
struct ifinfomsg ifi;
char buf[512];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_SETLINK,
+ .ifi.ifi_family = AF_INET6,
+ };
struct rtattr *afs, *afs6;
- bool have_token = false, have_dev = false;
- inet_prefix addr;
-
- memset(&addr, 0, sizeof(addr));
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_SETLINK;
- req.ifi.ifi_family = AF_INET6;
+ bool have_token = delete, have_dev = false;
+ inet_prefix addr = { .bytelen = 16, };
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
@@ -154,13 +143,7 @@
if (matches(*argv, "help") == 0)
usage();
if (!have_token) {
- afs = addattr_nest(&req.n, sizeof(req), IFLA_AF_SPEC);
- afs6 = addattr_nest(&req.n, sizeof(req), AF_INET6);
get_prefix(&addr, *argv, req.ifi.ifi_family);
- addattr_l(&req.n, sizeof(req), IFLA_INET6_TOKEN,
- &addr.data, addr.bytelen);
- addattr_nest_end(&req.n, afs6);
- addattr_nest_end(&req.n, afs);
have_token = true;
}
}
@@ -168,16 +151,21 @@
}
if (!have_token) {
- fprintf(stderr, "Not enough information: token "
- "is required.\n");
+ fprintf(stderr, "Not enough information: token is required.\n");
return -1;
}
if (!have_dev) {
- fprintf(stderr, "Not enough information: \"dev\" "
- "argument is required.\n");
+ fprintf(stderr, "Not enough information: \"dev\" argument is required.\n");
return -1;
}
+ afs = addattr_nest(&req.n, sizeof(req), IFLA_AF_SPEC);
+ afs6 = addattr_nest(&req.n, sizeof(req), AF_INET6);
+ addattr_l(&req.n, sizeof(req), IFLA_INET6_TOKEN,
+ &addr.data, addr.bytelen);
+ addattr_nest_end(&req.n, afs6);
+ addattr_nest_end(&req.n, afs);
+
if (rtnl_talk(&rth, &req.n, NULL, 0) < 0)
return -2;
@@ -196,7 +184,9 @@
return iptoken_list(argc - 1, argv + 1);
} else if (matches(argv[0], "set") == 0 ||
matches(argv[0], "add") == 0) {
- return iptoken_set(argc - 1, argv + 1);
+ return iptoken_set(argc - 1, argv + 1, false);
+ } else if (matches(argv[0], "delete") == 0) {
+ return iptoken_set(argc - 1, argv + 1, true);
} else if (matches(argv[0], "get") == 0) {
return iptoken_list(argc - 1, argv + 1);
} else if (matches(argv[0], "help") == 0)
diff --git a/ip/iptunnel.c b/ip/iptunnel.c
index 65a4e6e..208a1f0 100644
--- a/ip/iptunnel.c
+++ b/ip/iptunnel.c
@@ -60,12 +60,10 @@
static int parse_args(int argc, char **argv, int cmd, struct ip_tunnel_parm *p)
{
int count = 0;
- char medium[IFNAMSIZ];
+ const char *medium = NULL;
int isatap = 0;
memset(p, 0, sizeof(*p));
- memset(&medium, 0, sizeof(medium));
-
p->iph.version = 4;
p->iph.ihl = 5;
#ifndef IP_DF
@@ -141,7 +139,7 @@
p->iph.saddr = htonl(INADDR_ANY);
} else if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
- strncpy(medium, *argv, IFNAMSIZ - 1);
+ medium = *argv;
} else if (strcmp(*argv, "ttl") == 0 ||
strcmp(*argv, "hoplimit") == 0 ||
strcmp(*argv, "hlim") == 0) {
@@ -180,11 +178,11 @@
if (p->name[0])
duparg2("name", *argv);
- strncpy(p->name, *argv, IFNAMSIZ - 1);
+ if (get_ifname(p->name, *argv))
+ invarg("\"name\" not a valid ifname", *argv);
if (cmd == SIOCCHGTUNNEL && count == 0) {
- struct ip_tunnel_parm old_p;
+ struct ip_tunnel_parm old_p = {};
- memset(&old_p, 0, sizeof(old_p));
if (tnl_get_ioctl(*argv, &old_p))
return -1;
*p = old_p;
@@ -219,7 +217,7 @@
}
}
- if (medium[0]) {
+ if (medium) {
p->link = ll_name_to_index(medium);
if (p->link == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", medium);
@@ -296,26 +294,23 @@
static void print_tunnel(struct ip_tunnel_parm *p)
{
- struct ip_tunnel_6rd ip6rd;
+ struct ip_tunnel_6rd ip6rd = {};
char s1[1024];
char s2[1024];
- memset(&ip6rd, 0, sizeof(ip6rd));
-
/* Do not use format_host() for local addr,
* symbolic name will not be useful.
*/
printf("%s: %s/ip remote %s local %s",
p->name,
tnl_strproto(p->iph.protocol),
- p->iph.daddr ? format_host(AF_INET, 4, &p->iph.daddr, s1, sizeof(s1)) : "any",
- p->iph.saddr ? rt_addr_n2a(AF_INET, 4, &p->iph.saddr, s2, sizeof(s2)) : "any");
+ p->iph.daddr ? format_host_r(AF_INET, 4, &p->iph.daddr, s1, sizeof(s1)) : "any",
+ p->iph.saddr ? rt_addr_n2a_r(AF_INET, 4, &p->iph.saddr, s2, sizeof(s2)) : "any");
if (p->iph.protocol == IPPROTO_IPV6 && (p->i_flags & SIT_ISATAP)) {
- struct ip_tunnel_prl prl[16];
+ struct ip_tunnel_prl prl[16] = {};
int i;
- memset(prl, 0, sizeof(prl));
prl[0].datalen = sizeof(prl) - sizeof(prl[0]);
prl[0].addr = htonl(INADDR_ANY);
@@ -324,7 +319,7 @@
if (prl[i].addr != htonl(INADDR_ANY)) {
printf(" %s %s ",
(prl[i].flags & PRL_DEFAULT) ? "pdr" : "pr",
- format_host(AF_INET, 4, &prl[i].addr, s1, sizeof(s1)));
+ format_host(AF_INET, 4, &prl[i].addr));
}
}
}
@@ -360,7 +355,7 @@
ip6rd.prefixlen);
if (ip6rd.relay_prefix) {
printf(" 6rd-relay_prefix %s/%u",
- format_host(AF_INET, 4, &ip6rd.relay_prefix, s1, sizeof(s1)),
+ format_host(AF_INET, 4, &ip6rd.relay_prefix),
ip6rd.relay_prefixlen);
}
}
@@ -405,7 +400,7 @@
while (fgets(buf, sizeof(buf), fp) != NULL) {
char name[IFNAMSIZ];
int index, type;
- struct ip_tunnel_parm p1;
+ struct ip_tunnel_parm p1 = {};
char *ptr;
buf[sizeof(buf) - 1] = 0;
@@ -427,7 +422,6 @@
}
if (type != ARPHRD_TUNNEL && type != ARPHRD_IPGRE && type != ARPHRD_SIT)
continue;
- memset(&p1, 0, sizeof(p1));
if (tnl_get_ioctl(name, &p1))
continue;
if ((p->link && p1.link != p->link) ||
@@ -470,14 +464,10 @@
static int do_prl(int argc, char **argv)
{
- struct ip_tunnel_prl p;
+ struct ip_tunnel_prl p = {};
int count = 0;
- int devname = 0;
int cmd = 0;
- char medium[IFNAMSIZ];
-
- memset(&p, 0, sizeof(p));
- memset(&medium, 0, sizeof(medium));
+ const char *medium = NULL;
while (argc > 0) {
if (strcmp(*argv, "prl-default") == 0) {
@@ -498,8 +488,9 @@
count++;
} else if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
- strncpy(medium, *argv, IFNAMSIZ-1);
- devname++;
+ if (check_ifname(*argv))
+ invarg("\"dev\" not a valid ifname", *argv);
+ medium = *argv;
} else {
fprintf(stderr,
"Invalid PRL parameter \"%s\"\n", *argv);
@@ -512,7 +503,7 @@
}
argc--; argv++;
}
- if (devname == 0) {
+ if (!medium) {
fprintf(stderr, "Must specify device\n");
exit(-1);
}
@@ -522,15 +513,11 @@
static int do_6rd(int argc, char **argv)
{
- struct ip_tunnel_6rd ip6rd;
- int devname = 0;
+ struct ip_tunnel_6rd ip6rd = {};
int cmd = 0;
- char medium[IFNAMSIZ];
+ const char *medium = NULL;
inet_prefix prefix;
- memset(&ip6rd, 0, sizeof(ip6rd));
- memset(&medium, 0, sizeof(medium));
-
while (argc > 0) {
if (strcmp(*argv, "6rd-prefix") == 0) {
NEXT_ARG();
@@ -550,8 +537,9 @@
cmd = SIOCDEL6RD;
} else if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
- strncpy(medium, *argv, IFNAMSIZ-1);
- devname++;
+ if (check_ifname(*argv))
+ invarg("\"dev\" not a valid ifname", *argv);
+ medium = *argv;
} else {
fprintf(stderr,
"Invalid 6RD parameter \"%s\"\n", *argv);
@@ -559,7 +547,7 @@
}
argc--; argv++;
}
- if (devname == 0) {
+ if (!medium) {
fprintf(stderr, "Must specify device\n");
exit(-1);
}
diff --git a/ip/iptuntap.c b/ip/iptuntap.c
index b9b28a1..b46e452 100644
--- a/ip/iptuntap.c
+++ b/ip/iptuntap.c
@@ -25,6 +25,7 @@
#include <fcntl.h>
#include <dirent.h>
#include <errno.h>
+#include <glob.h>
#include "rt_names.h"
#include "utils.h"
@@ -36,9 +37,9 @@
static void usage(void)
{
- fprintf(stderr, "Usage: ip tuntap { add | del | show | list | lst | help } [ dev PHYS_DEV ] \n");
+ fprintf(stderr, "Usage: ip tuntap { add | del | show | list | lst | help } [ dev PHYS_DEV ]\n");
fprintf(stderr, " [ mode { tun | tap } ] [ user USER ] [ group GROUP ]\n");
- fprintf(stderr, " [ one_queue ] [ pi ] [ vnet_hdr ] [ multi_queue ]\n");
+ fprintf(stderr, " [ one_queue ] [ pi ] [ vnet_hdr ] [ multi_queue ] [ name NAME ]\n");
fprintf(stderr, "\n");
fprintf(stderr, "Where: USER := { STRING | NUMBER }\n");
fprintf(stderr, " GROUP := { STRING | NUMBER }\n");
@@ -104,7 +105,8 @@
return ret;
}
-static int parse_args(int argc, char **argv, struct ifreq *ifr, uid_t *uid, gid_t *gid)
+static int parse_args(int argc, char **argv,
+ struct ifreq *ifr, uid_t *uid, gid_t *gid)
{
int count = 0;
@@ -117,18 +119,18 @@
NEXT_ARG();
if (matches(*argv, "tun") == 0) {
if (ifr->ifr_flags & IFF_TAP) {
- fprintf(stderr,"You managed to ask for more than one tunnel mode.\n");
+ fprintf(stderr, "You managed to ask for more than one tunnel mode.\n");
exit(-1);
}
ifr->ifr_flags |= IFF_TUN;
} else if (matches(*argv, "tap") == 0) {
if (ifr->ifr_flags & IFF_TUN) {
- fprintf(stderr,"You managed to ask for more than one tunnel mode.\n");
+ fprintf(stderr, "You managed to ask for more than one tunnel mode.\n");
exit(-1);
}
ifr->ifr_flags |= IFF_TAP;
} else {
- fprintf(stderr,"Unknown tunnel mode \"%s\"\n", *argv);
+ fprintf(stderr, "Unknown tunnel mode \"%s\"\n", *argv);
exit(-1);
}
} else if (uid && matches(*argv, "user") == 0) {
@@ -140,6 +142,7 @@
*uid = user;
else {
struct passwd *pw = getpwnam(*argv);
+
if (!pw) {
fprintf(stderr, "invalid user \"%s\"\n", *argv);
exit(-1);
@@ -156,6 +159,7 @@
*gid = group;
else {
struct group *gr = getgrnam(*argv);
+
if (!gr) {
fprintf(stderr, "invalid group \"%s\"\n", *argv);
exit(-1);
@@ -172,7 +176,8 @@
ifr->ifr_flags |= IFF_MULTI_QUEUE;
} else if (matches(*argv, "dev") == 0) {
NEXT_ARG();
- strncpy(ifr->ifr_name, *argv, IFNAMSIZ-1);
+ if (get_ifname(ifr->ifr_name, *argv))
+ invarg("\"dev\" not a valid ifname", *argv);
} else {
if (matches(*argv, "name") == 0) {
NEXT_ARG();
@@ -180,7 +185,8 @@
usage();
if (ifr->ifr_name[0])
duparg2("name", *argv);
- strncpy(ifr->ifr_name, *argv, IFNAMSIZ);
+ if (get_ifname(ifr->ifr_name, *argv))
+ invarg("\"name\" not a valid ifname", *argv);
}
count++;
argc--; argv++;
@@ -271,6 +277,110 @@
printf(" UNKNOWN_FLAGS:%lx", flags);
}
+static char *pid_name(pid_t pid)
+{
+ char *comm;
+ FILE *f;
+ int err;
+
+ err = asprintf(&comm, "/proc/%d/comm", pid);
+ if (err < 0)
+ return NULL;
+
+ f = fopen(comm, "r");
+ free(comm);
+ if (!f) {
+ perror("fopen");
+ return NULL;
+ }
+
+ if (fscanf(f, "%ms\n", &comm) != 1) {
+ perror("fscanf");
+ comm = NULL;
+ }
+
+
+ if (fclose(f))
+ perror("fclose");
+
+ return comm;
+}
+
+static void show_processes(const char *name)
+{
+ glob_t globbuf = { };
+ char **fd_path;
+ int err;
+
+ err = glob("/proc/[0-9]*/fd/[0-9]*", GLOB_NOSORT,
+ NULL, &globbuf);
+ if (err)
+ return;
+
+ fd_path = globbuf.gl_pathv;
+ while (*fd_path) {
+ const char *dev_net_tun = "/dev/net/tun";
+ const size_t linkbuf_len = strlen(dev_net_tun) + 2;
+ char linkbuf[linkbuf_len], *fdinfo;
+ int pid, fd;
+ FILE *f;
+
+ if (sscanf(*fd_path, "/proc/%d/fd/%d", &pid, &fd) != 2)
+ goto next;
+
+ if (pid == getpid())
+ goto next;
+
+ err = readlink(*fd_path, linkbuf, linkbuf_len - 1);
+ if (err < 0) {
+ perror("readlink");
+ goto next;
+ }
+ linkbuf[err] = '\0';
+ if (strcmp(dev_net_tun, linkbuf))
+ goto next;
+
+ if (asprintf(&fdinfo, "/proc/%d/fdinfo/%d", pid, fd) < 0)
+ goto next;
+
+ f = fopen(fdinfo, "r");
+ free(fdinfo);
+ if (!f) {
+ perror("fopen");
+ goto next;
+ }
+
+ while (!feof(f)) {
+ char *key = NULL, *value = NULL;
+
+ err = fscanf(f, "%m[^:]: %ms\n", &key, &value);
+ if (err == EOF) {
+ if (ferror(f))
+ perror("fscanf");
+ break;
+ } else if (err == 2 &&
+ !strcmp("iff", key) &&
+ !strcmp(name, value)) {
+ char *pname = pid_name(pid);
+
+ printf(" %s(%d)", pname ? : "<NULL>", pid);
+ free(pname);
+ }
+
+ free(key);
+ free(value);
+ }
+ if (fclose(f))
+ perror("fclose");
+
+next:
+ ++fd_path;
+ }
+
+ globfree(&globbuf);
+}
+
+
static int do_show(int argc, char **argv)
{
DIR *dir;
@@ -300,6 +410,11 @@
if (group != -1)
printf(" group %ld", group);
printf("\n");
+ if (show_details) {
+ printf("\tAttached to processes:");
+ show_processes(d->d_name);
+ printf("\n");
+ }
}
closedir(dir);
return 0;
@@ -313,9 +428,9 @@
if (matches(*argv, "delete") == 0)
return do_del(argc-1, argv+1);
if (matches(*argv, "show") == 0 ||
- matches(*argv, "lst") == 0 ||
- matches(*argv, "list") == 0)
- return do_show(argc-1, argv+1);
+ matches(*argv, "lst") == 0 ||
+ matches(*argv, "list") == 0)
+ return do_show(argc-1, argv+1);
if (matches(*argv, "help") == 0)
usage();
} else
diff --git a/ip/ipvrf.c b/ip/ipvrf.c
new file mode 100644
index 0000000..f9277e1
--- /dev/null
+++ b/ip/ipvrf.c
@@ -0,0 +1,636 @@
+/*
+ * ipvrf.c "ip vrf"
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: David Ahern <dsa@cumulusnetworks.com>
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/mount.h>
+#include <linux/bpf.h>
+#include <linux/if.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <dirent.h>
+#include <errno.h>
+#include <limits.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "ip_common.h"
+#include "bpf_util.h"
+
+#define CGRP_PROC_FILE "/cgroup.procs"
+
+static struct link_filter vrf_filter;
+
+static void usage(void)
+{
+ fprintf(stderr, "Usage: ip vrf show [NAME] ...\n");
+ fprintf(stderr, " ip vrf exec [NAME] cmd ...\n");
+ fprintf(stderr, " ip vrf identify [PID]\n");
+ fprintf(stderr, " ip vrf pids [NAME]\n");
+
+ exit(-1);
+}
+
+/*
+ * parse process based cgroup file looking for PATH/vrf/NAME where
+ * NAME is the name of the vrf the process is associated with
+ */
+static int vrf_identify(pid_t pid, char *name, size_t len)
+{
+ char path[PATH_MAX];
+ char buf[4096];
+ char *vrf, *end;
+ FILE *fp;
+
+ snprintf(path, sizeof(path), "/proc/%d/cgroup", pid);
+ fp = fopen(path, "r");
+ if (!fp)
+ return -1;
+
+ memset(name, 0, len);
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ /* want the controller-less cgroup */
+ if (strstr(buf, "::/") == NULL)
+ continue;
+
+ vrf = strstr(buf, "/vrf/");
+ if (vrf) {
+ vrf += 5; /* skip past "/vrf/" */
+ end = strchr(vrf, '\n');
+ if (end)
+ *end = '\0';
+
+ strlcpy(name, vrf, len);
+ break;
+ }
+ }
+
+ fclose(fp);
+
+ return 0;
+}
+
+static int ipvrf_identify(int argc, char **argv)
+{
+ char vrf[32];
+ int rc;
+ unsigned int pid;
+
+ if (argc < 1)
+ pid = getpid();
+ else if (argc > 1)
+ invarg("Extra arguments specified\n", argv[1]);
+ else if (get_unsigned(&pid, argv[0], 10))
+ invarg("Invalid pid\n", argv[0]);
+
+ rc = vrf_identify(pid, vrf, sizeof(vrf));
+ if (!rc) {
+ if (vrf[0] != '\0')
+ printf("%s\n", vrf);
+ } else {
+ fprintf(stderr, "Failed to lookup vrf association: %s\n",
+ strerror(errno));
+ }
+
+ return rc;
+}
+
+/* read PATH/vrf/NAME/cgroup.procs file */
+static void read_cgroup_pids(const char *base_path, char *name)
+{
+ char path[PATH_MAX];
+ char buf[4096];
+ FILE *fp;
+
+ if (snprintf(path, sizeof(path), "%s/vrf/%s%s",
+ base_path, name, CGRP_PROC_FILE) >= sizeof(path))
+ return;
+
+ fp = fopen(path, "r");
+ if (!fp)
+ return; /* no cgroup file, nothing to show */
+
+ /* dump contents (pids) of cgroup.procs */
+ while (fgets(buf, sizeof(buf), fp)) {
+ char *nl, comm[32];
+
+ nl = strchr(buf, '\n');
+ if (nl)
+ *nl = '\0';
+
+ if (get_command_name(buf, comm, sizeof(comm)))
+ strcpy(comm, "<terminated?>");
+
+ printf("%5s %s\n", buf, comm);
+ }
+
+ fclose(fp);
+}
+
+/* recurse path looking for PATH[/NETNS]/vrf/NAME */
+static int recurse_dir(char *base_path, char *name, const char *netns)
+{
+ char path[PATH_MAX];
+ struct dirent *de;
+ struct stat fstat;
+ int rc;
+ DIR *d;
+
+ d = opendir(base_path);
+ if (!d)
+ return -1;
+
+ while ((de = readdir(d)) != NULL) {
+ if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
+ continue;
+
+ if (!strcmp(de->d_name, "vrf")) {
+ const char *pdir = strrchr(base_path, '/');
+
+ /* found a 'vrf' directory. if it is for the given
+ * namespace then dump the cgroup pids
+ */
+ if (*netns == '\0' ||
+ (pdir && !strcmp(pdir+1, netns)))
+ read_cgroup_pids(base_path, name);
+
+ continue;
+ }
+
+ /* is this a subdir that needs to be walked */
+ if (snprintf(path, sizeof(path), "%s/%s",
+ base_path, de->d_name) >= sizeof(path))
+ continue;
+
+ if (lstat(path, &fstat) < 0)
+ continue;
+
+ if (S_ISDIR(fstat.st_mode)) {
+ rc = recurse_dir(path, name, netns);
+ if (rc != 0)
+ goto out;
+ }
+ }
+
+ rc = 0;
+out:
+ closedir(d);
+
+ return rc;
+}
+
+static int ipvrf_get_netns(char *netns, int len)
+{
+ if (netns_identify_pid("self", netns, len-3)) {
+ fprintf(stderr, "Failed to get name of network namespace: %s\n",
+ strerror(errno));
+ return -1;
+ }
+
+ if (*netns != '\0')
+ strcat(netns, "-ns");
+
+ return 0;
+}
+
+static int ipvrf_pids(int argc, char **argv)
+{
+ char *mnt, *vrf;
+ char netns[256];
+ int ret = -1;
+
+ if (argc != 1) {
+ fprintf(stderr, "Invalid arguments\n");
+ return -1;
+ }
+
+ vrf = argv[0];
+ if (!name_is_vrf(vrf)) {
+ fprintf(stderr, "Invalid VRF name\n");
+ return -1;
+ }
+
+ mnt = find_cgroup2_mount();
+ if (!mnt)
+ return -1;
+
+ if (ipvrf_get_netns(netns, sizeof(netns)) < 0)
+ goto out;
+
+ ret = recurse_dir(mnt, vrf, netns);
+
+out:
+ free(mnt);
+
+ return ret;
+}
+
+/* load BPF program to set sk_bound_dev_if for sockets */
+static char bpf_log_buf[256*1024];
+
+static int prog_load(int idx)
+{
+ struct bpf_insn prog[] = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_MOV64_IMM(BPF_REG_3, idx),
+ BPF_MOV64_IMM(BPF_REG_2,
+ offsetof(struct bpf_sock, bound_dev_if)),
+ BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_3,
+ offsetof(struct bpf_sock, bound_dev_if)),
+ BPF_MOV64_IMM(BPF_REG_0, 1), /* r0 = verdict */
+ BPF_EXIT_INSN(),
+ };
+
+ return bpf_prog_load(BPF_PROG_TYPE_CGROUP_SOCK, prog, sizeof(prog),
+ "GPL", bpf_log_buf, sizeof(bpf_log_buf));
+}
+
+static int vrf_configure_cgroup(const char *path, int ifindex)
+{
+ int rc = -1, cg_fd, prog_fd = -1;
+
+ cg_fd = open(path, O_DIRECTORY | O_RDONLY);
+ if (cg_fd < 0) {
+ fprintf(stderr,
+ "Failed to open cgroup path: '%s'\n",
+ strerror(errno));
+ goto out;
+ }
+
+ /*
+ * Load bpf program into kernel and attach to cgroup to affect
+ * socket creates
+ */
+ prog_fd = prog_load(ifindex);
+ if (prog_fd < 0) {
+ fprintf(stderr, "Failed to load BPF prog: '%s'\n",
+ strerror(errno));
+
+ if (errno != EPERM) {
+ fprintf(stderr,
+ "Kernel compiled with CGROUP_BPF enabled?\n");
+ }
+ goto out;
+ }
+
+ if (bpf_prog_attach_fd(prog_fd, cg_fd, BPF_CGROUP_INET_SOCK_CREATE)) {
+ fprintf(stderr, "Failed to attach prog to cgroup: '%s'\n",
+ strerror(errno));
+ goto out;
+ }
+
+ rc = 0;
+out:
+ close(cg_fd);
+ close(prog_fd);
+
+ return rc;
+}
+
+/* get base path for controller-less cgroup for a process.
+ * path returned does not include /vrf/NAME if it exists
+ */
+static int vrf_path(char *vpath, size_t len)
+{
+ char path[PATH_MAX];
+ char buf[4096];
+ char *vrf;
+ FILE *fp;
+
+ snprintf(path, sizeof(path), "/proc/%d/cgroup", getpid());
+ fp = fopen(path, "r");
+ if (!fp)
+ return -1;
+
+ vpath[0] = '\0';
+
+ while (fgets(buf, sizeof(buf), fp)) {
+ char *start, *nl;
+
+ start = strstr(buf, "::/");
+ if (!start)
+ continue;
+
+ /* advance past '::' */
+ start += 2;
+
+ nl = strchr(start, '\n');
+ if (nl)
+ *nl = '\0';
+
+ vrf = strstr(start, "/vrf");
+ if (vrf)
+ *vrf = '\0';
+
+ strlcpy(vpath, start, len);
+
+ /* if vrf path is just / then return nothing */
+ if (!strcmp(vpath, "/"))
+ vpath[0] = '\0';
+
+ break;
+ }
+
+ fclose(fp);
+
+ return 0;
+}
+
+static int vrf_switch(const char *name)
+{
+ char path[PATH_MAX], *mnt, pid[16];
+ char vpath[PATH_MAX], netns[256];
+ int ifindex = 0;
+ int rc = -1, len, fd = -1;
+
+ if (strcmp(name, "default")) {
+ ifindex = name_is_vrf(name);
+ if (!ifindex) {
+ fprintf(stderr, "Invalid VRF name\n");
+ return -1;
+ }
+ }
+
+ mnt = find_cgroup2_mount();
+ if (!mnt)
+ return -1;
+
+ /* -1 on length to add '/' to the end */
+ if (ipvrf_get_netns(netns, sizeof(netns) - 1) < 0)
+ goto out;
+
+ if (vrf_path(vpath, sizeof(vpath)) < 0) {
+ fprintf(stderr, "Failed to get base cgroup path: %s\n",
+ strerror(errno));
+ goto out;
+ }
+
+ /* if path already ends in netns then don't add it again */
+ if (*netns != '\0') {
+ char *pdir = strrchr(vpath, '/');
+
+ if (!pdir)
+ pdir = vpath;
+ else
+ pdir++;
+
+ if (strcmp(pdir, netns) == 0)
+ *pdir = '\0';
+
+ strcat(netns, "/");
+ }
+
+ /* path to cgroup; make sure buffer has room to cat "/cgroup.procs"
+ * to the end of the path
+ */
+ len = snprintf(path, sizeof(path) - sizeof(CGRP_PROC_FILE),
+ "%s%s/%svrf/%s",
+ mnt, vpath, netns, ifindex ? name : "");
+ if (len > sizeof(path) - sizeof(CGRP_PROC_FILE)) {
+ fprintf(stderr, "Invalid path to cgroup2 mount\n");
+ goto out;
+ }
+
+ if (make_path(path, 0755)) {
+ fprintf(stderr, "Failed to setup vrf cgroup2 directory\n");
+ goto out;
+ }
+
+ if (ifindex && vrf_configure_cgroup(path, ifindex))
+ goto out;
+
+ /*
+ * write pid to cgroup.procs making process part of cgroup
+ */
+ strcat(path, CGRP_PROC_FILE);
+ fd = open(path, O_RDWR | O_APPEND);
+ if (fd < 0) {
+ fprintf(stderr, "Failed to open cgroups.procs file: %s.\n",
+ strerror(errno));
+ goto out;
+ }
+
+ snprintf(pid, sizeof(pid), "%d", getpid());
+ if (write(fd, pid, strlen(pid)) < 0) {
+ fprintf(stderr, "Failed to join cgroup\n");
+ goto out2;
+ }
+
+ rc = 0;
+out2:
+ close(fd);
+out:
+ free(mnt);
+
+ return rc;
+}
+
+static int ipvrf_exec(int argc, char **argv)
+{
+ if (argc < 1) {
+ fprintf(stderr, "No VRF name specified\n");
+ return -1;
+ }
+ if (argc < 2) {
+ fprintf(stderr, "No command specified\n");
+ return -1;
+ }
+
+ if (vrf_switch(argv[0]))
+ return -1;
+
+ return -cmd_exec(argv[1], argv + 1, !!batch_mode);
+}
+
+/* reset VRF association of current process to default VRF;
+ * used by netns_exec
+ */
+void vrf_reset(void)
+{
+ char vrf[32];
+
+ if (vrf_identify(getpid(), vrf, sizeof(vrf)) ||
+ (vrf[0] == '\0'))
+ return;
+
+ vrf_switch("default");
+}
+
+static int ipvrf_filter_req(struct nlmsghdr *nlh, int reqlen)
+{
+ struct rtattr *linkinfo;
+ int err;
+
+ if (vrf_filter.kind) {
+ linkinfo = addattr_nest(nlh, reqlen, IFLA_LINKINFO);
+
+ err = addattr_l(nlh, reqlen, IFLA_INFO_KIND, vrf_filter.kind,
+ strlen(vrf_filter.kind));
+ if (err)
+ return err;
+
+ addattr_nest_end(nlh, linkinfo);
+ }
+
+ return 0;
+}
+
+/* input arg is linkinfo */
+static __u32 vrf_table_linkinfo(struct rtattr *li[])
+{
+ struct rtattr *attr[IFLA_VRF_MAX + 1];
+
+ if (li[IFLA_INFO_DATA]) {
+ parse_rtattr_nested(attr, IFLA_VRF_MAX, li[IFLA_INFO_DATA]);
+
+ if (attr[IFLA_VRF_TABLE])
+ return rta_getattr_u32(attr[IFLA_VRF_TABLE]);
+ }
+
+ return 0;
+}
+
+static int ipvrf_print(struct nlmsghdr *n)
+{
+ struct ifinfomsg *ifi = NLMSG_DATA(n);
+ struct rtattr *tb[IFLA_MAX+1];
+ struct rtattr *li[IFLA_INFO_MAX+1];
+ int len = n->nlmsg_len;
+ const char *name;
+ __u32 tb_id;
+
+ len -= NLMSG_LENGTH(sizeof(*ifi));
+ if (len < 0)
+ return 0;
+
+ if (vrf_filter.ifindex && vrf_filter.ifindex != ifi->ifi_index)
+ return 0;
+
+ parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len);
+
+ /* kernel does not support filter by master device */
+ if (tb[IFLA_MASTER]) {
+ int master = *(int *)RTA_DATA(tb[IFLA_MASTER]);
+
+ if (vrf_filter.master && master != vrf_filter.master)
+ return 0;
+ }
+
+ if (!tb[IFLA_IFNAME]) {
+ fprintf(stderr,
+ "BUG: device with ifindex %d has nil ifname\n",
+ ifi->ifi_index);
+ return 0;
+ }
+ name = rta_getattr_str(tb[IFLA_IFNAME]);
+
+ /* missing LINKINFO means not VRF. e.g., kernel does not
+ * support filtering on kind, so userspace needs to handle
+ */
+ if (!tb[IFLA_LINKINFO])
+ return 0;
+
+ parse_rtattr_nested(li, IFLA_INFO_MAX, tb[IFLA_LINKINFO]);
+
+ if (!li[IFLA_INFO_KIND])
+ return 0;
+
+ if (strcmp(RTA_DATA(li[IFLA_INFO_KIND]), "vrf"))
+ return 0;
+
+ tb_id = vrf_table_linkinfo(li);
+ if (!tb_id) {
+ fprintf(stderr,
+ "BUG: VRF %s is missing table id\n", name);
+ return 0;
+ }
+
+ printf("%-16s %5u", name, tb_id);
+
+ printf("\n");
+ return 1;
+}
+
+static int ipvrf_show(int argc, char **argv)
+{
+ struct nlmsg_chain linfo = { NULL, NULL};
+ int rc = 0;
+
+ vrf_filter.kind = "vrf";
+
+ if (argc > 1)
+ usage();
+
+ if (argc == 1) {
+ __u32 tb_id;
+
+ tb_id = ipvrf_get_table(argv[0]);
+ if (!tb_id) {
+ fprintf(stderr, "Invalid VRF\n");
+ return 1;
+ }
+ printf("%s %u\n", argv[0], tb_id);
+ return 0;
+ }
+
+ if (ip_linkaddr_list(0, ipvrf_filter_req, &linfo, NULL) == 0) {
+ struct nlmsg_list *l;
+ unsigned nvrf = 0;
+ int n;
+
+ n = printf("%-16s %5s\n", "Name", "Table");
+ printf("%.*s\n", n-1, "-----------------------");
+ for (l = linfo.head; l; l = l->next)
+ nvrf += ipvrf_print(&l->h);
+
+ if (!nvrf)
+ printf("No VRF has been configured\n");
+ } else
+ rc = 1;
+
+ free_nlmsg_chain(&linfo);
+
+ return rc;
+}
+
+int do_ipvrf(int argc, char **argv)
+{
+ if (argc == 0)
+ return ipvrf_show(0, NULL);
+
+ if (matches(*argv, "identify") == 0)
+ return ipvrf_identify(argc-1, argv+1);
+
+ if (matches(*argv, "pids") == 0)
+ return ipvrf_pids(argc-1, argv+1);
+
+ if (matches(*argv, "exec") == 0)
+ return ipvrf_exec(argc-1, argv+1);
+
+ if (matches(*argv, "show") == 0 ||
+ matches(*argv, "lst") == 0 ||
+ matches(*argv, "list") == 0)
+ return ipvrf_show(argc-1, argv+1);
+
+ if (matches(*argv, "help") == 0)
+ usage();
+
+ fprintf(stderr, "Command \"%s\" is unknown, try \"ip vrf help\".\n",
+ *argv);
+
+ exit(-1);
+}
diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c
index e583abf..12c2f72 100644
--- a/ip/ipxfrm.c
+++ b/ip/ipxfrm.c
@@ -40,17 +40,6 @@
#include "ip_common.h"
#define STRBUF_SIZE (128)
-#define STRBUF_CAT(buf, str) \
- do { \
- int rest = sizeof(buf) - 1 - strlen(buf); \
- if (rest > 0) { \
- int len = strlen(str); \
- if (len > rest) \
- len = rest; \
- strncat(buf, str, len); \
- buf[sizeof(buf) - 1] = '\0'; \
- } \
- } while(0);
struct xfrm_filter filter;
@@ -111,7 +100,7 @@
int t_type;
};
-static const struct typeent xfrmproto_types[]= {
+static const struct typeent xfrmproto_types[] = {
{ "esp", IPPROTO_ESP }, { "ah", IPPROTO_AH }, { "comp", IPPROTO_COMP },
{ "route2", IPPROTO_ROUTING }, { "hao", IPPROTO_DSTOPTS },
{ "ipsec-any", IPSEC_PROTO_ANY },
@@ -124,6 +113,7 @@
for (i = 0; ; i++) {
const struct typeent *t = &xfrmproto_types[i];
+
if (!t->t_name || t->t_type == -1)
break;
@@ -141,6 +131,7 @@
for (i = 0; ; i++) {
const struct typeent *t = &xfrmproto_types[i];
+
if (!t->t_name || t->t_type == -1)
break;
@@ -152,7 +143,7 @@
return str;
}
-static const struct typeent algo_types[]= {
+static const struct typeent algo_types[] = {
{ "enc", XFRMA_ALG_CRYPT }, { "auth", XFRMA_ALG_AUTH },
{ "comp", XFRMA_ALG_COMP }, { "aead", XFRMA_ALG_AEAD },
{ "auth-trunc", XFRMA_ALG_AUTH_TRUNC },
@@ -165,6 +156,7 @@
for (i = 0; ; i++) {
const struct typeent *t = &algo_types[i];
+
if (!t->t_name || t->t_type == -1)
break;
@@ -182,6 +174,7 @@
for (i = 0; ; i++) {
const struct typeent *t = &algo_types[i];
+
if (!t->t_name || t->t_type == -1)
break;
@@ -281,17 +274,11 @@
__u8 mode, __u32 reqid, __u16 family, int force_spi,
FILE *fp, const char *prefix, const char *title)
{
- char abuf[256];
-
if (title)
fputs(title, fp);
- memset(abuf, '\0', sizeof(abuf));
- fprintf(fp, "src %s ", rt_addr_n2a(family, sizeof(*saddr),
- saddr, abuf, sizeof(abuf)));
- memset(abuf, '\0', sizeof(abuf));
- fprintf(fp, "dst %s", rt_addr_n2a(family, sizeof(id->daddr),
- &id->daddr, abuf, sizeof(abuf)));
+ fprintf(fp, "src %s ", rt_addr_n2a(family, sizeof(*saddr), saddr));
+ fprintf(fp, "dst %s", rt_addr_n2a(family, sizeof(id->daddr), &id->daddr));
fprintf(fp, "%s", _SL_);
if (prefix)
@@ -302,6 +289,7 @@
if (show_stats > 0 || force_spi || id->spi) {
__u32 spi = ntohl(id->spi);
+
fprintf(fp, "spi 0x%08x", spi);
if (show_stats > 0)
fprintf(fp, "(%u)", spi);
@@ -340,6 +328,7 @@
static const char *strxf_limit(__u64 limit)
{
static char str[32];
+
if (limit == XFRM_INF)
strcpy(str, "(INF)");
else
@@ -389,7 +378,7 @@
if (cfg) {
if (prefix)
fputs(prefix, fp);
- fprintf(fp, "lifetime config:%s",_SL_);
+ fprintf(fp, "lifetime config:%s", _SL_);
if (prefix)
fputs(prefix, fp);
@@ -441,7 +430,6 @@
void xfrm_selector_print(struct xfrm_selector *sel, __u16 family,
FILE *fp, const char *prefix)
{
- char abuf[256];
__u16 f;
f = sel->family;
@@ -453,16 +441,12 @@
if (prefix)
fputs(prefix, fp);
- memset(abuf, '\0', sizeof(abuf));
fprintf(fp, "src %s/%u ",
- rt_addr_n2a(f, sizeof(sel->saddr), &sel->saddr,
- abuf, sizeof(abuf)),
+ rt_addr_n2a(f, sizeof(sel->saddr), &sel->saddr),
sel->prefixlen_s);
- memset(abuf, '\0', sizeof(abuf));
fprintf(fp, "dst %s/%u ",
- rt_addr_n2a(f, sizeof(sel->daddr), &sel->daddr,
- abuf, sizeof(abuf)),
+ rt_addr_n2a(f, sizeof(sel->daddr), &sel->daddr),
sel->prefixlen_d);
if (sel->proto)
@@ -538,7 +522,7 @@
if (keylen > 0) {
fprintf(fp, "0x");
- for (i = 0; i < keylen; i ++)
+ for (i = 0; i < keylen; i++)
fprintf(fp, "%.2x", (unsigned char)algo->alg_key[i]);
if (show_stats > 0)
@@ -691,44 +675,49 @@
{
if (tb[XFRMA_MARK]) {
struct rtattr *rta = tb[XFRMA_MARK];
- struct xfrm_mark *m = (struct xfrm_mark *) RTA_DATA(rta);
+ struct xfrm_mark *m = RTA_DATA(rta);
+
fprintf(fp, "\tmark %#x/%#x", m->v, m->m);
fprintf(fp, "%s", _SL_);
}
if (tb[XFRMA_ALG_AUTH] && !tb[XFRMA_ALG_AUTH_TRUNC]) {
struct rtattr *rta = tb[XFRMA_ALG_AUTH];
- xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta),
+
+ xfrm_algo_print(RTA_DATA(rta),
XFRMA_ALG_AUTH, RTA_PAYLOAD(rta), fp, prefix);
}
if (tb[XFRMA_ALG_AUTH_TRUNC]) {
struct rtattr *rta = tb[XFRMA_ALG_AUTH_TRUNC];
- xfrm_auth_trunc_print((struct xfrm_algo_auth *) RTA_DATA(rta),
+
+ xfrm_auth_trunc_print(RTA_DATA(rta),
RTA_PAYLOAD(rta), fp, prefix);
}
if (tb[XFRMA_ALG_AEAD]) {
struct rtattr *rta = tb[XFRMA_ALG_AEAD];
- xfrm_aead_print((struct xfrm_algo_aead *)RTA_DATA(rta),
+
+ xfrm_aead_print(RTA_DATA(rta),
RTA_PAYLOAD(rta), fp, prefix);
}
if (tb[XFRMA_ALG_CRYPT]) {
struct rtattr *rta = tb[XFRMA_ALG_CRYPT];
- xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta),
+
+ xfrm_algo_print(RTA_DATA(rta),
XFRMA_ALG_CRYPT, RTA_PAYLOAD(rta), fp, prefix);
}
if (tb[XFRMA_ALG_COMP]) {
struct rtattr *rta = tb[XFRMA_ALG_COMP];
- xfrm_algo_print((struct xfrm_algo *) RTA_DATA(rta),
+
+ xfrm_algo_print(RTA_DATA(rta),
XFRMA_ALG_COMP, RTA_PAYLOAD(rta), fp, prefix);
}
if (tb[XFRMA_ENCAP]) {
struct xfrm_encap_tmpl *e;
- char abuf[256];
if (prefix)
fputs(prefix, fp);
@@ -739,7 +728,7 @@
fprintf(fp, "%s", _SL_);
return;
}
- e = (struct xfrm_encap_tmpl *) RTA_DATA(tb[XFRMA_ENCAP]);
+ e = RTA_DATA(tb[XFRMA_ENCAP]);
fprintf(fp, "type ");
switch (e->encap_type) {
@@ -756,39 +745,34 @@
fprintf(fp, "sport %u ", ntohs(e->encap_sport));
fprintf(fp, "dport %u ", ntohs(e->encap_dport));
- memset(abuf, '\0', sizeof(abuf));
fprintf(fp, "addr %s",
- rt_addr_n2a(family, sizeof(e->encap_oa), &e->encap_oa,
- abuf, sizeof(abuf)));
+ rt_addr_n2a(family, sizeof(e->encap_oa), &e->encap_oa));
fprintf(fp, "%s", _SL_);
}
if (tb[XFRMA_TMPL]) {
struct rtattr *rta = tb[XFRMA_TMPL];
- xfrm_tmpl_print((struct xfrm_user_tmpl *) RTA_DATA(rta),
+
+ xfrm_tmpl_print(RTA_DATA(rta),
RTA_PAYLOAD(rta), fp, prefix);
}
if (tb[XFRMA_COADDR]) {
- char abuf[256];
- xfrm_address_t *coa;
+ const xfrm_address_t *coa;
if (prefix)
fputs(prefix, fp);
fprintf(fp, "coa ");
- coa = (xfrm_address_t *)RTA_DATA(tb[XFRMA_COADDR]);
-
+ coa = RTA_DATA(tb[XFRMA_COADDR]);
if (RTA_PAYLOAD(tb[XFRMA_COADDR]) < sizeof(*coa)) {
fprintf(fp, "(ERROR truncated)");
fprintf(fp, "%s", _SL_);
return;
}
- memset(abuf, '\0', sizeof(abuf));
fprintf(fp, "%s",
- rt_addr_n2a(family, sizeof(*coa), coa,
- abuf, sizeof(abuf)));
+ rt_addr_n2a(family, sizeof(*coa), coa));
fprintf(fp, "%s", _SL_);
}
@@ -824,7 +808,7 @@
return;
}
- replay = (struct xfrm_replay_state *)RTA_DATA(tb[XFRMA_REPLAY_VAL]);
+ replay = RTA_DATA(tb[XFRMA_REPLAY_VAL]);
fprintf(fp, "seq 0x%x, oseq 0x%x, bitmap 0x%08x",
replay->seq, replay->oseq, replay->bitmap);
fprintf(fp, "%s", _SL_);
@@ -845,7 +829,7 @@
}
fprintf(fp, "%s", _SL_);
- replay = (struct xfrm_replay_state_esn *)RTA_DATA(tb[XFRMA_REPLAY_ESN_VAL]);
+ replay = RTA_DATA(tb[XFRMA_REPLAY_ESN_VAL]);
if (prefix)
fputs(prefix, fp);
fprintf(fp, " seq-hi 0x%x, seq 0x%x, oseq-hi 0x%0x, oseq 0x%0x",
@@ -867,13 +851,30 @@
}
fprintf(fp, "%s", _SL_);
}
+ if (tb[XFRMA_OFFLOAD_DEV]) {
+ struct xfrm_user_offload *xuo;
+
+ if (prefix)
+ fputs(prefix, fp);
+ fprintf(fp, "crypto offload parameters: ");
+
+ if (RTA_PAYLOAD(tb[XFRMA_OFFLOAD_DEV]) < sizeof(*xuo)) {
+ fprintf(fp, "(ERROR truncated)");
+ fprintf(fp, "%s", _SL_);
+ return;
+ }
+
+ xuo = (struct xfrm_user_offload *)
+ RTA_DATA(tb[XFRMA_OFFLOAD_DEV]);
+ fprintf(fp, "dev %s dir %s", ll_index_to_name(xuo->ifindex),
+ (xuo->flags & XFRM_OFFLOAD_INBOUND) ? "in" : "out");
+ fprintf(fp, "%s", _SL_);
+ }
}
static int xfrm_selector_iszero(struct xfrm_selector *s)
{
- struct xfrm_selector s0;
-
- memset(&s0, 0, sizeof(s0));
+ struct xfrm_selector s0 = {};
return (memcmp(&s0, s, sizeof(s0)) == 0);
}
@@ -882,18 +883,16 @@
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
- char buf[STRBUF_SIZE];
+ char buf[STRBUF_SIZE] = {};
int force_spi = xfrm_xfrmproto_is_ipsec(xsinfo->id.proto);
- memset(buf, '\0', sizeof(buf));
-
xfrm_id_info_print(&xsinfo->saddr, &xsinfo->id, xsinfo->mode,
xsinfo->reqid, xsinfo->family, force_spi, fp,
prefix, title);
if (prefix)
- STRBUF_CAT(buf, prefix);
- STRBUF_CAT(buf, "\t");
+ strlcat(buf, prefix, sizeof(buf));
+ strlcat(buf, "\t", sizeof(buf));
fputs(buf, fp);
fprintf(fp, "replay-window %u ", xsinfo->replay_window);
@@ -915,7 +914,7 @@
fprintf(fp, "%x", flags);
}
if (show_stats > 0 && tb[XFRMA_SA_EXTRA_FLAGS]) {
- __u32 extra_flags = *(__u32 *)RTA_DATA(tb[XFRMA_SA_EXTRA_FLAGS]);
+ __u32 extra_flags = rta_getattr_u32(tb[XFRMA_SA_EXTRA_FLAGS]);
fprintf(fp, "extra_flag ");
XFRM_FLAG_PRINT(fp, extra_flags,
@@ -934,7 +933,7 @@
char sbuf[STRBUF_SIZE];
memcpy(sbuf, buf, sizeof(sbuf));
- STRBUF_CAT(sbuf, "sel ");
+ strlcat(sbuf, "sel ", sizeof(sbuf));
xfrm_selector_print(&xsinfo->sel, xsinfo->family, fp, sbuf);
}
@@ -952,7 +951,7 @@
if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
fprintf(fp, "(ERROR truncated)");
- sctx = (struct xfrm_user_sec_ctx *)RTA_DATA(tb[XFRMA_SEC_CTX]);
+ sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
fprintf(fp, "%s %s", (char *)(sctx + 1), _SL_);
}
@@ -963,9 +962,7 @@
struct rtattr *tb[], FILE *fp, const char *prefix,
const char *title)
{
- char buf[STRBUF_SIZE];
-
- memset(buf, '\0', sizeof(buf));
+ char buf[STRBUF_SIZE] = {};
xfrm_selector_print(&xpinfo->sel, preferred_family, fp, title);
@@ -977,15 +974,15 @@
if (RTA_PAYLOAD(tb[XFRMA_SEC_CTX]) < sizeof(*sctx))
fprintf(fp, "(ERROR truncated)");
- sctx = (struct xfrm_user_sec_ctx *)RTA_DATA(tb[XFRMA_SEC_CTX]);
+ sctx = RTA_DATA(tb[XFRMA_SEC_CTX]);
fprintf(fp, "%s ", (char *)(sctx + 1));
fprintf(fp, "%s", _SL_);
}
if (prefix)
- STRBUF_CAT(buf, prefix);
- STRBUF_CAT(buf, "\t");
+ strlcat(buf, prefix, sizeof(buf));
+ strlcat(buf, "\t", sizeof(buf));
fputs(buf, fp);
if (xpinfo->dir >= XFRM_POLICY_MAX) {
@@ -1035,7 +1032,7 @@
if (RTA_PAYLOAD(tb[XFRMA_POLICY_TYPE]) < sizeof(*upt))
fprintf(fp, "(ERROR truncated)");
- upt = (struct xfrm_userpolicy_type *)RTA_DATA(tb[XFRMA_POLICY_TYPE]);
+ upt = RTA_DATA(tb[XFRMA_POLICY_TYPE]);
fprintf(fp, "%s ", strxf_ptype(upt->type));
}
@@ -1066,11 +1063,8 @@
{
int argc = *argcp;
char **argv = *argvp;
- inet_prefix dst;
- inet_prefix src;
-
- memset(&dst, 0, sizeof(dst));
- memset(&src, 0, sizeof(src));
+ inet_prefix dst = {};
+ inet_prefix src = {};
while (1) {
if (strcmp(*argv, "src") == 0) {
@@ -1113,15 +1107,10 @@
filter.id_proto_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "spi") == 0) {
- __u32 spi;
-
NEXT_ARG();
- if (get_u32(&spi, *argv, 0))
+ if (get_be32(&id->spi, *argv, 0))
invarg("SPI value is invalid", *argv);
- spi = htonl(spi);
- id->spi = spi;
-
filter.id_spi_mask = XFRM_FILTER_MASK_FULL;
} else {
@@ -1140,11 +1129,11 @@
if (id->spi && id->proto) {
if (xfrm_xfrmproto_is_ro(id->proto)) {
fprintf(stderr, "\"spi\" is invalid with XFRM-PROTO value \"%s\"\n",
- strxf_xfrmproto(id->proto));
+ strxf_xfrmproto(id->proto));
exit(1);
} else if (id->proto == IPPROTO_COMP && ntohl(id->spi) >= 0x10000) {
fprintf(stderr, "SPI value is too large with XFRM-PROTO value \"%s\"\n",
- strxf_xfrmproto(id->proto));
+ strxf_xfrmproto(id->proto));
exit(1);
}
}
@@ -1238,6 +1227,7 @@
upspec = 0;
else {
struct protoent *pp;
+
pp = getprotobyname(*argv);
if (pp)
upspec = pp->p_proto;
@@ -1255,9 +1245,8 @@
NEXT_ARG();
- if (get_u16(&sel->sport, *argv, 0))
+ if (get_be16(&sel->sport, *argv, 0))
invarg("value after \"sport\" is invalid", *argv);
- sel->sport = htons(sel->sport);
if (sel->sport)
sel->sport_mask = ~((__u16)0);
@@ -1268,9 +1257,8 @@
NEXT_ARG();
- if (get_u16(&sel->dport, *argv, 0))
+ if (get_be16(&sel->dport, *argv, 0))
invarg("value after \"dport\" is invalid", *argv);
- sel->dport = htons(sel->dport);
if (sel->dport)
sel->dport_mask = ~((__u16)0);
@@ -1304,7 +1292,7 @@
filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL;
} else if (strcmp(*argv, "key") == 0) {
- unsigned uval;
+ unsigned int uval;
grekey = *argv;
@@ -1313,7 +1301,7 @@
if (strchr(*argv, '.'))
uval = htonl(get_addr32(*argv));
else {
- if (get_unsigned(&uval, *argv, 0)<0) {
+ if (get_unsigned(&uval, *argv, 0) < 0) {
fprintf(stderr, "value after \"key\" is invalid\n");
exit(-1);
}
@@ -1381,13 +1369,10 @@
{
int argc = *argcp;
char **argv = *argvp;
- inet_prefix dst;
- inet_prefix src;
+ inet_prefix dst = {};
+ inet_prefix src = {};
char *upspecp = NULL;
- memset(&dst, 0, sizeof(dst));
- memset(&src, 0, sizeof(src));
-
while (1) {
if (strcmp(*argv, "src") == 0) {
NEXT_ARG();
diff --git a/ip/link_gre.c b/ip/link_gre.c
index c85741f..9ea2970 100644
--- a/ip/link_gre.c
+++ b/ip/link_gre.c
@@ -25,19 +25,33 @@
static void print_usage(FILE *f)
{
- fprintf(f, "Usage: ip link { add | set | change | replace | del } NAME\n");
- fprintf(f, " type { gre | gretap } [ remote ADDR ] [ local ADDR ]\n");
- fprintf(f, " [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]\n");
- fprintf(f, " [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]\n");
- fprintf(f, " [ noencap ] [ encap { fou | gue | none } ]\n");
- fprintf(f, " [ encap-sport PORT ] [ encap-dport PORT ]\n");
- fprintf(f, " [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ]\n");
- fprintf(f, "\n");
- fprintf(f, "Where: NAME := STRING\n");
- fprintf(f, " ADDR := { IP_ADDRESS | any }\n");
- fprintf(f, " TOS := { NUMBER | inherit }\n");
- fprintf(f, " TTL := { 1..255 | inherit }\n");
- fprintf(f, " KEY := { DOTTED_QUAD | NUMBER }\n");
+ fprintf(f,
+ "Usage: ... { gre | gretap | erspan } [ remote ADDR ]\n"
+ " [ local ADDR ]\n"
+ " [ [i|o]seq ]\n"
+ " [ [i|o]key KEY ]\n"
+ " [ [i|o]csum ]\n"
+ " [ ttl TTL ]\n"
+ " [ tos TOS ]\n"
+ " [ [no]pmtudisc ]\n"
+ " [ [no]ignore-df ]\n"
+ " [ dev PHYS_DEV ]\n"
+ " [ noencap ]\n"
+ " [ encap { fou | gue | none } ]\n"
+ " [ encap-sport PORT ]\n"
+ " [ encap-dport PORT ]\n"
+ " [ [no]encap-csum ]\n"
+ " [ [no]encap-csum6 ]\n"
+ " [ [no]encap-remcsum ]\n"
+ " [ fwmark MARK ]\n"
+ " [ erspan IDX ]\n"
+ "\n"
+ "Where: ADDR := { IP_ADDRESS | any }\n"
+ " TOS := { NUMBER | inherit }\n"
+ " TTL := { 1..255 | inherit }\n"
+ " KEY := { DOTTED_QUAD | NUMBER }\n"
+ " MARK := { 0x0..0xffffffff }\n"
+ );
}
static void usage(void) __attribute__((noreturn));
@@ -50,22 +64,28 @@
static int gre_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
struct {
struct nlmsghdr n;
struct ifinfomsg i;
char buf[16384];
- } req;
- struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ .i.ifi_index = ifi->ifi_index,
+ };
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct rtattr *greinfo[IFLA_GRE_MAX + 1];
__u16 iflags = 0;
__u16 oflags = 0;
- unsigned ikey = 0;
- unsigned okey = 0;
- unsigned saddr = 0;
- unsigned daddr = 0;
- unsigned link = 0;
+ unsigned int ikey = 0;
+ unsigned int okey = 0;
+ unsigned int saddr = 0;
+ unsigned int daddr = 0;
+ unsigned int link = 0;
__u8 pmtudisc = 1;
__u8 ttl = 0;
__u8 tos = 0;
@@ -75,16 +95,11 @@
__u16 encapsport = 0;
__u16 encapdport = 0;
__u8 metadata = 0;
+ __u8 ignore_df = 0;
+ __u32 fwmark = 0;
+ __u32 erspan_idx = 0;
if (!(n->nlmsg_flags & NLM_F_CREATE)) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
- req.i.ifi_index = ifi->ifi_index;
-
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) {
get_failed:
fprintf(stderr,
@@ -152,11 +167,21 @@
if (greinfo[IFLA_GRE_COLLECT_METADATA])
metadata = 1;
+
+ if (greinfo[IFLA_GRE_IGNORE_DF])
+ ignore_df =
+ !!rta_getattr_u8(greinfo[IFLA_GRE_IGNORE_DF]);
+
+ if (greinfo[IFLA_GRE_FWMARK])
+ fwmark = rta_getattr_u32(greinfo[IFLA_GRE_FWMARK]);
+
+ if (greinfo[IFLA_GRE_ERSPAN_INDEX])
+ erspan_idx = rta_getattr_u32(greinfo[IFLA_GRE_ERSPAN_INDEX]);
}
while (argc > 0) {
if (!matches(*argv, "key")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
iflags |= GRE_KEY;
@@ -174,14 +199,14 @@
ikey = okey = uval;
} else if (!matches(*argv, "ikey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
iflags |= GRE_KEY;
if (strchr(*argv, '.'))
uval = get_addr32(*argv);
else {
- if (get_unsigned(&uval, *argv, 0)<0) {
+ if (get_unsigned(&uval, *argv, 0) < 0) {
fprintf(stderr, "invalid value for \"ikey\": \"%s\"; it should be an unsigned integer\n", *argv);
exit(-1);
}
@@ -189,14 +214,14 @@
}
ikey = uval;
} else if (!matches(*argv, "okey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
oflags |= GRE_KEY;
if (strchr(*argv, '.'))
uval = get_addr32(*argv);
else {
- if (get_unsigned(&uval, *argv, 0)<0) {
+ if (get_unsigned(&uval, *argv, 0) < 0) {
fprintf(stderr, "invalid value for \"okey\": \"%s\"; it should be an unsigned integer\n", *argv);
exit(-1);
}
@@ -239,7 +264,7 @@
}
} else if (!matches(*argv, "ttl") ||
!matches(*argv, "hoplimit")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strcmp(*argv, "inherit") != 0) {
@@ -297,6 +322,23 @@
encapflags |= ~TUNNEL_ENCAP_FLAG_REMCSUM;
} else if (strcmp(*argv, "external") == 0) {
metadata = 1;
+ } else if (strcmp(*argv, "ignore-df") == 0) {
+ ignore_df = 1;
+ } else if (strcmp(*argv, "noignore-df") == 0) {
+ /*
+ *only the lsb is significant, use 2 for presence
+ */
+ ignore_df = 2;
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ NEXT_ARG();
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("invalid fwmark\n", *argv);
+ } else if (strcmp(*argv, "erspan") == 0) {
+ NEXT_ARG();
+ if (get_u32(&erspan_idx, *argv, 0))
+ invarg("invalid erspan index\n", *argv);
+ if (erspan_idx & ~((1<<20) - 1) || erspan_idx == 0)
+ invarg("erspan index must be > 0 and <= 20-bit\n", *argv);
} else
usage();
argc--; argv++;
@@ -315,86 +357,106 @@
return -1;
}
- addattr32(n, 1024, IFLA_GRE_IKEY, ikey);
- addattr32(n, 1024, IFLA_GRE_OKEY, okey);
- addattr_l(n, 1024, IFLA_GRE_IFLAGS, &iflags, 2);
- addattr_l(n, 1024, IFLA_GRE_OFLAGS, &oflags, 2);
- addattr_l(n, 1024, IFLA_GRE_LOCAL, &saddr, 4);
- addattr_l(n, 1024, IFLA_GRE_REMOTE, &daddr, 4);
- addattr_l(n, 1024, IFLA_GRE_PMTUDISC, &pmtudisc, 1);
- if (link)
- addattr32(n, 1024, IFLA_GRE_LINK, link);
- addattr_l(n, 1024, IFLA_GRE_TTL, &ttl, 1);
- addattr_l(n, 1024, IFLA_GRE_TOS, &tos, 1);
+ if (!metadata) {
+ addattr32(n, 1024, IFLA_GRE_IKEY, ikey);
+ addattr32(n, 1024, IFLA_GRE_OKEY, okey);
+ addattr_l(n, 1024, IFLA_GRE_IFLAGS, &iflags, 2);
+ addattr_l(n, 1024, IFLA_GRE_OFLAGS, &oflags, 2);
+ addattr_l(n, 1024, IFLA_GRE_LOCAL, &saddr, 4);
+ addattr_l(n, 1024, IFLA_GRE_REMOTE, &daddr, 4);
+ addattr_l(n, 1024, IFLA_GRE_PMTUDISC, &pmtudisc, 1);
+ if (link)
+ addattr32(n, 1024, IFLA_GRE_LINK, link);
+ addattr_l(n, 1024, IFLA_GRE_TTL, &ttl, 1);
+ addattr_l(n, 1024, IFLA_GRE_TOS, &tos, 1);
+ addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
+ if (erspan_idx != 0)
+ addattr32(n, 1024, IFLA_GRE_ERSPAN_INDEX, erspan_idx);
+ } else {
+ addattr_l(n, 1024, IFLA_GRE_COLLECT_METADATA, NULL, 0);
+ }
addattr16(n, 1024, IFLA_GRE_ENCAP_TYPE, encaptype);
addattr16(n, 1024, IFLA_GRE_ENCAP_FLAGS, encapflags);
addattr16(n, 1024, IFLA_GRE_ENCAP_SPORT, htons(encapsport));
addattr16(n, 1024, IFLA_GRE_ENCAP_DPORT, htons(encapdport));
- if (metadata)
- addattr_l(n, 1024, IFLA_GRE_COLLECT_METADATA, NULL, 0);
+
+ if (ignore_df)
+ addattr8(n, 1024, IFLA_GRE_IGNORE_DF, ignore_df & 1);
return 0;
}
-static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
+static void gre_print_direct_opt(FILE *f, struct rtattr *tb[])
{
- char s1[1024];
char s2[64];
const char *local = "any";
const char *remote = "any";
- unsigned iflags = 0;
- unsigned oflags = 0;
-
- if (!tb)
- return;
+ unsigned int iflags = 0;
+ unsigned int oflags = 0;
if (tb[IFLA_GRE_REMOTE]) {
- unsigned addr = rta_getattr_u32(tb[IFLA_GRE_REMOTE]);
+ unsigned int addr = rta_getattr_u32(tb[IFLA_GRE_REMOTE]);
if (addr)
- remote = format_host(AF_INET, 4, &addr, s1, sizeof(s1));
+ remote = format_host(AF_INET, 4, &addr);
}
- fprintf(f, "remote %s ", remote);
+ print_string(PRINT_ANY, "remote", "remote %s ", remote);
if (tb[IFLA_GRE_LOCAL]) {
- unsigned addr = rta_getattr_u32(tb[IFLA_GRE_LOCAL]);
+ unsigned int addr = rta_getattr_u32(tb[IFLA_GRE_LOCAL]);
if (addr)
- local = format_host(AF_INET, 4, &addr, s1, sizeof(s1));
+ local = format_host(AF_INET, 4, &addr);
}
- fprintf(f, "local %s ", local);
+ print_string(PRINT_ANY, "local", "local %s ", local);
if (tb[IFLA_GRE_LINK] && rta_getattr_u32(tb[IFLA_GRE_LINK])) {
- unsigned link = rta_getattr_u32(tb[IFLA_GRE_LINK]);
+ unsigned int link = rta_getattr_u32(tb[IFLA_GRE_LINK]);
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_uint(PRINT_ANY, "link_index", "dev %u ", link);
}
- if (tb[IFLA_GRE_TTL] && rta_getattr_u8(tb[IFLA_GRE_TTL]))
- fprintf(f, "ttl %d ", rta_getattr_u8(tb[IFLA_GRE_TTL]));
- else
- fprintf(f, "ttl inherit ");
+ if (tb[IFLA_GRE_TTL]) {
+ __u8 ttl = rta_getattr_u8(tb[IFLA_GRE_TTL]);
+
+ if (ttl)
+ print_int(PRINT_ANY, "ttl", "ttl %d ", ttl);
+ else
+ print_int(PRINT_JSON, "ttl", NULL, ttl);
+ } else {
+ print_string(PRINT_FP, NULL, "ttl %s ", "inherit");
+ }
if (tb[IFLA_GRE_TOS] && rta_getattr_u8(tb[IFLA_GRE_TOS])) {
int tos = rta_getattr_u8(tb[IFLA_GRE_TOS]);
- fputs("tos ", f);
- if (tos == 1)
- fputs("inherit ", f);
- else
- fprintf(f, "0x%x ", tos);
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%x", tos);
+ print_string(PRINT_JSON, "tos", NULL, b1);
+ } else {
+ fputs("tos ", f);
+ if (tos == 1)
+ fputs("inherit ", f);
+ else
+ fprintf(f, "0x%x ", tos);
+ }
}
- if (tb[IFLA_GRE_PMTUDISC] &&
- !rta_getattr_u8(tb[IFLA_GRE_PMTUDISC]))
- fputs("nopmtudisc ", f);
+ if (tb[IFLA_GRE_PMTUDISC]) {
+ if (!rta_getattr_u8(tb[IFLA_GRE_PMTUDISC]))
+ print_bool(PRINT_ANY, "pmtudisc", "nopmtudisc ", false);
+ else
+ print_bool(PRINT_JSON, "pmtudisc", NULL, true);
+ }
if (tb[IFLA_GRE_IFLAGS])
iflags = rta_getattr_u16(tb[IFLA_GRE_IFLAGS]);
@@ -404,72 +466,127 @@
if ((iflags & GRE_KEY) && tb[IFLA_GRE_IKEY]) {
inet_ntop(AF_INET, RTA_DATA(tb[IFLA_GRE_IKEY]), s2, sizeof(s2));
- fprintf(f, "ikey %s ", s2);
+ print_string(PRINT_ANY, "ikey", "ikey %s ", s2);
}
if ((oflags & GRE_KEY) && tb[IFLA_GRE_OKEY]) {
inet_ntop(AF_INET, RTA_DATA(tb[IFLA_GRE_OKEY]), s2, sizeof(s2));
- fprintf(f, "okey %s ", s2);
+ print_string(PRINT_ANY, "okey", "okey %s ", s2);
}
if (iflags & GRE_SEQ)
- fputs("iseq ", f);
+ print_bool(PRINT_ANY, "iseq", "iseq ", true);
if (oflags & GRE_SEQ)
- fputs("oseq ", f);
+ print_bool(PRINT_ANY, "oseq", "oseq ", true);
if (iflags & GRE_CSUM)
- fputs("icsum ", f);
+ print_bool(PRINT_ANY, "icsum", "icsum ", true);
if (oflags & GRE_CSUM)
- fputs("ocsum ", f);
+ print_bool(PRINT_ANY, "ocsum", "ocsum ", true);
- if (tb[IFLA_GRE_COLLECT_METADATA])
- fputs("external ", f);
+ if (tb[IFLA_GRE_FWMARK]) {
+ __u32 fwmark = rta_getattr_u32(tb[IFLA_GRE_FWMARK]);
+
+ if (fwmark) {
+ snprintf(s2, sizeof(s2), "0x%x", fwmark);
+
+ print_string(PRINT_ANY, "fwmark", "fwmark %s ", s2);
+ }
+ }
+}
+
+static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
+{
+ if (!tb)
+ return;
+
+ if (!tb[IFLA_GRE_COLLECT_METADATA])
+ gre_print_direct_opt(f, tb);
+ else
+ print_bool(PRINT_ANY, "external", "external ", true);
+
+ if (tb[IFLA_GRE_IGNORE_DF] && rta_getattr_u8(tb[IFLA_GRE_IGNORE_DF]))
+ print_bool(PRINT_ANY, "ignore_df", "ignore-df ", true);
+
+ if (tb[IFLA_GRE_ERSPAN_INDEX]) {
+ __u32 erspan_idx = rta_getattr_u32(tb[IFLA_GRE_ERSPAN_INDEX]);
+
+ fprintf(f, "erspan_index %u ", erspan_idx);
+ }
if (tb[IFLA_GRE_ENCAP_TYPE] &&
- *(__u16 *)RTA_DATA(tb[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) {
+ rta_getattr_u16(tb[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) {
__u16 type = rta_getattr_u16(tb[IFLA_GRE_ENCAP_TYPE]);
__u16 flags = rta_getattr_u16(tb[IFLA_GRE_ENCAP_FLAGS]);
__u16 sport = rta_getattr_u16(tb[IFLA_GRE_ENCAP_SPORT]);
__u16 dport = rta_getattr_u16(tb[IFLA_GRE_ENCAP_DPORT]);
- fputs("encap ", f);
+
+ open_json_object("encap");
+ print_string(PRINT_FP, NULL, "encap ", NULL);
+
switch (type) {
case TUNNEL_ENCAP_FOU:
- fputs("fou ", f);
+ print_string(PRINT_ANY, "type", "%s ", "fou");
break;
case TUNNEL_ENCAP_GUE:
- fputs("gue ", f);
+ print_string(PRINT_ANY, "type", "%s ", "gue");
break;
default:
- fputs("unknown ", f);
+ print_null(PRINT_ANY, "type", "%s ", "unknown");
break;
}
- if (sport == 0)
- fputs("encap-sport auto ", f);
- else
- fprintf(f, "encap-sport %u", ntohs(sport));
+ if (is_json_context()) {
+ print_uint(PRINT_JSON,
+ "sport",
+ NULL,
+ sport ? ntohs(sport) : 0);
+ print_uint(PRINT_JSON, "dport", NULL, ntohs(dport));
- fprintf(f, "encap-dport %u ", ntohs(dport));
+ print_bool(PRINT_JSON,
+ "csum",
+ NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM);
- if (flags & TUNNEL_ENCAP_FLAG_CSUM)
- fputs("encap-csum ", f);
- else
- fputs("noencap-csum ", f);
+ print_bool(PRINT_JSON,
+ "csum6",
+ NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM6);
- if (flags & TUNNEL_ENCAP_FLAG_CSUM6)
- fputs("encap-csum6 ", f);
- else
- fputs("noencap-csum6 ", f);
+ print_bool(PRINT_JSON,
+ "remcsum",
+ NULL,
+ flags & TUNNEL_ENCAP_FLAG_REMCSUM);
- if (flags & TUNNEL_ENCAP_FLAG_REMCSUM)
- fputs("encap-remcsum ", f);
- else
- fputs("noencap-remcsum ", f);
+ close_json_object();
+ } else {
+ if (sport == 0)
+ fputs("encap-sport auto ", f);
+ else
+ fprintf(f, "encap-sport %u", ntohs(sport));
+
+ fprintf(f, "encap-dport %u ", ntohs(dport));
+
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM)
+ fputs("encap-csum ", f);
+ else
+ fputs("noencap-csum ", f);
+
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM6)
+ fputs("encap-csum6 ", f);
+ else
+ fputs("noencap-csum6 ", f);
+
+ if (flags & TUNNEL_ENCAP_FLAG_REMCSUM)
+ fputs("encap-remcsum ", f);
+ else
+ fputs("noencap-remcsum ", f);
+ }
}
}
static void gre_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_usage(f);
}
@@ -489,3 +606,11 @@
.print_opt = gre_print_opt,
.print_help = gre_print_help,
};
+
+struct link_util erspan_link_util = {
+ .id = "erspan",
+ .maxattr = IFLA_GRE_MAX,
+ .parse_opt = gre_parse_opt,
+ .print_opt = gre_print_opt,
+ .print_help = gre_print_help,
+};
diff --git a/ip/link_gre6.c b/ip/link_gre6.c
index e00ea09..7d07932 100644
--- a/ip/link_gre6.c
+++ b/ip/link_gre6.c
@@ -32,22 +32,36 @@
static void print_usage(FILE *f)
{
- fprintf(f, "Usage: ip link { add | set | change | replace | del } NAME\n");
- fprintf(f, " type { ip6gre | ip6gretap } [ remote ADDR ] [ local ADDR ]\n");
- fprintf(f, " [ [i|o]seq ] [ [i|o]key KEY ] [ [i|o]csum ]\n");
- fprintf(f, " [ hoplimit TTL ] [ encaplimit ELIM ]\n");
- fprintf(f, " [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n");
- fprintf(f, " [ dscp inherit ] [ dev PHYS_DEV ]\n");
- fprintf(f, "\n");
- fprintf(f, "Where: NAME := STRING\n");
- fprintf(f, " ADDR := IPV6_ADDRESS\n");
- fprintf(f, " TTL := { 0..255 } (default=%d)\n",
- DEFAULT_TNL_HOP_LIMIT);
- fprintf(f, " KEY := { DOTTED_QUAD | NUMBER }\n");
- fprintf(f, " ELIM := { none | 0..255 }(default=%d)\n",
- IPV6_DEFAULT_TNL_ENCAP_LIMIT);
- fprintf(f, " TCLASS := { 0x0..0xff | inherit }\n");
- fprintf(f, " FLOWLABEL := { 0x0..0xfffff | inherit }\n");
+ fprintf(f,
+ "Usage: ... { ip6gre | ip6gretap } [ remote ADDR ]\n"
+ " [ local ADDR ]\n"
+ " [ [i|o]seq ]\n"
+ " [ [i|o]key KEY ]\n"
+ " [ [i|o]csum ]\n"
+ " [ hoplimit TTL ]\n"
+ " [ encaplimit ELIM ]\n"
+ " [ tclass TCLASS ]\n"
+ " [ flowlabel FLOWLABEL ]\n"
+ " [ dscp inherit ]\n"
+ " [ fwmark MARK ]\n"
+ " [ dev PHYS_DEV ]\n"
+ " [ noencap ]\n"
+ " [ encap { fou | gue | none } ]\n"
+ " [ encap-sport PORT ]\n"
+ " [ encap-dport PORT ]\n"
+ " [ [no]encap-csum ]\n"
+ " [ [no]encap-csum6 ]\n"
+ " [ [no]encap-remcsum ]\n"
+ "\n"
+ "Where: ADDR := IPV6_ADDRESS\n"
+ " TTL := { 0..255 } (default=%d)\n"
+ " KEY := { DOTTED_QUAD | NUMBER }\n"
+ " ELIM := { none | 0..255 }(default=%d)\n"
+ " TCLASS := { 0x0..0xff | inherit }\n"
+ " FLOWLABEL := { 0x0..0xfffff | inherit }\n"
+ " MARK := { 0x0..0xffffffff | inherit }\n",
+ DEFAULT_TNL_HOP_LIMIT, IPV6_DEFAULT_TNL_ENCAP_LIMIT
+ );
}
static void usage(void) __attribute__((noreturn));
@@ -60,37 +74,40 @@
static int gre_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
struct {
struct nlmsghdr n;
struct ifinfomsg i;
char buf[1024];
- } req;
- struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ .i.ifi_index = ifi->ifi_index,
+ };
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct rtattr *greinfo[IFLA_GRE_MAX + 1];
__u16 iflags = 0;
__u16 oflags = 0;
- unsigned ikey = 0;
- unsigned okey = 0;
+ unsigned int ikey = 0;
+ unsigned int okey = 0;
struct in6_addr raddr = IN6ADDR_ANY_INIT;
struct in6_addr laddr = IN6ADDR_ANY_INIT;
- unsigned link = 0;
- unsigned flowinfo = 0;
- unsigned flags = 0;
+ unsigned int link = 0;
+ unsigned int flowinfo = 0;
+ unsigned int flags = 0;
__u8 hop_limit = DEFAULT_TNL_HOP_LIMIT;
__u8 encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
+ __u16 encaptype = 0;
+ __u16 encapflags = TUNNEL_ENCAP_FLAG_CSUM6;
+ __u16 encapsport = 0;
+ __u16 encapdport = 0;
int len;
+ __u32 fwmark = 0;
if (!(n->nlmsg_flags & NLM_F_CREATE)) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
- req.i.ifi_index = ifi->ifi_index;
-
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) {
get_failed:
fprintf(stderr,
@@ -148,11 +165,26 @@
if (greinfo[IFLA_GRE_FLAGS])
flags = rta_getattr_u32(greinfo[IFLA_GRE_FLAGS]);
+
+ if (greinfo[IFLA_GRE_ENCAP_TYPE])
+ encaptype = rta_getattr_u16(greinfo[IFLA_GRE_ENCAP_TYPE]);
+
+ if (greinfo[IFLA_GRE_ENCAP_FLAGS])
+ encapflags = rta_getattr_u16(greinfo[IFLA_GRE_ENCAP_FLAGS]);
+
+ if (greinfo[IFLA_GRE_ENCAP_SPORT])
+ encapsport = rta_getattr_u16(greinfo[IFLA_GRE_ENCAP_SPORT]);
+
+ if (greinfo[IFLA_GRE_ENCAP_DPORT])
+ encapdport = rta_getattr_u16(greinfo[IFLA_GRE_ENCAP_DPORT]);
+
+ if (greinfo[IFLA_GRE_FWMARK])
+ fwmark = rta_getattr_u32(greinfo[IFLA_GRE_FWMARK]);
}
while (argc > 0) {
if (!matches(*argv, "key")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
iflags |= GRE_KEY;
@@ -170,14 +202,14 @@
ikey = okey = uval;
} else if (!matches(*argv, "ikey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
iflags |= GRE_KEY;
if (strchr(*argv, '.'))
uval = get_addr32(*argv);
else {
- if (get_unsigned(&uval, *argv, 0)<0) {
+ if (get_unsigned(&uval, *argv, 0) < 0) {
fprintf(stderr, "invalid value of \"ikey\"\n");
exit(-1);
}
@@ -185,14 +217,14 @@
}
ikey = uval;
} else if (!matches(*argv, "okey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
oflags |= GRE_KEY;
if (strchr(*argv, '.'))
uval = get_addr32(*argv);
else {
- if (get_unsigned(&uval, *argv, 0)<0) {
+ if (get_unsigned(&uval, *argv, 0) < 0) {
fprintf(stderr, "invalid value of \"okey\"\n");
exit(-1);
}
@@ -215,6 +247,7 @@
oflags |= GRE_CSUM;
} else if (!matches(*argv, "remote")) {
inet_prefix addr;
+
NEXT_ARG();
get_prefix(&addr, *argv, preferred_family);
if (addr.family == AF_UNSPEC)
@@ -222,6 +255,7 @@
memcpy(&raddr, &addr.data, sizeof(raddr));
} else if (!matches(*argv, "local")) {
inet_prefix addr;
+
NEXT_ARG();
get_prefix(&addr, *argv, preferred_family);
if (addr.family == AF_UNSPEC)
@@ -238,6 +272,7 @@
} else if (!matches(*argv, "ttl") ||
!matches(*argv, "hoplimit")) {
__u8 uval;
+
NEXT_ARG();
if (get_u8(&uval, *argv, 0))
invarg("invalid TTL", *argv);
@@ -246,18 +281,21 @@
!matches(*argv, "tclass") ||
!matches(*argv, "dsfield")) {
__u8 uval;
+
NEXT_ARG();
if (strcmp(*argv, "inherit") == 0)
flags |= IP6_TNL_F_USE_ORIG_TCLASS;
else {
if (get_u8(&uval, *argv, 16))
invarg("invalid TClass", *argv);
+ flowinfo &= ~IP6_FLOWINFO_TCLASS;
flowinfo |= htonl((__u32)uval << 20) & IP6_FLOWINFO_TCLASS;
flags &= ~IP6_TNL_F_USE_ORIG_TCLASS;
}
} else if (strcmp(*argv, "flowlabel") == 0 ||
strcmp(*argv, "fl") == 0) {
__u32 uval;
+
NEXT_ARG();
if (strcmp(*argv, "inherit") == 0)
flags |= IP6_TNL_F_USE_ORIG_FLOWLABEL;
@@ -266,6 +304,7 @@
invarg("invalid Flowlabel", *argv);
if (uval > 0xFFFFF)
invarg("invalid Flowlabel", *argv);
+ flowinfo &= ~IP6_FLOWINFO_FLOWLABEL;
flowinfo |= htonl(uval) & IP6_FLOWINFO_FLOWLABEL;
flags &= ~IP6_TNL_F_USE_ORIG_FLOWLABEL;
}
@@ -274,6 +313,62 @@
if (strcmp(*argv, "inherit") != 0)
invarg("not inherit", *argv);
flags |= IP6_TNL_F_RCV_DSCP_COPY;
+ } else if (strcmp(*argv, "noencap") == 0) {
+ encaptype = TUNNEL_ENCAP_NONE;
+ } else if (strcmp(*argv, "encap") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "fou") == 0)
+ encaptype = TUNNEL_ENCAP_FOU;
+ else if (strcmp(*argv, "gue") == 0)
+ encaptype = TUNNEL_ENCAP_GUE;
+ else if (strcmp(*argv, "none") == 0)
+ encaptype = TUNNEL_ENCAP_NONE;
+ else
+ invarg("Invalid encap type.", *argv);
+ } else if (strcmp(*argv, "encap-sport") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "auto") == 0)
+ encapsport = 0;
+ else if (get_u16(&encapsport, *argv, 0))
+ invarg("Invalid source port.", *argv);
+ } else if (strcmp(*argv, "encap-dport") == 0) {
+ NEXT_ARG();
+ if (get_u16(&encapdport, *argv, 0))
+ invarg("Invalid destination port.", *argv);
+ } else if (strcmp(*argv, "encap-csum") == 0) {
+ encapflags |= TUNNEL_ENCAP_FLAG_CSUM;
+ } else if (strcmp(*argv, "noencap-csum") == 0) {
+ encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM;
+ } else if (strcmp(*argv, "encap-udp6-csum") == 0) {
+ encapflags |= TUNNEL_ENCAP_FLAG_CSUM6;
+ } else if (strcmp(*argv, "noencap-udp6-csum") == 0) {
+ encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM6;
+ } else if (strcmp(*argv, "encap-remcsum") == 0) {
+ encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM;
+ } else if (strcmp(*argv, "noencap-remcsum") == 0) {
+ encapflags &= ~TUNNEL_ENCAP_FLAG_REMCSUM;
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "inherit") == 0) {
+ flags |= IP6_TNL_F_USE_ORIG_FWMARK;
+ fwmark = 0;
+ } else {
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("invalid fwmark\n", *argv);
+ flags &= ~IP6_TNL_F_USE_ORIG_FWMARK;
+ }
+ } else if (strcmp(*argv, "encaplimit") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "none") == 0) {
+ flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
+ } else {
+ __u8 uval;
+
+ if (get_u8(&uval, *argv, 0) < -1)
+ invarg("invalid ELIM", *argv);
+ encap_limit = uval;
+ flags &= ~IP6_TNL_F_IGN_ENCAP_LIMIT;
+ }
} else
usage();
argc--; argv++;
@@ -290,21 +385,26 @@
addattr_l(n, 1024, IFLA_GRE_TTL, &hop_limit, 1);
addattr_l(n, 1024, IFLA_GRE_ENCAP_LIMIT, &encap_limit, 1);
addattr_l(n, 1024, IFLA_GRE_FLOWINFO, &flowinfo, 4);
- addattr_l(n, 1024, IFLA_GRE_FLAGS, &flowinfo, 4);
+ addattr32(n, 1024, IFLA_GRE_FLAGS, flags);
+ addattr32(n, 1024, IFLA_GRE_FWMARK, fwmark);
+
+ addattr16(n, 1024, IFLA_GRE_ENCAP_TYPE, encaptype);
+ addattr16(n, 1024, IFLA_GRE_ENCAP_FLAGS, encapflags);
+ addattr16(n, 1024, IFLA_GRE_ENCAP_SPORT, htons(encapsport));
+ addattr16(n, 1024, IFLA_GRE_ENCAP_DPORT, htons(encapdport));
return 0;
}
static void gre_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
- char s1[1024];
char s2[64];
const char *local = "any";
const char *remote = "any";
- unsigned iflags = 0;
- unsigned oflags = 0;
- unsigned flags = 0;
- unsigned flowinfo = 0;
+ unsigned int iflags = 0;
+ unsigned int oflags = 0;
+ unsigned int flags = 0;
+ unsigned int flowinfo = 0;
struct in6_addr in6_addr_any = IN6ADDR_ANY_INIT;
if (!tb)
@@ -314,56 +414,105 @@
flags = rta_getattr_u32(tb[IFLA_GRE_FLAGS]);
if (tb[IFLA_GRE_FLOWINFO])
- flags = rta_getattr_u32(tb[IFLA_GRE_FLOWINFO]);
+ flowinfo = rta_getattr_u32(tb[IFLA_GRE_FLOWINFO]);
if (tb[IFLA_GRE_REMOTE]) {
struct in6_addr addr;
+
memcpy(&addr, RTA_DATA(tb[IFLA_GRE_REMOTE]), sizeof(addr));
if (memcmp(&addr, &in6_addr_any, sizeof(addr)))
- remote = format_host(AF_INET6, sizeof(addr), &addr, s1, sizeof(s1));
+ remote = format_host(AF_INET6, sizeof(addr), &addr);
}
- fprintf(f, "remote %s ", remote);
+ print_string(PRINT_ANY, "remote", "remote %s ", remote);
if (tb[IFLA_GRE_LOCAL]) {
struct in6_addr addr;
+
memcpy(&addr, RTA_DATA(tb[IFLA_GRE_LOCAL]), sizeof(addr));
if (memcmp(&addr, &in6_addr_any, sizeof(addr)))
- local = format_host(AF_INET6, sizeof(addr), &addr, s1, sizeof(s1));
+ local = format_host(AF_INET6, sizeof(addr), &addr);
}
- fprintf(f, "local %s ", local);
+ print_string(PRINT_ANY, "local", "local %s ", local);
if (tb[IFLA_GRE_LINK] && rta_getattr_u32(tb[IFLA_GRE_LINK])) {
- unsigned link = rta_getattr_u32(tb[IFLA_GRE_LINK]);
+ unsigned int link = rta_getattr_u32(tb[IFLA_GRE_LINK]);
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_uint(PRINT_ANY, "link_index", "dev %u ", link);
}
- if (tb[IFLA_GRE_TTL] && rta_getattr_u8(tb[IFLA_GRE_TTL]))
- fprintf(f, "hoplimit %d ", rta_getattr_u8(tb[IFLA_GRE_TTL]));
+ if (tb[IFLA_GRE_TTL]) {
+ __u8 ttl = rta_getattr_u8(tb[IFLA_GRE_TTL]);
+
+ if (ttl)
+ print_int(PRINT_ANY, "ttl", "hoplimit %d ", ttl);
+ else
+ print_int(PRINT_JSON, "ttl", NULL, ttl);
+ }
if (flags & IP6_TNL_F_IGN_ENCAP_LIMIT)
- fprintf(f, "encaplimit none ");
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_ign_encap_limit",
+ "encaplimit none ",
+ true);
else if (tb[IFLA_GRE_ENCAP_LIMIT]) {
int encap_limit = rta_getattr_u8(tb[IFLA_GRE_ENCAP_LIMIT]);
- fprintf(f, "encaplimit %d ", encap_limit);
+ print_int(PRINT_ANY,
+ "encap_limit",
+ "encaplimit %d ",
+ encap_limit);
}
- if (flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
- fprintf(f, "flowlabel inherit ");
- else
- fprintf(f, "flowlabel 0x%05x ", ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL));
+ if (flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) {
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_use_orig_flowlabel",
+ "flowlabel inherit ",
+ true);
+ } else {
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%05x",
+ ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL));
+ print_string(PRINT_JSON, "flowlabel", NULL, b1);
+
+ } else {
+ fprintf(f, "flowlabel 0x%05x ",
+ ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL));
+ }
+ }
+
+ if (flags & IP6_TNL_F_USE_ORIG_TCLASS) {
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_use_orig_tclass",
+ "tclass inherit ",
+ true);
+ } else {
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%05x",
+ ntohl(flowinfo & IP6_FLOWINFO_TCLASS) >> 20);
+ print_string(PRINT_JSON, "tclass", NULL, b1);
+ } else {
+ fprintf(f, "tclass 0x%02x ",
+ ntohl(flowinfo & IP6_FLOWINFO_TCLASS) >> 20);
+ }
+ }
if (flags & IP6_TNL_F_RCV_DSCP_COPY)
- fprintf(f, "dscp inherit ");
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_rcv_dscp_copy",
+ "dscp inherit ",
+ true);
if (tb[IFLA_GRE_IFLAGS])
iflags = rta_getattr_u16(tb[IFLA_GRE_IFLAGS]);
@@ -373,22 +522,97 @@
if ((iflags & GRE_KEY) && tb[IFLA_GRE_IKEY]) {
inet_ntop(AF_INET, RTA_DATA(tb[IFLA_GRE_IKEY]), s2, sizeof(s2));
- fprintf(f, "ikey %s ", s2);
+ print_string(PRINT_ANY, "ikey", "ikey %s ", s2);
}
if ((oflags & GRE_KEY) && tb[IFLA_GRE_OKEY]) {
inet_ntop(AF_INET, RTA_DATA(tb[IFLA_GRE_OKEY]), s2, sizeof(s2));
- fprintf(f, "okey %s ", s2);
+ print_string(PRINT_ANY, "okey", "okey %s ", s2);
}
if (iflags & GRE_SEQ)
- fputs("iseq ", f);
+ print_bool(PRINT_ANY, "iseq", "iseq ", true);
if (oflags & GRE_SEQ)
- fputs("oseq ", f);
+ print_bool(PRINT_ANY, "oseq", "oseq ", true);
if (iflags & GRE_CSUM)
- fputs("icsum ", f);
+ print_bool(PRINT_ANY, "icsum", "icsum ", true);
if (oflags & GRE_CSUM)
- fputs("ocsum ", f);
+ print_bool(PRINT_ANY, "ocsum", "ocsum ", true);
+
+ if (flags & IP6_TNL_F_USE_ORIG_FWMARK)
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_use_orig_fwmark",
+ "fwmark inherit ",
+ true);
+ else if (tb[IFLA_GRE_FWMARK]) {
+ __u32 fwmark = rta_getattr_u32(tb[IFLA_GRE_FWMARK]);
+
+ if (fwmark) {
+ snprintf(s2, sizeof(s2), "0x%x", fwmark);
+
+ print_string(PRINT_ANY, "fwmark", "fwmark %s ", s2);
+ }
+ }
+
+ if (tb[IFLA_GRE_ENCAP_TYPE] &&
+ rta_getattr_u16(tb[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) {
+ __u16 type = rta_getattr_u16(tb[IFLA_GRE_ENCAP_TYPE]);
+ __u16 flags = rta_getattr_u16(tb[IFLA_GRE_ENCAP_FLAGS]);
+ __u16 sport = rta_getattr_u16(tb[IFLA_GRE_ENCAP_SPORT]);
+ __u16 dport = rta_getattr_u16(tb[IFLA_GRE_ENCAP_DPORT]);
+
+ open_json_object("encap");
+
+ print_string(PRINT_FP, NULL, "encap ", NULL);
+ switch (type) {
+ case TUNNEL_ENCAP_FOU:
+ print_string(PRINT_ANY, "type", "%s ", "fou");
+ break;
+ case TUNNEL_ENCAP_GUE:
+ print_string(PRINT_ANY, "type", "%s ", "gue");
+ break;
+ default:
+ print_null(PRINT_ANY, "type", "unknown ", NULL);
+ break;
+ }
+
+ if (is_json_context()) {
+ print_uint(PRINT_JSON,
+ "sport",
+ NULL,
+ sport ? ntohs(sport) : 0);
+ print_uint(PRINT_JSON, "dport", NULL, ntohs(dport));
+ print_bool(PRINT_JSON, "csum", NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM);
+ print_bool(PRINT_JSON, "csum6", NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM6);
+ print_bool(PRINT_JSON, "remcsum", NULL,
+ flags & TUNNEL_ENCAP_FLAG_REMCSUM);
+ close_json_object();
+ } else {
+ if (sport == 0)
+ fputs("encap-sport auto ", f);
+ else
+ fprintf(f, "encap-sport %u", ntohs(sport));
+
+ fprintf(f, "encap-dport %u ", ntohs(dport));
+
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM)
+ fputs("encap-csum ", f);
+ else
+ fputs("noencap-csum ", f);
+
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM6)
+ fputs("encap-csum6 ", f);
+ else
+ fputs("noencap-csum6 ", f);
+
+ if (flags & TUNNEL_ENCAP_FLAG_REMCSUM)
+ fputs("encap-remcsum ", f);
+ else
+ fputs("noencap-remcsum ", f);
+ }
+ }
}
static void gre_print_help(struct link_util *lu, int argc, char **argv,
diff --git a/ip/link_ip6tnl.c b/ip/link_ip6tnl.c
index f771c75..a419900 100644
--- a/ip/link_ip6tnl.c
+++ b/ip/link_ip6tnl.c
@@ -31,21 +31,34 @@
static void print_usage(FILE *f)
{
- fprintf(f, "Usage: ip link { add | set | change | replace | del } NAME\n");
- fprintf(f, " [ mode { ip6ip6 | ipip6 | any } ]\n");
- fprintf(f, " type ip6tnl [ remote ADDR ] [ local ADDR ]\n");
- fprintf(f, " [ dev PHYS_DEV ] [ encaplimit ELIM ]\n");
- fprintf(f ," [ hoplimit HLIM ] [ tclass TCLASS ] [ flowlabel FLOWLABEL ]\n");
- fprintf(f, " [ dscp inherit ] [ fwmark inherit ]\n");
- fprintf(f, "\n");
- fprintf(f, "Where: NAME := STRING\n");
- fprintf(f, " ADDR := IPV6_ADDRESS\n");
- fprintf(f, " ELIM := { none | 0..255 }(default=%d)\n",
- IPV6_DEFAULT_TNL_ENCAP_LIMIT);
- fprintf(f, " HLIM := 0..255 (default=%d)\n",
- DEFAULT_TNL_HOP_LIMIT);
- fprintf(f, " TCLASS := { 0x0..0xff | inherit }\n");
- fprintf(f, " FLOWLABEL := { 0x0..0xfffff | inherit }\n");
+ fprintf(f,
+ "Usage: ... ip6tnl [ mode { ip6ip6 | ipip6 | any } ]\n"
+ " [ remote ADDR ]\n"
+ " [ local ADDR ]\n"
+ " [ dev PHYS_DEV ]\n"
+ " [ encaplimit ELIM ]\n"
+ " [ hoplimit HLIM ]\n"
+ " [ tclass TCLASS ]\n"
+ " [ flowlabel FLOWLABEL ]\n"
+ " [ dscp inherit ]\n"
+ " [ fwmark MARK ]\n"
+ " [ noencap ]\n"
+ " [ encap { fou | gue | none } ]\n"
+ " [ encap-sport PORT ]\n"
+ " [ encap-dport PORT ]\n"
+ " [ [no]encap-csum ]\n"
+ " [ [no]encap-csum6 ]\n"
+ " [ [no]encap-remcsum ]\n"
+ " [ external ]\n"
+ "\n"
+ "Where: ADDR := IPV6_ADDRESS\n"
+ " ELIM := { none | 0..255 }(default=%d)\n"
+ " HLIM := 0..255 (default=%d)\n"
+ " TCLASS := { 0x0..0xff | inherit }\n"
+ " FLOWLABEL := { 0x0..0xfffff | inherit }\n"
+ " MARK := { 0x0..0xffffffff | inherit }\n",
+ IPV6_DEFAULT_TNL_ENCAP_LIMIT, DEFAULT_TNL_HOP_LIMIT
+ );
}
static void usage(void) __attribute__((noreturn));
@@ -58,37 +71,38 @@
static int ip6tunnel_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
struct {
struct nlmsghdr n;
struct ifinfomsg i;
char buf[2048];
- } req;
- struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ .i.ifi_index = ifi->ifi_index,
+ };
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct rtattr *iptuninfo[IFLA_IPTUN_MAX + 1];
int len;
- struct in6_addr laddr;
- struct in6_addr raddr;
+ struct in6_addr laddr = {};
+ struct in6_addr raddr = {};
__u8 hop_limit = DEFAULT_TNL_HOP_LIMIT;
__u8 encap_limit = IPV6_DEFAULT_TNL_ENCAP_LIMIT;
__u32 flowinfo = 0;
__u32 flags = 0;
__u32 link = 0;
__u8 proto = 0;
-
- memset(&laddr, 0, sizeof(laddr));
- memset(&raddr, 0, sizeof(raddr));
+ __u16 encaptype = 0;
+ __u16 encapflags = TUNNEL_ENCAP_FLAG_CSUM6;
+ __u16 encapsport = 0;
+ __u16 encapdport = 0;
+ __u8 metadata = 0;
+ __u32 fwmark = 0;
if (!(n->nlmsg_flags & NLM_F_CREATE)) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
- req.i.ifi_index = ifi->ifi_index;
-
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) {
get_failed:
fprintf(stderr,
@@ -139,6 +153,11 @@
if (iptuninfo[IFLA_IPTUN_PROTO])
proto = rta_getattr_u8(iptuninfo[IFLA_IPTUN_PROTO]);
+ if (iptuninfo[IFLA_IPTUN_COLLECT_METADATA])
+ metadata = 1;
+
+ if (iptuninfo[IFLA_IPTUN_FWMARK])
+ fwmark = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FWMARK]);
}
while (argc > 0) {
@@ -159,6 +178,7 @@
invarg("Cannot guess tunnel mode.", *argv);
} else if (strcmp(*argv, "remote") == 0) {
inet_prefix addr;
+
NEXT_ARG();
get_prefix(&addr, *argv, preferred_family);
if (addr.family == AF_UNSPEC)
@@ -166,6 +186,7 @@
memcpy(&raddr, addr.data, addr.bytelen);
} else if (strcmp(*argv, "local") == 0) {
inet_prefix addr;
+
NEXT_ARG();
get_prefix(&addr, *argv, preferred_family);
if (addr.family == AF_UNSPEC)
@@ -180,16 +201,18 @@
strcmp(*argv, "ttl") == 0 ||
strcmp(*argv, "hlim") == 0) {
__u8 uval;
+
NEXT_ARG();
if (get_u8(&uval, *argv, 0))
invarg("invalid HLIM", *argv);
hop_limit = uval;
- } else if (matches(*argv, "encaplimit") == 0) {
+ } else if (strcmp(*argv, "encaplimit") == 0) {
NEXT_ARG();
if (strcmp(*argv, "none") == 0) {
flags |= IP6_TNL_F_IGN_ENCAP_LIMIT;
} else {
__u8 uval;
+
if (get_u8(&uval, *argv, 0) < -1)
invarg("invalid ELIM", *argv);
encap_limit = uval;
@@ -200,6 +223,7 @@
strcmp(*argv, "tos") == 0 ||
matches(*argv, "dsfield") == 0) {
__u8 uval;
+
NEXT_ARG();
flowinfo &= ~IP6_FLOWINFO_TCLASS;
if (strcmp(*argv, "inherit") == 0)
@@ -213,6 +237,7 @@
} else if (strcmp(*argv, "flowlabel") == 0 ||
strcmp(*argv, "fl") == 0) {
__u32 uval;
+
NEXT_ARG();
flowinfo &= ~IP6_FLOWINFO_FLOWLABEL;
if (strcmp(*argv, "inherit") == 0)
@@ -232,15 +257,60 @@
flags |= IP6_TNL_F_RCV_DSCP_COPY;
} else if (strcmp(*argv, "fwmark") == 0) {
NEXT_ARG();
- if (strcmp(*argv, "inherit") != 0)
- invarg("not inherit", *argv);
- flags |= IP6_TNL_F_USE_ORIG_FWMARK;
+ if (strcmp(*argv, "inherit") == 0) {
+ flags |= IP6_TNL_F_USE_ORIG_FWMARK;
+ fwmark = 0;
+ } else {
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("invalid fwmark\n", *argv);
+ flags &= ~IP6_TNL_F_USE_ORIG_FWMARK;
+ }
+ } else if (strcmp(*argv, "noencap") == 0) {
+ encaptype = TUNNEL_ENCAP_NONE;
+ } else if (strcmp(*argv, "encap") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "fou") == 0)
+ encaptype = TUNNEL_ENCAP_FOU;
+ else if (strcmp(*argv, "gue") == 0)
+ encaptype = TUNNEL_ENCAP_GUE;
+ else if (strcmp(*argv, "none") == 0)
+ encaptype = TUNNEL_ENCAP_NONE;
+ else
+ invarg("Invalid encap type.", *argv);
+ } else if (strcmp(*argv, "encap-sport") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "auto") == 0)
+ encapsport = 0;
+ else if (get_u16(&encapsport, *argv, 0))
+ invarg("Invalid source port.", *argv);
+ } else if (strcmp(*argv, "encap-dport") == 0) {
+ NEXT_ARG();
+ if (get_u16(&encapdport, *argv, 0))
+ invarg("Invalid destination port.", *argv);
+ } else if (strcmp(*argv, "encap-csum") == 0) {
+ encapflags |= TUNNEL_ENCAP_FLAG_CSUM;
+ } else if (strcmp(*argv, "noencap-csum") == 0) {
+ encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM;
+ } else if (strcmp(*argv, "encap-udp6-csum") == 0) {
+ encapflags |= TUNNEL_ENCAP_FLAG_CSUM6;
+ } else if (strcmp(*argv, "noencap-udp6-csum") == 0) {
+ encapflags &= ~TUNNEL_ENCAP_FLAG_CSUM6;
+ } else if (strcmp(*argv, "encap-remcsum") == 0) {
+ encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM;
+ } else if (strcmp(*argv, "noencap-remcsum") == 0) {
+ encapflags |= ~TUNNEL_ENCAP_FLAG_REMCSUM;
+ } else if (strcmp(*argv, "external") == 0) {
+ metadata = 1;
} else
usage();
argc--, argv++;
}
addattr8(n, 1024, IFLA_IPTUN_PROTO, proto);
+ if (metadata) {
+ addattr_l(n, 1024, IFLA_IPTUN_COLLECT_METADATA, NULL, 0);
+ return 0;
+ }
addattr_l(n, 1024, IFLA_IPTUN_LOCAL, &laddr, sizeof(laddr));
addattr_l(n, 1024, IFLA_IPTUN_REMOTE, &raddr, sizeof(raddr));
addattr8(n, 1024, IFLA_IPTUN_TTL, hop_limit);
@@ -248,13 +318,18 @@
addattr32(n, 1024, IFLA_IPTUN_FLOWINFO, flowinfo);
addattr32(n, 1024, IFLA_IPTUN_FLAGS, flags);
addattr32(n, 1024, IFLA_IPTUN_LINK, link);
+ addattr32(n, 1024, IFLA_IPTUN_FWMARK, fwmark);
+
+ addattr16(n, 1024, IFLA_IPTUN_ENCAP_TYPE, encaptype);
+ addattr16(n, 1024, IFLA_IPTUN_ENCAP_FLAGS, encapflags);
+ addattr16(n, 1024, IFLA_IPTUN_ENCAP_SPORT, htons(encapsport));
+ addattr16(n, 1024, IFLA_IPTUN_ENCAP_DPORT, htons(encapdport));
return 0;
}
static void ip6tunnel_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
- char s1[256];
char s2[64];
int flags = 0;
__u32 flowinfo = 0;
@@ -271,79 +346,191 @@
if (tb[IFLA_IPTUN_PROTO]) {
switch (rta_getattr_u8(tb[IFLA_IPTUN_PROTO])) {
case IPPROTO_IPIP:
- fprintf(f, "ipip6 ");
+ print_string(PRINT_ANY, "proto", "%s ", "ipip6");
break;
case IPPROTO_IPV6:
- fprintf(f, "ip6ip6 ");
+ print_string(PRINT_ANY, "proto", "%s ", "ip6ip6");
break;
case 0:
- fprintf(f, "any ");
+ print_string(PRINT_ANY, "proto", "%s ", "any");
break;
}
}
if (tb[IFLA_IPTUN_REMOTE]) {
- fprintf(f, "remote %s ",
- rt_addr_n2a(AF_INET6,
- RTA_PAYLOAD(tb[IFLA_IPTUN_REMOTE]),
- RTA_DATA(tb[IFLA_IPTUN_REMOTE]),
- s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "remote",
+ "remote %s ",
+ rt_addr_n2a_rta(AF_INET6, tb[IFLA_IPTUN_REMOTE]));
}
if (tb[IFLA_IPTUN_LOCAL]) {
- fprintf(f, "local %s ",
- rt_addr_n2a(AF_INET6,
- RTA_PAYLOAD(tb[IFLA_IPTUN_LOCAL]),
- RTA_DATA(tb[IFLA_IPTUN_LOCAL]),
- s1, sizeof(s1)));
+ print_string(PRINT_ANY,
+ "local",
+ "local %s ",
+ rt_addr_n2a_rta(AF_INET6, tb[IFLA_IPTUN_LOCAL]));
}
if (tb[IFLA_IPTUN_LINK] && rta_getattr_u32(tb[IFLA_IPTUN_LINK])) {
- unsigned link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
+ unsigned int link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_uint(PRINT_ANY, "link_index", "dev %u ", link);
}
if (flags & IP6_TNL_F_IGN_ENCAP_LIMIT)
- printf("encaplimit none ");
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_ign_encap_limit",
+ "encaplimit none ",
+ true);
else if (tb[IFLA_IPTUN_ENCAP_LIMIT])
- fprintf(f, "encaplimit %u ",
- rta_getattr_u8(tb[IFLA_IPTUN_ENCAP_LIMIT]));
+ print_uint(PRINT_ANY,
+ "encap_limit",
+ "encaplimit %u ",
+ rta_getattr_u8(tb[IFLA_IPTUN_ENCAP_LIMIT]));
if (tb[IFLA_IPTUN_TTL])
- fprintf(f, "hoplimit %u ", rta_getattr_u8(tb[IFLA_IPTUN_TTL]));
+ print_uint(PRINT_ANY,
+ "ttl",
+ "hoplimit %u ",
+ rta_getattr_u8(tb[IFLA_IPTUN_TTL]));
if (flags & IP6_TNL_F_USE_ORIG_TCLASS)
- printf("tclass inherit ");
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_use_orig_tclass",
+ "tclass inherit ",
+ true);
else if (tb[IFLA_IPTUN_FLOWINFO]) {
__u32 val = ntohl(flowinfo & IP6_FLOWINFO_TCLASS);
- printf("tclass 0x%02x ", (__u8)(val >> 20));
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%02x", (__u8)(val >> 20));
+ print_string(PRINT_JSON, "flowinfo_tclass", NULL, b1);
+ } else {
+ printf("tclass 0x%02x ", (__u8)(val >> 20));
+ }
}
- if (flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
- printf("flowlabel inherit ");
- else
- printf("flowlabel 0x%05x ", ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL));
+ if (flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) {
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_use_orig_flowlabel",
+ "flowlabel inherit ",
+ true);
+ } else {
+ if (is_json_context()) {
+ SPRINT_BUF(b1);
- printf("(flowinfo 0x%08x) ", ntohl(flowinfo));
+ snprintf(b1, sizeof(b1), "0x%05x",
+ ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL));
+ print_string(PRINT_JSON, "flowlabel", NULL, b1);
+ } else {
+ printf("flowlabel 0x%05x ",
+ ntohl(flowinfo & IP6_FLOWINFO_FLOWLABEL));
+ }
+ }
+
+ if (is_json_context()) {
+ SPRINT_BUF(flwinfo);
+
+ snprintf(flwinfo, sizeof(flwinfo), "0x%08x", ntohl(flowinfo));
+ print_string(PRINT_JSON, "flowinfo", NULL, flwinfo);
+ } else {
+ printf("(flowinfo 0x%08x) ", ntohl(flowinfo));
+
+ }
if (flags & IP6_TNL_F_RCV_DSCP_COPY)
- printf("dscp inherit ");
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_rcv_dscp_copy",
+ "dscp inherit ",
+ true);
if (flags & IP6_TNL_F_MIP6_DEV)
- fprintf(f, "mip6 ");
+ print_bool(PRINT_ANY, "ip6_tnl_f_mip6_dev", "mip6 ", true);
- if (flags & IP6_TNL_F_USE_ORIG_FWMARK)
- fprintf(f, "fwmark inherit ");
+ if (flags & IP6_TNL_F_USE_ORIG_FWMARK) {
+ print_bool(PRINT_ANY,
+ "ip6_tnl_f_use_orig_fwmark",
+ "fwmark inherit ",
+ true);
+ } else if (tb[IFLA_IPTUN_FWMARK]) {
+ __u32 fwmark = rta_getattr_u32(tb[IFLA_IPTUN_FWMARK]);
+
+ if (fwmark) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%x", fwmark);
+ print_string(PRINT_ANY, "fwmark", "fwmark %s ", b1);
+ }
+ }
+
+ if (tb[IFLA_IPTUN_ENCAP_TYPE] &&
+ rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) {
+ __u16 type = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]);
+ __u16 flags = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_FLAGS]);
+ __u16 sport = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_SPORT]);
+ __u16 dport = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_DPORT]);
+
+ open_json_object("encap");
+ print_string(PRINT_FP, NULL, "encap ", NULL);
+ switch (type) {
+ case TUNNEL_ENCAP_FOU:
+ print_string(PRINT_ANY, "type", "%s ", "fou");
+ break;
+ case TUNNEL_ENCAP_GUE:
+ print_string(PRINT_ANY, "type", "%s ", "gue");
+ break;
+ default:
+ print_null(PRINT_ANY, "type", "unknown ", NULL);
+ break;
+ }
+
+ if (is_json_context()) {
+ print_uint(PRINT_JSON,
+ "sport",
+ NULL,
+ sport ? ntohs(sport) : 0);
+ print_uint(PRINT_JSON, "dport", NULL, ntohs(dport));
+ print_bool(PRINT_JSON, "csum", NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM);
+ print_bool(PRINT_JSON, "csum6", NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM6);
+ print_bool(PRINT_JSON, "remcsum", NULL,
+ flags & TUNNEL_ENCAP_FLAG_REMCSUM);
+ close_json_object();
+ } else {
+ if (sport == 0)
+ fputs("encap-sport auto ", f);
+ else
+ fprintf(f, "encap-sport %u", ntohs(sport));
+
+ fprintf(f, "encap-dport %u ", ntohs(dport));
+
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM)
+ fputs("encap-csum ", f);
+ else
+ fputs("noencap-csum ", f);
+
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM6)
+ fputs("encap-csum6 ", f);
+ else
+ fputs("noencap-csum6 ", f);
+
+ if (flags & TUNNEL_ENCAP_FLAG_REMCSUM)
+ fputs("encap-remcsum ", f);
+ else
+ fputs("noencap-remcsum ", f);
+ }
+ }
}
static void ip6tunnel_print_help(struct link_util *lu, int argc, char **argv,
- FILE *f)
+ FILE *f)
{
print_usage(f);
}
diff --git a/ip/link_iptnl.c b/ip/link_iptnl.c
index 9d6bc98..6a725e9 100644
--- a/ip/link_iptnl.c
+++ b/ip/link_iptnl.c
@@ -16,6 +16,7 @@
#include <sys/socket.h>
#include <arpa/inet.h>
+#include <linux/in.h>
#include <linux/ip.h>
#include <linux/if_tunnel.h>
#include "rt_names.h"
@@ -25,22 +26,40 @@
static void print_usage(FILE *f, int sit)
{
- fprintf(f, "Usage: ip link { add | set | change | replace | del } NAME\n");
- fprintf(f, " type { ipip | sit } [ remote ADDR ] [ local ADDR ]\n");
- fprintf(f, " [ ttl TTL ] [ tos TOS ] [ [no]pmtudisc ] [ dev PHYS_DEV ]\n");
- fprintf(f, " [ 6rd-prefix ADDR ] [ 6rd-relay_prefix ADDR ] [ 6rd-reset ]\n");
- fprintf(f, " [ noencap ] [ encap { fou | gue | none } ]\n");
- fprintf(f, " [ encap-sport PORT ] [ encap-dport PORT ]\n");
- fprintf(f, " [ [no]encap-csum ] [ [no]encap-csum6 ] [ [no]encap-remcsum ]\n");
+ const char *type = sit ? "sit " : "ipip";
+
+ fprintf(f,
+ "Usage: ... %s [ remote ADDR ]\n"
+ " [ local ADDR ]\n"
+ " [ ttl TTL ]\n"
+ " [ tos TOS ]\n"
+ " [ [no]pmtudisc ]\n"
+ " [ dev PHYS_DEV ]\n"
+ " [ 6rd-prefix ADDR ]\n"
+ " [ 6rd-relay_prefix ADDR ]\n"
+ " [ 6rd-reset ]\n"
+ " [ noencap ]\n"
+ " [ encap { fou | gue | none } ]\n"
+ " [ encap-sport PORT ]\n"
+ " [ encap-dport PORT ]\n"
+ " [ [no]encap-csum ]\n"
+ " [ [no]encap-csum6 ]\n"
+ " [ [no]encap-remcsum ]\n",
+ type
+ );
if (sit) {
- fprintf(f, " [ mode { ip6ip | ipip | any } ]\n");
+ fprintf(f, " [ mode { ip6ip | ipip | mplsip | any } ]\n");
fprintf(f, " [ isatap ]\n");
+ } else {
+ fprintf(f, " [ mode { ipip | mplsip | any } ]\n");
}
+ fprintf(f, " [ external ]\n");
+ fprintf(f, " [ fwmark MARK ]\n");
fprintf(f, "\n");
- fprintf(f, "Where: NAME := STRING\n");
- fprintf(f, " ADDR := { IP_ADDRESS | any }\n");
+ fprintf(f, "Where: ADDR := { IP_ADDRESS | any }\n");
fprintf(f, " TOS := { NUMBER | inherit }\n");
fprintf(f, " TTL := { 1..255 | inherit }\n");
+ fprintf(f, " MARK := { 0x0..0xffffffff }\n");
}
static void usage(int sit) __attribute__((noreturn));
@@ -53,12 +72,18 @@
static int iptunnel_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
struct {
struct nlmsghdr n;
struct ifinfomsg i;
char buf[2048];
- } req;
- struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ .i.ifi_index = ifi->ifi_index,
+ };
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct rtattr *iptuninfo[IFLA_IPTUN_MAX + 1];
@@ -71,7 +96,7 @@
__u8 pmtudisc = 1;
__u16 iflags = 0;
__u8 proto = 0;
- struct in6_addr ip6rdprefix;
+ struct in6_addr ip6rdprefix = {};
__u16 ip6rdprefixlen = 0;
__u32 ip6rdrelayprefix = 0;
__u16 ip6rdrelayprefixlen = 0;
@@ -79,18 +104,10 @@
__u16 encapflags = 0;
__u16 encapsport = 0;
__u16 encapdport = 0;
-
- memset(&ip6rdprefix, 0, sizeof(ip6rdprefix));
+ __u8 metadata = 0;
+ __u32 fwmark = 0;
if (!(n->nlmsg_flags & NLM_F_CREATE)) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
- req.i.ifi_index = ifi->ifi_index;
-
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) {
get_failed:
fprintf(stderr,
@@ -165,6 +182,12 @@
if (iptuninfo[IFLA_IPTUN_6RD_RELAY_PREFIXLEN])
ip6rdrelayprefixlen =
rta_getattr_u16(iptuninfo[IFLA_IPTUN_6RD_RELAY_PREFIXLEN]);
+ if (iptuninfo[IFLA_IPTUN_COLLECT_METADATA])
+ metadata = 1;
+
+ if (iptuninfo[IFLA_IPTUN_FWMARK])
+ fwmark = rta_getattr_u32(iptuninfo[IFLA_IPTUN_FWMARK]);
+
}
while (argc > 0) {
@@ -197,6 +220,7 @@
strcmp(*argv, "tclass") == 0 ||
matches(*argv, "dsfield") == 0) {
__u32 uval;
+
NEXT_ARG();
if (strcmp(*argv, "inherit") != 0) {
if (rtnl_dsfield_a2n(&uval, *argv))
@@ -221,6 +245,24 @@
strcmp(*argv, "ipip") == 0 ||
strcmp(*argv, "ip4ip4") == 0)
proto = IPPROTO_IPIP;
+ else if (strcmp(*argv, "mpls/ipv4") == 0 ||
+ strcmp(*argv, "mplsip") == 0)
+ proto = IPPROTO_MPLS;
+ else if (strcmp(*argv, "any/ipv4") == 0 ||
+ strcmp(*argv, "any") == 0)
+ proto = 0;
+ else
+ invarg("Cannot guess tunnel mode.", *argv);
+ } else if (strcmp(lu->id, "ipip") == 0 &&
+ strcmp(*argv, "mode") == 0) {
+ NEXT_ARG();
+ if (strcmp(*argv, "ipv4/ipv4") == 0 ||
+ strcmp(*argv, "ipip") == 0 ||
+ strcmp(*argv, "ip4ip4") == 0)
+ proto = IPPROTO_IPIP;
+ else if (strcmp(*argv, "mpls/ipv4") == 0 ||
+ strcmp(*argv, "mplsip") == 0)
+ proto = IPPROTO_MPLS;
else if (strcmp(*argv, "any/ipv4") == 0 ||
strcmp(*argv, "any") == 0)
proto = 0;
@@ -260,8 +302,11 @@
encapflags |= TUNNEL_ENCAP_FLAG_REMCSUM;
} else if (strcmp(*argv, "noencap-remcsum") == 0) {
encapflags &= ~TUNNEL_ENCAP_FLAG_REMCSUM;
+ } else if (strcmp(*argv, "external") == 0) {
+ metadata = 1;
} else if (strcmp(*argv, "6rd-prefix") == 0) {
inet_prefix prefix;
+
NEXT_ARG();
if (get_prefix(&prefix, *argv, AF_INET6))
invarg("invalid 6rd_prefix\n", *argv);
@@ -269,6 +314,7 @@
ip6rdprefixlen = prefix.bitlen;
} else if (strcmp(*argv, "6rd-relay_prefix") == 0) {
inet_prefix prefix;
+
NEXT_ARG();
if (get_prefix(&prefix, *argv, AF_INET))
invarg("invalid 6rd-relay_prefix\n", *argv);
@@ -276,11 +322,16 @@
ip6rdrelayprefixlen = prefix.bitlen;
} else if (strcmp(*argv, "6rd-reset") == 0) {
inet_prefix prefix;
+
get_prefix(&prefix, "2002::", AF_INET6);
memcpy(&ip6rdprefix, prefix.data, 16);
ip6rdprefixlen = 16;
ip6rdrelayprefix = 0;
ip6rdrelayprefixlen = 0;
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ NEXT_ARG();
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("invalid fwmark\n", *argv);
} else
usage(strcmp(lu->id, "sit") == 0);
argc--, argv++;
@@ -291,21 +342,29 @@
exit(-1);
}
+ if (metadata) {
+ addattr_l(n, 1024, IFLA_IPTUN_COLLECT_METADATA, NULL, 0);
+ return 0;
+ }
+
addattr32(n, 1024, IFLA_IPTUN_LINK, link);
addattr32(n, 1024, IFLA_IPTUN_LOCAL, laddr);
addattr32(n, 1024, IFLA_IPTUN_REMOTE, raddr);
addattr8(n, 1024, IFLA_IPTUN_TTL, ttl);
addattr8(n, 1024, IFLA_IPTUN_TOS, tos);
addattr8(n, 1024, IFLA_IPTUN_PMTUDISC, pmtudisc);
+ addattr32(n, 1024, IFLA_IPTUN_FWMARK, fwmark);
addattr16(n, 1024, IFLA_IPTUN_ENCAP_TYPE, encaptype);
addattr16(n, 1024, IFLA_IPTUN_ENCAP_FLAGS, encapflags);
addattr16(n, 1024, IFLA_IPTUN_ENCAP_SPORT, htons(encapsport));
addattr16(n, 1024, IFLA_IPTUN_ENCAP_DPORT, htons(encapdport));
+ if (strcmp(lu->id, "ipip") == 0 || strcmp(lu->id, "sit") == 0)
+ addattr8(n, 1024, IFLA_IPTUN_PROTO, proto);
+
if (strcmp(lu->id, "sit") == 0) {
addattr16(n, 1024, IFLA_IPTUN_FLAGS, iflags);
- addattr8(n, 1024, IFLA_IPTUN_PROTO, proto);
if (ip6rdprefixlen) {
addattr_l(n, 1024, IFLA_IPTUN_6RD_PREFIX,
&ip6rdprefix, sizeof(ip6rdprefix));
@@ -327,126 +386,185 @@
char s2[64];
const char *local = "any";
const char *remote = "any";
+ __u16 prefixlen, type;
if (!tb)
return;
if (tb[IFLA_IPTUN_REMOTE]) {
- unsigned addr = rta_getattr_u32(tb[IFLA_IPTUN_REMOTE]);
+ unsigned int addr = rta_getattr_u32(tb[IFLA_IPTUN_REMOTE]);
if (addr)
- remote = format_host(AF_INET, 4, &addr, s1, sizeof(s1));
+ remote = format_host(AF_INET, 4, &addr);
}
- fprintf(f, "remote %s ", remote);
+ print_string(PRINT_ANY, "remote", "remote %s ", remote);
if (tb[IFLA_IPTUN_LOCAL]) {
- unsigned addr = rta_getattr_u32(tb[IFLA_IPTUN_LOCAL]);
+ unsigned int addr = rta_getattr_u32(tb[IFLA_IPTUN_LOCAL]);
if (addr)
- local = format_host(AF_INET, 4, &addr, s1, sizeof(s1));
+ local = format_host(AF_INET, 4, &addr);
}
- fprintf(f, "local %s ", local);
+ print_string(PRINT_ANY, "local", "local %s ", local);
if (tb[IFLA_IPTUN_LINK] && rta_getattr_u32(tb[IFLA_IPTUN_LINK])) {
- unsigned link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
+ unsigned int link = rta_getattr_u32(tb[IFLA_IPTUN_LINK]);
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_int(PRINT_ANY, "link_index", "dev %u ", link);
}
- if (tb[IFLA_IPTUN_TTL] && rta_getattr_u8(tb[IFLA_IPTUN_TTL]))
- fprintf(f, "ttl %d ", rta_getattr_u8(tb[IFLA_IPTUN_TTL]));
- else
- fprintf(f, "ttl inherit ");
+ if (tb[IFLA_IPTUN_TTL]) {
+ __u8 ttl = rta_getattr_u8(tb[IFLA_IPTUN_TTL]);
- if (tb[IFLA_IPTUN_TOS] && rta_getattr_u8(tb[IFLA_IPTUN_TOS])) {
+ if (ttl)
+ print_int(PRINT_ANY, "ttl", "ttl %d ", ttl);
+ else
+ print_int(PRINT_JSON, "ttl", NULL, ttl);
+ } else {
+ print_string(PRINT_FP, NULL, "ttl %s ", "inherit");
+ }
+
+ if (tb[IFLA_IPTUN_TOS]) {
int tos = rta_getattr_u8(tb[IFLA_IPTUN_TOS]);
- fputs("tos ", f);
- if (tos == 1)
- fputs("inherit ", f);
- else
- fprintf(f, "0x%x ", tos);
+ if (tos) {
+ if (is_json_context()) {
+ print_0xhex(PRINT_JSON, "tos", "%#x", tos);
+ } else {
+ fputs("tos ", f);
+ if (tos == 1)
+ fputs("inherit ", f);
+ else
+ fprintf(f, "0x%x ", tos);
+ }
+ }
}
if (tb[IFLA_IPTUN_PMTUDISC] && rta_getattr_u8(tb[IFLA_IPTUN_PMTUDISC]))
- fprintf(f, "pmtudisc ");
+ print_bool(PRINT_ANY, "pmtudisc", "pmtudisc ", true);
else
- fprintf(f, "nopmtudisc ");
+ print_bool(PRINT_ANY, "pmtudisc", "nopmtudisc ", false);
if (tb[IFLA_IPTUN_FLAGS]) {
__u16 iflags = rta_getattr_u16(tb[IFLA_IPTUN_FLAGS]);
if (iflags & SIT_ISATAP)
- fprintf(f, "isatap ");
+ print_bool(PRINT_ANY, "isatap", "isatap ", true);
}
if (tb[IFLA_IPTUN_6RD_PREFIXLEN] &&
- *(__u16 *)RTA_DATA(tb[IFLA_IPTUN_6RD_PREFIXLEN])) {
- __u16 prefixlen = rta_getattr_u16(tb[IFLA_IPTUN_6RD_PREFIXLEN]);
+ (prefixlen = rta_getattr_u16(tb[IFLA_IPTUN_6RD_PREFIXLEN]))) {
__u16 relayprefixlen =
rta_getattr_u16(tb[IFLA_IPTUN_6RD_RELAY_PREFIXLEN]);
__u32 relayprefix =
rta_getattr_u32(tb[IFLA_IPTUN_6RD_RELAY_PREFIX]);
- printf("6rd-prefix %s/%u ",
- inet_ntop(AF_INET6, RTA_DATA(tb[IFLA_IPTUN_6RD_PREFIX]),
- s1, sizeof(s1)),
- prefixlen);
- if (relayprefix) {
- printf("6rd-relay_prefix %s/%u ",
- format_host(AF_INET, 4, &relayprefix, s1,
- sizeof(s1)),
- relayprefixlen);
+ const char *prefix = inet_ntop(AF_INET6,
+ RTA_DATA(tb[IFLA_IPTUN_6RD_PREFIX]),
+ s1, sizeof(s1));
+
+ if (is_json_context()) {
+ print_string(PRINT_JSON, "prefix", NULL, prefix);
+ print_int(PRINT_JSON, "prefixlen", NULL, prefixlen);
+ if (relayprefix) {
+ print_string(PRINT_JSON,
+ "relay_prefix",
+ NULL,
+ format_host(AF_INET,
+ 4,
+ &relayprefix));
+ print_int(PRINT_JSON,
+ "relay_prefixlen",
+ NULL,
+ relayprefixlen);
+ }
+ } else {
+ printf("6rd-prefix %s/%u ", prefix, prefixlen);
+ if (relayprefix) {
+ printf("6rd-relay_prefix %s/%u ",
+ format_host(AF_INET, 4, &relayprefix),
+ relayprefixlen);
+ }
}
}
if (tb[IFLA_IPTUN_ENCAP_TYPE] &&
- *(__u16 *)RTA_DATA(tb[IFLA_IPTUN_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE) {
- __u16 type = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE]);
+ (type = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_TYPE])) != TUNNEL_ENCAP_NONE) {
__u16 flags = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_FLAGS]);
__u16 sport = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_SPORT]);
__u16 dport = rta_getattr_u16(tb[IFLA_IPTUN_ENCAP_DPORT]);
- fputs("encap ", f);
+ print_string(PRINT_FP, NULL, "encap ", NULL);
switch (type) {
case TUNNEL_ENCAP_FOU:
- fputs("fou ", f);
+ print_string(PRINT_ANY, "type", "%s ", "fou");
break;
case TUNNEL_ENCAP_GUE:
- fputs("gue ", f);
+ print_string(PRINT_ANY, "type", "%s ", "gue");
break;
default:
- fputs("unknown ", f);
+ print_null(PRINT_ANY, "type", "unknown ", NULL);
break;
}
- if (sport == 0)
- fputs("encap-sport auto ", f);
- else
- fprintf(f, "encap-sport %u", ntohs(sport));
+ if (is_json_context()) {
+ print_uint(PRINT_JSON,
+ "sport",
+ NULL,
+ sport ? ntohs(sport) : 0);
+ print_uint(PRINT_JSON, "dport", NULL, ntohs(dport));
+ print_bool(PRINT_JSON,
+ "csum",
+ NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM);
+ print_bool(PRINT_JSON,
+ "csum6",
+ NULL,
+ flags & TUNNEL_ENCAP_FLAG_CSUM6);
+ print_bool(PRINT_JSON,
+ "remcsum",
+ NULL,
+ flags & TUNNEL_ENCAP_FLAG_REMCSUM);
+ close_json_object();
+ } else {
+ if (sport == 0)
+ fputs("encap-sport auto ", f);
+ else
+ fprintf(f, "encap-sport %u", ntohs(sport));
- fprintf(f, "encap-dport %u ", ntohs(dport));
+ fprintf(f, "encap-dport %u ", ntohs(dport));
- if (flags & TUNNEL_ENCAP_FLAG_CSUM)
- fputs("encap-csum ", f);
- else
- fputs("noencap-csum ", f);
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM)
+ fputs("encap-csum ", f);
+ else
+ fputs("noencap-csum ", f);
- if (flags & TUNNEL_ENCAP_FLAG_CSUM6)
- fputs("encap-csum6 ", f);
- else
- fputs("noencap-csum6 ", f);
+ if (flags & TUNNEL_ENCAP_FLAG_CSUM6)
+ fputs("encap-csum6 ", f);
+ else
+ fputs("noencap-csum6 ", f);
- if (flags & TUNNEL_ENCAP_FLAG_REMCSUM)
- fputs("encap-remcsum ", f);
- else
- fputs("noencap-remcsum ", f);
+ if (flags & TUNNEL_ENCAP_FLAG_REMCSUM)
+ fputs("encap-remcsum ", f);
+ else
+ fputs("noencap-remcsum ", f);
+ }
+ }
+
+ if (tb[IFLA_IPTUN_FWMARK]) {
+ __u32 fwmark = rta_getattr_u32(tb[IFLA_IPTUN_FWMARK]);
+
+ if (fwmark) {
+ snprintf(s2, sizeof(s2), "0x%x", fwmark);
+
+ print_string(PRINT_ANY, "fwmark", "fwmark %s ", s2);
+ }
}
}
diff --git a/ip/link_veth.c b/ip/link_veth.c
index 314216c..a368827 100644
--- a/ip/link_veth.c
+++ b/ip/link_veth.c
@@ -37,7 +37,7 @@
char *type = NULL;
int index = 0;
int err, len;
- struct rtattr * data;
+ struct rtattr *data;
int group;
struct ifinfomsg *ifm, *peer_ifm;
unsigned int ifi_flags, ifi_change;
diff --git a/ip/link_vti.c b/ip/link_vti.c
index f3fea33..8bd4d90 100644
--- a/ip/link_vti.c
+++ b/ip/link_vti.c
@@ -26,14 +26,17 @@
static void print_usage(FILE *f)
{
- fprintf(f, "Usage: ip link { add | set | change | replace | del } NAME\n");
- fprintf(f, " type { vti } [ remote ADDR ] [ local ADDR ]\n");
- fprintf(f, " [ [i|o]key KEY ]\n");
- fprintf(f, " [ dev PHYS_DEV ]\n");
- fprintf(f, "\n");
- fprintf(f, "Where: NAME := STRING\n");
- fprintf(f, " ADDR := { IP_ADDRESS }\n");
- fprintf(f, " KEY := { DOTTED_QUAD | NUMBER }\n");
+ fprintf(f,
+ "Usage: ... vti [ remote ADDR ]\n"
+ " [ local ADDR ]\n"
+ " [ [i|o]key KEY ]\n"
+ " [ dev PHYS_DEV ]\n"
+ " [ fwmark MARK ]\n"
+ "\n"
+ "Where: ADDR := { IP_ADDRESS }\n"
+ " KEY := { DOTTED_QUAD | NUMBER }\n"
+ " MARK := { 0x0..0xffffffff }\n"
+ );
}
static void usage(void) __attribute__((noreturn));
@@ -46,31 +49,30 @@
static int vti_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
struct {
struct nlmsghdr n;
struct ifinfomsg i;
char buf[1024];
- } req;
- struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ .i.ifi_index = ifi->ifi_index,
+ };
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct rtattr *vtiinfo[IFLA_VTI_MAX + 1];
- unsigned ikey = 0;
- unsigned okey = 0;
- unsigned saddr = 0;
- unsigned daddr = 0;
- unsigned link = 0;
+ unsigned int ikey = 0;
+ unsigned int okey = 0;
+ unsigned int saddr = 0;
+ unsigned int daddr = 0;
+ unsigned int link = 0;
+ unsigned int fwmark = 0;
int len;
if (!(n->nlmsg_flags & NLM_F_CREATE)) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
- req.i.ifi_index = ifi->ifi_index;
-
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) {
get_failed:
fprintf(stderr,
@@ -97,24 +99,27 @@
linkinfo[IFLA_INFO_DATA]);
if (vtiinfo[IFLA_VTI_IKEY])
- ikey = *(__u32 *)RTA_DATA(vtiinfo[IFLA_VTI_IKEY]);
+ ikey = rta_getattr_u32(vtiinfo[IFLA_VTI_IKEY]);
if (vtiinfo[IFLA_VTI_OKEY])
- okey = *(__u32 *)RTA_DATA(vtiinfo[IFLA_VTI_OKEY]);
+ okey = rta_getattr_u32(vtiinfo[IFLA_VTI_OKEY]);
if (vtiinfo[IFLA_VTI_LOCAL])
- saddr = *(__u32 *)RTA_DATA(vtiinfo[IFLA_VTI_LOCAL]);
+ saddr = rta_getattr_u32(vtiinfo[IFLA_VTI_LOCAL]);
if (vtiinfo[IFLA_VTI_REMOTE])
- daddr = *(__u32 *)RTA_DATA(vtiinfo[IFLA_VTI_REMOTE]);
+ daddr = rta_getattr_u32(vtiinfo[IFLA_VTI_REMOTE]);
if (vtiinfo[IFLA_VTI_LINK])
- link = *(__u8 *)RTA_DATA(vtiinfo[IFLA_VTI_LINK]);
+ link = rta_getattr_u8(vtiinfo[IFLA_VTI_LINK]);
+
+ if (vtiinfo[IFLA_VTI_FWMARK])
+ fwmark = rta_getattr_u32(vtiinfo[IFLA_VTI_FWMARK]);
}
while (argc > 0) {
if (!matches(*argv, "key")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strchr(*argv, '.'))
@@ -130,7 +135,7 @@
ikey = okey = uval;
} else if (!matches(*argv, "ikey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strchr(*argv, '.'))
@@ -144,7 +149,7 @@
}
ikey = uval;
} else if (!matches(*argv, "okey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strchr(*argv, '.'))
@@ -181,6 +186,10 @@
*argv);
exit(-1);
}
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ NEXT_ARG();
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("invalid fwmark\n", *argv);
} else
usage();
argc--; argv++;
@@ -190,6 +199,7 @@
addattr32(n, 1024, IFLA_VTI_OKEY, okey);
addattr_l(n, 1024, IFLA_VTI_LOCAL, &saddr, 4);
addattr_l(n, 1024, IFLA_VTI_REMOTE, &daddr, 4);
+ addattr32(n, 1024, IFLA_VTI_FWMARK, fwmark);
if (link)
addattr32(n, 1024, IFLA_VTI_LINK, link);
@@ -198,50 +208,61 @@
static void vti_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
- char s1[1024];
- char s2[64];
const char *local = "any";
const char *remote = "any";
+ __u32 key;
+ unsigned int link;
+ char s2[IFNAMSIZ];
if (!tb)
return;
if (tb[IFLA_VTI_REMOTE]) {
- unsigned addr = *(__u32 *)RTA_DATA(tb[IFLA_VTI_REMOTE]);
+ unsigned int addr = rta_getattr_u32(tb[IFLA_VTI_REMOTE]);
if (addr)
- remote = format_host(AF_INET, 4, &addr, s1, sizeof(s1));
+ remote = format_host(AF_INET, 4, &addr);
}
- fprintf(f, "remote %s ", remote);
+ print_string(PRINT_ANY, "remote", "remote %s ", remote);
if (tb[IFLA_VTI_LOCAL]) {
- unsigned addr = *(__u32 *)RTA_DATA(tb[IFLA_VTI_LOCAL]);
+ unsigned int addr = rta_getattr_u32(tb[IFLA_VTI_LOCAL]);
if (addr)
- local = format_host(AF_INET, 4, &addr, s1, sizeof(s1));
+ local = format_host(AF_INET, 4, &addr);
}
- fprintf(f, "local %s ", local);
+ print_string(PRINT_ANY, "local", "local %s ", local);
- if (tb[IFLA_VTI_LINK] && *(__u32 *)RTA_DATA(tb[IFLA_VTI_LINK])) {
- unsigned link = *(__u32 *)RTA_DATA(tb[IFLA_VTI_LINK]);
+ if (tb[IFLA_VTI_LINK] &&
+ (link = rta_getattr_u32(tb[IFLA_VTI_LINK]))) {
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_uint(PRINT_ANY, "link_index", "dev %u ", link);
}
- if (tb[IFLA_VTI_IKEY]) {
- inet_ntop(AF_INET, RTA_DATA(tb[IFLA_VTI_IKEY]), s2, sizeof(s2));
- fprintf(f, "ikey %s ", s2);
- }
+ if (tb[IFLA_VTI_IKEY] &&
+ (key = rta_getattr_u32(tb[IFLA_VTI_IKEY])))
+ print_0xhex(PRINT_ANY, "ikey", "ikey %#x ", ntohl(key));
- if (tb[IFLA_VTI_OKEY]) {
- inet_ntop(AF_INET, RTA_DATA(tb[IFLA_VTI_OKEY]), s2, sizeof(s2));
- fprintf(f, "okey %s ", s2);
+
+ if (tb[IFLA_VTI_OKEY] &&
+ (key = rta_getattr_u32(tb[IFLA_VTI_OKEY])))
+ print_0xhex(PRINT_ANY, "okey", "okey %#x ", ntohl(key));
+
+ if (tb[IFLA_VTI_FWMARK]) {
+ __u32 fwmark = rta_getattr_u32(tb[IFLA_VTI_FWMARK]);
+
+ if (fwmark) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "0x%x", fwmark);
+ print_string(PRINT_ANY, "fwmark", "fwmark %s ", s2);
+ }
}
}
diff --git a/ip/link_vti6.c b/ip/link_vti6.c
index c146f79..8198d46 100644
--- a/ip/link_vti6.c
+++ b/ip/link_vti6.c
@@ -32,41 +32,42 @@
fprintf(stderr, " type { vti6 } [ remote ADDR ] [ local ADDR ]\n");
fprintf(stderr, " [ [i|o]key KEY ]\n");
fprintf(stderr, " [ dev PHYS_DEV ]\n");
+ fprintf(stderr, " [ fwmark MARK ]\n");
fprintf(stderr, "\n");
fprintf(stderr, "Where: NAME := STRING\n");
fprintf(stderr, " ADDR := { IPV6_ADDRESS }\n");
fprintf(stderr, " KEY := { DOTTED_QUAD | NUMBER }\n");
+ fprintf(stderr, " MARK := { 0x0..0xffffffff }\n");
exit(-1);
}
static int vti6_parse_opt(struct link_util *lu, int argc, char **argv,
struct nlmsghdr *n)
{
+ struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
struct {
struct nlmsghdr n;
struct ifinfomsg i;
char buf[1024];
- } req;
- struct ifinfomsg *ifi = (struct ifinfomsg *)(n + 1);
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_GETLINK,
+ .i.ifi_family = preferred_family,
+ .i.ifi_index = ifi->ifi_index,
+ };
struct rtattr *tb[IFLA_MAX + 1];
struct rtattr *linkinfo[IFLA_INFO_MAX+1];
struct rtattr *vtiinfo[IFLA_VTI_MAX + 1];
- struct in6_addr saddr;
- struct in6_addr daddr;
- unsigned ikey = 0;
- unsigned okey = 0;
- unsigned link = 0;
+ struct in6_addr saddr = IN6ADDR_ANY_INIT;
+ struct in6_addr daddr = IN6ADDR_ANY_INIT;
+ unsigned int ikey = 0;
+ unsigned int okey = 0;
+ unsigned int link = 0;
+ __u32 fwmark = 0;
int len;
if (!(n->nlmsg_flags & NLM_F_CREATE)) {
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_GETLINK;
- req.i.ifi_family = preferred_family;
- req.i.ifi_index = ifi->ifi_index;
-
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0) {
get_failed:
fprintf(stderr,
@@ -106,11 +107,14 @@
if (vtiinfo[IFLA_VTI_LINK])
link = rta_getattr_u8(vtiinfo[IFLA_VTI_LINK]);
+
+ if (vtiinfo[IFLA_VTI_FWMARK])
+ fwmark = rta_getattr_u32(vtiinfo[IFLA_VTI_FWMARK]);
}
while (argc > 0) {
if (!matches(*argv, "key")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strchr(*argv, '.'))
@@ -126,7 +130,7 @@
ikey = okey = uval;
} else if (!matches(*argv, "ikey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strchr(*argv, '.'))
@@ -140,7 +144,7 @@
}
ikey = uval;
} else if (!matches(*argv, "okey")) {
- unsigned uval;
+ unsigned int uval;
NEXT_ARG();
if (strchr(*argv, '.'))
@@ -160,6 +164,7 @@
exit(-1);
} else {
inet_prefix addr;
+
get_prefix(&addr, *argv, AF_INET6);
memcpy(&daddr, addr.data, addr.bytelen);
}
@@ -170,6 +175,7 @@
exit(-1);
} else {
inet_prefix addr;
+
get_prefix(&addr, *argv, AF_INET6);
memcpy(&saddr, addr.data, addr.bytelen);
}
@@ -178,6 +184,10 @@
link = if_nametoindex(*argv);
if (link == 0)
exit(-1);
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ NEXT_ARG();
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("invalid fwmark\n", *argv);
} else
usage();
argc--; argv++;
@@ -185,8 +195,12 @@
addattr32(n, 1024, IFLA_VTI_IKEY, ikey);
addattr32(n, 1024, IFLA_VTI_OKEY, okey);
- addattr_l(n, 1024, IFLA_VTI_LOCAL, &saddr, sizeof(saddr));
- addattr_l(n, 1024, IFLA_VTI_REMOTE, &daddr, sizeof(daddr));
+
+ if (memcmp(&saddr, &in6addr_any, sizeof(in6addr_any)))
+ addattr_l(n, 1024, IFLA_VTI_LOCAL, &saddr, sizeof(saddr));
+ if (memcmp(&daddr, &in6addr_any, sizeof(in6addr_any)))
+ addattr_l(n, 1024, IFLA_VTI_REMOTE, &daddr, sizeof(daddr));
+ addattr32(n, 1024, IFLA_VTI_FWMARK, fwmark);
if (link)
addattr32(n, 1024, IFLA_VTI_LINK, link);
@@ -195,12 +209,12 @@
static void vti6_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
{
- char s1[1024];
- char s2[64];
const char *local = "any";
const char *remote = "any";
struct in6_addr saddr;
struct in6_addr daddr;
+ unsigned int link;
+ char s2[64];
if (!tb)
return;
@@ -208,37 +222,46 @@
if (tb[IFLA_VTI_REMOTE]) {
memcpy(&daddr, RTA_DATA(tb[IFLA_VTI_REMOTE]), sizeof(daddr));
- remote = format_host(AF_INET6, 16, &daddr, s1, sizeof(s1));
+ remote = format_host(AF_INET6, 16, &daddr);
}
- fprintf(f, "remote %s ", remote);
+ print_string(PRINT_ANY, "remote", "remote %s ", remote);
if (tb[IFLA_VTI_LOCAL]) {
memcpy(&saddr, RTA_DATA(tb[IFLA_VTI_LOCAL]), sizeof(saddr));
- local = format_host(AF_INET6, 16, &saddr, s1, sizeof(s1));
+ local = format_host(AF_INET6, 16, &saddr);
}
- fprintf(f, "local %s ", local);
+ print_string(PRINT_ANY, "local", "local %s ", local);
- if (tb[IFLA_VTI_LINK] && *(__u32 *)RTA_DATA(tb[IFLA_VTI_LINK])) {
- unsigned link = *(__u32 *)RTA_DATA(tb[IFLA_VTI_LINK]);
+ if (tb[IFLA_VTI_LINK] && (link = rta_getattr_u32(tb[IFLA_VTI_LINK]))) {
const char *n = if_indextoname(link, s2);
if (n)
- fprintf(f, "dev %s ", n);
+ print_string(PRINT_ANY, "link", "dev %s ", n);
else
- fprintf(f, "dev %u ", link);
+ print_uint(PRINT_ANY, "link_index", "dev %u ", link);
}
if (tb[IFLA_VTI_IKEY]) {
inet_ntop(AF_INET, RTA_DATA(tb[IFLA_VTI_IKEY]), s2, sizeof(s2));
- fprintf(f, "ikey %s ", s2);
+ print_string(PRINT_ANY, "ikey", "ikey %s ", s2);
}
if (tb[IFLA_VTI_OKEY]) {
inet_ntop(AF_INET, RTA_DATA(tb[IFLA_VTI_OKEY]), s2, sizeof(s2));
- fprintf(f, "okey %s ", s2);
+ print_string(PRINT_ANY, "okey", "okey %s ", s2);
+ }
+
+ if (tb[IFLA_VTI_FWMARK]) {
+ __u32 fwmark = rta_getattr_u32(tb[IFLA_VTI_FWMARK]);
+
+ if (fwmark) {
+ snprintf(s2, sizeof(s2), "0x%x", fwmark);
+
+ print_string(PRINT_ANY, "fwmark", "fwmark %s ", s2);
+ }
}
}
diff --git a/ip/routel b/ip/routel
index 8d1d352..9a30462 100644
--- a/ip/routel
+++ b/ip/routel
@@ -32,10 +32,22 @@
esac
while test $# != 0
do
- key=$1
- val=$2
- eval "$key=$val"
- shift 2
+ case "$1" in
+ proto|via|dev|scope|src|table)
+ key=$1
+ val=$2
+ eval "$key='$val'"
+ shift 2
+ ;;
+ dead|onlink|pervasive|offload|notify|linkdown|unresolved)
+ shift
+ ;;
+ *)
+ # avoid infinite loop on unknown keyword without value at line end
+ shift
+ shift
+ ;;
+ esac
done
echo "$network $via $src $proto $scope $dev $table"
done | awk -F ' ' '
diff --git a/ip/rtmon.c b/ip/rtmon.c
index 42b24fb..94baa38 100644
--- a/ip/rtmon.c
+++ b/ip/rtmon.c
@@ -25,13 +25,12 @@
#include "utils.h"
#include "libnetlink.h"
-int resolve_hosts = 0;
static int init_phase = 1;
static void write_stamp(FILE *fp)
{
char buf[128];
- struct nlmsghdr *n1 = (void*)buf;
+ struct nlmsghdr *n1 = (void *)buf;
struct timeval tv;
n1->nlmsg_type = NLMSG_TSTAMP;
@@ -40,18 +39,19 @@
n1->nlmsg_pid = 0;
n1->nlmsg_len = NLMSG_LENGTH(4*2);
gettimeofday(&tv, NULL);
- ((__u32*)NLMSG_DATA(n1))[0] = tv.tv_sec;
- ((__u32*)NLMSG_DATA(n1))[1] = tv.tv_usec;
- fwrite((void*)n1, 1, NLMSG_ALIGN(n1->nlmsg_len), fp);
+ ((__u32 *)NLMSG_DATA(n1))[0] = tv.tv_sec;
+ ((__u32 *)NLMSG_DATA(n1))[1] = tv.tv_usec;
+ fwrite((void *)n1, 1, NLMSG_ALIGN(n1->nlmsg_len), fp);
}
static int dump_msg(const struct sockaddr_nl *who, struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
+
if (!init_phase)
write_stamp(fp);
- fwrite((void*)n, 1, NLMSG_ALIGN(n->nlmsg_len), fp);
+ fwrite((void *)n, 1, NLMSG_ALIGN(n->nlmsg_len), fp);
fflush(fp);
return 0;
}
@@ -75,7 +75,7 @@
FILE *fp;
struct rtnl_handle rth;
int family = AF_UNSPEC;
- unsigned groups = ~0U;
+ unsigned int groups = ~0U;
int llink = 0;
int laddr = 0;
int lroute = 0;
@@ -115,13 +115,13 @@
usage();
file = argv[1];
} else if (matches(argv[1], "link") == 0) {
- llink=1;
+ llink = 1;
groups = 0;
} else if (matches(argv[1], "address") == 0) {
- laddr=1;
+ laddr = 1;
groups = 0;
} else if (matches(argv[1], "route") == 0) {
- lroute=1;
+ lroute = 1;
groups = 0;
} else if (strcmp(argv[1], "all") == 0) {
groups = ~0U;
@@ -176,7 +176,7 @@
init_phase = 0;
- if (rtnl_listen(&rth, dump_msg, (void*)fp) < 0)
+ if (rtnl_listen(&rth, dump_msg, (void *)fp) < 0)
exit(2);
exit(0);
diff --git a/ip/tcp_metrics.c b/ip/tcp_metrics.c
index 57b605f..8972acd 100644
--- a/ip/tcp_metrics.c
+++ b/ip/tcp_metrics.c
@@ -95,7 +95,6 @@
struct genlmsghdr *ghdr;
struct rtattr *attrs[TCP_METRICS_ATTR_MAX + 1], *a;
int len = n->nlmsg_len;
- char abuf[256];
inet_prefix daddr, saddr;
int family, i, atype, stype, dlen = 0, slen = 0;
@@ -113,47 +112,44 @@
parse_rtattr(attrs, TCP_METRICS_ATTR_MAX, (void *) ghdr + GENL_HDRLEN,
len);
- a = attrs[TCP_METRICS_ATTR_ADDR_IPV4];
- if (a) {
+ if (attrs[TCP_METRICS_ATTR_ADDR_IPV4]) {
if (f.daddr.family && f.daddr.family != AF_INET)
return 0;
+ a = attrs[TCP_METRICS_ATTR_ADDR_IPV4];
memcpy(&daddr.data, RTA_DATA(a), 4);
daddr.bytelen = 4;
family = AF_INET;
atype = TCP_METRICS_ATTR_ADDR_IPV4;
dlen = RTA_PAYLOAD(a);
- } else {
- a = attrs[TCP_METRICS_ATTR_ADDR_IPV6];
- if (a) {
- if (f.daddr.family && f.daddr.family != AF_INET6)
- return 0;
- memcpy(&daddr.data, RTA_DATA(a), 16);
- daddr.bytelen = 16;
- family = AF_INET6;
- atype = TCP_METRICS_ATTR_ADDR_IPV6;
- dlen = RTA_PAYLOAD(a);
- } else
+ } else if (attrs[TCP_METRICS_ATTR_ADDR_IPV6]) {
+ if (f.daddr.family && f.daddr.family != AF_INET6)
return 0;
+ a = attrs[TCP_METRICS_ATTR_ADDR_IPV6];
+ memcpy(&daddr.data, RTA_DATA(a), 16);
+ daddr.bytelen = 16;
+ family = AF_INET6;
+ atype = TCP_METRICS_ATTR_ADDR_IPV6;
+ dlen = RTA_PAYLOAD(a);
+ } else {
+ return 0;
}
- a = attrs[TCP_METRICS_ATTR_SADDR_IPV4];
- if (a) {
+ if (attrs[TCP_METRICS_ATTR_SADDR_IPV4]) {
if (f.saddr.family && f.saddr.family != AF_INET)
return 0;
+ a = attrs[TCP_METRICS_ATTR_SADDR_IPV4];
memcpy(&saddr.data, RTA_DATA(a), 4);
saddr.bytelen = 4;
stype = TCP_METRICS_ATTR_SADDR_IPV4;
slen = RTA_PAYLOAD(a);
- } else {
+ } else if (attrs[TCP_METRICS_ATTR_SADDR_IPV6]) {
+ if (f.saddr.family && f.saddr.family != AF_INET6)
+ return 0;
a = attrs[TCP_METRICS_ATTR_SADDR_IPV6];
- if (a) {
- if (f.saddr.family && f.saddr.family != AF_INET6)
- return 0;
- memcpy(&saddr.data, RTA_DATA(a), 16);
- saddr.bytelen = 16;
- stype = TCP_METRICS_ATTR_SADDR_IPV6;
- slen = RTA_PAYLOAD(a);
- }
+ memcpy(&saddr.data, RTA_DATA(a), 16);
+ saddr.bytelen = 16;
+ stype = TCP_METRICS_ATTR_SADDR_IPV6;
+ slen = RTA_PAYLOAD(a);
}
if (f.daddr.family && f.daddr.bitlen >= 0 &&
@@ -168,6 +164,7 @@
if (f.flushb) {
struct nlmsghdr *fn;
+
TCPM_REQUEST(req2, 128, TCP_METRICS_CMD_DEL, NLM_F_REQUEST);
addattr_l(&req2.n, sizeof(req2), atype, &daddr.data,
@@ -193,7 +190,7 @@
fprintf(fp, "Deleted ");
fprintf(fp, "%s",
- format_host(family, dlen, &daddr.data, abuf, sizeof(abuf)));
+ format_host(family, dlen, &daddr.data));
a = attrs[TCP_METRICS_ATTR_AGE];
if (a) {
@@ -297,8 +294,7 @@
if (slen) {
fprintf(fp, " source %s",
- format_host(family, slen, &saddr.data, abuf,
- sizeof(abuf)));
+ format_host(family, slen, &saddr.data));
}
fprintf(fp, "\n");
@@ -333,6 +329,7 @@
if (strcmp(*argv, "src") == 0 ||
strcmp(*argv, "source") == 0) {
char *who = *argv;
+
NEXT_ARG();
if (matches(*argv, "help") == 0)
usage();
@@ -354,6 +351,7 @@
}
} else {
char *who = "address";
+
if (strcmp(*argv, "addr") == 0 ||
strcmp(*argv, "address") == 0) {
who = *argv;
@@ -400,17 +398,9 @@
ack = 0;
}
- if (genl_family < 0) {
- if (rtnl_open_byproto(&grth, 0, NETLINK_GENERIC) < 0) {
- fprintf(stderr, "Cannot open generic netlink socket\n");
- exit(1);
- }
- genl_family = genl_resolve_family(&grth,
- TCP_METRICS_GENL_NAME);
- if (genl_family < 0)
- exit(1);
- req.n.nlmsg_type = genl_family;
- }
+ if (genl_init_handle(&grth, TCP_METRICS_GENL_NAME, &genl_family))
+ exit(1);
+ req.n.nlmsg_type = genl_family;
if (!(cmd & CMD_FLUSH) && (atype >= 0 || (cmd & CMD_DEL))) {
if (ack)
@@ -504,7 +494,7 @@
if (matches(argv[0], "help") == 0)
usage();
- fprintf(stderr, "Command \"%s\" is unknown, "
- "try \"ip tcp_metrics help\".\n", *argv);
+ fprintf(stderr, "Command \"%s\" is unknown, try \"ip tcp_metrics help\".\n",
+ *argv);
exit(-1);
}
diff --git a/ip/tunnel.c b/ip/tunnel.c
index 39f825b..d359eb9 100644
--- a/ip/tunnel.c
+++ b/ip/tunnel.c
@@ -54,6 +54,9 @@
case IPPROTO_ESP:
strcpy(buf, "esp");
break;
+ case IPPROTO_MPLS:
+ strcpy(buf, "mpls");
+ break;
case 0:
strcpy(buf, "any");
break;
@@ -72,7 +75,7 @@
int err;
strncpy(ifr.ifr_name, basedev, IFNAMSIZ);
- ifr.ifr_ifru.ifru_data = (void*)p;
+ ifr.ifr_ifru.ifru_data = (void *)p;
fd = socket(preferred_family, SOCK_DGRAM, 0);
if (fd < 0) {
@@ -183,7 +186,7 @@
__be32 tnl_parse_key(const char *name, const char *key)
{
- unsigned uval;
+ unsigned int uval;
if (strchr(key, '.'))
return get_addr32(key);
@@ -209,10 +212,10 @@
tx_fifo, tx_colls, tx_carrier, rx_multi;
if (sscanf(buf, "%lu%lu%lu%lu%lu%lu%lu%*d%lu%lu%lu%lu%lu%lu%lu",
- &rx_bytes, &rx_packets, &rx_errs, &rx_drops,
- &rx_fifo, &rx_frame, &rx_multi,
- &tx_bytes, &tx_packets, &tx_errs, &tx_drops,
- &tx_fifo, &tx_colls, &tx_carrier) != 14)
+ &rx_bytes, &rx_packets, &rx_errs, &rx_drops,
+ &rx_fifo, &rx_frame, &rx_multi,
+ &tx_bytes, &tx_packets, &tx_errs, &tx_drops,
+ &tx_fifo, &tx_colls, &tx_carrier) != 14)
return;
printf("%s", _SL_);
diff --git a/ip/xdp.h b/ip/xdp.h
new file mode 100644
index 0000000..1efd591
--- /dev/null
+++ b/ip/xdp.h
@@ -0,0 +1,10 @@
+#ifndef __XDP__
+#define __XDP__
+
+#include "utils.h"
+
+int xdp_parse(int *argc, char ***argv, struct iplink_req *req, bool generic,
+ bool drv, bool offload);
+void xdp_dump(FILE *fp, struct rtattr *tb, bool link, bool details);
+
+#endif /* __XDP__ */
diff --git a/ip/xfrm.h b/ip/xfrm.h
index 773c92e..71be574 100644
--- a/ip/xfrm.h
+++ b/ip/xfrm.h
@@ -26,16 +26,12 @@
#include <stdio.h>
#include <sys/socket.h>
+#include <linux/in.h>
#include <linux/xfrm.h>
+#include <linux/ipsec.h>
-#ifndef IPPROTO_SCTP
-# define IPPROTO_SCTP 132
-#endif
-#ifndef IPPROTO_DCCP
-# define IPPROTO_DCCP 33
-#endif
#ifndef IPPROTO_MH
-# define IPPROTO_MH 135
+#define IPPROTO_MH 135
#endif
#define XFRMS_RTA(x) ((struct rtattr*)(((char*)(x)) + NLMSG_ALIGN(sizeof(struct xfrm_usersa_info))))
@@ -98,6 +94,7 @@
__u8 action_mask;
__u32 priority_mask;
__u8 policy_flags_mask;
+ __u8 filter_socket;
__u8 ptype;
__u8 ptype_mask;
diff --git a/ip/xfrm_monitor.c b/ip/xfrm_monitor.c
index e6e991a..2eabece 100644
--- a/ip/xfrm_monitor.c
+++ b/ip/xfrm_monitor.c
@@ -46,10 +46,10 @@
static int xfrm_acquire_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct xfrm_user_acquire *xacq = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[XFRMA_MAX+1];
+ struct rtattr *tb[XFRMA_MAX+1];
__u16 family;
len -= NLMSG_LENGTH(sizeof(*xacq));
@@ -71,6 +71,7 @@
fprintf(fp, "proto %s ", strxf_xfrmproto(xacq->id.proto));
if (show_stats > 0 || xacq->id.spi) {
__u32 spi = ntohl(xacq->id.spi);
+
fprintf(fp, "spi 0x%08x", spi);
if (show_stats > 0)
fprintf(fp, "(%u)", spi);
@@ -107,7 +108,7 @@
static int xfrm_state_flush_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct xfrm_usersa_flush *xsf = NLMSG_DATA(n);
int len = n->nlmsg_len;
const char *str;
@@ -137,8 +138,8 @@
static int xfrm_policy_flush_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- struct rtattr * tb[XFRMA_MAX+1];
- FILE *fp = (FILE*)arg;
+ struct rtattr *tb[XFRMA_MAX+1];
+ FILE *fp = (FILE *)arg;
int len = n->nlmsg_len;
len -= NLMSG_SPACE(0);
@@ -159,7 +160,7 @@
if (RTA_PAYLOAD(tb[XFRMA_POLICY_TYPE]) < sizeof(*upt))
fprintf(fp, "(ERROR truncated)");
- upt = (struct xfrm_userpolicy_type *)RTA_DATA(tb[XFRMA_POLICY_TYPE]);
+ upt = RTA_DATA(tb[XFRMA_POLICY_TYPE]);
fprintf(fp, "%s ", strxf_ptype(upt->type));
}
@@ -175,10 +176,10 @@
static int xfrm_report_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct xfrm_user_report *xrep = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[XFRMA_MAX+1];
+ struct rtattr *tb[XFRMA_MAX+1];
__u16 family;
len -= NLMSG_LENGTH(sizeof(*xrep));
@@ -210,7 +211,8 @@
static void xfrm_ae_flags_print(__u32 flags, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
+
fprintf(fp, " (0x%x) ", flags);
if (!flags)
return;
@@ -225,12 +227,8 @@
static void xfrm_usersa_print(const struct xfrm_usersa_id *sa_id, __u32 reqid, FILE *fp)
{
- char buf[256];
-
- buf[0] = 0;
fprintf(fp, "dst %s ",
- rt_addr_n2a(sa_id->family, sizeof(sa_id->daddr), &sa_id->daddr,
- buf, sizeof(buf)));
+ rt_addr_n2a(sa_id->family, sizeof(sa_id->daddr), &sa_id->daddr));
fprintf(fp, " reqid 0x%x", reqid);
@@ -241,17 +239,14 @@
static int xfrm_ae_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct xfrm_aevent_id *id = NLMSG_DATA(n);
- char abuf[256];
fprintf(fp, "Async event ");
xfrm_ae_flags_print(id->flags, arg);
- fprintf(fp,"\n\t");
- memset(abuf, '\0', sizeof(abuf));
+ fprintf(fp, "\n\t");
fprintf(fp, "src %s ", rt_addr_n2a(id->sa_id.family,
- sizeof(id->saddr), &id->saddr,
- abuf, sizeof(abuf)));
+ sizeof(id->saddr), &id->saddr));
xfrm_usersa_print(&id->sa_id, id->reqid, fp);
@@ -263,16 +258,13 @@
static void xfrm_print_addr(FILE *fp, int family, xfrm_address_t *a)
{
- char buf[256];
-
- buf[0] = 0;
- fprintf(fp, "%s", rt_addr_n2a(family, sizeof(*a), a, buf, sizeof(buf)));
+ fprintf(fp, "%s", rt_addr_n2a(family, sizeof(*a), a));
}
static int xfrm_mapping_print(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct xfrm_user_mapping *map = NLMSG_DATA(n);
fprintf(fp, "Mapping change ");
@@ -293,7 +285,7 @@
struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
if (timestamp)
print_timestamp(fp);
@@ -353,13 +345,13 @@
int do_xfrm_monitor(int argc, char **argv)
{
char *file = NULL;
- unsigned groups = ~((unsigned)0); /* XXX */
- int lacquire=0;
- int lexpire=0;
- int laevent=0;
- int lpolicy=0;
- int lsa=0;
- int lreport=0;
+ unsigned int groups = ~((unsigned)0); /* XXX */
+ int lacquire = 0;
+ int lexpire = 0;
+ int laevent = 0;
+ int lpolicy = 0;
+ int lsa = 0;
+ int lreport = 0;
rtnl_close(&rth);
@@ -370,22 +362,22 @@
} else if (matches(*argv, "all-nsid") == 0) {
listen_all_nsid = 1;
} else if (matches(*argv, "acquire") == 0) {
- lacquire=1;
+ lacquire = 1;
groups = 0;
} else if (matches(*argv, "expire") == 0) {
- lexpire=1;
+ lexpire = 1;
groups = 0;
} else if (matches(*argv, "SA") == 0) {
- lsa=1;
+ lsa = 1;
groups = 0;
} else if (matches(*argv, "aevent") == 0) {
- laevent=1;
+ laevent = 1;
groups = 0;
} else if (matches(*argv, "policy") == 0) {
- lpolicy=1;
+ lpolicy = 1;
groups = 0;
} else if (matches(*argv, "report") == 0) {
- lreport=1;
+ lreport = 1;
groups = 0;
} else if (matches(*argv, "help") == 0) {
usage();
@@ -428,7 +420,7 @@
if (listen_all_nsid && rtnl_listen_all_nsid(&rth) < 0)
exit(1);
- if (rtnl_listen(&rth, xfrm_accept_msg, (void*)stdout) < 0)
+ if (rtnl_listen(&rth, xfrm_accept_msg, (void *)stdout) < 0)
exit(2);
return 0;
diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c
index efea1e8..09f96db 100644
--- a/ip/xfrm_policy.c
+++ b/ip/xfrm_policy.c
@@ -33,7 +33,7 @@
#include "xfrm.h"
#include "ip_common.h"
-//#define NLMSG_DELETEALL_BUF_SIZE (4096-512)
+/* #define NLMSG_DELETEALL_BUF_SIZE (4096-512) */
#define NLMSG_DELETEALL_BUF_SIZE 8192
/*
@@ -58,7 +58,7 @@
fprintf(stderr, " [ LIMIT-LIST ] [ TMPL-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm policy { delete | get } { SELECTOR | index INDEX } dir DIR\n");
fprintf(stderr, " [ ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]\n");
- fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ SELECTOR ] [ dir DIR ]\n");
+ fprintf(stderr, "Usage: ip xfrm policy { deleteall | list } [ nosock ] [ SELECTOR ] [ dir DIR ]\n");
fprintf(stderr, " [ index INDEX ] [ ptype PTYPE ] [ action ACTION ] [ priority PRIORITY ]\n");
fprintf(stderr, " [ flag FLAG-LIST ]\n");
fprintf(stderr, "Usage: ip xfrm policy flush [ ptype PTYPE ]\n");
@@ -241,41 +241,35 @@
return 0;
}
-static int xfrm_policy_modify(int cmd, unsigned flags, int argc, char **argv)
+static int xfrm_policy_modify(int cmd, unsigned int flags, int argc, char **argv)
{
struct rtnl_handle rth;
struct {
struct nlmsghdr n;
struct xfrm_userpolicy_info xpinfo;
char buf[RTA_BUF_SIZE];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xpinfo)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .xpinfo.sel.family = preferred_family,
+ .xpinfo.lft.soft_byte_limit = XFRM_INF,
+ .xpinfo.lft.hard_byte_limit = XFRM_INF,
+ .xpinfo.lft.soft_packet_limit = XFRM_INF,
+ .xpinfo.lft.hard_packet_limit = XFRM_INF,
+ };
char *dirp = NULL;
char *selp = NULL;
char *ptypep = NULL;
char *sctxp = NULL;
- struct xfrm_userpolicy_type upt;
- char tmpls_buf[XFRM_TMPLS_BUF_SIZE];
+ struct xfrm_userpolicy_type upt = {};
+ char tmpls_buf[XFRM_TMPLS_BUF_SIZE] = {};
int tmpls_len = 0;
struct xfrm_mark mark = {0, 0};
struct {
struct xfrm_user_sec_ctx sctx;
char str[CTX_BUF_SIZE];
- } ctx;
-
- memset(&req, 0, sizeof(req));
- memset(&upt, 0, sizeof(upt));
- memset(&tmpls_buf, 0, sizeof(tmpls_buf));
- memset(&ctx, 0, sizeof(ctx));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xpinfo));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.xpinfo.sel.family = preferred_family;
-
- req.xpinfo.lft.soft_byte_limit = XFRM_INF;
- req.xpinfo.lft.hard_byte_limit = XFRM_INF;
- req.xpinfo.lft.soft_packet_limit = XFRM_INF;
- req.xpinfo.lft.hard_packet_limit = XFRM_INF;
+ } ctx = {};
while (argc > 0) {
if (strcmp(*argv, "dir") == 0) {
@@ -376,7 +370,7 @@
int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK,
(void *)&mark, sizeof(mark));
if (r < 0) {
- fprintf(stderr, "%s: XFRMA_MARK failed\n",__func__);
+ fprintf(stderr, "%s: XFRMA_MARK failed\n", __func__);
exit(1);
}
}
@@ -409,6 +403,9 @@
if ((xpinfo->dir^filter.xpinfo.dir)&filter.dir_mask)
return 0;
+ if (filter.filter_socket && (xpinfo->dir >= XFRM_POLICY_MAX))
+ return 0;
+
if ((ptype^filter.ptype)&filter.ptype_mask)
return 0;
@@ -459,13 +456,13 @@
int xfrm_policy_print(const struct sockaddr_nl *who, struct nlmsghdr *n,
void *arg)
{
- struct rtattr * tb[XFRMA_MAX+1];
- struct rtattr * rta;
+ struct rtattr *tb[XFRMA_MAX+1];
+ struct rtattr *rta;
struct xfrm_userpolicy_info *xpinfo = NULL;
struct xfrm_user_polexpire *xpexp = NULL;
struct xfrm_userpolicy_id *xpid = NULL;
__u8 ptype = XFRM_POLICY_TYPE_MAIN;
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
int len = n->nlmsg_len;
if (n->nlmsg_type != XFRM_MSG_NEWPOLICY &&
@@ -511,7 +508,7 @@
fprintf(stderr, "too short XFRMA_POLICY_TYPE len\n");
return -1;
}
- upt = (struct xfrm_userpolicy_type *)RTA_DATA(tb[XFRMA_POLICY_TYPE]);
+ upt = RTA_DATA(tb[XFRMA_POLICY_TYPE]);
ptype = upt->type;
}
@@ -526,7 +523,7 @@
fprintf(fp, "Expired ");
if (n->nlmsg_type == XFRM_MSG_DELPOLICY) {
- //xfrm_policy_id_print();
+ /* xfrm_policy_id_print(); */
if (!tb[XFRMA_POLICY]) {
fprintf(stderr, "Buggy XFRM_MSG_DELPOLICY: no XFRMA_POLICY\n");
return -1;
@@ -535,7 +532,7 @@
fprintf(stderr, "Buggy XFRM_MSG_DELPOLICY: too short XFRMA_POLICY len\n");
return -1;
}
- xpinfo = (struct xfrm_userpolicy_info *)RTA_DATA(tb[XFRMA_POLICY]);
+ xpinfo = RTA_DATA(tb[XFRMA_POLICY]);
}
xfrm_policy_info_print(xpinfo, tb, fp, NULL, NULL);
@@ -561,27 +558,23 @@
struct nlmsghdr n;
struct xfrm_userpolicy_id xpid;
char buf[RTA_BUF_SIZE];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xpid)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = delete ? XFRM_MSG_DELPOLICY
+ : XFRM_MSG_GETPOLICY,
+ };
char *dirp = NULL;
char *selp = NULL;
char *indexp = NULL;
char *ptypep = NULL;
char *sctxp = NULL;
- struct xfrm_userpolicy_type upt;
+ struct xfrm_userpolicy_type upt = {};
struct xfrm_mark mark = {0, 0};
struct {
struct xfrm_user_sec_ctx sctx;
char str[CTX_BUF_SIZE];
- } ctx;
-
-
- memset(&req, 0, sizeof(req));
- memset(&upt, 0, sizeof(upt));
- memset(&ctx, 0, sizeof(ctx));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xpid));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = delete ? XFRM_MSG_DELPOLICY : XFRM_MSG_GETPOLICY;
+ } ctx = {};
while (argc > 0) {
if (strcmp(*argv, "dir") == 0) {
@@ -659,7 +652,7 @@
int r = addattr_l(&req.n, sizeof(req.buf), XFRMA_MARK,
(void *)&mark, sizeof(mark));
if (r < 0) {
- fprintf(stderr, "%s: XFRMA_MARK failed\n",__func__);
+ fprintf(stderr, "%s: XFRMA_MARK failed\n", __func__);
exit(1);
}
}
@@ -684,14 +677,12 @@
static int xfrm_policy_get(int argc, char **argv)
{
- char buf[NLMSG_BUF_SIZE];
+ char buf[NLMSG_BUF_SIZE] = {};
struct nlmsghdr *n = (struct nlmsghdr *)buf;
- memset(buf, 0, sizeof(buf));
-
xfrm_policy_get_or_delete(argc, argv, 0, n, sizeof(buf));
- if (xfrm_policy_print(NULL, n, (void*)stdout) < 0) {
+ if (xfrm_policy_print(NULL, n, (void *)stdout) < 0) {
fprintf(stderr, "An error :-)\n");
exit(1);
}
@@ -737,17 +728,19 @@
fprintf(stderr, "too short XFRMA_POLICY_TYPE len\n");
return -1;
}
- upt = (struct xfrm_userpolicy_type *)RTA_DATA(tb[XFRMA_POLICY_TYPE]);
+ upt = RTA_DATA(tb[XFRMA_POLICY_TYPE]);
ptype = upt->type;
}
if (!xfrm_policy_filter_match(xpinfo, ptype))
return 0;
- if (xb->offset > xb->size) {
- fprintf(stderr, "Policy buffer overflow\n");
- return -1;
- }
+ /* can't delete socket policies */
+ if (xpinfo->dir >= XFRM_POLICY_MAX)
+ return 0;
+
+ if (xb->offset + NLMSG_LENGTH(sizeof(*xpid)) > xb->size)
+ return 0;
new_n = (struct nlmsghdr *)(xb->buf + xb->offset);
new_n->nlmsg_len = NLMSG_LENGTH(sizeof(*xpid));
@@ -760,8 +753,17 @@
xpid->dir = xpinfo->dir;
xpid->index = xpinfo->index;
+ if (tb[XFRMA_MARK]) {
+ int r = addattr_l(new_n, xb->size, XFRMA_MARK,
+ (void *)RTA_DATA(tb[XFRMA_MARK]), tb[XFRMA_MARK]->rta_len);
+ if (r < 0) {
+ fprintf(stderr, "%s: XFRMA_MARK failed\n", __func__);
+ exit(1);
+ }
+ }
+
xb->offset += new_n->nlmsg_len;
- xb->nlmsg_count ++;
+ xb->nlmsg_count++;
return 0;
}
@@ -820,6 +822,9 @@
filter.policy_flags_mask = XFRM_FILTER_MASK_FULL;
+ } else if (strcmp(*argv, "nosock") == 0) {
+ /* filter all socket-based policies */
+ filter.filter_socket = 1;
} else {
if (selp)
invarg("unknown", *argv);
@@ -915,12 +920,12 @@
exit(0);
}
-static int print_spdinfo( struct nlmsghdr *n, void *arg)
+static int print_spdinfo(struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
__u32 *f = NLMSG_DATA(n);
- struct rtattr * tb[XFRMA_SPD_MAX+1];
- struct rtattr * rta;
+ struct rtattr *tb[XFRMA_SPD_MAX+1];
+ struct rtattr *rta;
int len = n->nlmsg_len;
@@ -933,7 +938,7 @@
rta = XFRMSAPD_RTA(f);
parse_rtattr(tb, XFRMA_SPD_MAX, rta, len);
- fprintf(fp,"\t SPD");
+ fprintf(fp, "\t SPD");
if (tb[XFRMA_SPD_INFO]) {
struct xfrmu_spdinfo *si;
@@ -942,16 +947,16 @@
return -1;
}
si = RTA_DATA(tb[XFRMA_SPD_INFO]);
- fprintf(fp," IN %d", si->incnt);
- fprintf(fp," OUT %d", si->outcnt);
- fprintf(fp," FWD %d", si->fwdcnt);
+ fprintf(fp, " IN %d", si->incnt);
+ fprintf(fp, " OUT %d", si->outcnt);
+ fprintf(fp, " FWD %d", si->fwdcnt);
if (show_stats) {
- fprintf(fp," (Sock:");
- fprintf(fp," IN %d", si->inscnt);
- fprintf(fp," OUT %d", si->outscnt);
- fprintf(fp," FWD %d", si->fwdscnt);
- fprintf(fp,")");
+ fprintf(fp, " (Sock:");
+ fprintf(fp, " IN %d", si->inscnt);
+ fprintf(fp, " OUT %d", si->outscnt);
+ fprintf(fp, " FWD %d", si->fwdscnt);
+ fprintf(fp, ")");
}
fprintf(fp, "%s", _SL_);
@@ -965,34 +970,36 @@
return -1;
}
sh = RTA_DATA(tb[XFRMA_SPD_HINFO]);
- fprintf(fp,"\t SPD buckets:");
- fprintf(fp," count %d", sh->spdhcnt);
- fprintf(fp," Max %d", sh->spdhmcnt);
+ fprintf(fp, "\t SPD buckets:");
+ fprintf(fp, " count %d", sh->spdhcnt);
+ fprintf(fp, " Max %d", sh->spdhmcnt);
fprintf(fp, "%s", _SL_);
}
if (tb[XFRMA_SPD_IPV4_HTHRESH]) {
struct xfrmu_spdhthresh *th;
+
if (RTA_PAYLOAD(tb[XFRMA_SPD_IPV4_HTHRESH]) < sizeof(*th)) {
fprintf(stderr, "SPDinfo: Wrong len %d\n", len);
return -1;
}
th = RTA_DATA(tb[XFRMA_SPD_IPV4_HTHRESH]);
- fprintf(fp,"\t SPD IPv4 thresholds:");
- fprintf(fp," local %d", th->lbits);
- fprintf(fp," remote %d", th->rbits);
+ fprintf(fp, "\t SPD IPv4 thresholds:");
+ fprintf(fp, " local %d", th->lbits);
+ fprintf(fp, " remote %d", th->rbits);
fprintf(fp, "%s", _SL_);
}
if (tb[XFRMA_SPD_IPV6_HTHRESH]) {
struct xfrmu_spdhthresh *th;
+
if (RTA_PAYLOAD(tb[XFRMA_SPD_IPV6_HTHRESH]) < sizeof(*th)) {
fprintf(stderr, "SPDinfo: Wrong len %d\n", len);
return -1;
}
th = RTA_DATA(tb[XFRMA_SPD_IPV6_HTHRESH]);
- fprintf(fp,"\t SPD IPv6 thresholds:");
- fprintf(fp," local %d", th->lbits);
- fprintf(fp," remote %d", th->rbits);
+ fprintf(fp, "\t SPD IPv6 thresholds:");
+ fprintf(fp, " local %d", th->lbits);
+ fprintf(fp, " remote %d", th->rbits);
fprintf(fp, "%s", _SL_);
}
}
@@ -1000,7 +1007,7 @@
if (oneline)
fprintf(fp, "\n");
- return 0;
+ return 0;
}
static int xfrm_spd_setinfo(int argc, char **argv)
@@ -1010,18 +1017,16 @@
struct nlmsghdr n;
__u32 flags;
char buf[RTA_BUF_SIZE];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = XFRM_MSG_NEWSPDINFO,
+ .flags = 0XFFFFFFFF,
+ };
char *thr4 = NULL;
char *thr6 = NULL;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = XFRM_MSG_NEWSPDINFO;
- req.flags = 0XFFFFFFFF;
-
while (argc > 0) {
if (strcmp(*argv, "hthresh4") == 0) {
struct xfrmu_spdhthresh thr;
@@ -1078,14 +1083,12 @@
struct nlmsghdr n;
__u32 flags;
char ans[128];
- } req;
-
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = XFRM_MSG_GETSPDINFO;
- req.flags = 0XFFFFFFFF;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(__u32)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = XFRM_MSG_GETSPDINFO,
+ .flags = 0XFFFFFFFF,
+ };
if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
exit(1);
@@ -1093,7 +1096,7 @@
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0)
exit(2);
- print_spdinfo(&req.n, (void*)stdout);
+ print_spdinfo(&req.n, (void *)stdout);
rtnl_close(&rth);
@@ -1106,16 +1109,13 @@
struct {
struct nlmsghdr n;
char buf[RTA_BUF_SIZE];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(0), /* nlmsg data is nothing */
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = XFRM_MSG_FLUSHPOLICY,
+ };
char *ptypep = NULL;
- struct xfrm_userpolicy_type upt;
-
- memset(&req, 0, sizeof(req));
- memset(&upt, 0, sizeof(upt));
-
- req.n.nlmsg_len = NLMSG_LENGTH(0); /* nlmsg data is nothing */
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = XFRM_MSG_FLUSHPOLICY;
+ struct xfrm_userpolicy_type upt = {};
while (argc > 0) {
if (strcmp(*argv, "ptype") == 0) {
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index b5734da..ba5d663 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c
@@ -32,7 +32,7 @@
#include "xfrm.h"
#include "ip_common.h"
-//#define NLMSG_DELETEALL_BUF_SIZE (4096-512)
+/* #define NLMSG_DELETEALL_BUF_SIZE (4096-512) */
#define NLMSG_DELETEALL_BUF_SIZE 8192
/*
@@ -60,6 +60,7 @@
fprintf(stderr, " [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n");
fprintf(stderr, " [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n");
fprintf(stderr, " [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n");
+ fprintf(stderr, " [ offload [dev DEV] dir DIR ]\n");
fprintf(stderr, "Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n");
fprintf(stderr, " [ reqid REQID ] [ seq SEQ ] [ min SPI max SPI ]\n");
fprintf(stderr, "Usage: ip xfrm state { delete | get } ID [ mark MARK [ mask MASK ] ]\n");
@@ -107,7 +108,8 @@
fprintf(stderr, "LIMIT-LIST := [ LIMIT-LIST ] limit LIMIT\n");
fprintf(stderr, "LIMIT := { time-soft | time-hard | time-use-soft | time-use-hard } SECONDS |\n");
fprintf(stderr, " { byte-soft | byte-hard } SIZE | { packet-soft | packet-hard } COUNT\n");
- fprintf(stderr, "ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n");
+ fprintf(stderr, "ENCAP := { espinudp | espinudp-nonike } SPORT DPORT OADDR\n");
+ fprintf(stderr, "DIR := in | out\n");
exit(-1);
}
@@ -123,7 +125,7 @@
fprintf(stderr, "warning: ALGO-NAME/ALGO-KEYMAT values will be sent to the kernel promiscuously! (verifying them isn't implemented yet)\n");
#endif
- strncpy(alg->alg_name, name, sizeof(alg->alg_name));
+ strlcpy(alg->alg_name, name, sizeof(alg->alg_name));
if (slen > 2 && strncmp(key, "0x", 2) == 0) {
/* split two chars "0x" from the top */
@@ -142,7 +144,7 @@
if (len > max)
invarg("ALGO-KEYMAT value makes buffer overflow\n", key);
- for (i = - (plen % 2), j = 0; j < len; i += 2, j++) {
+ for (i = -(plen % 2), j = 0; j < len; i += 2, j++) {
char vbuf[3];
__u8 val;
@@ -175,11 +177,9 @@
int argc = *argcp;
char **argv = *argvp;
- if (get_u32(seq, *argv, 0))
+ if (get_be32(seq, *argv, 0))
invarg("SEQ value is invalid", *argv);
- *seq = htonl(*seq);
-
*argcp = argc;
*argvp = argv;
@@ -266,16 +266,47 @@
return 0;
}
-static int xfrm_state_modify(int cmd, unsigned flags, int argc, char **argv)
+static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
+{
+ int argc = *argcp;
+ char **argv = *argvp;
+
+ if (strcmp(*argv, "in") == 0)
+ *dir = XFRM_OFFLOAD_INBOUND;
+ else if (strcmp(*argv, "out") == 0)
+ *dir = 0;
+ else
+ invarg("DIR value is invalid", *argv);
+
+ *argcp = argc;
+ *argvp = argv;
+
+ return 0;
+}
+
+static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
{
struct rtnl_handle rth;
struct {
struct nlmsghdr n;
struct xfrm_usersa_info xsinfo;
- char buf[RTA_BUF_SIZE];
- } req;
- struct xfrm_replay_state replay;
- struct xfrm_replay_state_esn replay_esn;
+ char buf[RTA_BUF_SIZE];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsinfo)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .xsinfo.family = preferred_family,
+ .xsinfo.lft.soft_byte_limit = XFRM_INF,
+ .xsinfo.lft.hard_byte_limit = XFRM_INF,
+ .xsinfo.lft.soft_packet_limit = XFRM_INF,
+ .xsinfo.lft.hard_packet_limit = XFRM_INF,
+ };
+ struct xfrm_replay_state replay = {};
+ struct xfrm_replay_state_esn replay_esn = {};
+ struct xfrm_user_offload xuo = {};
+ unsigned int ifindex = 0;
+ __u8 dir = 0;
+ bool is_offload = false;
__u32 replay_window = 0;
__u32 seq = 0, oseq = 0, seq_hi = 0, oseq_hi = 0;
char *idp = NULL;
@@ -290,22 +321,7 @@
struct {
struct xfrm_user_sec_ctx sctx;
char str[CTX_BUF_SIZE];
- } ctx;
-
- memset(&req, 0, sizeof(req));
- memset(&replay, 0, sizeof(replay));
- memset(&replay_esn, 0, sizeof(replay_esn));
- memset(&ctx, 0, sizeof(ctx));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsinfo));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.xsinfo.family = preferred_family;
-
- req.xsinfo.lft.soft_byte_limit = XFRM_INF;
- req.xsinfo.lft.hard_byte_limit = XFRM_INF;
- req.xsinfo.lft.soft_packet_limit = XFRM_INF;
- req.xsinfo.lft.hard_packet_limit = XFRM_INF;
+ } ctx = {};
while (argc > 0) {
if (strcmp(*argv, "mode") == 0) {
@@ -356,16 +372,14 @@
} else if (strcmp(*argv, "encap") == 0) {
struct xfrm_encap_tmpl encap;
inet_prefix oa;
- NEXT_ARG();
+ NEXT_ARG();
xfrm_encap_type_parse(&encap.encap_type, &argc, &argv);
NEXT_ARG();
- if (get_u16(&encap.encap_sport, *argv, 0))
+ if (get_be16(&encap.encap_sport, *argv, 0))
invarg("SPORT value after \"encap\" is invalid", *argv);
- encap.encap_sport = htons(encap.encap_sport);
NEXT_ARG();
- if (get_u16(&encap.encap_dport, *argv, 0))
+ if (get_be16(&encap.encap_dport, *argv, 0))
invarg("DPORT value after \"encap\" is invalid", *argv);
- encap.encap_dport = htons(encap.encap_dport);
NEXT_ARG();
get_addr(&oa, *argv, AF_UNSPEC);
memcpy(&encap.encap_oa, &oa.data, sizeof(encap.encap_oa));
@@ -373,7 +387,7 @@
(void *)&encap, sizeof(encap));
} else if (strcmp(*argv, "coa") == 0) {
inet_prefix coa;
- xfrm_address_t xcoa;
+ xfrm_address_t xcoa = {};
if (coap)
duparg("coa", *argv);
@@ -387,7 +401,6 @@
if (coa.bytelen > sizeof(xcoa))
invarg("value after \"coa\" is too large", *argv);
- memset(&xcoa, 0, sizeof(xcoa));
memcpy(&xcoa, &coa.data, coa.bytelen);
addattr_l(&req.n, sizeof(req.buf), XFRMA_COADDR,
@@ -405,9 +418,29 @@
xfrm_sctx_parse((char *)&ctx.str, context, &ctx.sctx);
addattr_l(&req.n, sizeof(req.buf), XFRMA_SEC_CTX,
(void *)&ctx, ctx.sctx.len);
+ } else if (strcmp(*argv, "offload") == 0) {
+ is_offload = true;
+ NEXT_ARG();
+ if (strcmp(*argv, "dev") == 0) {
+ NEXT_ARG();
+ ifindex = ll_name_to_index(*argv);
+ if (!ifindex) {
+ invarg("value after \"offload dev\" is invalid", *argv);
+ is_offload = false;
+ }
+ NEXT_ARG();
+ }
+ if (strcmp(*argv, "dir") == 0) {
+ NEXT_ARG();
+ xfrm_offload_dir_parse(&dir, &argc, &argv);
+ } else {
+ invarg("value after \"offload dir\" is invalid", *argv);
+ is_offload = false;
+ }
} else {
/* try to assume ALGO */
int type = xfrm_algotype_getbyname(*argv);
+
switch (type) {
case XFRMA_ALG_AEAD:
case XFRMA_ALG_CRYPT:
@@ -506,7 +539,7 @@
xfrm_algo_parse((void *)&alg, type, name, key,
buf, sizeof(alg.buf));
- len += alg.u.alg.alg_key_len;
+ len += alg.u.alg.alg_key_len / 8;
addattr_l(&req.n, sizeof(req.buf), type,
(void *)&alg, len);
@@ -541,6 +574,12 @@
exit(-1);
}
+ if (is_offload) {
+ xuo.ifindex = ifindex;
+ xuo.flags = dir;
+ addattr_l(&req.n, sizeof(req.buf), XFRMA_OFFLOAD_DEV, &xuo,
+ sizeof(xuo));
+ }
if (req.xsinfo.flags & XFRM_STATE_ESN ||
replay_window > (sizeof(replay.bitmap) * 8)) {
replay_esn.seq = seq;
@@ -701,31 +740,26 @@
struct {
struct nlmsghdr n;
struct xfrm_userspi_info xspi;
- char buf[RTA_BUF_SIZE];
- } req;
+ char buf[RTA_BUF_SIZE];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xspi)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = XFRM_MSG_ALLOCSPI,
+ .xspi.info.family = preferred_family,
+#if 0
+ .xspi.lft.soft_byte_limit = XFRM_INF,
+ .xspi.lft.hard_byte_limit = XFRM_INF,
+ .xspi.lft.soft_packet_limit = XFRM_INF,
+ .xspi.lft.hard_packet_limit = XFRM_INF,
+#endif
+ };
char *idp = NULL;
char *minp = NULL;
char *maxp = NULL;
struct xfrm_mark mark = {0, 0};
- char res_buf[NLMSG_BUF_SIZE];
+ char res_buf[NLMSG_BUF_SIZE] = {};
struct nlmsghdr *res_n = (struct nlmsghdr *)res_buf;
- memset(res_buf, 0, sizeof(res_buf));
-
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xspi));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = XFRM_MSG_ALLOCSPI;
- req.xspi.info.family = preferred_family;
-
-#if 0
- req.xsinfo.lft.soft_byte_limit = XFRM_INF;
- req.xsinfo.lft.hard_byte_limit = XFRM_INF;
- req.xsinfo.lft.soft_packet_limit = XFRM_INF;
- req.xsinfo.lft.hard_packet_limit = XFRM_INF;
-#endif
-
while (argc > 0) {
if (strcmp(*argv, "mode") == 0) {
NEXT_ARG();
@@ -827,7 +861,7 @@
if (rtnl_talk(&rth, &req.n, res_n, sizeof(res_buf)) < 0)
exit(2);
- if (xfrm_state_print(NULL, res_n, (void*)stdout) < 0) {
+ if (xfrm_state_print(NULL, res_n, (void *)stdout) < 0) {
fprintf(stderr, "An error :-)\n");
exit(1);
}
@@ -868,9 +902,9 @@
int xfrm_state_print(const struct sockaddr_nl *who, struct nlmsghdr *n,
void *arg)
{
- FILE *fp = (FILE*)arg;
- struct rtattr * tb[XFRMA_MAX+1];
- struct rtattr * rta;
+ FILE *fp = (FILE *)arg;
+ struct rtattr *tb[XFRMA_MAX+1];
+ struct rtattr *rta;
struct xfrm_usersa_info *xsinfo = NULL;
struct xfrm_user_expire *xexp = NULL;
struct xfrm_usersa_id *xsid = NULL;
@@ -924,7 +958,7 @@
parse_rtattr(tb, XFRMA_MAX, rta, len);
if (n->nlmsg_type == XFRM_MSG_DELSA) {
- //xfrm_policy_id_print();
+ /* xfrm_policy_id_print(); */
if (!tb[XFRMA_SA]) {
fprintf(stderr, "Buggy XFRM_MSG_DELSA: no XFRMA_SA\n");
@@ -958,19 +992,17 @@
struct {
struct nlmsghdr n;
struct xfrm_usersa_id xsid;
- char buf[RTA_BUF_SIZE];
- } req;
+ char buf[RTA_BUF_SIZE];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsid)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = delete ? XFRM_MSG_DELSA : XFRM_MSG_GETSA,
+ .xsid.family = preferred_family,
+ };
struct xfrm_id id;
char *idp = NULL;
struct xfrm_mark mark = {0, 0};
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsid));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = delete ? XFRM_MSG_DELSA : XFRM_MSG_GETSA;
- req.xsid.family = preferred_family;
-
while (argc > 0) {
xfrm_address_t saddr;
@@ -1017,15 +1049,13 @@
if (rtnl_talk(&rth, &req.n, NULL, 0) < 0)
exit(2);
} else {
- char buf[NLMSG_BUF_SIZE];
+ char buf[NLMSG_BUF_SIZE] = {};
struct nlmsghdr *res_n = (struct nlmsghdr *)buf;
- memset(buf, 0, sizeof(buf));
-
if (rtnl_talk(&rth, &req.n, res_n, sizeof(req)) < 0)
exit(2);
- if (xfrm_state_print(NULL, res_n, (void*)stdout) < 0) {
+ if (xfrm_state_print(NULL, res_n, (void *)stdout) < 0) {
fprintf(stderr, "An error :-)\n");
exit(1);
}
@@ -1050,6 +1080,7 @@
int len = n->nlmsg_len;
struct nlmsghdr *new_n;
struct xfrm_usersa_id *xsid;
+ struct rtattr *tb[XFRMA_MAX+1];
if (n->nlmsg_type != XFRM_MSG_NEWSA) {
fprintf(stderr, "Not a state: %08x %08x %08x\n",
@@ -1086,8 +1117,19 @@
addattr_l(new_n, xb->size, XFRMA_SRCADDR, &xsinfo->saddr,
sizeof(xsid->daddr));
+ parse_rtattr(tb, XFRMA_MAX, XFRMS_RTA(xsinfo), len);
+
+ if (tb[XFRMA_MARK]) {
+ int r = addattr_l(new_n, xb->size, XFRMA_MARK,
+ (void *)RTA_DATA(tb[XFRMA_MARK]), tb[XFRMA_MARK]->rta_len);
+ if (r < 0) {
+ fprintf(stderr, "%s: XFRMA_MARK failed\n", __func__);
+ exit(1);
+ }
+ }
+
xb->offset += new_n->nlmsg_len;
- xb->nlmsg_count ++;
+ xb->nlmsg_count++;
return 0;
}
@@ -1097,7 +1139,7 @@
char *idp = NULL;
struct rtnl_handle rth;
- if(argc > 0)
+ if (argc > 0)
filter.use = 1;
filter.xsinfo.family = preferred_family;
@@ -1231,12 +1273,10 @@
static int print_sadinfo(struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
__u32 *f = NLMSG_DATA(n);
struct rtattr *tb[XFRMA_SAD_MAX+1];
struct rtattr *rta;
- __u32 *cnt;
-
int len = n->nlmsg_len;
len -= NLMSG_LENGTH(sizeof(__u32));
@@ -1249,11 +1289,13 @@
parse_rtattr(tb, XFRMA_SAD_MAX, rta, len);
if (tb[XFRMA_SAD_CNT]) {
- fprintf(fp,"\t SAD");
- cnt = (__u32 *)RTA_DATA(tb[XFRMA_SAD_CNT]);
- fprintf(fp," count %d", *cnt);
+ __u32 cnt;
+
+ fprintf(fp, "\t SAD");
+ cnt = rta_getattr_u32(tb[XFRMA_SAD_CNT]);
+ fprintf(fp, " count %u", cnt);
} else {
- fprintf(fp,"BAD SAD info returned\n");
+ fprintf(fp, "BAD SAD info returned\n");
return -1;
}
@@ -1262,20 +1304,20 @@
struct xfrmu_sadhinfo *si;
if (RTA_PAYLOAD(tb[XFRMA_SAD_HINFO]) < sizeof(*si)) {
- fprintf(fp,"BAD SAD length returned\n");
+ fprintf(fp, "BAD SAD length returned\n");
return -1;
}
si = RTA_DATA(tb[XFRMA_SAD_HINFO]);
- fprintf(fp," (buckets ");
- fprintf(fp,"count %d", si->sadhcnt);
- fprintf(fp," Max %d", si->sadhmcnt);
- fprintf(fp,")");
+ fprintf(fp, " (buckets ");
+ fprintf(fp, "count %d", si->sadhcnt);
+ fprintf(fp, " Max %d", si->sadhmcnt);
+ fprintf(fp, ")");
}
}
- fprintf(fp,"\n");
+ fprintf(fp, "\n");
- return 0;
+ return 0;
}
static int xfrm_sad_getinfo(int argc, char **argv)
@@ -1285,13 +1327,12 @@
struct nlmsghdr n;
__u32 flags;
char ans[64];
- } req;
-
- memset(&req, 0, sizeof(req));
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.flags));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = XFRM_MSG_GETSADINFO;
- req.flags = 0XFFFFFFFF;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.flags)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = XFRM_MSG_GETSADINFO,
+ .flags = 0XFFFFFFFF,
+ };
if (rtnl_open_byproto(&rth, 0, NETLINK_XFRM) < 0)
exit(1);
@@ -1299,7 +1340,7 @@
if (rtnl_talk(&rth, &req.n, &req.n, sizeof(req)) < 0)
exit(2);
- print_sadinfo(&req.n, (void*)stdout);
+ print_sadinfo(&req.n, (void *)stdout);
rtnl_close(&rth);
@@ -1312,16 +1353,13 @@
struct {
struct nlmsghdr n;
struct xfrm_usersa_flush xsf;
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsf)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = XFRM_MSG_FLUSHSA,
+ };
char *protop = NULL;
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(req.xsf));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = XFRM_MSG_FLUSHSA;
- req.xsf.proto = 0;
-
while (argc > 0) {
if (strcmp(*argv, "proto") == 0) {
int ret;
diff --git a/lib/Android.mk b/lib/Android.mk
index 3fa5a5e..424b7fd 100644
--- a/lib/Android.mk
+++ b/lib/Android.mk
@@ -3,10 +3,12 @@
include $(CLEAR_VARS)
LOCAL_SRC_FILES := \
color.c utils.c rt_names.c ll_types.c ll_proto.c ll_addr.c inet_proto.c \
- mpls_pton.c namespace.c names.c libgenl.c libnetlink.c
+ mpls_pton.c namespace.c names.c libgenl.c libnetlink.c bpf.c exec.c fs.c \
+ json_print.c json_writer.c
LOCAL_MODULE := libiprouteutil
LOCAL_SYSTEM_SHARED_LIBRARIES := libc
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include $(UAPI_INCLUDES)
LOCAL_CFLAGS := -O2 -g -W -Wall \
-DCONFDIR=\"/data/misc/net\" \
-DHAVE_UNISTD_H \
@@ -46,7 +48,8 @@
LOCAL_SRC_FILES := ll_map.c libnetlink.c
LOCAL_MODULE := libnetlink
LOCAL_SYSTEM_SHARED_LIBRARIES := libc
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include
+
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include $(UAPI_INCLUDES)
LOCAL_CFLAGS := -O2 -g -W -Wall \
-DHAVE_UNISTD_H \
-DHAVE_ERRNO_H \
diff --git a/lib/Makefile b/lib/Makefile
index 9d1307d..0fbdf4c 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -1,27 +1,22 @@
-include ../Config
-
-ifeq ($(IP_CONFIG_SETNS),y)
- CFLAGS += -DHAVE_SETNS
-endif
+include ../config.mk
CFLAGS += -fPIC
UTILOBJ = utils.o rt_names.o ll_types.o ll_proto.o ll_addr.o \
- inet_proto.o namespace.o json_writer.o \
- names.o color.o
+ inet_proto.o namespace.o json_writer.o json_print.o \
+ names.o color.o bpf.o exec.o fs.o
NLOBJ=libgenl.o ll_map.o libnetlink.o
all: libnetlink.a libutil.a
libnetlink.a: $(NLOBJ)
- $(AR) rcs $@ $(NLOBJ)
+ $(QUIET_AR)$(AR) rcs $@ $^
libutil.a: $(UTILOBJ) $(ADDLIB)
- $(AR) rcs $@ $(UTILOBJ) $(ADDLIB)
+ $(QUIET_AR)$(AR) rcs $@ $^
install:
clean:
rm -f $(NLOBJ) $(UTILOBJ) $(ADDLIB) libnetlink.a libutil.a
-
diff --git a/lib/bpf.c b/lib/bpf.c
new file mode 100644
index 0000000..10ea23a
--- /dev/null
+++ b/lib/bpf.c
@@ -0,0 +1,2698 @@
+/*
+ * bpf.c BPF common code
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Daniel Borkmann <daniel@iogearbox.net>
+ * Jiri Pirko <jiri@resnulli.us>
+ * Alexei Starovoitov <ast@kernel.org>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <limits.h>
+#include <assert.h>
+
+#ifdef HAVE_ELF
+#include <libelf.h>
+#include <gelf.h>
+#endif
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/un.h>
+#include <sys/vfs.h>
+#include <sys/mount.h>
+#include <sys/syscall.h>
+#include <sys/sendfile.h>
+#include <sys/resource.h>
+
+#include <arpa/inet.h>
+
+#include "utils.h"
+#include "json_print.h"
+
+#include "bpf_util.h"
+#include "bpf_elf.h"
+#include "bpf_scm.h"
+
+struct bpf_prog_meta {
+ const char *type;
+ const char *subdir;
+ const char *section;
+ bool may_uds_export;
+};
+
+static const enum bpf_prog_type __bpf_types[] = {
+ BPF_PROG_TYPE_SCHED_CLS,
+ BPF_PROG_TYPE_SCHED_ACT,
+ BPF_PROG_TYPE_XDP,
+ BPF_PROG_TYPE_LWT_IN,
+ BPF_PROG_TYPE_LWT_OUT,
+ BPF_PROG_TYPE_LWT_XMIT,
+};
+
+static const struct bpf_prog_meta __bpf_prog_meta[] = {
+ [BPF_PROG_TYPE_SCHED_CLS] = {
+ .type = "cls",
+ .subdir = "tc",
+ .section = ELF_SECTION_CLASSIFIER,
+ .may_uds_export = true,
+ },
+ [BPF_PROG_TYPE_SCHED_ACT] = {
+ .type = "act",
+ .subdir = "tc",
+ .section = ELF_SECTION_ACTION,
+ .may_uds_export = true,
+ },
+ [BPF_PROG_TYPE_XDP] = {
+ .type = "xdp",
+ .subdir = "xdp",
+ .section = ELF_SECTION_PROG,
+ },
+ [BPF_PROG_TYPE_LWT_IN] = {
+ .type = "lwt_in",
+ .subdir = "ip",
+ .section = ELF_SECTION_PROG,
+ },
+ [BPF_PROG_TYPE_LWT_OUT] = {
+ .type = "lwt_out",
+ .subdir = "ip",
+ .section = ELF_SECTION_PROG,
+ },
+ [BPF_PROG_TYPE_LWT_XMIT] = {
+ .type = "lwt_xmit",
+ .subdir = "ip",
+ .section = ELF_SECTION_PROG,
+ },
+};
+
+static const char *bpf_prog_to_subdir(enum bpf_prog_type type)
+{
+ assert(type < ARRAY_SIZE(__bpf_prog_meta) &&
+ __bpf_prog_meta[type].subdir);
+ return __bpf_prog_meta[type].subdir;
+}
+
+const char *bpf_prog_to_default_section(enum bpf_prog_type type)
+{
+ assert(type < ARRAY_SIZE(__bpf_prog_meta) &&
+ __bpf_prog_meta[type].section);
+ return __bpf_prog_meta[type].section;
+}
+
+#ifdef HAVE_ELF
+static int bpf_obj_open(const char *path, enum bpf_prog_type type,
+ const char *sec, bool verbose);
+#else
+static int bpf_obj_open(const char *path, enum bpf_prog_type type,
+ const char *sec, bool verbose)
+{
+ fprintf(stderr, "No ELF library support compiled in.\n");
+ errno = ENOSYS;
+ return -1;
+}
+#endif
+
+static inline __u64 bpf_ptr_to_u64(const void *ptr)
+{
+ return (__u64)(unsigned long)ptr;
+}
+
+static int bpf(int cmd, union bpf_attr *attr, unsigned int size)
+{
+#ifdef __NR_bpf
+ return syscall(__NR_bpf, cmd, attr, size);
+#else
+ fprintf(stderr, "No bpf syscall, kernel headers too old?\n");
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+static int bpf_map_update(int fd, const void *key, const void *value,
+ uint64_t flags)
+{
+ union bpf_attr attr = {};
+
+ attr.map_fd = fd;
+ attr.key = bpf_ptr_to_u64(key);
+ attr.value = bpf_ptr_to_u64(value);
+ attr.flags = flags;
+
+ return bpf(BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr));
+}
+
+static int bpf_prog_fd_by_id(uint32_t id)
+{
+ union bpf_attr attr = {};
+
+ attr.prog_id = id;
+
+ return bpf(BPF_PROG_GET_FD_BY_ID, &attr, sizeof(attr));
+}
+
+static int bpf_prog_info_by_fd(int fd, struct bpf_prog_info *info,
+ uint32_t *info_len)
+{
+ union bpf_attr attr = {};
+ int ret;
+
+ attr.info.bpf_fd = fd;
+ attr.info.info = bpf_ptr_to_u64(info);
+ attr.info.info_len = *info_len;
+
+ *info_len = 0;
+ ret = bpf(BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr));
+ if (!ret)
+ *info_len = attr.info.info_len;
+
+ return ret;
+}
+
+int bpf_dump_prog_info(FILE *f, uint32_t id)
+{
+ struct bpf_prog_info info = {};
+ uint32_t len = sizeof(info);
+ int fd, ret, dump_ok = 0;
+ SPRINT_BUF(tmp);
+
+ open_json_object("prog");
+ print_uint(PRINT_ANY, "id", "id %u ", id);
+
+ fd = bpf_prog_fd_by_id(id);
+ if (fd < 0)
+ goto out;
+
+ ret = bpf_prog_info_by_fd(fd, &info, &len);
+ if (!ret && len) {
+ int jited = !!info.jited_prog_len;
+
+ print_string(PRINT_ANY, "tag", "tag %s ",
+ hexstring_n2a(info.tag, sizeof(info.tag),
+ tmp, sizeof(tmp)));
+ print_uint(PRINT_JSON, "jited", NULL, jited);
+ if (jited && !is_json_context())
+ fprintf(f, "jited ");
+ dump_ok = 1;
+ }
+
+ close(fd);
+out:
+ close_json_object();
+ return dump_ok;
+}
+
+static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
+ char **bpf_string, bool *need_release,
+ const char separator)
+{
+ char sp;
+
+ if (from_file) {
+ size_t tmp_len, op_len = sizeof("65535 255 255 4294967295,");
+ char *tmp_string, *pos, c_prev = ' ';
+ FILE *fp;
+ int c;
+
+ tmp_len = sizeof("4096,") + BPF_MAXINSNS * op_len;
+ tmp_string = pos = calloc(1, tmp_len);
+ if (tmp_string == NULL)
+ return -ENOMEM;
+
+ fp = fopen(arg, "r");
+ if (fp == NULL) {
+ perror("Cannot fopen");
+ free(tmp_string);
+ return -ENOENT;
+ }
+
+ while ((c = fgetc(fp)) != EOF) {
+ switch (c) {
+ case '\n':
+ if (c_prev != ',')
+ *(pos++) = ',';
+ c_prev = ',';
+ break;
+ case ' ':
+ case '\t':
+ if (c_prev != ' ')
+ *(pos++) = c;
+ c_prev = ' ';
+ break;
+ default:
+ *(pos++) = c;
+ c_prev = c;
+ }
+ if (pos - tmp_string == tmp_len)
+ break;
+ }
+
+ if (!feof(fp)) {
+ free(tmp_string);
+ fclose(fp);
+ return -E2BIG;
+ }
+
+ fclose(fp);
+ *pos = 0;
+
+ *need_release = true;
+ *bpf_string = tmp_string;
+ } else {
+ *need_release = false;
+ *bpf_string = arg;
+ }
+
+ if (sscanf(*bpf_string, "%hu%c", bpf_len, &sp) != 2 ||
+ sp != separator) {
+ if (*need_release)
+ free(*bpf_string);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int bpf_ops_parse(int argc, char **argv, struct sock_filter *bpf_ops,
+ bool from_file)
+{
+ char *bpf_string, *token, separator = ',';
+ int ret = 0, i = 0;
+ bool need_release;
+ __u16 bpf_len = 0;
+
+ if (argc < 1)
+ return -EINVAL;
+ if (bpf_parse_string(argv[0], from_file, &bpf_len, &bpf_string,
+ &need_release, separator))
+ return -EINVAL;
+ if (bpf_len == 0 || bpf_len > BPF_MAXINSNS) {
+ ret = -EINVAL;
+ goto out;
+ }
+
+ token = bpf_string;
+ while ((token = strchr(token, separator)) && (++token)[0]) {
+ if (i >= bpf_len) {
+ fprintf(stderr, "Real program length exceeds encoded length parameter!\n");
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (sscanf(token, "%hu %hhu %hhu %u,",
+ &bpf_ops[i].code, &bpf_ops[i].jt,
+ &bpf_ops[i].jf, &bpf_ops[i].k) != 4) {
+ fprintf(stderr, "Error at instruction %d!\n", i);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ i++;
+ }
+
+ if (i != bpf_len) {
+ fprintf(stderr, "Parsed program length is less than encoded length parameter!\n");
+ ret = -EINVAL;
+ goto out;
+ }
+ ret = bpf_len;
+out:
+ if (need_release)
+ free(bpf_string);
+
+ return ret;
+}
+
+void bpf_print_ops(FILE *f, struct rtattr *bpf_ops, __u16 len)
+{
+ struct sock_filter *ops = RTA_DATA(bpf_ops);
+ int i;
+
+ if (len == 0)
+ return;
+
+ fprintf(f, "bytecode \'%u,", len);
+
+ for (i = 0; i < len - 1; i++)
+ fprintf(f, "%hu %hhu %hhu %u,", ops[i].code, ops[i].jt,
+ ops[i].jf, ops[i].k);
+
+ fprintf(f, "%hu %hhu %hhu %u\'", ops[i].code, ops[i].jt,
+ ops[i].jf, ops[i].k);
+}
+
+static void bpf_map_pin_report(const struct bpf_elf_map *pin,
+ const struct bpf_elf_map *obj)
+{
+ fprintf(stderr, "Map specification differs from pinned file!\n");
+
+ if (obj->type != pin->type)
+ fprintf(stderr, " - Type: %u (obj) != %u (pin)\n",
+ obj->type, pin->type);
+ if (obj->size_key != pin->size_key)
+ fprintf(stderr, " - Size key: %u (obj) != %u (pin)\n",
+ obj->size_key, pin->size_key);
+ if (obj->size_value != pin->size_value)
+ fprintf(stderr, " - Size value: %u (obj) != %u (pin)\n",
+ obj->size_value, pin->size_value);
+ if (obj->max_elem != pin->max_elem)
+ fprintf(stderr, " - Max elems: %u (obj) != %u (pin)\n",
+ obj->max_elem, pin->max_elem);
+ if (obj->flags != pin->flags)
+ fprintf(stderr, " - Flags: %#x (obj) != %#x (pin)\n",
+ obj->flags, pin->flags);
+
+ fprintf(stderr, "\n");
+}
+
+struct bpf_prog_data {
+ unsigned int type;
+ unsigned int jited;
+};
+
+struct bpf_map_ext {
+ struct bpf_prog_data owner;
+};
+
+static int bpf_derive_elf_map_from_fdinfo(int fd, struct bpf_elf_map *map,
+ struct bpf_map_ext *ext)
+{
+ unsigned int val, owner_type = 0, owner_jited = 0;
+ char file[PATH_MAX], buff[4096];
+ FILE *fp;
+
+ snprintf(file, sizeof(file), "/proc/%d/fdinfo/%d", getpid(), fd);
+ memset(map, 0, sizeof(*map));
+
+ fp = fopen(file, "r");
+ if (!fp) {
+ fprintf(stderr, "No procfs support?!\n");
+ return -EIO;
+ }
+
+ while (fgets(buff, sizeof(buff), fp)) {
+ if (sscanf(buff, "map_type:\t%u", &val) == 1)
+ map->type = val;
+ else if (sscanf(buff, "key_size:\t%u", &val) == 1)
+ map->size_key = val;
+ else if (sscanf(buff, "value_size:\t%u", &val) == 1)
+ map->size_value = val;
+ else if (sscanf(buff, "max_entries:\t%u", &val) == 1)
+ map->max_elem = val;
+ else if (sscanf(buff, "map_flags:\t%i", &val) == 1)
+ map->flags = val;
+ else if (sscanf(buff, "owner_prog_type:\t%i", &val) == 1)
+ owner_type = val;
+ else if (sscanf(buff, "owner_jited:\t%i", &val) == 1)
+ owner_jited = val;
+ }
+
+ fclose(fp);
+ if (ext) {
+ memset(ext, 0, sizeof(*ext));
+ ext->owner.type = owner_type;
+ ext->owner.jited = owner_jited;
+ }
+
+ return 0;
+}
+
+static int bpf_map_selfcheck_pinned(int fd, const struct bpf_elf_map *map,
+ struct bpf_map_ext *ext, int length,
+ enum bpf_prog_type type)
+{
+ struct bpf_elf_map tmp, zero = {};
+ int ret;
+
+ ret = bpf_derive_elf_map_from_fdinfo(fd, &tmp, ext);
+ if (ret < 0)
+ return ret;
+
+ /* The decision to reject this is on kernel side eventually, but
+ * at least give the user a chance to know what's wrong.
+ */
+ if (ext->owner.type && ext->owner.type != type)
+ fprintf(stderr, "Program array map owner types differ: %u (obj) != %u (pin)\n",
+ type, ext->owner.type);
+
+ if (!memcmp(&tmp, map, length)) {
+ return 0;
+ } else {
+ /* If kernel doesn't have eBPF-related fdinfo, we cannot do much,
+ * so just accept it. We know we do have an eBPF fd and in this
+ * case, everything is 0. It is guaranteed that no such map exists
+ * since map type of 0 is unloadable BPF_MAP_TYPE_UNSPEC.
+ */
+ if (!memcmp(&tmp, &zero, length))
+ return 0;
+
+ bpf_map_pin_report(&tmp, map);
+ return -EINVAL;
+ }
+}
+
+static int bpf_mnt_fs(const char *target)
+{
+ bool bind_done = false;
+
+ while (mount("", target, "none", MS_PRIVATE | MS_REC, NULL)) {
+ if (errno != EINVAL || bind_done) {
+ fprintf(stderr, "mount --make-private %s failed: %s\n",
+ target, strerror(errno));
+ return -1;
+ }
+
+ if (mount(target, target, "none", MS_BIND, NULL)) {
+ fprintf(stderr, "mount --bind %s %s failed: %s\n",
+ target, target, strerror(errno));
+ return -1;
+ }
+
+ bind_done = true;
+ }
+
+ if (mount("bpf", target, "bpf", 0, "mode=0700")) {
+ fprintf(stderr, "mount -t bpf bpf %s failed: %s\n",
+ target, strerror(errno));
+ return -1;
+ }
+
+ return 0;
+}
+
+static int bpf_mnt_check_target(const char *target)
+{
+ struct stat sb = {};
+ int ret;
+
+ ret = stat(target, &sb);
+ if (ret) {
+ ret = mkdir(target, S_IRWXU);
+ if (ret) {
+ fprintf(stderr, "mkdir %s failed: %s\n", target,
+ strerror(errno));
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
+static int bpf_valid_mntpt(const char *mnt, unsigned long magic)
+{
+ struct statfs st_fs;
+
+ if (statfs(mnt, &st_fs) < 0)
+ return -ENOENT;
+ if ((unsigned long)st_fs.f_type != magic)
+ return -ENOENT;
+
+ return 0;
+}
+
+static const char *bpf_find_mntpt_single(unsigned long magic, char *mnt,
+ int len, const char *mntpt)
+{
+ int ret;
+
+ ret = bpf_valid_mntpt(mntpt, magic);
+ if (!ret) {
+ strlcpy(mnt, mntpt, len);
+ return mnt;
+ }
+
+ return NULL;
+}
+
+static const char *bpf_find_mntpt(const char *fstype, unsigned long magic,
+ char *mnt, int len,
+ const char * const *known_mnts)
+{
+ const char * const *ptr;
+ char type[100];
+ FILE *fp;
+
+ if (known_mnts) {
+ ptr = known_mnts;
+ while (*ptr) {
+ if (bpf_find_mntpt_single(magic, mnt, len, *ptr))
+ return mnt;
+ ptr++;
+ }
+ }
+
+ if (len != PATH_MAX)
+ return NULL;
+
+ fp = fopen("/proc/mounts", "r");
+ if (fp == NULL)
+ return NULL;
+
+ while (fscanf(fp, "%*s %" textify(PATH_MAX) "s %99s %*s %*d %*d\n",
+ mnt, type) == 2) {
+ if (strcmp(type, fstype) == 0)
+ break;
+ }
+
+ fclose(fp);
+ if (strcmp(type, fstype) != 0)
+ return NULL;
+
+ return mnt;
+}
+
+int bpf_trace_pipe(void)
+{
+ char tracefs_mnt[PATH_MAX] = TRACE_DIR_MNT;
+ static const char * const tracefs_known_mnts[] = {
+ TRACE_DIR_MNT,
+ "/sys/kernel/debug/tracing",
+ "/tracing",
+ "/trace",
+ 0,
+ };
+ int fd_in, fd_out = STDERR_FILENO;
+ char tpipe[PATH_MAX];
+ const char *mnt;
+
+ mnt = bpf_find_mntpt("tracefs", TRACEFS_MAGIC, tracefs_mnt,
+ sizeof(tracefs_mnt), tracefs_known_mnts);
+ if (!mnt) {
+ fprintf(stderr, "tracefs not mounted?\n");
+ return -1;
+ }
+
+ snprintf(tpipe, sizeof(tpipe), "%s/trace_pipe", mnt);
+
+ fd_in = open(tpipe, O_RDONLY);
+ if (fd_in < 0)
+ return -1;
+
+ fprintf(stderr, "Running! Hang up with ^C!\n\n");
+ while (1) {
+ static char buff[4096];
+ ssize_t ret;
+
+ ret = read(fd_in, buff, sizeof(buff));
+ if (ret > 0 && write(fd_out, buff, ret) == ret)
+ continue;
+ break;
+ }
+
+ close(fd_in);
+ return -1;
+}
+
+static int bpf_gen_global(const char *bpf_sub_dir)
+{
+ char bpf_glo_dir[PATH_MAX];
+ int ret;
+
+ snprintf(bpf_glo_dir, sizeof(bpf_glo_dir), "%s/%s/",
+ bpf_sub_dir, BPF_DIR_GLOBALS);
+
+ ret = mkdir(bpf_glo_dir, S_IRWXU);
+ if (ret && errno != EEXIST) {
+ fprintf(stderr, "mkdir %s failed: %s\n", bpf_glo_dir,
+ strerror(errno));
+ return ret;
+ }
+
+ return 0;
+}
+
+static int bpf_gen_master(const char *base, const char *name)
+{
+ char bpf_sub_dir[PATH_MAX];
+ int ret;
+
+ snprintf(bpf_sub_dir, sizeof(bpf_sub_dir), "%s%s/", base, name);
+
+ ret = mkdir(bpf_sub_dir, S_IRWXU);
+ if (ret && errno != EEXIST) {
+ fprintf(stderr, "mkdir %s failed: %s\n", bpf_sub_dir,
+ strerror(errno));
+ return ret;
+ }
+
+ return bpf_gen_global(bpf_sub_dir);
+}
+
+static int bpf_slave_via_bind_mnt(const char *full_name,
+ const char *full_link)
+{
+ int ret;
+
+ ret = mkdir(full_name, S_IRWXU);
+ if (ret) {
+ assert(errno != EEXIST);
+ fprintf(stderr, "mkdir %s failed: %s\n", full_name,
+ strerror(errno));
+ return ret;
+ }
+
+ ret = mount(full_link, full_name, "none", MS_BIND, NULL);
+ if (ret) {
+ rmdir(full_name);
+ fprintf(stderr, "mount --bind %s %s failed: %s\n",
+ full_link, full_name, strerror(errno));
+ }
+
+ return ret;
+}
+
+static int bpf_gen_slave(const char *base, const char *name,
+ const char *link)
+{
+ char bpf_lnk_dir[PATH_MAX];
+ char bpf_sub_dir[PATH_MAX];
+ struct stat sb = {};
+ int ret;
+
+ snprintf(bpf_lnk_dir, sizeof(bpf_lnk_dir), "%s%s/", base, link);
+ snprintf(bpf_sub_dir, sizeof(bpf_sub_dir), "%s%s", base, name);
+
+ ret = symlink(bpf_lnk_dir, bpf_sub_dir);
+ if (ret) {
+ if (errno != EEXIST) {
+ if (errno != EPERM) {
+ fprintf(stderr, "symlink %s failed: %s\n",
+ bpf_sub_dir, strerror(errno));
+ return ret;
+ }
+
+ return bpf_slave_via_bind_mnt(bpf_sub_dir,
+ bpf_lnk_dir);
+ }
+
+ ret = lstat(bpf_sub_dir, &sb);
+ if (ret) {
+ fprintf(stderr, "lstat %s failed: %s\n",
+ bpf_sub_dir, strerror(errno));
+ return ret;
+ }
+
+ if ((sb.st_mode & S_IFMT) != S_IFLNK)
+ return bpf_gen_global(bpf_sub_dir);
+ }
+
+ return 0;
+}
+
+static int bpf_gen_hierarchy(const char *base)
+{
+ int ret, i;
+
+ ret = bpf_gen_master(base, bpf_prog_to_subdir(__bpf_types[0]));
+ for (i = 1; i < ARRAY_SIZE(__bpf_types) && !ret; i++)
+ ret = bpf_gen_slave(base,
+ bpf_prog_to_subdir(__bpf_types[i]),
+ bpf_prog_to_subdir(__bpf_types[0]));
+ return ret;
+}
+
+static const char *bpf_get_work_dir(enum bpf_prog_type type)
+{
+ static char bpf_tmp[PATH_MAX] = BPF_DIR_MNT;
+ static char bpf_wrk_dir[PATH_MAX];
+ static const char *mnt;
+ static bool bpf_mnt_cached;
+ const char *mnt_env = getenv(BPF_ENV_MNT);
+ static const char * const bpf_known_mnts[] = {
+ BPF_DIR_MNT,
+ "/bpf",
+ 0,
+ };
+ int ret;
+
+ if (bpf_mnt_cached) {
+ const char *out = mnt;
+
+ if (out && type) {
+ snprintf(bpf_tmp, sizeof(bpf_tmp), "%s%s/",
+ out, bpf_prog_to_subdir(type));
+ out = bpf_tmp;
+ }
+ return out;
+ }
+
+ if (mnt_env)
+ mnt = bpf_find_mntpt_single(BPF_FS_MAGIC, bpf_tmp,
+ sizeof(bpf_tmp), mnt_env);
+ else
+ mnt = bpf_find_mntpt("bpf", BPF_FS_MAGIC, bpf_tmp,
+ sizeof(bpf_tmp), bpf_known_mnts);
+ if (!mnt) {
+ mnt = mnt_env ? : BPF_DIR_MNT;
+ ret = bpf_mnt_check_target(mnt);
+ if (!ret)
+ ret = bpf_mnt_fs(mnt);
+ if (ret) {
+ mnt = NULL;
+ goto out;
+ }
+ }
+
+ snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt);
+
+ ret = bpf_gen_hierarchy(bpf_wrk_dir);
+ if (ret) {
+ mnt = NULL;
+ goto out;
+ }
+
+ mnt = bpf_wrk_dir;
+out:
+ bpf_mnt_cached = true;
+ return mnt;
+}
+
+static int bpf_obj_get(const char *pathname, enum bpf_prog_type type)
+{
+ union bpf_attr attr = {};
+ char tmp[PATH_MAX];
+
+ if (strlen(pathname) > 2 && pathname[0] == 'm' &&
+ pathname[1] == ':' && bpf_get_work_dir(type)) {
+ snprintf(tmp, sizeof(tmp), "%s/%s",
+ bpf_get_work_dir(type), pathname + 2);
+ pathname = tmp;
+ }
+
+ attr.pathname = bpf_ptr_to_u64(pathname);
+
+ return bpf(BPF_OBJ_GET, &attr, sizeof(attr));
+}
+
+static int bpf_obj_pinned(const char *pathname, enum bpf_prog_type type)
+{
+ int prog_fd = bpf_obj_get(pathname, type);
+
+ if (prog_fd < 0)
+ fprintf(stderr, "Couldn\'t retrieve pinned program \'%s\': %s\n",
+ pathname, strerror(errno));
+ return prog_fd;
+}
+
+enum bpf_mode {
+ CBPF_BYTECODE,
+ CBPF_FILE,
+ EBPF_OBJECT,
+ EBPF_PINNED,
+ BPF_MODE_MAX,
+};
+
+static int bpf_parse(enum bpf_prog_type *type, enum bpf_mode *mode,
+ struct bpf_cfg_in *cfg, const bool *opt_tbl)
+{
+ const char *file, *section, *uds_name;
+ bool verbose = false;
+ int i, ret, argc;
+ char **argv;
+
+ argv = cfg->argv;
+ argc = cfg->argc;
+
+ if (opt_tbl[CBPF_BYTECODE] &&
+ (matches(*argv, "bytecode") == 0 ||
+ strcmp(*argv, "bc") == 0)) {
+ *mode = CBPF_BYTECODE;
+ } else if (opt_tbl[CBPF_FILE] &&
+ (matches(*argv, "bytecode-file") == 0 ||
+ strcmp(*argv, "bcf") == 0)) {
+ *mode = CBPF_FILE;
+ } else if (opt_tbl[EBPF_OBJECT] &&
+ (matches(*argv, "object-file") == 0 ||
+ strcmp(*argv, "obj") == 0)) {
+ *mode = EBPF_OBJECT;
+ } else if (opt_tbl[EBPF_PINNED] &&
+ (matches(*argv, "object-pinned") == 0 ||
+ matches(*argv, "pinned") == 0 ||
+ matches(*argv, "fd") == 0)) {
+ *mode = EBPF_PINNED;
+ } else {
+ fprintf(stderr, "What mode is \"%s\"?\n", *argv);
+ return -1;
+ }
+
+ NEXT_ARG();
+ file = section = uds_name = NULL;
+ if (*mode == EBPF_OBJECT || *mode == EBPF_PINNED) {
+ file = *argv;
+ NEXT_ARG_FWD();
+
+ if (*type == BPF_PROG_TYPE_UNSPEC) {
+ if (argc > 0 && matches(*argv, "type") == 0) {
+ NEXT_ARG();
+ for (i = 0; i < ARRAY_SIZE(__bpf_prog_meta);
+ i++) {
+ if (!__bpf_prog_meta[i].type)
+ continue;
+ if (!matches(*argv,
+ __bpf_prog_meta[i].type)) {
+ *type = i;
+ break;
+ }
+ }
+
+ if (*type == BPF_PROG_TYPE_UNSPEC) {
+ fprintf(stderr, "What type is \"%s\"?\n",
+ *argv);
+ return -1;
+ }
+ NEXT_ARG_FWD();
+ } else {
+ *type = BPF_PROG_TYPE_SCHED_CLS;
+ }
+ }
+
+ section = bpf_prog_to_default_section(*type);
+ if (argc > 0 && matches(*argv, "section") == 0) {
+ NEXT_ARG();
+ section = *argv;
+ NEXT_ARG_FWD();
+ }
+
+ if (__bpf_prog_meta[*type].may_uds_export) {
+ uds_name = getenv(BPF_ENV_UDS);
+ if (argc > 0 && !uds_name &&
+ matches(*argv, "export") == 0) {
+ NEXT_ARG();
+ uds_name = *argv;
+ NEXT_ARG_FWD();
+ }
+ }
+
+ if (argc > 0 && matches(*argv, "verbose") == 0) {
+ verbose = true;
+ NEXT_ARG_FWD();
+ }
+
+ PREV_ARG();
+ }
+
+ if (*mode == CBPF_BYTECODE || *mode == CBPF_FILE)
+ ret = bpf_ops_parse(argc, argv, cfg->ops, *mode == CBPF_FILE);
+ else if (*mode == EBPF_OBJECT)
+ ret = bpf_obj_open(file, *type, section, verbose);
+ else if (*mode == EBPF_PINNED)
+ ret = bpf_obj_pinned(file, *type);
+ else
+ return -1;
+
+ cfg->object = file;
+ cfg->section = section;
+ cfg->uds = uds_name;
+ cfg->argc = argc;
+ cfg->argv = argv;
+
+ return ret;
+}
+
+static int bpf_parse_opt_tbl(enum bpf_prog_type type, struct bpf_cfg_in *cfg,
+ const struct bpf_cfg_ops *ops, void *nl,
+ const bool *opt_tbl)
+{
+ struct sock_filter opcodes[BPF_MAXINSNS];
+ char annotation[256];
+ enum bpf_mode mode;
+ int ret;
+
+ cfg->ops = opcodes;
+ ret = bpf_parse(&type, &mode, cfg, opt_tbl);
+ cfg->ops = NULL;
+ if (ret < 0)
+ return ret;
+
+ if (mode == CBPF_BYTECODE || mode == CBPF_FILE)
+ ops->cbpf_cb(nl, opcodes, ret);
+ if (mode == EBPF_OBJECT || mode == EBPF_PINNED) {
+ snprintf(annotation, sizeof(annotation), "%s:[%s]",
+ basename(cfg->object), mode == EBPF_PINNED ?
+ "*fsobj" : cfg->section);
+ ops->ebpf_cb(nl, ret, annotation);
+ }
+
+ return 0;
+}
+
+int bpf_parse_common(enum bpf_prog_type type, struct bpf_cfg_in *cfg,
+ const struct bpf_cfg_ops *ops, void *nl)
+{
+ bool opt_tbl[BPF_MODE_MAX] = {};
+
+ if (ops->cbpf_cb) {
+ opt_tbl[CBPF_BYTECODE] = true;
+ opt_tbl[CBPF_FILE] = true;
+ }
+
+ if (ops->ebpf_cb) {
+ opt_tbl[EBPF_OBJECT] = true;
+ opt_tbl[EBPF_PINNED] = true;
+ }
+
+ return bpf_parse_opt_tbl(type, cfg, ops, nl, opt_tbl);
+}
+
+int bpf_graft_map(const char *map_path, uint32_t *key, int argc, char **argv)
+{
+ enum bpf_prog_type type = BPF_PROG_TYPE_UNSPEC;
+ const bool opt_tbl[BPF_MODE_MAX] = {
+ [EBPF_OBJECT] = true,
+ [EBPF_PINNED] = true,
+ };
+ const struct bpf_elf_map test = {
+ .type = BPF_MAP_TYPE_PROG_ARRAY,
+ .size_key = sizeof(int),
+ .size_value = sizeof(int),
+ };
+ struct bpf_cfg_in cfg = {
+ .argc = argc,
+ .argv = argv,
+ };
+ struct bpf_map_ext ext = {};
+ int ret, prog_fd, map_fd;
+ enum bpf_mode mode;
+ uint32_t map_key;
+
+ prog_fd = bpf_parse(&type, &mode, &cfg, opt_tbl);
+ if (prog_fd < 0)
+ return prog_fd;
+ if (key) {
+ map_key = *key;
+ } else {
+ ret = sscanf(cfg.section, "%*i/%i", &map_key);
+ if (ret != 1) {
+ fprintf(stderr, "Couldn\'t infer map key from section name! Please provide \'key\' argument!\n");
+ ret = -EINVAL;
+ goto out_prog;
+ }
+ }
+
+ map_fd = bpf_obj_get(map_path, type);
+ if (map_fd < 0) {
+ fprintf(stderr, "Couldn\'t retrieve pinned map \'%s\': %s\n",
+ map_path, strerror(errno));
+ ret = map_fd;
+ goto out_prog;
+ }
+
+ ret = bpf_map_selfcheck_pinned(map_fd, &test, &ext,
+ offsetof(struct bpf_elf_map, max_elem),
+ type);
+ if (ret < 0) {
+ fprintf(stderr, "Map \'%s\' self-check failed!\n", map_path);
+ goto out_map;
+ }
+
+ ret = bpf_map_update(map_fd, &map_key, &prog_fd, BPF_ANY);
+ if (ret < 0)
+ fprintf(stderr, "Map update failed: %s\n", strerror(errno));
+out_map:
+ close(map_fd);
+out_prog:
+ close(prog_fd);
+ return ret;
+}
+
+int bpf_prog_attach_fd(int prog_fd, int target_fd, enum bpf_attach_type type)
+{
+ union bpf_attr attr = {};
+
+ attr.target_fd = target_fd;
+ attr.attach_bpf_fd = prog_fd;
+ attr.attach_type = type;
+
+ return bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
+}
+
+int bpf_prog_detach_fd(int target_fd, enum bpf_attach_type type)
+{
+ union bpf_attr attr = {};
+
+ attr.target_fd = target_fd;
+ attr.attach_type = type;
+
+ return bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
+}
+
+int bpf_prog_load(enum bpf_prog_type type, const struct bpf_insn *insns,
+ size_t size_insns, const char *license, char *log,
+ size_t size_log)
+{
+ union bpf_attr attr = {};
+
+ attr.prog_type = type;
+ attr.insns = bpf_ptr_to_u64(insns);
+ attr.insn_cnt = size_insns / sizeof(struct bpf_insn);
+ attr.license = bpf_ptr_to_u64(license);
+
+ if (size_log > 0) {
+ attr.log_buf = bpf_ptr_to_u64(log);
+ attr.log_size = size_log;
+ attr.log_level = 1;
+ }
+
+ return bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
+}
+
+#ifdef HAVE_ELF
+struct bpf_elf_prog {
+ enum bpf_prog_type type;
+ const struct bpf_insn *insns;
+ size_t size;
+ const char *license;
+};
+
+struct bpf_hash_entry {
+ unsigned int pinning;
+ const char *subpath;
+ struct bpf_hash_entry *next;
+};
+
+struct bpf_config {
+ unsigned int jit_enabled;
+};
+
+struct bpf_elf_ctx {
+ struct bpf_config cfg;
+ Elf *elf_fd;
+ GElf_Ehdr elf_hdr;
+ Elf_Data *sym_tab;
+ Elf_Data *str_tab;
+ int obj_fd;
+ int map_fds[ELF_MAX_MAPS];
+ struct bpf_elf_map maps[ELF_MAX_MAPS];
+ struct bpf_map_ext maps_ext[ELF_MAX_MAPS];
+ int sym_num;
+ int map_num;
+ int map_len;
+ bool *sec_done;
+ int sec_maps;
+ char license[ELF_MAX_LICENSE_LEN];
+ enum bpf_prog_type type;
+ bool verbose;
+ struct bpf_elf_st stat;
+ struct bpf_hash_entry *ht[256];
+ char *log;
+ size_t log_size;
+};
+
+struct bpf_elf_sec_data {
+ GElf_Shdr sec_hdr;
+ Elf_Data *sec_data;
+ const char *sec_name;
+};
+
+struct bpf_map_data {
+ int *fds;
+ const char *obj;
+ struct bpf_elf_st *st;
+ struct bpf_elf_map *ent;
+};
+
+static __check_format_string(2, 3) void
+bpf_dump_error(struct bpf_elf_ctx *ctx, const char *format, ...)
+{
+ va_list vl;
+
+ va_start(vl, format);
+ vfprintf(stderr, format, vl);
+ va_end(vl);
+
+ if (ctx->log && ctx->log[0]) {
+ if (ctx->verbose) {
+ fprintf(stderr, "%s\n", ctx->log);
+ } else {
+ unsigned int off = 0, len = strlen(ctx->log);
+
+ if (len > BPF_MAX_LOG) {
+ off = len - BPF_MAX_LOG;
+ fprintf(stderr, "Skipped %u bytes, use \'verb\' option for the full verbose log.\n[...]\n",
+ off);
+ }
+ fprintf(stderr, "%s\n", ctx->log + off);
+ }
+
+ memset(ctx->log, 0, ctx->log_size);
+ }
+}
+
+static int bpf_log_realloc(struct bpf_elf_ctx *ctx)
+{
+ const size_t log_max = UINT_MAX >> 8;
+ size_t log_size = ctx->log_size;
+ void *ptr;
+
+ if (!ctx->log) {
+ log_size = 65536;
+ } else if (log_size < log_max) {
+ log_size <<= 1;
+ if (log_size > log_max)
+ log_size = log_max;
+ } else {
+ return -EINVAL;
+ }
+
+ ptr = realloc(ctx->log, log_size);
+ if (!ptr)
+ return -ENOMEM;
+
+ ctx->log = ptr;
+ ctx->log_size = log_size;
+
+ return 0;
+}
+
+static int bpf_map_create(enum bpf_map_type type, uint32_t size_key,
+ uint32_t size_value, uint32_t max_elem,
+ uint32_t flags, int inner_fd)
+{
+ union bpf_attr attr = {};
+
+ attr.map_type = type;
+ attr.key_size = size_key;
+ attr.value_size = inner_fd ? sizeof(int) : size_value;
+ attr.max_entries = max_elem;
+ attr.map_flags = flags;
+ attr.inner_map_fd = inner_fd;
+
+ return bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
+}
+
+static int bpf_obj_pin(int fd, const char *pathname)
+{
+ union bpf_attr attr = {};
+
+ attr.pathname = bpf_ptr_to_u64(pathname);
+ attr.bpf_fd = fd;
+
+ return bpf(BPF_OBJ_PIN, &attr, sizeof(attr));
+}
+
+static int bpf_obj_hash(const char *object, uint8_t *out, size_t len)
+{
+ struct sockaddr_alg alg = {
+ .salg_family = AF_ALG,
+ .salg_type = "hash",
+ .salg_name = "sha1",
+ };
+ int ret, cfd, ofd, ffd;
+ struct stat stbuff;
+ ssize_t size;
+
+ if (!object || len != 20)
+ return -EINVAL;
+
+ cfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+ if (cfd < 0) {
+ fprintf(stderr, "Cannot get AF_ALG socket: %s\n",
+ strerror(errno));
+ return cfd;
+ }
+
+ ret = bind(cfd, (struct sockaddr *)&alg, sizeof(alg));
+ if (ret < 0) {
+ fprintf(stderr, "Error binding socket: %s\n", strerror(errno));
+ goto out_cfd;
+ }
+
+ ofd = accept(cfd, NULL, 0);
+ if (ofd < 0) {
+ fprintf(stderr, "Error accepting socket: %s\n",
+ strerror(errno));
+ ret = ofd;
+ goto out_cfd;
+ }
+
+ ffd = open(object, O_RDONLY);
+ if (ffd < 0) {
+ fprintf(stderr, "Error opening object %s: %s\n",
+ object, strerror(errno));
+ ret = ffd;
+ goto out_ofd;
+ }
+
+ ret = fstat(ffd, &stbuff);
+ if (ret < 0) {
+ fprintf(stderr, "Error doing fstat: %s\n",
+ strerror(errno));
+ goto out_ffd;
+ }
+
+ size = sendfile(ofd, ffd, NULL, stbuff.st_size);
+ if (size != stbuff.st_size) {
+ fprintf(stderr, "Error from sendfile (%zd vs %zu bytes): %s\n",
+ size, stbuff.st_size, strerror(errno));
+ ret = -1;
+ goto out_ffd;
+ }
+
+ size = read(ofd, out, len);
+ if (size != len) {
+ fprintf(stderr, "Error from read (%zd vs %zu bytes): %s\n",
+ size, len, strerror(errno));
+ ret = -1;
+ } else {
+ ret = 0;
+ }
+out_ffd:
+ close(ffd);
+out_ofd:
+ close(ofd);
+out_cfd:
+ close(cfd);
+ return ret;
+}
+
+static const char *bpf_get_obj_uid(const char *pathname)
+{
+ static bool bpf_uid_cached;
+ static char bpf_uid[64];
+ uint8_t tmp[20];
+ int ret;
+
+ if (bpf_uid_cached)
+ goto done;
+
+ ret = bpf_obj_hash(pathname, tmp, sizeof(tmp));
+ if (ret) {
+ fprintf(stderr, "Object hashing failed!\n");
+ return NULL;
+ }
+
+ hexstring_n2a(tmp, sizeof(tmp), bpf_uid, sizeof(bpf_uid));
+ bpf_uid_cached = true;
+done:
+ return bpf_uid;
+}
+
+static int bpf_init_env(const char *pathname)
+{
+ struct rlimit limit = {
+ .rlim_cur = RLIM_INFINITY,
+ .rlim_max = RLIM_INFINITY,
+ };
+
+ /* Don't bother in case we fail! */
+ setrlimit(RLIMIT_MEMLOCK, &limit);
+
+ if (!bpf_get_work_dir(BPF_PROG_TYPE_UNSPEC)) {
+ fprintf(stderr, "Continuing without mounted eBPF fs. Too old kernel?\n");
+ return 0;
+ }
+
+ if (!bpf_get_obj_uid(pathname))
+ return -1;
+
+ return 0;
+}
+
+static const char *bpf_custom_pinning(const struct bpf_elf_ctx *ctx,
+ uint32_t pinning)
+{
+ struct bpf_hash_entry *entry;
+
+ entry = ctx->ht[pinning & (ARRAY_SIZE(ctx->ht) - 1)];
+ while (entry && entry->pinning != pinning)
+ entry = entry->next;
+
+ return entry ? entry->subpath : NULL;
+}
+
+static bool bpf_no_pinning(const struct bpf_elf_ctx *ctx,
+ uint32_t pinning)
+{
+ switch (pinning) {
+ case PIN_OBJECT_NS:
+ case PIN_GLOBAL_NS:
+ return false;
+ case PIN_NONE:
+ return true;
+ default:
+ return !bpf_custom_pinning(ctx, pinning);
+ }
+}
+
+static void bpf_make_pathname(char *pathname, size_t len, const char *name,
+ const struct bpf_elf_ctx *ctx, uint32_t pinning)
+{
+ switch (pinning) {
+ case PIN_OBJECT_NS:
+ snprintf(pathname, len, "%s/%s/%s",
+ bpf_get_work_dir(ctx->type),
+ bpf_get_obj_uid(NULL), name);
+ break;
+ case PIN_GLOBAL_NS:
+ snprintf(pathname, len, "%s/%s/%s",
+ bpf_get_work_dir(ctx->type),
+ BPF_DIR_GLOBALS, name);
+ break;
+ default:
+ snprintf(pathname, len, "%s/../%s/%s",
+ bpf_get_work_dir(ctx->type),
+ bpf_custom_pinning(ctx, pinning), name);
+ break;
+ }
+}
+
+static int bpf_probe_pinned(const char *name, const struct bpf_elf_ctx *ctx,
+ uint32_t pinning)
+{
+ char pathname[PATH_MAX];
+
+ if (bpf_no_pinning(ctx, pinning) || !bpf_get_work_dir(ctx->type))
+ return 0;
+
+ bpf_make_pathname(pathname, sizeof(pathname), name, ctx, pinning);
+ return bpf_obj_get(pathname, ctx->type);
+}
+
+static int bpf_make_obj_path(const struct bpf_elf_ctx *ctx)
+{
+ char tmp[PATH_MAX];
+ int ret;
+
+ snprintf(tmp, sizeof(tmp), "%s/%s", bpf_get_work_dir(ctx->type),
+ bpf_get_obj_uid(NULL));
+
+ ret = mkdir(tmp, S_IRWXU);
+ if (ret && errno != EEXIST) {
+ fprintf(stderr, "mkdir %s failed: %s\n", tmp, strerror(errno));
+ return ret;
+ }
+
+ return 0;
+}
+
+static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx,
+ const char *todo)
+{
+ char tmp[PATH_MAX], rem[PATH_MAX], *sub;
+ int ret;
+
+ snprintf(tmp, sizeof(tmp), "%s/../", bpf_get_work_dir(ctx->type));
+ snprintf(rem, sizeof(rem), "%s/", todo);
+ sub = strtok(rem, "/");
+
+ while (sub) {
+ if (strlen(tmp) + strlen(sub) + 2 > PATH_MAX)
+ return -EINVAL;
+
+ strcat(tmp, sub);
+ strcat(tmp, "/");
+
+ ret = mkdir(tmp, S_IRWXU);
+ if (ret && errno != EEXIST) {
+ fprintf(stderr, "mkdir %s failed: %s\n", tmp,
+ strerror(errno));
+ return ret;
+ }
+
+ sub = strtok(NULL, "/");
+ }
+
+ return 0;
+}
+
+static int bpf_place_pinned(int fd, const char *name,
+ const struct bpf_elf_ctx *ctx, uint32_t pinning)
+{
+ char pathname[PATH_MAX];
+ const char *tmp;
+ int ret = 0;
+
+ if (bpf_no_pinning(ctx, pinning) || !bpf_get_work_dir(ctx->type))
+ return 0;
+
+ if (pinning == PIN_OBJECT_NS)
+ ret = bpf_make_obj_path(ctx);
+ else if ((tmp = bpf_custom_pinning(ctx, pinning)))
+ ret = bpf_make_custom_path(ctx, tmp);
+ if (ret < 0)
+ return ret;
+
+ bpf_make_pathname(pathname, sizeof(pathname), name, ctx, pinning);
+ return bpf_obj_pin(fd, pathname);
+}
+
+static void bpf_prog_report(int fd, const char *section,
+ const struct bpf_elf_prog *prog,
+ struct bpf_elf_ctx *ctx)
+{
+ unsigned int insns = prog->size / sizeof(struct bpf_insn);
+
+ fprintf(stderr, "\nProg section \'%s\' %s%s (%d)!\n", section,
+ fd < 0 ? "rejected: " : "loaded",
+ fd < 0 ? strerror(errno) : "",
+ fd < 0 ? errno : fd);
+
+ fprintf(stderr, " - Type: %u\n", prog->type);
+ fprintf(stderr, " - Instructions: %u (%u over limit)\n",
+ insns, insns > BPF_MAXINSNS ? insns - BPF_MAXINSNS : 0);
+ fprintf(stderr, " - License: %s\n\n", prog->license);
+
+ bpf_dump_error(ctx, "Verifier analysis:\n\n");
+}
+
+static int bpf_prog_attach(const char *section,
+ const struct bpf_elf_prog *prog,
+ struct bpf_elf_ctx *ctx)
+{
+ int tries = 0, fd;
+retry:
+ errno = 0;
+ fd = bpf_prog_load(prog->type, prog->insns, prog->size,
+ prog->license, ctx->log, ctx->log_size);
+ if (fd < 0 || ctx->verbose) {
+ /* The verifier log is pretty chatty, sometimes so chatty
+ * on larger programs, that we could fail to dump everything
+ * into our buffer. Still, try to give a debuggable error
+ * log for the user, so enlarge it and re-fail.
+ */
+ if (fd < 0 && (errno == ENOSPC || !ctx->log_size)) {
+ if (tries++ < 10 && !bpf_log_realloc(ctx))
+ goto retry;
+
+ fprintf(stderr, "Log buffer too small to dump verifier log %zu bytes (%d tries)!\n",
+ ctx->log_size, tries);
+ return fd;
+ }
+
+ bpf_prog_report(fd, section, prog, ctx);
+ }
+
+ return fd;
+}
+
+static void bpf_map_report(int fd, const char *name,
+ const struct bpf_elf_map *map,
+ struct bpf_elf_ctx *ctx, int inner_fd)
+{
+ fprintf(stderr, "Map object \'%s\' %s%s (%d)!\n", name,
+ fd < 0 ? "rejected: " : "loaded",
+ fd < 0 ? strerror(errno) : "",
+ fd < 0 ? errno : fd);
+
+ fprintf(stderr, " - Type: %u\n", map->type);
+ fprintf(stderr, " - Identifier: %u\n", map->id);
+ fprintf(stderr, " - Pinning: %u\n", map->pinning);
+ fprintf(stderr, " - Size key: %u\n", map->size_key);
+ fprintf(stderr, " - Size value: %u\n",
+ inner_fd ? (int)sizeof(int) : map->size_value);
+ fprintf(stderr, " - Max elems: %u\n", map->max_elem);
+ fprintf(stderr, " - Flags: %#x\n\n", map->flags);
+}
+
+static int bpf_find_map_id(const struct bpf_elf_ctx *ctx, uint32_t id)
+{
+ int i;
+
+ for (i = 0; i < ctx->map_num; i++) {
+ if (ctx->maps[i].id != id)
+ continue;
+ if (ctx->map_fds[i] < 0)
+ return -EINVAL;
+
+ return ctx->map_fds[i];
+ }
+
+ return -ENOENT;
+}
+
+static void bpf_report_map_in_map(int outer_fd, uint32_t idx)
+{
+ struct bpf_elf_map outer_map;
+ int ret;
+
+ fprintf(stderr, "Cannot insert map into map! ");
+
+ ret = bpf_derive_elf_map_from_fdinfo(outer_fd, &outer_map, NULL);
+ if (!ret) {
+ if (idx >= outer_map.max_elem &&
+ outer_map.type == BPF_MAP_TYPE_ARRAY_OF_MAPS) {
+ fprintf(stderr, "Outer map has %u elements, index %u is invalid!\n",
+ outer_map.max_elem, idx);
+ return;
+ }
+ }
+
+ fprintf(stderr, "Different map specs used for outer and inner map?\n");
+}
+
+static bool bpf_is_map_in_map_type(const struct bpf_elf_map *map)
+{
+ return map->type == BPF_MAP_TYPE_ARRAY_OF_MAPS ||
+ map->type == BPF_MAP_TYPE_HASH_OF_MAPS;
+}
+
+static int bpf_map_attach(const char *name, struct bpf_elf_ctx *ctx,
+ const struct bpf_elf_map *map, struct bpf_map_ext *ext,
+ int *have_map_in_map)
+{
+ int fd, ret, map_inner_fd = 0;
+
+ fd = bpf_probe_pinned(name, ctx, map->pinning);
+ if (fd > 0) {
+ ret = bpf_map_selfcheck_pinned(fd, map, ext,
+ offsetof(struct bpf_elf_map,
+ id), ctx->type);
+ if (ret < 0) {
+ close(fd);
+ fprintf(stderr, "Map \'%s\' self-check failed!\n",
+ name);
+ return ret;
+ }
+ if (ctx->verbose)
+ fprintf(stderr, "Map \'%s\' loaded as pinned!\n",
+ name);
+ return fd;
+ }
+
+ if (have_map_in_map && bpf_is_map_in_map_type(map)) {
+ (*have_map_in_map)++;
+ if (map->inner_id)
+ return 0;
+ fprintf(stderr, "Map \'%s\' cannot be created since no inner map ID defined!\n",
+ name);
+ return -EINVAL;
+ }
+
+ if (!have_map_in_map && bpf_is_map_in_map_type(map)) {
+ map_inner_fd = bpf_find_map_id(ctx, map->inner_id);
+ if (map_inner_fd < 0) {
+ fprintf(stderr, "Map \'%s\' cannot be loaded. Inner map with ID %u not found!\n",
+ name, map->inner_id);
+ return -EINVAL;
+ }
+ }
+
+ errno = 0;
+ fd = bpf_map_create(map->type, map->size_key, map->size_value,
+ map->max_elem, map->flags, map_inner_fd);
+ if (fd < 0 || ctx->verbose) {
+ bpf_map_report(fd, name, map, ctx, map_inner_fd);
+ if (fd < 0)
+ return fd;
+ }
+
+ ret = bpf_place_pinned(fd, name, ctx, map->pinning);
+ if (ret < 0 && errno != EEXIST) {
+ fprintf(stderr, "Could not pin %s map: %s\n", name,
+ strerror(errno));
+ close(fd);
+ return ret;
+ }
+
+ return fd;
+}
+
+static const char *bpf_str_tab_name(const struct bpf_elf_ctx *ctx,
+ const GElf_Sym *sym)
+{
+ return ctx->str_tab->d_buf + sym->st_name;
+}
+
+static const char *bpf_map_fetch_name(struct bpf_elf_ctx *ctx, int which)
+{
+ GElf_Sym sym;
+ int i;
+
+ for (i = 0; i < ctx->sym_num; i++) {
+ if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)
+ continue;
+
+ if (GELF_ST_BIND(sym.st_info) != STB_GLOBAL ||
+ GELF_ST_TYPE(sym.st_info) != STT_NOTYPE ||
+ sym.st_shndx != ctx->sec_maps ||
+ sym.st_value / ctx->map_len != which)
+ continue;
+
+ return bpf_str_tab_name(ctx, &sym);
+ }
+
+ return NULL;
+}
+
+static int bpf_maps_attach_all(struct bpf_elf_ctx *ctx)
+{
+ int i, j, ret, fd, inner_fd, inner_idx, have_map_in_map = 0;
+ const char *map_name;
+
+ for (i = 0; i < ctx->map_num; i++) {
+ map_name = bpf_map_fetch_name(ctx, i);
+ if (!map_name)
+ return -EIO;
+
+ fd = bpf_map_attach(map_name, ctx, &ctx->maps[i],
+ &ctx->maps_ext[i], &have_map_in_map);
+ if (fd < 0)
+ return fd;
+
+ ctx->map_fds[i] = !fd ? -1 : fd;
+ }
+
+ for (i = 0; have_map_in_map && i < ctx->map_num; i++) {
+ if (ctx->map_fds[i] >= 0)
+ continue;
+
+ map_name = bpf_map_fetch_name(ctx, i);
+ if (!map_name)
+ return -EIO;
+
+ fd = bpf_map_attach(map_name, ctx, &ctx->maps[i],
+ &ctx->maps_ext[i], NULL);
+ if (fd < 0)
+ return fd;
+
+ ctx->map_fds[i] = fd;
+ }
+
+ for (i = 0; have_map_in_map && i < ctx->map_num; i++) {
+ if (!ctx->maps[i].id ||
+ ctx->maps[i].inner_id ||
+ ctx->maps[i].inner_idx == -1)
+ continue;
+
+ inner_fd = ctx->map_fds[i];
+ inner_idx = ctx->maps[i].inner_idx;
+
+ for (j = 0; j < ctx->map_num; j++) {
+ if (!bpf_is_map_in_map_type(&ctx->maps[j]))
+ continue;
+ if (ctx->maps[j].inner_id != ctx->maps[i].id)
+ continue;
+
+ ret = bpf_map_update(ctx->map_fds[j], &inner_idx,
+ &inner_fd, BPF_ANY);
+ if (ret < 0) {
+ bpf_report_map_in_map(ctx->map_fds[j],
+ inner_idx);
+ return ret;
+ }
+ }
+ }
+
+ return 0;
+}
+
+static int bpf_map_num_sym(struct bpf_elf_ctx *ctx)
+{
+ int i, num = 0;
+ GElf_Sym sym;
+
+ for (i = 0; i < ctx->sym_num; i++) {
+ if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)
+ continue;
+
+ if (GELF_ST_BIND(sym.st_info) != STB_GLOBAL ||
+ GELF_ST_TYPE(sym.st_info) != STT_NOTYPE ||
+ sym.st_shndx != ctx->sec_maps)
+ continue;
+ num++;
+ }
+
+ return num;
+}
+
+static int bpf_fill_section_data(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ Elf_Data *sec_edata;
+ GElf_Shdr sec_hdr;
+ Elf_Scn *sec_fd;
+ char *sec_name;
+
+ memset(data, 0, sizeof(*data));
+
+ sec_fd = elf_getscn(ctx->elf_fd, section);
+ if (!sec_fd)
+ return -EINVAL;
+ if (gelf_getshdr(sec_fd, &sec_hdr) != &sec_hdr)
+ return -EIO;
+
+ sec_name = elf_strptr(ctx->elf_fd, ctx->elf_hdr.e_shstrndx,
+ sec_hdr.sh_name);
+ if (!sec_name || !sec_hdr.sh_size)
+ return -ENOENT;
+
+ sec_edata = elf_getdata(sec_fd, NULL);
+ if (!sec_edata || elf_getdata(sec_fd, sec_edata))
+ return -EIO;
+
+ memcpy(&data->sec_hdr, &sec_hdr, sizeof(sec_hdr));
+
+ data->sec_name = sec_name;
+ data->sec_data = sec_edata;
+ return 0;
+}
+
+struct bpf_elf_map_min {
+ __u32 type;
+ __u32 size_key;
+ __u32 size_value;
+ __u32 max_elem;
+};
+
+static int bpf_fetch_maps_begin(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ ctx->map_num = data->sec_data->d_size;
+ ctx->sec_maps = section;
+ ctx->sec_done[section] = true;
+
+ if (ctx->map_num > sizeof(ctx->maps)) {
+ fprintf(stderr, "Too many BPF maps in ELF section!\n");
+ return -ENOMEM;
+ }
+
+ memcpy(ctx->maps, data->sec_data->d_buf, ctx->map_num);
+ return 0;
+}
+
+static int bpf_map_verify_all_offs(struct bpf_elf_ctx *ctx, int end)
+{
+ GElf_Sym sym;
+ int off, i;
+
+ for (off = 0; off < end; off += ctx->map_len) {
+ /* Order doesn't need to be linear here, hence we walk
+ * the table again.
+ */
+ for (i = 0; i < ctx->sym_num; i++) {
+ if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)
+ continue;
+ if (GELF_ST_BIND(sym.st_info) != STB_GLOBAL ||
+ GELF_ST_TYPE(sym.st_info) != STT_NOTYPE ||
+ sym.st_shndx != ctx->sec_maps)
+ continue;
+ if (sym.st_value == off)
+ break;
+ if (i == ctx->sym_num - 1)
+ return -1;
+ }
+ }
+
+ return off == end ? 0 : -1;
+}
+
+static int bpf_fetch_maps_end(struct bpf_elf_ctx *ctx)
+{
+ struct bpf_elf_map fixup[ARRAY_SIZE(ctx->maps)] = {};
+ int i, sym_num = bpf_map_num_sym(ctx);
+ __u8 *buff;
+
+ if (sym_num == 0 || sym_num > ARRAY_SIZE(ctx->maps)) {
+ fprintf(stderr, "%u maps not supported in current map section!\n",
+ sym_num);
+ return -EINVAL;
+ }
+
+ if (ctx->map_num % sym_num != 0 ||
+ ctx->map_num % sizeof(__u32) != 0) {
+ fprintf(stderr, "Number BPF map symbols are not multiple of struct bpf_elf_map!\n");
+ return -EINVAL;
+ }
+
+ ctx->map_len = ctx->map_num / sym_num;
+ if (bpf_map_verify_all_offs(ctx, ctx->map_num)) {
+ fprintf(stderr, "Different struct bpf_elf_map in use!\n");
+ return -EINVAL;
+ }
+
+ if (ctx->map_len == sizeof(struct bpf_elf_map)) {
+ ctx->map_num = sym_num;
+ return 0;
+ } else if (ctx->map_len > sizeof(struct bpf_elf_map)) {
+ fprintf(stderr, "struct bpf_elf_map not supported, coming from future version?\n");
+ return -EINVAL;
+ } else if (ctx->map_len < sizeof(struct bpf_elf_map_min)) {
+ fprintf(stderr, "struct bpf_elf_map too small, not supported!\n");
+ return -EINVAL;
+ }
+
+ ctx->map_num = sym_num;
+ for (i = 0, buff = (void *)ctx->maps; i < ctx->map_num;
+ i++, buff += ctx->map_len) {
+ /* The fixup leaves the rest of the members as zero, which
+ * is fine currently, but option exist to set some other
+ * default value as well when needed in future.
+ */
+ memcpy(&fixup[i], buff, ctx->map_len);
+ }
+
+ memcpy(ctx->maps, fixup, sizeof(fixup));
+
+ printf("Note: %zu bytes struct bpf_elf_map fixup performed due to size mismatch!\n",
+ sizeof(struct bpf_elf_map) - ctx->map_len);
+ return 0;
+}
+
+static int bpf_fetch_license(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ if (data->sec_data->d_size > sizeof(ctx->license))
+ return -ENOMEM;
+
+ memcpy(ctx->license, data->sec_data->d_buf, data->sec_data->d_size);
+ ctx->sec_done[section] = true;
+ return 0;
+}
+
+static int bpf_fetch_symtab(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ ctx->sym_tab = data->sec_data;
+ ctx->sym_num = data->sec_hdr.sh_size / data->sec_hdr.sh_entsize;
+ ctx->sec_done[section] = true;
+ return 0;
+}
+
+static int bpf_fetch_strtab(struct bpf_elf_ctx *ctx, int section,
+ struct bpf_elf_sec_data *data)
+{
+ ctx->str_tab = data->sec_data;
+ ctx->sec_done[section] = true;
+ return 0;
+}
+
+static bool bpf_has_map_data(const struct bpf_elf_ctx *ctx)
+{
+ return ctx->sym_tab && ctx->str_tab && ctx->sec_maps;
+}
+
+static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx)
+{
+ struct bpf_elf_sec_data data;
+ int i, ret = -1;
+
+ for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
+ ret = bpf_fill_section_data(ctx, i, &data);
+ if (ret < 0)
+ continue;
+
+ if (data.sec_hdr.sh_type == SHT_PROGBITS &&
+ !strcmp(data.sec_name, ELF_SECTION_MAPS))
+ ret = bpf_fetch_maps_begin(ctx, i, &data);
+ else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
+ !strcmp(data.sec_name, ELF_SECTION_LICENSE))
+ ret = bpf_fetch_license(ctx, i, &data);
+ else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
+ !strcmp(data.sec_name, ".symtab"))
+ ret = bpf_fetch_symtab(ctx, i, &data);
+ else if (data.sec_hdr.sh_type == SHT_STRTAB &&
+ !strcmp(data.sec_name, ".strtab"))
+ ret = bpf_fetch_strtab(ctx, i, &data);
+ if (ret < 0) {
+ fprintf(stderr, "Error parsing section %d! Perhaps check with readelf -a?\n",
+ i);
+ return ret;
+ }
+ }
+
+ if (bpf_has_map_data(ctx)) {
+ ret = bpf_fetch_maps_end(ctx);
+ if (ret < 0) {
+ fprintf(stderr, "Error fixing up map structure, incompatible struct bpf_elf_map used?\n");
+ return ret;
+ }
+
+ ret = bpf_maps_attach_all(ctx);
+ if (ret < 0) {
+ fprintf(stderr, "Error loading maps into kernel!\n");
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
+static int bpf_fetch_prog(struct bpf_elf_ctx *ctx, const char *section,
+ bool *sseen)
+{
+ struct bpf_elf_sec_data data;
+ struct bpf_elf_prog prog;
+ int ret, i, fd = -1;
+
+ for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
+ if (ctx->sec_done[i])
+ continue;
+
+ ret = bpf_fill_section_data(ctx, i, &data);
+ if (ret < 0 ||
+ !(data.sec_hdr.sh_type == SHT_PROGBITS &&
+ data.sec_hdr.sh_flags & SHF_EXECINSTR &&
+ !strcmp(data.sec_name, section)))
+ continue;
+
+ *sseen = true;
+
+ memset(&prog, 0, sizeof(prog));
+ prog.type = ctx->type;
+ prog.insns = data.sec_data->d_buf;
+ prog.size = data.sec_data->d_size;
+ prog.license = ctx->license;
+
+ fd = bpf_prog_attach(section, &prog, ctx);
+ if (fd < 0)
+ return fd;
+
+ ctx->sec_done[i] = true;
+ break;
+ }
+
+ return fd;
+}
+
+struct bpf_tail_call_props {
+ unsigned int total;
+ unsigned int jited;
+};
+
+static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
+ struct bpf_elf_sec_data *data_relo,
+ struct bpf_elf_sec_data *data_insn,
+ struct bpf_tail_call_props *props)
+{
+ Elf_Data *idata = data_insn->sec_data;
+ GElf_Shdr *rhdr = &data_relo->sec_hdr;
+ int relo_ent, relo_num = rhdr->sh_size / rhdr->sh_entsize;
+ struct bpf_insn *insns = idata->d_buf;
+ unsigned int num_insns = idata->d_size / sizeof(*insns);
+
+ for (relo_ent = 0; relo_ent < relo_num; relo_ent++) {
+ unsigned int ioff, rmap;
+ GElf_Rel relo;
+ GElf_Sym sym;
+
+ if (gelf_getrel(data_relo->sec_data, relo_ent, &relo) != &relo)
+ return -EIO;
+
+ ioff = relo.r_offset / sizeof(struct bpf_insn);
+ if (ioff >= num_insns ||
+ insns[ioff].code != (BPF_LD | BPF_IMM | BPF_DW)) {
+ fprintf(stderr, "ELF contains relo data for non ld64 instruction at offset %u! Compiler bug?!\n",
+ ioff);
+ if (ioff < num_insns &&
+ insns[ioff].code == (BPF_JMP | BPF_CALL))
+ fprintf(stderr, " - Try to annotate functions with always_inline attribute!\n");
+ return -EINVAL;
+ }
+
+ if (gelf_getsym(ctx->sym_tab, GELF_R_SYM(relo.r_info), &sym) != &sym)
+ return -EIO;
+ if (sym.st_shndx != ctx->sec_maps) {
+ fprintf(stderr, "ELF contains non-map related relo data in entry %u pointing to section %u! Compiler bug?!\n",
+ relo_ent, sym.st_shndx);
+ return -EIO;
+ }
+
+ rmap = sym.st_value / ctx->map_len;
+ if (rmap >= ARRAY_SIZE(ctx->map_fds))
+ return -EINVAL;
+ if (!ctx->map_fds[rmap])
+ return -EINVAL;
+ if (ctx->maps[rmap].type == BPF_MAP_TYPE_PROG_ARRAY) {
+ props->total++;
+ if (ctx->maps_ext[rmap].owner.jited ||
+ (ctx->maps_ext[rmap].owner.type == 0 &&
+ ctx->cfg.jit_enabled))
+ props->jited++;
+ }
+
+ if (ctx->verbose)
+ fprintf(stderr, "Map \'%s\' (%d) injected into prog section \'%s\' at offset %u!\n",
+ bpf_str_tab_name(ctx, &sym), ctx->map_fds[rmap],
+ data_insn->sec_name, ioff);
+
+ insns[ioff].src_reg = BPF_PSEUDO_MAP_FD;
+ insns[ioff].imm = ctx->map_fds[rmap];
+ }
+
+ return 0;
+}
+
+static int bpf_fetch_prog_relo(struct bpf_elf_ctx *ctx, const char *section,
+ bool *lderr, bool *sseen)
+{
+ struct bpf_elf_sec_data data_relo, data_insn;
+ struct bpf_elf_prog prog;
+ int ret, idx, i, fd = -1;
+
+ for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
+ struct bpf_tail_call_props props = {};
+
+ ret = bpf_fill_section_data(ctx, i, &data_relo);
+ if (ret < 0 || data_relo.sec_hdr.sh_type != SHT_REL)
+ continue;
+
+ idx = data_relo.sec_hdr.sh_info;
+
+ ret = bpf_fill_section_data(ctx, idx, &data_insn);
+ if (ret < 0 ||
+ !(data_insn.sec_hdr.sh_type == SHT_PROGBITS &&
+ data_insn.sec_hdr.sh_flags & SHF_EXECINSTR &&
+ !strcmp(data_insn.sec_name, section)))
+ continue;
+
+ *sseen = true;
+
+ ret = bpf_apply_relo_data(ctx, &data_relo, &data_insn, &props);
+ if (ret < 0) {
+ *lderr = true;
+ return ret;
+ }
+
+ memset(&prog, 0, sizeof(prog));
+ prog.type = ctx->type;
+ prog.insns = data_insn.sec_data->d_buf;
+ prog.size = data_insn.sec_data->d_size;
+ prog.license = ctx->license;
+
+ fd = bpf_prog_attach(section, &prog, ctx);
+ if (fd < 0) {
+ *lderr = true;
+ if (props.total) {
+ if (ctx->cfg.jit_enabled &&
+ props.total != props.jited)
+ fprintf(stderr, "JIT enabled, but only %u/%u tail call maps in the program have JITed owner!\n",
+ props.jited, props.total);
+ if (!ctx->cfg.jit_enabled &&
+ props.jited)
+ fprintf(stderr, "JIT disabled, but %u/%u tail call maps in the program have JITed owner!\n",
+ props.jited, props.total);
+ }
+ return fd;
+ }
+
+ ctx->sec_done[i] = true;
+ ctx->sec_done[idx] = true;
+ break;
+ }
+
+ return fd;
+}
+
+static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
+{
+ bool lderr = false, sseen = false;
+ int ret = -1;
+
+ if (bpf_has_map_data(ctx))
+ ret = bpf_fetch_prog_relo(ctx, section, &lderr, &sseen);
+ if (ret < 0 && !lderr)
+ ret = bpf_fetch_prog(ctx, section, &sseen);
+ if (ret < 0 && !sseen)
+ fprintf(stderr, "Program section \'%s\' not found in ELF file!\n",
+ section);
+ return ret;
+}
+
+static int bpf_find_map_by_id(struct bpf_elf_ctx *ctx, uint32_t id)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(ctx->map_fds); i++)
+ if (ctx->map_fds[i] && ctx->maps[i].id == id &&
+ ctx->maps[i].type == BPF_MAP_TYPE_PROG_ARRAY)
+ return i;
+ return -1;
+}
+
+struct bpf_jited_aux {
+ int prog_fd;
+ int map_fd;
+ struct bpf_prog_data prog;
+ struct bpf_map_ext map;
+};
+
+static int bpf_derive_prog_from_fdinfo(int fd, struct bpf_prog_data *prog)
+{
+ char file[PATH_MAX], buff[4096];
+ unsigned int val;
+ FILE *fp;
+
+ snprintf(file, sizeof(file), "/proc/%d/fdinfo/%d", getpid(), fd);
+ memset(prog, 0, sizeof(*prog));
+
+ fp = fopen(file, "r");
+ if (!fp) {
+ fprintf(stderr, "No procfs support?!\n");
+ return -EIO;
+ }
+
+ while (fgets(buff, sizeof(buff), fp)) {
+ if (sscanf(buff, "prog_type:\t%u", &val) == 1)
+ prog->type = val;
+ else if (sscanf(buff, "prog_jited:\t%u", &val) == 1)
+ prog->jited = val;
+ }
+
+ fclose(fp);
+ return 0;
+}
+
+static int bpf_tail_call_get_aux(struct bpf_jited_aux *aux)
+{
+ struct bpf_elf_map tmp;
+ int ret;
+
+ ret = bpf_derive_elf_map_from_fdinfo(aux->map_fd, &tmp, &aux->map);
+ if (!ret)
+ ret = bpf_derive_prog_from_fdinfo(aux->prog_fd, &aux->prog);
+
+ return ret;
+}
+
+static int bpf_fill_prog_arrays(struct bpf_elf_ctx *ctx)
+{
+ struct bpf_elf_sec_data data;
+ uint32_t map_id, key_id;
+ int fd, i, ret, idx;
+
+ for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
+ if (ctx->sec_done[i])
+ continue;
+
+ ret = bpf_fill_section_data(ctx, i, &data);
+ if (ret < 0)
+ continue;
+
+ ret = sscanf(data.sec_name, "%i/%i", &map_id, &key_id);
+ if (ret != 2)
+ continue;
+
+ idx = bpf_find_map_by_id(ctx, map_id);
+ if (idx < 0)
+ continue;
+
+ fd = bpf_fetch_prog_sec(ctx, data.sec_name);
+ if (fd < 0)
+ return -EIO;
+
+ ret = bpf_map_update(ctx->map_fds[idx], &key_id,
+ &fd, BPF_ANY);
+ if (ret < 0) {
+ struct bpf_jited_aux aux = {};
+
+ ret = -errno;
+ if (errno == E2BIG) {
+ fprintf(stderr, "Tail call key %u for map %u out of bounds?\n",
+ key_id, map_id);
+ return ret;
+ }
+
+ aux.map_fd = ctx->map_fds[idx];
+ aux.prog_fd = fd;
+
+ if (bpf_tail_call_get_aux(&aux))
+ return ret;
+ if (!aux.map.owner.type)
+ return ret;
+
+ if (aux.prog.type != aux.map.owner.type)
+ fprintf(stderr, "Tail call map owned by prog type %u, but prog type is %u!\n",
+ aux.map.owner.type, aux.prog.type);
+ if (aux.prog.jited != aux.map.owner.jited)
+ fprintf(stderr, "Tail call map %s jited, but prog %s!\n",
+ aux.map.owner.jited ? "is" : "not",
+ aux.prog.jited ? "is" : "not");
+ return ret;
+ }
+
+ ctx->sec_done[i] = true;
+ }
+
+ return 0;
+}
+
+static void bpf_save_finfo(struct bpf_elf_ctx *ctx)
+{
+ struct stat st;
+ int ret;
+
+ memset(&ctx->stat, 0, sizeof(ctx->stat));
+
+ ret = fstat(ctx->obj_fd, &st);
+ if (ret < 0) {
+ fprintf(stderr, "Stat of elf file failed: %s\n",
+ strerror(errno));
+ return;
+ }
+
+ ctx->stat.st_dev = st.st_dev;
+ ctx->stat.st_ino = st.st_ino;
+}
+
+static int bpf_read_pin_mapping(FILE *fp, uint32_t *id, char *path)
+{
+ char buff[PATH_MAX];
+
+ while (fgets(buff, sizeof(buff), fp)) {
+ char *ptr = buff;
+
+ while (*ptr == ' ' || *ptr == '\t')
+ ptr++;
+
+ if (*ptr == '#' || *ptr == '\n' || *ptr == 0)
+ continue;
+
+ if (sscanf(ptr, "%i %s\n", id, path) != 2 &&
+ sscanf(ptr, "%i %s #", id, path) != 2) {
+ strcpy(path, ptr);
+ return -1;
+ }
+
+ return 1;
+ }
+
+ return 0;
+}
+
+static bool bpf_pinning_reserved(uint32_t pinning)
+{
+ switch (pinning) {
+ case PIN_NONE:
+ case PIN_OBJECT_NS:
+ case PIN_GLOBAL_NS:
+ return true;
+ default:
+ return false;
+ }
+}
+
+static void bpf_hash_init(struct bpf_elf_ctx *ctx, const char *db_file)
+{
+ struct bpf_hash_entry *entry;
+ char subpath[PATH_MAX] = {};
+ uint32_t pinning;
+ FILE *fp;
+ int ret;
+
+ fp = fopen(db_file, "r");
+ if (!fp)
+ return;
+
+ while ((ret = bpf_read_pin_mapping(fp, &pinning, subpath))) {
+ if (ret == -1) {
+ fprintf(stderr, "Database %s is corrupted at: %s\n",
+ db_file, subpath);
+ fclose(fp);
+ return;
+ }
+
+ if (bpf_pinning_reserved(pinning)) {
+ fprintf(stderr, "Database %s, id %u is reserved - ignoring!\n",
+ db_file, pinning);
+ continue;
+ }
+
+ entry = malloc(sizeof(*entry));
+ if (!entry) {
+ fprintf(stderr, "No memory left for db entry!\n");
+ continue;
+ }
+
+ entry->pinning = pinning;
+ entry->subpath = strdup(subpath);
+ if (!entry->subpath) {
+ fprintf(stderr, "No memory left for db entry!\n");
+ free(entry);
+ continue;
+ }
+
+ entry->next = ctx->ht[pinning & (ARRAY_SIZE(ctx->ht) - 1)];
+ ctx->ht[pinning & (ARRAY_SIZE(ctx->ht) - 1)] = entry;
+ }
+
+ fclose(fp);
+}
+
+static void bpf_hash_destroy(struct bpf_elf_ctx *ctx)
+{
+ struct bpf_hash_entry *entry;
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(ctx->ht); i++) {
+ while ((entry = ctx->ht[i]) != NULL) {
+ ctx->ht[i] = entry->next;
+ free((char *)entry->subpath);
+ free(entry);
+ }
+ }
+}
+
+static int bpf_elf_check_ehdr(const struct bpf_elf_ctx *ctx)
+{
+ if (ctx->elf_hdr.e_type != ET_REL ||
+ (ctx->elf_hdr.e_machine != EM_NONE &&
+ ctx->elf_hdr.e_machine != EM_BPF) ||
+ ctx->elf_hdr.e_version != EV_CURRENT) {
+ fprintf(stderr, "ELF format error, ELF file not for eBPF?\n");
+ return -EINVAL;
+ }
+
+ switch (ctx->elf_hdr.e_ident[EI_DATA]) {
+ default:
+ fprintf(stderr, "ELF format error, wrong endianness info?\n");
+ return -EINVAL;
+ case ELFDATA2LSB:
+ if (htons(1) == 1) {
+ fprintf(stderr,
+ "We are big endian, eBPF object is little endian!\n");
+ return -EIO;
+ }
+ break;
+ case ELFDATA2MSB:
+ if (htons(1) != 1) {
+ fprintf(stderr,
+ "We are little endian, eBPF object is big endian!\n");
+ return -EIO;
+ }
+ break;
+ }
+
+ return 0;
+}
+
+static void bpf_get_cfg(struct bpf_elf_ctx *ctx)
+{
+ static const char *path_jit = "/proc/sys/net/core/bpf_jit_enable";
+ int fd;
+
+ fd = open(path_jit, O_RDONLY);
+ if (fd > 0) {
+ char tmp[16] = {};
+
+ if (read(fd, tmp, sizeof(tmp)) > 0)
+ ctx->cfg.jit_enabled = atoi(tmp);
+ close(fd);
+ }
+}
+
+static int bpf_elf_ctx_init(struct bpf_elf_ctx *ctx, const char *pathname,
+ enum bpf_prog_type type, bool verbose)
+{
+ int ret = -EINVAL;
+
+ if (elf_version(EV_CURRENT) == EV_NONE ||
+ bpf_init_env(pathname))
+ return ret;
+
+ memset(ctx, 0, sizeof(*ctx));
+ bpf_get_cfg(ctx);
+ ctx->verbose = verbose;
+ ctx->type = type;
+
+ ctx->obj_fd = open(pathname, O_RDONLY);
+ if (ctx->obj_fd < 0)
+ return ctx->obj_fd;
+
+ ctx->elf_fd = elf_begin(ctx->obj_fd, ELF_C_READ, NULL);
+ if (!ctx->elf_fd) {
+ ret = -EINVAL;
+ goto out_fd;
+ }
+
+ if (elf_kind(ctx->elf_fd) != ELF_K_ELF) {
+ ret = -EINVAL;
+ goto out_fd;
+ }
+
+ if (gelf_getehdr(ctx->elf_fd, &ctx->elf_hdr) !=
+ &ctx->elf_hdr) {
+ ret = -EIO;
+ goto out_elf;
+ }
+
+ ret = bpf_elf_check_ehdr(ctx);
+ if (ret < 0)
+ goto out_elf;
+
+ ctx->sec_done = calloc(ctx->elf_hdr.e_shnum,
+ sizeof(*(ctx->sec_done)));
+ if (!ctx->sec_done) {
+ ret = -ENOMEM;
+ goto out_elf;
+ }
+
+ if (ctx->verbose && bpf_log_realloc(ctx)) {
+ ret = -ENOMEM;
+ goto out_free;
+ }
+
+ bpf_save_finfo(ctx);
+ bpf_hash_init(ctx, CONFDIR "/bpf_pinning");
+
+ return 0;
+out_free:
+ free(ctx->sec_done);
+out_elf:
+ elf_end(ctx->elf_fd);
+out_fd:
+ close(ctx->obj_fd);
+ return ret;
+}
+
+static int bpf_maps_count(struct bpf_elf_ctx *ctx)
+{
+ int i, count = 0;
+
+ for (i = 0; i < ARRAY_SIZE(ctx->map_fds); i++) {
+ if (!ctx->map_fds[i])
+ break;
+ count++;
+ }
+
+ return count;
+}
+
+static void bpf_maps_teardown(struct bpf_elf_ctx *ctx)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(ctx->map_fds); i++) {
+ if (ctx->map_fds[i])
+ close(ctx->map_fds[i]);
+ }
+}
+
+static void bpf_elf_ctx_destroy(struct bpf_elf_ctx *ctx, bool failure)
+{
+ if (failure)
+ bpf_maps_teardown(ctx);
+
+ bpf_hash_destroy(ctx);
+
+ free(ctx->sec_done);
+ free(ctx->log);
+
+ elf_end(ctx->elf_fd);
+ close(ctx->obj_fd);
+}
+
+static struct bpf_elf_ctx __ctx;
+
+static int bpf_obj_open(const char *pathname, enum bpf_prog_type type,
+ const char *section, bool verbose)
+{
+ struct bpf_elf_ctx *ctx = &__ctx;
+ int fd = 0, ret;
+
+ ret = bpf_elf_ctx_init(ctx, pathname, type, verbose);
+ if (ret < 0) {
+ fprintf(stderr, "Cannot initialize ELF context!\n");
+ return ret;
+ }
+
+ ret = bpf_fetch_ancillary(ctx);
+ if (ret < 0) {
+ fprintf(stderr, "Error fetching ELF ancillary data!\n");
+ goto out;
+ }
+
+ fd = bpf_fetch_prog_sec(ctx, section);
+ if (fd < 0) {
+ fprintf(stderr, "Error fetching program/map!\n");
+ ret = fd;
+ goto out;
+ }
+
+ ret = bpf_fill_prog_arrays(ctx);
+ if (ret < 0)
+ fprintf(stderr, "Error filling program arrays!\n");
+out:
+ bpf_elf_ctx_destroy(ctx, ret < 0);
+ if (ret < 0) {
+ if (fd)
+ close(fd);
+ return ret;
+ }
+
+ return fd;
+}
+
+static int
+bpf_map_set_send(int fd, struct sockaddr_un *addr, unsigned int addr_len,
+ const struct bpf_map_data *aux, unsigned int entries)
+{
+ struct bpf_map_set_msg msg = {
+ .aux.uds_ver = BPF_SCM_AUX_VER,
+ .aux.num_ent = entries,
+ };
+ int *cmsg_buf, min_fd;
+ char *amsg_buf;
+ int i;
+
+ strncpy(msg.aux.obj_name, aux->obj, sizeof(msg.aux.obj_name));
+ memcpy(&msg.aux.obj_st, aux->st, sizeof(msg.aux.obj_st));
+
+ cmsg_buf = bpf_map_set_init(&msg, addr, addr_len);
+ amsg_buf = (char *)msg.aux.ent;
+
+ for (i = 0; i < entries; i += min_fd) {
+ int ret;
+
+ min_fd = min(BPF_SCM_MAX_FDS * 1U, entries - i);
+ bpf_map_set_init_single(&msg, min_fd);
+
+ memcpy(cmsg_buf, &aux->fds[i], sizeof(aux->fds[0]) * min_fd);
+ memcpy(amsg_buf, &aux->ent[i], sizeof(aux->ent[0]) * min_fd);
+
+ ret = sendmsg(fd, &msg.hdr, 0);
+ if (ret <= 0)
+ return ret ? : -1;
+ }
+
+ return 0;
+}
+
+static int
+bpf_map_set_recv(int fd, int *fds, struct bpf_map_aux *aux,
+ unsigned int entries)
+{
+ struct bpf_map_set_msg msg;
+ int *cmsg_buf, min_fd;
+ char *amsg_buf, *mmsg_buf;
+ unsigned int needed = 1;
+ int i;
+
+ cmsg_buf = bpf_map_set_init(&msg, NULL, 0);
+ amsg_buf = (char *)msg.aux.ent;
+ mmsg_buf = (char *)&msg.aux;
+
+ for (i = 0; i < min(entries, needed); i += min_fd) {
+ struct cmsghdr *cmsg;
+ int ret;
+
+ min_fd = min(entries, entries - i);
+ bpf_map_set_init_single(&msg, min_fd);
+
+ ret = recvmsg(fd, &msg.hdr, 0);
+ if (ret <= 0)
+ return ret ? : -1;
+
+ cmsg = CMSG_FIRSTHDR(&msg.hdr);
+ if (!cmsg || cmsg->cmsg_type != SCM_RIGHTS)
+ return -EINVAL;
+ if (msg.hdr.msg_flags & MSG_CTRUNC)
+ return -EIO;
+ if (msg.aux.uds_ver != BPF_SCM_AUX_VER)
+ return -ENOSYS;
+
+ min_fd = (cmsg->cmsg_len - sizeof(*cmsg)) / sizeof(fd);
+ if (min_fd > entries || min_fd <= 0)
+ return -EINVAL;
+
+ memcpy(&fds[i], cmsg_buf, sizeof(fds[0]) * min_fd);
+ memcpy(&aux->ent[i], amsg_buf, sizeof(aux->ent[0]) * min_fd);
+ memcpy(aux, mmsg_buf, offsetof(struct bpf_map_aux, ent));
+
+ needed = aux->num_ent;
+ }
+
+ return 0;
+}
+
+int bpf_send_map_fds(const char *path, const char *obj)
+{
+ struct bpf_elf_ctx *ctx = &__ctx;
+ struct sockaddr_un addr = { .sun_family = AF_UNIX };
+ struct bpf_map_data bpf_aux = {
+ .fds = ctx->map_fds,
+ .ent = ctx->maps,
+ .st = &ctx->stat,
+ .obj = obj,
+ };
+ int fd, ret;
+
+ fd = socket(AF_UNIX, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ fprintf(stderr, "Cannot open socket: %s\n",
+ strerror(errno));
+ return -1;
+ }
+
+ strncpy(addr.sun_path, path, sizeof(addr.sun_path));
+
+ ret = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
+ if (ret < 0) {
+ fprintf(stderr, "Cannot connect to %s: %s\n",
+ path, strerror(errno));
+ return -1;
+ }
+
+ ret = bpf_map_set_send(fd, &addr, sizeof(addr), &bpf_aux,
+ bpf_maps_count(ctx));
+ if (ret < 0)
+ fprintf(stderr, "Cannot send fds to %s: %s\n",
+ path, strerror(errno));
+
+ bpf_maps_teardown(ctx);
+ close(fd);
+ return ret;
+}
+
+int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux,
+ unsigned int entries)
+{
+ struct sockaddr_un addr = { .sun_family = AF_UNIX };
+ int fd, ret;
+
+ fd = socket(AF_UNIX, SOCK_DGRAM, 0);
+ if (fd < 0) {
+ fprintf(stderr, "Cannot open socket: %s\n",
+ strerror(errno));
+ return -1;
+ }
+
+ strncpy(addr.sun_path, path, sizeof(addr.sun_path));
+
+ ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr));
+ if (ret < 0) {
+ fprintf(stderr, "Cannot bind to socket: %s\n",
+ strerror(errno));
+ return -1;
+ }
+
+ ret = bpf_map_set_recv(fd, fds, aux, entries);
+ if (ret < 0)
+ fprintf(stderr, "Cannot recv fds from %s: %s\n",
+ path, strerror(errno));
+
+ unlink(addr.sun_path);
+ close(fd);
+ return ret;
+}
+#endif /* HAVE_ELF */
diff --git a/lib/color.c b/lib/color.c
index 8c9a48b..8d049a0 100644
--- a/lib/color.c
+++ b/lib/color.c
@@ -1,5 +1,10 @@
#include <stdio.h>
#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <linux/if.h>
#include "color.h"
@@ -11,6 +16,13 @@
C_MAGENTA,
C_CYAN,
C_WHITE,
+ C_BOLD_RED,
+ C_BOLD_GREEN,
+ C_BOLD_YELLOW,
+ C_BOLD_BLUE,
+ C_BOLD_MAGENTA,
+ C_BOLD_CYAN,
+ C_BOLD_WHITE,
C_CLEAR
};
@@ -22,24 +34,69 @@
"\e[35m",
"\e[36m",
"\e[37m",
+ "\e[1;31m",
+ "\e[1;32m",
+ "\e[1;33m",
+ "\e[1;34m",
+ "\e[1;35m",
+ "\e[1;36m",
+ "\e[1;37m",
"\e[0m",
NULL,
};
-static enum color attr_colors[] = {
+/* light background */
+static enum color attr_colors_light[] = {
C_CYAN,
C_YELLOW,
C_MAGENTA,
C_BLUE,
C_GREEN,
- C_RED
+ C_RED,
+ C_CLEAR,
};
+/* dark background */
+static enum color attr_colors_dark[] = {
+ C_BOLD_CYAN,
+ C_BOLD_YELLOW,
+ C_BOLD_MAGENTA,
+ C_BOLD_BLUE,
+ C_BOLD_GREEN,
+ C_BOLD_RED,
+ C_CLEAR
+};
+
+static int is_dark_bg;
static int color_is_enabled;
void enable_color(void)
{
color_is_enabled = 1;
+ set_color_palette();
+}
+
+void set_color_palette(void)
+{
+ char *p = getenv("COLORFGBG");
+
+ /*
+ * COLORFGBG environment variable usually contains either two or three
+ * values separated by semicolons; we want the last value in either case.
+ * If this value is 0-6 or 8, background is dark.
+ */
+ if (p && (p = strrchr(p, ';')) != NULL
+ && ((p[1] >= '0' && p[1] <= '6') || p[1] == '8')
+ && p[2] == '\0')
+ is_dark_bg = 1;
+}
+
+void check_if_color_enabled(void)
+{
+ if (color_is_enabled) {
+ fprintf(stderr, "Option \"-json\" conflicts with \"-color\".\n");
+ exit(1);
+ }
}
int color_fprintf(FILE *fp, enum color_attr attr, const char *fmt, ...)
@@ -49,12 +106,14 @@
va_start(args, fmt);
- if (!color_is_enabled) {
+ if (!color_is_enabled || attr == COLOR_NONE) {
ret = vfprintf(fp, fmt, args);
goto end;
}
- ret += fprintf(fp, "%s", color_codes[attr_colors[attr]]);
+ ret += fprintf(fp, "%s", color_codes[is_dark_bg ?
+ attr_colors_dark[attr] : attr_colors_light[attr]]);
+
ret += vfprintf(fp, fmt, args);
ret += fprintf(fp, "%s", color_codes[C_CLEAR]);
@@ -62,3 +121,27 @@
va_end(args);
return ret;
}
+
+enum color_attr ifa_family_color(__u8 ifa_family)
+{
+ switch (ifa_family) {
+ case AF_INET:
+ return COLOR_INET;
+ case AF_INET6:
+ return COLOR_INET6;
+ default:
+ return COLOR_NONE;
+ }
+}
+
+enum color_attr oper_state_color(__u8 state)
+{
+ switch (state) {
+ case IF_OPER_UP:
+ return COLOR_OPERSTATE_UP;
+ case IF_OPER_DOWN:
+ return COLOR_OPERSTATE_DOWN;
+ default:
+ return COLOR_NONE;
+ }
+}
diff --git a/lib/coverity_model.c b/lib/coverity_model.c
index c896302..1321fe8 100644
--- a/lib/coverity_model.c
+++ b/lib/coverity_model.c
@@ -15,5 +15,3 @@
* Coverity Scan doesn't pick up modifications automatically. The model file
* must be uploaded by an admin.
*/
-
-
diff --git a/lib/dnet_ntop.c b/lib/dnet_ntop.c
index 507a7eb..112dc0d 100644
--- a/lib/dnet_ntop.c
+++ b/lib/dnet_ntop.c
@@ -98,5 +98,3 @@
return NULL;
}
-
-
diff --git a/lib/exec.c b/lib/exec.c
new file mode 100644
index 0000000..97c9912
--- /dev/null
+++ b/lib/exec.c
@@ -0,0 +1,40 @@
+#include <sys/wait.h>
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "utils.h"
+
+int cmd_exec(const char *cmd, char **argv, bool do_fork)
+{
+ fflush(stdout);
+ if (do_fork) {
+ int status;
+ pid_t pid;
+
+ pid = fork();
+ if (pid < 0) {
+ perror("fork");
+ exit(1);
+ }
+
+ if (pid != 0) {
+ /* Parent */
+ if (waitpid(pid, &status, 0) < 0) {
+ perror("waitpid");
+ exit(1);
+ }
+
+ if (WIFEXITED(status)) {
+ return WEXITSTATUS(status);
+ }
+
+ exit(1);
+ }
+ }
+
+ if (execvp(cmd, argv) < 0)
+ fprintf(stderr, "exec of \"%s\" failed: %s\n",
+ cmd, strerror(errno));
+ _exit(1);
+}
diff --git a/lib/fs.c b/lib/fs.c
new file mode 100644
index 0000000..86efd4e
--- /dev/null
+++ b/lib/fs.c
@@ -0,0 +1,182 @@
+/*
+ * fs.c filesystem APIs
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: David Ahern <dsa@cumulusnetworks.com>
+ *
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <sys/mount.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <limits.h>
+
+#include "utils.h"
+
+#define CGROUP2_FS_NAME "cgroup2"
+
+/* if not already mounted cgroup2 is mounted here for iproute2's use */
+#define MNT_CGRP2_PATH "/var/run/cgroup2"
+
+/* return mount path of first occurrence of given fstype */
+static char *find_fs_mount(const char *fs_to_find)
+{
+ char path[4096];
+ char fstype[128]; /* max length of any filesystem name */
+ char *mnt = NULL;
+ FILE *fp;
+
+ fp = fopen("/proc/mounts", "r");
+ if (!fp) {
+ fprintf(stderr,
+ "Failed to open mounts file: %s\n", strerror(errno));
+ return NULL;
+ }
+
+ while (fscanf(fp, "%*s %4095s %127s %*s %*d %*d\n",
+ path, fstype) == 2) {
+ if (strcmp(fstype, fs_to_find) == 0) {
+ mnt = strdup(path);
+ break;
+ }
+ }
+
+ fclose(fp);
+
+ return mnt;
+}
+
+/* caller needs to free string returned */
+char *find_cgroup2_mount(void)
+{
+ char *mnt = find_fs_mount(CGROUP2_FS_NAME);
+
+ if (mnt)
+ return mnt;
+
+ mnt = strdup(MNT_CGRP2_PATH);
+ if (!mnt) {
+ fprintf(stderr, "Failed to allocate memory for cgroup2 path\n");
+ return NULL;
+
+ }
+
+ if (make_path(mnt, 0755)) {
+ fprintf(stderr, "Failed to setup vrf cgroup2 directory\n");
+ free(mnt);
+ return NULL;
+ }
+
+ if (mount("none", mnt, CGROUP2_FS_NAME, 0, NULL)) {
+ /* EBUSY means already mounted */
+ if (errno == EBUSY)
+ goto out;
+
+ if (errno == ENODEV) {
+ fprintf(stderr,
+ "Failed to mount cgroup2. Are CGROUPS enabled in your kernel?\n");
+ } else {
+ fprintf(stderr,
+ "Failed to mount cgroup2: %s\n",
+ strerror(errno));
+ }
+ free(mnt);
+ return NULL;
+ }
+out:
+ return mnt;
+}
+
+int make_path(const char *path, mode_t mode)
+{
+ char *dir, *delim;
+ int rc = -1;
+
+ delim = dir = strdup(path);
+ if (dir == NULL) {
+ fprintf(stderr, "strdup failed copying path");
+ return -1;
+ }
+
+ /* skip '/' -- it had better exist */
+ if (*delim == '/')
+ delim++;
+
+ while (1) {
+ delim = strchr(delim, '/');
+ if (delim)
+ *delim = '\0';
+
+ rc = mkdir(dir, mode);
+ if (mkdir(dir, mode) != 0 && errno != EEXIST) {
+ fprintf(stderr, "mkdir failed for %s: %s\n",
+ dir, strerror(errno));
+ goto out;
+ }
+
+ if (delim == NULL)
+ break;
+
+ *delim = '/';
+ delim++;
+ if (*delim == '\0')
+ break;
+ }
+ rc = 0;
+out:
+ free(dir);
+
+ return rc;
+}
+
+int get_command_name(const char *pid, char *comm, size_t len)
+{
+ char path[PATH_MAX];
+ char line[128];
+ FILE *fp;
+
+ if (snprintf(path, sizeof(path),
+ "/proc/%s/status", pid) >= sizeof(path)) {
+ return -1;
+ }
+
+ fp = fopen(path, "r");
+ if (!fp)
+ return -1;
+
+ comm[0] = '\0';
+ while (fgets(line, sizeof(line), fp)) {
+ char *nl, *name;
+
+ name = strstr(line, "Name:");
+ if (!name)
+ continue;
+
+ name += 5;
+ while (isspace(*name))
+ name++;
+
+ nl = strchr(name, '\n');
+ if (nl)
+ *nl = '\0';
+
+ strlcpy(comm, name, len);
+ break;
+ }
+
+ fclose(fp);
+
+ return 0;
+}
diff --git a/lib/inet_proto.c b/lib/inet_proto.c
index 57a8351..bdfd52f 100644
--- a/lib/inet_proto.c
+++ b/lib/inet_proto.c
@@ -25,7 +25,7 @@
const char *inet_proto_n2a(int proto, char *buf, int len)
{
- static char ncache[16];
+ static char *ncache;
static int icache = -1;
struct protoent *pe;
@@ -34,9 +34,11 @@
pe = getprotobynumber(proto);
if (pe) {
+ if (icache != -1)
+ free(ncache);
icache = proto;
- strncpy(ncache, pe->p_name, 16);
- strncpy(buf, pe->p_name, len);
+ ncache = strdup(pe->p_name);
+ strlcpy(buf, pe->p_name, len);
return buf;
}
snprintf(buf, len, "ipproto-%d", proto);
@@ -45,27 +47,24 @@
int inet_proto_a2n(const char *buf)
{
- static char ncache[16];
+ static char *ncache;
static int icache = -1;
struct protoent *pe;
+ __u8 ret;
- if (icache>=0 && strcmp(ncache, buf) == 0)
+ if (icache != -1 && strcmp(ncache, buf) == 0)
return icache;
- if (buf[0] >= '0' && buf[0] <= '9') {
- __u8 ret;
- if (get_u8(&ret, buf, 10))
- return -1;
+ if (!get_u8(&ret, buf, 10))
return ret;
- }
pe = getprotobyname(buf);
if (pe) {
+ if (icache != -1)
+ free(ncache);
icache = pe->p_proto;
- strncpy(ncache, pe->p_name, 16);
+ ncache = strdup(pe->p_name);
return pe->p_proto;
}
return -1;
}
-
-
diff --git a/lib/ipx_ntop.c b/lib/ipx_ntop.c
index 1e46bc2..5f646b3 100644
--- a/lib/ipx_ntop.c
+++ b/lib/ipx_ntop.c
@@ -68,5 +68,3 @@
return NULL;
}
-
-
diff --git a/lib/ipx_pton.c b/lib/ipx_pton.c
index 3dca271..071a775 100644
--- a/lib/ipx_pton.c
+++ b/lib/ipx_pton.c
@@ -6,18 +6,6 @@
#include "utils.h"
-static u_int32_t hexget(char c)
-{
- if (c >= 'A' && c <= 'F')
- return c - 'A' + 10;
- if (c >= 'a' && c <= 'f')
- return c - 'a' + 10;
- if (c >= '0' && c <= '9')
- return c - '0';
-
- return 0xf0;
-}
-
static int ipx_getnet(u_int32_t *net, const char *str)
{
int i;
@@ -25,7 +13,7 @@
for(i = 0; *str && (i < 8); i++) {
- if ((tmp = hexget(*str)) & 0xf0) {
+ if ((tmp = get_hex(*str)) == -1) {
if (*str == '.')
return 0;
else
@@ -49,11 +37,11 @@
u_int32_t tmp;
for(i = 0; i < 6; i++) {
- if ((tmp = hexget(*str++)) & 0xf0)
+ if ((tmp = get_hex(*str++)) == -1)
return -1;
node[i] = (u_int8_t)tmp;
node[i] <<= 4;
- if ((tmp = hexget(*str++)) & 0xf0)
+ if ((tmp = get_hex(*str++)) == -1)
return -1;
node[i] |= (u_int8_t)tmp;
if (*str == ':')
diff --git a/lib/json_print.c b/lib/json_print.c
new file mode 100644
index 0000000..aa527af
--- /dev/null
+++ b/lib/json_print.c
@@ -0,0 +1,220 @@
+/*
+ * json_print.c "print regular or json output, based on json_writer".
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Julien Fortin, <julien@cumulusnetworks.com>
+ */
+
+#include <stdarg.h>
+#include <stdio.h>
+
+#include "utils.h"
+#include "json_print.h"
+
+static json_writer_t *_jw;
+
+#define _IS_JSON_CONTEXT(type) ((type & PRINT_JSON || type & PRINT_ANY) && _jw)
+#define _IS_FP_CONTEXT(type) (!_jw && (type & PRINT_FP || type & PRINT_ANY))
+
+void new_json_obj(int json)
+{
+ if (json) {
+ _jw = jsonw_new(stdout);
+ if (!_jw) {
+ perror("json object");
+ exit(1);
+ }
+ jsonw_pretty(_jw, true);
+ jsonw_start_array(_jw);
+ }
+}
+
+void delete_json_obj(void)
+{
+ if (_jw) {
+ jsonw_end_array(_jw);
+ jsonw_destroy(&_jw);
+ }
+}
+
+bool is_json_context(void)
+{
+ return _jw != NULL;
+}
+
+json_writer_t *get_json_writer(void)
+{
+ return _jw;
+}
+
+void open_json_object(const char *str)
+{
+ if (_IS_JSON_CONTEXT(PRINT_JSON)) {
+ if (str)
+ jsonw_name(_jw, str);
+ jsonw_start_object(_jw);
+ }
+}
+
+void close_json_object(void)
+{
+ if (_IS_JSON_CONTEXT(PRINT_JSON))
+ jsonw_end_object(_jw);
+}
+
+/*
+ * Start json array or string array using
+ * the provided string as json key (if not null)
+ * or as array delimiter in non-json context.
+ */
+void open_json_array(enum output_type type, const char *str)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ if (str)
+ jsonw_name(_jw, str);
+ jsonw_start_array(_jw);
+ } else if (_IS_FP_CONTEXT(type)) {
+ printf("%s", str);
+ }
+}
+
+/*
+ * End json array or string array
+ */
+void close_json_array(enum output_type type, const char *str)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ jsonw_pretty(_jw, false);
+ jsonw_end_array(_jw);
+ jsonw_pretty(_jw, true);
+ } else if (_IS_FP_CONTEXT(type)) {
+ printf("%s", str);
+ }
+}
+
+/*
+ * pre-processor directive to generate similar
+ * functions handling different types
+ */
+#define _PRINT_FUNC(type_name, type) \
+ void print_color_##type_name(enum output_type t, \
+ enum color_attr color, \
+ const char *key, \
+ const char *fmt, \
+ type value) \
+ { \
+ if (_IS_JSON_CONTEXT(t)) { \
+ if (!key) \
+ jsonw_##type_name(_jw, value); \
+ else \
+ jsonw_##type_name##_field(_jw, key, value); \
+ } else if (_IS_FP_CONTEXT(t)) { \
+ color_fprintf(stdout, color, fmt, value); \
+ } \
+ }
+_PRINT_FUNC(int, int);
+_PRINT_FUNC(hu, unsigned short);
+_PRINT_FUNC(uint, uint64_t);
+_PRINT_FUNC(lluint, unsigned long long int);
+#undef _PRINT_FUNC
+
+void print_color_string(enum output_type type,
+ enum color_attr color,
+ const char *key,
+ const char *fmt,
+ const char *value)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ if (key && !value)
+ jsonw_name(_jw, key);
+ else if (!key && value)
+ jsonw_string(_jw, value);
+ else
+ jsonw_string_field(_jw, key, value);
+ } else if (_IS_FP_CONTEXT(type)) {
+ color_fprintf(stdout, color, fmt, value);
+ }
+}
+
+/*
+ * value's type is bool. When using this function in FP context you can't pass
+ * a value to it, you will need to use "is_json_context()" to have different
+ * branch for json and regular output. grep -r "print_bool" for example
+ */
+void print_color_bool(enum output_type type,
+ enum color_attr color,
+ const char *key,
+ const char *fmt,
+ bool value)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ if (key)
+ jsonw_bool_field(_jw, key, value);
+ else
+ jsonw_bool(_jw, value);
+ } else if (_IS_FP_CONTEXT(type)) {
+ color_fprintf(stdout, color, fmt, value ? "true" : "false");
+ }
+}
+
+/*
+ * In JSON context uses hardcode %#x format: 42 -> 0x2a
+ */
+void print_color_0xhex(enum output_type type,
+ enum color_attr color,
+ const char *key,
+ const char *fmt,
+ unsigned int hex)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "%#x", hex);
+ print_string(PRINT_JSON, key, NULL, b1);
+ } else if (_IS_FP_CONTEXT(type)) {
+ color_fprintf(stdout, color, fmt, hex);
+ }
+}
+
+void print_color_hex(enum output_type type,
+ enum color_attr color,
+ const char *key,
+ const char *fmt,
+ unsigned int hex)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ SPRINT_BUF(b1);
+
+ snprintf(b1, sizeof(b1), "%x", hex);
+ if (key)
+ jsonw_string_field(_jw, key, b1);
+ else
+ jsonw_string(_jw, b1);
+ } else if (_IS_FP_CONTEXT(type)) {
+ color_fprintf(stdout, color, fmt, hex);
+ }
+}
+
+/*
+ * In JSON context we don't use the argument "value" we simply call jsonw_null
+ * whereas FP context can use "value" to output anything
+ */
+void print_color_null(enum output_type type,
+ enum color_attr color,
+ const char *key,
+ const char *fmt,
+ const char *value)
+{
+ if (_IS_JSON_CONTEXT(type)) {
+ if (key)
+ jsonw_null_field(_jw, key);
+ else
+ jsonw_null(_jw);
+ } else if (_IS_FP_CONTEXT(type)) {
+ color_fprintf(stdout, color, fmt, value);
+ }
+}
diff --git a/lib/json_writer.c b/lib/json_writer.c
index 2af16e1..6b77d28 100644
--- a/lib/json_writer.c
+++ b/lib/json_writer.c
@@ -33,7 +33,7 @@
static void jsonw_indent(json_writer_t *self)
{
unsigned i;
- for (i = 0; i <= self->depth; ++i)
+ for (i = 0; i < self->depth; ++i)
fputs(" ", self->out);
}
@@ -102,7 +102,6 @@
self->depth = 0;
self->pretty = false;
self->sep = '\0';
- putc('{', self->out);
}
return self;
}
@@ -113,8 +112,7 @@
json_writer_t *self = *self_p;
assert(self->depth == 0);
- jsonw_eol(self);
- fputs("}\n", self->out);
+ fputs("\n", self->out);
fflush(self->out);
free(self);
*self_p = NULL;
@@ -158,7 +156,7 @@
putc(' ', self->out);
}
-static void jsonw_printf(json_writer_t *self, const char *fmt, ...)
+void jsonw_printf(json_writer_t *self, const char *fmt, ...)
{
va_list ap;
@@ -201,23 +199,38 @@
jsonw_printf(self, "%s", val ? "true" : "false");
}
-#ifdef notused
void jsonw_null(json_writer_t *self)
{
jsonw_printf(self, "null");
}
+void jsonw_float_fmt(json_writer_t *self, const char *fmt, double num)
+{
+ jsonw_printf(self, fmt, num);
+}
+
+#ifdef notused
void jsonw_float(json_writer_t *self, double num)
{
jsonw_printf(self, "%g", num);
}
#endif
+void jsonw_hu(json_writer_t *self, unsigned short num)
+{
+ jsonw_printf(self, "%hu", num);
+}
+
void jsonw_uint(json_writer_t *self, uint64_t num)
{
jsonw_printf(self, "%"PRIu64, num);
}
+void jsonw_lluint(json_writer_t *self, unsigned long long int num)
+{
+ jsonw_printf(self, "%llu", num);
+}
+
void jsonw_int(json_writer_t *self, int64_t num)
{
jsonw_printf(self, "%"PRId64, num);
@@ -244,31 +257,53 @@
}
#endif
+void jsonw_float_field_fmt(json_writer_t *self,
+ const char *prop,
+ const char *fmt,
+ double val)
+{
+ jsonw_name(self, prop);
+ jsonw_float_fmt(self, fmt, val);
+}
+
void jsonw_uint_field(json_writer_t *self, const char *prop, uint64_t num)
{
jsonw_name(self, prop);
jsonw_uint(self, num);
}
+void jsonw_hu_field(json_writer_t *self, const char *prop, unsigned short num)
+{
+ jsonw_name(self, prop);
+ jsonw_hu(self, num);
+}
+
+void jsonw_lluint_field(json_writer_t *self,
+ const char *prop,
+ unsigned long long int num)
+{
+ jsonw_name(self, prop);
+ jsonw_lluint(self, num);
+}
+
void jsonw_int_field(json_writer_t *self, const char *prop, int64_t num)
{
jsonw_name(self, prop);
jsonw_int(self, num);
}
-#ifdef notused
void jsonw_null_field(json_writer_t *self, const char *prop)
{
jsonw_name(self, prop);
jsonw_null(self);
}
-#endif
#ifdef TEST
int main(int argc, char **argv)
{
json_writer_t *wr = jsonw_new(stdout);
+ jsonw_start_object(wr);
jsonw_pretty(wr, true);
jsonw_name(wr, "Vyatta");
jsonw_start_object(wr);
@@ -305,6 +340,7 @@
jsonw_end_object(wr);
+ jsonw_end_object(wr);
jsonw_destroy(&wr);
return 0;
}
diff --git a/lib/libgenl.c b/lib/libgenl.c
index acb1478..50d2d92 100644
--- a/lib/libgenl.c
+++ b/lib/libgenl.c
@@ -61,3 +61,20 @@
return genl_parse_getfamily(&req.n);
}
+int genl_init_handle(struct rtnl_handle *grth, const char *family,
+ int *genl_family)
+{
+ if (*genl_family >= 0)
+ return 0;
+
+ if (rtnl_open_byproto(grth, 0, NETLINK_GENERIC) < 0) {
+ fprintf(stderr, "Cannot open generic netlink socket\n");
+ return -1;
+ }
+
+ *genl_family = genl_resolve_family(grth, family);
+ if (*genl_family < 0)
+ return -1;
+
+ return 0;
+}
diff --git a/lib/libnetlink.c b/lib/libnetlink.c
index d6b5fd3..5b5c73e 100644
--- a/lib/libnetlink.c
+++ b/lib/libnetlink.c
@@ -12,6 +12,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <unistd.h>
#include <syslog.h>
#include <fcntl.h>
@@ -35,6 +36,96 @@
int rcvbuf = 1024 * 1024;
+#ifdef HAVE_LIBMNL
+#include <libmnl/libmnl.h>
+
+static const enum mnl_attr_data_type extack_policy[NLMSGERR_ATTR_MAX + 1] = {
+ [NLMSGERR_ATTR_MSG] = MNL_TYPE_NUL_STRING,
+ [NLMSGERR_ATTR_OFFS] = MNL_TYPE_U32,
+};
+
+static int err_attr_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ uint16_t type;
+
+ if (mnl_attr_type_valid(attr, NLMSGERR_ATTR_MAX) < 0) {
+ fprintf(stderr, "Invalid extack attribute\n");
+ return MNL_CB_ERROR;
+ }
+
+ type = mnl_attr_get_type(attr);
+ if (mnl_attr_validate(attr, extack_policy[type]) < 0) {
+ fprintf(stderr, "extack attribute %d failed validation\n",
+ type);
+ return MNL_CB_ERROR;
+ }
+
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+/* dump netlink extended ack error message */
+static int nl_dump_ext_err(const struct nlmsghdr *nlh, nl_ext_ack_fn_t errfn)
+{
+ struct nlattr *tb[NLMSGERR_ATTR_MAX + 1] = {};
+ const struct nlmsgerr *err = mnl_nlmsg_get_payload(nlh);
+ const struct nlmsghdr *err_nlh = NULL;
+ unsigned int hlen = sizeof(*err);
+ const char *errmsg = NULL;
+ uint32_t off = 0;
+
+ /* no TLVs, nothing to do here */
+ if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
+ return 0;
+
+ /* if NLM_F_CAPPED is set then the inner err msg was capped */
+ if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
+ hlen += mnl_nlmsg_get_payload_len(&err->msg);
+
+ if (mnl_attr_parse(nlh, hlen, err_attr_cb, tb) != MNL_CB_OK)
+ return 0;
+
+ if (tb[NLMSGERR_ATTR_MSG])
+ errmsg = mnl_attr_get_str(tb[NLMSGERR_ATTR_MSG]);
+
+ if (tb[NLMSGERR_ATTR_OFFS]) {
+ off = mnl_attr_get_u32(tb[NLMSGERR_ATTR_OFFS]);
+
+ if (off > nlh->nlmsg_len) {
+ fprintf(stderr,
+ "Invalid offset for NLMSGERR_ATTR_OFFS\n");
+ off = 0;
+ } else if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
+ err_nlh = &err->msg;
+ }
+
+ if (errfn)
+ return errfn(errmsg, off, err_nlh);
+
+ if (errmsg && *errmsg != '\0') {
+ fprintf(stderr, "Error: %s", errmsg);
+ if (errmsg[strlen(errmsg) - 1] != '.')
+ fprintf(stderr, ".");
+ fprintf(stderr, "\n");
+
+ return 1;
+ }
+
+ return 0;
+}
+#else
+#ifndef ANDROID
+#warning "libmnl required for error support"
+#endif
+
+/* No extended error ack without libmnl */
+static int nl_dump_ext_err(const struct nlmsghdr *nlh, nl_ext_ack_fn_t errfn)
+{
+ return 0;
+}
+#endif
+
void rtnl_close(struct rtnl_handle *rth)
{
if (rth->fd >= 0) {
@@ -43,11 +134,12 @@
}
}
-int rtnl_open_byproto(struct rtnl_handle *rth, unsigned subscriptions,
+int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions,
int protocol)
{
socklen_t addr_len;
int sndbuf = 32768;
+ int one = 1;
memset(rth, 0, sizeof(*rth));
@@ -58,26 +150,34 @@
return -1;
}
- if (setsockopt(rth->fd,SOL_SOCKET,SO_SNDBUF,&sndbuf,sizeof(sndbuf)) < 0) {
+ if (setsockopt(rth->fd, SOL_SOCKET, SO_SNDBUF,
+ &sndbuf, sizeof(sndbuf)) < 0) {
perror("SO_SNDBUF");
return -1;
}
- if (setsockopt(rth->fd,SOL_SOCKET,SO_RCVBUF,&rcvbuf,sizeof(rcvbuf)) < 0) {
+ if (setsockopt(rth->fd, SOL_SOCKET, SO_RCVBUF,
+ &rcvbuf, sizeof(rcvbuf)) < 0) {
perror("SO_RCVBUF");
return -1;
}
+ /* Older kernels may no support extended ACK reporting */
+ setsockopt(rth->fd, SOL_NETLINK, NETLINK_EXT_ACK,
+ &one, sizeof(one));
+
memset(&rth->local, 0, sizeof(rth->local));
rth->local.nl_family = AF_NETLINK;
rth->local.nl_groups = subscriptions;
- if (bind(rth->fd, (struct sockaddr*)&rth->local, sizeof(rth->local)) < 0) {
+ if (bind(rth->fd, (struct sockaddr *)&rth->local,
+ sizeof(rth->local)) < 0) {
perror("Cannot bind netlink socket");
return -1;
}
addr_len = sizeof(rth->local);
- if (getsockname(rth->fd, (struct sockaddr*)&rth->local, &addr_len) < 0) {
+ if (getsockname(rth->fd, (struct sockaddr *)&rth->local,
+ &addr_len) < 0) {
perror("Cannot getsockname");
return -1;
}
@@ -86,14 +186,15 @@
return -1;
}
if (rth->local.nl_family != AF_NETLINK) {
- fprintf(stderr, "Wrong address family %d\n", rth->local.nl_family);
+ fprintf(stderr, "Wrong address family %d\n",
+ rth->local.nl_family);
return -1;
}
rth->seq = time(NULL);
return 0;
}
-int rtnl_open(struct rtnl_handle *rth, unsigned subscriptions)
+int rtnl_open(struct rtnl_handle *rth, unsigned int subscriptions)
{
return rtnl_open_byproto(rth, subscriptions, NETLINK_ROUTE);
}
@@ -112,21 +213,64 @@
/* attribute has to be NLMSG aligned */
struct rtattr ext_req __attribute__ ((aligned(NLMSG_ALIGNTO)));
__u32 ext_filter_mask;
+ } req = {
+ .nlh.nlmsg_len = sizeof(req),
+ .nlh.nlmsg_type = type,
+ .nlh.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
+ .nlh.nlmsg_seq = rth->dump = ++rth->seq,
+ .ifm.ifi_family = family,
+ .ext_req.rta_type = IFLA_EXT_MASK,
+ .ext_req.rta_len = RTA_LENGTH(sizeof(__u32)),
+ .ext_filter_mask = filt_mask,
+ };
+
+ return send(rth->fd, &req, sizeof(req), 0);
+}
+
+int rtnl_wilddump_req_filter_fn(struct rtnl_handle *rth, int family, int type,
+ req_filter_fn_t filter_fn)
+{
+ struct {
+ struct nlmsghdr nlh;
+ struct ifinfomsg ifm;
+ char buf[1024];
+ } req = {
+ .nlh.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)),
+ .nlh.nlmsg_type = type,
+ .nlh.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
+ .nlh.nlmsg_seq = rth->dump = ++rth->seq,
+ .ifm.ifi_family = family,
+ };
+ int err;
+
+ if (!filter_fn)
+ return -EINVAL;
+
+ err = filter_fn(&req.nlh, sizeof(req));
+ if (err)
+ return err;
+
+ return send(rth->fd, &req, req.nlh.nlmsg_len, 0);
+}
+
+int rtnl_wilddump_stats_req_filter(struct rtnl_handle *rth, int fam, int type,
+ __u32 filt_mask)
+{
+ struct {
+ struct nlmsghdr nlh;
+ struct if_stats_msg ifsm;
} req;
memset(&req, 0, sizeof(req));
- req.nlh.nlmsg_len = sizeof(req);
+ req.nlh.nlmsg_len = NLMSG_LENGTH(sizeof(struct if_stats_msg));
req.nlh.nlmsg_type = type;
req.nlh.nlmsg_flags = NLM_F_DUMP|NLM_F_REQUEST;
req.nlh.nlmsg_pid = 0;
req.nlh.nlmsg_seq = rth->dump = ++rth->seq;
- req.ifm.ifi_family = family;
+ req.ifsm.family = fam;
+ req.ifsm.filter_mask = filt_mask;
- req.ext_req.rta_type = IFLA_EXT_MASK;
- req.ext_req.rta_len = RTA_LENGTH(sizeof(__u32));
- req.ext_filter_mask = filt_mask;
-
- return send(rth->fd, (void*)&req, sizeof(req), 0);
+ return send(rth->fd, &req, sizeof(req), 0);
}
int rtnl_send(struct rtnl_handle *rth, const void *buf, int len)
@@ -155,10 +299,11 @@
for (h = (struct nlmsghdr *)resp; NLMSG_OK(h, status);
h = NLMSG_NEXT(h, status)) {
if (h->nlmsg_type == NLMSG_ERROR) {
- struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
+ struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(h);
+
if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr)))
fprintf(stderr, "ERROR truncated\n");
- else
+ else
errno = -err->error;
return -1;
}
@@ -169,7 +314,12 @@
int rtnl_dump_request(struct rtnl_handle *rth, int type, void *req, int len)
{
- struct nlmsghdr nlh;
+ struct nlmsghdr nlh = {
+ .nlmsg_len = NLMSG_LENGTH(len),
+ .nlmsg_type = type,
+ .nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
+ .nlmsg_seq = rth->dump = ++rth->seq,
+ };
struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
struct iovec iov[2] = {
{ .iov_base = &nlh, .iov_len = sizeof(nlh) },
@@ -177,17 +327,11 @@
};
struct msghdr msg = {
.msg_name = &nladdr,
- .msg_namelen = sizeof(nladdr),
+ .msg_namelen = sizeof(nladdr),
.msg_iov = iov,
.msg_iovlen = 2,
};
- nlh.nlmsg_len = NLMSG_LENGTH(len);
- nlh.nlmsg_type = type;
- nlh.nlmsg_flags = NLM_F_DUMP|NLM_F_REQUEST;
- nlh.nlmsg_pid = 0;
- nlh.nlmsg_seq = rth->dump = ++rth->seq;
-
return sendmsg(rth->fd, &msg, 0);
}
@@ -195,7 +339,7 @@
{
struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
struct iovec iov = {
- .iov_base = (void*) n,
+ .iov_base = n,
.iov_len = n->nlmsg_len
};
struct msghdr msg = {
@@ -212,6 +356,54 @@
return sendmsg(rth->fd, &msg, 0);
}
+static int rtnl_dump_done(struct nlmsghdr *h)
+{
+ int len = *(int *)NLMSG_DATA(h);
+
+ if (h->nlmsg_len < NLMSG_LENGTH(sizeof(int))) {
+ fprintf(stderr, "DONE truncated\n");
+ return -1;
+ }
+
+ if (len < 0) {
+ errno = -len;
+ switch (errno) {
+ case ENOENT:
+ case EOPNOTSUPP:
+ return -1;
+ case EMSGSIZE:
+ fprintf(stderr,
+ "Error: Buffer too small for object.\n");
+ break;
+ default:
+ perror("RTNETLINK answers");
+ }
+ return len;
+ }
+
+ return 0;
+}
+
+static void rtnl_dump_error(const struct rtnl_handle *rth,
+ struct nlmsghdr *h)
+{
+
+ if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) {
+ fprintf(stderr, "ERROR truncated\n");
+ } else {
+ const struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(h);
+
+ errno = -err->error;
+ if (rth->proto == NETLINK_SOCK_DIAG &&
+ (errno == ENOENT ||
+ errno == EOPNOTSUPP))
+ return;
+
+ if (!(rth->flags & RTNL_HANDLE_F_SUPPRESS_NLERR))
+ perror("RTNETLINK answers");
+ }
+}
+
int rtnl_dump_filter_l(struct rtnl_handle *rth,
const struct rtnl_dump_filter_arg *arg)
{
@@ -223,7 +415,7 @@
.msg_iov = &iov,
.msg_iovlen = 1,
};
- char buf[16384];
+ char buf[32768];
int dump_intr = 0;
iov.iov_base = buf;
@@ -253,7 +445,8 @@
fwrite(buf, 1, NLMSG_ALIGN(status), rth->dump_fp);
for (a = arg; a->filter; a++) {
- struct nlmsghdr *h = (struct nlmsghdr*)buf;
+ struct nlmsghdr *h = (struct nlmsghdr *)buf;
+
msglen = status;
while (NLMSG_OK(h, msglen)) {
@@ -270,23 +463,16 @@
dump_intr = 1;
if (h->nlmsg_type == NLMSG_DONE) {
+ err = rtnl_dump_done(h);
+ if (err < 0)
+ return -1;
+
found_done = 1;
break; /* process next filter */
}
- if (h->nlmsg_type == NLMSG_ERROR) {
- struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
- if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) {
- fprintf(stderr,
- "ERROR truncated\n");
- } else {
- errno = -err->error;
- if (rth->proto == NETLINK_SOCK_DIAG &&
- (errno == ENOENT ||
- errno == EOPNOTSUPP))
- return -1;
- perror("RTNETLINK answers");
- }
+ if (h->nlmsg_type == NLMSG_ERROR) {
+ rtnl_dump_error(rth, h);
return -1;
}
@@ -331,15 +517,26 @@
return rtnl_dump_filter_l(rth, a);
}
-int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
- struct nlmsghdr *answer, size_t maxlen)
+static void rtnl_talk_error(struct nlmsghdr *h, struct nlmsgerr *err,
+ nl_ext_ack_fn_t errfn)
+{
+ if (nl_dump_ext_err(h, errfn))
+ return;
+
+ fprintf(stderr, "RTNETLINK answers: %s\n",
+ strerror(-err->error));
+}
+
+static int __rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t maxlen,
+ bool show_rtnl_err, nl_ext_ack_fn_t errfn)
{
int status;
- unsigned seq;
+ unsigned int seq;
struct nlmsghdr *h;
- struct sockaddr_nl nladdr;
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
struct iovec iov = {
- .iov_base = (void*) n,
+ .iov_base = n,
.iov_len = n->nlmsg_len
};
struct msghdr msg = {
@@ -348,10 +545,7 @@
.msg_iov = &iov,
.msg_iovlen = 1,
};
- char buf[32768];
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
+ char buf[32768] = {};
n->nlmsg_seq = seq = ++rtnl->seq;
@@ -364,8 +558,6 @@
return -1;
}
- memset(buf,0,sizeof(buf));
-
iov.iov_base = buf;
while (1) {
iov.iov_len = sizeof(buf);
@@ -383,19 +575,23 @@
return -1;
}
if (msg.msg_namelen != sizeof(nladdr)) {
- fprintf(stderr, "sender address length == %d\n", msg.msg_namelen);
+ fprintf(stderr,
+ "sender address length == %d\n",
+ msg.msg_namelen);
exit(1);
}
- for (h = (struct nlmsghdr*)buf; status >= sizeof(*h); ) {
+ for (h = (struct nlmsghdr *)buf; status >= sizeof(*h); ) {
int len = h->nlmsg_len;
int l = len - sizeof(*h);
- if (l < 0 || len>status) {
+ if (l < 0 || len > status) {
if (msg.msg_flags & MSG_TRUNC) {
fprintf(stderr, "Truncated message\n");
return -1;
}
- fprintf(stderr, "!!!malformed message: len=%d\n", len);
+ fprintf(stderr,
+ "!!!malformed message: len=%d\n",
+ len);
exit(1);
}
@@ -404,12 +600,13 @@
h->nlmsg_seq != seq) {
/* Don't forget to skip that message. */
status -= NLMSG_ALIGN(len);
- h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len));
+ h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
continue;
}
if (h->nlmsg_type == NLMSG_ERROR) {
- struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
+ struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(h);
+
if (l < sizeof(struct nlmsgerr)) {
fprintf(stderr, "ERROR truncated\n");
} else if (!err->error) {
@@ -419,10 +616,10 @@
return 0;
}
- if (rtnl->proto != NETLINK_SOCK_DIAG)
- fprintf(stderr,
- "RTNETLINK answers: %s\n",
- strerror(-err->error));
+ if (rtnl->proto != NETLINK_SOCK_DIAG &&
+ show_rtnl_err)
+ rtnl_talk_error(h, err, errfn);
+
errno = -err->error;
return -1;
}
@@ -436,7 +633,7 @@
fprintf(stderr, "Unexpected reply!!!\n");
status -= NLMSG_ALIGN(len);
- h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len));
+ h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
}
if (msg.msg_flags & MSG_TRUNC) {
@@ -451,6 +648,25 @@
}
}
+int rtnl_talk(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t maxlen)
+{
+ return __rtnl_talk(rtnl, n, answer, maxlen, true, NULL);
+}
+
+int rtnl_talk_extack(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t maxlen,
+ nl_ext_ack_fn_t errfn)
+{
+ return __rtnl_talk(rtnl, n, answer, maxlen, true, errfn);
+}
+
+int rtnl_talk_suppress_rtnl_errmsg(struct rtnl_handle *rtnl, struct nlmsghdr *n,
+ struct nlmsghdr *answer, size_t maxlen)
+{
+ return __rtnl_talk(rtnl, n, answer, maxlen, false, NULL);
+}
+
int rtnl_listen_all_nsid(struct rtnl_handle *rth)
{
unsigned int on = 1;
@@ -470,7 +686,7 @@
{
int status;
struct nlmsghdr *h;
- struct sockaddr_nl nladdr;
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
struct iovec iov;
struct msghdr msg = {
.msg_name = &nladdr,
@@ -486,11 +702,6 @@
msg.msg_controllen = sizeof(cmsgbuf);
}
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
- nladdr.nl_pid = 0;
- nladdr.nl_groups = 0;
-
iov.iov_base = buf;
while (1) {
struct rtnl_ctrl_data ctrl;
@@ -513,7 +724,9 @@
return -1;
}
if (msg.msg_namelen != sizeof(nladdr)) {
- fprintf(stderr, "Sender address length == %d\n", msg.msg_namelen);
+ fprintf(stderr,
+ "Sender address length == %d\n",
+ msg.msg_namelen);
exit(1);
}
@@ -531,17 +744,19 @@
}
}
- for (h = (struct nlmsghdr*)buf; status >= sizeof(*h); ) {
+ for (h = (struct nlmsghdr *)buf; status >= sizeof(*h); ) {
int err;
int len = h->nlmsg_len;
int l = len - sizeof(*h);
- if (l<0 || len>status) {
+ if (l < 0 || len > status) {
if (msg.msg_flags & MSG_TRUNC) {
fprintf(stderr, "Truncated message\n");
return -1;
}
- fprintf(stderr, "!!!malformed message: len=%d\n", len);
+ fprintf(stderr,
+ "!!!malformed message: len=%d\n",
+ len);
exit(1);
}
@@ -550,7 +765,7 @@
return err;
status -= NLMSG_ALIGN(len);
- h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len));
+ h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
}
if (msg.msg_flags & MSG_TRUNC) {
fprintf(stderr, "Message truncated\n");
@@ -567,14 +782,9 @@
void *jarg)
{
int status;
- struct sockaddr_nl nladdr;
- char buf[16384];
- struct nlmsghdr *h = (void*)buf;
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
- nladdr.nl_pid = 0;
- nladdr.nl_groups = 0;
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
+ char buf[16384];
+ struct nlmsghdr *h = (struct nlmsghdr *)buf;
while (1) {
int err, len;
@@ -594,7 +804,7 @@
len = h->nlmsg_len;
l = len - sizeof(*h);
- if (l<0 || len>sizeof(buf)) {
+ if (l < 0 || len > sizeof(buf)) {
fprintf(stderr, "!!!malformed message: len=%d @%lu\n",
len, ftell(rtnl));
return -1;
@@ -654,13 +864,16 @@
struct rtattr *rta;
if (NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len) > maxlen) {
- fprintf(stderr, "addattr_l ERROR: message exceeded bound of %d\n",maxlen);
+ fprintf(stderr,
+ "addattr_l ERROR: message exceeded bound of %d\n",
+ maxlen);
return -1;
}
rta = NLMSG_TAIL(n);
rta->rta_type = type;
rta->rta_len = len;
- memcpy(RTA_DATA(rta), data, alen);
+ if (alen)
+ memcpy(RTA_DATA(rta), data, alen);
n->nlmsg_len = NLMSG_ALIGN(n->nlmsg_len) + RTA_ALIGN(len);
return 0;
}
@@ -668,7 +881,9 @@
int addraw_l(struct nlmsghdr *n, int maxlen, const void *data, int len)
{
if (NLMSG_ALIGN(n->nlmsg_len) + NLMSG_ALIGN(len) > maxlen) {
- fprintf(stderr, "addraw_l ERROR: message exceeded bound of %d\n",maxlen);
+ fprintf(stderr,
+ "addraw_l ERROR: message exceeded bound of %d\n",
+ maxlen);
return -1;
}
@@ -717,10 +932,12 @@
struct rtattr *subrta;
if (RTA_ALIGN(rta->rta_len) + len > maxlen) {
- fprintf(stderr,"rta_addattr32: Error! max allowed bound %d exceeded\n",maxlen);
+ fprintf(stderr,
+ "rta_addattr32: Error! max allowed bound %d exceeded\n",
+ maxlen);
return -1;
}
- subrta = (struct rtattr*)(((char*)rta) + RTA_ALIGN(rta->rta_len));
+ subrta = (struct rtattr *)(((char *)rta) + RTA_ALIGN(rta->rta_len));
subrta->rta_type = type;
subrta->rta_len = len;
memcpy(RTA_DATA(subrta), &data, 4);
@@ -735,13 +952,16 @@
int len = RTA_LENGTH(alen);
if (RTA_ALIGN(rta->rta_len) + RTA_ALIGN(len) > maxlen) {
- fprintf(stderr,"rta_addattr_l: Error! max allowed bound %d exceeded\n",maxlen);
+ fprintf(stderr,
+ "rta_addattr_l: Error! max allowed bound %d exceeded\n",
+ maxlen);
return -1;
}
- subrta = (struct rtattr*)(((char*)rta) + RTA_ALIGN(rta->rta_len));
+ subrta = (struct rtattr *)(((char *)rta) + RTA_ALIGN(rta->rta_len));
subrta->rta_type = type;
subrta->rta_len = len;
- memcpy(RTA_DATA(subrta), data, alen);
+ if (alen)
+ memcpy(RTA_DATA(subrta), data, alen);
rta->rta_len = NLMSG_ALIGN(rta->rta_len) + RTA_ALIGN(len);
return 0;
}
@@ -792,14 +1012,16 @@
type = rta->rta_type & ~flags;
if ((type <= max) && (!tb[type]))
tb[type] = rta;
- rta = RTA_NEXT(rta,len);
+ rta = RTA_NEXT(rta, len);
}
if (len)
- fprintf(stderr, "!!!Deficit %d, rta_len=%d\n", len, rta->rta_len);
+ fprintf(stderr, "!!!Deficit %d, rta_len=%d\n",
+ len, rta->rta_len);
return 0;
}
-int parse_rtattr_byindex(struct rtattr *tb[], int max, struct rtattr *rta, int len)
+int parse_rtattr_byindex(struct rtattr *tb[], int max,
+ struct rtattr *rta, int len)
{
int i = 0;
@@ -807,10 +1029,11 @@
while (RTA_OK(rta, len)) {
if (rta->rta_type <= max && i < max)
tb[i++] = rta;
- rta = RTA_NEXT(rta,len);
+ rta = RTA_NEXT(rta, len);
}
if (len)
- fprintf(stderr, "!!!Deficit %d, rta_len=%d\n", len, rta->rta_len);
+ fprintf(stderr, "!!!Deficit %d, rta_len=%d\n",
+ len, rta->rta_len);
return i;
}
@@ -821,13 +1044,16 @@
return rta;
rta = RTA_NEXT(rta, len);
}
+
if (len)
- fprintf(stderr, "!!!Deficit %d, rta_len=%d\n", len, rta->rta_len);
+ fprintf(stderr, "!!!Deficit %d, rta_len=%d\n",
+ len, rta->rta_len);
return NULL;
}
-int __parse_rtattr_nested_compat(struct rtattr *tb[], int max, struct rtattr *rta,
- int len)
+int __parse_rtattr_nested_compat(struct rtattr *tb[], int max,
+ struct rtattr *rta,
+ int len)
{
if (RTA_PAYLOAD(rta) < len)
return -1;
diff --git a/lib/ll_addr.c b/lib/ll_addr.c
index 2ce9abf..5b5caf3 100644
--- a/lib/ll_addr.c
+++ b/lib/ll_addr.c
@@ -16,7 +16,6 @@
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <sys/ioctl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
@@ -41,18 +40,9 @@
if (alen == 16 && type == ARPHRD_TUNNEL6) {
return inet_ntop(AF_INET6, addr, buf, blen);
}
- l = 0;
- for (i=0; i<alen; i++) {
- if (i==0) {
- snprintf(buf+l, blen, "%02x", addr[i]);
- blen -= 2;
- l += 2;
- } else {
- snprintf(buf+l, blen, ":%02x", addr[i]);
- blen -= 3;
- l += 3;
- }
- }
+ snprintf(buf, blen, "%02x", addr[0]);
+ for (i = 1, l = 2; i < alen && l < blen; i++, l += 3)
+ snprintf(buf + l, blen - l, ":%02x", addr[i]);
return buf;
}
diff --git a/lib/ll_map.c b/lib/ll_map.c
index c6f7027..70684b0 100644
--- a/lib/ll_map.c
+++ b/lib/ll_map.c
@@ -22,7 +22,7 @@
#include "libnetlink.h"
#include "ll_map.h"
-#include "hlist.h"
+#include "list.h"
struct ll_cache {
struct hlist_node idx_hash;
@@ -30,7 +30,7 @@
unsigned flags;
unsigned index;
unsigned short type;
- char name[IFNAMSIZ];
+ char name[];
};
#define IDXMAP_SIZE 1024
@@ -90,7 +90,7 @@
if (n->nlmsg_type != RTM_NEWLINK && n->nlmsg_type != RTM_DELLINK)
return 0;
- if (n->nlmsg_len < NLMSG_LENGTH(sizeof(ifi)))
+ if (n->nlmsg_len < NLMSG_LENGTH(sizeof(*ifi)))
return -1;
im = ll_get_by_index(ifi->ifi_index);
@@ -103,7 +103,6 @@
return 0;
}
- memset(tb, 0, sizeof(tb));
parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), IFLA_PAYLOAD(n));
ifname = rta_getattr_str(tb[IFLA_IFNAME]);
if (ifname == NULL)
@@ -121,7 +120,7 @@
return 0;
}
- im = malloc(sizeof(*im));
+ im = malloc(sizeof(*im) + strlen(ifname) + 1);
if (im == NULL)
return 0;
im->index = ifi->ifi_index;
diff --git a/lib/ll_proto.c b/lib/ll_proto.c
index d8df68c..ef5a5b7 100644
--- a/lib/ll_proto.c
+++ b/lib/ll_proto.c
@@ -16,7 +16,6 @@
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <sys/ioctl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
@@ -111,8 +110,7 @@
return 0;
}
}
- if (get_u16(id, buf, 0))
+ if (get_be16(id, buf, 0))
return -1;
- *id = htons(*id);
return 0;
}
diff --git a/lib/ll_types.c b/lib/ll_types.c
index 2c5bf8b..8f29451 100644
--- a/lib/ll_types.c
+++ b/lib/ll_types.c
@@ -16,7 +16,6 @@
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
-#include <sys/ioctl.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
@@ -100,11 +99,13 @@
__PF(IEEE80211_PRISM,ieee802.11/prism)
__PF(IEEE80211_RADIOTAP,ieee802.11/radiotap)
__PF(IEEE802154, ieee802.15.4)
+__PF(IEEE802154_MONITOR, ieee802.15.4/monitor)
__PF(PHONET, phonet)
__PF(PHONET_PIPE, phonet_pipe)
__PF(CAIF, caif)
__PF(IP6GRE, gre6)
__PF(NETLINK, netlink)
+__PF(6LOWPAN, 6lowpan)
__PF(NONE, none)
__PF(VOID,void)
diff --git a/lib/mpls_ntop.c b/lib/mpls_ntop.c
index 945d6d5..5902f50 100644
--- a/lib/mpls_ntop.c
+++ b/lib/mpls_ntop.c
@@ -10,18 +10,20 @@
{
size_t destlen = buflen;
char *dest = buf;
- int count;
+ int count = 0;
- for (count = 0; count < MPLS_MAX_LABELS; count++) {
- uint32_t entry = ntohl(addr[count].entry);
+ while (1) {
+ uint32_t entry = ntohl(addr[count++].entry);
uint32_t label = (entry & MPLS_LS_LABEL_MASK) >> MPLS_LS_LABEL_SHIFT;
int len = snprintf(dest, destlen, "%u", label);
+ if (len >= destlen)
+ break;
+
/* Is this the end? */
if (entry & MPLS_LS_S_MASK)
return buf;
-
dest += len;
destlen -= len;
if (destlen) {
diff --git a/lib/mpls_pton.c b/lib/mpls_pton.c
index bd448cf..6d2e6a6 100644
--- a/lib/mpls_pton.c
+++ b/lib/mpls_pton.c
@@ -7,12 +7,13 @@
#include "utils.h"
-static int mpls_pton1(const char *name, struct mpls_label *addr)
+static int mpls_pton1(const char *name, struct mpls_label *addr,
+ unsigned int maxlabels)
{
char *endp;
unsigned count;
- for (count = 0; count < MPLS_MAX_LABELS; count++) {
+ for (count = 0; count < maxlabels; count++) {
unsigned long label;
label = strtoul(name, &endp, 0);
@@ -37,17 +38,19 @@
addr += 1;
}
/* The address was too long */
+ fprintf(stderr, "Error: too many labels.\n");
return 0;
}
-int mpls_pton(int af, const char *src, void *addr)
+int mpls_pton(int af, const char *src, void *addr, size_t alen)
{
+ unsigned int maxlabels = alen / sizeof(struct mpls_label);
int err;
switch(af) {
case AF_MPLS:
errno = 0;
- err = mpls_pton1(src, (struct mpls_label *)addr);
+ err = mpls_pton1(src, (struct mpls_label *)addr, maxlabels);
break;
default:
errno = EAFNOSUPPORT;
diff --git a/lib/names.c b/lib/names.c
index 3b5b0b1..fbd6503 100644
--- a/lib/names.c
+++ b/lib/names.c
@@ -54,15 +54,12 @@
{
struct db_names *db;
- db = malloc(sizeof(*db));
+ db = calloc(1, sizeof(*db));
if (!db)
return NULL;
- memset(db, 0, sizeof(*db));
-
db->size = MAX_ENTRIES;
- db->hash = malloc(sizeof(struct db_entry *) * db->size);
- memset(db->hash, 0, sizeof(struct db_entry *) * db->size);
+ db->hash = calloc(db->size, sizeof(struct db_entry *));
return db;
}
diff --git a/lib/rt_names.c b/lib/rt_names.c
index f6d17c0..e5efd78 100644
--- a/lib/rt_names.c
+++ b/lib/rt_names.c
@@ -18,6 +18,7 @@
#include <sys/time.h>
#include <sys/socket.h>
#include <dirent.h>
+#include <limits.h>
#include <asm/types.h>
#include <linux/rtnetlink.h>
@@ -118,7 +119,7 @@
}
static char *rtnl_rtprot_tab[256] = {
- [RTPROT_UNSPEC] = "none",
+ [RTPROT_UNSPEC] = "unspec",
[RTPROT_REDIRECT] = "redirect",
[RTPROT_KERNEL] = "kernel",
[RTPROT_BOOT] = "boot",
@@ -141,9 +142,36 @@
static void rtnl_rtprot_initialize(void)
{
+ struct dirent *de;
+ DIR *d;
+
rtnl_rtprot_init = 1;
rtnl_tab_initialize(CONFDIR "/rt_protos",
rtnl_rtprot_tab, 256);
+
+ d = opendir(CONFDIR "/rt_protos.d");
+ if (!d)
+ return;
+
+ while ((de = readdir(d)) != NULL) {
+ char path[PATH_MAX];
+ size_t len;
+
+ if (*de->d_name == '.')
+ continue;
+
+ /* only consider filenames ending in '.conf' */
+ len = strlen(de->d_name);
+ if (len <= 5)
+ continue;
+ if (strcmp(de->d_name + len - 5, ".conf"))
+ continue;
+
+ snprintf(path, sizeof(path), CONFDIR "/rt_protos.d/%s",
+ de->d_name);
+ rtnl_tab_initialize(path, rtnl_rtprot_tab, 256);
+ }
+ closedir(d);
}
const char *rtnl_rtprot_n2a(int id, char *buf, int len)
@@ -382,10 +410,6 @@
{
struct rtnl_hash_entry *entry;
- if (id > RT_TABLE_MAX) {
- snprintf(buf, len, "%u", id);
- return buf;
- }
if (!rtnl_rttable_init)
rtnl_rttable_initialize();
entry = rtnl_rttable_hash[id & 255];
@@ -403,7 +427,7 @@
static unsigned long res;
struct rtnl_hash_entry *entry;
char *end;
- __u32 i;
+ unsigned long i;
if (cache && strcmp(cache, arg) == 0) {
*id = res;
@@ -558,8 +582,12 @@
for (i = 0; i < 256; i++) {
entry = rtnl_group_hash[i];
- if (entry && entry->id == id)
- return entry->name;
+
+ while (entry) {
+ if (entry->id == id)
+ return entry->name;
+ entry = entry->next;
+ }
}
snprintf(buf, len, "%d", id);
diff --git a/lib/utils.c b/lib/utils.c
index 46a20de..01d2f4c 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -20,6 +20,7 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <string.h>
+#include <ctype.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <asm/types.h>
@@ -35,7 +36,20 @@
#include "utils.h"
#include "namespace.h"
-int timestamp_short = 0;
+int resolve_hosts;
+int timestamp_short;
+
+int get_hex(char c)
+{
+ if (c >= 'A' && c <= 'F')
+ return c - 'A' + 10;
+ if (c >= 'a' && c <= 'f')
+ return c - 'a' + 10;
+ if (c >= '0' && c <= '9')
+ return c - '0';
+
+ return -1;
+}
int get_integer(int *val, const char *arg, int base)
{
@@ -48,7 +62,7 @@
res = strtol(arg, &ptr, base);
/* If there were no digits at all, strtol() stores
- * the original value of nptr in *endptr (and returns 0).
+ * the original value of nptr in *endptr (and returns 0).
* In particular, if *nptr is not '\0' but **endptr is '\0' on return,
* the entire string is valid.
*/
@@ -72,7 +86,7 @@
int mask2bits(__u32 netmask)
{
- unsigned bits = 0;
+ unsigned int bits = 0;
__u32 mask = ntohl(netmask);
__u32 host = ~mask;
@@ -85,7 +99,7 @@
return bits;
}
-static int get_netmask(unsigned *val, const char *arg, int base)
+static int get_netmask(unsigned int *val, const char *arg, int base)
{
inet_prefix addr;
@@ -95,7 +109,7 @@
/* try coverting dotted quad to CIDR */
if (!get_addr_1(&addr, arg, AF_INET) && addr.family == AF_INET) {
int b = mask2bits(addr.data[0]);
-
+
if (b >= 0) {
*val = b;
return 0;
@@ -105,7 +119,7 @@
return -1;
}
-int get_unsigned(unsigned *val, const char *arg, int base)
+int get_unsigned(unsigned int *val, const char *arg, int base)
{
unsigned long res;
char *ptr;
@@ -138,7 +152,7 @@
* pass milliseconds (standard unit for rtt values since 2.6.27), and
* have a different assumption for the units of a "raw" number.
*/
-int get_time_rtt(unsigned *val, const char *arg, int *raw)
+int get_time_rtt(unsigned int *val, const char *arg, int *raw)
{
double t;
unsigned long res;
@@ -176,23 +190,24 @@
if (*p) {
*raw = 0;
- if (strcasecmp(p, "s") == 0 || strcasecmp(p, "sec")==0 ||
- strcasecmp(p, "secs")==0)
- t *= 1000;
- else if (strcasecmp(p, "ms") == 0 || strcasecmp(p, "msec")==0 ||
- strcasecmp(p, "msecs") == 0)
+ if (strcasecmp(p, "s") == 0 ||
+ strcasecmp(p, "sec") == 0 ||
+ strcasecmp(p, "secs") == 0)
+ t *= 1000;
+ else if (strcasecmp(p, "ms") == 0 ||
+ strcasecmp(p, "msec") == 0 ||
+ strcasecmp(p, "msecs") == 0)
t *= 1.0; /* allow suffix, do nothing */
- else
- return -1;
- }
+ else
+ return -1;
+ }
/* emulate ceil() without having to bring-in -lm and always be >= 1 */
-
*val = t;
if (*val < t)
*val += 1;
-
- return 0;
+
+ return 0;
}
@@ -218,8 +233,8 @@
if (res > 0xFFFFFFFFFFFFFFFFULL)
return -1;
- *val = res;
- return 0;
+ *val = res;
+ return 0;
}
int get_u32(__u32 *val, const char *arg, int base)
@@ -353,6 +368,39 @@
return 0;
}
+int get_be64(__be64 *val, const char *arg, int base)
+{
+ __u64 v;
+ int ret = get_u64(&v, arg, base);
+
+ if (!ret)
+ *val = htonll(v);
+
+ return ret;
+}
+
+int get_be32(__be32 *val, const char *arg, int base)
+{
+ __u32 v;
+ int ret = get_u32(&v, arg, base);
+
+ if (!ret)
+ *val = htonl(v);
+
+ return ret;
+}
+
+int get_be16(__be16 *val, const char *arg, int base)
+{
+ __u16 v;
+ int ret = get_u16(&v, arg, base);
+
+ if (!ret)
+ *val = htons(v);
+
+ return ret;
+}
+
/* This uses a non-standard parsing (ie not inet_aton, or inet_pton)
* because of legacy choice to parse 10.8 as 10.8.0.0 not 10.0.0.8
*/
@@ -363,7 +411,7 @@
for (i = 0; i < 4; i++) {
unsigned long n;
char *endp;
-
+
n = strtoul(cp, &endp, 0);
if (n > 255)
return -1; /* bogus network value */
@@ -377,7 +425,7 @@
break;
if (i == 3 || *endp != '.')
- return -1; /* extra characters */
+ return -1; /* extra characters */
cp = endp + 1;
}
@@ -436,7 +484,9 @@
if (family == AF_PACKET) {
int len;
- len = ll_addr_a2n((char *)&addr->data, sizeof(addr->data), name);
+
+ len = ll_addr_a2n((char *) &addr->data, sizeof(addr->data),
+ name);
if (len < 0)
return -1;
@@ -460,6 +510,7 @@
#ifndef ANDROID
if (family == AF_DECnet) {
struct dn_naddr dna;
+
addr->family = AF_DECnet;
if (dnet_pton(AF_DECnet, name, &dna) <= 0)
return -1;
@@ -471,14 +522,18 @@
#endif
if (family == AF_MPLS) {
+ unsigned int maxlabels;
int i;
+
addr->family = AF_MPLS;
- if (mpls_pton(AF_MPLS, name, addr->data) <= 0)
+ if (mpls_pton(AF_MPLS, name, addr->data,
+ sizeof(addr->data)) <= 0)
return -1;
addr->bytelen = 4;
addr->bitlen = 20;
/* How many bytes do I need? */
- for (i = 0; i < 8; i++) {
+ maxlabels = sizeof(addr->data) / sizeof(struct mpls_label);
+ for (i = 0; i < maxlabels; i++) {
if (ntohl(addr->data[i]) & MPLS_LS_S_MASK) {
addr->bytelen = (i + 1)*4;
break;
@@ -525,7 +580,7 @@
int get_prefix_1(inet_prefix *dst, char *arg, int family)
{
int err;
- unsigned plen;
+ unsigned int plen;
char *slash;
memset(dst, 0, sizeof(*dst));
@@ -565,11 +620,19 @@
return err;
}
+static const char *family_name_verbose(int family)
+{
+ if (family == AF_UNSPEC)
+ return "any valid";
+ return family_name(family);
+}
+
int get_addr(inet_prefix *dst, const char *arg, int family)
{
if (get_addr_1(dst, arg, family)) {
- fprintf(stderr, "Error: %s address is expected rather than \"%s\".\n",
- family_name(family) ,arg);
+ fprintf(stderr,
+ "Error: %s address is expected rather than \"%s\".\n",
+ family_name_verbose(family), arg);
exit(1);
}
return 0;
@@ -578,12 +641,16 @@
int get_prefix(inet_prefix *dst, char *arg, int family)
{
if (family == AF_PACKET) {
- fprintf(stderr, "Error: \"%s\" may be inet prefix, but it is not allowed in this context.\n", arg);
+ fprintf(stderr,
+ "Error: \"%s\" may be inet prefix, but it is not allowed in this context.\n",
+ arg);
exit(1);
}
+
if (get_prefix_1(dst, arg, family)) {
- fprintf(stderr, "Error: %s prefix is expected rather than \"%s\".\n",
- family_name(family) ,arg);
+ fprintf(stderr,
+ "Error: %s prefix is expected rather than \"%s\".\n",
+ family_name_verbose(family), arg);
exit(1);
}
return 0;
@@ -592,8 +659,11 @@
__u32 get_addr32(const char *name)
{
inet_prefix addr;
+
if (get_addr_1(&addr, name, AF_INET)) {
- fprintf(stderr, "Error: an IP address is expected rather than \"%s\"\n", name);
+ fprintf(stderr,
+ "Error: an IP address is expected rather than \"%s\"\n",
+ name);
exit(1);
}
return addr.data[0];
@@ -619,19 +689,52 @@
void duparg(const char *key, const char *arg)
{
- fprintf(stderr, "Error: duplicate \"%s\": \"%s\" is the second value.\n", key, arg);
+ fprintf(stderr,
+ "Error: duplicate \"%s\": \"%s\" is the second value.\n",
+ key, arg);
exit(-1);
}
void duparg2(const char *key, const char *arg)
{
- fprintf(stderr, "Error: either \"%s\" is duplicate, or \"%s\" is a garbage.\n", key, arg);
+ fprintf(stderr,
+ "Error: either \"%s\" is duplicate, or \"%s\" is a garbage.\n",
+ key, arg);
exit(-1);
}
+int check_ifname(const char *name)
+{
+ /* These checks mimic kernel checks in dev_valid_name */
+ if (*name == '\0')
+ return -1;
+ if (strlen(name) >= IFNAMSIZ)
+ return -1;
+
+ while (*name) {
+ if (*name == '/' || isspace(*name))
+ return -1;
+ ++name;
+ }
+ return 0;
+}
+
+/* buf is assumed to be IFNAMSIZ */
+int get_ifname(char *buf, const char *name)
+{
+ int ret;
+
+ ret = check_ifname(name);
+ if (ret == 0)
+ strncpy(buf, name, IFNAMSIZ);
+
+ return ret;
+}
+
int matches(const char *cmd, const char *pattern)
{
int len = strlen(cmd);
+
if (len > strlen(pattern))
return -1;
return memcmp(pattern, cmd, len);
@@ -676,17 +779,20 @@
if (getenv("HZ"))
return atoi(getenv("HZ")) ? : HZ;
- if (getenv("PROC_NET_PSCHED")) {
- snprintf(name, sizeof(name)-1, "%s", getenv("PROC_NET_PSCHED"));
- } else if (getenv("PROC_ROOT")) {
- snprintf(name, sizeof(name)-1, "%s/net/psched", getenv("PROC_ROOT"));
- } else {
+ if (getenv("PROC_NET_PSCHED"))
+ snprintf(name, sizeof(name)-1,
+ "%s", getenv("PROC_NET_PSCHED"));
+ else if (getenv("PROC_ROOT"))
+ snprintf(name, sizeof(name)-1,
+ "%s/net/psched", getenv("PROC_ROOT"));
+ else
strcpy(name, "/proc/net/psched");
- }
+
fp = fopen(name, "r");
if (fp) {
- unsigned nom, denom;
+ unsigned int nom, denom;
+
if (fscanf(fp, "%*08x%*08x%08x%08x", &nom, &denom) == 2)
if (nom == 1000000)
hz = denom;
@@ -704,7 +810,8 @@
return sysconf(_SC_CLK_TCK);
}
-const char *rt_addr_n2a(int af, int len, const void *addr, char *buf, int buflen)
+const char *rt_addr_n2a_r(int af, int len,
+ const void *addr, char *buf, int buflen)
{
switch (af) {
case AF_INET:
@@ -717,7 +824,8 @@
return ipx_ntop(af, addr, buf, buflen);
case AF_DECnet:
{
- struct dn_naddr dna = { 2, { 0, 0, }};
+ struct dn_naddr dna = { 2, { 0, 0, } };
+
memcpy(dna.a_addr, addr, 2);
return dnet_ntop(af, &dna, buf, buflen);
}
@@ -729,9 +837,17 @@
}
}
+const char *rt_addr_n2a(int af, int len, const void *addr)
+{
+ static char buf[256];
+
+ return rt_addr_n2a_r(af, len, addr, buf, 256);
+}
+
int read_family(const char *name)
{
int family = AF_UNSPEC;
+
if (strcmp(name, "inet") == 0)
family = AF_INET;
else if (strcmp(name, "inet6") == 0)
@@ -769,8 +885,7 @@
}
#ifdef RESOLVE_HOSTNAMES
-struct namerec
-{
+struct namerec {
struct namerec *next;
const char *name;
inet_prefix addr;
@@ -783,12 +898,12 @@
{
struct namerec *n;
struct hostent *h_ent;
- unsigned hash;
+ unsigned int hash;
static int notfirst;
- if (af == AF_INET6 && ((__u32*)addr)[0] == 0 &&
- ((__u32*)addr)[1] == 0 && ((__u32*)addr)[2] == htonl(0xffff)) {
+ if (af == AF_INET6 && ((__u32 *)addr)[0] == 0 &&
+ ((__u32 *)addr)[1] == 0 && ((__u32 *)addr)[2] == htonl(0xffff)) {
af = AF_INET;
addr += 12;
len = 4;
@@ -802,7 +917,8 @@
memcmp(n->addr.data, addr, len) == 0)
return n->name;
}
- if ((n = malloc(sizeof(*n))) == NULL)
+ n = malloc(sizeof(*n));
+ if (n == NULL)
return NULL;
n->addr.family = af;
n->addr.bytelen = len;
@@ -814,7 +930,8 @@
sethostent(1);
fflush(stdout);
- if ((h_ent = gethostbyaddr(addr, len, af)) != NULL)
+ h_ent = gethostbyaddr(addr, len, af);
+ if (h_ent != NULL)
n->name = strdup(h_ent->h_name);
/* Even if we fail, "negative" entry is remembered. */
@@ -822,7 +939,7 @@
}
#endif
-const char *format_host(int af, int len, const void *addr,
+const char *format_host_r(int af, int len, const void *addr,
char *buf, int buflen)
{
#ifdef RESOLVE_HOSTNAMES
@@ -836,7 +953,14 @@
return n;
}
#endif
- return rt_addr_n2a(af, len, addr, buf, buflen);
+ return rt_addr_n2a_r(af, len, addr, buf, buflen);
+}
+
+const char *format_host(int af, int len, const void *addr)
+{
+ static char buf[256];
+
+ return format_host_r(af, len, addr, buf, 256);
}
@@ -845,7 +969,7 @@
char *ptr = buf;
int i;
- for (i=0; i<len; i++) {
+ for (i = 0; i < len; i++) {
if (blen < 3)
break;
sprintf(ptr, "%02x", str[i]);
@@ -855,9 +979,9 @@
return buf;
}
-__u8* hexstring_a2n(const char *str, __u8 *buf, int blen)
+__u8 *hexstring_a2n(const char *str, __u8 *buf, int blen, unsigned int *len)
{
- int cnt = 0;
+ unsigned int cnt = 0;
char *endptr;
if (strlen(str) % 2)
@@ -868,15 +992,42 @@
strncpy(tmpstr, str, 2);
tmpstr[2] = '\0';
+ errno = 0;
tmp = strtoul(tmpstr, &endptr, 16);
if (errno != 0 || tmp > 0xFF || *endptr != '\0')
return NULL;
buf[cnt++] = tmp;
str += 2;
}
+
+ if (len)
+ *len = cnt;
+
return buf;
}
+int hex2mem(const char *buf, uint8_t *mem, int count)
+{
+ int i, j;
+ int c;
+
+ for (i = 0, j = 0; i < count; i++, j += 2) {
+ c = get_hex(buf[j]);
+ if (c < 0)
+ return -1;
+
+ mem[i] = c << 4;
+
+ c = get_hex(buf[j + 1]);
+ if (c < 0)
+ return -1;
+
+ mem[i] |= c;
+ }
+
+ return 0;
+}
+
int addr64_n2a(__u64 addr, char *buff, size_t len)
{
__u16 *words = (__u16 *)&addr;
@@ -901,6 +1052,20 @@
return written;
}
+/* Print buffer and escape bytes that are !isprint or among 'escape' */
+void print_escape_buf(const __u8 *buf, size_t len, const char *escape)
+{
+ size_t i;
+
+ for (i = 0; i < len; ++i) {
+ if (isprint(buf[i]) && buf[i] != '\\' &&
+ !strchr(escape, buf[i]))
+ printf("%c", buf[i]);
+ else
+ printf("\\%03o", buf[i]);
+ }
+}
+
int print_timestamp(FILE *fp)
{
struct timeval tv;
@@ -933,7 +1098,8 @@
ssize_t cc;
char *cp;
- if ((cc = getline(linep, lenp, in)) < 0)
+ cc = getline(linep, lenp, in);
+ if (cc < 0)
return cc; /* eof or error */
++cmdlineno;
@@ -946,7 +1112,8 @@
size_t len1 = 0;
ssize_t cc1;
- if ((cc1 = getline(&line1, &len1, in)) < 0) {
+ cc1 = getline(&line1, &len1, in);
+ if (cc1 < 0) {
fprintf(stderr, "Missing continuation line\n");
return cc1;
}
@@ -1021,8 +1188,9 @@
void print_nlmsg_timestamp(FILE *fp, const struct nlmsghdr *n)
{
char *tstr;
- time_t secs = ((__u32*)NLMSG_DATA(n))[0];
- long usecs = ((__u32*)NLMSG_DATA(n))[1];
+ time_t secs = ((__u32 *)NLMSG_DATA(n))[0];
+ long usecs = ((__u32 *)NLMSG_DATA(n))[1];
+
tstr = asctime(localtime(&secs));
tstr[strlen(tstr)-1] = 0;
fprintf(fp, "Timestamp: %s %lu us\n", tstr, usecs);
@@ -1060,3 +1228,78 @@
sprintf(buf, "%d", val);
return buf;
}
+
+int get_guid(__u64 *guid, const char *arg)
+{
+ unsigned long int tmp;
+ char *endptr;
+ int i;
+
+#define GUID_STR_LEN 23
+ /* Verify strict format: format string must be
+ * xx:xx:xx:xx:xx:xx:xx:xx where xx can be an arbitrary
+ * hex digit
+ */
+
+ if (strlen(arg) != GUID_STR_LEN)
+ return -1;
+
+ /* make sure columns are in place */
+ for (i = 0; i < 7; i++)
+ if (arg[2 + i * 3] != ':')
+ return -1;
+
+ *guid = 0;
+ for (i = 0; i < 8; i++) {
+ tmp = strtoul(arg + i * 3, &endptr, 16);
+ if (endptr != arg + i * 3 + 2)
+ return -1;
+
+ if (tmp > 255)
+ return -1;
+
+ *guid |= tmp << (56 - 8 * i);
+ }
+
+ return 0;
+}
+
+/* This is a necessary workaround for multicast route dumps */
+int get_real_family(int rtm_type, int rtm_family)
+{
+ if (rtm_type != RTN_MULTICAST)
+ return rtm_family;
+
+ if (rtm_family == RTNL_FAMILY_IPMR)
+ return AF_INET;
+
+ if (rtm_family == RTNL_FAMILY_IP6MR)
+ return AF_INET6;
+
+ return rtm_family;
+}
+
+#ifdef NEED_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t size)
+{
+ size_t srclen = strlen(src);
+
+ if (size) {
+ size_t minlen = min(srclen, size - 1);
+
+ memcpy(dst, src, minlen);
+ dst[minlen] = '\0';
+ }
+ return srclen;
+}
+
+size_t strlcat(char *dst, const char *src, size_t size)
+{
+ size_t dlen = strlen(dst);
+
+ if (dlen >= size)
+ return dlen + strlen(src);
+
+ return dlen + strlcpy(dst + dlen, src, size - dlen);
+}
+#endif
diff --git a/man/man3/Makefile b/man/man3/Makefile
index bf55658..a98741d 100644
--- a/man/man3/Makefile
+++ b/man/man3/Makefile
@@ -1,4 +1,4 @@
-MAN3PAGES=libnetlink.3
+MAN3PAGES = $(wildcard *.3)
all:
diff --git a/man/man3/libnetlink.3 b/man/man3/libnetlink.3
index 99be9cc..8e3dc62 100644
--- a/man/man3/libnetlink.3
+++ b/man/man3/libnetlink.3
@@ -32,12 +32,12 @@
.br
void *jarg)
.sp
-int rtnl_listen(struct rtnl_handle *rtnl,
+int rtnl_listen(struct rtnl_handle *rtnl,
int (*handler)(struct sockaddr_nl *, struct rtnl_ctrl_data *,
struct nlmsghdr *n, void *),
void *jarg)
.sp
-int rtnl_from_file(FILE *rtnl,
+int rtnl_from_file(FILE *rtnl,
int (*handler)(struct sockaddr_nl *,struct nlmsghdr *n, void *),
void *jarg)
.sp
@@ -49,35 +49,35 @@
.sp
int rta_addattr_l(struct rtattr *rta, int maxlen, int type, void *data, int alen)
.SH DESCRIPTION
-libnetlink provides a higher level interface to
-.BR rtnetlink(7).
+libnetlink provides a higher level interface to
+.BR rtnetlink(7).
The read functions return 0 on success and a negative errno on failure.
The send functions return the amount of data sent, or -1 on error.
-.TP
+.TP
rtnl_open
Open a rtnetlink socket and save the state into the
.B rth
-handle. This handle is passed to all subsequent calls.
+handle. This handle is passed to all subsequent calls.
.B subscriptions
is a bitmap of the rtnetlink multicast groups the socket will be
a member of.
.TP
rtnl_wilddump_request
-Request a full dump of the
+Request a full dump of the
.B type
database for
.B family
addresses.
.B type
-is a rtnetlink message type.
+is a rtnetlink message type.
.\" XXX
.TP
rtnl_dump_request
-Request a full dump of the
-.B type
-data buffer into
+Request a full dump of the
+.B type
+data buffer into
.B buf
with maximum length of
.B len.
@@ -91,12 +91,12 @@
.B filter
callback checks if the received message is wanted. It gets the source
address of the message, the message itself and
-.B arg1
+.B arg1
as arguments. 0 as return means that the filter passed, a negative
value is returned
by
-.I rtnl_dump_filter
-in case of error. NULL for
+.I rtnl_dump_filter
+in case of error. NULL for
.I filter
means to not use a filter.
.B junk
@@ -106,7 +106,7 @@
.TP
rtnl_listen
-Receive netlink data after a request and pass it to
+Receive netlink data after a request and pass it to
.I handler.
.B handler
is a callback that gets the message source address, anscillary data, the message
@@ -118,8 +118,8 @@
.TP
rtnl_from_file
-Works like
-.I rtnl_listen,
+Works like
+.I rtnl_listen,
but reads a netlink message bundle from the file
.B file
and passes the messages to
@@ -134,7 +134,7 @@
.BR netlink(3)
on how to generate a rtnetlink message. The following utility functions
require a continuous buffer that already contains a netlink message header
-and a rtnetlink request.
+and a rtnetlink request.
.TP
rtnl_send
@@ -168,7 +168,7 @@
.B n,
which is part of a buffer of length
.B maxlen.
-.B data
+.B data
is copied.
.TP
diff --git a/man/man7/Makefile b/man/man7/Makefile
index ccfd839..689fc71 100644
--- a/man/man7/Makefile
+++ b/man/man7/Makefile
@@ -1,4 +1,4 @@
-MAN7PAGES = tc-hfsc.7
+MAN7PAGES = $(wildcard *.7)
all:
diff --git a/man/man7/tc-hfsc.7 b/man/man7/tc-hfsc.7
index ca04961..5ae5e6b 100644
--- a/man/man7/tc-hfsc.7
+++ b/man/man7/tc-hfsc.7
@@ -555,8 +555,8 @@
.
\fBtc\fR(8), \fBtc\-hfsc\fR(8), \fBtc\-stab\fR(8)
-Please direct bugreports and patches to: <net...@vger.kernel.org>
+Please direct bugreports and patches to: <netdev@vger.kernel.org>
.
.SH "AUTHOR"
.
-Manpage created by Michal Soltys (sol...@ziu.info)
+Manpage created by Michal Soltys (soltys@ziu.info)
diff --git a/man/man8/.gitignore b/man/man8/.gitignore
index 4f1a476..0c3d150 100644
--- a/man/man8/.gitignore
+++ b/man/man8/.gitignore
@@ -2,4 +2,3 @@
ip-address.8
ip-link.8
ip-route.8
-
diff --git a/man/man8/Makefile b/man/man8/Makefile
index 2f77640..12af66b 100644
--- a/man/man8/Makefile
+++ b/man/man8/Makefile
@@ -1,20 +1,6 @@
TARGETS = ip-address.8 ip-link.8 ip-route.8
-MAN8PAGES = $(TARGETS) ip.8 arpd.8 lnstat.8 routel.8 rtacct.8 rtmon.8 rtpr.8 ss.8 \
- tc.8 tc-bfifo.8 tc-bpf.8 tc-cbq.8 tc-cbq-details.8 tc-choke.8 tc-codel.8 \
- tc-fq.8 \
- tc-drr.8 tc-ematch.8 tc-fq_codel.8 tc-hfsc.8 tc-htb.8 tc-pie.8 \
- tc-mqprio.8 tc-netem.8 tc-pfifo.8 tc-pfifo_fast.8 tc-prio.8 tc-red.8 \
- tc-sfb.8 tc-sfq.8 tc-stab.8 tc-tbf.8 \
- bridge.8 rtstat.8 ctstat.8 nstat.8 routef.8 \
- ip-addrlabel.8 ip-fou.8 ip-gue.8 ip-l2tp.8 \
- ip-maddress.8 ip-monitor.8 ip-mroute.8 ip-neighbour.8 \
- ip-netns.8 ip-ntable.8 ip-rule.8 ip-tunnel.8 ip-xfrm.8 \
- ip-tcp_metrics.8 ip-netconf.8 ip-token.8 \
- tipc.8 tipc-bearer.8 tipc-link.8 tipc-media.8 tipc-nametable.8 \
- tipc-node.8 tipc-socket.8 \
- tc-basic.8 tc-cgroup.8 tc-flow.8 tc-flower.8 tc-fw.8 tc-route.8 \
- tc-tcindex.8 tc-u32.8
+MAN8PAGES = $(TARGETS) $(filter-out $(TARGETS),$(wildcard *.8))
all: $(TARGETS)
diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 0ec6f17..9c5f855 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -20,8 +20,9 @@
.IR OPTIONS " := { "
\fB\-V\fR[\fIersion\fR] |
\fB\-s\fR[\fItatistics\fR] |
-\fB\-n\fR[\fIetns\fR] name }
-\fB\-b\fR[\fIatch\fR] filename }
+\fB\-n\fR[\fIetns\fR] name |
+\fB\-b\fR[\fIatch\fR] filename |
+\fB\-j\fR[\fIson\fR] }
.ti -8
.BR "bridge link set"
@@ -42,7 +43,8 @@
.BR learning_sync " { " on " | " off " } ] [ "
.BR flood " { " on " | " off " } ] [ "
.BR hwmode " { " vepa " | " veb " } ] [ "
-.BR self " ] [ " master " ] "
+.BR mcast_flood " { " on " | " off " } ] [ "
+.BR self " ] [ " master " ]"
.ti -8
.BR "bridge link" " [ " show " ] [ "
@@ -54,7 +56,7 @@
.I LLADDR
.B dev
.IR DEV " { "
-.BR local " | " temp " } [ "
+.BR local " | " static " | " dynamic " } [ "
.BR self " ] [ " master " ] [ " router " ] [ " use " ] [ "
.B dst
.IR IPADDR " ] [ "
@@ -68,7 +70,15 @@
.ti -8
.BR "bridge fdb" " [ " show " ] [ "
.B dev
-.IR DEV " ]"
+.IR DEV " ] [ "
+.B br
+.IR BRDEV " ] [ "
+.B brport
+.IR DEV " ] [ "
+.B vlan
+.IR VID " ] [ "
+.B state
+.IR STATE " ]"
.ti -8
.BR "bridge mdb" " { " add " | " del " } "
@@ -119,6 +129,10 @@
As a rule, the information is statistics or some time values.
.TP
+.BR "\-d" , " \-details"
+print detailed information about MDB router ports.
+
+.TP
.BR "\-n" , " \-net" , " \-netns " <NETNS>
switches
.B bridge
@@ -149,6 +163,10 @@
If there were any errors during execution of the commands, the application
return code will be non zero.
+.TP
+.BR "\-json"
+Display results in JSON format. Currently available for vlan and fdb.
+
.SH BRIDGE - COMMAND SYNTAX
.SS
@@ -230,8 +248,8 @@
.sp
.B 1
-- STP LISTENING state. Only valid if STP is enabled on the brige. In this
-state the port for list for STP BPDUs and drop all other traffic.
+- STP LISTENING state. Only valid if STP is enabled on the bridge. In this
+state the port listens for STP BPDUs and drops all other traffic frames.
.sp
.B 2
@@ -252,7 +270,7 @@
.TP
.BR "guard on " or " guard off "
-Controls whether STP BPUDs will be processed by the bridge port. By default,
+Controls whether STP BPDUs will be processed by the bridge port. By default,
the flag is turned off allowed BPDU processing. Turning this flag on will
cause the port to stop processing STP BPDUs.
@@ -301,6 +319,10 @@
- bridging happens in hardware.
.TP
+.BR "mcast_flood on " or " mcast_flood off "
+Controls whether a given port will be flooded with multicast traffic for which there is no MDB entry. By default this flag is on.
+
+.TP
.BI self
link setting is configured on specified physical device
@@ -338,6 +360,18 @@
.BI dev " DEV"
the interface to which this address is associated.
+.B local
+- is a local permanent fdb entry
+.sp
+
+.B static
+- is a static (no arp) fdb entry
+.sp
+
+.B dynamic
+- is a dynamic reachable age-able fdb entry
+.sp
+
.B self
- the address is associated with the port drivers fdb. Usually hardware.
.sp
@@ -491,6 +525,11 @@
option, the command becomes verbose. It prints out the ports known to have
a connected router.
+.PP
+With the
+.B -statistics
+option, the command displays timer values for mdb and router port entries.
+
.SH bridge vlan - VLAN filter list
.B vlan
@@ -530,8 +569,8 @@
.BI master
the vlan is configured on the software bridge (default).
-.SS bridge vlan delete - delete a forwarding database entry
-This command removes an existing fdb entry.
+.SS bridge vlan delete - delete a vlan filter entry
+This command removes an existing vlan filter entry.
.PP
The arguments are the same as with
@@ -544,6 +583,11 @@
This command displays the current VLAN filter table.
+.PP
+With the
+.B -statistics
+option, the command displays per-vlan traffic statistics.
+
.SH bridge monitor - state monitoring
The
diff --git a/man/man8/devlink-dev.8 b/man/man8/devlink-dev.8
new file mode 100644
index 0000000..b074d57
--- /dev/null
+++ b/man/man8/devlink-dev.8
@@ -0,0 +1,126 @@
+.TH DEVLINK\-DEV 8 "14 Mar 2016" "iproute2" "Linux"
+.SH NAME
+devlink-dev \- devlink device configuration
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B devlink
+.RI "[ " OPTIONS " ]"
+.B dev
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-n\fR[\fIno-nice-names\fR] }
+
+.ti -8
+.B devlink dev show
+.RI "[ " DEV " ]"
+
+.ti -8
+.B devlink dev help
+
+.ti -8
+.BR "devlink dev eswitch set"
+.IR DEV
+.RI "[ "
+.BR mode " { " legacy " | " switchdev " } "
+.RI "]"
+.RI "[ "
+.BR inline-mode " { " none " | " link " | " network " | " transport " } "
+.RI "]"
+.RI "[ "
+.BR encap " { " disable " | " enable " } "
+.RI "]"
+
+.ti -8
+.BR "devlink dev eswitch show"
+.IR DEV
+
+.SH "DESCRIPTION"
+.SS devlink dev show - display devlink device attributes
+
+.PP
+.I "DEV"
+- specifies the devlink device to show.
+If this argument is omitted all devices are listed.
+
+.in +4
+Format is:
+.in +2
+BUS_NAME/BUS_ADDRESS
+
+.SS devlink dev eswitch show - display devlink device eswitch attributes
+.SS devlink dev eswitch set - sets devlink device eswitch attributes
+
+.TP
+.BR mode " { " legacy " | " switchdev " } "
+Set eswitch mode
+
+.I legacy
+- Legacy SRIOV
+
+.I switchdev
+- SRIOV switchdev offloads
+
+.TP
+.BR inline-mode " { " none " | " link " | " network " | " transport " } "
+Some HWs need the VF driver to put part of the packet headers on the TX descriptor so the e-switch can do proper matching and steering.
+
+.I none
+- None
+
+.I link
+- L2 mode
+
+.I network
+- L3 mode
+
+.I transport
+- L4 mode
+
+.TP
+.BR encap " { " disable " | " enable " } "
+Set eswitch encapsulation support
+
+.I disable
+- Disable encapsulation support
+
+.I enable
+- Enable encapsulation support
+
+.SH "EXAMPLES"
+.PP
+devlink dev show
+.RS 4
+Shows the state of all devlink devices on the system.
+.RE
+.PP
+devlink dev show pci/0000:01:00.0
+.RS 4
+Shows the state of specified devlink device.
+.RE
+.PP
+devlink dev eswitch show pci/0000:01:00.0
+.RS 4
+Shows the eswitch mode of specified devlink device.
+.RE
+.PP
+devlink dev eswitch set pci/0000:01:00.0 mode switchdev
+.RS 4
+Sets the eswitch mode of specified devlink device to switchdev.
+
+.SH SEE ALSO
+.BR devlink (8),
+.BR devlink-port (8),
+.BR devlink-sb (8),
+.BR devlink-monitor (8),
+.br
+
+.SH AUTHOR
+Jiri Pirko <jiri@mellanox.com>
diff --git a/man/man8/devlink-monitor.8 b/man/man8/devlink-monitor.8
new file mode 100644
index 0000000..13fe641
--- /dev/null
+++ b/man/man8/devlink-monitor.8
@@ -0,0 +1,37 @@
+.TH DEVLINK\-MONITOR 8 "14 Mar 2016" "iproute2" "Linux"
+.SH "NAME"
+devlink-monitor \- state monitoring
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.BR "devlink monitor" " [ " all " |"
+.IR OBJECT-LIST " ]"
+.sp
+
+.SH DESCRIPTION
+The
+.B devlink
+utility can monitor the state of devlink devices and ports
+continuously. This option has a slightly different format. Namely, the
+.B monitor
+command is the first in the command line and then the object list.
+
+.I OBJECT-LIST
+is the list of object types that we want to monitor.
+It may contain
+.BR dev ", " port ".
+
+.B devlink
+opens Devlink Netlink socket, listens on it and dumps state changes.
+
+.SH SEE ALSO
+.BR devlink (8),
+.BR devlink-dev (8),
+.BR devlink-sb (8),
+.BR devlink-port (8),
+.br
+
+.SH AUTHOR
+Jiri Pirko <jiri@mellanox.com>
diff --git a/man/man8/devlink-port.8 b/man/man8/devlink-port.8
new file mode 100644
index 0000000..a639d01
--- /dev/null
+++ b/man/man8/devlink-port.8
@@ -0,0 +1,128 @@
+.TH DEVLINK\-PORT 8 "14 Mar 2016" "iproute2" "Linux"
+.SH NAME
+devlink-port \- devlink port configuration
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B devlink
+.RI "[ " OPTIONS " ]"
+.B port
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-n\fR[\fIno-nice-names\fR] }
+
+.ti -8
+.BR "devlink port set "
+.IR DEV/PORT_INDEX
+.RI "[ "
+.BR type " { " eth " | " ib " | " auto " }"
+.RI "]"
+
+.ti -8
+.BR "devlink port split "
+.IR DEV/PORT_INDEX
+.BR count
+.IR COUNT
+
+.ti -8
+.BR "devlink port unsplit "
+.IR DEV/PORT_INDEX
+
+.ti -8
+.B devlink port show
+.RI "[ " DEV/PORT_INDEX " ]"
+
+.ti -8
+.B devlink port help
+
+.SH "DESCRIPTION"
+.SS devlink port set - change devlink port attributes
+
+.PP
+.B "DEV/PORT_INDEX"
+- specifies the devlink port to operate on.
+
+.in +4
+Format is:
+.in +2
+BUS_NAME/BUS_ADDRESS/PORT_INDEX
+
+.TP
+.BR type " { " eth " | " ib " | " auto " } "
+set port type
+
+.I eth
+- Ethernet
+
+.I ib
+- Infiniband
+
+.I auto
+- autoselect
+
+.SS devlink port split - split devlink port into more
+
+.PP
+.B "DEV/PORT_INDEX"
+- specifies the devlink port to operate on.
+
+.TP
+.BI count " COUNT"
+number of ports to split to.
+
+.SS devlink port unsplit - unsplit previously split devlink port
+Could be performed on any split port of the same split group.
+
+.PP
+.B "DEV/PORT_INDEX"
+- specifies the devlink port to operate on.
+
+.SS devlink port show - display devlink port attributes
+
+.PP
+.I "DEV/PORT_INDEX"
+- specifies the devlink port to show.
+If this argument is omitted all ports are listed.
+
+.SH "EXAMPLES"
+.PP
+devlink port show
+.RS 4
+Shows the state of all devlink ports on the system.
+.RE
+.PP
+devlink port show pci/0000:01:00.0/1
+.RS 4
+Shows the state of specified devlink port.
+.RE
+.PP
+devlink port set pci/0000:01:00.0/1 type eth
+.RS 4
+Set type of specified devlink port to Ethernet.
+.RE
+.PP
+devlink port split pci/0000:01:00.0/1 count 4
+.RS 4
+Split the specified devlink port into four ports.
+.RE
+.PP
+devlink port unsplit pci/0000:01:00.0/1
+.RS 4
+Unplit the specified previously split devlink port.
+
+.SH SEE ALSO
+.BR devlink (8),
+.BR devlink-dev (8),
+.BR devlink-sb (8),
+.BR devlink-monitor (8),
+.br
+
+.SH AUTHOR
+Jiri Pirko <jiri@mellanox.com>
diff --git a/man/man8/devlink-sb.8 b/man/man8/devlink-sb.8
new file mode 100644
index 0000000..ffb5553
--- /dev/null
+++ b/man/man8/devlink-sb.8
@@ -0,0 +1,313 @@
+.TH DEVLINK\-SB 8 "14 Apr 2016" "iproute2" "Linux"
+.SH NAME
+devlink-sb \- devlink shared buffer configuration
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B devlink
+.RI "[ " OPTIONS " ]"
+.B sb
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-n\fR[\fIno-nice-names\fR] }
+
+.ti -8
+.BR "devlink sb show "
+.RI "[ " DEV " [ "
+.B sb
+.IR SB_INDEX " ] ]"
+
+.ti -8
+.BR "devlink sb pool show "
+.RI "[ " DEV " [ "
+.B sb
+.IR SB_INDEX " ] "
+.br
+.B pool
+.IR POOL_INDEX " ]"
+
+.ti -8
+.BI "devlink sb pool set " DEV "
+.RB "[ " sb
+.IR SB_INDEX " ] "
+.br
+.BI pool " POOL_INDEX "
+.br
+.BI size " POOL_SIZE "
+.br
+.BR thtype " { " static " | " dynamic " }"
+
+.ti -8
+.BR "devlink sb port pool show "
+.RI "[ " DEV/PORT_INDEX " [ "
+.B sb
+.IR SB_INDEX " ] "
+.br
+.B pool
+.IR POOL_INDEX " ]"
+
+.ti -8
+.BI "devlink sb port pool set " DEV/PORT_INDEX "
+.RB "[ " sb
+.IR SB_INDEX " ] "
+.br
+.BI pool " POOL_INDEX "
+.br
+.BI th " THRESHOLD "
+
+.ti -8
+.BR "devlink sb tc bind show "
+.RI "[ " DEV/PORT_INDEX " [ "
+.B sb
+.IR SB_INDEX " ] "
+.br
+.BI tc " TC_INDEX "
+.br
+.B type
+.RB "{ " ingress " | " egress " } ]"
+
+.ti -8
+.BI "devlink sb tc bind set " DEV/PORT_INDEX "
+.RB "[ " sb
+.IR SB_INDEX " ] "
+.br
+.BI tc " TC_INDEX "
+.br
+.BR type " { " ingress " | " egress " }"
+.br
+.BI pool " POOL_INDEX "
+.br
+.BI th " THRESHOLD "
+
+.ti -8
+.BR "devlink sb occupancy show "
+.RI "{ " DEV " | " DEV/PORT_INDEX " } [ "
+.B sb
+.IR SB_INDEX " ] "
+
+.ti -8
+.BR "devlink sb occupancy snapshot "
+.IR DEV " [ "
+.B sb
+.IR SB_INDEX " ]"
+
+.ti -8
+.BR "devlink sb occupancy clearmax "
+.IR DEV " [ "
+.B sb
+.IR SB_INDEX " ]"
+
+.ti -8
+.B devlink sb help
+
+.SH "DESCRIPTION"
+.SS devlink sb show - display available shared buffers and their attributes
+
+.PP
+.I "DEV"
+- specifies the devlink device to show shared buffers.
+If this argument is omitted all shared buffers of all devices are listed.
+
+.PP
+.I "SB_INDEX"
+- specifies the shared buffer.
+If this argument is omitted shared buffer with index 0 is selected.
+Behaviour of this argument it the same for every command.
+
+.SS devlink sb pool show - display available pools and their attributes
+
+.PP
+.I "DEV"
+- specifies the devlink device to show pools.
+If this argument is omitted all pools of all devices are listed.
+
+.SS devlink sb pool set - set attributes of pool
+
+.PP
+.I "DEV"
+- specifies the devlink device to set pool.
+
+.TP
+.BI size " POOL_SIZE"
+size of the pool in Bytes.
+
+.TP
+.BR thtype " { " static " | " dynamic " } "
+pool threshold type.
+
+.I static
+- Threshold values for the pool will be passed in Bytes.
+
+.I dynamic
+- Threshold values ("to_alpha") for the pool will be used to compute alpha parameter according to formula:
+.br
+.in +16
+alpha = 2 ^ (to_alpha - 10)
+.in -16
+
+.in +10
+The range of the passed value is between 0 to 20. The computed alpha is used to determine the maximum usage of the flow:
+.in -10
+.br
+.in +16
+max_usage = alpha / (1 + alpha) * Free_Buffer
+.in -16
+
+.SS devlink sb port pool show - display port-pool combinations and threshold for each
+.I "DEV/PORT_INDEX"
+- specifies the devlink port.
+
+.TP
+.BI pool " POOL_INDEX"
+pool index.
+
+.SS devlink sb port pool set - set port-pool threshold
+.I "DEV/PORT_INDEX"
+- specifies the devlink port.
+
+.TP
+.BI pool " POOL_INDEX"
+pool index.
+
+.TP
+.BI th " THRESHOLD"
+threshold value. Type of the value is either Bytes or "to_alpha", depends on
+.B thtype
+set for the pool.
+
+.SS devlink sb tc bind show - display port-TC to pool bindings and threshold for each
+
+.I "DEV/PORT_INDEX"
+- specifies the devlink port.
+
+.TP
+.BI tc " TC_INDEX"
+index of either ingress or egress TC, usually in range 0 to 8 (depends on device).
+
+.TP
+.BR type " { " ingress " | " egress " } "
+TC type.
+
+.SS devlink sb tc bind set - set port-TC to pool binding with specified threshold
+
+.I "DEV/PORT_INDEX"
+- specifies the devlink port.
+
+.TP
+.BI tc " TC_INDEX"
+index of either ingress or egress TC, usually in range 0 to 8 (depends on device).
+
+.TP
+.BR type " { " ingress " | " egress " } "
+TC type.
+
+.TP
+.BI pool " POOL_INDEX"
+index of pool to bind this to.
+
+.TP
+.BI th " THRESHOLD"
+threshold value. Type of the value is either Bytes or "to_alpha", depends on
+.B thtype
+set for the pool.
+
+.SS devlink sb occupancy show - display shared buffer occupancy values for device or port
+
+.PP
+This command is used to browse shared buffer occupancy values. Values are showed for every port-pool combination as well as for all port-TC combinations (with pool this port-TC is bound to). Format of value is:
+.br
+.in +16
+current_value/max_value
+.in -16
+Note that before showing values, one has to issue
+.b occupancy snapshot
+command first.
+
+.PP
+.I "DEV"
+- specifies the devlink device to show occupancy values for.
+
+.I "DEV/PORT_INDEX"
+- specifies the devlink port to show occupancy values for.
+
+.SS devlink sb occupancy snapshot - take occupancy snapshot of shared buffer for device
+This command is used to take a snapshot of shared buffer occupancy values. After that, the values can be showed using
+.B occupancy show
+command.
+
+.PP
+.I "DEV"
+- specifies the devlink device to take occupancy snapshot on.
+
+.SS devlink sb occupancy clearmax - clear occupancy watermarks of shared buffer for device
+This command is used to reset maximal occupancy values reached for whole device. Note that before browsing reset values, one has to issue
+.B occupancy snapshot
+command.
+
+.PP
+.I "DEV"
+- specifies the devlink device to clear occupancy watermarks on.
+
+.SH "EXAMPLES"
+.PP
+devlink sb show
+.RS 4
+List available share buffers.
+.RE
+.PP
+devlink sb pool show
+.RS 4
+List available pools and their config.
+.RE
+.PP
+devlink sb port pool show pci/0000:03:00.0/1 pool 0
+.RS 4
+Show port-pool setup for specified port and pool.
+.RE
+.PP
+sudo devlink sb port pool set pci/0000:03:00.0/1 pool 0 th 15
+.RS 4
+Change threshold for port specified port and pool.
+.RE
+.PP
+devlink sb tc bind show pci/0000:03:00.0/1 tc 0 type ingress
+.RS 4
+Show pool binding and threshold for specified port and TC.
+.RE
+.PP
+sudo devlink sb tc bind set pci/0000:03:00.0/1 tc 0 type ingress pool 0 th 9
+.RS 4
+Set pool binding and threshold for specified port and TC.
+.RE
+.PP
+sudo devlink sb occupancy snapshot pci/0000:03:00.0
+.RS 4
+Make a snapshot of occupancy of shared buffer for specified devlink device.
+.RE
+.PP
+devlink sb occupancy show pci/0000:03:00.0/1
+.RS 4
+Show occupancy for specified port from the snapshot.
+.RE
+.PP
+sudo devlink sb occupancy clearmax pci/0000:03:00.0
+.RS 4
+Clear watermarks for shared buffer of specified devlink device.
+
+
+.SH SEE ALSO
+.BR devlink (8),
+.BR devlink-dev (8),
+.BR devlink-port (8),
+.BR devlink-monitor (8),
+.br
+
+.SH AUTHOR
+Jiri Pirko <jiri@mellanox.com>
diff --git a/man/man8/devlink.8 b/man/man8/devlink.8
new file mode 100644
index 0000000..a975ef3
--- /dev/null
+++ b/man/man8/devlink.8
@@ -0,0 +1,115 @@
+.TH DEVLINK 8 "14 Mar 2016" "iproute2" "Linux"
+.SH NAME
+devlink \- Devlink tool
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B devlink
+.RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.B devlink
+.RB "[ " -force " ] "
+.BI "-batch " filename
+.sp
+
+.ti -8
+.IR OBJECT " := { "
+.BR dev " | " port " | " monitor " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-n\fR[\fIno-nice-names\fR] }
+\fB\-j\fR[\fIjson\fR] }
+\fB\-p\fR[\fIpretty\fR] }
+
+.SH OPTIONS
+
+.TP
+.BR "\-V" , " --Version"
+Print the version of the
+.B devlink
+utility and exit.
+
+.TP
+.BR "\-b", " \-batch " <FILENAME>
+Read commands from provided file or standard input and invoke them.
+First failure will cause termination of devlink.
+
+.TP
+.BR "\-force"
+Don't terminate devlink on errors in batch mode.
+If there were any errors during execution of the commands, the application return code will be non zero.
+
+.TP
+.BR "\-n" , " --no-nice-names"
+Turn off printing out nice names, for example netdevice ifnames instead of devlink port identification.
+
+.TP
+.BR "\-j" , " --json"
+Generate JSON output.
+
+.TP
+.BR "\-p" , " --pretty"
+When combined with -j generate a pretty JSON output.
+
+.SS
+.I OBJECT
+
+.TP
+.B dev
+- devlink device.
+
+.TP
+.B port
+- devlink port.
+
+.TP
+.B monitor
+- watch for netlink messages.
+
+.SS
+.I COMMAND
+
+Specifies the action to perform on the object.
+The set of possible actions depends on the object type.
+As a rule, it is possible to
+.B show
+(or
+.B list
+) objects, but some objects do not allow all of these operations
+or have some additional commands. The
+.B help
+command is available for all objects. It prints
+out a list of available commands and argument syntax conventions.
+.sp
+If no command is given, some default command is assumed.
+Usually it is
+.B list
+or, if the objects of this class cannot be listed,
+.BR "help" .
+
+.SH EXIT STATUS
+Exit status is 0 if command was successful or a positive integer upon failure.
+
+.SH SEE ALSO
+.BR devlink-dev (8),
+.BR devlink-port (8),
+.BR devlink-monitor (8),
+.BR devlink-sb (8),
+.br
+
+.SH REPORTING BUGS
+Report any bugs to the Network Developers mailing list
+.B <netdev@vger.kernel.org>
+where the development and maintenance is primarily done.
+You do not have to be subscribed to the list to send a message there.
+
+.SH AUTHOR
+Jiri Pirko <jiri@mellanox.com>
diff --git a/man/man8/ifstat.8 b/man/man8/ifstat.8
index e49d868..3ba0088 100644
--- a/man/man8/ifstat.8
+++ b/man/man8/ifstat.8
@@ -14,7 +14,8 @@
The utility keeps records of the previous data displayed in history files and
by default only shows difference between the last and the current call.
Location of the history files defaults to /tmp/.ifstat.u$UID but may be
-overridden with the IFSTAT_HISTORY environment variable.
+overridden with the IFSTAT_HISTORY environment variable. Similarly, the default
+location for xstat (extended stats) is /tmp/.<xstat name>_ifstat.u$UID.
.SH OPTIONS
.TP
.B \-h, \-\-help
@@ -46,6 +47,15 @@
.TP
.B \-z, \-\-zeros
Show entries with zero activity.
+.TP
+.B \-x, \-\-extended=TYPE
+Show extended stats of TYPE. Supported types are:
+
+.in +8
+.B cpu_hits
+- Counts only packets that went via the CPU.
+.in -8
+
.SH ENVIRONMENT
.TP
.B IFSTAT_HISTORY
diff --git a/man/man8/ip-address.8.in b/man/man8/ip-address.8.in
index 159d906..988a796 100644
--- a/man/man8/ip-address.8.in
+++ b/man/man8/ip-address.8.in
@@ -23,7 +23,7 @@
.IB IFADDR " dev " IFNAME " [ " mngtmpaddr " ]"
.ti -8
-.BR "ip address" " { " show " | " save " | " flush " } [ " dev
+.BR "ip address" " { " save " | " flush " } [ " dev
.IR IFNAME " ] [ "
.B scope
.IR SCOPE-ID " ] [ "
@@ -33,6 +33,23 @@
.IR PATTERN " ] [ " up " ]"
.ti -8
+.BR "ip address" " [ " show " [ " dev
+.IR IFNAME " ] [ "
+.B scope
+.IR SCOPE-ID " ] [ "
+.B to
+.IR PREFIX " ] [ " FLAG-LIST " ] [ "
+.B label
+.IR PATTERN " ] [ "
+.B master
+.IR DEVICE " ] [ "
+.B type
+.IR TYPE " ] [ "
+.B vrf
+.IR NAME " ] [ "
+.BR up " ] ]"
+
+.ti -8
.BR "ip address" " { " showdump " | " restore " }"
.ti -8
@@ -58,21 +75,22 @@
.ti -8
.IR FLAG " := "
-.RB "[ " permanent " | " dynamic " | " secondary " | " primary " | \
-[ - ] " tentative " | [ - ] " deprecated " | [ - ] " dadfailed " | "\
-temporary " | " CONFFLAG-LIST " ]"
+.RB "[ " permanent " | " dynamic " | " secondary " | " primary " |"
+.RB [ - ] tentative " | [" - ] deprecated " | [" - ] dadfailed " |"
+.BR temporary " |"
+.IR CONFFLAG-LIST " ]"
.ti -8
.IR CONFFLAG-LIST " := [ " CONFFLAG-LIST " ] " CONFFLAG
.ti -8
.IR CONFFLAG " := "
-.RB "[ " home " | " mngtmpaddr " | " nodad " | " noprefixroute " ]"
+.RB "[ " home " | " mngtmpaddr " | " nodad " | " noprefixroute " | " autojoin " ]"
.ti -8
.IR LIFETIME " := [ "
.BI valid_lft " LFT"
-.RB "| " preferred_lft
+.RB "] [ " preferred_lft
.IR LFT " ]"
.ti -8
@@ -80,6 +98,39 @@
.BR forever " |"
.IR SECONDS " ]"
+.ti -8
+.IR TYPE " := [ "
+.BR bridge " | "
+.BR bridge_slave " |"
+.BR bond " | "
+.BR bond_slave " |"
+.BR can " | "
+.BR dummy " | "
+.BR hsr " | "
+.BR ifb " | "
+.BR ipoib " |"
+.BR macvlan " | "
+.BR macvtap " | "
+.BR vcan " | "
+.BR veth " | "
+.BR vlan " | "
+.BR vxlan " |"
+.BR ip6tnl " |"
+.BR ipip " |"
+.BR sit " |"
+.BR gre " |"
+.BR gretap " |"
+.BR erspan " |"
+.BR ip6gre " |"
+.BR ip6gretap " |"
+.BR vti " |"
+.BR vrf " |"
+.BR nlmon " |"
+.BR ipvlan " |"
+.BR lowpan " |"
+.BR geneve " |"
+.BR macsec " ]"
+
.SH "DESCRIPTION"
The
.B address
@@ -201,6 +252,26 @@
an address to add this flag will remove the automatically added prefix route,
changing it to remove this flag will create the prefix route automatically.
+.TP
+.B autojoin
+Joining multicast groups on Ethernet level via
+.B "ip maddr"
+command does not work if connected to an Ethernet switch that does IGMP
+snooping since the switch would not replicate multicast packets on ports that
+did not have IGMP reports for the multicast addresses.
+
+Linux VXLAN interfaces created via
+.B "ip link add vxlan"
+have the
+.B group
+option that enables them to do the required join.
+
+Using the
+.B autojoin
+flag when adding a multicast address enables similar functionality for
+Openvswitch VXLAN interfaces as well as other tunneling mechanisms that need to
+receive multicast traffic.
+
.SS ip address delete - delete protocol address
.B Arguments:
coincide with the arguments of
@@ -230,6 +301,24 @@
is a usual shell style pattern.
.TP
+.BI master " DEVICE"
+only list interfaces enslaved to this master device.
+
+.TP
+.BI vrf " NAME "
+only list interfaces enslaved to this vrf.
+
+.TP
+.BI type " TYPE"
+only list interfaces of the given type.
+
+Note that the type name is not checked against the list of supported types -
+instead it is sent as-is to the kernel. Later it is used to filter the returned
+interface list by comparing it with the relevant attribute in case the kernel
+didn't filter already. Therefore any string is accepted, but may lead to empty
+output.
+
+.TP
.B up
only list running interfaces.
@@ -280,8 +369,8 @@
.PP
This command has the same arguments as
-.B show.
-The difference is that it does not run when no arguments are given.
+.BR show " except that " type " and " master " selectors are not supported."
+Another difference is that it does not run when no arguments are given.
.PP
.B Warning:
diff --git a/man/man8/ip-addrlabel.8 b/man/man8/ip-addrlabel.8
index 51ef572..233d606 100644
--- a/man/man8/ip-addrlabel.8
+++ b/man/man8/ip-addrlabel.8
@@ -6,21 +6,9 @@
.ad l
.in +8
.ti -8
-.B ip
-.RI "[ " OPTIONS " ]"
-.B addrlabel
+.B ip addrlabel
.RI " { " COMMAND " | "
.BR help " }"
-.sp
-
-.ti -8
-.IR OPTIONS " := { "
-\fB\-V\fR[\fIersion\fR] |
-\fB\-s\fR[\fItatistics\fR] |
-\fB\-r\fR[\fIesolve\fR] |
-\fB\-f\fR[\fIamily\fR] {
-.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
-\fB\-o\fR[\fIneline\fR] }
.ti -8
.BR "ip addrlabel" " { " add " | " del " } " prefix
diff --git a/man/man8/ip-fou.8 b/man/man8/ip-fou.8
index 0fa22ee..0c8f0a4 100644
--- a/man/man8/ip-fou.8
+++ b/man/man8/ip-fou.8
@@ -56,7 +56,7 @@
.PP
.SS Configure a FOU receive port for GRE bound to 7777
.nf
-# ip fou add port 8888 ipproto 47
+# ip fou add port 7777 ipproto 47
.PP
.SS Configure a FOU receive port for IPIP bound to 8888
.nf
diff --git a/man/man8/ip-l2tp.8 b/man/man8/ip-l2tp.8
index 1738035..8ce630a 100644
--- a/man/man8/ip-l2tp.8
+++ b/man/man8/ip-l2tp.8
@@ -15,10 +15,7 @@
.ti -8
.BR "ip l2tp add tunnel"
.br
-.B remote
-.RI "[ " ADDR " ]"
-.B local
-.RI "[ " ADDR " ]"
+.BI remote " ADDR " local " ADDR "
.br
.B tunnel_id
.IR ID
@@ -33,6 +30,12 @@
.IR PORT
.RB " ]"
.br
+.RB "[ " udp_csum " { " on " | " off " } ]"
+.br
+.RB "[ " udp6_csum_tx " { " on " | " off " } ]"
+.br
+.RB "[ " udp6_csum_rx " { " on " | " off " } ]"
+.br
.ti -8
.BR "ip l2tp add session"
.RB "[ " name
@@ -54,6 +57,8 @@
.br
.RB "[ " l2spec_type " { " none " | " default " } ]"
.br
+.RB "[ " seq " { " none " | " send " | " recv " | " both " } ]"
+.br
.RB "[ " offset
.IR OFFSET
.RB " ] [ " peer_offset
@@ -73,24 +78,21 @@
.IR ID
.br
.ti -8
-.BR "ip l2tp show tunnel"
-.B "[" tunnel_id
-.IR ID
-.B "]"
+.BR "ip l2tp show tunnel" " [ " tunnel_id
+.IR ID " ]"
.br
.ti -8
-.BR "ip l2tp show session"
-.B "[" tunnel_id
-.IR ID
-.B "] [" session_id
-.IR ID
-.B "]"
+.BR "ip l2tp show session" " [ " tunnel_id
+.IR ID .B " ] ["
+.B session_id
+.IR ID " ]"
.br
.ti -8
.IR NAME " := "
.IR STRING
.ti -8
-.IR ADDR " := { " IP_ADDRESS " }"
+.IR ADDR " := { " IP_ADDRESS " |"
+.BR any " }"
.ti -8
.IR PORT " := { " NUMBER " }"
.ti -8
@@ -160,9 +162,6 @@
acting upon network failures.
.SS ip l2tp add tunnel - add a new tunnel
.TP
-.BI name " NAME "
-sets the session network interface name. Default is l2tpethN.
-.TP
.BI tunnel_id " ID"
set the tunnel id, which is a 32-bit integer value. Uniquely
identifies the tunnel. The value used must match the peer_tunnel_id
@@ -197,6 +196,33 @@
set the UDP destination port to be used for the tunnel. Must be
present when udp encapsulation is selected. Ignored when ip
encapsulation is selected.
+.TP
+.BI udp_csum " STATE"
+(IPv4 only) control if IPv4 UDP checksums should be calculated and checked for the
+encapsulating UDP packets, when UDP encapsulating is selected.
+Default is
+.BR off "."
+.br
+Valid values are:
+.BR on ", " off "."
+.TP
+.BI udp6_csum_tx " STATE"
+(IPv6 only) control if IPv6 UDP checksums should be calculated for encapsulating
+UDP packets, when UDP encapsulating is selected.
+Default is
+.BR on "."
+.br
+Valid values are:
+.BR on ", " off "."
+.TP
+.BI udp6_csum_rx " STATE"
+(IPv6 only) control if IPv6 UDP checksums should be checked for the encapsulating
+UDP packets, when UDP encapsulating is selected.
+Default is
+.BR on "."
+.br
+Valid values are:
+.BR on ", " off "."
.SS ip l2tp del tunnel - destroy a tunnel
.TP
.BI tunnel_id " ID"
@@ -245,7 +271,20 @@
set the layer2specific header type of the session.
.br
Valid values are:
-.BR none ", " udp "."
+.BR none ", " default "."
+.TP
+.BI seq " SEQ"
+controls sequence numbering to prevent or detect out of order packets.
+.B send
+puts a sequence number in the default layer2specific header of each
+outgoing packet.
+.B recv
+reorder packets if they are received out of order.
+Default is
+.BR none "."
+.br
+Valid values are:
+.BR none ", " send ", " recv ", " both "."
.TP
.BI offset " OFFSET"
sets the byte offset from the L2TP header where user data starts in
diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in
index 4d32343..d96ee28 100644
--- a/man/man8/ip-link.8.in
+++ b/man/man8/ip-link.8.in
@@ -6,25 +6,12 @@
.ad l
.in +8
.ti -8
-.B ip
-.RI "[ " OPTIONS " ]"
-.B link
+.B ip link
.RI " { " COMMAND " | "
.BR help " }"
.sp
.ti -8
-.IR OPTIONS " := { "
-\fB\-V\fR[\fIersion\fR] |
-\fB\-h\fR[\fIuman-readable\fR] |
-\fB\-s\fR[\fItatistics\fR] |
-\fB\-r\fR[\fIesolve\fR] |
-\fB\-f\fR[\fIamily\fR] {
-.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
-\fB\-o\fR[\fIneline\fR] |
-\fB\-br\fR[\fIief\fR] }
-
-.ti -8
.BI "ip link add"
.RB "[ " link
.IR DEVICE " ]"
@@ -49,10 +36,153 @@
.RB "[ " numrxqueues
.IR QUEUE_COUNT " ]"
.br
-.BR type " TYPE"
+.BI type " TYPE"
.RI "[ " ARGS " ]"
.ti -8
+.BR "ip link delete " {
+.IR DEVICE " | "
+.BI "group " GROUP
+}
+.BI type " TYPE"
+.RI "[ " ARGS " ]"
+
+.ti -8
+.BR "ip link set " {
+.IR DEVICE " | "
+.BI "group " GROUP
+}
+.br
+.RB "[ { " up " | " down " } ]"
+.br
+.RB "[ " type
+.IR "ETYPE TYPE_ARGS" " ]"
+.br
+.RB "[ " arp " { " on " | " off " } ]"
+.br
+.RB "[ " dynamic " { " on " | " off " } ]"
+.br
+.RB "[ " multicast " { " on " | " off " } ]"
+.br
+.RB "[ " allmulticast " { " on " | " off " } ]"
+.br
+.RB "[ " promisc " { " on " | " off " } ]"
+.br
+.RB "[ " protodown " { " on " | " off " } ]"
+.br
+.RB "[ " trailers " { " on " | " off " } ]"
+.br
+.RB "[ " txqueuelen
+.IR PACKETS " ]"
+.br
+.RB "[ " name
+.IR NEWNAME " ]"
+.br
+.RB "[ " address
+.IR LLADDR " ]"
+.br
+.RB "[ " broadcast
+.IR LLADDR " ]"
+.br
+.RB "[ " mtu
+.IR MTU " ]"
+.br
+.RB "[ " netns " {"
+.IR PID " | " NETNSNAME " } ]"
+.br
+.RB "[ " link-netnsid
+.IR ID " ]"
+.br
+.RB "[ " alias
+.IR NAME " ]"
+.br
+.RB "[ " vf
+.IR NUM " ["
+.B mac
+.IR LLADDR " ]"
+.br
+.in +9
+.RI "[ " VFVLAN-LIST " ]"
+.br
+.RB "[ " rate
+.IR TXRATE " ]"
+.br
+.RB "[ " max_tx_rate
+.IR TXRATE " ]"
+.br
+.RB "[ " min_tx_rate
+.IR TXRATE " ]"
+.br
+.RB "[ " spoofchk " { " on " | " off " } ]"
+.br
+.RB "[ " query_rss " { " on " | " off " } ]"
+.br
+.RB "[ " state " { " auto " | " enable " | " disable " } ]"
+.br
+.RB "[ " trust " { " on " | " off " } ]"
+.br
+.RB "[ " node_guid " eui64 ]"
+.br
+.RB "[ " port_guid " eui64 ] ]"
+.br
+.in -9
+.RB "[ { " xdp " | " xdpgeneric " | " xdpdrv " | " xdpoffload " } { " off " | "
+.br
+.in +8
+.BR object
+.IR FILE
+.RB "[ " section
+.IR NAME " ]"
+.RB "[ " verbose " ] |"
+.br
+.BR pinned
+.IR FILE " } ]"
+.br
+.in -8
+.RB "[ " master
+.IR DEVICE " ]"
+.br
+.RB "[ " nomaster " ]"
+.br
+.RB "[ " vrf
+.IR NAME " ]"
+.br
+.RB "[ " addrgenmode " { " eui64 " | " none " | " stable_secret " | " random " } ]"
+.br
+.RB "[ " macaddr " { " flush " | { " add " | " del " } "
+.IR MACADDR " | set [ "
+.IR MACADDR " [ "
+.IR MACADDR " [ ... ] ] ] } ]"
+.br
+
+.ti -8
+.B ip link show
+.RI "[ " DEVICE " | "
+.B group
+.IR GROUP " ] ["
+.BR up " ] ["
+.B master
+.IR DEVICE " ] ["
+.B type
+.IR ETYPE " ] ["
+.B vrf
+.IR NAME " ]"
+
+.ti -8
+.B ip link xstats
+.BI type " TYPE"
+.RI "[ " ARGS " ]"
+
+.ti -8
+.B ip link afstats
+.RB "[ " dev
+.IR DEVICE " ]"
+
+.ti -8
+.B ip link help
+.RI "[ " TYPE " ]"
+
+.ti -8
.IR TYPE " := [ "
.BR bridge " | "
.BR bond " | "
@@ -72,104 +202,32 @@
.BR sit " |"
.BR gre " |"
.BR gretap " |"
+.BR erspan " |"
.BR ip6gre " |"
.BR ip6gretap " |"
.BR vti " |"
.BR nlmon " |"
.BR ipvlan " |"
.BR lowpan " |"
-.BR geneve " ]"
+.BR geneve " |"
+.BR vrf " |"
+.BR macsec " ]"
.ti -8
-.BR "ip link delete " {
-.IR DEVICE " | "
-.BI "group " GROUP
-}
-.BI type " TYPE"
-.RI "[ " ARGS " ]"
+.IR ETYPE " := [ " TYPE " |"
+.BR bridge_slave " | " bond_slave " ]"
.ti -8
-.BR "ip link set " {
-.IR DEVICE " | "
-.BI "group " GROUP
-.RB "} { " up " | " down " | " arp " { " on " | " off " } |"
-.br
-.BR promisc " { " on " | " off " } |"
-.br
-.BR allmulticast " { " on " | " off " } |"
-.br
-.BR dynamic " { " on " | " off " } |"
-.br
-.BR multicast " { " on " | " off " } |"
-.br
-.BR protodown " { " on " | " off " } |"
-.br
-.B txqueuelen
-.IR PACKETS " |"
-.br
-.B name
-.IR NEWNAME " |"
-.br
-.B address
-.IR LLADDR " |"
-.B broadcast
-.IR LLADDR " |"
-.br
-.B mtu
-.IR MTU " |"
-.br
-.B netns
-.IR PID " |"
-.br
-.B netns
-.IR NETNSNAME " |"
-.br
-.B alias
-.IR NAME " |"
-.br
-.B vf
-.IR NUM " ["
-.B mac
-.IR LLADDR " ] ["
-.B vlan
+.IR VFVLAN-LIST " := [ " VFVLAN-LIST " ] " VFVLAN
+
+.ti -8
+.IR VFVLAN " := "
+.RB "[ " vlan
.IR VLANID " [ "
.B qos
-.IR VLAN-QOS " ] ] ["
-.B rate
-.IR TXRATE " ] ["
-.B max_tx_rate
-.IR TXRATE " ] ["
-.B min_tx_rate
-.IR TXRATE " ] ["
-.B spoofchk { on | off } ] [
-.B state { auto | enable | disable}
-] |
-.br
-.B master
-.IR DEVICE " |"
-.br
-.B nomaster " |"
-.br
-.B addrgenmode { eui64 | none | stable_secret | random }
-.br
-.B link-netnsid ID
-.BR " }"
-
-
-.ti -8
-.B ip link show
-.RI "[ " DEVICE " | "
-.B group
-.IR GROUP " | "
-.BR up " | "
-.B master
-.IR DEVICE " | "
-.B type
-.IR TYPE " ]"
-
-.ti -8
-.B ip link help
-.RI "[ " TYPE " ]"
+.IR VLAN-QOS " ] ["
+.B proto
+.IR VLAN-PROTO " ] ]"
.SH "DESCRIPTION"
.SS ip link add - add virtual link
@@ -192,6 +250,7 @@
.sp
.B bond
- Bonding device
+.sp
.B can
- Controller Area Network interface
.sp
@@ -240,6 +299,9 @@
.BR gretap
- Virtual L2 tunnel interface GRE over IPv4
.sp
+.BR erspan
+- Encapsulated Remote SPAN over GRE and IPv4
+.sp
.BR ip6gre
- Virtual tunnel interface GRE over IPv6
.sp
@@ -260,6 +322,12 @@
.sp
.BR geneve
- GEneric NEtwork Virtualization Encapsulation
+.sp
+.BR macsec
+- Interface for IEEE 802.1AE MAC Security (MACsec)
+.sp
+.BR vrf
+- Interface for L3 VRF domains
.in -8
.TP
@@ -283,7 +351,7 @@
.BI "ip link add
.BI link " DEVICE "
.BI name " NAME "
-.BI type " vlan "
+.B "type vlan"
[
.BI protocol " VLAN_PROTO "
]
@@ -385,7 +453,7 @@
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BI type " vxlan " id " ID"
+.BI type " vxlan " id " VNI"
[
.BI dev " PHYS_DEV "
.RB " ] [ { " group " | " remote " } "
@@ -398,31 +466,37 @@
] [
.BI tos " TOS "
] [
+.BI flowlabel " FLOWLABEL "
+] [
.BI dstport " PORT "
] [
.BI srcport " MIN MAX "
] [
-.I "[no]learning "
+.RB [ no ] learning
] [
-.I "[no]proxy "
+.RB [ no ] proxy
] [
-.I "[no]rsc "
+.RB [ no ] rsc
] [
-.I "[no]l2miss "
+.RB [ no ] l2miss
] [
-.I "[no]l3miss "
+.RB [ no ] l3miss
] [
-.I "[no]udpcsum "
+.RB [ no ] udpcsum
] [
-.I "[no]udp6zerocsumtx "
+.RB [ no ] udp6zerocsumtx
] [
-.I "[no]udp6zerocsumrx "
+.RB [ no ] udp6zerocsumrx
] [
.BI ageing " SECONDS "
] [
.BI maxaddress " NUMBER "
] [
+.RB [ no ] external
+] [
.B gbp
+] [
+.B gpe
]
.in +8
@@ -462,6 +536,10 @@
- specifies the TOS value to use in outgoing packets.
.sp
+.BI flowlabel " FLOWLABEL"
+- specifies the flow label to use in outgoing packets.
+
+.sp
.BI dstport " PORT"
- specifies the UDP destination port to communicate to the remote VXLAN tunnel endpoint.
@@ -471,37 +549,37 @@
source ports to communicate to the remote VXLAN tunnel endpoint.
.sp
-.I [no]learning
+.RB [ no ] learning
- specifies if unknown source link layer addresses and IP addresses
are entered into the VXLAN device forwarding database.
.sp
-.I [no]rsc
+.RB [ no ] rsc
- specifies if route short circuit is turned on.
.sp
-.I [no]proxy
+.RB [ no ] proxy
- specifies ARP proxy is turned on.
.sp
-.I [no]l2miss
+.RB [ no ] l2miss
- specifies if netlink LLADDR miss notifications are generated.
.sp
-.I [no]l3miss
+.RB [ no ] l3miss
- specifies if netlink IP ADDR miss notifications are generated.
.sp
-.I [no]udpcsum
-- specifies if UDP checksum is filled in
+.RB [ no ] udpcsum
+- specifies if UDP checksum is calculated for transmitted packets over IPv4.
.sp
-.I [no]udp6zerocsumtx
-- specifies if UDP checksum is filled in
+.RB [ no ] udp6zerocsumtx
+- skip UDP checksum calculation for transmitted packets over IPv6.
.sp
-.I [no]udp6zerocsumrx
-- specifies if UDP checksum is received
+.RB [ no ] udp6zerocsumrx
+- allow incoming UDP packets over IPv6 with zero checksum field.
.sp
.BI ageing " SECONDS"
@@ -512,6 +590,12 @@
- specifies the maximum number of FDB entries.
.sp
+.RB [ no ] external
+- specifies whether an external control plane
+.RB "(e.g. " "ip route encap" )
+or the internal FDB should be used.
+
+.sp
.B gbp
- enables the Group Policy extension (VXLAN-GBP).
@@ -554,27 +638,38 @@
.in -4
+.sp
+.B gpe
+- enables the Generic Protocol extension (VXLAN-GPE). Currently, this is
+only supported together with the
+.B external
+keyword.
+
.in -8
.TP
-GRE, IPIP, SIT Type Support
+GRE, IPIP, SIT, ERSPAN Type Support
For a link of types
-.I GRE/IPIP/SIT
+.I GRE/IPIP/SIT/ERSPAN
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BR type " { gre | ipip | sit } "
+.BR type " { " gre " | " ipip " | " sit " | " erspan " }"
.BI " remote " ADDR " local " ADDR
[
-.BR encap " { fou | gue | none } "
+.BR encap " { " fou " | " gue " | " none " }"
] [
-.BI "encap-sport { " PORT " | auto } "
+.BR encap-sport " { " \fIPORT " | " auto " }"
] [
.BI "encap-dport " PORT
] [
-.I " [no]encap-csum "
+.RB [ no ] encap-csum
] [
.I " [no]encap-remcsum "
+] [
+.I " mode " { ip6ip | ipip | mplsip | any } "
+] [
+.BR erspan " \fIIDX "
]
.in +8
@@ -588,12 +683,12 @@
It must be an address on another interface on this host.
.sp
-.BR encap " { fou | gue | none } "
+.BR encap " { " fou " | " gue " | " none " }"
- specifies type of secondary UDP encapsulation. "fou" indicates
Foo-Over-UDP, "gue" indicates Generic UDP Encapsulation.
.sp
-.BI "encap-sport { " PORT " | auto } "
+.BR encap-sport " { " \fIPORT " | " auto " }"
- specifies the source port in UDP encapsulation.
.IR PORT
indicates the port by number, "auto"
@@ -602,15 +697,30 @@
encapsulated packet).
.sp
-.I [no]encap-csum
+.RB [ no ] encap-csum
- specifies if UDP checksums are enabled in the secondary
encapsulation.
.sp
-.I [no]encap-remcsum
+.RB [ no ] encap-remcsum
- specifies if Remote Checksum Offload is enabled. This is only
applicable for Generic UDP Encapsulation.
+.sp
+.BI mode " { ip6ip | ipip | mplsip | any } "
+- specifies mode in which device should run. "ip6ip" indicates
+IPv6-Over-IPv4, "ipip" indicates "IPv4-Over-IPv4", "mplsip" indicates
+MPLS-Over-IPv4, "any" indicates IPv6, IPv4 or MPLS Over IPv4. Supported for
+SIT where the default is "ip6ip" and IPIP where the default is "ipip".
+IPv6-Over-IPv4 is not supported for IPIP.
+
+.sp
+.BR erspan " \fIIDX "
+- specifies the ERSPAN index field.
+.IR IDX
+indicates a 20 bit index/port number associated with the ERSPAN
+traffic's source port and direction.
+
.in -8
.TP
@@ -620,13 +730,15 @@
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BI type " { ip6gre | ip6gretap } " remote " ADDR " local " ADDR
+.BR type " { " ip6gre " | " ip6gretap " }"
+.BI remote " ADDR " local " ADDR"
[
-.I "[i|o]seq]"
+.RB [ i | o ] seq
] [
-.I "[i|o]key" KEY
+.RB [ i | o ] key
+.I KEY
] [
-.I " [i|o]csum "
+.RB [ i | o ] csum
] [
.BI hoplimit " TTL "
] [
@@ -652,7 +764,7 @@
It must be an address on another interface on this host.
.sp
-.BI [i|o]seq
+.RB [ i | o ] seq
- serialize packets.
The
.B oseq
@@ -662,7 +774,7 @@
flag requires that all input packets are serialized.
.sp
-.BI [i|o]key " KEY"
+.RB [ i | o ] key " \fIKEY"
- use keyed GRE with key
.IR KEY ". "KEY
is either a number or an IPv4 address-like dotted quad.
@@ -674,7 +786,7 @@
parameters specify different keys for input and output.
.sp
-.BI [i|o]csum
+.RB [ i | o ] csum
- generate/require checksums for tunneled packets.
The
.B ocsum
@@ -726,7 +838,7 @@
the following additional arguments are supported:
.BI "ip link add " DEVICE " name " NAME
-.BI type " ipoib [ " pkey " PKEY ] [" mode " MODE " ]
+.BR "type ipoib " [ " pkey \fIPKEY" " ] [ " mode " \fIMODE \fR]"
.in +8
.sp
@@ -743,11 +855,23 @@
the following additional arguments are supported:
.BI "ip link add " DEVICE
-.BI type " geneve " id " ID " remote " IPADDR"
+.BI type " geneve " id " VNI " remote " IPADDR"
[
.BI ttl " TTL "
] [
.BI tos " TOS "
+] [
+.BI flowlabel " FLOWLABEL "
+] [
+.BI dstport " PORT"
+] [
+.RB [ no ] external
+] [
+.RB [ no ] udpcsum
+] [
+.RB [ no ] udp6zerocsumtx
+] [
+.RB [ no ] udp6zerocsumrx
]
.in +8
@@ -767,6 +891,36 @@
.BI tos " TOS"
- specifies the TOS value to use in outgoing packets.
+.sp
+.BI flowlabel " FLOWLABEL"
+- specifies the flow label to use in outgoing packets.
+
+.sp
+.BI dstport " PORT"
+- select a destination port other than the default of 6081.
+
+.sp
+.RB [ no ] external
+- make this tunnel externally controlled (or not, which is the default). This
+flag is mutually exclusive with the
+.BR id ,
+.BR remote ,
+.BR ttl ,
+.BR tos " and " flowlabel
+options.
+
+.sp
+.RB [ no ] udpcsum
+- specifies if UDP checksum is calculated for transmitted packets over IPv4.
+
+.sp
+.RB [ no ] udp6zerocsumtx
+- skip UDP checksum calculation for transmitted packets over IPv6.
+
+.sp
+.RB [ no ] udp6zerocsumrx
+- allow incoming UDP packets over IPv6 with zero checksum field.
+
.in -8
.TP
@@ -780,7 +934,7 @@
.BI "ip link add link " DEVICE " name " NAME
.BR type " { " macvlan " | " macvtap " } "
.BR mode " { " private " | " vepa " | " bridge " | " passthru
-.BR " [ " nopromisc " ] } "
+.RB " [ " nopromisc " ] | " source " } "
.in +8
.sp
@@ -817,6 +971,387 @@
forces the underlying interface into promiscuous mode. Passing the
.BR nopromisc " flag prevents this, so the promisc flag may be controlled "
using standard tools.
+
+.B mode source
+- allows one to set a list of allowed mac address, which is used to match
+against source mac address from received frames on underlying interface. This
+allows creating mac based VLAN associations, instead of standard port or tag
+based. The feature is useful to deploy 802.1x mac based behavior,
+where drivers of underlying interfaces doesn't allows that.
+.in -8
+
+.TP
+High-availability Seamless Redundancy (HSR) Support
+For a link of type
+.I HSR
+the following additional arguments are supported:
+
+.BI "ip link add link " DEVICE " name " NAME " type hsr"
+.BI slave1 " SLAVE1-IF " slave2 " SLAVE2-IF "
+.RB [ " supervision"
+.IR ADDR-BYTE " ] ["
+.BR version " { " 0 " | " 1 " } ]"
+
+.in +8
+.sp
+.BR type " hsr "
+- specifies the link type to use, here HSR.
+
+.BI slave1 " SLAVE1-IF "
+- Specifies the physical device used for the first of the two ring ports.
+
+.BI slave2 " SLAVE2-IF "
+- Specifies the physical device used for the second of the two ring ports.
+
+.BI supervision " ADDR-BYTE"
+- The last byte of the multicast address used for HSR supervision frames.
+Default option is "0", possible values 0-255.
+
+.BR version " { " 0 " | " 1 " }"
+- Selects the protocol version of the interface. Default option is "0", which
+corresponds to the 2010 version of the HSR standard. Option "1" activates the
+2012 version.
+.in -8
+
+.TP
+BRIDGE Type Support
+For a link of type
+.I BRIDGE
+the following additional arguments are supported:
+
+.BI "ip link add " DEVICE " type bridge "
+[
+.BI ageing_time " AGEING_TIME "
+] [
+.BI group_fwd_mask " MASK "
+] [
+.BI group_address " ADDRESS "
+] [
+.BI forward_delay " FORWARD_DELAY "
+] [
+.BI hello_time " HELLO_TIME "
+] [
+.BI max_age " MAX_AGE "
+] [
+.BI stp_state " STP_STATE "
+] [
+.BI priority " PRIORITY "
+] [
+.BI vlan_filtering " VLAN_FILTERING "
+] [
+.BI vlan_protocol " VLAN_PROTOCOL "
+] [
+.BI vlan_default_pvid " VLAN_DEFAULT_PVID "
+] [
+.BI vlan_stats_enabled " VLAN_STATS_ENABLED "
+] [
+.BI mcast_snooping " MULTICAST_SNOOPING "
+] [
+.BI mcast_router " MULTICAST_ROUTER "
+] [
+.BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
+] [
+.BI mcast_querier " MULTICAST_QUERIER "
+] [
+.BI mcast_hash_elasticity " HASH_ELASTICITY "
+] [
+.BI mcast_hash_max " HASH_MAX "
+] [
+.BI mcast_last_member_count " LAST_MEMBER_COUNT "
+] [
+.BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
+] [
+.BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
+] [
+.BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
+] [
+.BI mcast_querier_interval " QUERIER_INTERVAL "
+] [
+.BI mcast_query_interval " QUERY_INTERVAL "
+] [
+.BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
+] [
+.BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
+] [
+.BI mcast_stats_enabled " MCAST_STATS_ENABLED "
+] [
+.BI mcast_igmp_version " IGMP_VERSION "
+] [
+.BI mcast_mld_version " MLD_VERSION "
+] [
+.BI nf_call_iptables " NF_CALL_IPTABLES "
+] [
+.BI nf_call_ip6tables " NF_CALL_IP6TABLES "
+] [
+.BI nf_call_arptables " NF_CALL_ARPTABLES "
+]
+
+.in +8
+.sp
+.BI ageing_time " AGEING_TIME "
+- configure the bridge's FDB entries ageing time, ie the number of seconds a MAC address will be kept in the FDB after a packet has been received from that address. after this time has passed, entries are cleaned up.
+
+.BI group_fwd_mask " MASK "
+- set the group forward mask. This is the bitmask that is applied to decide whether to forward incoming frames destined to link-local addresses, ie addresses of the form 01:80:C2:00:00:0X (defaults to 0, ie the bridge does not forward any link-local frames).
+
+.BI group_address " ADDRESS "
+- set the MAC address of the multicast group this bridge uses for STP. The address must be a link-local address in standard Ethernet MAC address format, ie an address of the form 01:80:C2:00:00:0X, with X in [0, 4..f].
+
+.BI forward_delay " FORWARD_DELAY "
+- set the forwarding delay in seconds, ie the time spent in LISTENING state (before moving to LEARNING) and in LEARNING state (before moving to FORWARDING). Only relevant if STP is enabled. Valid values are between 2 and 30.
+
+.BI hello_time " HELLO_TIME "
+- set the time in seconds between hello packets sent by the bridge, when it is a root bridge or a designated bridges. Only relevant if STP is enabled. Valid values are between 1 and 10.
+
+.BI max_age " MAX_AGE "
+- set the hello packet timeout, ie the time in seconds until another bridge in the spanning tree is assumed to be dead, after reception of its last hello message. Only relevant if STP is enabled. Valid values are between 6 and 40.
+
+.BI stp_state " STP_STATE "
+- turn spanning tree protocol on
+.RI ( STP_STATE " > 0) "
+or off
+.RI ( STP_STATE " == 0). "
+for this bridge.
+
+.BI priority " PRIORITY "
+- set this bridge's spanning tree priority, used during STP root bridge election.
+.I PRIORITY
+is a 16bit unsigned integer.
+
+.BI vlan_filtering " VLAN_FILTERING "
+- turn VLAN filtering on
+.RI ( VLAN_FILTERING " > 0) "
+or off
+.RI ( VLAN_FILTERING " == 0). "
+When disabled, the bridge will not consider the VLAN tag when handling packets.
+
+.BR vlan_protocol " { " 802.1Q " | " 802.1ad " } "
+- set the protocol used for VLAN filtering.
+
+.BI vlan_default_pvid " VLAN_DEFAULT_PVID "
+- set the default PVID (native/untagged VLAN ID) for this bridge.
+
+.BI vlan_stats_enabled " VLAN_STATS_ENABLED "
+- enable
+.RI ( VLAN_STATS_ENABLED " == 1) "
+or disable
+.RI ( VLAN_STATS_ENABLED " == 0) "
+per-VLAN stats accounting.
+
+.BI mcast_snooping " MULTICAST_SNOOPING "
+- turn multicast snooping on
+.RI ( MULTICAST_SNOOPING " > 0) "
+or off
+.RI ( MULTICAST_SNOOPING " == 0). "
+
+.BI mcast_router " MULTICAST_ROUTER "
+- set bridge's multicast router if IGMP snooping is enabled.
+.I MULTICAST_ROUTER
+is an integer value having the following meaning:
+.in +8
+.sp
+.B 0
+- disabled.
+
+.B 1
+- automatic (queried).
+
+.B 2
+- permanently enabled.
+.in -8
+
+.BI mcast_query_use_ifaddr " MCAST_QUERY_USE_IFADDR "
+- whether to use the bridge's own IP address as source address for IGMP queries
+.RI ( MCAST_QUERY_USE_IFADDR " > 0) "
+or the default of 0.0.0.0
+.RI ( MCAST_QUERY_USE_IFADDR " == 0). "
+
+.BI mcast_querier " MULTICAST_QUERIER "
+- enable
+.RI ( MULTICAST_QUERIER " > 0) "
+or disable
+.RI ( MULTICAST_QUERIER " == 0) "
+IGMP querier, ie sending of multicast queries by the bridge (default: disabled).
+
+.BI mcast_querier_interval " QUERIER_INTERVAL "
+- interval between queries sent by other routers. if no queries are seen after this delay has passed, the bridge will start to send its own queries (as if
+.BI mcast_querier
+was enabled).
+
+.BI mcast_hash_elasticity " HASH_ELASTICITY "
+- set multicast database hash elasticity, ie the maximum chain length in the multicast hash table (defaults to 4).
+
+.BI mcast_hash_max " HASH_MAX "
+- set maximum size of multicast hash table (defaults to 512, value must be a power of 2).
+
+.BI mcast_last_member_count " LAST_MEMBER_COUNT "
+- set multicast last member count, ie the number of queries the bridge will send before stopping forwarding a multicast group after a "leave" message has been received (defaults to 2).
+
+.BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
+- interval between queries to find remaining members of a group, after a "leave" message is received.
+
+.BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
+- set the number of IGMP queries to send during startup phase (defaults to 2).
+
+.BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
+- interval between queries in the startup phase.
+
+.BI mcast_query_interval " QUERY_INTERVAL "
+- interval between queries sent by the bridge after the end of the startup phase.
+
+.BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
+- set the Max Response Time/Maximum Response Delay for IGMP/MLD queries sent by the bridge.
+
+.BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
+- delay after which the bridge will leave a group, if no membership reports for this group are received.
+
+.BI mcast_stats_enabled " MCAST_STATS_ENABLED "
+- enable
+.RI ( MCAST_STATS_ENABLED " > 0) "
+or disable
+.RI ( MCAST_STATS_ENABLED " == 0) "
+multicast (IGMP/MLD) stats accounting.
+
+.BI mcast_igmp_version " IGMP_VERSION "
+- set the IGMP version.
+
+.BI mcast_mld_version " MLD_VERSION "
+- set the MLD version.
+
+.BI nf_call_iptables " NF_CALL_IPTABLES "
+- enable
+.RI ( NF_CALL_IPTABLES " > 0) "
+or disable
+.RI ( NF_CALL_IPTABLES " == 0) "
+iptables hooks on the bridge.
+
+.BI nf_call_ip6tables " NF_CALL_IP6TABLES "
+- enable
+.RI ( NF_CALL_IP6TABLES " > 0) "
+or disable
+.RI ( NF_CALL_IP6TABLES " == 0) "
+ip6tables hooks on the bridge.
+
+.BI nf_call_arptables " NF_CALL_ARPTABLES "
+- enable
+.RI ( NF_CALL_ARPTABLES " > 0) "
+or disable
+.RI ( NF_CALL_ARPTABLES " == 0) "
+arptables hooks on the bridge.
+
+
+.in-8
+
+.TP
+MACsec Type Support
+For a link of type
+.I MACsec
+the following additional arguments are supported:
+
+.BI "ip link add link " DEVICE " name " NAME " type macsec"
+[ [
+.BI address " <lladdr>"
+]
+.BI port " PORT"
+|
+.BI sci " SCI"
+] [
+.BI cipher " CIPHER_SUITE"
+] [
+.BR icvlen " { "
+.IR 8..16 " } ] ["
+.BR encrypt " {"
+.BR on " | " off " } ] [ "
+.BR send_sci " { " on " | " off " } ] ["
+.BR end_station " { " on " | " off " } ] ["
+.BR scb " { " on " | " off " } ] ["
+.BR protect " { " on " | " off " } ] ["
+.BR replay " { " on " | " off " }"
+.BR window " { "
+.IR 0..2^32-1 " } ] ["
+.BR validate " { " strict " | " check " | " disabled " } ] ["
+.BR encodingsa " { "
+.IR 0..3 " } ]"
+
+.in +8
+.sp
+.BI address " <lladdr> "
+- sets the system identifier component of secure channel for this MACsec device.
+
+.sp
+.BI port " PORT "
+- sets the port number component of secure channel for this MACsec device, in a
+range from 1 to 65535 inclusive. Numbers with a leading " 0 " or " 0x " are
+interpreted as octal and hexadecimal, respectively.
+
+.sp
+.BI sci " SCI "
+- sets the secure channel identifier for this MACsec device.
+.I SCI
+is a 64bit wide number in hexadecimal format.
+
+.sp
+.BI cipher " CIPHER_SUITE "
+- defines the cipher suite to use.
+
+.sp
+.BI icvlen " LENGTH "
+- sets the length of the Integrity Check Value (ICV).
+
+.sp
+.BR "encrypt on " or " encrypt off"
+- switches between authenticated encryption, or authenticity mode only.
+
+.sp
+.BR "send_sci on " or " send_sci off"
+- specifies whether the SCI is included in every packet, or only when it is necessary.
+
+.sp
+.BR "end_station on " or " end_station off"
+- sets the End Station bit.
+
+.sp
+.BR "scb on " or " scb off"
+- sets the Single Copy Broadcast bit.
+
+.sp
+.BR "protect on " or " protect off"
+- enables MACsec protection on the device.
+
+.sp
+.BR "replay on " or " replay off"
+- enables replay protection on the device.
+
+.in +8
+
+.sp
+.BI window " SIZE "
+- sets the size of the replay window.
+
+.in -8
+
+.sp
+.BR "validate strict " or " validate check " or " validate disabled"
+- sets the validation mode on the device.
+
+.sp
+.BI encodingsa " AN "
+- sets the active secure association for transmission.
+
+.in -8
+
+.TP
+VRF Type Support
+For a link of type
+.I VRF
+the following additional arguments are supported:
+
+.BI "ip link add " DEVICE " type vrf table " TABLE
+
+.in +8
+.sp
+.BR table " table id associated with VRF device"
+
.in -8
.SS ip link delete - delete virtual link
@@ -836,6 +1371,18 @@
.SS ip link set - change device attributes
+.PP
+.B Warning:
+If multiple parameter changes are requested,
+.B ip
+aborts immediately after any of the changes have failed.
+This is the only case when
+.B ip
+can move the system to an unpredictable state. The solution
+is to avoid changing several parameters with one
+.B ip link set
+call.
+
.TP
.BI dev " DEVICE "
.I DEVICE
@@ -988,6 +1535,19 @@
as 0 disables VLAN tagging and filtering for the VF.
.sp
+.BI proto " VLAN-PROTO"
+- assign VLAN PROTOCOL for the VLAN tag, either 802.1Q or 802.1ad.
+Setting to 802.1ad, all traffic sent from the VF will be tagged with VLAN S-Tag.
+Incoming traffic will have VLAN S-Tags stripped before being passed to the VF.
+Setting to 802.1ad also enables an option to concatenate another VLAN tag, so both
+S-TAG and C-TAG will be inserted/stripped for outgoing/incoming traffic, respectively.
+If not specified, the value is assumed to be 802.1Q. Both the
+.B vf
+and
+.B vlan
+parameters must be specified.
+
+.sp
.BI rate " TXRATE"
-- change the allowed transmit bandwidth, in Mbps, for the specified VF.
Setting this parameter to 0 disables rate limiting.
@@ -1014,14 +1574,107 @@
.BI spoofchk " on|off"
- turn packet spoof checking on or off for the specified VF.
.sp
+.BI query_rss " on|off"
+- toggle the ability of querying the RSS configuration of a specific VF. VF RSS information like RSS hash key may be considered sensitive on some devices where this information is shared between VF and PF and thus its querying may be prohibited by default.
+.sp
.BI state " auto|enable|disable"
- set the virtual link state as seen by the specified VF. Setting to auto means a
reflection of the PF link state, enable lets the VF to communicate with other VFs on
this host even if the PF link state is down, disable causes the HW to drop any packets
sent by the VF.
+.sp
+.BI trust " on|off"
+- trust the specified VF user. This enables that VF user can set a specific feature
+which may impact security and/or performance. (e.g. VF multicast promiscuous mode)
+.sp
+.BI node_guid " eui64"
+- configure node GUID for Infiniband VFs.
+.sp
+.BI port_guid " eui64"
+- configure port GUID for Infiniband VFs.
.in -8
.TP
+.B xdp object "|" pinned "|" off
+set (or unset) a XDP ("eXpress Data Path") BPF program to run on every
+packet at driver level.
+.B ip link
+output will indicate a
+.B xdp
+flag for the networking device. If the driver does not have native XDP
+support, the kernel will fall back to a slower, driver-independent "generic"
+XDP variant. The
+.B ip link
+output will in that case indicate
+.B xdpgeneric
+instead of
+.B xdp
+only. If the driver does have native XDP support, but the program is
+loaded under
+.B xdpgeneric object "|" pinned
+then the kernel will use the generic XDP variant instead of the native one.
+.B xdpdrv
+has the opposite effect of requestsing that the automatic fallback to the
+generic XDP variant be disabled and in case driver is not XDP-capable error
+should be returned.
+.B xdpdrv
+also disables hardware offloads.
+.B xdpoffload
+in ip link output indicates that the program has been offloaded to hardware
+and can also be used to request the "offload" mode, much like
+.B xdpgeneric
+it forces program to be installed specifically in HW/FW of the apater.
+
+.B off
+(or
+.B none
+)
+- Detaches any currently attached XDP/BPF program from the given device.
+
+.BI object " FILE "
+- Attaches a XDP/BPF program to the given device. The
+.I FILE
+points to a BPF ELF file (f.e. generated by LLVM) that contains the BPF
+program code, map specifications, etc. If a XDP/BPF program is already
+attached to the given device, an error will be thrown. If no XDP/BPF
+program is currently attached, the device supports XDP and the program
+from the BPF ELF file passes the kernel verifier, then it will be attached
+to the device. If the option
+.I -force
+is passed to
+.B ip
+then any prior attached XDP/BPF program will be atomically overridden and
+no error will be thrown in this case. If no
+.B section
+option is passed, then the default section name ("prog") will be assumed,
+otherwise the provided section name will be used. If no
+.B verbose
+option is passed, then a verifier log will only be dumped on load error.
+See also
+.B EXAMPLES
+section for usage examples.
+
+.BI section " NAME "
+- Specifies a section name that contains the BPF program code. If no section
+name is specified, the default one ("prog") will be used. This option is
+to be passed with the
+.B object
+option.
+
+.BI verbose
+- Act in verbose mode. For example, even in case of success, this will
+print the verifier log in case a program was loaded from a BPF ELF file.
+
+.BI pinned " FILE "
+- Attaches a XDP/BPF program to the given device. The
+.I FILE
+points to an already pinned BPF program in the BPF file system. The option
+.B section
+doesn't apply here, but otherwise semantics are the same as with the option
+.B object
+described already.
+
+.TP
.BI master " DEVICE"
set master device of the device (enslave device).
@@ -1049,17 +1702,170 @@
.BR "link-netnsid "
set peer netnsid for a cross-netns interface
-.PP
-.B Warning:
-If multiple parameter changes are requested,
-.B ip
-aborts immediately after any of the changes have failed.
-This is the only case when
-.B ip
-can move the system to an unpredictable state. The solution
-is to avoid changing several parameters with one
-.B ip link set
-call.
+.TP
+.BI type " ETYPE TYPE_ARGS"
+Change type-specific settings. For a list of supported types and arguments refer
+to the description of
+.B "ip link add"
+above. In addition to that, it is possible to manipulate settings to slave
+devices:
+
+.TP
+Bridge Slave Support
+For a link with master
+.B bridge
+the following additional arguments are supported:
+
+.B "ip link set type bridge_slave"
+[
+.B fdb_flush
+] [
+.BI state " STATE"
+] [
+.BI priority " PRIO"
+] [
+.BI cost " COST"
+] [
+.BR guard " { " on " | " off " }"
+] [
+.BR hairpin " { " on " | " off " }"
+] [
+.BR fastleave " { " on " | " off " }"
+] [
+.BR root_block " { " on " | " off " }"
+] [
+.BR learning " { " on " | " off " }"
+] [
+.BR flood " { " on " | " off " }"
+] [
+.BR proxy_arp " { " on " | " off " }"
+] [
+.BR proxy_arp_wifi " { " on " | " off " }"
+] [
+.BI mcast_router " MULTICAST_ROUTER"
+] [
+.BR mcast_fast_leave " { " on " | " off "}"
+] [
+.BR mcast_flood " { " on " | " off " } ]"
+
+.in +8
+.sp
+.B fdb_flush
+- flush bridge slave's fdb dynamic entries.
+
+.BI state " STATE"
+- Set port state.
+.I STATE
+is a number representing the following states:
+.BR 0 " (disabled),"
+.BR 1 " (listening),"
+.BR 2 " (learning),"
+.BR 3 " (forwarding),"
+.BR 4 " (blocking)."
+
+.BI priority " PRIO"
+- set port priority (allowed values are between 0 and 63, inclusively).
+
+.BI cost " COST"
+- set port cost (allowed values are between 1 and 65535, inclusively).
+
+.BR guard " { " on " | " off " }"
+- block incoming BPDU packets on this port.
+
+.BR hairpin " { " on " | " off " }"
+- enable hairpin mode on this port. This will allow incoming packets on this
+port to be reflected back.
+
+.BR fastleave " { " on " | " off " }"
+- enable multicast fast leave on this port.
+
+.BR root_block " { " on " | " off " }"
+- block this port from becoming the bridge's root port.
+
+.BR learning " { " on " | " off " }"
+- allow MAC address learning on this port.
+
+.BR flood " { " on " | " off " }"
+- open the flood gates on this port, i.e. forward all unicast frames to this
+port also. Requires
+.BR proxy_arp " and " proxy_arp_wifi
+to be turned off.
+
+.BR proxy_arp " { " on " | " off " }"
+- enable proxy ARP on this port.
+
+.BR proxy_arp_wifi " { " on " | " off " }"
+- enable proxy ARP on this port which meets extended requirements by IEEE
+802.11 and Hotspot 2.0 specifications.
+
+.BI mcast_router " MULTICAST_ROUTER"
+- configure this port for having multicast routers attached. A port with a
+multicast router will receive all multicast traffic.
+.I MULTICAST_ROUTER
+may be either
+.B 0
+to disable multicast routers on this port,
+.B 1
+to let the system detect the presence of of routers (this is the default),
+.B 2
+to permanently enable multicast traffic forwarding on this port or
+.B 3
+to enable multicast routers temporarily on this port, not depending on incoming
+queries.
+
+.BR mcast_fast_leave " { " on " | " off " }"
+- this is a synonym to the
+.B fastleave
+option above.
+
+.BR mcast_flood " { " on " | " off " }"
+- controls whether a given port will be flooded with multicast traffic for which there is no MDB entry.
+
+.in -8
+
+.TP
+Bonding Slave Support
+For a link with master
+.B bond
+the following additional arguments are supported:
+
+.B "ip link set type bond_slave"
+[
+.BI queue_id " ID"
+]
+
+.in +8
+.sp
+.BI queue_id " ID"
+- set the slave's queue ID (a 16bit unsigned value).
+
+.in -8
+
+.TP
+MACVLAN and MACVTAP Support
+Modify list of allowed macaddr for link in source mode.
+
+.B "ip link set type { macvlan | macvap } "
+[
+.BI macaddr " " "" COMMAND " " MACADDR " ..."
+]
+
+Commands:
+.in +8
+.B add
+- add MACADDR to allowed list
+.sp
+.B set
+- replace allowed list
+.sp
+.B del
+- remove MACADDR from allowed list
+.sp
+.B flush
+- flush whole allowed list
+.sp
+.in -8
+
.SS ip link show - display device attributes
@@ -1084,30 +1890,34 @@
specifies the master device which enslaves devices to show.
.TP
+.BI vrf " NAME "
+.I NAME
+speficies the VRF which enslaves devices to show.
+
+.TP
.BI type " TYPE "
.I TYPE
specifies the type of devices to show.
-.TP
-The show command has additional formatting options:
+Note that the type name is not checked against the list of supported types -
+instead it is sent as-is to the kernel. Later it is used to filter the returned
+interface list by comparing it with the relevant attribute in case the kernel
+didn't filter already. Therefore any string is accepted, but may lead to empty
+output.
-.RS
-.TP
-.BR "\-s" , " \-stats", " \-statistics"
-output more statistics about packet usage.
+.SS ip link xstats - display extended statistics
.TP
-.BR "\-d", " \-details"
-output more detailed information.
+.BI type " TYPE "
+.I TYPE
+specifies the type of devices to display extended statistics for.
+
+.SS ip link afstats - display address-family specific statistics
.TP
-.BR "\-h", " \-human", " \-human-readable"
-output statistics with human readable values number followed by suffix
-
-.TP
-.BR "\-iec"
-print human readable rates in IEC units (ie. 1K = 1024).
-.RE
+.BI dev " DEVICE "
+.I DEVICE
+specifies the device to display address-family statistics for.
.SS ip link help - display help
@@ -1169,7 +1979,33 @@
.RS 4
Creates an IPIP that is encapsulated with Generic UDP Encapsulation,
and the outer UDP checksum and remote checksum offload are enabled.
-
+.RE
+.PP
+ip link set dev eth0 xdp obj prog.o
+.RS 4
+Attaches a XDP/BPF program to device eth0, where the program is
+located in prog.o, section "prog" (default section). In case a
+XDP/BPF program is already attached, throw an error.
+.RE
+.PP
+ip -force link set dev eth0 xdp obj prog.o sec foo
+.RS 4
+Attaches a XDP/BPF program to device eth0, where the program is
+located in prog.o, section "foo". In case a XDP/BPF program is
+already attached, it will be overridden by the new one.
+.RE
+.PP
+ip -force link set dev eth0 xdp pinned /sys/fs/bpf/foo
+.RS 4
+Attaches a XDP/BPF program to device eth0, where the program was
+previously pinned as an object node into BPF file system under
+name foo.
+.RE
+.PP
+ip link set dev eth0 xdp off
+.RS 4
+If a XDP/BPF program is attached on device eth0, detach it and
+effectively turn off XDP for device eth0.
.RE
.PP
ip link add link wpan0 lowpan0 type lowpan
diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8
new file mode 100644
index 0000000..1aca3bd
--- /dev/null
+++ b/man/man8/ip-macsec.8
@@ -0,0 +1,109 @@
+.TH IP\-MACSEC 8 "07 Mar 2016" "iproute" "Linux"
+.SH NAME
+ip-macsec \- MACsec device configuration
+.SH "SYNOPSIS"
+.BI "ip link add link " DEVICE " name " NAME " type macsec "
+[ [
+.BI address " <lladdr>"
+]
+.BI port " PORT"
+|
+.BI sci " <u64>"
+] [
+.BR cipher " { " default " | " gcm-aes-128 " } ] ["
+.BI icvlen " ICVLEN"
+] [
+.BR encrypt " { " on " | " off " } ] ["
+.BR send_sci " { " on " | " off " } ] ["
+.BR end_station " { " on " | " off " } ] ["
+.BR scb " { " on " | " off " } ] ["
+.BR protect " { " on " | " off " } ] ["
+.BR replay " { " on " | " off " } ] ["
+.BI window " WINDOW"
+] [
+.BR validate " { " strict " | " check " | " disabled " } ] ["
+.BI encodingsa " SA"
+]
+
+.BI "ip macsec add " DEV " tx sa"
+.RI "{ " 0..3 " } [ " OPTS " ]"
+.BI key " ID KEY"
+.br
+.BI "ip macsec set " DEV " tx sa"
+.RI "{ " 0..3 " } [ " OPTS " ]"
+.br
+.BI "ip macsec del " DEV " tx sa"
+.RI "{ " 0..3 " }"
+
+.BI "ip macsec add " DEV " rx " SCI
+.RB [ " on " | " off " ]
+.br
+.BI "ip macsec set " DEV " rx " SCI
+.RB [ " on " | " off " ]
+.br
+.BI "ip macsec del " DEV " rx " SCI
+
+.BI "ip macsec add " DEV " rx " SCI " sa"
+.RI "{ " 0..3 " } [ " OPTS " ]"
+.BI key " ID KEY"
+.br
+.BI "ip macsec set " DEV " rx " SCI " sa"
+.RI "{ " 0..3 " } [ " OPTS " ]"
+.br
+.BI "ip macsec del " DEV " rx " SCI " sa"
+.RI "{ " 0..3 " }"
+
+.B ip macsec show
+.RI [ " DEV " ]
+
+.IR OPTS " := [ "
+.BR pn " { "
+.IR 1..2^32-1 " } ] ["
+.BR on " | " off " ]"
+.br
+.IR SCI " := { "
+.B sci
+.IR <u64> " | "
+.BI port
+.IR PORT
+.BI address " <lladdr> "
+}
+.br
+.IR PORT " := { " 1..2^16-1 " } "
+
+
+.SH DESCRIPTION
+The
+.B ip macsec
+commands are used to configure transmit secure associations and receive secure channels and their secure associations on a MACsec device created with the
+.B ip link add
+command using the
+.I macsec
+type.
+
+.SH EXAMPLES
+.PP
+.SS Create a MACsec device on link eth0
+.nf
+# ip link add link eth0 macsec0 type macsec port 11 encrypt on
+.PP
+.SS Configure a secure association on that device
+.nf
+# ip macsec add macsec0 tx sa 0 pn 1024 on key 01 81818181818181818181818181818181
+.PP
+.SS Configure a receive channel
+.nf
+# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0
+.PP
+.SS Configure a receive association
+.nf
+# ip macsec add macsec0 rx port 1234 address c6:19:52:8f:e6:a0 sa 0 pn 1 on key 00 82828282828282828282828282828282
+.PP
+.SS Display MACsec configuration
+.nf
+# ip macsec show
+.SH SEE ALSO
+.br
+.BR ip-link (8)
+.SH AUTHOR
+Sabrina Dubroca <sd@queasysnail.net>
diff --git a/man/man8/ip-monitor.8 b/man/man8/ip-monitor.8
index d2bd381..86f8f98 100644
--- a/man/man8/ip-monitor.8
+++ b/man/man8/ip-monitor.8
@@ -6,9 +6,7 @@
.ad l
.in +8
.ti -8
-.BR "ip " " [ "
-.IR ip-OPTIONS " ]"
-.BR "monitor" " [ " all " |"
+.BR "ip monitor" " [ " all " |"
.IR OBJECT-LIST " ] ["
.BI file " FILENAME "
] [
diff --git a/man/man8/ip-mroute.8 b/man/man8/ip-mroute.8
index e89b6b2..b64e30d 100644
--- a/man/man8/ip-mroute.8
+++ b/man/man8/ip-mroute.8
@@ -6,7 +6,7 @@
.ad l
.in +8
.ti -8
-.BR "ip " " [ ip-OPTIONS ] " "mroute show" " [ [ "
+.BR "ip mroute show" " [ [ "
.BR " to " " ] "
.IR PREFIX " ] [ "
.B from
diff --git a/man/man8/ip-neighbour.8 b/man/man8/ip-neighbour.8
index c9b0256..bbfe8e7 100644
--- a/man/man8/ip-neighbour.8
+++ b/man/man8/ip-neighbour.8
@@ -18,7 +18,9 @@
.IR ADDR " [ "
.B lladdr
.IR LLADDR " ] [ "
-.BR nud " { " permanent " | " noarp " | " stale " | " reachable " } ] | " proxy
+.B nud
+.IR STATE " ] |"
+.B proxy
.IR ADDR " } [ "
.B dev
.IR DEV " ]"
@@ -29,8 +31,14 @@
.B dev
.IR DEV " ] [ "
.B nud
-.IR STATE " ]"
+.IR STATE " ] [ "
+.B vrf
+.IR NAME " ] "
+.ti -8
+.IR STATE " := {"
+.BR permanent " | " noarp " | " stale " | " reachable " | " none " |"
+.BR incomplete " | " delay " | " probe " | " failed " }"
.SH DESCRIPTION
The
@@ -75,12 +83,13 @@
.BR "null" .
.TP
-.BI nud " NUD_STATE"
+.BI nud " STATE"
the state of the neighbour entry.
.B nud
is an abbreviation for 'Neighbour Unreachability Detection'.
The state can take one of the following values:
+.RS
.TP
.B permanent
the neighbour entry is valid forever and can be only
@@ -100,6 +109,24 @@
.B ip neigh
does not change the neighbour state if it was valid and the address
is not changed by this command.
+.TP
+.B none
+this is a pseudo state used when initially creating a neighbour entry or after
+trying to remove it before it becomes free to do so.
+.TP
+.B incomplete
+the neighbour entry has not (yet) been validated/resolved.
+.TP
+.B delay
+neighbor entry validation is currently delayed.
+.TP
+.B probe
+neighbor is being probed.
+.TP
+.B failed
+max number of probes exceeded without success, neighbor validation has
+ultimately failed.
+.RE
.RE
.TP
@@ -139,6 +166,10 @@
only list the neighbours attached to this device.
.TP
+.BI vrf " NAME"
+only list the neighbours for given VRF.
+
+.TP
.BI proxy
list neighbour proxies.
@@ -147,7 +178,7 @@
only list neighbours which are not currently in use.
.TP
-.BI nud " NUD_STATE"
+.BI nud " STATE"
only list neighbour entries in this state.
.I NUD_STATE
takes values listed below or the special value
diff --git a/man/man8/ip-netconf.8 b/man/man8/ip-netconf.8
index 2718258..7fe3e5f 100644
--- a/man/man8/ip-netconf.8
+++ b/man/man8/ip-netconf.8
@@ -15,7 +15,7 @@
.B ip netconf
utility can monitor IPv4 and IPv6 parameters (see
.BR "/proc/sys/net/ipv[4|6]/conf/[all|DEV]/" ")"
-like forwarding, rp_filter
+like forwarding, rp_filter, proxy_neigh, ignore_routes_with_linkdown
or mc_forwarding status.
If no interface is specified, the entry
diff --git a/man/man8/ip-netns.8 b/man/man8/ip-netns.8
index c9b0fbc..c5310e2 100644
--- a/man/man8/ip-netns.8
+++ b/man/man8/ip-netns.8
@@ -13,7 +13,7 @@
.BR help " }"
.sp
.ti -8
-.BR "ip netns" " { " list " } "
+.BR "ip netns" " [ " list " ]"
.ti -8
.B ip netns add
@@ -24,7 +24,7 @@
.RI "[ " NETNSNAME " ]"
.ti -8
-.BR "ip netns" " { " set " } "
+.B ip netns set
.I NETNSNAME NETNSID
.ti -8
diff --git a/man/man8/ip-ntable.8 b/man/man8/ip-ntable.8
index 462e589..4f0f2e5 100644
--- a/man/man8/ip-ntable.8
+++ b/man/man8/ip-ntable.8
@@ -8,7 +8,7 @@
.ti -8
.B ip
.RI "[ " OPTIONS " ]"
-.B address
+.B ntable
.RI " { " COMMAND " | "
.BR help " }"
.sp
@@ -17,34 +17,39 @@
.BR "ip ntable change name"
.IR NAME " [ "
.B dev
-.IR DEV " ] " PARMS
-
-.ti -8
-.IR PARMS " := { "
+.IR DEV " ] ["
.B thresh1
-.IR VAL " | "
+.IR VAL " ] ["
.B thresh2
-.IR VAL " | "
+.IR VAL " ] ["
.B thresh3
-.IR VAL " | "
+.IR VAL " ] ["
.B gc_int
-.IR MSEC " | "
+.IR MSEC " ] ["
.B base_reachable
-.IR MSEC " | "
+.IR MSEC " ] ["
.B retrans
-.IR MSEC " | " "gc_stale MSEC " " | "
+.IR MSEC " ] ["
+.B gc_stale
+.IR MSEC " ] ["
.B delay_probe
-.IR MSEC " | " "queue LEN " " | "
+.IR MSEC " ] ["
+.B queue
+.IR LEN " ] ["
.B app_probs
-.IR VAL " | "
+.IR VAL " ] ["
.B ucast_probes
-.IR VAL " | " "mcast_probes VAL " " | "
+.IR VAL " ] ["
+.B mcast_probes
+.IR VAL " ] ["
.B anycast_delay
-.IR MSEC " | "
+.IR MSEC " ] ["
.B proxy_delay
-.IR MSEC " | " "proxy_queue LEN " " | "
+.IR MSEC " ] ["
+.B proxy_queue
+.IR LEN " ] ["
.B locktime
-.IR MSEC " }"
+.IR MSEC " ]"
.ti -8
.BR "ip ntable show" " [ "
diff --git a/man/man8/ip-route.8.in b/man/man8/ip-route.8.in
index c764bfc..705ceb2 100644
--- a/man/man8/ip-route.8.in
+++ b/man/man8/ip-route.8.in
@@ -16,7 +16,7 @@
.ti -8
.BR "ip route" " { "
-.BR list " | " flush " } "
+.BR show " | " flush " } "
.I SELECTOR
.ti -8
@@ -28,12 +28,15 @@
.ti -8
.B ip route get
+.I ROUTE_GET_FLAGS
.IR ADDRESS " [ "
.BI from " ADDRESS " iif " STRING"
.RB " ] [ " oif
.IR STRING " ] [ "
.B tos
-.IR TOS " ]"
+.IR TOS " ] [ "
+.B vrf
+.IR NAME " ] "
.ti -8
.BR "ip route" " { " add " | " del " | " change " | " append " | "\
@@ -50,6 +53,8 @@
.IR PREFIX " ] [ "
.B table
.IR TABLE_ID " ] [ "
+.B vrf
+.IR NAME " ] [ "
.B proto
.IR RTPROTO " ] [ "
.B type
@@ -71,7 +76,9 @@
.B scope
.IR SCOPE " ] [ "
.B metric
-.IR METRIC " ]"
+.IR METRIC " ] [ "
+.B ttl-propagate
+.RB "{ " enabled " | " disabled " } ]"
.ti -8
.IR INFO_SPEC " := " "NH OPTIONS FLAGS" " ["
@@ -170,12 +177,14 @@
.ti -8
.IR ENCAP " := [ "
-.IR MPLS " | " IP " ]"
+.IR MPLS " | " IP " | " BPF " | " SEG6 " | " SEG6LOCAL " ] "
.ti -8
.IR ENCAP_MPLS " := "
.BR mpls " [ "
-.IR LABEL " ]"
+.IR LABEL " ] ["
+.B ttl
+.IR TTL " ]"
.ti -8
.IR ENCAP_IP " := "
@@ -189,6 +198,41 @@
.B ttl
.IR TTL " ]"
+.ti -8
+.IR ENCAP_BPF " := "
+.BR bpf " [ "
+.B in
+.IR PROG " ] ["
+.B out
+.IR PROG " ] ["
+.B xmit
+.IR PROG " ] ["
+.B headroom
+.IR SIZE " ]"
+
+.ti -8
+.IR ENCAP_SEG6 " := "
+.B seg6
+.BR mode " [ "
+.BR encap " | " inline " | " l2encap " ] "
+.B segs
+.IR SEGMENTS " [ "
+.B hmac
+.IR KEYID " ]"
+
+.ti -8
+.IR ENCAP_SEG6LOCAL " := "
+.B seg6local
+.BR action
+.IR SEG6_ACTION " [ "
+.IR SEG6_ACTION_PARAM " ] "
+
+.ti -8
+.IR ROUTE_GET_FLAGS " := "
+.BR " [ "
+.BR fibmatch
+.BR " ] "
+
.SH DESCRIPTION
.B ip route
is used to manipulate entries in the kernel routing tables.
@@ -278,7 +322,7 @@
.P
.B Route tables:
Linux-2.x can pack routes into several routing tables identified
-by a number in the range from 1 to 2^31 or by name from the file
+by a number in the range from 1 to 2^32-1 or by name from the file
.B @SYSCONFDIR@/rt_tables
By default all normal routes are inserted into the
.B main
@@ -350,7 +394,7 @@
.BI preference " NUMBER"
the preference value of the route.
.I NUMBER
-is an arbitrary 32bit number.
+is an arbitrary 32bit number, where routes with lower values are preferred.
.TP
.BI table " TABLEID"
@@ -369,6 +413,11 @@
table by default.
.TP
+.BI vrf " NAME"
+the vrf name to add this route to. Implicitly means the table
+associated with the VRF.
+
+.TP
.BI dev " NAME"
the output device name.
@@ -627,6 +676,14 @@
.BI ip
- IP encapsulation (Geneve, GRE, VXLAN, ...)
.sp
+.BI bpf
+- Execution of BPF program
+.sp
+.BI seg6
+- encapsulation type IPv6 Segment Routing
+.sp
+.BI seg6local
+- local SRv6 segment processing
.in -8
.I ENCAPHDR
@@ -639,6 +696,11 @@
.I MPLSLABEL
- mpls label stack with labels separated by
.I "/"
+.sp
+
+.B ttl
+.I TTL
+- TTL to use for MPLS header or 0 to inherit from IP header
.in -2
.sp
@@ -655,8 +717,103 @@
.in -2
.sp
+.B bpf
+.in +2
+.B in
+.I PROG
+- BPF program to execute for incoming packets
+.sp
+
+.B out
+.I PROG
+- BPF program to execute for outgoing packets
+.sp
+
+.B xmit
+.I PROG
+- BPF program to execute for transmitted packets
+.sp
+
+.B headroom
+.I SIZE
+- Size of header BPF program will attach (xmit)
+.in -2
+.sp
+
+.B seg6
+.in +2
+.B mode inline
+- Directly insert Segment Routing Header after IPv6 header
+.sp
+
+.B mode encap
+- Encapsulate packet in an outer IPv6 header with SRH
+.sp
+
+.B mode l2encap
+- Encapsulate ingress L2 frame within an outer IPv6 header and SRH
+.sp
+
+.I SEGMENTS
+- List of comma-separated IPv6 addresses
+.sp
+
+.I KEYID
+- Numerical value in decimal representation. See \fBip-sr\fR(8).
+.in -2
+.sp
+
+.B seg6local
+.in +2
+.IR SEG6_ACTION " [ "
+.IR SEG6_ACTION_PARAM " ] "
+- Operation to perform on matching packets.
+The following actions are currently supported (\fB4.14+ only\fR).
+.in +2
+
+.B End
+- Regular SRv6 processing as intermediate segment endpoint.
+This action only accepts packets with a non-zero Segments Left
+value. Other matching packets are dropped.
+
+.B End.X nh6
+.I NEXTHOP
+- Regular SRv6 processing as intermediate segment endpoint.
+Additionally, forward processed packets to given next-hop.
+This action only accepts packets with a non-zero Segments Left
+value. Other matching packets are dropped.
+
+.B End.DX6 nh6
+.I NEXTHOP
+- Decapsulate inner IPv6 packet and forward it to the
+specified next-hop. If the argument is set to ::, then
+the next-hop is selected according to the local selection
+rules. This action only accepts packets with either a zero Segments
+Left value or no SRH at all, and an inner IPv6 packet. Other
+matching packets are dropped.
+
+.B End.B6 srh segs
+.IR SEGMENTS " [ "
+.B hmac
+.IR KEYID " ] "
+- Insert the specified SRH immediately after the IPv6 header,
+update the DA with the first segment of the newly inserted SRH,
+then forward the resulting packet. The original SRH is not
+modified. This action only accepts packets with a non-zero
+Segments Left value. Other matching packets are dropped.
+
+.B End.B6.Encaps srh segs
+.IR SEGMENTS " [ "
+.B hmac
+.IR KEYID " ] "
+- Regular SRv6 processing as intermediate segment endpoint.
+Additionally, encapsulate the matching packet within an outer IPv6 header
+followed by the specified SRH. The destination address of the outer IPv6
+header is set to the first segment of the new SRH. The source
+address is set as described in \fBip-sr\fR(8).
+.in -4
+
.in -8
-.RE
.TP
.BI expires " TIME " "(4.4+ only)"
@@ -665,6 +822,13 @@
support IPv6 at present.
.TP
+.BR ttl-propagate " { " enabled " | " disabled " } "
+Control whether TTL should be propagated from any encap into the
+un-encapsulated packet, overriding any global configuration. Only
+supported for MPLS at present.
+.RE
+
+.TP
ip route delete
delete route
.RS
@@ -746,6 +910,10 @@
.in -8
.TP
+.BI vrf " NAME"
+show the routes for the table associated with the vrf name
+
+.TP
.B cloned
.TP
.B cached
@@ -833,6 +1001,11 @@
contents exactly as the kernel sees it.
.TP
+.BI fibmatch
+Return full fib lookup matched route. Default is to return the resolved
+dst entry
+
+.TP
.BI to " ADDRESS " (default)
the destination address.
@@ -855,6 +1028,10 @@
force the output device on which this packet will be routed.
.TP
+.BI vrf " NAME"
+force the vrf device on which this packet will be routed.
+
+.TP
.B connected
if no source address
.RB "(option " from ")"
@@ -907,6 +1084,12 @@
already exist in the table will be ignored.
.RE
+.SH NOTES
+Starting with Linux kernel version 3.6, there is no routing cache for IPv4
+anymore. Hence
+.B "ip route show cached"
+will never print any entries on systems with this or newer kernel versions.
+
.SH EXAMPLES
.PP
ip ro
@@ -924,6 +1107,11 @@
.RS 4
Adds an ipv4 route with mpls encapsulation attributes attached to it.
.RE
+.PP
+ip -6 route add 2001:db8:1::/64 encap seg6 mode encap segs 2001:db8:42::1,2001:db8:ffff::2 dev eth0
+.RS 4
+Adds an IPv6 route with SRv6 encapsulation and two segments attached.
+.RE
.SH SEE ALSO
.br
.BR ip (8)
diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8
index b7008c6..a5c4798 100644
--- a/man/man8/ip-rule.8
+++ b/man/man8/ip-rule.8
@@ -9,20 +9,27 @@
.B ip
.RI "[ " OPTIONS " ]"
.B rule
-.RI " { " COMMAND " | "
+.RI "{ " COMMAND " | "
.BR help " }"
.sp
.ti -8
.B ip rule
-.RB " [ " list " | " add " | " del " | " flush " | " save " ]"
+.RB "[ " list
+.RI "[ " SELECTOR " ]]"
+
+.ti -8
+.B ip rule
+.RB "{ " add " | " del " }"
.I SELECTOR ACTION
.ti -8
-.B ip rule " restore "
+.B ip rule
+.RB "{ " flush " | " save " | " restore " }"
.ti -8
.IR SELECTOR " := [ "
+.BR not " ] ["
.B from
.IR PREFIX " ] [ "
.B to
@@ -30,13 +37,14 @@
.B tos
.IR TOS " ] [ "
.B fwmark
-.IR FWMARK[/MASK] " ] [ "
+.IR FWMARK\fR[\fB/\fIMASK "] ] [ "
.B iif
.IR STRING " ] [ "
.B oif
.IR STRING " ] [ "
.B pref
-.IR NUMBER " ]"
+.IR NUMBER " ] [ "
+.BR l3mdev " ]"
.ti -8
.IR ACTION " := [ "
@@ -45,8 +53,9 @@
.B nat
.IR ADDRESS " ] [ "
.B realms
-.RI "[" SRCREALM "/]" DSTREALM " ]"
-.I SUPPRESSOR
+.RI "[" SRCREALM "\fB/\fR]" DSTREALM " ] ["
+.B goto
+.IR NUMBER " ] " SUPPRESSOR
.ti -8
.IR SUPPRESSOR " := [ "
@@ -86,7 +95,10 @@
.B selector
and an
.B action predicate.
-The RPDB is scanned in order of decreasing priority. The selector
+The RPDB is scanned in order of decreasing priority (note that lower number
+means higher priority, see the description of
+.I PREFERENCE
+below). The selector
of each rule is applied to {source address, destination address, incoming
interface, tos, fwmark} and, if the selector matches the packet,
the action is performed. The action predicate may return with success.
@@ -111,8 +123,6 @@
.B local
table is a special routing table containing
high priority control routes for local and broadcast addresses.
-.sp
-Rule 0 is special. It cannot be deleted or overridden.
.TP
2.
@@ -216,8 +226,11 @@
.TP
.BI priority " PREFERENCE"
-the priority of this rule. Each rule should have an explicitly
-set
+the priority of this rule.
+.I PREFERENCE
+is an unsigned integer value, higher number means lower priority, and rules get
+processed in order of increasing number. Each rule
+should have an explicitly set
.I unique
priority value.
The options preference and order are synonyms with priority.
diff --git a/man/man8/ip-sr.8 b/man/man8/ip-sr.8
new file mode 100644
index 0000000..6be1cc5
--- /dev/null
+++ b/man/man8/ip-sr.8
@@ -0,0 +1,58 @@
+.TH IP\-SR 8 "14 Apr 2017" "iproute2" "Linux"
+.SH "NAME"
+ip-sr \- IPv6 Segment Routing management
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B ip sr
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+.ti -8
+
+.ti -8
+.B ip sr hmac show
+
+.ti -8
+.B ip sr hmac set
+.I KEYID ALGO
+
+.ti -8
+.B ip sr tunsrc show
+
+.ti -8
+.B ip sr tunsrc set
+.I ADDRESS
+
+.SH DESCRIPTION
+The \fBip sr\fR command is used to configure IPv6 Segment Routing (SRv6)
+internal parameters.
+.PP
+Those parameters include the mapping between an HMAC key ID and its associated
+hashing algorithm and secret, and the IPv6 address to use as source for encapsulated
+packets.
+.PP
+The \fBip sr hmac set\fR command prompts for a passphrase that will be used as the
+HMAC secret for the corresponding key ID. A blank passphrase removes the mapping.
+The currently supported algorithms for \fIALGO\fR are \fBsha1\fR and \fBsha256\fR.
+.PP
+If the tunnel source is set to the address :: (which is the default), then an address
+of the egress interface will be selected. As this operation may hinder performances,
+it is recommended to set a non-default address.
+
+.SH EXAMPLES
+.PP
+.SS Configure an HMAC mapping for key ID 42 and hashing algorithm SHA-256
+.nf
+# ip sr hmac set 42 sha256
+.PP
+.SS Set the tunnel source address to 2001:db8::1
+.nf
+# ip sr tunsrc set 2001:db8::1
+.SH SEE ALSO
+.br
+.BR ip-route (8)
+.SH AUTHOR
+David Lebrun <david.lebrun@uclouvain.be>
diff --git a/man/man8/ip-token.8 b/man/man8/ip-token.8
index 35a3d1e..6505b8c 100644
--- a/man/man8/ip-token.8
+++ b/man/man8/ip-token.8
@@ -7,23 +7,27 @@
.in +8
.ti -8
.B ip token
-.RI " { " COMMAND " | "
+.RI "{ " COMMAND " | "
.BR help " }"
.sp
.ti -8
-.BR "ip token" " { " set " } "
+.B ip token set
.IR TOKEN
.B dev
.IR DEV
.ti -8
-.BR "ip token" " { " get " } "
-.B dev
+.B ip token del dev
.IR DEV
.ti -8
-.BR "ip token" " { " list " }"
+.B ip token get
+.RB "[ " dev
+.IR DEV " ]"
+
+.ti -8
+.BR "ip token" " [ " list " ]"
.SH "DESCRIPTION"
IPv6 tokenized interface identifier support is used for assigning well-known
@@ -37,8 +41,7 @@
[1]: <draft-chown-6man-tokenised-ipv6-identifiers-02>.
.SS ip token set - set an interface token
-set the interface token to the kernel. Once a token is set, it cannot be
-removed from the interface, only overwritten.
+set the interface token to the kernel.
.TP
.I TOKEN
the interface identifier token address.
@@ -46,6 +49,12 @@
.BI dev " DEV"
the networking interface.
+.SS ip token del - delete an interface token
+delete the interface token from the kernel.
+.TP
+.BI dev " DEV"
+the networking interface.
+
.SS ip token get - get the interface token from the kernel
show a tokenized interface identifier of a particular networking device.
.B Arguments:
diff --git a/man/man8/ip-tunnel.8 b/man/man8/ip-tunnel.8
index 8b746cb..7ddbffb 100644
--- a/man/man8/ip-tunnel.8
+++ b/man/man8/ip-tunnel.8
@@ -11,7 +11,7 @@
.ti -8
.BR "ip "
.RI "[ " OPTIONS " ]"
-.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " }"
+.BR "tunnel" " { " add " | " change " | " del " | " show " | " prl " | " 6rd " }"
.RI "[ " NAME " ]"
.br
.RB "[ " mode
@@ -42,7 +42,14 @@
.B prl-delete
.IR ADDR " ]"
.br
+.RB "[ " 6rd-prefix
+.IR ADDR " ] ["
+.B 6rd-relay_prefix
+.IR ADDR " ] [
+.BR 6rd-reset " ]"
+.br
.RB "[ [" no "]" pmtudisc " ]"
+.RB "[ [" no "]" ignore-df " ]"
.RB "[ " dev
.IR PHYS_DEV " ]"
@@ -75,9 +82,6 @@
.ti -8
.IR KEY " := { " DOTTED_QUAD " | " NUMBER " }"
-.ti -8
-.IR TIME " := " NUMBER "[s|ms]"
-
.SH DESCRIPTION
.B tunnel
objects are tunnels, encapsulating packets in IP packets and then
@@ -173,6 +177,14 @@
discovery.
.TP
+.B ignore-df
+enable IPv4 DF suppression on this tunnel.
+Normally datagrams that exceed the MTU will be fragmented; the presence
+of the DF flag inhibits this, resulting instead in an ICMP Unreachable
+(Fragmentation Required) message. Enabling this attribute casues the
+DF flag to be ignored.
+
+.TP
.BI key " K"
.TP
.BI ikey " K"
diff --git a/man/man8/ip-vrf.8 b/man/man8/ip-vrf.8
new file mode 100644
index 0000000..1878933
--- /dev/null
+++ b/man/man8/ip-vrf.8
@@ -0,0 +1,99 @@
+.TH IP\-VRF 8 "7 Dec 2016" "iproute2" "Linux"
+.SH NAME
+ip-vrf \- run a command against a vrf
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B ip
+.B vrf
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.BR "ip vrf show"
+.RI "[ " NAME " ]"
+
+.ti -8
+.BR "ip vrf identify"
+.RI "[ " PID " ]"
+
+.ti -8
+.BR "ip vrf pids"
+.I NAME
+
+.ti -8
+.BR "ip vrf exec "
+.RI "[ " NAME " ] " command ...
+
+.SH DESCRIPTION
+A VRF provides traffic isolation at layer 3 for routing, similar to how a
+VLAN is used to isolate traffic at layer 2. Fundamentally, a VRF is a separate
+routing table. Network devices are associated with a VRF by enslaving the
+device to the VRF. At that point network addresses assigned to the device are
+local to the VRF with host and connected routes moved to the table associated
+with the VRF.
+
+A process can specify a VRF using several APIs -- binding the socket to the
+VRF device using SO_BINDTODEVICE, setting the VRF association using
+IP_UNICAST_IF or IPV6_UNICAST_IF, or specifying the VRF for a specific message
+using IP_PKTINFO or IPV6_PKTINFO.
+
+By default a process is not bound to any VRF. An association can be set
+explicitly by making the program use one of the APIs mentioned above or
+implicitly using a helper to set SO_BINDTODEVICE for all IPv4 and IPv6
+sockets (AF_INET and AF_INET6) when the socket is created. This ip-vrf command
+is a helper to run a command against a specific VRF with the VRF association
+inherited parent to child.
+
+.TP
+.B ip vrf show [ NAME ] - Show all configured VRF
+.sp
+This command lists all VRF and their corresponding table ids. If NAME is
+given, then only that VRF and table id is shown. The latter command is
+useful for scripting where the table id for a VRF is needed.
+
+.TP
+.B ip vrf exec [ NAME ] cmd ... - Run cmd against the named VRF
+.sp
+This command allows applications that are VRF unaware to be run against
+a VRF other than the default VRF (main table). A command can be run against
+the default VRF by passing the "default" as the VRF name. This is useful if
+the current shell is associated with another VRF (e.g, Management VRF).
+
+.TP
+.B ip vrf identify [PID] - Report VRF association for process
+.sp
+This command shows the VRF association of the specified process. If PID is
+not specified then the id of the current process is used.
+
+.TP
+.B ip vrf pids NAME - Report processes associated with the named VRF
+.sp
+This command shows all process ids that are associated with the given
+VRF.
+
+.SH CAVEATS
+This command requires a kernel compiled with CGROUPS and CGROUP_BPF enabled.
+
+The VRF helper *only* affects network layer sockets.
+
+.SH EXAMPLES
+.PP
+ip vrf exec red ssh 10.100.1.254
+.RS
+Executes ssh to 10.100.1.254 against the VRF red table.
+.RE
+
+.SH SEE ALSO
+.br
+.BR ip (8),
+.BR ip-link (8),
+.BR ip-address (8),
+.BR ip-route (8),
+.BR ip-neighbor (8)
+
+.SH AUTHOR
+Original Manpage by David Ahern
diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
index dae0728..a0bbef5 100644
--- a/man/man8/ip-xfrm.8
+++ b/man/man8/ip-xfrm.8
@@ -57,6 +57,8 @@
.IR ADDR "[/" PLEN "] ]"
.RB "[ " ctx
.IR CTX " ]"
+.RB "[ " extra-flag
+.IR EXTRA-FLAG-LIST " ]"
.ti -8
.B "ip xfrm state allocspi"
@@ -196,6 +198,13 @@
.IR SPORT " " DPORT " " OADDR
.ti -8
+.IR EXTRA-FLAG-LIST " := [ " EXTRA-FLAG-LIST " ] " EXTRA-FLAG
+
+.ti -8
+.IR EXTRA-FLAG " := "
+.B dont-encap-dscp
+
+.ti -8
.BR "ip xfrm policy" " { " add " | " update " }"
.I SELECTOR
.B dir
@@ -247,6 +256,8 @@
.IR ACTION " ]"
.RB "[ " priority
.IR PRIORITY " ]"
+.RB "[ " flag
+.IR FLAG-LIST "]"
.ti -8
.B "ip xfrm policy flush"
@@ -466,7 +477,7 @@
Authentication algorithms include
.BR digest_null ", " hmac(md5) ", " hmac(sha1) ", " hmac(sha256) ","
-.BR hmac(sha384) ", " hmac(sha512) ", " hmac(rmd610) ", and " xcbc(aes) "."
+.BR hmac(sha384) ", " hmac(sha512) ", " hmac(rmd160) ", and " xcbc(aes) "."
Authenticated encryption with associated data (AEAD) algorithms include
.BR rfc4106(gcm(aes)) ", " rfc4309(ccm(aes)) ", and " rfc4543(gcm(aes)) "."
diff --git a/man/man8/ip.8 b/man/man8/ip.8
index b1f6907..ae018fd 100644
--- a/man/man8/ip.8
+++ b/man/man8/ip.8
@@ -21,7 +21,8 @@
.IR OBJECT " := { "
.BR link " | " address " | " addrlabel " | " route " | " rule " | " neigh " | "\
ntable " | " tunnel " | " tuntap " | " maddress " | " mroute " | " mrule " | "\
- monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " }"
+ monitor " | " xfrm " | " netns " | " l2tp " | " tcp_metrics " | " token " | "\
+ macsec " }"
.sp
.ti -8
@@ -29,13 +30,26 @@
\fB\-V\fR[\fIersion\fR] |
\fB\-h\fR[\fIuman-readable\fR] |
\fB\-s\fR[\fItatistics\fR] |
+\fB\-d\fR[\fIetails\fR] |
\fB\-r\fR[\fIesolve\fR] |
+\fB\-iec\fR |
\fB\-f\fR[\fIamily\fR] {
.BR inet " | " inet6 " | " ipx " | " dnet " | " link " } | "
+\fB-4\fR |
+\fB-6\fR |
+\fB-I\fR |
+\fB-D\fR |
+\fB-B\fR |
+\fB-0\fR |
+\fB-l\fR[\fIoops\fR] { \fBmaximum-addr-flush-attempts\fR } |
\fB\-o\fR[\fIneline\fR] |
+\fB\-rc\fR[\fIvbuf\fR] [\fBsize\fR] |
+\fB\-t\fR[\fIimestamp\fR] |
+\fB\-ts\fR[\fIhort\fR] |
\fB\-n\fR[\fIetns\fR] name |
\fB\-a\fR[\fIll\fR] |
-\fB\-c\fR[\fIolor\fR] }
+\fB\-c\fR[\fIolor\fR]
+\fB\-br\fR[\fIief\fR] }
.SH OPTIONS
@@ -179,6 +193,25 @@
.BR "\-t" , " \-timestamp"
display current time when using monitor option.
+.TP
+.BR "\-ts" , " \-tshort"
+Like
+.BR \-timestamp ,
+but use shorter format.
+
+.TP
+.BR "\-rc" , " \-rcvbuf" <SIZE>
+Set the netlink socket receive buffer size, defaults to 1MB.
+
+.TP
+.BR "\-iec"
+print human readable rates in IEC units (e.g. 1Ki = 1024).
+
+.TP
+.BR "\-br" , "\-brief"
+Print only basic information in a tabular format for better readability. This option is currently only supported by
+.BR "ip addr show " and " ip link show " commands.
+
.SH IP - COMMAND SYNTAX
.SS
@@ -241,6 +274,10 @@
- manage TCP Metrics
.TP
+.B token
+- manage tokenized interface identifiers.
+
+.TP
.B tunnel
- tunnel over IP.
@@ -288,6 +325,34 @@
Exit status is 0 if command was successful, and 1 if there is a syntax error.
If an error was reported by the kernel exit status is 2.
+.SH "EXAMPLES"
+.PP
+ip addr
+.RS 4
+Shows addresses assigned to all network interfaces.
+.RE
+.PP
+ip neigh
+.RS 4
+Shows the current neighbour table in kernel.
+.RE
+.PP
+ip link set x up
+.RS 4
+Bring up interface x.
+.RE
+.PP
+ip link set x down
+.RE
+.RS 4
+Bring down interface x.
+.RE
+.PP
+ip route
+.RS 4
+Show table routes.
+.RE
+
.SH HISTORY
.B ip
was written by Alexey N. Kuznetsov and added in Linux 2.2.
@@ -305,6 +370,7 @@
.BR ip-route (8),
.BR ip-rule (8),
.BR ip-tcp_metrics (8),
+.BR ip-token (8),
.BR ip-tunnel (8),
.BR ip-xfrm (8)
.br
diff --git a/man/man8/rdma-dev.8 b/man/man8/rdma-dev.8
new file mode 100644
index 0000000..461681b
--- /dev/null
+++ b/man/man8/rdma-dev.8
@@ -0,0 +1,55 @@
+.TH RDMA\-DEV 8 "06 Jul 2017" "iproute2" "Linux"
+.SH NAME
+rdmak-dev \- RDMA device configuration
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B rdma
+.RI "[ " OPTIONS " ]"
+.B dev
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-d\fR[\fIetails\fR] }
+
+.ti -8
+.B rdma dev show
+.RI "[ " DEV " ]"
+
+.ti -8
+.B rdma dev help
+
+.SH "DESCRIPTION"
+.SS rdma dev show - display rdma device attributes
+
+.PP
+.I "DEV"
+- specifies the RDMA device to show.
+If this argument is omitted all devices are listed.
+
+.SH "EXAMPLES"
+.PP
+rdma dev
+.RS 4
+Shows the state of all RDMA devices on the system.
+.RE
+.PP
+rdma dev show mlx5_3
+.RS 4
+Shows the state of specified RDMA device.
+.RE
+.PP
+
+.SH SEE ALSO
+.BR rdma (8),
+.BR rdma-link (8),
+.br
+
+.SH AUTHOR
+Leon Romanovsky <leonro@mellanox.com>
diff --git a/man/man8/rdma-link.8 b/man/man8/rdma-link.8
new file mode 100644
index 0000000..8ed049e
--- /dev/null
+++ b/man/man8/rdma-link.8
@@ -0,0 +1,55 @@
+.TH RDMA\-LINK 8 "06 Jul 2017" "iproute2" "Linux"
+.SH NAME
+rdma-link \- rdma link configuration
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B devlink
+.RI "[ " OPTIONS " ]"
+.B link
+.RI " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-d\fR[\fIetails\fR] }
+
+.ti -8
+.B rdma link show
+.RI "[ " DEV/PORT_INDEX " ]"
+
+.ti -8
+.B rdma link help
+
+.SH "DESCRIPTION"
+.SS rdma link show - display rdma link attributes
+
+.PP
+.I "DEV/PORT_INDEX"
+- specifies the RDMa link to show.
+If this argument is omitted all links are listed.
+
+.SH "EXAMPLES"
+.PP
+rdma link show
+.RS 4
+Shows the state of all rdma links on the system.
+.RE
+.PP
+rdma link show mlx5_2/1
+.RS 4
+Shows the state of specified rdma link.
+.RE
+.PP
+
+.SH SEE ALSO
+.BR rdma (8),
+.BR rdma-dev (8),
+.br
+
+.SH AUTHOR
+Leon Romanovsky <leonro@mellanox.com>
diff --git a/man/man8/rdma.8 b/man/man8/rdma.8
new file mode 100644
index 0000000..798b33d
--- /dev/null
+++ b/man/man8/rdma.8
@@ -0,0 +1,102 @@
+.TH RDMA 8 "28 Mar 2017" "iproute2" "Linux"
+.SH NAME
+rdma \- RDMA tool
+.SH SYNOPSIS
+.sp
+.ad l
+.in +8
+.ti -8
+.B rdma
+.RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | "
+.BR help " }"
+.sp
+
+.ti -8
+.IR OBJECT " := { "
+.BR dev " | " link " }"
+.sp
+
+.ti -8
+.IR OPTIONS " := { "
+\fB\-V\fR[\fIersion\fR] |
+\fB\-d\fR[\fIetails\fR] }
+\fB\-j\fR[\fIson\fR] }
+\fB\-p\fR[\fIretty\fR] }
+
+.SH OPTIONS
+
+.TP
+.BR "\-V" , " -Version"
+Print the version of the
+.B rdma
+tool and exit.
+
+.TP
+.BR "\-d" , " --details"
+Otuput detailed information.
+
+.TP
+.BR "\-p" , " --pretty"
+When combined with -j generate a pretty JSON output.
+
+.TP
+.BR "\-j" , " --json"
+Generate JSON output.
+
+.SS
+.I OBJECT
+
+.TP
+.B dev
+- RDMA device.
+
+.TP
+.B link
+- RDMA port related.
+
+.PP
+The names of all objects may be written in full or
+abbreviated form, for example
+.B stats
+can be abbreviated as
+.B stat
+or just
+.B s.
+
+.SS
+.I COMMAND
+
+Specifies the action to perform on the object.
+The set of possible actions depends on the object type.
+As a rule, it is possible to
+.B show
+(or
+.B list
+) objects, but some objects do not allow all of these operations
+or have some additional commands. The
+.B help
+command is available for all objects. It prints
+out a list of available commands and argument syntax conventions.
+.sp
+If no command is given, some default command is assumed.
+Usually it is
+.B list
+or, if the objects of this class cannot be listed,
+.BR "help" .
+
+.SH EXIT STATUS
+Exit status is 0 if command was successful or a positive integer upon failure.
+
+.SH SEE ALSO
+.BR rdma-dev (8),
+.BR rdma-link (8),
+.br
+
+.SH REPORTING BUGS
+Report any bugs to the Linux RDMA mailing list
+.B <linux-rdma@vger.kernel.org>
+where the development and maintenance is primarily done.
+You do not have to be subscribed to the list to send a message there.
+
+.SH AUTHOR
+Leon Romanovsky <leonro@mellanox.com>
diff --git a/man/man8/rtacct.8 b/man/man8/rtacct.8
index 7cf97aa..01321e6 100644
--- a/man/man8/rtacct.8
+++ b/man/man8/rtacct.8
@@ -35,6 +35,7 @@
.TP
.B \-s, \-\-noupdate
Do not update history, so that the next time you will see counters including values accumulated to the moment of this measurement too.
+.TP
.B \-j, \-\-json
Display results in JSON format.
.TP
diff --git a/man/man8/rtpr.8 b/man/man8/rtpr.8
index 5e32b2e..1b04a82 100644
--- a/man/man8/rtpr.8
+++ b/man/man8/rtpr.8
@@ -13,7 +13,7 @@
.SH EXAMPLES
.TP
-ip --onenline address show | rtpr
+ip --oneline address show | rtpr
Undo oneline converted
.B ip-address
output.
diff --git a/man/man8/ss.8 b/man/man8/ss.8
index 758460c..8565ccb 100644
--- a/man/man8/ss.8
+++ b/man/man8/ss.8
@@ -21,6 +21,9 @@
.B \-V, \-\-version
Output version information.
.TP
+.B \-H, \-\-no-header
+Suppress header line.
+.TP
.B \-n, \-\-numeric
Do not try to resolve service names.
.TP
@@ -34,19 +37,196 @@
Display only listening sockets (these are omitted by default).
.TP
.B \-o, \-\-options
-Show timer information.
+Show timer information. For tcp protocol, the output format is:
+.RS
+.P
+timer:(<timer_name>,<expire_time>,<retrans>)
+.P
+.TP
+.B <timer_name>
+the name of the timer, there are five kind of timer names:
+.RS
+.P
+.BR on ": means one of these timers: tcp retrans timer, tcp early retrans timer and tail loss probe timer"
+.P
+.BR keepalive ": tcp keep alive timer"
+.P
+.BR timewait ": timewait stage timer"
+.P
+.BR persist ": zero window probe timer"
+.P
+.BR unknown ": none of the above timers"
+.RE
+.TP
+.B <expire_time>
+how long time the timer will expire
+.P
+.TP
+.B <retrans>
+how many times the retran occurs
+.RE
.TP
.B \-e, \-\-extended
-Show detailed socket information
+Show detailed socket information. The output format is:
+.RS
+.P
+uid:<uid_number> ino:<inode_number> sk:<cookie>
+.P
+.TP
+.B <uid_number>
+the user id the socket belongs to
+.P
+.TP
+.B <inode_number>
+the socket's inode number in VFS
+.P
+.TP
+.B <cookie>
+an uuid of the socket
+.RE
.TP
.B \-m, \-\-memory
-Show socket memory usage.
+Show socket memory usage. The output format is:
+.RS
+.P
+skmem:(r<rmem_alloc>,rb<rcv_buf>,t<wmem_alloc>,tb<snd_buf>,f<fwd_alloc>,w<wmem_queued>,o<opt_mem>,bl<back_log>)
+.P
+.TP
+.B <rmem_alloc>
+the memory allocated for receiving packet
+.P
+.TP
+.B <rcv_buf>
+the total memory can be allocated for receiving packet
+.P
+.TP
+.B <wmem_alloc>
+the memory used for sending packet (which has been sent to layer 3)
+.P
+.TP
+.B <snd_buf>
+the total memory can be allocated for sending packet
+.P
+.TP
+.B <fwd_alloc>
+the memory allocated by the socket as cache, but not used for receiving/sending packet yet. If need memory to send/receive packet, the memory in this cache will be used before allocate additional memory.
+.P
+.TP
+.B <wmem_queued>
+The memory allocated for sending packet (which has not been sent to layer 3)
+.P
+.TP
+.B <opt_mem>
+The memory used for storing socket option, e.g., the key for TCP MD5 signature
+.P
+.TP
+.B <back_log>
+The memory used for the sk backlog queue. On a process context, if the process is receiving packet, and a new packet is received, it will be put into the sk backlog queue, so it can be received by the process immediately
+.RE
.TP
.B \-p, \-\-processes
Show process using socket.
.TP
.B \-i, \-\-info
-Show internal TCP information.
+Show internal TCP information. Below fields may appear:
+.RS
+.P
+.TP
+.B ts
+show string "ts" if the timestamp option is set
+.P
+.TP
+.B sack
+show string "sack" if the sack option is set
+.P
+.TP
+.B ecn
+show string "ecn" if the explicit congestion notification option is set
+.P
+.TP
+.B ecnseen
+show string "ecnseen" if the saw ecn flag is found in received packets
+.P
+.TP
+.B fastopen
+show string "fastopen" if the fastopen option is set
+.P
+.TP
+.B cong_alg
+the congestion algorithm name, the default congestion algorithm is "cubic"
+.P
+.TP
+.B wscale:<snd_wscale>:<rcv_wscale>
+if window scale option is used, this field shows the send scale factory and receive scale factory
+.P
+.TP
+.B rto:<icsk_rto>
+tcp re-transmission timeout value, the unit is millisecond
+.P
+.TP
+.B backoff:<icsk_backoff>
+used for exponential backoff re-transmission, the actual re-transmission timeout value is icsk_rto << icsk_backoff
+.P
+.TP
+.B rtt:<rtt>/<rttvar>
+rtt is the average round trip time, rttvar is the mean deviation of rtt, their units are millisecond
+.P
+.TP
+.B ato:<ato>
+ack timeout, unit is millisecond, used for delay ack mode
+.P
+.TP
+.B mss:<mss>
+max segment size
+.P
+.TP
+.B cwnd:<cwnd>
+congestion window size
+.P
+.TP
+.B ssthresh:<ssthresh>
+tcp congestion window slow start threshold
+.P
+.TP
+.B bytes_acked:<bytes_acked>
+bytes acked
+.P
+.TP
+.B bytes_received:<bytes_received>
+bytes received
+.P
+.TP
+.B segs_out:<segs_out>
+segments sent out
+.P
+.TP
+.B segs_in:<segs_in>
+segments received
+.P
+.TP
+.B send <send_bps>bps
+egress bps
+.P
+.TP
+.B lastsnd:<lastsnd>
+how long time since the last packet sent, the unit is millisecond
+.P
+.TP
+.B lastrcv:<lastrcv>
+how long time since the last packet received, the unit is millisecond
+.P
+.TP
+.B lastack:<lastack>
+how long time since the last ack received, the unit is millisecond
+.P
+.TP
+.B pacing_rate <pacing_rate>bps/<max_pacing_rate>bps
+the pacing rate and max pacing rate
+.P
+.TP
+.B rcv_space:<rcv_space>
+a helper variable for TCP internal auto tuning socket receive buffer
+.RE
.TP
.B \-K, \-\-kill
Attempts to forcibly close sockets. This option displays sockets that are
@@ -119,6 +299,9 @@
.B \-x, \-\-unix
Display Unix domain sockets (alias for -f unix).
.TP
+.B \-S, \-\-sctp
+Display SCTP sockets.
+.TP
.B \-f FAMILY, \-\-family=FAMILY
Display sockets of type FAMILY.
Currently the following families are supported: unix, inet, inet6, link, netlink.
@@ -126,7 +309,7 @@
.B \-A QUERY, \-\-query=QUERY, \-\-socket=QUERY
List of socket tables to dump, separated by commas. The following identifiers
are understood: all, inet, tcp, udp, raw, unix, packet, netlink, unix_dgram,
-unix_stream, unix_seqpacket, packet_raw, packet_dgram.
+unix_stream, unix_seqpacket, packet_raw, packet_dgram, dccp, sctp.
.TP
.B \-D FILE, \-\-diag=FILE
Do not display anything, just dump raw information about TCP sockets to FILE after applying filters. If FILE is - stdout is used.
@@ -147,14 +330,14 @@
All standard TCP states:
.BR established ", " syn-sent ", " syn-recv ", " fin-wait-1 ", " fin-wait-2 ", " time-wait ", " closed ", " close-wait ", " last-ack ", "
-.BR listen " and " closing.
+.BR listening " and " closing.
.B all
- for all the states
.B connected
- all the states except for
-.BR listen " and " closed
+.BR listening " and " closed
.B synchronized
- all the
diff --git a/man/man8/tc-actions.8 b/man/man8/tc-actions.8
new file mode 100644
index 0000000..f46166e
--- /dev/null
+++ b/man/man8/tc-actions.8
@@ -0,0 +1,244 @@
+.TH "actions in tc" 8 "1 Aug 2017" "iproute2" "Linux"
+
+.SH NAME
+actions \- independently defined actions in tc
+.SH SYNOPSIS
+.B tc
+[
+.I TC_OPTIONS
+]
+.B actions
+.BR add " | " change " | " replace
+.I ACTSPEC
+
+.B tc
+[
+.I TC_OPTIONS
+]
+.B actions
+.BR get " | " delete
+.I ACTISPEC
+
+.B tc
+[
+.I TC_OPTIONS
+]
+.B actions flush
+.I ACTNAMESPEC
+
+.B tc
+[
+.I TC_OPTIONS
+]
+.B actions
+.BR ls " | " list
+.I ACTNAMESPEC
+[
+.I ACTFILTER
+]
+
+.in +8
+.I ACTSPEC
+:=
+.B action
+.I ACTDETAIL
+[
+.I INDEXSPEC
+] [
+.I COOKIESPEC
+] [
+.I CONTROL
+]
+
+.I ACTISPEC
+:=
+.I ACTNAMESPEC INDEXSPEC
+
+.I ACTNAMESPEC
+:=
+.B action
+ACTNAME
+
+.I INDEXSPEC
+:=
+.BI index " INDEX"
+
+.I ACTFILTER
+:=
+.BI since " MSTIME"
+
+.I COOKIESPEC
+:=
+.BI cookie " COOKIE"
+
+.I ACTDETAIL
+:=
+.I ACTNAME ACTPARAMS
+
+.I ACTNAME
+may be any valid action type: gact, mirred, bpf, connmark, csum, police, etc.
+
+.I MSTIME
+Time since last update.
+
+.I CONTROL
+:= {
+.IR reclassify " | " pipe " | " drop " | " continue " | " ok
+}
+
+.I TC_OPTIONS
+These are the options that are specific to
+.B tc
+and not only the options. Refer to
+.BR tc(8)
+for more information.
+.in
+
+.SH DESCRIPTION
+
+The
+.B actions
+object in
+.B tc
+allows a user to define actions independently of a classifier (filter). These
+actions can then be assigned to one or more filters, with any
+packets matching the classifier's criteria having that action performed
+on them.
+
+Each action type (mirred, police, etc.) will have its own table to store
+all created actions.
+
+.SH OPERATIONS
+.TP
+.B add
+Create a new action in that action's table.
+
+.TP
+.B change
+.TQ
+.B replace
+Make modifications to an existing action.
+.TP
+.B get
+Display the action with the specified index value. When combined with the
+.B -s
+option for
+.BR tc ","
+display the statistics for that action.
+.TP
+.B delete
+Delete the action with the specified index value. If the action is already
+associated with a classifier, it does not delete the classifier.
+.TP
+.B ls
+.TQ
+.B list
+List all the actions in the specified table. When combined with the
+.B -s
+option for
+.BR tc ","
+display the statistics for all actions in the specified table.
+When combined with the option
+.B since
+allows doing a millisecond time-filter since the last time an
+action was used in the datapath.
+.TP
+.B flush
+Delete all actions stored in the specified table.
+
+.SH ACTION OPTIONS
+Note that these options are available to all action types.
+.TP
+.BI index " INDEX"
+Specify the table index value of an action.
+.I INDEX
+is a 32-bit value that is unique to the specific type of action referenced.
+
+.RS
+For
+.BR add ", " change ", and"
+.B replace
+operations, the index is
+.BR optional.
+When adding a new action,
+specifying an index value will assign the action to that index unless that
+index value has already been assigned. Omitting the index value for an add
+operation will cause the kernel to assign a value to the new action.
+.RE
+
+.RS
+For
+.BR get " and " delete
+operations, the index is
+.B required
+to identify the specific action to be displayed or deleted.
+.RE
+
+.TP
+.BI cookie " COOKIE"
+In addition to the specific action, mark the matching packet with the value
+specified by
+.IR COOKIE "."
+The
+.I COOKIE
+is a 128-bit value that will not be interpreted by the kernel whatsoever.
+As such, it can be used as a correlating value for maintaining user state.
+The value to be stored is completely arbitrary and does not require a specific
+format. It is stored inside the action structure itself.
+
+.TP
+.BI since " MSTIME"
+When dumping large number of actions, a millisecond time-filter can be
+specified
+.IR MSTIME "."
+The
+.I MSTIME
+is a millisecond count since last time a packet hit the action.
+As an example specifying "since 20000" implies to dump all actions
+that have seen packets in the last 20 seconds. This option is useful
+when the kernel has a large number of actions and you are only interested
+in recently used actions.
+
+.TP
+.I CONTROL
+The
+.I CONTROL
+indicates how
+.B tc
+should proceed after executing the action. Any of the following are valid:
+.RS
+.TP
+.B reclassify
+Restart the classifiction by jumping back to the first filter attached to
+the action's parent.
+.TP
+.B pipe
+Continue with the next action. This is the default control.
+.TP
+.B drop
+Drop the packed without running any further actions.
+.TP
+.B continue
+Continue the classification with the next filter.
+.TP
+.B pass
+Return to the calling qdisc for packet processing, and end classification of
+this packet.
+.RE
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-bpf (8),
+.BR tc-connmark (8),
+.BR tc-csum (8),
+.BR tc-ife (8),
+.BR tc-mirred (8),
+.BR tc-nat (8),
+.BR tc-pedit (8),
+.BR tc-police (8),
+.BR tc-simple (8),
+.BR tc-skbedit (8),
+.BR tc-skbmod (8),
+.BR tc-tunnel_key (8),
+.BR tc-vlan (8),
+.BR tc-xt (8)
diff --git a/man/man8/tc-bpf.8 b/man/man8/tc-bpf.8
index c8d5c5f..2e9812e 100644
--- a/man/man8/tc-bpf.8
+++ b/man/man8/tc-bpf.8
@@ -14,6 +14,10 @@
UDS_FILE ] [
.B verbose
] [
+.B skip_hw
+|
+.B skip_sw
+] [
.B police
POLICE_SPEC ] [
.B action
@@ -71,9 +75,9 @@
The kernel internally transforms cBPF expressions into eBPF expressions and
executes the latter. Execution of them can be performed in an interpreter
or at setup time, they can be just-in-time compiled (JIT'ed) to run as
-native machine code. Currently, x86_64, ARM64 and s390 architectures have
-eBPF JIT support, whereas PPC, SPARC, ARM and MIPS have cBPF, but did not
-(yet) switch to eBPF JIT support.
+native machine code. Currently, x86_64, ARM64, s390, ppc64 and sparc64
+architectures have eBPF JIT support, whereas PPC, SPARC, ARM and MIPS have
+cBPF, but did not (yet) switch to eBPF JIT support.
eBPF's instruction set has similar underlying principles as the cBPF
instruction set, it however is modelled closer to the underlying
@@ -137,6 +141,16 @@
program was successful. By default, only on error, the verifier log is
being emitted to the user.
+.SS skip_hw | skip_sw
+hardware offload control flags. By default TC will try to offload
+filters to hardware if possible.
+.B skip_hw
+explicitly disables the attempt to offload.
+.B skip_sw
+forces the offload and disables running the eBPF program in the kernel.
+If hardware offload is not possible and this flag was set kernel will
+report an error and filter will not be installed at all.
+
.SS police
is an optional parameter for an eBPF/cBPF classifier that specifies a
police in
diff --git a/man/man8/tc-connmark.8 b/man/man8/tc-connmark.8
new file mode 100644
index 0000000..44f29f5
--- /dev/null
+++ b/man/man8/tc-connmark.8
@@ -0,0 +1,55 @@
+.TH "Connmark retriever action in tc" 8 "11 Jan 2016" "iproute2" "Linux"
+
+.SH NAME
+connmark - netfilter connmark retriever action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action connmark " [ " zone"
+.IR u16_zone_index " ] [ " CONTROL " ] ["
+.BI index " u32_index "
+]
+
+.ti -8
+.IR CONTROL " := { " reclassify " | " pipe " | " drop " | " continue " | " ok " }"
+.SH DESCRIPTION
+The connmark action is used to restore the connection's mark value into the
+packet's fwmark.
+.SH OPTIONS
+.TP
+.BI zone " u16_zone_index"
+Specify the conntrack zone when doing conntrack lookups for packets.
+.I u16_zone_index
+is a 16bit unsigned decimal value.
+.TP
+.I CONTROL
+How to continue after executing this action.
+.RS
+.TP
+.B reclassify
+Restarts classification by jumping back to the first filter attached to this
+action's parent.
+.TP
+.B pipe
+Continue with the next action, this is the default.
+.TP
+.B drop
+.TQ
+.B shot
+Packet will be dropped without running further actions.
+.TP
+.B continue
+Continue classification with next filter in line.
+.TP
+.B pass
+Return to calling qdisc for packet processing. This ends the classification
+process.
+.RE
+.TP
+.BI index " u32_index "
+Specify an index for this action in order to being able to identify it in later
+commands.
+.I u32_index
+is a 32bit unsigned decimal value.
+.SH SEE ALSO
+.BR tc (8)
diff --git a/man/man8/tc-csum.8 b/man/man8/tc-csum.8
new file mode 100644
index 0000000..409ab71
--- /dev/null
+++ b/man/man8/tc-csum.8
@@ -0,0 +1,72 @@
+.TH "Checksum action in tc" 8 "11 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+csum - checksum update action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action csum"
+.I UPDATE
+
+.ti -8
+.IR UPDATE " := " TARGET " [ " UPDATE " ]"
+
+.ti -8
+.IR TARGET " := { "
+.BR ip4h " |"
+.BR icmp " |"
+.BR igmp " |"
+.BR tcp " |"
+.BR udp " |"
+.BR udplite " |"
+.BR sctp " |"
+.IR SWEETS " }"
+
+.ti -8
+.IR SWEETS " := { "
+.BR and " | " or " | " + " }"
+.SH DESCRIPTION
+The
+.B csum
+action triggers checksum recalculation of specified packet headers. It is
+commonly used to fix incorrect checksums after the
+.B pedit
+action has modified the packet content.
+.SH OPTIONS
+.TP
+.I TARGET
+Specify which headers to update: IPv4 header
+.RB ( ip4h ),
+ICMP header
+.RB ( icmp ),
+IGMP header
+.RB ( igmp ),
+TCP header
+.RB ( tcp ),
+UDP header
+.RB ( udp ),
+UDPLite header
+.RB ( udplite ") or"
+SCTP header
+.RB ( sctp ).
+.TP
+.B SWEETS
+These are merely syntactic sugar and ignored internally.
+.SH EXAMPLES
+The following performs stateless NAT for incoming packets from 192.168.1.100 to
+new destination 18.52.86.120 (0x12345678 in hex). Assuming these are UDP
+packets, both IP and UDP checksums have to be recalculated:
+
+.RS
+.EX
+# tc qdisc add dev eth0 ingress handle ffff:
+# tc filter add dev eth0 prio 1 protocol ip parent ffff: \\
+ u32 match ip src 192.0.2.100/32 flowid :1 \\
+ action pedit munge ip dst set 198.51.100.1 pipe \\
+ csum ip and udp
+.EE
+.RE
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-pedit (8)
diff --git a/man/man8/tc-flow.8 b/man/man8/tc-flow.8
index f1b7e2a..54f6bf7 100644
--- a/man/man8/tc-flow.8
+++ b/man/man8/tc-flow.8
@@ -73,8 +73,10 @@
.I ID
may be
.BR root ", " none
-or a hexadecimal class ID in the form [\fIX\fB:\fR]\fIY\fR. If \fIX\fR is
-omitted, it is assumed to be zero.
+or a hexadecimal class ID in the form [\fIX\fB:\fR]\fIY\fR. \fIX\fR must
+match qdisc's/class's major handle (if omitted, the correct value is chosen
+automatically). If the whole \fBbaseclass\fR is omitted, \fIY\fR defaults
+to 1.
.TP
.BI divisor " NUM"
Number of buckets to use for sorting into. Keys are calculated modulo
@@ -239,7 +241,7 @@
divisor 1024
.EE
.TP
-Map destination IPs of 192.168.0.0/24 to classids 1-257:
+Map destination IPs of 192.168.0.0/24 to classids 1-256:
.EX
tc filter add ... flow map \\
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
index df4d8e1..be46f02 100644
--- a/man/man8/tc-flower.8
+++ b/man/man8/tc-flower.8
@@ -18,17 +18,47 @@
.ti -8
.IR MATCH " := { "
.B indev
-.IR ifname " | { "
+.IR ifname " | "
+.BR skip_sw " | " skip_hw
+.RI " | { "
.BR dst_mac " | " src_mac " } "
-.IR mac_address " | "
-.BR eth_type " { " ipv4 " | " ipv6 " | "
+.IR MASKED_LLADDR " | "
+.B vlan_id
+.IR VID " | "
+.B vlan_prio
+.IR PRIORITY " | "
+.BR vlan_ethtype " { " ipv4 " | " ipv6 " | "
.IR ETH_TYPE " } | "
-.BR ip_proto " { " tcp " | " udp " | "
-.IR IP_PROTO " } | { "
-.BR dst_ip " | " src_ip " } { "
-.IR ipv4_address " | " ipv6_address " } | { "
+.BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | "
+.IR IP_PROTO " } | "
+.B ip_tos
+.IR MASKED_IP_TOS " | "
+.B ip_ttl
+.IR MASKED_IP_TTL " | { "
+.BR dst_ip " | " src_ip " } "
+.IR PREFIX " | { "
.BR dst_port " | " src_port " } "
-.IR port_number " }"
+.IR port_number " } | "
+.B tcp_flags
+.IR MASKED_TCP_FLAGS " | "
+.B type
+.IR MASKED_TYPE " | "
+.B code
+.IR MASKED_CODE " | { "
+.BR arp_tip " | " arp_sip " } "
+.IR IPV4_PREFIX " | "
+.BR arp_op " { " request " | " reply " | "
+.IR OP " } | { "
+.BR arp_tha " | " arp_sha " } "
+.IR MASKED_LLADDR " | "
+.B enc_key_id
+.IR KEY-ID " | {"
+.BR enc_dst_ip " | " enc_src_ip " } { "
+.IR ipv4_address " | " ipv6_address " } | "
+.B enc_dst_port
+.IR port_number " | "
+.BR ip_flags
+.IR IP_FLAGS
.SH DESCRIPTION
The
.B flower
@@ -55,56 +85,162 @@
.B tc
invocation.
.TP
-.BI dst_mac " mac_address"
-.TQ
-.BI src_mac " mac_address"
-Match on source or destination MAC address.
+.BI skip_sw
+Do not process filter by software. If hardware has no offload support for this
+filter, or TC offload is not enabled for the interface, operation will fail.
.TP
-.BI eth_type " ETH_TYPE"
+.BI skip_hw
+Do not process filter by hardware.
+.TP
+.BI dst_mac " MASKED_LLADDR"
+.TQ
+.BI src_mac " MASKED_LLADDR"
+Match on source or destination MAC address. A mask may be optionally
+provided to limit the bits of the address which are matched. A mask is
+provided by following the address with a slash and then the mask. It may be
+provided in LLADDR format, in which case it is a bitwise mask, or as a
+number of high bits to match. If the mask is missing then a match on all
+bits is assumed.
+.TP
+.BI vlan_id " VID"
+Match on vlan tag id.
+.I VID
+is an unsigned 12bit value in decimal format.
+.TP
+.BI vlan_prio " PRIORITY"
+Match on vlan tag priority.
+.I PRIORITY
+is an unsigned 3bit value in decimal format.
+.TP
+.BI vlan_ethtype " VLAN_ETH_TYPE"
Match on layer three protocol.
-.I ETH_TYPE
+.I VLAN_ETH_TYPE
may be either
-.BR ipv4 , ipv6
+.BR ipv4 ", " ipv6
or an unsigned 16bit value in hexadecimal format.
.TP
.BI ip_proto " IP_PROTO"
Match on layer four protocol.
.I IP_PROTO
-may be either
-.BR tcp , udp
+may be
+.BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6
or an unsigned 8bit value in hexadecimal format.
.TP
-.BI dst_ip " ADDRESS"
+.BI ip_tos " MASKED_IP_TOS"
+Match on ipv4 TOS or ipv6 traffic-class - eight bits in hexadecimal format.
+A mask may be optionally provided to limit the bits which are matched. A mask
+is provided by following the value with a slash and then the mask. If the mask
+is missing then a match on all bits is assumed.
+.TP
+.BI ip_ttl " MASKED_IP_TTL"
+Match on ipv4 TTL or ipv6 hop-limit - eight bits value in decimal or hexadecimal format.
+A mask may be optionally provided to limit the bits which are matched. Same
+logic is used for the mask as with matching on ip_tos.
+.TP
+.BI dst_ip " PREFIX"
.TQ
-.BI src_ip " ADDRESS"
+.BI src_ip " PREFIX"
Match on source or destination IP address.
-.I ADDRESS
-must be a valid IPv4 or IPv6 address, depending on
-.BR ether_type ,
-which has to be specified in beforehand.
+.I PREFIX
+must be a valid IPv4 or IPv6 address, depending on the \fBprotocol\fR
+option to tc filter, optionally followed by a slash and the prefix length.
+If the prefix is missing, \fBtc\fR assumes a full-length host match.
.TP
.BI dst_port " NUMBER"
.TQ
.BI src_port " NUMBER"
Match on layer 4 protocol source or destination port number. Only available for
-.BR ip_proto " values " udp " and " tcp ,
-which has to be specified in beforehand.
+.BR ip_proto " values " udp ", " tcp " and " sctp
+which have to be specified in beforehand.
+.TP
+.BI tcp_flags " MASKED_TCP_FLAGS"
+Match on TCP flags represented as 12bit bitfield in in hexadecimal format.
+A mask may be optionally provided to limit the bits which are matched. A mask
+is provided by following the value with a slash and then the mask. If the mask
+is missing then a match on all bits is assumed.
+.TP
+.BI type " MASKED_TYPE"
+.TQ
+.BI code " MASKED_CODE"
+Match on ICMP type or code. A mask may be optionally provided to limit the
+bits of the address which are matched. A mask is provided by following the
+address with a slash and then the mask. The mask must be as a number which
+represents a bitwise mask If the mask is missing then a match on all bits
+is assumed. Only available for
+.BR ip_proto " values " icmp " and " icmpv6
+which have to be specified in beforehand.
+.TP
+.BI arp_tip " IPV4_PREFIX"
+.TQ
+.BI arp_sip " IPV4_PREFIX"
+Match on ARP or RARP sender or target IP address.
+.I IPV4_PREFIX
+must be a valid IPv4 address optionally followed by a slash and the prefix
+length. If the prefix is missing, \fBtc\fR assumes a full-length host
+match.
+.TP
+.BI arp_op " ARP_OP"
+Match on ARP or RARP operation.
+.I ARP_OP
+may be
+.BR request ", " reply
+or an integer value 0, 1 or 2. A mask may be optionally provided to limit
+the bits of the operation which are matched. A mask is provided by
+following the address with a slash and then the mask. It may be provided as
+an unsigned 8 bit value representing a bitwise mask. If the mask is missing
+then a match on all bits is assumed.
+.TP
+.BI arp_sha " MASKED_LLADDR"
+.TQ
+.BI arp_tha " MASKED_LLADDR"
+Match on ARP or RARP sender or target MAC address. A mask may be optionally
+provided to limit the bits of the address which are matched. A mask is
+provided by following the address with a slash and then the mask. It may be
+provided in LLADDR format, in which case it is a bitwise mask, or as a
+number of high bits to match. If the mask is missing then a match on all
+bits is assumed.
+.TP
+.BI enc_key_id " NUMBER"
+.TQ
+.BI enc_dst_ip " PREFIX"
+.TQ
+.BI enc_src_ip " PREFIX"
+.TQ
+.BI enc_dst_port " NUMBER"
+Match on IP tunnel metadata. Key id
+.I NUMBER
+is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
+.I PREFIX
+must be a valid IPv4 or IPv6 address optionally followed by a slash and the
+prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
+host match. Dst port
+.I NUMBER
+is a 16 bit UDP dst port.
+.TP
+.BI ip_flags " IP_FLAGS"
+.I IP_FLAGS
+may be either
+.BR frag " or " nofrag
+to match on fragmented packets or not respectively.
.SH NOTES
As stated above where applicable, matches of a certain layer implicitly depend
-on the matches of the next lower layer. Precisely, layer one and two matches (
-.BR indev , dst_mac , src_mac " and " eth_type )
-have no dependency, layer three matches (
-.BR ip_proto , dst_ip " and " src_ip )
-require
-.B eth_type
-being set to either
-.BR ipv4 " or " ipv6 ,
-and finally layer four matches (
-.BR dst_port " and " src_port )
+on the matches of the next lower layer. Precisely, layer one and two matches
+(\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR)
+have no dependency, layer three matches
+(\fBip_proto\fR, \fBdst_ip\fR, \fBsrc_ip\fR, \fBarp_tip\fR, \fBarp_sip\fR,
+\fBarp_op\fR, \fBarp_tha\fR, \fBarp_sha\fR and \fBip_flags\fR)
+depend on the
+.B protocol
+option of tc filter, layer four port matches
+(\fBdst_port\fR and \fBsrc_port\fR)
depend on
.B ip_proto
-being set to either
-.BR tcp " or " udp .
+being set to
+.BR tcp ", " udp " or " sctp,
+and finally ICMP matches (\fBcode\fR and \fBtype\fR) depend on
+.B ip_proto
+being set to
+.BR icmp " or " icmpv6.
.P
There can be only used one mask per one prio. If user needs to specify different
mask, he has to use different prio.
diff --git a/man/man8/tc-hfsc.8 b/man/man8/tc-hfsc.8
index 5444118..fd0df8f 100644
--- a/man/man8/tc-hfsc.8
+++ b/man/man8/tc-hfsc.8
@@ -54,8 +54,8 @@
.
\fBtc\fR(8), \fBtc\-hfsc\fR(7), \fBtc\-stab\fR(8)
-Please direct bugreports and patches to: <net...@vger.kernel.org>
+Please direct bugreports and patches to: <netdev@vger.kernel.org>
.
.SH "AUTHOR"
.
-Manpage created by Michal Soltys (sol...@ziu.info)
+Manpage created by Michal Soltys (soltys@ziu.info)
diff --git a/man/man8/tc-ife.8 b/man/man8/tc-ife.8
new file mode 100644
index 0000000..fd2df6c
--- /dev/null
+++ b/man/man8/tc-ife.8
@@ -0,0 +1,143 @@
+.TH "IFE action in tc" 8 "22 Apr 2016" "iproute2" "Linux"
+
+.SH NAME
+IFE - encapsulate/decapsulate metadata
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " " action ife"
+.IR DIRECTION " [ " ACTION " ] "
+.RB "[ " dst
+.IR DMAC " ] "
+.RB "[ " src
+.IR SMAC " ] "
+.RB "[ " type
+.IR TYPE " ] "
+.RI "[ "
+.IR CONTROL " ] "
+.RB "[ " index
+.IR INDEX " ] "
+
+.ti -8
+.IR DIRECTION " := { "
+.BR decode " | " encode " }"
+
+.ti -8
+.IR ACTION " := { "
+.BI allow " ATTR"
+.RB "| " use
+.IR "ATTR value" " }"
+
+.ti -8
+.IR ATTR " := { "
+.BR mark " | " prio " | " tcindex " }"
+
+.ti -8
+.IR CONTROL " := { "
+.BR reclassify " | " use " | " pipe " | " drop " | " continue " | " ok " | " goto " " chain " " CHAIN_INDEX " }"
+.SH DESCRIPTION
+The
+.B ife
+action allows for a sending side to encapsulate arbitrary metadata, which is
+then decapsulated by the receiving end. The sender runs in encoding mode and
+the receiver in decode mode. Both sender and receiver must specify the same
+ethertype. In the future, a registered ethertype may be available as a default.
+.SH OPTIONS
+.TP
+.B decode
+For the receiving side; decode the metadata if the packet matches.
+.TP
+.B encode
+For the sending side. Encode the specified metadata if the packet matches.
+.TP
+.B allow
+Encode direction only. Allows encoding specified metadata.
+.TP
+.B use
+Encode direction only. Enforce static encoding of specified metadata.
+.TP
+.BR mark " [ "
+.IR u32_value " ]"
+The value to set for the skb mark. The u32 value is required only when
+.BR use " is specified. If
+.BR mark " value is zero, it will not be encoded, instead
+"overlimits" statistics increment and
+.BR CONTROL " action is taken.
+.TP
+.BR prio " [ "
+.IR u32_value " ]"
+The value to set for priority in the skb structure. The u32 value is required
+only when
+.BR use " is specified."
+.TP
+.BR tcindex " ["
+.IR u16_value " ]"
+Value to set for the traffic control index in the skb structure. The u16 value
+is required only when
+.BR use " is specified."
+.TP
+.BI dmac " DMAC"
+.TQ
+.BI smac " SMAC"
+Optional six byte destination or source MAC address to encode.
+.TP
+.BI type " TYPE"
+Optional 16-bit ethertype to encode. If not specified value of 0xED3E will be used.
+.TP
+.BI CONTROL
+Action to take following an encode/decode.
+.TP
+.BI index " INDEX"
+Assign a unique ID to this action instead of letting the kernel choose one
+automatically.
+.I INDEX
+is a 32bit unsigned integer greater than zero.
+.SH EXAMPLES
+
+On the receiving side, match packets with ethertype 0xdead and restart
+classification so that it will match ICMP on the next rule, at prio 3:
+.RS
+.EX
+# tc qdisc add dev eth0 handle ffff: ingress
+# tc filter add dev eth0 parent ffff: prio 2 protocol 0xdead \\
+ u32 match u32 0 0 flowid 1:1 \\
+ action ife decode reclassify
+# tc filter add dev eth0 parent ffff: prio 3 protocol ip \\
+ u32 match ip protocol 0xff flowid 1:1 \\
+ action continue
+.EE
+.RE
+
+Match with skb mark of 17:
+
+.RS
+.EX
+# tc filter add dev eth0 parent ffff: prio 4 protocol ip \\
+ handle 0x11 fw flowid 1:1 \\
+ action ok
+.EE
+.RE
+
+Configure the sending side to encode for the filters above. Use a destination
+IP address of 192.168.122.237/24, then tag with skb mark of decimal 17. Encode
+the packaet with ethertype 0xdead, add skb->mark to whitelist of metadatum to
+send, and rewrite the destination MAC address to 02:15:15:15:15:15.
+
+.RS
+.EX
+# tc qdisc add dev eth0 root handle 1: prio
+# tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \\
+ match ip dst 192.168.122.237/24 \\
+ match ip protocol 1 0xff \\
+ flowid 1:2 \\
+ action skbedit mark 17 \\
+ action ife encode \\
+ type 0xDEAD \\
+ allow mark \\
+ dst 02:15:15:15:15:15
+.EE
+.RE
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-u32 (8)
diff --git a/man/man8/tc-matchall.8 b/man/man8/tc-matchall.8
new file mode 100644
index 0000000..e3cddb1
--- /dev/null
+++ b/man/man8/tc-matchall.8
@@ -0,0 +1,87 @@
+.TH "Match-all classifier in tc" 8 "21 Oct 2015" "iproute2" "Linux"
+
+.SH NAME
+matchall \- traffic control filter that matches every packet
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " " filter " ... " matchall " [ "
+.BR skip_sw " | " skip_hw
+.RI " ] [ "
+.B action
+.IR ACTION_SPEC " ] [ "
+.B classid
+.IR CLASSID " ]"
+.SH DESCRIPTION
+The
+.B matchall
+filter allows to classify every packet that flows on the port and run a
+action on it.
+.SH OPTIONS
+.TP
+.BI action " ACTION_SPEC"
+Apply an action from the generic actions framework on matching packets.
+.TP
+.BI classid " CLASSID"
+Push matching packets into the class identified by
+.IR CLASSID .
+.TP
+.BI skip_sw
+Do not process filter by software. If hardware has no offload support for this
+filter, or TC offload is not enabled for the interface, operation will fail.
+.TP
+.BI skip_hw
+Do not process filter by hardware.
+.SH EXAMPLES
+To create ingress mirroring from port eth1 to port eth2:
+.RS
+.EX
+
+tc qdisc add dev eth1 handle ffff: ingress
+tc filter add dev eth1 parent ffff: \\
+ matchall skip_sw \\
+ action mirred egress mirror \\
+ dev eth2
+.EE
+.RE
+
+The first command creats an ingress qdisc with handle
+.BR ffff:
+on device
+.BR eth1
+where the second command attaches a matchall filters on it that mirrors the
+packets to device eth2.
+
+To create egress mirroring from port eth1 to port eth2:
+.RS
+.EX
+
+tc qdisc add dev eth1 handle 1: root prio
+tc filter add dev eth1 parent 1: \\
+ matchall skip_sw \\
+ action mirred egress mirror \\
+ dev eth2
+.EE
+.RE
+
+The first command creats an egress qdisc with handle
+.BR 1:
+that replaces the root qdisc on device
+.BR eth1
+where the second command attaches a matchall filters on it that mirrors the
+packets to device eth2.
+
+To sample one of every 100 packets flowing into interface eth0 to psample group
+12:
+.RS
+.EX
+
+tc qdisc add dev eth0 handle ffff: ingress
+tc filter add dev eth0 parent ffff: matchall \\
+ action sample rate 100 group 12
+.EE
+.RE
+
+.EE
+.SH SEE ALSO
+.BR tc (8),
diff --git a/man/man8/tc-mirred.8 b/man/man8/tc-mirred.8
new file mode 100644
index 0000000..38833b4
--- /dev/null
+++ b/man/man8/tc-mirred.8
@@ -0,0 +1,99 @@
+.TH "Mirror/redirect action in tc" 8 "11 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+mirred - mirror/redirect action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action mirred"
+.I DIRECTION ACTION
+.RB "[ " index
+.IR INDEX " ] "
+.BI dev " DEVICENAME"
+
+.ti -8
+.IR DIRECTION " := { "
+.BR ingress " | " egress " }"
+
+.ti -8
+.IR ACTION " := { "
+.BR mirror " | " redirect " }"
+.SH DESCRIPTION
+The
+.B mirred
+action allows packet mirroring (copying) or redirecting (stealing) the packet it
+receives. Mirroring is what is sometimes referred to as Switch Port Analyzer
+(SPAN) and is commonly used to analyze and/or debug flows.
+.SH OPTIONS
+.TP
+.B ingress
+.TQ
+.B egress
+Specify the direction in which the packet shall appear on the destination
+interface.
+.TP
+.B mirror
+.TQ
+.B redirect
+Define whether the packet should be copied
+.RB ( mirror )
+or moved
+.RB ( redirect )
+to the destination interface.
+.TP
+.BI index " INDEX"
+Assign a unique ID to this action instead of letting the kernel choose one
+automatically.
+.I INDEX
+is a 32bit unsigned integer greater than zero.
+.TP
+.BI dev " DEVICENAME"
+Specify the network interface to redirect or mirror to.
+.SH EXAMPLES
+Limit ingress bandwidth on eth0 to 1mbit/s, redirect exceeding traffic to lo for
+debugging purposes:
+
+.RS
+.EX
+# tc qdisc add dev eth0 handle ffff: ingress
+# tc filter add dev eth0 parent ffff: u32 \\
+ match u32 0 0 \\
+ action police rate 1mbit burst 100k conform-exceed pipe \\
+ action mirred egress redirect dev lo
+.EE
+.RE
+
+Mirror all incoming ICMP packets on eth0 to a dummy interface for examination
+with e.g. tcpdump:
+
+.RS
+.EX
+# ip link add dummy0 type dummy
+# ip link set dummy0 up
+# tc qdisc add dev eth0 handle ffff: ingress
+# tc filter add dev eth0 parent ffff: protocol ip \\
+ u32 match ip protocol 1 0xff \\
+ action mirred egress mirror dev dummy0
+.EE
+.RE
+
+Using an
+.B ifb
+interface, it is possible to send ingress traffic through an instance of
+.BR sfq :
+
+.RS
+.EX
+# modprobe ifb
+# ip link set ifb0 up
+# tc qdisc add dev ifb0 root sfq
+# tc qdisc add dev eth0 handle ffff: ingress
+# tc filter add dev eth0 parent ffff: u32 \\
+ match u32 0 0 \\
+ action mirred egress redirect dev ifb0
+.EE
+.RE
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-u32 (8)
diff --git a/man/man8/tc-nat.8 b/man/man8/tc-nat.8
new file mode 100644
index 0000000..fdcc052
--- /dev/null
+++ b/man/man8/tc-nat.8
@@ -0,0 +1,78 @@
+.TH "NAT action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+nat - stateless native address translation action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action nat"
+.I DIRECTION OLD NEW
+
+.ti -8
+.IR DIRECTION " := { "
+.BR ingress " | " egress " }"
+
+.ti -8
+.IR OLD " := " IPV4_ADDR_SPEC
+
+.ti -8
+.IR NEW " := " IPV4_ADDR_SPEC
+
+.ti -8
+.IR IPV4_ADDR_SPEC " := { "
+.BR default " | " any " | " all " | "
+\fIin_addr\fR[\fB/\fR{\fIprefix\fR|\fInetmask\fR}]
+.SH DESCRIPTION
+The
+.B nat
+action allows to perform NAT without the overhead of conntrack, which is
+desirable if the number of flows or addresses to perform NAT on is large. This
+action is best used in combination with the
+.B u32
+filter to allow for efficient lookups of a large number of stateless NAT rules
+in constant time.
+.SH OPTIONS
+.TP
+.B ingress
+Translate destination addresses, i.e. perform DNAT.
+.TP
+.B egress
+Translate source addresses, i.e. perform SNAT.
+.TP
+.I OLD
+Specifies addresses which should be translated.
+.TP
+.I NEW
+Specifies addresses which
+.I OLD
+should be translated into.
+.SH NOTES
+The accepted address format in
+.IR OLD " and " NEW
+is quite flexible. It may either consist of one of the keywords
+.BR default ", " any " or " all ,
+representing the all-zero IP address or a combination of IP address and netmask
+or prefix length separated by a slash
+.RB ( / )
+sign. In any case, the mask (or prefix length) value of
+.I OLD
+is used for
+.I NEW
+as well so that a one-to-one mapping of addresses is assured.
+
+Address translation is done using a combination of binary operations. First, the
+original (source or destination) address is matched against the value of
+.IR OLD .
+If the original address fits, the new address is created by taking the leading
+bits from
+.I NEW
+(defined by the netmask of
+.IR OLD )
+and taking the remaining bits from the original address.
+
+There is rudimental support for upper layer protocols, namely TCP, UDP and ICMP.
+While for the first two only checksum recalculation is performed, the action
+also takes care of embedded IP headers in ICMP packets by translating the
+respective address therein, too.
+.SH SEE ALSO
+.BR tc (8)
diff --git a/man/man8/tc-pedit.8 b/man/man8/tc-pedit.8
new file mode 100644
index 0000000..bbd725c
--- /dev/null
+++ b/man/man8/tc-pedit.8
@@ -0,0 +1,373 @@
+.TH "Generic packet editor action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+pedit - generic packet editor action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action pedit [ex] munge " {
+.IR RAW_OP " | " LAYERED_OP " | " EXTENDED_LAYERED_OP " } [ " CONTROL " ]"
+
+.ti -8
+.IR RAW_OP " := "
+.BI offset " OFFSET"
+.RB "{ " u8 " | " u16 " | " u32 " } ["
+.IR AT_SPEC " ] " CMD_SPEC
+
+.ti -8
+.IR AT_SPEC " := "
+.BI at " AT " offmask " MASK " shift " SHIFT"
+
+.ti -8
+.IR LAYERED_OP " := { "
+.BI ip " IPHDR_FIELD"
+|
+.BI ip " BEYOND_IPHDR_FIELD"
+.RI } " CMD_SPEC"
+
+.ti -8
+.IR EXTENDED_LAYERED_OP " := { "
+.BI eth " ETHHDR_FIELD"
+|
+.BI ip " IPHDR_FIELD"
+|
+.BI ip " EX_IPHDR_FIELD"
+|
+.BI ip6 " IP6HDR_FIELD"
+|
+.BI tcp " TCPHDR_FIELD"
+|
+.BI udp " UDPHDR_FIELD"
+.RI } " CMD_SPEC"
+
+.ti -8
+.IR ETHHDR_FIELD " := { "
+.BR src " | " dst " | " type " }"
+
+.ti -8
+.IR IPHDR_FIELD " := { "
+.BR src " | " dst " | " tos " | " dsfield " | " ihl " | " protocol " |"
+.BR precedence " | " nofrag " | " firstfrag " | " ce " | " df " }"
+
+.ti -8
+.IR BEYOND_IPHDR_FIELD " := { "
+.BR dport " | " sport " | " icmp_type " | " icmp_code " }"
+
+.ti -8
+.IR EX_IPHDR_FIELD " := { "
+.BR ttl " }"
+
+
+.ti -8
+.IR IP6HDR_FIELD " := { "
+.BR src " | " dst " | " flow_lbl " | " payload_len " | " nexthdr " |"
+.BR hoplimit " }"
+
+.ti -8
+.IR TCPHDR_FIELD " := { "
+.BR sport " | " dport " | " flags " }"
+
+.ti -8
+.IR UDPHDR_FIELD " := { "
+.BR sport " | " dport " }"
+
+.ti -8
+.IR CMD_SPEC " := {"
+.BR clear " | " invert " | " set
+.IR VAL " | "
+.BR add
+.IR VAL " | "
+.BR preserve " } [ " retain
+.IR RVAL " ]"
+
+.ti -8
+.IR CONTROL " := {"
+.BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " | " goto " " chain " " CHAIN_INDEX " }"
+.SH DESCRIPTION
+The
+.B pedit
+action can be used to change arbitrary packet data. The location of data to
+change can either be specified by giving an offset and size as in
+.IR RAW_OP ,
+or for header values by naming the header and field to edit the size is then
+chosen automatically based on the header field size. Currently this is supported
+only for IPv4 headers.
+.SH OPTIONS
+.TP
+.B ex
+Use extended pedit.
+.I EXTENDED_LAYERED_OP
+and the add
+.I CMD_SPEC
+are allowed only in this mode.
+.TP
+.BI offset " OFFSET " "\fR{ \fBu32 \fR| \fBu16 \fR| \fBu8 \fR}"
+Specify the offset at which to change data.
+.I OFFSET
+is a signed integer, it's base is automatically chosen (e.g. hex if prefixed by
+.B 0x
+or octal if prefixed by
+.BR 0 ).
+The second argument specifies the length of data to change, that is four bytes
+.RB ( u32 ),
+two bytes
+.RB ( u16 )
+or a single byte
+.RB ( u8 ).
+.TP
+.BI at " AT " offmask " MASK " shift " SHIFT"
+This is an optional part of
+.IR RAW_OP
+which allows to have a variable
+.I OFFSET
+depending on packet data at offset
+.IR AT ,
+which is binary ANDed with
+.I MASK
+and right-shifted by
+.I SHIFT
+before adding it to
+.IR OFFSET .
+.TP
+.BI eth " ETHHDR_FIELD"
+Change an ETH header field. The supported keywords for
+.I ETHHDR_FIELD
+are:
+.RS
+.TP
+.B src
+.TQ
+.B dst
+Source or destination MAC address in the standard format: XX:XX:XX:XX:XX:XX
+.TP
+.B type
+Ether-type in numeric value
+.RE
+.TP
+.BI ip " IPHDR_FIELD"
+Change an IPv4 header field. The supported keywords for
+.I IPHDR_FIELD
+are:
+.RS
+.TP
+.B src
+.TQ
+.B dst
+Source or destination IP address, a four-byte value.
+.TP
+.B tos
+.TQ
+.B dsfield
+.TQ
+.B precedence
+Type Of Service field, an eight-bit value.
+.TP
+.B ihl
+Change the IP Header Length field, a four-bit value.
+.TP
+.B protocol
+Next-layer Protocol field, an eight-bit value.
+.TP
+.B nofrag
+.TQ
+.B firstfrag
+.TQ
+.B ce
+.TQ
+.B df
+.TQ
+.B mf
+Change IP header flags. Note that the value to pass to the
+.B set
+command is not just a bit value, but the full byte including the flags field.
+Though only the relevant bits of that value are respected, the rest ignored.
+.RE
+.TP
+.BI ip " BEYOND_IPHDR_FIELD"
+Supported only for non-extended layered op. It is passed to the kernel as
+offsets relative to the beginning of the IP header and assumes the IP header is
+of minimum size (20 bytes). The supported keywords for
+.I BEYOND_IPHDR_FIELD
+are:
+.RS
+.TP
+.B dport
+.TQ
+.B sport
+Destination or source port numbers, a 16-bit value. Indeed, IPv4 headers don't
+contain this information. Instead, this will set an offset which suits at least
+TCP and UDP if the IP header is of minimum size (20 bytes). If not, this will do
+unexpected things.
+.TP
+.B icmp_type
+.TQ
+.B icmp_code
+Again, this allows to change data past the actual IP header itself. It assumes
+an ICMP header is present immediately following the (minimal sized) IP header.
+If it is not or the latter is bigger than the minimum of 20 bytes, this will do
+unexpected things. These fields are eight-bit values.
+.RE
+.TP
+.BI ip " EX_IPHDR_FIELD"
+Supported only when
+.I ex
+is used. The supported keywords for
+.I EX_IPHDR_FIELD
+are:
+.RS
+.TP
+.B ttl
+.RE
+.TP
+.BI ip6 " IP6HDR_FIELD"
+The supported keywords for
+.I IP6HDR_FIELD
+are:
+.RS
+.TP
+.B src
+.TQ
+.B dst
+.TQ
+.B flow_lbl
+.TQ
+.B payload_len
+.TQ
+.B nexthdr
+.TQ
+.B hoplimit
+.RE
+.TP
+.BI tcp " TCPHDR_FIELD"
+The supported keywords for
+.I TCPHDR_FIELD
+are:
+.RS
+.TP
+.B sport
+.TQ
+.B dport
+Source or destination TCP port number, a 16-bit value.
+.TP
+.B flags
+.RE
+.TP
+.BI udp " UDPHDR_FIELD"
+The supported keywords for
+.I UDPHDR_FIELD
+are:
+.RS
+.TP
+.B sport
+.TQ
+.B dport
+Source or destination TCP port number, a 16-bit value.
+.RE
+.TP
+.B clear
+Clear the addressed data (i.e., set it to zero).
+.TP
+.B invert
+Swap every bit in the addressed data.
+.TP
+.BI set " VAL"
+Set the addressed data to a specific value. The size of
+.I VAL
+is defined by either one of the
+.BR u32 ", " u16 " or " u8
+keywords in
+.IR RAW_OP ,
+or the size of the addressed header field in
+.IR LAYERED_OP .
+.TP
+.BI add " VAL"
+Add the addressed data by a specific value. The size of
+.I VAL
+is defined by the size of the addressed header field in
+.IR EXTENDED_LAYERED_OP .
+This operation is supported only for extended layered op.
+.TP
+.B preserve
+Keep the addressed data as is.
+.TP
+.BI retain " RVAL"
+This optional extra part of
+.I CMD_SPEC
+allows to exclude bits from being changed. Supported only for 32 bits fields
+or smaller.
+.TP
+.I CONTROL
+The following keywords allow to control how the tree of qdisc, classes,
+filters and actions is further traversed after this action.
+.RS
+.TP
+.B reclassify
+Restart with the first filter in the current list.
+.TP
+.B pipe
+Continue with the next action attached to the same filter.
+.TP
+.B drop
+.TQ
+.B shot
+Drop the packet.
+.TP
+.B continue
+Continue classification with the next filter in line.
+.TP
+.B pass
+Finish classification process and return to calling qdisc for further packet
+processing. This is the default.
+.RE
+.SH EXAMPLES
+Being able to edit packet data, one could do all kinds of things, such as e.g.
+implementing port redirection. Certainly not the most useful application, but
+as an example it should do:
+
+First, qdiscs need to be set up to attach filters to. For the receive path, a simple
+.B ingress
+qdisc will do, for transmit path a classful qdisc
+.RB ( HTB
+in this case) is necessary:
+
+.RS
+.EX
+tc qdisc replace dev eth0 root handle 1: htb
+tc qdisc add dev eth0 ingress handle ffff:
+.EE
+.RE
+
+Finally, a filter with
+.B pedit
+action can be added for each direction. In this case,
+.B u32
+is used matching on the port number to redirect from, while
+.B pedit
+then does the actual rewriting:
+
+.RS
+.EX
+tc filter add dev eth0 parent 1: u32 \\
+ match ip dport 23 0xffff \\
+ action pedit pedit munge ip dport set 22
+tc filter add dev eth0 parent ffff: u32 \\
+ match ip sport 22 0xffff \\
+ action pedit pedit munge ip sport set 23
+tc filter add dev eth0 parent ffff: u32 \\
+ match ip sport 22 0xffff \\
+ action pedit ex munge ip dst set 192.168.1.199
+tc filter add dev eth0 parent ffff: u32 \\
+ match ip sport 22 0xffff \\
+ action pedit ex munge ip6 dst set fe80::dacb:8aff:fec7:320e
+tc filter add dev eth0 parent ffff: u32 \\
+ match ip sport 22 0xffff \\
+ action pedit ex munge eth dst set 11:22:33:44:55:66
+tc filter add dev eth0 parent ffff: u32 \\
+ match ip dport 23 0xffff \\
+ action pedit ex munge tcp dport set 22
+.EE
+.RE
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-htb (8),
+.BR tc-u32 (8)
diff --git a/man/man8/tc-police.8 b/man/man8/tc-police.8
new file mode 100644
index 0000000..bcc5f43
--- /dev/null
+++ b/man/man8/tc-police.8
@@ -0,0 +1,146 @@
+.TH "Policing action in tc" 8 "20 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+police - policing action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action police"
+.BI rate " RATE " burst
+.IR BYTES [\fB/ BYTES "] ["
+.B mtu
+.IR BYTES [\fB/ BYTES "] ] ["
+.BI peakrate " RATE"
+] [
+.BI overhead " BYTES"
+] [
+.BI linklayer " TYPE"
+] [
+.IR CONTROL " ]"
+
+.ti -8
+.BR tc " ... " filter " ... [ " estimator
+.IR "SAMPLE AVERAGE " ]
+.BR "action police avrate"
+.IR RATE " [ " CONTROL " ]"
+
+.ti -8
+.IR CONTROL " :="
+.BI conform-exceed " EXCEEDACT\fR[\fB/\fINOTEXCEEDACT"
+
+.ti -8
+.IR EXCEEDACT/NOTEXCEEDACT " := { "
+.BR pipe " | " ok " | " reclassify " | " drop " | " continue " | " goto " " chain " " CHAIN_INDEX " }"
+.SH DESCRIPTION
+The
+.B police
+action allows to limit bandwidth of traffic matched by the filter it is
+attached to. Basically there are two different algorithms available to measure
+the packet rate: The first one uses an internal dual token bucket and is
+configured using the
+.BR rate ", " burst ", " mtu ", " peakrate ", " overhead " and " linklayer
+parameters. The second one uses an in-kernel sampling mechanism. It can be
+fine-tuned using the
+.B estimator
+filter parameter.
+.SH OPTIONS
+.TP
+.BI rate " RATE"
+The maximum traffic rate of packets passing this action. Those exceeding it will
+be treated as defined by the
+.B conform-exceed
+option.
+.TP
+.BI burst " BYTES\fR[\fB/\fIBYTES\fR]"
+Set the maximum allowed burst in bytes, optionally followed by a slash ('/')
+sign and cell size which must be a power of 2.
+.TP
+.BI mtu " BYTES\fR[\fB/\fIBYTES\fR]"
+This is the maximum packet size handled by the policer (larger ones will be
+handled like they exceeded the configured rate). Setting this value correctly
+will improve the scheduler's precision.
+Value formatting is identical to
+.B burst
+above. Defaults to unlimited.
+.TP
+.BI peakrate " RATE"
+Set the maximum bucket depletion rate, exceeding
+.BR rate .
+.TP
+.BI avrate " RATE"
+Make use of an in-kernel bandwidth rate estimator and match the given
+.I RATE
+against it.
+.TP
+.BI overhead " BYTES"
+Account for protocol overhead of encapsulating output devices when computing
+.BR rate " and " peakrate .
+.TP
+.BI linklayer " TYPE"
+Specify the link layer type.
+.I TYPE
+may be one of
+.B ethernet
+(the default),
+.BR atm " or " adsl
+(which are synonyms). It is used to align the precomputed rate tables to ATM
+cell sizes, for
+.B ethernet
+no action is taken.
+.TP
+.BI estimator " SAMPLE AVERAGE"
+Fine-tune the in-kernel packet rate estimator.
+.IR SAMPLE " and " AVERAGE
+are time values and control the frequency in which samples are taken and over
+what timespan an average is built.
+.TP
+.BI conform-exceed " EXCEEDACT\fR[\fB/\fINOTEXCEEDACT\fR]"
+Define how to handle packets which exceed or conform the
+configured bandwidth limit. Possible values are:
+.RS
+.IP continue
+Don't do anything, just continue with the next action in line.
+.IP drop
+Drop the packet immediately.
+.IP shot
+This is a synonym to
+.BR drop .
+.IP ok
+Accept the packet. This is the default for conforming packets.
+.IP pass
+This is a synonym to
+.BR ok .
+.IP reclassify
+Treat the packet as non-matching to the filter this action is attached to and
+continue with the next filter in line (if any). This is the default for
+exceeding packets.
+.IP pipe
+Pass the packet to the next action in line.
+.SH EXAMPLES
+A typical application of the police action is to enforce ingress traffic rate
+by dropping exceeding packets. Although better done on the sender's side,
+especially in scenarios with lack of peer control (e.g. with dial-up providers)
+this is often the best one can do in order to keep latencies low under high
+load. The following establishes input bandwidth policing to 1mbit/s using the
+.B ingress
+qdisc and
+.B u32
+filter:
+
+.RS
+.EX
+# tc qdisc add dev eth0 handle ffff: ingress
+# tc filter add dev eth0 parent ffff: u32 \\
+ match u32 0 0 \\
+ police rate 1mbit burst 100k
+.EE
+.RE
+
+As an action can not live on it's own, there always has to be a filter involved as link between qdisc and action. The example above uses
+.B u32
+for that, which is configured to effectively match any packet (passing it to the
+.B police
+action thereby).
+
+.SH SEE ALSO
+.BR tc (8)
diff --git a/man/man8/tc-sample.8 b/man/man8/tc-sample.8
new file mode 100644
index 0000000..3e03eba
--- /dev/null
+++ b/man/man8/tc-sample.8
@@ -0,0 +1,125 @@
+.TH "Packet sample action in tc" 8 "31 Jan 2017" "iproute2" "Linux"
+
+.SH NAME
+sample - packet sampling tc action
+.SH SYNOPSIS
+.in +8
+.ti -8
+
+.BR tc " ... " "action sample rate"
+.I RATE
+.BR "group"
+.I GROUP
+.RB "[ " trunc
+.IR SIZE " ] "
+.RB "[ " index
+.IR INDEX " ] "
+.ti -8
+
+.BR tc " ... " "action sample index "
+.I INDEX
+.ti -8
+
+.SH DESCRIPTION
+The
+.B sample
+action allows sampling packets matching classifier.
+
+The packets are chosen randomly according to the
+.B rate
+parameter, and are sampled using the
+.B psample
+generic netlink channel. The user can also specify packet truncation to save
+user-kernel traffic. Each sample includes some informative metadata about the
+original packet, which is sent using netlink attributes, alongside the original
+packet data.
+
+The user can either specify the sample action parameters as presented in the
+first form above, or use an existing sample action using its index, as presented
+in the second form.
+
+.SH SAMPLED PACKETS METADATA FIELDS
+The metadata are delivered to userspace applications using the
+.B psample
+generic netlink channel, where each sample includes the following netlink
+attributes:
+.TP
+.BI PSAMPLE_ATTR_IIFINDEX
+The input interface index of the packet, if there is one.
+.TP
+.BI PSAMPLE_ATTR_OIFINDEX
+The output interface index of the packet. This field is not relevant on ingress
+sampling
+.TP
+.BI PSAMPLE_ATTR_ORIGSIZE
+The size of the original packet (before truncation)
+.TP
+.BI PSAMPLE_ATTR_SAMPLE_GROUP
+The
+.B psample
+group the packet was sent to
+.TP
+.BI PSAMPLE_ATTR_GROUP_SEQ
+A sequence number of the sampled packet. This number is incremented with each
+sampled packet of the current
+.B psample
+group
+.TP
+.BI PSAMPLE_ATTR_SAMPLE_RATE
+The rate the packet was sampled with
+.RE
+
+.SH OPTIONS
+.TP
+.BI rate " RATE"
+The packet sample rate.
+.I "RATE"
+is the expected ratio between observed packets and sampled packets. For example,
+.I "RATE"
+of 100 will lead to an average of one sampled packet out of every 100 observed.
+.TP
+.BI trunc " SIZE"
+Upon set, defines the maximum size of the sampled packets, and causes truncation
+if needed
+.TP
+.BI group " GROUP"
+The
+.B psample
+group the packet will be sent to. The
+.B psample
+module defines the concept of groups, which allows the user to match specific
+sampled packets in the case of multiple sampling rules, thus identify only the
+packets that came from a specific rule.
+.TP
+.BI index " INDEX"
+Is a unique ID for an action. When creating new action instance, this parameter
+allows to set the new action index. When using existing action, this parameter
+allows to specify the existing action index. The index must 32bit unsigned
+integer greater than zero.
+.SH EXAMPLES
+Sample one of every 100 packets flowing into interface eth0 to psample group 12:
+
+.RS
+.EX
+tc qdisc add dev eth0 handle ffff: ingress
+tc filter add dev eth0 parent ffff: matchall \\
+ action sample rate 100 group 12 index 19
+.EE
+.RE
+
+Use the same action instance to sample eth1 too:
+
+.RS
+.EX
+tc qdisc add dev eth1 handle ffff: ingress
+tc filter add dev eth1 parent ffff: matchall \\
+ action sample index 19
+.EE
+.RE
+
+.EE
+.RE
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-matchall (8)
+.BR psample (1)
diff --git a/man/man8/tc-simple.8 b/man/man8/tc-simple.8
new file mode 100644
index 0000000..7363ab5
--- /dev/null
+++ b/man/man8/tc-simple.8
@@ -0,0 +1,99 @@
+.TH "Simple action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+simple - basic example action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action simple"
+[
+.BI sdata " STRING"
+] [
+.BI index " INDEX"
+] [
+.I CONTROL
+]
+
+.ti -8
+.IR CONTROL " := {"
+.BR reclassify " | " pipe " | " drop " | " continue " | " ok " }"
+
+.SH DESCRIPTION
+This is a pedagogical example rather than an actually useful action. Upon every access, it prints the given
+.I STRING
+which may be of arbitrary length.
+.SH OPTIONS
+.TP
+.BI sdata " STRING"
+The actual string to print.
+.TP
+.BI index " INDEX"
+Optional action index value.
+.TP
+.I CONTROL
+Indicate how
+.B tc
+should proceed after executing the action. For a description of the possible
+.I CONTROL
+values, see
+.BR tc-actions (8).
+.SH EXAMPLES
+The following example makes the kernel yell "Incoming ICMP!" every time it sees
+an incoming ICMP on eth0. Steps are:
+.IP 1) 4
+Add an ingress qdisc point to eth0
+.IP 2) 4
+Start a chain on ingress of eth0 that first matches ICMP then invokes the
+simple action to shout.
+.IP 3) 4
+display stats and show that no packet has been seen by the action
+.IP 4) 4
+Send one ping packet to google (expect to receive a response back)
+.IP 5) 4
+grep the logs to see the logged message
+.IP 6) 4
+display stats again and observe increment by 1
+
+.RE
+.EX
+ hadi@noma1:$ tc qdisc add dev eth0 ingress
+ hadi@noma1:$tc filter add dev eth0 parent ffff: protocol ip prio 5 \\
+ u32 match ip protocol 1 0xff flowid 1:1 action simple sdata "Incoming ICMP"
+
+ hadi@noma1:$ sudo tc -s filter ls dev eth0 parent ffff:
+ filter protocol ip pref 5 u32
+ filter protocol ip pref 5 u32 fh 800: ht divisor 1
+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
+ match 00010000/00ff0000 at 8
+ action order 1: Simple <Incoming ICMP>
+ index 4 ref 1 bind 1 installed 29 sec used 29 sec
+ Action statistics:
+ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
+ backlog 0b 0p requeues 0
+
+
+ hadi@noma1$ ping -c 1 www.google.ca
+ PING www.google.ca (74.125.225.120) 56(84) bytes of data.
+ 64 bytes from ord08s08-in-f24.1e100.net (74.125.225.120): icmp_req=1 ttl=53 time=31.3 ms
+
+ --- www.google.ca ping statistics ---
+ 1 packets transmitted, 1 received, 0% packet loss, time 0ms
+ rtt min/avg/max/mdev = 31.316/31.316/31.316/0.000 ms
+
+ hadi@noma1$ dmesg | grep simple
+ [135354.473951] simple: Incoming ICMP_1
+
+ hadi@noma1$ sudo tc/tc -s filter ls dev eth0 parent ffff:
+ filter protocol ip pref 5 u32
+ filter protocol ip pref 5 u32 fh 800: ht divisor 1
+ filter protocol ip pref 5 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1
+ match 00010000/00ff0000 at 8
+ action order 1: Simple <Incoming ICMP>
+ index 4 ref 1 bind 1 installed 206 sec used 67 sec
+ Action statistics:
+ Sent 84 bytes 1 pkt (dropped 0, overlimits 0 requeues 0)
+ backlog 0b 0p requeues 0
+.EE
+.SH SEE ALSO
+.BR tc (8)
+.BR tc-actions (8)
diff --git a/man/man8/tc-skbedit.8 b/man/man8/tc-skbedit.8
new file mode 100644
index 0000000..003f05c
--- /dev/null
+++ b/man/man8/tc-skbedit.8
@@ -0,0 +1,66 @@
+.TH "SKB editing action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+skbedit - SKB editing action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action skbedit " [ " queue_mapping
+.IR QUEUE_MAPPING " ] ["
+.B priority
+.IR PRIORITY " ] ["
+.B mark
+.IR MARK " ]"
+.B ptype
+.IR PTYPE " ]"
+.SH DESCRIPTION
+The
+.B skbedit
+action allows to change a packet's associated meta data. It complements the
+.B pedit
+action, which in turn allows to change parts of the packet data itself.
+
+The most unique feature of
+.B skbedit
+is it's ability to decide over which queue of an interface with multiple
+transmit queues the packet is to be sent out. The number of available transmit
+queues is reflected by sysfs entries within
+.I /sys/class/net/<interface>/queues
+with name
+.I tx-N
+(where
+.I N
+is the actual queue number).
+.SH OPTIONS
+.TP
+.BI queue_mapping " QUEUE_MAPPING"
+Override the packet's transmit queue. Useful when applied to packets transmitted
+over MQ-capable network interfaces.
+.I QUEUE_MAPPING
+is an unsigned 16bit value in decimal format.
+.TP
+.BI priority " PRIORITY"
+Override the packet classification decision.
+.I PRIORITY
+is either
+.BR root ", " none
+or a hexadecimal major class ID optionally followed by a colon
+.RB ( : )
+and a hexadecimal minor class ID.
+.TP
+.BI mark " MARK"
+Change the packet's firewall mark value.
+.I MARK
+is an unsigned 32bit value in automatically detected format (i.e., prefix with
+.RB ' 0x '
+for hexadecimal interpretation, etc.).
+.TP
+.BI ptype " PTYPE"
+Override the packet's type. Useful for setting packet type to host when
+needing to allow ingressing packets with the wrong MAC address but
+correct IP address.
+.I PTYPE
+is one of: host, otherhost, broadcast, multicast
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-pedit (8)
diff --git a/man/man8/tc-skbmod.8 b/man/man8/tc-skbmod.8
new file mode 100644
index 0000000..46418b6
--- /dev/null
+++ b/man/man8/tc-skbmod.8
@@ -0,0 +1,137 @@
+.TH "skbmod action in tc" 8 "21 Sep 2016" "iproute2" "Linux"
+
+.SH NAME
+skbmod - user-friendly packet editor action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action skbmod " "{ [ " "set "
+.IR SETTABLE " ] [ "
+.BI swap " SWAPPABLE"
+.RI " ] [ " CONTROL " ] [ "
+.BI index " INDEX "
+] }
+
+.ti -8
+.IR SETTABLE " := "
+.RB " [ " dmac
+.IR DMAC " ] "
+.RB " [ " smac
+.IR SMAC " ] "
+.RB " [ " etype
+.IR ETYPE " ] "
+
+.ti -8
+.IR SWAPPABLE " := "
+.B mac
+.ti -8
+.IR CONTROL " := {"
+.BR reclassify " | " pipe " | " drop " | " shot " | " continue " | " pass " }"
+.SH DESCRIPTION
+The
+.B skbmod
+action is intended as a usability upgrade to the existing
+.B pedit
+action. Instead of having to manually edit 8-, 16-, or 32-bit chunks of an
+ethernet header,
+.B skbmod
+allows complete substitution of supported elements.
+.SH OPTIONS
+.TP
+.BI dmac " DMAC"
+Change the destination mac to the specified address.
+.TP
+.BI smac " SMAC"
+Change the source mac to the specified address.
+.TP
+.BI etype " ETYPE"
+Change the ethertype to the specified value.
+.TP
+.BI mac
+Used to swap mac addresses. The
+.B swap mac
+directive is performed
+after any outstanding D/SMAC changes.
+.TP
+.I CONTROL
+The following keywords allow to control how the tree of qdisc, classes,
+filters and actions is further traversed after this action.
+.RS
+.TP
+.B reclassify
+Restart with the first filter in the current list.
+.TP
+.B pipe
+Continue with the next action attached to the same filter.
+.TP
+.B drop
+.TQ
+.B shot
+Drop the packet.
+.TP
+.B continue
+Continue classification with the next filter in line.
+.TP
+.B pass
+Finish classification process and return to calling qdisc for further packet
+processing. This is the default.
+.SH EXAMPLES
+To start, observe the following filter with a pedit action:
+
+.RS
+.EX
+tc filter add dev eth1 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action pedit munge offset -14 u8 set 0x02 \\
+ munge offset -13 u8 set 0x15 \\
+ munge offset -12 u8 set 0x15 \\
+ munge offset -11 u8 set 0x15 \\
+ munge offset -10 u16 set 0x1515 \\
+ pipe
+.EE
+.RE
+
+Using the skbmod action, this command can be simplified to:
+
+.RS
+.EX
+tc filter add dev eth1 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action skbmod set dmac 02:15:15:15:15:15 \\
+ pipe
+.EE
+.RE
+
+Complexity will increase if source mac and ethertype are also being edited
+as part of the action. If all three fields are to be changed with skbmod:
+
+.RS
+.EX
+tc filter add dev eth5 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action skbmod \\
+ set etype 0xBEEF \\
+ set dmac 02:12:13:14:15:16 \\
+ set smac 02:22:23:24:25:26
+.EE
+.RE
+
+Finally, swap the destination and source mac addresses in the header:
+
+.RS
+.EX
+tc filter add dev eth3 parent 1: protocol ip prio 10 \\
+ u32 match ip protocol 1 0xff flowid 1:2 \\
+ action skbmod \\
+ swap mac
+.EE
+.RE
+
+As mentioned above, the swap action will occur after any
+.B " smac/dmac "
+substitutions are executed, if they are present.
+
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-u32 (8),
+.BR tc-pedit (8)
diff --git a/man/man8/tc-stab.8 b/man/man8/tc-stab.8
index 02caa7d..03a0659 100644
--- a/man/man8/tc-stab.8
+++ b/man/man8/tc-stab.8
@@ -156,8 +156,8 @@
.br
\fB[2]\fR http://www.faqs.org/rfcs/rfc2684.html
-Please direct bugreports and patches to: <net...@vger.kernel.org>
+Please direct bugreports and patches to: <netdev@vger.kernel.org>
.
.SH "AUTHOR"
.
-Manpage created by Michal Soltys (sol...@ziu.info)
+Manpage created by Michal Soltys (soltys@ziu.info)
diff --git a/man/man8/tc-tcindex.8 b/man/man8/tc-tcindex.8
index 7fcf825..9a4e5ff 100644
--- a/man/man8/tc-tcindex.8
+++ b/man/man8/tc-tcindex.8
@@ -11,7 +11,7 @@
.IR MASK " ] [ "
.B shift
.IR SHIFT " ] [ "
-.BR pas_on " | " fall_through " ] [ " classid
+.BR pass_on " | " fall_through " ] [ " classid
.IR CLASSID " ] [ "
.B action
.BR ACTION_SPEC " ]"
diff --git a/man/man8/tc-tunnel_key.8 b/man/man8/tc-tunnel_key.8
new file mode 100644
index 0000000..e979a74
--- /dev/null
+++ b/man/man8/tc-tunnel_key.8
@@ -0,0 +1,136 @@
+.TH "Tunnel metadata manipulation action in tc" 8 "10 Nov 2016" "iproute2" "Linux"
+
+.SH NAME
+tunnel_key - Tunnel metadata manipulation
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action tunnel_key" " { " unset " | "
+.IR SET " }"
+
+.ti -8
+.IR SET " := "
+.BR set " " src_ip
+.IR ADDRESS
+.BR dst_ip
+.IR ADDRESS
+.BI id " KEY_ID"
+.BI dst_port " UDP_PORT"
+.RB "[ " csum " | " nocsum " ]"
+
+.SH DESCRIPTION
+The
+.B tunnel_key
+action combined with a shared IP tunnel device, allows to perform IP tunnel en-
+or decapsulation on a packet, reflected by
+the operation modes
+.IR UNSET " and " SET .
+The
+.I UNSET
+mode is optional - even without using it, the metadata information will be
+released automatically when packet processing will be finished.
+.IR UNSET
+function could be used in cases when traffic is forwarded between two tunnels,
+where the metadata from the first tunnel will be used for encapsulation done by
+the second tunnel.
+.IR SET
+mode requires the source and destination ip
+.I ADDRESS
+and the tunnel key id
+.I KEY_ID
+which will be used by the ip tunnel shared device to create the tunnel header. The
+.B tunnel_key
+action is useful only in combination with a
+.B mirred redirect
+action to a shared IP tunnel device which will use the metadata (for
+.I SET
+) and unset the metadata created by it (for
+.I UNSET
+).
+
+.SH OPTIONS
+.TP
+.B unset
+Unset the tunnel metadata created by the IP tunnel device. This function is
+not mandatory and might be used only in some specific use cases (as explained
+above).
+.TP
+.B set
+Set tunnel metadata to be used by the IP tunnel device. Requires
+.B id
+,
+.B src_ip
+and
+.B dst_ip
+options.
+.B dst_port
+is optional.
+.RS
+.TP
+.B id
+Tunnel ID (for example VNI in VXLAN tunnel)
+.TP
+.B src_ip
+Outer header source IP address (IPv4 or IPv6)
+.TP
+.B dst_ip
+Outer header destination IP address (IPv4 or IPv6)
+.TP
+.B dst_port
+Outer header destination UDP port
+.TP
+.RB [ no ] csum
+Controlls outer UDP checksum. When set to
+.B csum
+(which is default), the outer UDP checksum is calculated and included in the
+packets. When set to
+.BR nocsum ,
+outer UDP checksum is zero. Note that when using zero UDP checksums with
+IPv6, the other tunnel endpoint must be configured to accept such packets.
+In Linux, this would be the
+.B udp6zerocsumrx
+option for the VXLAN tunnel interface.
+.IP
+If using
+.B nocsum
+with IPv6, be sure you know what you are doing. Zero UDP checksums provide
+weaker protection against corrupted packets. See RFC6935 for details.
+.RE
+.SH EXAMPLES
+The following example encapsulates incoming ICMP packets on eth0 into a vxlan
+tunnel, by setting metadata to VNI 11, source IP 11.11.0.1 and destination IP
+11.11.0.2, and by redirecting the packet with the metadata to device vxlan0,
+which will do the actual encapsulation using the metadata:
+
+.RS
+.EX
+#tc qdisc add dev eth0 handle ffff: ingress
+#tc filter add dev eth0 protocol ip parent ffff: \\
+ flower \\
+ ip_proto icmp \\
+ action tunnel_key set \\
+ src_ip 11.11.0.1 \\
+ dst_ip 11.11.0.2 \\
+ id 11 \\
+ action mirred egress redirect dev vxlan0
+.EE
+.RE
+
+Here is an example of the
+.B unset
+function: Incoming VXLAN traffic with outer IP's and VNI 11 is decapsulated by
+vxlan0 and metadata is unset before redirecting to tunl1 device:
+
+.RS
+.EX
+#tc qdisc add dev eth0 handle ffff: ingress
+#tc filter add dev vxlan0 protocol ip parent ffff: \
+ flower \\
+ enc_src_ip 11.11.0.2 enc_dst_ip 11.11.0.1 enc_key_id 11 \
+ action tunnel_key unset \
+ action mirred egress redirect dev tunl1
+.EE
+.RE
+
+.SH SEE ALSO
+.BR tc (8)
diff --git a/man/man8/tc-u32.8 b/man/man8/tc-u32.8
index 47c8f2d..e9475a9 100644
--- a/man/man8/tc-u32.8
+++ b/man/man8/tc-u32.8
@@ -29,6 +29,10 @@
.IR HANDLE " ] [ "
.B indev
.IR ifname " ] [ "
+.B skip_hw
+.R "|"
+.B skip_sw
+.R " ] [ "
.BR help " ]"
.ti -8
@@ -331,6 +335,13 @@
Filter on the incoming interface of the packet. Obviously works only for
forwarded traffic.
.TP
+.BI skip_sw
+Do not process filter by software. If hardware has no offload support for this
+filter, or TC offload is not enabled for the interface, operation will fail.
+.TP
+.BI skip_hw
+Do not process filter by hardware.
+.TP
.BI help
Print a brief help text about possible options.
.SH SELECTORS
@@ -370,6 +381,7 @@
.RS
.TP
.BI src " ADDR"
+.TQ
.BI dst " ADDR"
Compare Source or Destination Address fields against the value of
.IR ADDR .
diff --git a/man/man8/tc-vlan.8 b/man/man8/tc-vlan.8
new file mode 100644
index 0000000..59c81e8
--- /dev/null
+++ b/man/man8/tc-vlan.8
@@ -0,0 +1,126 @@
+.TH "VLAN manipulation action in tc" 8 "12 Jan 2015" "iproute2" "Linux"
+
+.SH NAME
+vlan - vlan manipulation module
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action vlan" " { " pop " |"
+.IR PUSH " | " MODIFY " } [ " CONTROL " ]"
+
+.ti -8
+.IR PUSH " := "
+.BR push " [ " protocol
+.IR VLANPROTO " ]"
+.BR " [ " priority
+.IR VLANPRIO " ] "
+.BI id " VLANID"
+
+.ti -8
+.IR MODIFY " := "
+.BR modify " [ " protocol
+.IR VLANPROTO " ]"
+.BR " [ " priority
+.IR VLANPRIO " ] "
+.BI id " VLANID"
+
+.ti -8
+.IR CONTROL " := { "
+.BR reclassify " | " pipe " | " drop " | " continue " | " pass " | " goto " " chain " " CHAIN_INDEX " }"
+.SH DESCRIPTION
+The
+.B vlan
+action allows to perform 802.1Q en- or decapsulation on a packet, reflected by
+the operation modes
+.IR POP ", " PUSH " and " MODIFY .
+The
+.I POP
+mode is simple, as no further information is required to just drop the
+outer-most VLAN encapsulation. The
+.IR PUSH " and " MODIFY
+modes require at least a
+.I VLANID
+and allow to optionally choose the
+.I VLANPROTO
+to use.
+.SH OPTIONS
+.TP
+.B pop
+Decapsulation mode, no further arguments allowed.
+.TP
+.B push
+Encapsulation mode. Requires at least
+.B id
+option.
+.TP
+.B modify
+Replace mode. Existing 802.1Q tag is replaced. Requires at least
+.B id
+option.
+.TP
+.BI id " VLANID"
+Specify the VLAN ID to encapsulate into.
+.I VLANID
+is an unsigned 16bit integer, the format is detected automatically (e.g. prefix
+with
+.RB ' 0x '
+for hexadecimal interpretation, etc.).
+.TP
+.BI protocol " VLANPROTO"
+Choose the VLAN protocol to use. At the time of writing, the kernel accepts only
+.BR 802.1Q " or " 802.1ad .
+.TP
+.BI priority " VLANPRIO"
+Choose the VLAN priority to use. Decimal number in range of 0-7.
+.TP
+.I CONTROL
+How to continue after executing this action.
+.RS
+.TP
+.B reclassify
+Restarts classification by jumping back to the first filter attached to this
+action's parent.
+.TP
+.B pipe
+Continue with the next action, this is the default.
+.TP
+.B drop
+Packet will be dropped without running further actions.
+.TP
+.B continue
+Continue classification with next filter in line.
+.TP
+.B pass
+Return to calling qdisc for packet processing. This ends the classification
+process.
+.RE
+.SH EXAMPLES
+The following example encapsulates incoming ICMP packets on eth0 from 10.0.0.2
+into VLAN ID 123:
+
+.RS
+.EX
+#tc qdisc add dev eth0 handle ffff: ingress
+#tc filter add dev eth0 parent ffff: pref 11 protocol ip \\
+ u32 match ip protocol 1 0xff flowid 1:1 \\
+ u32 match ip src 10.0.0.2 flowid 1:1 \\
+ action vlan push id 123
+.EE
+.RE
+
+Here is an example of the
+.B pop
+function: Incoming VLAN packets on eth0 are decapsulated and the classification
+process then restarted for the plain packet:
+
+.RS
+.EX
+#tc qdisc add dev eth0 handle ffff: ingress
+#tc filter add dev $ETH parent ffff: pref 1 protocol 802.1Q \\
+ u32 match u32 0 0 flowid 1:1 \\
+ action vlan pop reclassify
+.EE
+.RE
+
+.SH SEE ALSO
+.BR tc (8)
diff --git a/man/man8/tc-xt.8 b/man/man8/tc-xt.8
new file mode 100644
index 0000000..4fd800c
--- /dev/null
+++ b/man/man8/tc-xt.8
@@ -0,0 +1,42 @@
+.TH "iptables action in tc" 8 "3 Mar 2016" "iproute2" "Linux"
+
+.SH NAME
+xt - tc iptables action
+.SH SYNOPSIS
+.in +8
+.ti -8
+.BR tc " ... " "action xt \-j"
+.IR TARGET " [ " TARGET_OPTS " ]"
+.SH DESCRIPTION
+The
+.B xt
+action allows to call arbitrary iptables targets for packets matching the filter
+this action is attached to.
+.SH OPTIONS
+.TP
+.BI -j " TARGET \fR[\fI TARGET_OPTS \fR]"
+Perform a jump to the given iptables target, optionally passing any target
+specific options in
+.IR TARGET_OPTS .
+.SH EXAMPLES
+The following will attach a
+.B u32
+filter to the
+.B ingress
+qdisc matching ICMP replies and using the
+.B xt
+action to make the kernel yell 'PONG' each time:
+
+.RS
+.EX
+tc qdisc add dev eth0 ingress
+tc filter add dev eth0 parent ffff: proto ip u32 \\
+ match ip protocol 1 0xff \\
+ match ip icmp_type 0 0xff \\
+ action xt -j LOG --log-prefix PONG
+.EE
+.RE
+.SH SEE ALSO
+.BR tc (8),
+.BR tc-u32 (8),
+.BR iptables-extensions (8)
diff --git a/man/man8/tc.8 b/man/man8/tc.8
index 4e99dca..f96911a 100644
--- a/man/man8/tc.8
+++ b/man/man8/tc.8
@@ -5,58 +5,59 @@
.B tc
.RI "[ " OPTIONS " ]"
.B qdisc [ add | change | replace | link | delete ] dev
-DEV
+\fIDEV\fR
.B
[ parent
-qdisc-id
+\fIqdisc-id\fR
.B | root ]
.B [ handle
-qdisc-id ] qdisc
+\fIqdisc-id\fR ] qdisc
[ qdisc specific parameters ]
.P
.B tc
.RI "[ " OPTIONS " ]"
.B class [ add | change | replace | delete ] dev
-DEV
+\fIDEV\fR
.B parent
-qdisc-id
+\fIqdisc-id\fR
.B [ classid
-class-id ] qdisc
+\fIclass-id\fR ] qdisc
[ qdisc specific parameters ]
.P
.B tc
.RI "[ " OPTIONS " ]"
-.B filter [ add | change | replace | delete ] dev
-DEV
+.B filter [ add | change | replace | delete | get ] dev
+\fIDEV\fR
.B [ parent
-qdisc-id
-.B | root ] protocol
-protocol
+\fIqdisc-id\fR
+.B | root ] [ handle \fIfilter-id\fR ]
+.B protocol
+\fIprotocol\fR
.B prio
-priority filtertype
+\fIpriority\fR filtertype
[ filtertype specific parameters ]
.B flowid
-flow-id
+\fIflow-id\fR
.B tc
.RI "[ " OPTIONS " ]"
.RI "[ " FORMAT " ]"
.B qdisc show [ dev
-DEV
+\fIDEV\fR
.B ]
.P
.B tc
.RI "[ " OPTIONS " ]"
.RI "[ " FORMAT " ]"
.B class show dev
-DEV
+\fIDEV\fR
.P
.B tc
.RI "[ " OPTIONS " ]"
.B filter show dev
-DEV
+\fIDEV\fR
.P
.ti 8
@@ -187,6 +188,11 @@
Generic filtering on arbitrary packet data, assisted by syntax to abstract common operations. See
.BR tc-u32 (8)
for details.
+.TP
+matchall
+Traffic control filter that matches every packet. See
+.BR tc-matchall (8)
+for details.
.SH CLASSLESS QDISCS
The classless qdiscs are:
@@ -289,14 +295,14 @@
the root of a device. Full syntax:
.P
.B tc qdisc add dev
-DEV
+\fIDEV\fR
.B root
QDISC QDISC-PARAMETERS
To remove, issue
.P
.B tc qdisc del dev
-DEV
+\fIDEV\fR
.B root
The
@@ -381,7 +387,7 @@
Some qdiscs have built in rules for classifying packets based on the TOS field.
.TP
skb->priority
-Userspace programs can encode a class-id in the 'skb->priority' field using
+Userspace programs can encode a \fIclass-id\fR in the 'skb->priority' field using
the SO_PRIORITY option.
.P
Each node within the tree can have its own filters but higher level filters
@@ -549,7 +555,7 @@
When creating a qdisc or a filter, it can be named with the
.B handle
parameter. A class is named with the
-.B classid
+.B \fBclassid\fR
parameter.
.TP
@@ -571,6 +577,15 @@
it is created.
.TP
+get
+Displays a single filter given the interface \fIDEV\fR, \fIqdisc-id\fR,
+\fIpriority\fR, \fIprotocol\fR and \fIfilter-id\fR.
+
+.TP
+show
+Displays all filters attached to the given interface. A valid parent ID must be passed.
+
+.TP
link
Only available for qdiscs and performs a replace where the node
must exist already.
diff --git a/man/man8/tipc-bearer.8 b/man/man8/tipc-bearer.8
index 565ee01..d95b1e1 100644
--- a/man/man8/tipc-bearer.8
+++ b/man/man8/tipc-bearer.8
@@ -11,6 +11,11 @@
.in +8
.ti -8
+.B tipc bearer add media udp name
+.IB "NAME " "remoteip " REMOTEIP
+.br
+
+.ti -8
.B tipc bearer enable
.RB "[ " domain
.IR DOMAIN " ]"
@@ -39,14 +44,12 @@
.B tipc bearer disable media
.br
.RB "{ { " eth " | " ib " } " device
-.IR DEVICE
+.IR "DEVICE " }
.RB "|"
.br
.RB "{ " udp
.B name
-.IR NAME
-.B localip
-.IR LOCALIP " } }"
+.IR NAME " }"
.br
.ti -8
@@ -65,14 +68,12 @@
.br
.RB "{ " udp
.B name
-.IR NAME
-.B localip
-.IR LOCALIP " } }"
+.IR NAME " }"
.br
.ti -8
.B tipc bearer get
-.RB "{ " "priority" " | " tolerance " | " window " } " media
+.RB "[ " "priority" " | " tolerance " | " window " ] " media
.br
.RB "{ { " eth " | " ib " } " device
.IR "DEVICE" " }"
@@ -81,8 +82,7 @@
.RB "{ " udp
.B name
.IR NAME
-.B localip
-.IR LOCALIP " } }"
+.RB "[ " "localip " "| " "localport " "| " "remoteip " "| " "remoteport " "] }"
.br
.ti -8
@@ -202,6 +202,25 @@
.B udp
bearer runs in point-to-point mode.
+Multiple
+.B remoteip
+addresses can be added via the
+.B bearer add
+command. Adding one or more unicast
+.B remoteip
+addresses to an existing
+.B udp
+bearer puts the bearer in replicast mode where IP
+multicast is emulated by sending multiple unicast messages to each configured
+.B remoteip.
+When a peer sees a TIPC discovery message from an unknown peer the peer address
+is automatically added to the
+.B remoteip
+(replicast) list, thus only one side of
+a link needs to be manually configured. A
+.B remoteip
+address cannot be added to a multicast bearer.
+
.TP
.BI "remoteport " REMOTEPORT
.br
diff --git a/man/man8/tipc-link.8 b/man/man8/tipc-link.8
index 2ee03a0..fee283e 100644
--- a/man/man8/tipc-link.8
+++ b/man/man8/tipc-link.8
@@ -39,6 +39,29 @@
.B tipc link list
.br
+.ti -8
+.B tipc link monitor set
+.RB "{ " "threshold" " } "
+
+.ti -8
+.B tipc link monitor get
+.RB "{ " "threshold" " } "
+
+.ti -8
+.B tipc link monitor summary
+.br
+
+.ti -8
+.B tipc link monitor list
+.br
+.RB "[ " "media " " { " eth " | " ib " } " device
+.IR "DEVICE" " ]"
+.RB "|"
+.br
+.RB "[ " "media udp name"
+.IR NAME " ]"
+.br
+
.SH OPTIONS
Options (flags) that can be passed anywhere in the command chain.
.TP
@@ -204,6 +227,87 @@
have in its transmit queue before TIPC's congestion control mechanism is
activated.
+.SS Monitor properties
+
+.TP
+.B threshold
+.br
+The threshold specifies the cluster size exceeding which the link monitoring
+algorithm will switch from "full-mesh" to "overlapping-ring".
+If set of 0 the overlapping-ring monitoring is always on and if set to a
+value larger than anticipated cluster size the overlapping-ring is disabled.
+The default value is 32.
+
+.SS Monitor information
+
+.TP
+.B table_generation
+.br
+Represents the event count in a node's local monitoring list. It steps every
+time something changes in the local monitor list, including changes in the
+local domain.
+
+.TP
+.B cluster_size
+.br
+Represents the current count of cluster members.
+
+.TP
+.B algorithm
+.br
+The current supervision algorithm used for neighbour monitoring for the bearer.
+Possible values are full-mesh or overlapping-ring.
+
+.TP
+.B status
+.br
+The node status derived by the local node.
+Possible status are up or down.
+
+.TP
+.B monitored
+.br
+Represent the type of monitoring chosen by the local node.
+Possible values are direct or indirect.
+
+.TP
+.B generation
+.br
+Represents the domain generation which is the event count in a node's local
+domain. Every time something changes (peer add/remove/up/down) the domain
+generation is stepped and a new version of node record is sent to inform
+the neighbors about this change. The domain generation helps the receiver
+of a domain record to know if it should ignore or process the record.
+
+.TP
+.B applied_node_status
+.br
+The node status reported by the peer node for the succeeding peers in
+the node list. The Node list is a circular list of ascending addresses
+starting with the local node.
+Possible status are: U or D. The status U implies up and D down.
+
+.TP
+.B [non_applied_node:status]
+.br
+Represents the nodes and their status as reported by the peer node.
+These nodes were not applied to the monitoring list for this peer node.
+They are usually transient and occur during the cluster startup phase
+or network reconfiguration.
+Possible status are: U or D. The status U implies up and D down.
+
+.SH EXAMPLES
+.PP
+tipc link monitor list
+.RS 4
+Shows the link monitoring information for cluster members on device data0.
+.RE
+.PP
+tipc link monitor summary
+.RS 4
+The monitor summary command prints the basic attributes.
+.RE
+
.SH EXIT STATUS
Exit status is 0 if command was successful or a positive integer upon failure.
diff --git a/misc/Android.mk b/misc/Android.mk
index b385e1e..79ab641 100644
--- a/misc/Android.mk
+++ b/misc/Android.mk
@@ -10,7 +10,7 @@
LOCAL_SHARED_LIBRARIES += libiprouteutil libnetlink
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include $(UAPI_INCLUDES)
##
# "-x c" forces the lex/yacc files to be compiled as c the build system
diff --git a/misc/Makefile b/misc/Makefile
index f50e740..d02616e 100644
--- a/misc/Makefile
+++ b/misc/Makefile
@@ -3,41 +3,34 @@
TARGETS=ss nstat ifstat rtacct lnstat
-include ../Config
+include ../config.mk
ifeq ($(HAVE_BERKELEY_DB),y)
TARGETS += arpd
endif
-ifeq ($(HAVE_SELINUX),y)
- LDLIBS += $(shell $(PKG_CONFIG) --libs libselinux)
- CFLAGS += $(shell $(PKG_CONFIG) --cflags libselinux) -DHAVE_SELINUX
-endif
-
-ifeq ($(IP_CONFIG_SETNS),y)
- CFLAGS += -DHAVE_SETNS
-endif
-
all: $(TARGETS)
ss: $(SSOBJ)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
nstat: nstat.c
- $(CC) $(CFLAGS) $(LDFLAGS) -o nstat nstat.c $(LIBNETLINK) -lm
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -o nstat nstat.c $(LDLIBS) -lm
ifstat: ifstat.c
- $(CC) $(CFLAGS) $(LDFLAGS) -o ifstat ifstat.c $(LIBNETLINK) -lm
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -o ifstat ifstat.c $(LDLIBS) -lm
rtacct: rtacct.c
- $(CC) $(CFLAGS) $(LDFLAGS) -o rtacct rtacct.c $(LIBNETLINK) -lm
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -o rtacct rtacct.c $(LDLIBS) -lm
arpd: arpd.c
- $(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(LDFLAGS) -o arpd arpd.c $(LIBNETLINK) -ldb -lpthread
+ $(QUIET_CC)$(CC) $(CFLAGS) -I$(DBM_INCLUDE) $(LDFLAGS) -o arpd arpd.c $(LDLIBS) -ldb -lpthread
ssfilter.c: ssfilter.y
- bison ssfilter.y -o ssfilter.c
+ $(QUIET_YACC)bison ssfilter.y -o ssfilter.c
lnstat: $(LNSTATOBJ)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
install: all
install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR)
diff --git a/misc/arpd.c b/misc/arpd.c
index 6bb9bd1..67d86b6 100644
--- a/misc/arpd.c
+++ b/misc/arpd.c
@@ -38,8 +38,6 @@
#include "utils.h"
#include "rt_names.h"
-int resolve_hosts;
-
DB *dbase;
char *dbname = "/var/lib/arpd/arpd.db";
@@ -47,17 +45,16 @@
int *ifvec;
char **ifnames;
-struct dbkey
-{
+struct dbkey {
__u32 iface;
__u32 addr;
};
-#define IS_NEG(x) (((__u8*)(x))[0] == 0xFF)
+#define IS_NEG(x) (((__u8 *)(x))[0] == 0xFF)
#define NEG_TIME(x) (((x)[2]<<24)|((x)[3]<<16)|((x)[4]<<8)|(x)[5])
-#define NEG_AGE(x) ((__u32)time(NULL) - NEG_TIME((__u8*)x))
+#define NEG_AGE(x) ((__u32)time(NULL) - NEG_TIME((__u8 *)x))
#define NEG_VALID(x) (NEG_AGE(x) < negative_timeout)
-#define NEG_CNT(x) (((__u8*)(x))[1])
+#define NEG_CNT(x) (((__u8 *)(x))[1])
struct rtnl_handle rth;
@@ -96,8 +93,7 @@
static void usage(void)
{
fprintf(stderr,
- "Usage: arpd [ -lkh? ] [ -a N ] [ -b dbase ] [ -B number ]"
- " [ -f file ] [ -n time ] [-p interval ] [ -R rate ] [ interfaces ]\n");
+ "Usage: arpd [ -lkh? ] [ -a N ] [ -b dbase ] [ -B number ] [ -f file ] [ -n time ] [-p interval ] [ -R rate ] [ interfaces ]\n");
exit(1);
}
@@ -108,7 +104,7 @@
if (ifnum == 0)
return 1;
- for (i=0; i<ifnum; i++)
+ for (i = 0; i < ifnum; i++)
if (ifvec[i] == ifindex)
return 1;
return 0;
@@ -123,7 +119,7 @@
if (!ifnum)
return;
- for (i=0; i<ifnum; i++) {
+ for (i = 0; i < ifnum; i++) {
char buf[128];
FILE *fp;
@@ -133,7 +129,7 @@
if (no_kernel_broadcasts)
strcpy(buf, "0\n");
else
- sprintf(buf, "%d\n", active_probing>=2 ? 1 : 3-active_probing);
+ sprintf(buf, "%d\n", active_probing >= 2 ? 1 : 3-active_probing);
fputs(buf, fp);
fclose(fp);
}
@@ -141,7 +137,7 @@
sprintf(buf, "/proc/sys/net/ipv4/neigh/%s/app_solicit", ifnames[i]);
if ((fp = fopen(buf, "w")) != NULL) {
- sprintf(buf, "%d\n", active_probing<=1 ? 1 : active_probing);
+ sprintf(buf, "%d\n", active_probing <= 1 ? 1 : active_probing);
fputs(buf, fp);
fclose(fp);
}
@@ -156,7 +152,7 @@
if (!sysctl_adjusted)
return;
- for (i=0; i<ifnum; i++) {
+ for (i = 0; i < ifnum; i++) {
char buf[128];
FILE *fp;
@@ -181,16 +177,22 @@
static int send_probe(int ifindex, __u32 addr)
{
- struct ifreq ifr;
- struct sockaddr_in dst;
+ struct ifreq ifr = { .ifr_ifindex = ifindex };
+ struct sockaddr_in dst = {
+ .sin_family = AF_INET,
+ .sin_port = htons(1025),
+ .sin_addr.s_addr = addr,
+ };
socklen_t len;
unsigned char buf[256];
- struct arphdr *ah = (struct arphdr*)buf;
+ struct arphdr *ah = (struct arphdr *)buf;
unsigned char *p = (unsigned char *)(ah+1);
- struct sockaddr_ll sll;
+ struct sockaddr_ll sll = {
+ .sll_family = AF_PACKET,
+ .sll_ifindex = ifindex,
+ .sll_protocol = htons(ETH_P_ARP),
+ };
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_ifindex = ifindex;
if (ioctl(udp_sock, SIOCGIFNAME, &ifr))
return -1;
if (ioctl(udp_sock, SIOCGIFHWADDR, &ifr))
@@ -200,13 +202,10 @@
if (setsockopt(udp_sock, SOL_SOCKET, SO_BINDTODEVICE, ifr.ifr_name, strlen(ifr.ifr_name)+1) < 0)
return -1;
- dst.sin_family = AF_INET;
- dst.sin_port = htons(1025);
- dst.sin_addr.s_addr = addr;
- if (connect(udp_sock, (struct sockaddr*)&dst, sizeof(dst)) < 0)
+ if (connect(udp_sock, (struct sockaddr *)&dst, sizeof(dst)) < 0)
return -1;
len = sizeof(dst);
- if (getsockname(udp_sock, (struct sockaddr*)&dst, &len) < 0)
+ if (getsockname(udp_sock, (struct sockaddr *)&dst, &len) < 0)
return -1;
ah->ar_hrd = htons(ifr.ifr_hwaddr.sa_family);
@@ -219,19 +218,16 @@
p += ah->ar_hln;
memcpy(p, &dst.sin_addr, 4);
- p+=4;
+ p += 4;
- sll.sll_family = AF_PACKET;
memset(sll.sll_addr, 0xFF, sizeof(sll.sll_addr));
- sll.sll_ifindex = ifindex;
- sll.sll_protocol = htons(ETH_P_ARP);
memcpy(p, &sll.sll_addr, ah->ar_hln);
- p+=ah->ar_hln;
+ p += ah->ar_hln;
memcpy(p, &addr, 4);
- p+=4;
+ p += 4;
- if (sendto(pset[0].fd, buf, p-buf, 0, (struct sockaddr*)&sll, sizeof(sll)) < 0)
+ if (sendto(pset[0].fd, buf, p-buf, 0, (struct sockaddr *)&sll, sizeof(sll)) < 0)
return -1;
stats.probes_sent++;
return 0;
@@ -248,6 +244,7 @@
gettimeofday(&now, NULL);
if (prev.tv_sec) {
int diff = (now.tv_sec-prev.tv_sec)*1000+(now.tv_usec-prev.tv_usec)/1000;
+
buckets += diff;
} else {
buckets = broadcast_burst;
@@ -266,21 +263,18 @@
static int respond_to_kernel(int ifindex, __u32 addr, char *lla, int llalen)
{
struct {
- struct nlmsghdr n;
- struct ndmsg ndm;
- char buf[256];
- } req;
-
- memset(&req.n, 0, sizeof(req.n));
- memset(&req.ndm, 0, sizeof(req.ndm));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST;
- req.n.nlmsg_type = RTM_NEWNEIGH;
- req.ndm.ndm_family = AF_INET;
- req.ndm.ndm_state = NUD_STALE;
- req.ndm.ndm_ifindex = ifindex;
- req.ndm.ndm_type = RTN_UNICAST;
+ struct nlmsghdr n;
+ struct ndmsg ndm;
+ char buf[256];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ndmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST,
+ .n.nlmsg_type = RTM_NEWNEIGH,
+ .ndm.ndm_family = AF_INET,
+ .ndm.ndm_state = NUD_STALE,
+ .ndm.ndm_ifindex = ifindex,
+ .ndm.ndm_type = RTN_UNICAST,
+ };
addattr_l(&req.n, sizeof(req), NDA_DST, &addr, 4);
addattr_l(&req.n, sizeof(req), NDA_LLADDR, lla, llalen);
@@ -302,7 +296,7 @@
{
struct ndmsg *ndm = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[NDA_MAX+1];
+ struct rtattr *tb[NDA_MAX+1];
struct dbkey key;
DBT dbkey, dbdat;
int do_acct = 0;
@@ -405,6 +399,7 @@
!IS_NEG(dbdat.data) ||
!NEG_VALID(dbdat.data)) {
__u8 ndata[6];
+
stats.kern_neg++;
prepare_neg_entry(ndata, time(NULL));
dbdat.data = ndata;
@@ -440,18 +435,16 @@
{
int status;
struct nlmsghdr *h;
- struct sockaddr_nl nladdr;
+ struct sockaddr_nl nladdr = {};
struct iovec iov;
char buf[8192];
struct msghdr msg = {
- (void*)&nladdr, sizeof(nladdr),
+ (void *)&nladdr, sizeof(nladdr),
&iov, 1,
NULL, 0,
0
};
- memset(&nladdr, 0, sizeof(nladdr));
-
iov.iov_base = buf;
iov.iov_len = sizeof(buf);
@@ -466,7 +459,7 @@
if (nladdr.nl_pid)
return;
- for (h = (struct nlmsghdr*)buf; status >= sizeof(*h); ) {
+ for (h = (struct nlmsghdr *)buf; status >= sizeof(*h); ) {
int len = h->nlmsg_len;
int l = len - sizeof(*h);
@@ -477,7 +470,7 @@
return;
status -= NLMSG_ALIGN(len);
- h = (struct nlmsghdr*)((char*)h + NLMSG_ALIGN(len));
+ h = (struct nlmsghdr *)((char *)h + NLMSG_ALIGN(len));
}
}
@@ -487,13 +480,13 @@
unsigned char buf[1024];
struct sockaddr_ll sll;
socklen_t sll_len = sizeof(sll);
- struct arphdr *a = (struct arphdr*)buf;
+ struct arphdr *a = (struct arphdr *)buf;
struct dbkey key;
DBT dbkey, dbdat;
int n;
n = recvfrom(pset[0].fd, buf, sizeof(buf), MSG_DONTWAIT,
- (struct sockaddr*)&sll, &sll_len);
+ (struct sockaddr *)&sll, &sll_len);
if (n < 0) {
if (errno != EINTR && errno != EAGAIN)
syslog(LOG_ERR, "recvfrom: %m");
@@ -515,7 +508,7 @@
return;
key.iface = sll.sll_ifindex;
- memcpy(&key.addr, (char*)(a+1) + a->ar_hln, 4);
+ memcpy(&key.addr, (char *)(a+1) + a->ar_hln, 4);
/* DAD message, ignore. */
if (key.addr == 0)
@@ -539,10 +532,8 @@
static void catch_signal(int sig, void (*handler)(int))
{
- struct sigaction sa;
+ struct sigaction sa = { .sa_handler = handler };
- memset(&sa, 0, sizeof(sa));
- sa.sa_handler = handler;
#ifdef SA_INTERRUPT
sa.sa_flags = SA_INTERRUPT;
#endif
@@ -600,7 +591,7 @@
while ((opt = getopt(argc, argv, "h?b:lf:a:n:p:kR:B:")) != EOF) {
switch (opt) {
- case 'b':
+ case 'b':
dbname = optarg;
break;
case 'f':
@@ -624,7 +615,7 @@
break;
case 'p':
if ((poll_timeout = 1000 * strtod(optarg, NULL)) < 100) {
- fprintf(stderr,"Invalid poll timeout\n");
+ fprintf(stderr, "Invalid poll timeout\n");
exit(-1);
}
break;
@@ -666,15 +657,16 @@
exit(-1);
}
- if (ifnum) {
+ if (ifnum) {
int i;
- struct ifreq ifr;
- memset(&ifr, 0, sizeof(ifr));
- for (i=0; i<ifnum; i++) {
- strncpy(ifr.ifr_name, ifnames[i], IFNAMSIZ);
+ struct ifreq ifr = {};
+
+ for (i = 0; i < ifnum; i++) {
+ if (get_ifname(ifr.ifr_name, ifnames[i]))
+ invarg("not a valid ifname", ifnames[i]);
if (ioctl(udp_sock, SIOCGIFINDEX, &ifr)) {
perror("ioctl(SIOCGIFINDEX)");
- exit(-1);;
+ exit(-1);
}
ifvec[i] = ifr.ifr_ifindex;
}
@@ -717,7 +709,7 @@
}
if (strncmp(macbuf, "FAILED:", 7) == 0)
continue;
- if (!inet_aton(ipbuf, (struct in_addr*)&k.addr)) {
+ if (!inet_aton(ipbuf, (struct in_addr *)&k.addr)) {
fprintf(stderr, "Invalid IP address: \"%s\"\n", ipbuf);
goto do_abort;
}
@@ -738,20 +730,23 @@
if (do_list) {
DBT dbkey, dbdat;
+
printf("%-8s %-15s %s\n", "#Ifindex", "IP", "MAC");
while (dbase->seq(dbase, &dbkey, &dbdat, R_NEXT) == 0) {
struct dbkey *key = dbkey.data;
+
if (handle_if(key->iface)) {
if (!IS_NEG(dbdat.data)) {
char b1[18];
+
printf("%-8d %-15s %s\n",
key->iface,
- inet_ntoa(*(struct in_addr*)&key->addr),
+ inet_ntoa(*(struct in_addr *)&key->addr),
ll_addr_n2a(dbdat.data, 6, ARPHRD_ETHER, b1, 18));
} else {
printf("%-8d %-15s FAILED: %dsec ago\n",
key->iface,
- inet_ntoa(*(struct in_addr*)&key->addr),
+ inet_ntoa(*(struct in_addr *)&key->addr),
NEG_AGE(dbdat.data));
}
}
@@ -768,12 +763,13 @@
}
if (1) {
- struct sockaddr_ll sll;
- memset(&sll, 0, sizeof(sll));
- sll.sll_family = AF_PACKET;
- sll.sll_protocol = htons(ETH_P_ARP);
- sll.sll_ifindex = (ifnum == 1 ? ifvec[0] : 0);
- if (bind(pset[0].fd, (struct sockaddr*)&sll, sizeof(sll)) < 0) {
+ struct sockaddr_ll sll = {
+ .sll_family = AF_PACKET,
+ .sll_protocol = htons(ETH_P_ARP),
+ .sll_ifindex = (ifnum == 1 ? ifvec[0] : 0),
+ };
+
+ if (bind(pset[0].fd, (struct sockaddr *)&sll, sizeof(sll)) < 0) {
perror("bind");
goto do_abort;
}
diff --git a/misc/ifstat.c b/misc/ifstat.c
index ac5c29c..ac3eff6 100644
--- a/misc/ifstat.c
+++ b/misc/ifstat.c
@@ -28,38 +28,42 @@
#include <math.h>
#include <getopt.h>
-#include <libnetlink.h>
-#include <json_writer.h>
#include <linux/if.h>
#include <linux/if_link.h>
-#include <SNAPSHOT.h>
+#include "libnetlink.h"
+#include "json_writer.h"
+#include "SNAPSHOT.h"
+#include "utils.h"
-int dump_zeros = 0;
-int reset_history = 0;
-int ignore_history = 0;
-int no_output = 0;
-int json_output = 0;
-int no_update = 0;
-int scan_interval = 0;
-int time_constant = 0;
-int show_errors = 0;
+int dump_zeros;
+int reset_history;
+int ignore_history;
+int no_output;
+int json_output;
+int no_update;
+int scan_interval;
+int time_constant;
+int show_errors;
int pretty;
double W;
char **patterns;
int npatterns;
+bool is_extended;
+int filter_type;
+int sub_type;
char info_source[128];
int source_mismatch;
#define MAXS (sizeof(struct rtnl_link_stats)/sizeof(__u32))
+#define NO_SUB_TYPE 0xffff
-struct ifstat_ent
-{
+struct ifstat_ent {
struct ifstat_ent *next;
char *name;
int ifindex;
- unsigned long long val[MAXS];
+ __u64 val[MAXS];
double rate[MAXS];
__u32 ival[MAXS];
};
@@ -100,18 +104,62 @@
if (npatterns == 0)
return 1;
- for (i=0; i<npatterns; i++) {
+ for (i = 0; i < npatterns; i++) {
if (!fnmatch(patterns[i], id, 0))
return 1;
}
return 0;
}
+static int get_nlmsg_extended(const struct sockaddr_nl *who,
+ struct nlmsghdr *m, void *arg)
+{
+ struct if_stats_msg *ifsm = NLMSG_DATA(m);
+ struct rtattr *tb[IFLA_STATS_MAX+1];
+ int len = m->nlmsg_len;
+ struct ifstat_ent *n;
+
+ if (m->nlmsg_type != RTM_NEWSTATS)
+ return 0;
+
+ len -= NLMSG_LENGTH(sizeof(*ifsm));
+ if (len < 0)
+ return -1;
+
+ parse_rtattr(tb, IFLA_STATS_MAX, IFLA_STATS_RTA(ifsm), len);
+ if (tb[filter_type] == NULL)
+ return 0;
+
+ n = malloc(sizeof(*n));
+ if (!n)
+ abort();
+
+ n->ifindex = ifsm->ifindex;
+ n->name = strdup(ll_index_to_name(ifsm->ifindex));
+
+ if (sub_type == NO_SUB_TYPE) {
+ memcpy(&n->val, RTA_DATA(tb[filter_type]), sizeof(n->val));
+ } else {
+ struct rtattr *attr;
+
+ attr = parse_rtattr_one_nested(sub_type, tb[filter_type]);
+ if (attr == NULL) {
+ free(n);
+ return 0;
+ }
+ memcpy(&n->val, RTA_DATA(attr), sizeof(n->val));
+ }
+ memset(&n->rate, 0, sizeof(n->rate));
+ n->next = kern_db;
+ kern_db = n;
+ return 0;
+}
+
static int get_nlmsg(const struct sockaddr_nl *who,
struct nlmsghdr *m, void *arg)
{
struct ifinfomsg *ifi = NLMSG_DATA(m);
- struct rtattr * tb[IFLA_MAX+1];
+ struct rtattr *tb[IFLA_MAX+1];
int len = m->nlmsg_len;
struct ifstat_ent *n;
int i;
@@ -137,7 +185,7 @@
n->name = strdup(RTA_DATA(tb[IFLA_IFNAME]));
memcpy(&n->ival, RTA_DATA(tb[IFLA_STATS]), sizeof(n->ival));
memset(&n->rate, 0, sizeof(n->rate));
- for (i=0; i<MAXS; i++)
+ for (i = 0; i < MAXS; i++)
n->val[i] = n->ival[i];
n->next = kern_db;
kern_db = n;
@@ -148,18 +196,34 @@
{
struct ifstat_ent *db, *n;
struct rtnl_handle rth;
+ __u32 filter_mask;
if (rtnl_open(&rth, 0) < 0)
exit(1);
- if (rtnl_wilddump_request(&rth, AF_INET, RTM_GETLINK) < 0) {
- perror("Cannot send dump request");
- exit(1);
- }
+ if (is_extended) {
+ ll_init_map(&rth);
+ filter_mask = IFLA_STATS_FILTER_BIT(filter_type);
+ if (rtnl_wilddump_stats_req_filter(&rth, AF_UNSPEC, RTM_GETSTATS,
+ filter_mask) < 0) {
+ perror("Cannot send dump request");
+ exit(1);
+ }
- if (rtnl_dump_filter(&rth, get_nlmsg, NULL) < 0) {
- fprintf(stderr, "Dump terminated\n");
- exit(1);
+ if (rtnl_dump_filter(&rth, get_nlmsg_extended, NULL) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ exit(1);
+ }
+ } else {
+ if (rtnl_wilddump_request(&rth, AF_INET, RTM_GETLINK) < 0) {
+ perror("Cannot send dump request");
+ exit(1);
+ }
+
+ if (rtnl_dump_filter(&rth, get_nlmsg, NULL) < 0) {
+ fprintf(stderr, "Dump terminated\n");
+ exit(1);
+ }
}
rtnl_close(&rth);
@@ -209,8 +273,9 @@
n->name = strdup(p);
p = next;
- for (i=0; i<MAXS; i++) {
- unsigned rate;
+ for (i = 0; i < MAXS; i++) {
+ unsigned int rate;
+
if (!(next = strchr(p, ' ')))
abort();
*next++ = 0;
@@ -245,18 +310,21 @@
h = hist_db;
if (jw) {
+ jsonw_start_object(jw);
jsonw_pretty(jw, pretty);
jsonw_name(jw, info_source);
jsonw_start_object(jw);
} else
fprintf(fp, "#%s\n", info_source);
- for (n=kern_db; n; n=n->next) {
+ for (n = kern_db; n; n = n->next) {
int i;
unsigned long long *vals = n->val;
double *rates = n->rate;
+
if (!match(n->name)) {
struct ifstat_ent *h1;
+
if (!to_hist)
continue;
for (h1 = h; h1; h1 = h1->next) {
@@ -273,19 +341,21 @@
jsonw_name(jw, n->name);
jsonw_start_object(jw);
- for (i=0; i<MAXS && stats[i]; i++)
+ for (i = 0; i < MAXS && stats[i]; i++)
jsonw_uint_field(jw, stats[i], vals[i]);
jsonw_end_object(jw);
} else {
fprintf(fp, "%d %s ", n->ifindex, n->name);
- for (i=0; i<MAXS; i++)
+ for (i = 0; i < MAXS; i++)
fprintf(fp, "%llu %u ", vals[i],
- (unsigned)rates[i]);
+ (unsigned int)rates[i]);
fprintf(fp, "\n");
}
}
if (jw) {
jsonw_end_object(jw);
+
+ jsonw_end_object(jw);
jsonw_destroy(&jw);
}
}
@@ -308,18 +378,19 @@
fprintf(fp, "%8llu ", vals[i]);
if (rates[i] > mega) {
- sprintf(temp, "%uM", (unsigned)(rates[i]/mega));
+ sprintf(temp, "%uM", (unsigned int)(rates[i]/mega));
fprintf(fp, "%-6s ", temp);
} else if (rates[i] > kilo) {
- sprintf(temp, "%uK", (unsigned)(rates[i]/kilo));
+ sprintf(temp, "%uK", (unsigned int)(rates[i]/kilo));
fprintf(fp, "%-6s ", temp);
} else
- fprintf(fp, "%-6u ", (unsigned)rates[i]);
+ fprintf(fp, "%-6u ", (unsigned int)rates[i]);
}
static void format_pair(FILE *fp, const unsigned long long *vals, int i, int k)
{
char temp[64];
+
if (vals[i] > giga)
fprintf(fp, "%7lluM ", vals[i]/mega);
else if (vals[i] > mega)
@@ -328,13 +399,13 @@
fprintf(fp, "%8llu ", vals[i]);
if (vals[k] > giga) {
- sprintf(temp, "%uM", (unsigned)(vals[k]/mega));
+ sprintf(temp, "%uM", (unsigned int)(vals[k]/mega));
fprintf(fp, "%-6s ", temp);
} else if (vals[k] > mega) {
- sprintf(temp, "%uK", (unsigned)(vals[k]/kilo));
+ sprintf(temp, "%uK", (unsigned int)(vals[k]/kilo));
fprintf(fp, "%-6s ", temp);
} else
- fprintf(fp, "%-6u ", (unsigned)vals[k]);
+ fprintf(fp, "%-6u ", (unsigned int)vals[k]);
}
static void print_head(FILE *fp)
@@ -345,38 +416,38 @@
fprintf(fp, "%8s/%-6s ", "RX Pkts", "Rate");
fprintf(fp, "%8s/%-6s ", "TX Pkts", "Rate");
fprintf(fp, "%8s/%-6s ", "RX Data", "Rate");
- fprintf(fp, "%8s/%-6s\n","TX Data", "Rate");
+ fprintf(fp, "%8s/%-6s\n", "TX Data", "Rate");
if (!show_errors) {
fprintf(fp, "%-15s ", "");
fprintf(fp, "%8s/%-6s ", "RX Errs", "Drop");
fprintf(fp, "%8s/%-6s ", "TX Errs", "Drop");
fprintf(fp, "%8s/%-6s ", "RX Over", "Rate");
- fprintf(fp, "%8s/%-6s\n","TX Coll", "Rate");
+ fprintf(fp, "%8s/%-6s\n", "TX Coll", "Rate");
} else {
fprintf(fp, "%-15s ", "");
fprintf(fp, "%8s/%-6s ", "RX Errs", "Rate");
fprintf(fp, "%8s/%-6s ", "RX Drop", "Rate");
fprintf(fp, "%8s/%-6s ", "RX Over", "Rate");
- fprintf(fp, "%8s/%-6s\n","RX Leng", "Rate");
+ fprintf(fp, "%8s/%-6s\n", "RX Leng", "Rate");
fprintf(fp, "%-15s ", "");
fprintf(fp, "%8s/%-6s ", "RX Crc", "Rate");
fprintf(fp, "%8s/%-6s ", "RX Frm", "Rate");
fprintf(fp, "%8s/%-6s ", "RX Fifo", "Rate");
- fprintf(fp, "%8s/%-6s\n","RX Miss", "Rate");
+ fprintf(fp, "%8s/%-6s\n", "RX Miss", "Rate");
fprintf(fp, "%-15s ", "");
fprintf(fp, "%8s/%-6s ", "TX Errs", "Rate");
fprintf(fp, "%8s/%-6s ", "TX Drop", "Rate");
fprintf(fp, "%8s/%-6s ", "TX Coll", "Rate");
- fprintf(fp, "%8s/%-6s\n","TX Carr", "Rate");
+ fprintf(fp, "%8s/%-6s\n", "TX Carr", "Rate");
fprintf(fp, "%-15s ", "");
fprintf(fp, "%8s/%-6s ", "TX Abrt", "Rate");
fprintf(fp, "%8s/%-6s ", "TX Fifo", "Rate");
fprintf(fp, "%8s/%-6s ", "TX Hear", "Rate");
- fprintf(fp, "%8s/%-6s\n","TX Wind", "Rate");
+ fprintf(fp, "%8s/%-6s\n", "TX Wind", "Rate");
}
}
@@ -388,7 +459,7 @@
jsonw_name(jw, n->name);
jsonw_start_object(jw);
- for (i=0; i < m && stats[i]; i++)
+ for (i = 0; i < m && stats[i]; i++)
jsonw_uint_field(jw, stats[i], vals[i]);
jsonw_end_object(jw);
@@ -400,7 +471,7 @@
int i;
fprintf(fp, "%-15s ", n->name);
- for (i=0; i<4; i++)
+ for (i = 0; i < 4; i++)
format_rate(fp, vals, n->rate, i);
fprintf(fp, "\n");
@@ -448,13 +519,14 @@
struct ifstat_ent *n;
if (jw) {
+ jsonw_start_object(jw);
jsonw_pretty(jw, pretty);
jsonw_name(jw, info_source);
jsonw_start_object(jw);
} else
print_head(fp);
- for (n=kern_db; n; n=n->next) {
+ for (n = kern_db; n; n = n->next) {
if (!match(n->name))
continue;
@@ -463,8 +535,12 @@
else
print_one_if(fp, n, n->val);
}
- if (json_output)
- fprintf(fp, "\n} }\n");
+ if (jw) {
+ jsonw_end_object(jw);
+
+ jsonw_end_object(jw);
+ jsonw_destroy(&jw);
+ }
}
static void dump_incr_db(FILE *fp)
@@ -474,13 +550,14 @@
h = hist_db;
if (jw) {
+ jsonw_start_object(jw);
jsonw_pretty(jw, pretty);
jsonw_name(jw, info_source);
jsonw_start_object(jw);
} else
print_head(fp);
- for (n=kern_db; n; n=n->next) {
+ for (n = kern_db; n; n = n->next) {
int i;
unsigned long long vals[MAXS];
struct ifstat_ent *h1;
@@ -506,6 +583,8 @@
if (jw) {
jsonw_end_object(jw);
+
+ jsonw_end_object(jw);
jsonw_destroy(&jw);
}
}
@@ -530,9 +609,11 @@
for (n = kern_db; n; n = n->next) {
struct ifstat_ent *h1;
+
for (h1 = h; h1; h1 = h1->next) {
if (h1->ifindex == n->ifindex) {
int i;
+
for (i = 0; i < MAXS; i++) {
if ((long)(h1->ival[i] - n->ival[i]) < 0) {
memset(n->ival, 0, sizeof(n->ival));
@@ -541,9 +622,17 @@
}
for (i = 0; i < MAXS; i++) {
double sample;
- unsigned long incr = h1->ival[i] - n->ival[i];
- n->val[i] += incr;
- n->ival[i] = h1->ival[i];
+ __u64 incr;
+
+ if (is_extended) {
+ incr = h1->val[i] - n->val[i];
+ n->val[i] = h1->val[i];
+ } else {
+ incr = (__u32) (h1->ival[i] - n->ival[i]);
+ n->val[i] += incr;
+ n->ival[i] = h1->ival[i];
+ }
+
sample = (double)(incr*1000)/interval;
if (interval >= scan_interval) {
n->rate[i] += W*(sample-n->rate[i]);
@@ -552,6 +641,7 @@
n->rate[i] = sample;
} else {
double w = W*(double)interval/scan_interval;
+
n->rate[i] += w*(sample-n->rate[i]);
}
}
@@ -559,6 +649,7 @@
while (h != h1) {
struct ifstat_ent *tmp = h;
+
h = h->next;
free(tmp->name);
free(tmp);
@@ -572,13 +663,14 @@
}
}
-#define T_DIFF(a,b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
+#define T_DIFF(a, b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
static void server_loop(int fd)
{
struct timeval snaptime = { 0 };
struct pollfd p;
+
p.fd = fd;
p.events = p.revents = POLLIN;
@@ -589,7 +681,7 @@
for (;;) {
int status;
- int tdiff;
+ time_t tdiff;
struct timeval now;
gettimeofday(&now, NULL);
@@ -600,24 +692,24 @@
tdiff = 0;
}
- if (poll(&p, 1, tdiff + scan_interval) > 0
+ if (poll(&p, 1, scan_interval - tdiff) > 0
&& (p.revents&POLLIN)) {
int clnt = accept(fd, NULL, NULL);
+
if (clnt >= 0) {
pid_t pid;
+
if (children >= 5) {
close(clnt);
} else if ((pid = fork()) != 0) {
- if (pid>0)
+ if (pid > 0)
children++;
close(clnt);
} else {
FILE *fp = fdopen(clnt, "w");
- if (fp) {
- if (tdiff > 0)
- update_db(tdiff);
+
+ if (fp)
dump_raw_db(fp, 0);
- }
exit(0);
}
}
@@ -632,7 +724,7 @@
struct ucred cred;
socklen_t olen = sizeof(cred);
- if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void*)&cred, &olen) ||
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &olen) ||
olen < sizeof(cred))
return -1;
if (cred.uid == getuid() || cred.uid == 0)
@@ -640,24 +732,68 @@
return -1;
}
+static void xstat_usage(void)
+{
+ fprintf(stderr,
+"Usage: ifstat supported xstats:\n"
+" cpu_hits Counts only packets that went via the CPU.\n");
+}
+
+struct extended_stats_options_t {
+ char *name;
+ int id;
+ int sub_type;
+};
+
+/* Note: if one xstat name is subset of another, it should be before it in this
+ * list.
+ * Name length must be under 64 chars.
+ */
+static const struct extended_stats_options_t extended_stats_options[] = {
+ {"cpu_hits", IFLA_STATS_LINK_OFFLOAD_XSTATS, IFLA_OFFLOAD_XSTATS_CPU_HIT},
+};
+
+static const char *get_filter_type(const char *name)
+{
+ int name_len;
+ int i;
+
+ name_len = strlen(name);
+ for (i = 0; i < ARRAY_SIZE(extended_stats_options); i++) {
+ const struct extended_stats_options_t *xstat;
+
+ xstat = &extended_stats_options[i];
+ if (strncmp(name, xstat->name, name_len) == 0) {
+ filter_type = xstat->id;
+ sub_type = xstat->sub_type;
+ return xstat->name;
+ }
+ }
+
+ fprintf(stderr, "invalid ifstat extension %s\n", name);
+ xstat_usage();
+ return NULL;
+}
+
static void usage(void) __attribute__((noreturn));
static void usage(void)
{
fprintf(stderr,
"Usage: ifstat [OPTION] [ PATTERN [ PATTERN ] ]\n"
-" -h, --help this message\n"
-" -a, --ignore ignore history\n"
-" -d, --scan=SECS sample every statistics every SECS\n"
-" -e, --errors show errors\n"
-" -j, --json format output in JSON\n"
-" -n, --nooutput do history only\n"
-" -p, --pretty pretty print\n"
-" -r, --reset reset history\n"
-" -s, --noupdate don\'t update history\n"
-" -t, --interval=SECS report average over the last SECS\n"
-" -V, --version output version information\n"
-" -z, --zeros show entries with zero activity\n");
+" -h, --help this message\n"
+" -a, --ignore ignore history\n"
+" -d, --scan=SECS sample every statistics every SECS\n"
+" -e, --errors show errors\n"
+" -j, --json format output in JSON\n"
+" -n, --nooutput do history only\n"
+" -p, --pretty pretty print\n"
+" -r, --reset reset history\n"
+" -s, --noupdate don't update history\n"
+" -t, --interval=SECS report average over the last SECS\n"
+" -V, --version output version information\n"
+" -z, --zeros show entries with zero activity\n"
+" -x, --extended=TYPE show extended stats of TYPE\n");
exit(-1);
}
@@ -675,6 +811,7 @@
{ "interval", 1, 0, 't' },
{ "version", 0, 0, 'V' },
{ "zeros", 0, 0, 'z' },
+ { "extended", 1, 0, 'x'},
{ 0 }
};
@@ -683,12 +820,14 @@
char hist_name[128];
struct sockaddr_un sun;
FILE *hist_fp = NULL;
+ const char *stats_type = NULL;
int ch;
int fd;
- while ((ch = getopt_long(argc, argv, "hjpvVzrnasd:t:e",
+ is_extended = false;
+ while ((ch = getopt_long(argc, argv, "hjpvVzrnasd:t:ex:",
longopts, NULL)) != EOF) {
- switch(ch) {
+ switch (ch) {
case 'z':
dump_zeros = 1;
break;
@@ -727,6 +866,10 @@
exit(-1);
}
break;
+ case 'x':
+ stats_type = optarg;
+ is_extended = true;
+ break;
case 'v':
case 'V':
printf("ifstat utility, iproute2-ss%s\n", SNAPSHOT);
@@ -741,6 +884,12 @@
argc -= optind;
argv += optind;
+ if (stats_type) {
+ stats_type = get_filter_type(stats_type);
+ if (!stats_type)
+ exit(-1);
+ }
+
sun.sun_family = AF_UNIX;
sun.sun_path[0] = 0;
sprintf(sun.sun_path+1, "ifstat%d", getuid());
@@ -754,7 +903,7 @@
perror("ifstat: socket");
exit(-1);
}
- if (bind(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
+ if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
perror("ifstat: bind");
exit(-1);
}
@@ -779,8 +928,13 @@
snprintf(hist_name, sizeof(hist_name),
"%s", getenv("IFSTAT_HISTORY"));
else
- snprintf(hist_name, sizeof(hist_name),
- "%s/.ifstat.u%d", P_tmpdir, getuid());
+ if (!stats_type)
+ snprintf(hist_name, sizeof(hist_name),
+ "%s/.ifstat.u%d", P_tmpdir, getuid());
+ else
+ snprintf(hist_name, sizeof(hist_name),
+ "%s/.%s_ifstat.u%d", P_tmpdir, stats_type,
+ getuid());
if (reset_history)
unlink(hist_name);
@@ -812,6 +966,7 @@
if (!ignore_history) {
FILE *tfp;
long uptime = -1;
+
if ((tfp = fopen("/proc/uptime", "r")) != NULL) {
if (fscanf(tfp, "%ld", &uptime) != 1)
uptime = -1;
@@ -831,17 +986,24 @@
}
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) >= 0 &&
- (connect(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) == 0
+ (connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0
|| (strcpy(sun.sun_path+1, "ifstat0"),
- connect(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
+ connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
&& verify_forging(fd) == 0) {
FILE *sfp = fdopen(fd, "r");
- load_raw_table(sfp);
- if (hist_db && source_mismatch) {
- fprintf(stderr, "ifstat: history is stale, ignoring it.\n");
- hist_db = NULL;
+
+ if (!sfp) {
+ fprintf(stderr, "ifstat: fdopen failed: %s\n",
+ strerror(errno));
+ close(fd);
+ } else {
+ load_raw_table(sfp);
+ if (hist_db && source_mismatch) {
+ fprintf(stderr, "ifstat: history is stale, ignoring it.\n");
+ hist_db = NULL;
+ }
+ fclose(sfp);
}
- fclose(sfp);
} else {
if (fd >= 0)
close(fd);
diff --git a/misc/lnstat.c b/misc/lnstat.c
index 264c953..863fd4d 100644
--- a/misc/lnstat.c
+++ b/misc/lnstat.c
@@ -56,10 +56,8 @@
static int usage(char *name, int exit_code)
{
fprintf(stderr, "%s Version %s\n", name, LNSTAT_VERSION);
- fprintf(stderr, "Copyright (C) 2004 by Harald Welte "
- "<laforge@gnumonks.org>\n");
- fprintf(stderr, "This program is free software licensed under GNU GPLv2"
- "\nwith ABSOLUTELY NO WARRANTY.\n\n");
+ fprintf(stderr, "Copyright (C) 2004 by Harald Welte <laforge@gnumonks.org>\n");
+ fprintf(stderr, "This program is free software licensed under GNU GPLv2\nwith ABSOLUTELY NO WARRANTY.\n\n");
fprintf(stderr, "Parameters:\n");
fprintf(stderr, "\t-V --version\t\tPrint Version of Program\n");
fprintf(stderr, "\t-c --count <count>\t"
@@ -145,14 +143,13 @@
if (++j >= MAX_FIELDS - 1) {
fprintf(stderr,
- "WARN: MAX_FIELDS (%d) reached,"
- " truncating number of keys\n",
+ "WARN: MAX_FIELDS (%d) reached, truncating number of keys\n",
MAX_FIELDS);
goto full;
}
}
}
- full:
+full:
fps->num = j;
return 1;
}
@@ -181,14 +178,12 @@
struct field_params *fps,
int linewidth)
{
- int h,i;
+ int h, i;
static struct table_hdr th;
int ofs = 0;
- for (i = 0; i < HDR_LINES; i++) {
- th.hdr[i] = malloc(HDR_LINE_LENGTH);
- memset(th.hdr[i], 0, HDR_LINE_LENGTH);
- }
+ for (i = 0; i < HDR_LINES; i++)
+ th.hdr[i] = calloc(1, HDR_LINE_LENGTH);
for (i = 0; i < fps->num; i++) {
char *cname, *fname = fps->params[i].lf->name;
@@ -269,7 +264,7 @@
num_req_files = 1;
}
- while ((c = getopt_long(argc, argv,"Vc:djpf:h?i:k:s:w:",
+ while ((c = getopt_long(argc, argv, "Vc:djpf:h?i:k:s:w:",
opts, NULL)) != -1) {
int len = 0;
char *tmp, *tok;
@@ -303,8 +298,7 @@
tok = strtok(NULL, ",")) {
if (fp.num >= MAX_FIELDS) {
fprintf(stderr,
- "WARN: too many keys"
- " requested: (%d max)\n",
+ "WARN: too many keys requested: (%d max)\n",
MAX_FIELDS);
break;
}
@@ -356,7 +350,7 @@
if (!header)
exit(1);
- if (interval < 1 )
+ if (interval < 1)
interval = 1;
for (i = 0; i < count || !count; i++) {
diff --git a/misc/lnstat_util.c b/misc/lnstat_util.c
index a258366..c2dc42e 100644
--- a/misc/lnstat_util.c
+++ b/misc/lnstat_util.c
@@ -49,7 +49,7 @@
if (!lf->compat && !fgets(buf, sizeof(buf)-1, lf->fp))
return -1;
- while(!feof(lf->fp) && fgets(buf, sizeof(buf)-1, lf->fp)) {
+ while (!feof(lf->fp) && fgets(buf, sizeof(buf)-1, lf->fp)) {
char *ptr = buf;
num_lines++;
@@ -58,6 +58,7 @@
for (j = 0; j < lf->num_fields; j++) {
unsigned long f = strtoul(ptr, &ptr, 16);
+
if (j == 0)
lf->fields[j].values[i] = f;
else
@@ -102,7 +103,7 @@
lfi->result = lfi->values[1];
else
lfi->result = (lfi->values[1]-lfi->values[0])
- / lf->interval.tv_sec;
+ / lf->interval.tv_sec;
}
scan_lines(lf, 0);
@@ -149,7 +150,8 @@
{
char buf[FGETS_BUF_SIZE];
- strncpy(buf, RTSTAT_COMPAT_LINE, sizeof(buf)-1);
+ strncpy(buf, RTSTAT_COMPAT_LINE, sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = '\0';
return __lnstat_scan_fields(lf, buf);
}
@@ -158,6 +160,7 @@
static int name_in_array(const int num, const char **arr, const char *name)
{
int i;
+
for (i = 0; i < num; i++) {
if (!strcmp(arr[i], name))
return 1;
@@ -171,20 +174,15 @@
struct lnstat_file *lf;
/* allocate */
- lf = malloc(sizeof(*lf));
+ lf = calloc(1, sizeof(*lf));
if (!lf) {
fprintf(stderr, "out of memory\n");
return NULL;
}
/* initialize */
- memset(lf, 0, sizeof(*lf));
-
- /* de->d_name is guaranteed to be <= NAME_MAX */
- strcpy(lf->basename, file);
- strcpy(lf->path, path);
- strcat(lf->path, "/");
- strcat(lf->path, lf->basename);
+ snprintf(lf->basename, sizeof(lf->basename), "%s", file);
+ snprintf(lf->path, sizeof(lf->path), "%s/%s", path, file);
/* initialize to default */
lf->interval.tv_sec = 1;
diff --git a/misc/nstat.c b/misc/nstat.c
index 9970528..a4dd405 100644
--- a/misc/nstat.c
+++ b/misc/nstat.c
@@ -30,16 +30,17 @@
#include <json_writer.h>
#include <SNAPSHOT.h>
+#include "utils.h"
-int dump_zeros = 0;
-int reset_history = 0;
-int ignore_history = 0;
-int no_output = 0;
-int json_output = 0;
-int pretty = 0;
-int no_update = 0;
-int scan_interval = 0;
-int time_constant = 0;
+int dump_zeros;
+int reset_history;
+int ignore_history;
+int no_output;
+int json_output;
+int pretty;
+int no_update;
+int scan_interval;
+int time_constant;
double W;
char **patterns;
int npatterns;
@@ -51,6 +52,7 @@
{
char store[128];
char *p = getenv(env);
+
if (!p) {
p = getenv("PROC_ROOT") ? : "/proc";
snprintf(store, sizeof(store)-1, "%s/%s", p, name);
@@ -74,8 +76,12 @@
return generic_proc_open("PROC_NET_SNMP6", "net/snmp6");
}
-struct nstat_ent
+static int net_sctp_snmp_open(void)
{
+ return generic_proc_open("PROC_NET_SCTP_SNMP", "net/sctp/snmp");
+}
+
+struct nstat_ent {
struct nstat_ent *next;
char *id;
unsigned long long val;
@@ -94,7 +100,8 @@
static int useless_number(const char *id)
{
int i;
- for (i=0; i<sizeof(useless_numbers)/sizeof(*useless_numbers); i++)
+
+ for (i = 0; i < ARRAY_SIZE(useless_numbers); i++)
if (strcmp(id, useless_numbers[i]) == 0)
return 1;
return 0;
@@ -107,7 +114,7 @@
if (npatterns == 0)
return 1;
- for (i=0; i<npatterns; i++) {
+ for (i = 0; i < npatterns; i++) {
if (!fnmatch(patterns[i], id, 0))
return 1;
}
@@ -125,6 +132,7 @@
unsigned long long val;
double rate;
char idbuf[sizeof(buf)];
+
if (buf[0] == '#') {
buf[strlen(buf)-1] = 0;
if (info_source[0] && strcmp(info_source, buf+1))
@@ -192,6 +200,7 @@
while (*p) {
char *next;
+
if ((next = strchr(p, ' ')) != NULL)
*next++ = 0;
else if ((next = strchr(p, '\n')) != NULL)
@@ -243,9 +252,20 @@
}
}
+static void load_sctp_snmp(void)
+{
+ FILE *fp = fdopen(net_sctp_snmp_open(), "r");
+
+ if (fp) {
+ load_good_table(fp);
+ fclose(fp);
+ }
+}
+
static void load_snmp(void)
{
FILE *fp = fdopen(net_snmp_open(), "r");
+
if (fp) {
load_ugly_table(fp);
fclose(fp);
@@ -255,6 +275,7 @@
static void load_snmp6(void)
{
FILE *fp = fdopen(net_snmp6_open(), "r");
+
if (fp) {
load_good_table(fp);
fclose(fp);
@@ -264,6 +285,7 @@
static void load_netstat(void)
{
FILE *fp = fdopen(net_netstat_open(), "r");
+
if (fp) {
load_ugly_table(fp);
fclose(fp);
@@ -278,18 +300,21 @@
h = hist_db;
if (jw) {
+ jsonw_start_object(jw);
jsonw_pretty(jw, pretty);
jsonw_name(jw, info_source);
jsonw_start_object(jw);
} else
fprintf(fp, "#%s\n", info_source);
- for (n=kern_db; n; n=n->next) {
+ for (n = kern_db; n; n = n->next) {
unsigned long long val = n->val;
+
if (!dump_zeros && !val && !n->rate)
continue;
if (!match(n->id)) {
struct nstat_ent *h1;
+
if (!to_hist)
continue;
for (h1 = h; h1; h1 = h1->next) {
@@ -309,6 +334,8 @@
if (jw) {
jsonw_end_object(jw);
+
+ jsonw_end_object(jw);
jsonw_destroy(&jw);
}
}
@@ -320,16 +347,18 @@
h = hist_db;
if (jw) {
+ jsonw_start_object(jw);
jsonw_pretty(jw, pretty);
jsonw_name(jw, info_source);
jsonw_start_object(jw);
} else
fprintf(fp, "#%s\n", info_source);
- for (n=kern_db; n; n=n->next) {
+ for (n = kern_db; n; n = n->next) {
int ovfl = 0;
unsigned long long val = n->val;
struct nstat_ent *h1;
+
for (h1 = h; h1; h1 = h1->next) {
if (strcmp(h1->id, n->id) == 0) {
if (val < h1->val) {
@@ -355,6 +384,8 @@
if (jw) {
jsonw_end_object(jw);
+
+ jsonw_end_object(jw);
jsonw_destroy(&jw);
}
}
@@ -375,12 +406,14 @@
load_netstat();
load_snmp6();
load_snmp();
+ load_sctp_snmp();
h = kern_db;
kern_db = n;
for (n = kern_db; n; n = n->next) {
struct nstat_ent *h1;
+
for (h1 = h; h1; h1 = h1->next) {
if (strcmp(h1->id, n->id) == 0) {
double sample;
@@ -395,12 +428,14 @@
n->rate = sample;
} else {
double w = W*(double)interval/scan_interval;
+
n->rate += w*(sample-n->rate);
}
}
while (h != h1) {
struct nstat_ent *tmp = h;
+
h = h->next;
free(tmp->id);
free(tmp);
@@ -414,13 +449,14 @@
}
}
-#define T_DIFF(a,b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
+#define T_DIFF(a, b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
static void server_loop(int fd)
{
struct timeval snaptime = { 0 };
struct pollfd p;
+
p.fd = fd;
p.events = p.revents = POLLIN;
@@ -430,11 +466,13 @@
load_netstat();
load_snmp6();
load_snmp();
+ load_sctp_snmp();
for (;;) {
int status;
- int tdiff;
+ time_t tdiff;
struct timeval now;
+
gettimeofday(&now, NULL);
tdiff = T_DIFF(now, snaptime);
if (tdiff >= scan_interval) {
@@ -442,24 +480,24 @@
snaptime = now;
tdiff = 0;
}
- if (poll(&p, 1, tdiff + scan_interval) > 0
+ if (poll(&p, 1, scan_interval - tdiff) > 0
&& (p.revents&POLLIN)) {
int clnt = accept(fd, NULL, NULL);
+
if (clnt >= 0) {
pid_t pid;
+
if (children >= 5) {
close(clnt);
} else if ((pid = fork()) != 0) {
- if (pid>0)
+ if (pid > 0)
children++;
close(clnt);
} else {
FILE *fp = fdopen(clnt, "w");
- if (fp) {
- if (tdiff > 0)
- update_db(tdiff);
+
+ if (fp)
dump_kern_db(fp, 0);
- }
exit(0);
}
}
@@ -474,7 +512,7 @@
struct ucred cred;
socklen_t olen = sizeof(cred);
- if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void*)&cred, &olen) ||
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &olen) ||
olen < sizeof(cred))
return -1;
if (cred.uid == getuid() || cred.uid == 0)
@@ -488,17 +526,17 @@
{
fprintf(stderr,
"Usage: nstat [OPTION] [ PATTERN [ PATTERN ] ]\n"
-" -h, --help this message\n"
-" -a, --ignore ignore history\n"
-" -d, --scan=SECS sample every statistics every SECS\n"
-" -j, --json format output in JSON\n"
-" -n, --nooutput do history only\n"
-" -p, --pretty pretty print\n"
-" -r, --reset reset history\n"
-" -s, --noupdate don\'t update history\n"
-" -t, --interval=SECS report average over the last SECS\n"
-" -V, --version output version information\n"
-" -z, --zeros show entries with zero activity\n");
+" -h, --help this message\n"
+" -a, --ignore ignore history\n"
+" -d, --scan=SECS sample every statistics every SECS\n"
+" -j, --json format output in JSON\n"
+" -n, --nooutput do history only\n"
+" -p, --pretty pretty print\n"
+" -r, --reset reset history\n"
+" -s, --noupdate don't update history\n"
+" -t, --interval=SECS report average over the last SECS\n"
+" -V, --version output version information\n"
+" -z, --zeros show entries with zero activity\n");
exit(-1);
}
@@ -527,7 +565,7 @@
while ((ch = getopt_long(argc, argv, "h?vVzrnasd:t:jp",
longopts, NULL)) != EOF) {
- switch(ch) {
+ switch (ch) {
case 'z':
dump_zeros = 1;
break;
@@ -586,7 +624,7 @@
perror("nstat: socket");
exit(-1);
}
- if (bind(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
+ if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
perror("nstat: bind");
exit(-1);
}
@@ -642,6 +680,7 @@
if (!ignore_history) {
FILE *tfp;
long uptime = -1;
+
if ((tfp = fopen("/proc/uptime", "r")) != NULL) {
if (fscanf(tfp, "%ld", &uptime) != 1)
uptime = -1;
@@ -661,17 +700,24 @@
}
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) >= 0 &&
- (connect(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) == 0
+ (connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0
|| (strcpy(sun.sun_path+1, "nstat0"),
- connect(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
+ connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
&& verify_forging(fd) == 0) {
FILE *sfp = fdopen(fd, "r");
- load_good_table(sfp);
- if (hist_db && source_mismatch) {
- fprintf(stderr, "nstat: history is stale, ignoring it.\n");
- hist_db = NULL;
+
+ if (!sfp) {
+ fprintf(stderr, "nstat: fdopen failed: %s\n",
+ strerror(errno));
+ close(fd);
+ } else {
+ load_good_table(sfp);
+ if (hist_db && source_mismatch) {
+ fprintf(stderr, "nstat: history is stale, ignoring it.\n");
+ hist_db = NULL;
+ }
+ fclose(sfp);
}
- fclose(sfp);
} else {
if (fd >= 0)
close(fd);
@@ -683,6 +729,7 @@
load_netstat();
load_snmp6();
load_snmp();
+ load_sctp_snmp();
if (info_source[0] == 0)
strcpy(info_source, "kernel");
}
diff --git a/misc/rtacct.c b/misc/rtacct.c
index bb8c90f..b1cb378 100644
--- a/misc/rtacct.c
+++ b/misc/rtacct.c
@@ -33,20 +33,21 @@
#include <SNAPSHOT.h>
-int reset_history = 0;
-int ignore_history = 0;
-int no_output = 0;
-int no_update = 0;
-int scan_interval = 0;
-int time_constant = 0;
-int dump_zeros = 0;
-unsigned long magic_number = 0;
+int reset_history;
+int ignore_history;
+int no_output;
+int no_update;
+int scan_interval;
+int time_constant;
+int dump_zeros;
+unsigned long magic_number;
double W;
static int generic_proc_open(const char *env, const char *name)
{
char store[1024];
char *p = getenv(env);
+
if (!p) {
p = getenv("PROC_ROOT") ? : "/proc";
snprintf(store, sizeof(store)-1, "%s/%s", p, name);
@@ -62,8 +63,7 @@
static __u32 rmap[256/4];
-struct rtacct_data
-{
+struct rtacct_data {
__u32 ival[256*4];
unsigned long long val[256*4];
@@ -82,6 +82,7 @@
while (count < tot) {
int n = read(fd, buf+count, tot-count);
+
if (n < 0) {
if (errno == EINTR)
continue;
@@ -121,7 +122,7 @@
fd = net_rtacct_open();
if (fd >= 0) {
- nread(fd, (char*)tbl, 256*16);
+ nread(fd, (char *)tbl, 256*16);
close(fd);
} else {
memset(tbl, 0, 256*16);
@@ -134,13 +135,13 @@
char temp[64];
if (rate > 1024*1024) {
- sprintf(temp, "%uM", (unsigned)rint(rate/(1024*1024)));
+ sprintf(temp, "%uM", (unsigned int)rint(rate/(1024*1024)));
fprintf(fp, " %-10s", temp);
} else if (rate > 1024) {
- sprintf(temp, "%uK", (unsigned)rint(rate/1024));
+ sprintf(temp, "%uK", (unsigned int)rint(rate/1024));
fprintf(fp, " %-10s", temp);
} else
- fprintf(fp, " %-10u", (unsigned)rate);
+ fprintf(fp, " %-10u", (unsigned int)rate);
}
static void format_count(FILE *fp, unsigned long long val)
@@ -161,25 +162,19 @@
if (!no_output) {
fprintf(fp, "#%s\n", kern_db->signature);
fprintf(fp,
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"\n"
+"%-10s %-10s "
+"%-10s %-10s "
+"%-10s \n"
, "Realm", "BytesTo", "PktsTo", "BytesFrom", "PktsFrom");
fprintf(fp,
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"\n"
+"%-10s %-10s "
+"%-10s %-10s "
+"%-10s \n"
, "", "BPSTo", "PPSTo", "BPSFrom", "PPSFrom");
}
- for (realm=0; realm<256; realm++) {
+ for (realm = 0; realm < 256; realm++) {
int i;
unsigned long long *val;
double *rate;
@@ -223,24 +218,18 @@
if (!no_output) {
fprintf(fp, "#%s\n", kern_db->signature);
fprintf(fp,
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"\n"
+"%-10s %-10s "
+"%-10s %-10s "
+"%-10s \n"
, "Realm", "BytesTo", "PktsTo", "BytesFrom", "PktsFrom");
fprintf(fp,
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"%-10s "
-"\n"
+"%-10s %-10s "
+"%-10s %-10s "
+"%-10s \n"
, "", "BPSTo", "PPSTo", "BPSFrom", "PPSFrom");
}
- for (realm=0; realm<256; realm++) {
+ for (realm = 0; realm < 256; realm++) {
int ovfl = 0;
int i;
unsigned long long *val;
@@ -253,7 +242,7 @@
val = &kern_db->val[realm*4];
rate = &kern_db->rate[realm*4];
- for (k=0; k<4; k++) {
+ for (k = 0; k < 4; k++) {
rval[k] = val[k];
if (rval[k] < hist_db->val[realm*4+k])
ovfl = 1;
@@ -261,7 +250,7 @@
rval[k] -= hist_db->val[realm*4+k];
}
if (ovfl) {
- for (k=0; k<4; k++)
+ for (k = 0; k < 4; k++)
rval[k] = val[k];
}
if (hist_db) {
@@ -306,7 +295,7 @@
ival = read_kern_table(_ival);
- for (i=0; i<256*4; i++) {
+ for (i = 0; i < 256*4; i++) {
double sample;
__u32 incr = ival[i] - kern_db->ival[i];
@@ -324,6 +313,7 @@
kern_db->rate[i] = sample;
} else {
double w = W*(double)interval/scan_interval;
+
kern_db->rate[i] += w*(sample-kern_db->rate[i]);
}
}
@@ -335,7 +325,8 @@
int tot = 0;
while (tot < sizeof(*kern_db)) {
- int n = write(fd, ((char*)kern_db) + tot, sizeof(*kern_db)-tot);
+ int n = write(fd, ((char *)kern_db) + tot, sizeof(*kern_db)-tot);
+
if (n < 0) {
if (errno == EINTR)
continue;
@@ -347,16 +338,17 @@
-#define T_DIFF(a,b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
+#define T_DIFF(a, b) (((a).tv_sec-(b).tv_sec)*1000 + ((a).tv_usec-(b).tv_usec)/1000)
static void pad_kern_table(struct rtacct_data *dat, __u32 *ival)
{
int i;
+
memset(dat->rate, 0, sizeof(dat->rate));
if (dat->ival != ival)
memcpy(dat->ival, ival, sizeof(dat->ival));
- for (i=0; i<256*4; i++)
+ for (i = 0; i < 256*4; i++)
dat->val[i] = ival[i];
}
@@ -364,12 +356,13 @@
{
struct timeval snaptime = { 0 };
struct pollfd p;
+
p.fd = fd;
p.events = p.revents = POLLIN;
sprintf(kern_db->signature,
"%u.%lu sampling_interval=%d time_const=%d",
- (unsigned) getpid(), (unsigned long)random(),
+ (unsigned int) getpid(), (unsigned long)random(),
scan_interval/1000, time_constant/1000);
pad_kern_table(kern_db, read_kern_table(kern_db->ival));
@@ -378,6 +371,7 @@
int status;
int tdiff;
struct timeval now;
+
gettimeofday(&now, NULL);
tdiff = T_DIFF(now, snaptime);
if (tdiff >= scan_interval) {
@@ -388,12 +382,14 @@
if (poll(&p, 1, tdiff + scan_interval) > 0
&& (p.revents&POLLIN)) {
int clnt = accept(fd, NULL, NULL);
+
if (clnt >= 0) {
pid_t pid;
+
if (children >= 5) {
close(clnt);
} else if ((pid = fork()) != 0) {
- if (pid>0)
+ if (pid > 0)
children++;
close(clnt);
} else {
@@ -414,7 +410,7 @@
struct ucred cred;
socklen_t olen = sizeof(cred);
- if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void*)&cred, &olen) ||
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void *)&cred, &olen) ||
olen < sizeof(cred))
return -1;
if (cred.uid == getuid() || cred.uid == 0)
@@ -440,7 +436,7 @@
int fd;
while ((ch = getopt(argc, argv, "h?vVzrM:nasd:t:")) != EOF) {
- switch(ch) {
+ switch (ch) {
case 'z':
dump_zeros = 1;
break;
@@ -489,6 +485,7 @@
if (argc) {
while (argc > 0) {
__u32 realm;
+
if (rtnl_rtrealm_a2n(&realm, argv[0])) {
fprintf(stderr, "Warning: realm \"%s\" does not exist.\n", argv[0]);
exit(-1);
@@ -515,7 +512,7 @@
perror("rtacct: socket");
exit(-1);
}
- if (bind(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
+ if (bind(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) < 0) {
perror("rtacct: bind");
exit(-1);
}
@@ -580,6 +577,7 @@
if (!ignore_history) {
FILE *tfp;
long uptime = -1;
+
if ((tfp = fopen("/proc/uptime", "r")) != NULL) {
if (fscanf(tfp, "%ld", &uptime) != 1)
uptime = -1;
@@ -596,11 +594,11 @@
}
if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) >= 0 &&
- (connect(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) == 0
+ (connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0
|| (strcpy(sun.sun_path+1, "rtacct0"),
- connect(fd, (struct sockaddr*)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
+ connect(fd, (struct sockaddr *)&sun, 2+1+strlen(sun.sun_path+1)) == 0))
&& verify_forging(fd) == 0) {
- nread(fd, (char*)kern_db, sizeof(*kern_db));
+ nread(fd, (char *)kern_db, sizeof(*kern_db));
if (hist_db && hist_db->signature[0] &&
strcmp(kern_db->signature, hist_db->signature)) {
fprintf(stderr, "rtacct: history is stale, ignoring it.\n");
diff --git a/misc/ss.c b/misc/ss.c
index 12a343c..45a0c33 100644
--- a/misc/ss.c
+++ b/misc/ss.c
@@ -26,6 +26,7 @@
#include <fnmatch.h>
#include <getopt.h>
#include <stdbool.h>
+#include <limits.h>
#include "utils.h"
#include "rt_names.h"
@@ -42,6 +43,7 @@
#include <linux/filter.h>
#include <linux/packet_diag.h>
#include <linux/netlink_diag.h>
+#include <linux/sctp.h>
#define MAGIC_SEQ 123456
@@ -86,35 +88,33 @@
}
#endif
-int resolve_hosts = 0;
int resolve_services = 1;
int preferred_family = AF_UNSPEC;
-int show_options = 0;
-int show_details = 0;
-int show_users = 0;
-int show_mem = 0;
-int show_tcpinfo = 0;
-int show_bpf = 0;
-int show_proc_ctx = 0;
-int show_sock_ctx = 0;
-/* If show_users & show_proc_ctx only do user_ent_hash_build() once */
-int user_ent_hash_build_init = 0;
-int follow_events = 0;
+int show_options;
+int show_details;
+int show_users;
+int show_mem;
+int show_tcpinfo;
+int show_bpf;
+int show_proc_ctx;
+int show_sock_ctx;
+int show_header = 1;
+int follow_events;
+int sctp_ino;
int netid_width;
int state_width;
-int addrp_width;
int addr_width;
int serv_width;
-int screen_width;
+char *odd_width_pad = "";
static const char *TCP_PROTO = "tcp";
+static const char *SCTP_PROTO = "sctp";
static const char *UDP_PROTO = "udp";
static const char *RAW_PROTO = "raw";
-static const char *dg_proto = NULL;
+static const char *dg_proto;
-enum
-{
+enum {
TCP_DB,
DCCP_DB,
UDP_DB,
@@ -125,13 +125,15 @@
PACKET_DG_DB,
PACKET_R_DB,
NETLINK_DB,
+ SCTP_DB,
MAX_DB
};
#define PACKET_DBM ((1<<PACKET_DG_DB)|(1<<PACKET_R_DB))
#define UNIX_DBM ((1<<UNIX_DG_DB)|(1<<UNIX_ST_DB)|(1<<UNIX_SQ_DB))
#define ALL_DB ((1<<MAX_DB)-1)
-#define INET_DBM ((1<<TCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<RAW_DB))
+#define INET_L4_DBM ((1<<TCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB)|(1<<SCTP_DB))
+#define INET_DBM (INET_L4_DBM | (1<<RAW_DB))
enum {
SS_UNKNOWN,
@@ -149,13 +151,23 @@
SS_MAX
};
+enum {
+ SCTP_STATE_CLOSED = 0,
+ SCTP_STATE_COOKIE_WAIT = 1,
+ SCTP_STATE_COOKIE_ECHOED = 2,
+ SCTP_STATE_ESTABLISHED = 3,
+ SCTP_STATE_SHUTDOWN_PENDING = 4,
+ SCTP_STATE_SHUTDOWN_SENT = 5,
+ SCTP_STATE_SHUTDOWN_RECEIVED = 6,
+ SCTP_STATE_SHUTDOWN_ACK_SENT = 7,
+};
+
#define SS_ALL ((1 << SS_MAX) - 1)
#define SS_CONN (SS_ALL & ~((1<<SS_LISTEN)|(1<<SS_CLOSE)|(1<<SS_TIME_WAIT)|(1<<SS_SYN_RECV)))
#include "ssfilter.h"
-struct filter
-{
+struct filter {
int dbs;
int states;
int families;
@@ -204,6 +216,10 @@
.states = (1 << SS_CLOSE),
.families = (1 << AF_NETLINK),
},
+ [SCTP_DB] = {
+ .states = SS_CONN,
+ .families = (1 << AF_INET) | (1 << AF_INET6),
+ },
};
static const struct filter default_afs[AF_MAX] = {
@@ -264,12 +280,13 @@
filter_db_set(f, PACKET_R_DB);
filter_db_set(f, PACKET_DG_DB);
filter_db_set(f, NETLINK_DB);
+ filter_db_set(f, SCTP_DB);
}
static void filter_states_set(struct filter *f, int states)
{
if (states)
- f->states = (f->states | states) & states;
+ f->states = states;
}
static void filter_merge_defaults(struct filter *f)
@@ -306,76 +323,25 @@
return fopen(p, "r");
}
-
-static FILE *net_tcp_open(void)
-{
- return generic_proc_open("PROC_NET_TCP", "net/tcp");
-}
-
-static FILE *net_tcp6_open(void)
-{
- return generic_proc_open("PROC_NET_TCP6", "net/tcp6");
-}
-
-static FILE *net_udp_open(void)
-{
- return generic_proc_open("PROC_NET_UDP", "net/udp");
-}
-
-static FILE *net_udp6_open(void)
-{
- return generic_proc_open("PROC_NET_UDP6", "net/udp6");
-}
-
-static FILE *net_raw_open(void)
-{
- return generic_proc_open("PROC_NET_RAW", "net/raw");
-}
-
-static FILE *net_raw6_open(void)
-{
- return generic_proc_open("PROC_NET_RAW6", "net/raw6");
-}
-
-static FILE *net_unix_open(void)
-{
- return generic_proc_open("PROC_NET_UNIX", "net/unix");
-}
-
-static FILE *net_packet_open(void)
-{
- return generic_proc_open("PROC_NET_PACKET", "net/packet");
-}
-
-static FILE *net_netlink_open(void)
-{
- return generic_proc_open("PROC_NET_NETLINK", "net/netlink");
-}
-
-static FILE *slabinfo_open(void)
-{
- return generic_proc_open("PROC_SLABINFO", "slabinfo");
-}
-
-static FILE *net_sockstat_open(void)
-{
- return generic_proc_open("PROC_NET_SOCKSTAT", "net/sockstat");
-}
-
-static FILE *net_sockstat6_open(void)
-{
- return generic_proc_open("PROC_NET_SOCKSTAT6", "net/sockstat6");
-}
-
-static FILE *net_snmp_open(void)
-{
- return generic_proc_open("PROC_NET_SNMP", "net/snmp");
-}
-
-static FILE *ephemeral_ports_open(void)
-{
- return generic_proc_open("PROC_IP_LOCAL_PORT_RANGE", "sys/net/ipv4/ip_local_port_range");
-}
+#define net_tcp_open() generic_proc_open("PROC_NET_TCP", "net/tcp")
+#define net_tcp6_open() generic_proc_open("PROC_NET_TCP6", "net/tcp6")
+#define net_udp_open() generic_proc_open("PROC_NET_UDP", "net/udp")
+#define net_udp6_open() generic_proc_open("PROC_NET_UDP6", "net/udp6")
+#define net_raw_open() generic_proc_open("PROC_NET_RAW", "net/raw")
+#define net_raw6_open() generic_proc_open("PROC_NET_RAW6", "net/raw6")
+#define net_unix_open() generic_proc_open("PROC_NET_UNIX", "net/unix")
+#define net_packet_open() generic_proc_open("PROC_NET_PACKET", \
+ "net/packet")
+#define net_netlink_open() generic_proc_open("PROC_NET_NETLINK", \
+ "net/netlink")
+#define slabinfo_open() generic_proc_open("PROC_SLABINFO", "slabinfo")
+#define net_sockstat_open() generic_proc_open("PROC_NET_SOCKSTAT", \
+ "net/sockstat")
+#define net_sockstat6_open() generic_proc_open("PROC_NET_SOCKSTAT6", \
+ "net/sockstat6")
+#define net_snmp_open() generic_proc_open("PROC_NET_SNMP", "net/snmp")
+#define ephemeral_ports_open() generic_proc_open("PROC_IP_LOCAL_PORT_RANGE", \
+ "sys/net/ipv4/ip_local_port_range")
struct user_ent {
struct user_ent *next;
@@ -451,6 +417,7 @@
char *pid_context;
char *sock_context;
const char *no_ctx = "unavailable";
+ static int user_ent_hash_build_init;
/* If show_users & show_proc_ctx set only do this once */
if (user_ent_hash_build_init != 0)
@@ -458,8 +425,7 @@
user_ent_hash_build_init = 1;
- strncpy(name, root, sizeof(name)-1);
- name[sizeof(name)-1] = 0;
+ strlcpy(name, root, sizeof(name));
if (strlen(name) == 0 || name[strlen(name)-1] != '/')
strcat(name, "/");
@@ -551,7 +517,7 @@
};
#define ENTRY_BUF_SIZE 512
-static int find_entry(unsigned ino, char **buf, int type)
+static int find_entry(unsigned int ino, char **buf, int type)
{
struct user_ent *p;
int cnt = 0;
@@ -624,8 +590,7 @@
/* Get stats from slab */
-struct slabstat
-{
+struct slabstat {
int socks;
int tcp_ports;
int tcp_tws;
@@ -635,21 +600,19 @@
static struct slabstat slabstat;
-static const char *slabstat_ids[] =
-{
- "sock",
- "tcp_bind_bucket",
- "tcp_tw_bucket",
- "tcp_open_request",
- "skbuff_head_cache",
-};
-
static int get_slabstat(struct slabstat *s)
{
char buf[256];
FILE *fp;
int cnt;
static int slabstat_valid;
+ static const char * const slabstat_ids[] = {
+ "sock",
+ "tcp_bind_bucket",
+ "tcp_tw_bucket",
+ "tcp_open_request",
+ "skbuff_head_cache",
+ };
if (slabstat_valid)
return 0;
@@ -666,9 +629,10 @@
fclose(fp);
return -1;
}
- while(fgets(buf, sizeof(buf), fp) != NULL) {
+ while (fgets(buf, sizeof(buf), fp) != NULL) {
int i;
- for (i=0; i<sizeof(slabstat_ids)/sizeof(slabstat_ids[0]); i++) {
+
+ for (i = 0; i < ARRAY_SIZE(slabstat_ids); i++) {
if (memcmp(buf, slabstat_ids[i], strlen(slabstat_ids[i])) == 0) {
sscanf(buf, "%*s%d", ((int *)s) + i);
cnt--;
@@ -690,49 +654,30 @@
return (((unsigned long long)cookie[1] << 31) << 1) | cookie[0];
}
-static const char *sstate_name[] = {
- "UNKNOWN",
- [SS_ESTABLISHED] = "ESTAB",
- [SS_SYN_SENT] = "SYN-SENT",
- [SS_SYN_RECV] = "SYN-RECV",
- [SS_FIN_WAIT1] = "FIN-WAIT-1",
- [SS_FIN_WAIT2] = "FIN-WAIT-2",
- [SS_TIME_WAIT] = "TIME-WAIT",
- [SS_CLOSE] = "UNCONN",
- [SS_CLOSE_WAIT] = "CLOSE-WAIT",
- [SS_LAST_ACK] = "LAST-ACK",
- [SS_LISTEN] = "LISTEN",
- [SS_CLOSING] = "CLOSING",
+static const char *sctp_sstate_name[] = {
+ [SCTP_STATE_CLOSED] = "CLOSED",
+ [SCTP_STATE_COOKIE_WAIT] = "COOKIE_WAIT",
+ [SCTP_STATE_COOKIE_ECHOED] = "COOKIE_ECHOED",
+ [SCTP_STATE_ESTABLISHED] = "ESTAB",
+ [SCTP_STATE_SHUTDOWN_PENDING] = "SHUTDOWN_PENDING",
+ [SCTP_STATE_SHUTDOWN_SENT] = "SHUTDOWN_SENT",
+ [SCTP_STATE_SHUTDOWN_RECEIVED] = "SHUTDOWN_RECEIVED",
+ [SCTP_STATE_SHUTDOWN_ACK_SENT] = "ACK_SENT",
};
-static const char *sstate_namel[] = {
- "UNKNOWN",
- [SS_ESTABLISHED] = "established",
- [SS_SYN_SENT] = "syn-sent",
- [SS_SYN_RECV] = "syn-recv",
- [SS_FIN_WAIT1] = "fin-wait-1",
- [SS_FIN_WAIT2] = "fin-wait-2",
- [SS_TIME_WAIT] = "time-wait",
- [SS_CLOSE] = "unconnected",
- [SS_CLOSE_WAIT] = "close-wait",
- [SS_LAST_ACK] = "last-ack",
- [SS_LISTEN] = "listening",
- [SS_CLOSING] = "closing",
-};
-
-struct sockstat
-{
+struct sockstat {
struct sockstat *next;
unsigned int type;
uint16_t prot;
+ uint16_t raw_prot;
inet_prefix local;
inet_prefix remote;
int lport;
int rport;
int state;
int rq, wq;
- unsigned ino;
- unsigned uid;
+ unsigned int ino;
+ unsigned int uid;
int refcnt;
unsigned int iface;
unsigned long long sk;
@@ -741,8 +686,7 @@
__u32 mark;
};
-struct dctcpstat
-{
+struct dctcpstat {
unsigned int ce_state;
unsigned int alpha;
unsigned int ab_ecn;
@@ -750,28 +694,33 @@
bool enabled;
};
-struct tcpstat
-{
+struct tcpstat {
struct sockstat ss;
- int timer;
- int timeout;
+ unsigned int timer;
+ unsigned int timeout;
int probes;
char cong_alg[16];
double rto, ato, rtt, rttvar;
- int qack, cwnd, ssthresh, backoff;
+ int qack, ssthresh, backoff;
double send_bps;
int snd_wscale;
int rcv_wscale;
int mss;
+ int rcv_mss;
+ int advmss;
+ unsigned int cwnd;
unsigned int lastsnd;
unsigned int lastrcv;
unsigned int lastack;
double pacing_rate;
double pacing_rate_max;
+ double delivery_rate;
unsigned long long bytes_acked;
unsigned long long bytes_received;
unsigned int segs_out;
unsigned int segs_in;
+ unsigned int data_segs_out;
+ unsigned int data_segs_in;
unsigned int unacked;
unsigned int retrans;
unsigned int retrans_total;
@@ -779,25 +728,117 @@
unsigned int sacked;
unsigned int fackets;
unsigned int reordering;
+ unsigned int not_sent;
double rcv_rtt;
+ double min_rtt;
int rcv_space;
+ unsigned long long busy_time;
+ unsigned long long rwnd_limited;
+ unsigned long long sndbuf_limited;
bool has_ts_opt;
bool has_sack_opt;
bool has_ecn_opt;
bool has_ecnseen_opt;
bool has_fastopen_opt;
bool has_wscale_opt;
+ bool app_limited;
struct dctcpstat *dctcp;
+ struct tcp_bbr_info *bbr_info;
};
-static void sock_state_print(struct sockstat *s, const char *sock_name)
+/* SCTP assocs share the same inode number with their parent endpoint. So if we
+ * have seen the inode number before, it must be an assoc instead of the next
+ * endpoint. */
+static bool is_sctp_assoc(struct sockstat *s, const char *sock_name)
{
- if (netid_width)
- printf("%-*s ", netid_width, sock_name);
- if (state_width)
- printf("%-*s ", state_width, sstate_name[s->state]);
+ if (strcmp(sock_name, "sctp"))
+ return false;
+ if (!sctp_ino || sctp_ino != s->ino)
+ return false;
+ return true;
+}
- printf("%-6d %-6d ", s->rq, s->wq);
+static const char *unix_netid_name(int type)
+{
+ switch (type) {
+ case SOCK_STREAM:
+ return "u_str";
+ case SOCK_SEQPACKET:
+ return "u_seq";
+ case SOCK_DGRAM:
+ default:
+ return "u_dgr";
+ }
+}
+
+static const char *proto_name(int protocol)
+{
+ switch (protocol) {
+ case 0:
+ return "raw";
+ case IPPROTO_UDP:
+ return "udp";
+ case IPPROTO_TCP:
+ return "tcp";
+ case IPPROTO_SCTP:
+ return "sctp";
+ case IPPROTO_DCCP:
+ return "dccp";
+ case IPPROTO_ICMPV6:
+ return "icmp6";
+ }
+
+ return "???";
+}
+
+static void sock_state_print(struct sockstat *s)
+{
+ const char *sock_name;
+ static const char * const sstate_name[] = {
+ "UNKNOWN",
+ [SS_ESTABLISHED] = "ESTAB",
+ [SS_SYN_SENT] = "SYN-SENT",
+ [SS_SYN_RECV] = "SYN-RECV",
+ [SS_FIN_WAIT1] = "FIN-WAIT-1",
+ [SS_FIN_WAIT2] = "FIN-WAIT-2",
+ [SS_TIME_WAIT] = "TIME-WAIT",
+ [SS_CLOSE] = "UNCONN",
+ [SS_CLOSE_WAIT] = "CLOSE-WAIT",
+ [SS_LAST_ACK] = "LAST-ACK",
+ [SS_LISTEN] = "LISTEN",
+ [SS_CLOSING] = "CLOSING",
+ };
+
+ switch (s->local.family) {
+ case AF_UNIX:
+ sock_name = unix_netid_name(s->type);
+ break;
+ case AF_INET:
+ case AF_INET6:
+ sock_name = proto_name(s->type);
+ break;
+ case AF_PACKET:
+ sock_name = s->type == SOCK_RAW ? "p_raw" : "p_dgr";
+ break;
+ case AF_NETLINK:
+ sock_name = "nl";
+ break;
+ default:
+ sock_name = "unknown";
+ }
+
+ if (netid_width)
+ printf("%-*s ", netid_width,
+ is_sctp_assoc(s, sock_name) ? "" : sock_name);
+ if (state_width) {
+ if (is_sctp_assoc(s, sock_name))
+ printf("`- %-*s ", state_width - 3,
+ sctp_sstate_name[s->state]);
+ else
+ printf("%-*s ", state_width, sstate_name[s->state]);
+ }
+
+ printf("%-6d %-6d %s", s->rq, s->wq, odd_width_pad);
}
static void sock_details_print(struct sockstat *s)
@@ -818,8 +859,7 @@
if (ifname) {
printf("%*s%%%s%s%-*s ", addr_len, addr, ifname, delim,
port_len, port);
- }
- else {
+ } else {
printf("%*s%s%-*s ", addr_len, addr, delim, port_len, port);
}
}
@@ -830,21 +870,11 @@
sock_addr_print_width(addr_width, addr, delim, serv_width, port, ifname);
}
-static const char *tmr_name[] = {
- "off",
- "on",
- "keepalive",
- "timewait",
- "persist",
- "unknown"
-};
-
-static const char *print_ms_timer(int timeout)
+static const char *print_ms_timer(unsigned int timeout)
{
static char buf[64];
int secs, msecs, minutes;
- if (timeout < 0)
- timeout = 0;
+
secs = timeout/1000;
minutes = secs/60;
secs = secs%60;
@@ -893,7 +923,7 @@
struct scache *c;
if (sscanf(buf, "%u %*d %s %u %s",
- &progn, proto, &port, prog+4) != 4)
+ &progn, proto, &port, prog+4) != 4)
continue;
if (!(c = malloc(sizeof(*c))))
@@ -905,6 +935,8 @@
c->proto = TCP_PROTO;
else if (strcmp(proto, UDP_PROTO) == 0)
c->proto = UDP_PROTO;
+ else if (strcmp(proto, SCTP_PROTO) == 0)
+ c->proto = SCTP_PROTO;
else
c->proto = NULL;
c->next = rlist;
@@ -921,10 +953,11 @@
*/
static int is_ephemeral(int port)
{
- static int min = 0, max = 0;
+ static int min = 0, max;
if (!min) {
FILE *f = ephemeral_ports_open();
+
if (!f || fscanf(f, "%d %d", &min, &max) < 2) {
min = 1024;
max = 4999;
@@ -948,6 +981,7 @@
if (!is_ephemeral(port)) {
static int notfirst;
struct servent *se;
+
if (!notfirst) {
setservent(1);
notfirst = 1;
@@ -1009,7 +1043,8 @@
return buf;
}
-static void inet_addr_print(const inet_prefix *a, int port, unsigned int ifindex)
+static void inet_addr_print(const inet_prefix *a, int port,
+ unsigned int ifindex, bool v6only)
{
char buf[1024];
const char *ap = buf;
@@ -1017,19 +1052,28 @@
const char *ifname = NULL;
if (a->family == AF_INET) {
- if (a->data[0] == 0) {
+ ap = format_host(AF_INET, 4, a->data);
+ } else {
+ if (!v6only &&
+ !memcmp(a->data, &in6addr_any, sizeof(in6addr_any))) {
buf[0] = '*';
buf[1] = 0;
} else {
- ap = format_host(AF_INET, 4, a->data, buf, sizeof(buf));
+ ap = format_host(a->family, 16, a->data);
+
+ /* Numeric IPv6 addresses should be bracketed */
+ if (strchr(ap, ':')) {
+ snprintf(buf, sizeof(buf),
+ "[%s]", ap);
+ ap = buf;
+ }
+
+ est_len = strlen(ap);
+ if (est_len <= addr_width)
+ est_len = addr_width;
+ else
+ est_len = addr_width + ((est_len-addr_width+3)/4)*4;
}
- } else {
- ap = format_host(a->family, 16, a->data, buf, sizeof(buf));
- est_len = strlen(ap);
- if (est_len <= addr_width)
- est_len = addr_width;
- else
- est_len = addr_width + ((est_len-addr_width+3)/4)*4;
}
if (ifindex) {
@@ -1043,10 +1087,10 @@
ifname);
}
-struct aafilter
-{
+struct aafilter {
inet_prefix addr;
int port;
+ unsigned int iface;
__u32 mark;
__u32 mask;
struct aafilter *next;
@@ -1065,6 +1109,7 @@
if (a->data[0] == 0 && a->data[1] == 0 &&
a->data[2] == htonl(0xffff)) {
inet_prefix tmp = *a;
+
tmp.data[0] = a->data[3];
return inet_addr_match(&tmp, p, plen);
}
@@ -1075,6 +1120,7 @@
static int unix_match(const inet_prefix *a, const inet_prefix *p)
{
char *addr, *pattern;
+
memcpy(&addr, a->data, sizeof(addr));
memcpy(&pattern, p->data, sizeof(pattern));
if (pattern == NULL)
@@ -1091,6 +1137,7 @@
{
if (s->local.family == AF_UNIX) {
char *p;
+
memcpy(&p, s->local.data, sizeof(p));
return p == NULL || (p[0] == '@' && strlen(p) == 6 &&
strspn(p+1, "0123456789abcdef") == 5);
@@ -1104,7 +1151,8 @@
}
case SSF_DCOND:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
+
if (a->addr.family == AF_UNIX)
return unix_match(&s->remote, &a->addr);
if (a->port != -1 && a->port != s->rport)
@@ -1120,7 +1168,8 @@
}
case SSF_SCOND:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
+
if (a->addr.family == AF_UNIX)
return unix_match(&s->local, &a->addr);
if (a->port != -1 && a->port != s->lport)
@@ -1136,24 +1185,34 @@
}
case SSF_D_GE:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
+
return s->rport >= a->port;
}
case SSF_D_LE:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
+
return s->rport <= a->port;
}
case SSF_S_GE:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
+
return s->lport >= a->port;
}
case SSF_S_LE:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
+
return s->lport <= a->port;
}
+ case SSF_DEVCOND:
+ {
+ struct aafilter *a = (void *)f->pred;
+
+ return s->iface == a->iface;
+ }
case SSF_MARKMASK:
{
struct aafilter *a = (void *)f->pred;
@@ -1176,7 +1235,8 @@
static void ssfilter_patch(char *a, int len, int reloc)
{
while (len > 0) {
- struct inet_diag_bc_op *op = (struct inet_diag_bc_op*)a;
+ struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)a;
+
if (op->no == len+4)
op->no += reloc;
len -= op->yes;
@@ -1191,20 +1251,20 @@
switch (f->type) {
case SSF_S_AUTO:
{
- if (!(*bytecode=malloc(4))) abort();
- ((struct inet_diag_bc_op*)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_AUTO, 4, 8 };
+ if (!(*bytecode = malloc(4))) abort();
+ ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_AUTO, 4, 8 };
return 4;
}
case SSF_DCOND:
case SSF_SCOND:
{
- struct aafilter *a = (void*)f->pred;
+ struct aafilter *a = (void *)f->pred;
struct aafilter *b;
char *ptr;
int code = (f->type == SSF_DCOND ? INET_DIAG_BC_D_COND : INET_DIAG_BC_S_COND);
int len = 0;
- for (b=a; b; b=b->next) {
+ for (b = a; b; b = b->next) {
len += 4 + sizeof(struct inet_diag_hostcond);
if (a->addr.family == AF_INET6)
len += 16;
@@ -1215,11 +1275,11 @@
}
if (!(ptr = malloc(len))) abort();
*bytecode = ptr;
- for (b=a; b; b=b->next) {
+ for (b = a; b; b = b->next) {
struct inet_diag_bc_op *op = (struct inet_diag_bc_op *)ptr;
int alen = (a->addr.family == AF_INET6 ? 16 : 4);
int oplen = alen + 4 + sizeof(struct inet_diag_hostcond);
- struct inet_diag_hostcond *cond = (struct inet_diag_hostcond*)(ptr+4);
+ struct inet_diag_hostcond *cond = (struct inet_diag_hostcond *)(ptr+4);
*op = (struct inet_diag_bc_op){ code, oplen, oplen+4 };
cond->family = a->addr.family;
@@ -1237,43 +1297,53 @@
}
case SSF_D_GE:
{
- struct aafilter *x = (void*)f->pred;
- if (!(*bytecode=malloc(8))) abort();
- ((struct inet_diag_bc_op*)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_D_GE, 8, 12 };
- ((struct inet_diag_bc_op*)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
+ struct aafilter *x = (void *)f->pred;
+
+ if (!(*bytecode = malloc(8))) abort();
+ ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_D_GE, 8, 12 };
+ ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
return 8;
}
case SSF_D_LE:
{
- struct aafilter *x = (void*)f->pred;
- if (!(*bytecode=malloc(8))) abort();
- ((struct inet_diag_bc_op*)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_D_LE, 8, 12 };
- ((struct inet_diag_bc_op*)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
+ struct aafilter *x = (void *)f->pred;
+
+ if (!(*bytecode = malloc(8))) abort();
+ ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_D_LE, 8, 12 };
+ ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
return 8;
}
case SSF_S_GE:
{
- struct aafilter *x = (void*)f->pred;
- if (!(*bytecode=malloc(8))) abort();
- ((struct inet_diag_bc_op*)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_S_GE, 8, 12 };
- ((struct inet_diag_bc_op*)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
+ struct aafilter *x = (void *)f->pred;
+
+ if (!(*bytecode = malloc(8))) abort();
+ ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_S_GE, 8, 12 };
+ ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
return 8;
}
case SSF_S_LE:
{
- struct aafilter *x = (void*)f->pred;
- if (!(*bytecode=malloc(8))) abort();
- ((struct inet_diag_bc_op*)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_S_LE, 8, 12 };
- ((struct inet_diag_bc_op*)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
+ struct aafilter *x = (void *)f->pred;
+
+ if (!(*bytecode = malloc(8))) abort();
+ ((struct inet_diag_bc_op *)*bytecode)[0] = (struct inet_diag_bc_op){ INET_DIAG_BC_S_LE, 8, 12 };
+ ((struct inet_diag_bc_op *)*bytecode)[1] = (struct inet_diag_bc_op){ 0, 0, x->port };
return 8;
}
case SSF_AND:
{
- char *a1, *a2, *a;
+ char *a1 = NULL, *a2 = NULL, *a;
int l1, l2;
+
l1 = ssfilter_bytecompile(f->pred, &a1);
l2 = ssfilter_bytecompile(f->post, &a2);
+ if (!l1 || !l2) {
+ free(a1);
+ free(a2);
+ return 0;
+ }
if (!(a = malloc(l1+l2))) abort();
memcpy(a, a1, l1);
memcpy(a+l1, a2, l2);
@@ -1284,30 +1354,46 @@
}
case SSF_OR:
{
- char *a1, *a2, *a;
+ char *a1 = NULL, *a2 = NULL, *a;
int l1, l2;
+
l1 = ssfilter_bytecompile(f->pred, &a1);
l2 = ssfilter_bytecompile(f->post, &a2);
+ if (!l1 || !l2) {
+ free(a1);
+ free(a2);
+ return 0;
+ }
if (!(a = malloc(l1+l2+4))) abort();
memcpy(a, a1, l1);
memcpy(a+l1+4, a2, l2);
free(a1); free(a2);
- *(struct inet_diag_bc_op*)(a+l1) = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, l2+4 };
+ *(struct inet_diag_bc_op *)(a+l1) = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, l2+4 };
*bytecode = a;
return l1+l2+4;
}
case SSF_NOT:
{
- char *a1, *a;
+ char *a1 = NULL, *a;
int l1;
+
l1 = ssfilter_bytecompile(f->pred, &a1);
+ if (!l1) {
+ free(a1);
+ return 0;
+ }
if (!(a = malloc(l1+4))) abort();
memcpy(a, a1, l1);
free(a1);
- *(struct inet_diag_bc_op*)(a+l1) = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, 8 };
+ *(struct inet_diag_bc_op *)(a+l1) = (struct inet_diag_bc_op){ INET_DIAG_BC_JMP, 4, 8 };
*bytecode = a;
return l1+4;
}
+ case SSF_DEVCOND:
+ {
+ /* bytecompile for SSF_DEVCOND not supported yet */
+ return 0;
+ }
case SSF_MARKMASK:
{
struct aafilter *a = (void *)f->pred;
@@ -1318,7 +1404,7 @@
int inslen = sizeof(struct instr);
if (!(*bytecode = malloc(inslen))) abort();
- ((struct instr *)*bytecode)[0] = (struct instr) {
+ ((struct instr *)*bytecode)[0] = (struct instr) {
{ INET_DIAG_BC_MARK_COND, inslen, inslen + 4 },
{ a->mark, a->mask},
};
@@ -1345,11 +1431,11 @@
while (*ptr) {
struct aafilter *b = a;
+
if (a->addr.bitlen) {
if ((b = malloc(sizeof(*b))) == NULL)
return cnt;
*b = *a;
- b->next = a->next;
a->next = b;
}
memcpy(b->addr.data, *ptr, len);
@@ -1384,11 +1470,12 @@
return !cnt;
}
-static int xll_initted = 0;
+static int xll_initted;
static void xll_init(void)
{
struct rtnl_handle rth;
+
if (rtnl_open(&rth, 0) < 0)
exit(1);
@@ -1411,6 +1498,29 @@
return ll_name_to_index(dev);
}
+void *parse_devcond(char *name)
+{
+ struct aafilter a = { .iface = 0 };
+ struct aafilter *res;
+
+ a.iface = xll_name_to_index(name);
+ if (a.iface == 0) {
+ char *end;
+ unsigned long n;
+
+ n = strtoul(name, &end, 0);
+ if (!end || end == name || *end || n > UINT_MAX)
+ return NULL;
+
+ a.iface = n;
+ }
+
+ res = malloc(sizeof(*res));
+ *res = a;
+
+ return res;
+}
+
void *parse_hostcond(char *addr, bool is_port)
{
char *port = NULL;
@@ -1421,9 +1531,10 @@
if (fam == AF_UNIX || strncmp(addr, "unix:", 5) == 0) {
char *p;
+
a.addr.family = AF_UNIX;
if (strncmp(addr, "unix:", 5) == 0)
- addr+=5;
+ addr += 5;
p = strdup(addr);
a.addr.bitlen = 8*strlen(p);
memcpy(a.addr.data, &p, sizeof(p));
@@ -1435,7 +1546,7 @@
a.addr.family = AF_PACKET;
a.addr.bitlen = 0;
if (strncmp(addr, "link:", 5) == 0)
- addr+=5;
+ addr += 5;
port = strchr(addr, ':');
if (port) {
*port = 0;
@@ -1448,6 +1559,7 @@
}
if (addr[0] && strcmp(addr, "*")) {
unsigned short tmp;
+
a.addr.bitlen = 32;
if (ll_proto_a2n(&tmp, addr))
return NULL;
@@ -1461,7 +1573,7 @@
a.addr.family = AF_NETLINK;
a.addr.bitlen = 0;
if (strncmp(addr, "netlink:", 8) == 0)
- addr+=8;
+ addr += 8;
port = strchr(addr, ':');
if (port) {
*port = 0;
@@ -1516,6 +1628,7 @@
if (get_integer(&a.port, port, 0)) {
struct servent *se1 = NULL;
struct servent *se2 = NULL;
+
if (current_filter.dbs&(1<<UDP_DB))
se1 = getservbyname(port, UDP_PROTO);
if (current_filter.dbs&(1<<TCP_DB))
@@ -1530,6 +1643,7 @@
a.port = ntohs(se1->s_port);
} else {
struct scache *s;
+
for (s = rlist; s; s = s->next) {
if ((s->proto == UDP_PROTO &&
(current_filter.dbs&(1<<UDP_DB))) ||
@@ -1552,7 +1666,7 @@
}
}
}
- if (!is_port && addr && *addr && *addr != '*') {
+ if (!is_port && *addr && *addr != '*') {
if (get_prefix_1(&a.addr, addr, fam)) {
if (get_dns_host(&a, addr, fam)) {
fprintf(stderr, "Error: an inet prefix is expected rather than \"%s\".\n", addr);
@@ -1563,9 +1677,10 @@
out:
if (fam != AF_UNSPEC) {
+ int states = f->states;
f->families = 0;
filter_af_set(f, fam);
- filter_states_set(f, 0);
+ filter_states_set(f, states);
}
res = malloc(sizeof(*res));
@@ -1593,30 +1708,9 @@
return res;
}
-static char *proto_name(int protocol)
+static void proc_ctx_print(struct sockstat *s)
{
- switch (protocol) {
- case 0:
- return "raw";
- case IPPROTO_UDP:
- return "udp";
- case IPPROTO_TCP:
- return "tcp";
- case IPPROTO_DCCP:
- return "dccp";
- }
-
- return "???";
-}
-
-static void inet_stats_print(struct sockstat *s, int protocol)
-{
- char *buf = NULL;
-
- sock_state_print(s, proto_name(protocol));
-
- inet_addr_print(&s->local, s->lport, s->iface);
- inet_addr_print(&s->remote, s->rport, 0);
+ char *buf;
if (show_proc_ctx || show_sock_ctx) {
if (find_entry(s->ino, &buf,
@@ -1633,13 +1727,23 @@
}
}
+static void inet_stats_print(struct sockstat *s, bool v6only)
+{
+ sock_state_print(s);
+
+ inet_addr_print(&s->local, s->lport, s->iface, v6only);
+ inet_addr_print(&s->remote, s->rport, 0, v6only);
+
+ proc_ctx_print(s);
+}
+
static int proc_parse_inet_addr(char *loc, char *rem, int family, struct
- sockstat *s)
+ sockstat * s)
{
s->local.family = s->remote.family = family;
if (family == AF_INET) {
- sscanf(loc, "%x:%x", s->local.data, (unsigned*)&s->lport);
- sscanf(rem, "%x:%x", s->remote.data, (unsigned*)&s->rport);
+ sscanf(loc, "%x:%x", s->local.data, (unsigned *)&s->lport);
+ sscanf(rem, "%x:%x", s->remote.data, (unsigned *)&s->rport);
s->local.bytelen = s->remote.bytelen = 4;
return 0;
} else {
@@ -1685,15 +1789,65 @@
static char *sprint_bw(char *buf, double bw)
{
if (bw > 1000000.)
- sprintf(buf,"%.1fM", bw / 1000000.);
+ sprintf(buf, "%.1fM", bw / 1000000.);
else if (bw > 1000.)
- sprintf(buf,"%.1fK", bw / 1000.);
+ sprintf(buf, "%.1fK", bw / 1000.);
else
sprintf(buf, "%g", bw);
return buf;
}
+static void sctp_stats_print(struct sctp_info *s)
+{
+ if (s->sctpi_tag)
+ printf(" tag:%x", s->sctpi_tag);
+ if (s->sctpi_state)
+ printf(" state:%s", sctp_sstate_name[s->sctpi_state]);
+ if (s->sctpi_rwnd)
+ printf(" rwnd:%d", s->sctpi_rwnd);
+ if (s->sctpi_unackdata)
+ printf(" unackdata:%d", s->sctpi_unackdata);
+ if (s->sctpi_penddata)
+ printf(" penddata:%d", s->sctpi_penddata);
+ if (s->sctpi_instrms)
+ printf(" instrms:%d", s->sctpi_instrms);
+ if (s->sctpi_outstrms)
+ printf(" outstrms:%d", s->sctpi_outstrms);
+ if (s->sctpi_inqueue)
+ printf(" inqueue:%d", s->sctpi_inqueue);
+ if (s->sctpi_outqueue)
+ printf(" outqueue:%d", s->sctpi_outqueue);
+ if (s->sctpi_overall_error)
+ printf(" overerr:%d", s->sctpi_overall_error);
+ if (s->sctpi_max_burst)
+ printf(" maxburst:%d", s->sctpi_max_burst);
+ if (s->sctpi_maxseg)
+ printf(" maxseg:%d", s->sctpi_maxseg);
+ if (s->sctpi_peer_rwnd)
+ printf(" prwnd:%d", s->sctpi_peer_rwnd);
+ if (s->sctpi_peer_tag)
+ printf(" ptag:%x", s->sctpi_peer_tag);
+ if (s->sctpi_peer_capable)
+ printf(" pcapable:%d", s->sctpi_peer_capable);
+ if (s->sctpi_peer_sack)
+ printf(" psack:%d", s->sctpi_peer_sack);
+ if (s->sctpi_s_autoclose)
+ printf(" autoclose:%d", s->sctpi_s_autoclose);
+ if (s->sctpi_s_adaptation_ind)
+ printf(" adapind:%d", s->sctpi_s_adaptation_ind);
+ if (s->sctpi_s_pd_point)
+ printf(" pdpoint:%d", s->sctpi_s_pd_point);
+ if (s->sctpi_s_nodelay)
+ printf(" nodealy:%d", s->sctpi_s_nodelay);
+ if (s->sctpi_s_disable_fragments)
+ printf(" nofrag:%d", s->sctpi_s_disable_fragments);
+ if (s->sctpi_s_v4mapped)
+ printf(" v4mapped:%d", s->sctpi_s_v4mapped);
+ if (s->sctpi_s_frag_interleave)
+ printf(" fraginl:%d", s->sctpi_s_frag_interleave);
+}
+
static void tcp_stats_print(struct tcpstat *s)
{
char b1[64];
@@ -1728,8 +1882,12 @@
if (s->mss)
printf(" mss:%d", s->mss);
+ if (s->rcv_mss)
+ printf(" rcvmss:%d", s->rcv_mss);
+ if (s->advmss)
+ printf(" advmss:%d", s->advmss);
if (s->cwnd)
- printf(" cwnd:%d", s->cwnd);
+ printf(" cwnd:%u", s->cwnd);
if (s->ssthresh)
printf(" ssthresh:%d", s->ssthresh);
@@ -1741,6 +1899,10 @@
printf(" segs_out:%u", s->segs_out);
if (s->segs_in)
printf(" segs_in:%u", s->segs_in);
+ if (s->data_segs_out)
+ printf(" data_segs_out:%u", s->data_segs_out);
+ if (s->data_segs_in)
+ printf(" data_segs_in:%u", s->data_segs_in);
if (s->dctcp && s->dctcp->enabled) {
struct dctcpstat *dctcp = s->dctcp;
@@ -1752,6 +1914,25 @@
printf(" dctcp:fallback_mode");
}
+ if (s->bbr_info) {
+ __u64 bw;
+
+ bw = s->bbr_info->bbr_bw_hi;
+ bw <<= 32;
+ bw |= s->bbr_info->bbr_bw_lo;
+
+ printf(" bbr:(bw:%sbps,mrtt:%g",
+ sprint_bw(b1, bw * 8.0),
+ (double)s->bbr_info->bbr_min_rtt / 1000.0);
+ if (s->bbr_info->bbr_pacing_gain)
+ printf(",pacing_gain:%g",
+ (double)s->bbr_info->bbr_pacing_gain / 256.0);
+ if (s->bbr_info->bbr_cwnd_gain)
+ printf(",cwnd_gain:%g",
+ (double)s->bbr_info->bbr_cwnd_gain / 256.0);
+ printf(")");
+ }
+
if (s->send_bps)
printf(" send %sbps", sprint_bw(b1, s->send_bps));
if (s->lastsnd)
@@ -1768,6 +1949,23 @@
s->pacing_rate_max));
}
+ if (s->delivery_rate)
+ printf(" delivery_rate %sbps", sprint_bw(b1, s->delivery_rate));
+ if (s->app_limited)
+ printf(" app_limited");
+
+ if (s->busy_time) {
+ printf(" busy:%llums", s->busy_time / 1000);
+ if (s->rwnd_limited)
+ printf(" rwnd_limited:%llums(%.1f%%)",
+ s->rwnd_limited / 1000,
+ 100.0 * s->rwnd_limited / s->busy_time);
+ if (s->sndbuf_limited)
+ printf(" sndbuf_limited:%llums(%.1f%%)",
+ s->sndbuf_limited / 1000,
+ 100.0 * s->sndbuf_limited / s->busy_time);
+ }
+
if (s->unacked)
printf(" unacked:%u", s->unacked);
if (s->retrans || s->retrans_total)
@@ -1784,10 +1982,23 @@
printf(" rcv_rtt:%g", s->rcv_rtt);
if (s->rcv_space)
printf(" rcv_space:%d", s->rcv_space);
+ if (s->not_sent)
+ printf(" notsent:%u", s->not_sent);
+ if (s->min_rtt)
+ printf(" minrtt:%g", s->min_rtt);
}
static void tcp_timer_print(struct tcpstat *s)
{
+ static const char * const tmr_name[] = {
+ "off",
+ "on",
+ "keepalive",
+ "timewait",
+ "persist",
+ "unknown"
+ };
+
if (s->timer) {
if (s->timer > 4)
s->timer = 5;
@@ -1798,6 +2009,13 @@
}
}
+static void sctp_timer_print(struct tcpstat *s)
+{
+ if (s->timer)
+ printf(" timer:(T3_RTX,%s,%d)",
+ print_ms_timer(s->timeout), s->retrans);
+}
+
static int tcp_show_line(char *line, const struct filter *f, int family)
{
int rto = 0, ato = 0;
@@ -1811,6 +2029,7 @@
return -1;
int state = (data[1] >= 'A') ? (data[1] - 'A' + 10) : (data[1] - '0');
+
if (!(f->states & (1 << state)))
return 0;
@@ -1820,7 +2039,7 @@
return 0;
opt[0] = 0;
- n = sscanf(data, "%x %x:%x %x:%x %x %d %d %u %d %llx %d %d %d %d %d %[^\n]\n",
+ n = sscanf(data, "%x %x:%x %x:%x %x %d %d %u %d %llx %d %d %d %u %d %[^\n]\n",
&s.ss.state, &s.ss.wq, &s.ss.rq,
&s.timer, &s.timeout, &s.retrans, &s.ss.uid, &s.probes,
&s.ss.ino, &s.ss.refcnt, &s.ss.sk, &rto, &ato, &s.qack, &s.cwnd,
@@ -1843,8 +2062,9 @@
s.rto = (double)rto;
s.ssthresh = s.ssthresh == -1 ? 0 : s.ssthresh;
s.rto = s.rto != 3 * hz ? s.rto / hz : 0;
+ s.ss.type = IPPROTO_TCP;
- inet_stats_print(&s.ss, IPPROTO_TCP);
+ inet_stats_print(&s.ss, false);
if (show_options)
tcp_timer_print(&s);
@@ -1874,6 +2094,7 @@
while (fgets(line, sizeof(line), fp) != NULL) {
int n = strlen(line);
+
if (n == 0 || line[n-1] != '\n') {
errno = -EINVAL;
return -1;
@@ -1924,9 +2145,23 @@
(SK_MEMINFO_BACKLOG + 1) * sizeof(__u32))
printf(",bl%u", skmeminfo[SK_MEMINFO_BACKLOG]);
+ if (RTA_PAYLOAD(tb[attrtype]) >=
+ (SK_MEMINFO_DROPS + 1) * sizeof(__u32))
+ printf(",d%u", skmeminfo[SK_MEMINFO_DROPS]);
+
printf(")");
}
+static void print_md5sig(struct tcp_diag_md5sig *sig)
+{
+ printf("%s/%d=",
+ format_host(sig->tcpm_family,
+ sig->tcpm_family == AF_INET6 ? 16 : 4,
+ &sig->tcpm_addr),
+ sig->tcpm_prefixlen);
+ print_escape_buf(sig->tcpm_key, sig->tcpm_keylen, " ,");
+}
+
#define TCPI_HAS_OPT(info, opt) !!(info->tcpi_options & (opt))
static void tcp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
@@ -1978,6 +2213,8 @@
s.rttvar = (double)info->tcpi_rttvar / 1000;
s.ato = (double)info->tcpi_ato / 1000;
s.mss = info->tcpi_snd_mss;
+ s.rcv_mss = info->tcpi_rcv_mss;
+ s.advmss = info->tcpi_advmss;
s.rcv_space = info->tcpi_rcv_space;
s.rcv_rtt = (double)info->tcpi_rcv_rtt / 1000;
s.lastsnd = info->tcpi_last_data_sent;
@@ -1988,6 +2225,7 @@
s.retrans_total = info->tcpi_total_retrans;
s.lost = info->tcpi_lost;
s.sacked = info->tcpi_sacked;
+ s.fackets = info->tcpi_fackets;
s.reordering = info->tcpi_reordering;
s.rcv_space = info->tcpi_rcv_space;
s.cwnd = info->tcpi_snd_cwnd;
@@ -2020,6 +2258,16 @@
s.dctcp = dctcp;
}
+ if (tb[INET_DIAG_BBRINFO]) {
+ const void *bbr_info = RTA_DATA(tb[INET_DIAG_BBRINFO]);
+ int len = min(RTA_PAYLOAD(tb[INET_DIAG_BBRINFO]),
+ sizeof(*s.bbr_info));
+
+ s.bbr_info = calloc(1, sizeof(*s.bbr_info));
+ if (s.bbr_info && bbr_info)
+ memcpy(s.bbr_info, bbr_info, len);
+ }
+
if (rtt > 0 && info->tcpi_snd_mss && info->tcpi_snd_cwnd) {
s.send_bps = (double) info->tcpi_snd_cwnd *
(double)info->tcpi_snd_mss * 8000000. / rtt;
@@ -2037,51 +2285,144 @@
s.bytes_received = info->tcpi_bytes_received;
s.segs_out = info->tcpi_segs_out;
s.segs_in = info->tcpi_segs_in;
+ s.data_segs_out = info->tcpi_data_segs_out;
+ s.data_segs_in = info->tcpi_data_segs_in;
+ s.not_sent = info->tcpi_notsent_bytes;
+ if (info->tcpi_min_rtt && info->tcpi_min_rtt != ~0U)
+ s.min_rtt = (double) info->tcpi_min_rtt / 1000;
+ s.delivery_rate = info->tcpi_delivery_rate * 8.;
+ s.app_limited = info->tcpi_delivery_rate_app_limited;
+ s.busy_time = info->tcpi_busy_time;
+ s.rwnd_limited = info->tcpi_rwnd_limited;
+ s.sndbuf_limited = info->tcpi_sndbuf_limited;
tcp_stats_print(&s);
free(s.dctcp);
+ free(s.bbr_info);
+ }
+ if (tb[INET_DIAG_MD5SIG]) {
+ struct tcp_diag_md5sig *sig = RTA_DATA(tb[INET_DIAG_MD5SIG]);
+ int len = RTA_PAYLOAD(tb[INET_DIAG_MD5SIG]);
+
+ printf(" md5keys:");
+ print_md5sig(sig++);
+ for (len -= sizeof(*sig); len > 0; len -= sizeof(*sig)) {
+ printf(",");
+ print_md5sig(sig++);
+ }
}
}
-static int inet_show_sock(struct nlmsghdr *nlh, struct filter *f, int protocol)
+static const char *format_host_sa(struct sockaddr_storage *sa)
{
- struct rtattr * tb[INET_DIAG_MAX+1];
- struct inet_diag_msg *r = NLMSG_DATA(nlh);
- struct sockstat s = {};
+ union {
+ struct sockaddr_in sin;
+ struct sockaddr_in6 sin6;
+ } *saddr = (void *)sa;
- parse_rtattr(tb, INET_DIAG_MAX, (struct rtattr*)(r+1),
+ switch (sa->ss_family) {
+ case AF_INET:
+ return format_host(AF_INET, 4, &saddr->sin.sin_addr);
+ case AF_INET6:
+ return format_host(AF_INET6, 16, &saddr->sin6.sin6_addr);
+ default:
+ return "";
+ }
+}
+
+static void sctp_show_info(const struct nlmsghdr *nlh, struct inet_diag_msg *r,
+ struct rtattr *tb[])
+{
+ struct sockaddr_storage *sa;
+ int len;
+
+ print_skmeminfo(tb, INET_DIAG_SKMEMINFO);
+
+ if (tb[INET_DIAG_LOCALS]) {
+ len = RTA_PAYLOAD(tb[INET_DIAG_LOCALS]);
+ sa = RTA_DATA(tb[INET_DIAG_LOCALS]);
+
+ printf("locals:%s", format_host_sa(sa));
+ for (sa++, len -= sizeof(*sa); len > 0; sa++, len -= sizeof(*sa))
+ printf(",%s", format_host_sa(sa));
+
+ }
+ if (tb[INET_DIAG_PEERS]) {
+ len = RTA_PAYLOAD(tb[INET_DIAG_PEERS]);
+ sa = RTA_DATA(tb[INET_DIAG_PEERS]);
+
+ printf(" peers:%s", format_host_sa(sa));
+ for (sa++, len -= sizeof(*sa); len > 0; sa++, len -= sizeof(*sa))
+ printf(",%s", format_host_sa(sa));
+ }
+ if (tb[INET_DIAG_INFO]) {
+ struct sctp_info *info;
+ len = RTA_PAYLOAD(tb[INET_DIAG_INFO]);
+
+ /* workaround for older kernels with less fields */
+ if (len < sizeof(*info)) {
+ info = alloca(sizeof(*info));
+ memcpy(info, RTA_DATA(tb[INET_DIAG_INFO]), len);
+ memset((char *)info + len, 0, sizeof(*info) - len);
+ } else
+ info = RTA_DATA(tb[INET_DIAG_INFO]);
+
+ sctp_stats_print(info);
+ }
+}
+
+static void parse_diag_msg(struct nlmsghdr *nlh, struct sockstat *s)
+{
+ struct rtattr *tb[INET_DIAG_MAX+1];
+ struct inet_diag_msg *r = NLMSG_DATA(nlh);
+
+ parse_rtattr(tb, INET_DIAG_MAX, (struct rtattr *)(r+1),
nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
- s.state = r->idiag_state;
- s.local.family = s.remote.family = r->idiag_family;
- s.lport = ntohs(r->id.idiag_sport);
- s.rport = ntohs(r->id.idiag_dport);
- s.wq = r->idiag_wqueue;
- s.rq = r->idiag_rqueue;
- s.ino = r->idiag_inode;
- s.uid = r->idiag_uid;
- s.iface = r->id.idiag_if;
- s.sk = cookie_sk_get(&r->id.idiag_cookie[0]);
+ s->state = r->idiag_state;
+ s->local.family = s->remote.family = r->idiag_family;
+ s->lport = ntohs(r->id.idiag_sport);
+ s->rport = ntohs(r->id.idiag_dport);
+ s->wq = r->idiag_wqueue;
+ s->rq = r->idiag_rqueue;
+ s->ino = r->idiag_inode;
+ s->uid = r->idiag_uid;
+ s->iface = r->id.idiag_if;
+ s->sk = cookie_sk_get(&r->id.idiag_cookie[0]);
- s.mark = 0;
+ s->mark = 0;
if (tb[INET_DIAG_MARK])
- s.mark = *(__u32 *) RTA_DATA(tb[INET_DIAG_MARK]);
+ s->mark = rta_getattr_u32(tb[INET_DIAG_MARK]);
+ if (tb[INET_DIAG_PROTOCOL])
+ s->raw_prot = rta_getattr_u8(tb[INET_DIAG_PROTOCOL]);
+ else
+ s->raw_prot = 0;
- if (s.local.family == AF_INET) {
- s.local.bytelen = s.remote.bytelen = 4;
- } else {
- s.local.bytelen = s.remote.bytelen = 16;
- }
+ if (s->local.family == AF_INET)
+ s->local.bytelen = s->remote.bytelen = 4;
+ else
+ s->local.bytelen = s->remote.bytelen = 16;
- memcpy(s.local.data, r->id.idiag_src, s.local.bytelen);
- memcpy(s.remote.data, r->id.idiag_dst, s.local.bytelen);
+ memcpy(s->local.data, r->id.idiag_src, s->local.bytelen);
+ memcpy(s->remote.data, r->id.idiag_dst, s->local.bytelen);
+}
- if (f && f->f && run_ssfilter(f->f, &s) == 0)
- return 0;
+static int inet_show_sock(struct nlmsghdr *nlh,
+ struct sockstat *s)
+{
+ struct rtattr *tb[INET_DIAG_MAX+1];
+ struct inet_diag_msg *r = NLMSG_DATA(nlh);
+ unsigned char v6only = 0;
+
+ parse_rtattr(tb, INET_DIAG_MAX, (struct rtattr *)(r+1),
+ nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
if (tb[INET_DIAG_PROTOCOL])
- protocol = *(__u8 *)RTA_DATA(tb[INET_DIAG_PROTOCOL]);
+ s->type = rta_getattr_u8(tb[INET_DIAG_PROTOCOL]);
- inet_stats_print(&s, protocol);
+ if (s->local.family == AF_INET6 && tb[INET_DIAG_SKV6ONLY])
+ v6only = rta_getattr_u8(tb[INET_DIAG_SKV6ONLY]);
+
+ inet_stats_print(s, v6only);
if (show_options) {
struct tcpstat t = {};
@@ -2089,27 +2430,33 @@
t.timer = r->idiag_timer;
t.timeout = r->idiag_expires;
t.retrans = r->idiag_retrans;
- tcp_timer_print(&t);
+ if (s->type == IPPROTO_SCTP)
+ sctp_timer_print(&t);
+ else
+ tcp_timer_print(&t);
}
if (show_details) {
- sock_details_print(&s);
- if (s.local.family == AF_INET6 && tb[INET_DIAG_SKV6ONLY]) {
- unsigned char v6only;
- v6only = *(__u8 *)RTA_DATA(tb[INET_DIAG_SKV6ONLY]);
+ sock_details_print(s);
+ if (s->local.family == AF_INET6 && tb[INET_DIAG_SKV6ONLY])
printf(" v6only:%u", v6only);
- }
+
if (tb[INET_DIAG_SHUTDOWN]) {
unsigned char mask;
- mask = *(__u8 *)RTA_DATA(tb[INET_DIAG_SHUTDOWN]);
+
+ mask = rta_getattr_u8(tb[INET_DIAG_SHUTDOWN]);
printf(" %c-%c", mask & 1 ? '-' : '<', mask & 2 ? '-' : '>');
}
}
- if (show_mem || show_tcpinfo) {
+ if (show_mem || (show_tcpinfo && s->type != IPPROTO_UDP)) {
printf("\n\t");
- tcp_show_info(nlh, r, tb);
+ if (s->type == IPPROTO_SCTP)
+ sctp_show_info(nlh, r, tb);
+ else
+ tcp_show_info(nlh, r, tb);
}
+ sctp_ino = s->ino;
printf("\n");
return 0;
@@ -2117,34 +2464,31 @@
static int tcpdiag_send(int fd, int protocol, struct filter *f)
{
- struct sockaddr_nl nladdr;
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
struct {
struct nlmsghdr nlh;
struct inet_diag_req r;
- } req;
+ } req = {
+ .nlh.nlmsg_len = sizeof(req),
+ .nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST,
+ .nlh.nlmsg_seq = MAGIC_SEQ,
+ .r.idiag_family = AF_INET,
+ .r.idiag_states = f->states,
+ };
char *bc = NULL;
int bclen;
struct msghdr msg;
struct rtattr rta;
struct iovec iov[3];
+ int iovlen = 1;
if (protocol == IPPROTO_UDP)
return -1;
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- req.nlh.nlmsg_len = sizeof(req);
if (protocol == IPPROTO_TCP)
req.nlh.nlmsg_type = TCPDIAG_GETSOCK;
else
req.nlh.nlmsg_type = DCCPDIAG_GETSOCK;
- req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST;
- req.nlh.nlmsg_pid = 0;
- req.nlh.nlmsg_seq = MAGIC_SEQ;
- memset(&req.r, 0, sizeof(req.r));
- req.r.idiag_family = AF_INET;
- req.r.idiag_states = f->states;
if (show_mem) {
req.r.idiag_ext |= (1<<(INET_DIAG_MEMINFO-1));
req.r.idiag_ext |= (1<<(INET_DIAG_SKMEMINFO-1));
@@ -2162,18 +2506,21 @@
};
if (f->f) {
bclen = ssfilter_bytecompile(f->f, &bc);
- rta.rta_type = INET_DIAG_REQ_BYTECODE;
- rta.rta_len = RTA_LENGTH(bclen);
- iov[1] = (struct iovec){ &rta, sizeof(rta) };
- iov[2] = (struct iovec){ bc, bclen };
- req.nlh.nlmsg_len += RTA_LENGTH(bclen);
+ if (bclen) {
+ rta.rta_type = INET_DIAG_REQ_BYTECODE;
+ rta.rta_len = RTA_LENGTH(bclen);
+ iov[1] = (struct iovec){ &rta, sizeof(rta) };
+ iov[2] = (struct iovec){ bc, bclen };
+ req.nlh.nlmsg_len += RTA_LENGTH(bclen);
+ iovlen = 3;
+ }
}
msg = (struct msghdr) {
- .msg_name = (void*)&nladdr,
+ .msg_name = (void *)&nladdr,
.msg_namelen = sizeof(nladdr),
.msg_iov = iov,
- .msg_iovlen = f->f ? 3 : 1,
+ .msg_iovlen = iovlen,
};
if (sendmsg(fd, &msg, 0) < 0) {
@@ -2186,20 +2533,18 @@
static int sockdiag_send(int family, int fd, int protocol, struct filter *f)
{
- struct sockaddr_nl nladdr;
+ struct sockaddr_nl nladdr = { .nl_family = AF_NETLINK };
DIAG_REQUEST(req, struct inet_diag_req_v2 r);
char *bc = NULL;
int bclen;
struct msghdr msg;
struct rtattr rta;
struct iovec iov[3];
+ int iovlen = 1;
if (family == PF_UNSPEC)
return tcpdiag_send(fd, protocol, f);
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
memset(&req.r, 0, sizeof(req.r));
req.r.sdiag_family = family;
req.r.sdiag_protocol = protocol;
@@ -2221,18 +2566,21 @@
};
if (f->f) {
bclen = ssfilter_bytecompile(f->f, &bc);
- rta.rta_type = INET_DIAG_REQ_BYTECODE;
- rta.rta_len = RTA_LENGTH(bclen);
- iov[1] = (struct iovec){ &rta, sizeof(rta) };
- iov[2] = (struct iovec){ bc, bclen };
- req.nlh.nlmsg_len += RTA_LENGTH(bclen);
+ if (bclen) {
+ rta.rta_type = INET_DIAG_REQ_BYTECODE;
+ rta.rta_len = RTA_LENGTH(bclen);
+ iov[1] = (struct iovec){ &rta, sizeof(rta) };
+ iov[2] = (struct iovec){ bc, bclen };
+ req.nlh.nlmsg_len += RTA_LENGTH(bclen);
+ iovlen = 3;
+ }
}
msg = (struct msghdr) {
- .msg_name = (void*)&nladdr,
+ .msg_name = (void *)&nladdr,
.msg_namelen = sizeof(nladdr),
.msg_iov = iov,
- .msg_iovlen = f->f ? 3 : 1,
+ .msg_iovlen = iovlen,
};
if (sendmsg(fd, &msg, 0) < 0) {
@@ -2249,12 +2597,12 @@
struct rtnl_handle *rth;
};
-static int kill_inet_sock(const struct sockaddr_nl *addr,
- struct nlmsghdr *h, void *arg)
+static int kill_inet_sock(struct nlmsghdr *h, void *arg, struct sockstat *s)
{
struct inet_diag_msg *d = NLMSG_DATA(h);
struct inet_diag_arg *diag_arg = arg;
struct rtnl_handle *rth = diag_arg->rth;
+
DIAG_REQUEST(req, struct inet_diag_req_v2 r);
req.nlh.nlmsg_type = SOCK_DESTROY;
@@ -2264,6 +2612,13 @@
req.r.sdiag_protocol = diag_arg->protocol;
req.r.id = d->id;
+ if (diag_arg->protocol == IPPROTO_RAW) {
+ struct inet_diag_req_raw *raw = (void *)&req.r;
+
+ BUILD_BUG_ON(sizeof(req.r) != sizeof(*raw));
+ raw->sdiag_raw_protocol = s->raw_prot;
+ }
+
return rtnl_talk(rth, &req.nlh, NULL, 0);
}
@@ -2273,10 +2628,18 @@
int err;
struct inet_diag_arg *diag_arg = arg;
struct inet_diag_msg *r = NLMSG_DATA(h);
+ struct sockstat s = {};
if (!(diag_arg->f->families & (1 << r->idiag_family)))
return 0;
- if (diag_arg->f->kill && kill_inet_sock(addr, h, arg) != 0) {
+
+ parse_diag_msg(h, &s);
+ s.type = diag_arg->protocol;
+
+ if (diag_arg->f->f && run_ssfilter(diag_arg->f->f, &s) == 0)
+ return 0;
+
+ if (diag_arg->f->kill && kill_inet_sock(h, arg, &s) != 0) {
if (errno == EOPNOTSUPP || errno == ENOENT) {
/* Socket can't be closed, or is already closed. */
return 0;
@@ -2285,7 +2648,9 @@
return -1;
}
}
- if ((err = inet_show_sock(h, diag_arg->f, diag_arg->protocol)) < 0)
+
+ err = inet_show_sock(h, &s);
+ if (err < 0)
return err;
return 0;
@@ -2341,59 +2706,75 @@
{
FILE *fp;
char buf[16384];
+ int err = -1;
if ((fp = fopen(getenv("TCPDIAG_FILE"), "r")) == NULL) {
perror("fopen($TCPDIAG_FILE)");
- return -1;
+ return err;
}
while (1) {
- int status, err;
- struct nlmsghdr *h = (struct nlmsghdr*)buf;
+ int status, err2;
+ struct nlmsghdr *h = (struct nlmsghdr *)buf;
+ struct sockstat s = {};
status = fread(buf, 1, sizeof(*h), fp);
if (status < 0) {
perror("Reading header from $TCPDIAG_FILE");
- return -1;
+ break;
}
if (status != sizeof(*h)) {
perror("Unexpected EOF reading $TCPDIAG_FILE");
- return -1;
+ break;
}
status = fread(h+1, 1, NLMSG_ALIGN(h->nlmsg_len-sizeof(*h)), fp);
if (status < 0) {
perror("Reading $TCPDIAG_FILE");
- return -1;
+ break;
}
if (status + sizeof(*h) < h->nlmsg_len) {
perror("Unexpected EOF reading $TCPDIAG_FILE");
- return -1;
+ break;
}
/* The only legal exit point */
- if (h->nlmsg_type == NLMSG_DONE)
- return 0;
+ if (h->nlmsg_type == NLMSG_DONE) {
+ err = 0;
+ break;
+ }
if (h->nlmsg_type == NLMSG_ERROR) {
- struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h);
+ struct nlmsgerr *err = (struct nlmsgerr *)NLMSG_DATA(h);
+
if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) {
fprintf(stderr, "ERROR truncated\n");
} else {
errno = -err->error;
perror("TCPDIAG answered");
}
- return -1;
+ break;
}
- err = inet_show_sock(h, f, IPPROTO_TCP);
- if (err < 0)
- return err;
+ parse_diag_msg(h, &s);
+ s.type = IPPROTO_TCP;
+
+ if (f && f->f && run_ssfilter(f->f, &s) == 0)
+ continue;
+
+ err2 = inet_show_sock(h, &s);
+ if (err2 < 0) {
+ err = err2;
+ break;
+ }
}
+
+ fclose(fp);
+ return err;
}
-static int tcp_show(struct filter *f, int socktype)
+static int tcp_show(struct filter *f)
{
FILE *fp = NULL;
char *buf = NULL;
@@ -2408,7 +2789,7 @@
return tcp_show_netlink_file(f);
if (!getenv("PROC_NET_TCP") && !getenv("PROC_ROOT")
- && inet_show_netlink(f, NULL, socktype) == 0)
+ && inet_show_netlink(f, NULL, IPPROTO_TCP) == 0)
return 0;
/* Sigh... We have to parse /proc/net/tcp... */
@@ -2424,6 +2805,7 @@
get_slabstat(&slabstat);
int guess = slabstat.socks+slabstat.tcp_syns;
+
if (f->states&(1<<SS_TIME_WAIT))
guess += slabstat.tcp_tws;
if (guess > (16*1024*1024)/128)
@@ -2466,6 +2848,7 @@
outerr:
do {
int saved_errno = errno;
+
free(buf);
if (fp)
fclose(fp);
@@ -2474,6 +2857,29 @@
} while (0);
}
+static int dccp_show(struct filter *f)
+{
+ if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
+ return 0;
+
+ if (!getenv("PROC_NET_DCCP") && !getenv("PROC_ROOT")
+ && inet_show_netlink(f, NULL, IPPROTO_DCCP) == 0)
+ return 0;
+
+ return 0;
+}
+
+static int sctp_show(struct filter *f)
+{
+ if (!filter_af_get(f, AF_INET) && !filter_af_get(f, AF_INET6))
+ return 0;
+
+ if (!getenv("PROC_NET_SCTP") && !getenv("PROC_ROOT")
+ && inet_show_netlink(f, NULL, IPPROTO_SCTP) == 0)
+ return 0;
+
+ return 0;
+}
static int dgram_show_line(char *line, const struct filter *f, int family)
{
@@ -2486,6 +2892,7 @@
return -1;
int state = (data[1] >= 'A') ? (data[1] - 'A' + 10) : (data[1] - '0');
+
if (!(f->states & (1 << state)))
return 0;
@@ -2503,7 +2910,8 @@
if (n < 9)
opt[0] = 0;
- inet_stats_print(&s, dg_proto == UDP_PROTO ? IPPROTO_UDP : 0);
+ s.type = dg_proto == UDP_PROTO ? IPPROTO_UDP : 0;
+ inet_stats_print(&s, false);
if (show_details && opt[0])
printf(" opt:\"%s\"", opt);
@@ -2544,6 +2952,7 @@
outerr:
do {
int saved_errno = errno;
+
if (fp)
fclose(fp);
errno = saved_errno;
@@ -2560,6 +2969,10 @@
dg_proto = RAW_PROTO;
+ if (!getenv("PROC_NET_RAW") && !getenv("PROC_ROOT") &&
+ inet_show_netlink(f, NULL, IPPROTO_RAW) == 0)
+ return 0;
+
if (f->families&(1<<AF_INET)) {
if ((fp = net_raw_open()) == NULL)
goto outerr;
@@ -2579,6 +2992,7 @@
outerr:
do {
int saved_errno = errno;
+
if (fp)
fclose(fp);
errno = saved_errno;
@@ -2586,39 +3000,15 @@
} while (0);
}
-int unix_state_map[] = { SS_CLOSE, SS_SYN_SENT,
- SS_ESTABLISHED, SS_CLOSING };
-
#define MAX_UNIX_REMEMBER (1024*1024/sizeof(struct sockstat))
-static void unix_list_free(struct sockstat *list)
+static void unix_list_drop_first(struct sockstat **list)
{
- while (list) {
- struct sockstat *s = list;
+ struct sockstat *s = *list;
- list = list->next;
- free(s->name);
- free(s);
- }
-}
-
-static const char *unix_netid_name(int type)
-{
- const char *netid;
-
- switch (type) {
- case SOCK_STREAM:
- netid = "u_str";
- break;
- case SOCK_SEQPACKET:
- netid = "u_seq";
- break;
- case SOCK_DGRAM:
- default:
- netid = "u_dgr";
- break;
- }
- return netid;
+ (*list) = (*list)->next;
+ free(s->name);
+ free(s);
}
static bool unix_type_skip(struct sockstat *s, struct filter *f)
@@ -2632,79 +3022,18 @@
return false;
}
-static bool unix_use_proc(void)
+static void unix_stats_print(struct sockstat *s, struct filter *f)
{
- return getenv("PROC_NET_UNIX") || getenv("PROC_ROOT");
-}
-
-static void unix_stats_print(struct sockstat *list, struct filter *f)
-{
- struct sockstat *s;
- char *peer;
- char *ctx_buf = NULL;
- bool use_proc = unix_use_proc();
char port_name[30] = {};
- for (s = list; s; s = s->next) {
- if (!(f->states & (1 << s->state)))
- continue;
- if (unix_type_skip(s, f))
- continue;
+ sock_state_print(s);
- peer = "*";
- if (s->peer_name)
- peer = s->peer_name;
+ sock_addr_print(s->name ?: "*", " ",
+ int_to_str(s->lport, port_name), NULL);
+ sock_addr_print(s->peer_name ?: "*", " ",
+ int_to_str(s->rport, port_name), NULL);
- if (s->rport && use_proc) {
- struct sockstat *p;
-
- for (p = list; p; p = p->next) {
- if (s->rport == p->lport)
- break;
- }
-
- if (!p) {
- peer = "?";
- } else {
- peer = p->name ? : "*";
- }
- }
-
- if (use_proc && f->f) {
- struct sockstat st;
- st.local.family = AF_UNIX;
- st.remote.family = AF_UNIX;
- memcpy(st.local.data, &s->name, sizeof(s->name));
- if (strcmp(peer, "*") == 0)
- memset(st.remote.data, 0, sizeof(peer));
- else
- memcpy(st.remote.data, &peer, sizeof(peer));
- if (run_ssfilter(f->f, &st) == 0)
- continue;
- }
-
- sock_state_print(s, unix_netid_name(s->type));
-
- sock_addr_print(s->name ?: "*", " ",
- int_to_str(s->lport, port_name), NULL);
- sock_addr_print(peer, " ", int_to_str(s->rport, port_name),
- NULL);
-
- if (show_proc_ctx || show_sock_ctx) {
- if (find_entry(s->ino, &ctx_buf,
- (show_proc_ctx & show_sock_ctx) ?
- PROC_SOCK_CTX : PROC_CTX) > 0) {
- printf(" users:(%s)", ctx_buf);
- free(ctx_buf);
- }
- } else if (show_users) {
- if (find_entry(s->ino, &ctx_buf, USERS) > 0) {
- printf(" users:(%s)", ctx_buf);
- free(ctx_buf);
- }
- }
- printf("\n");
- }
+ proc_ctx_print(s);
}
static int unix_show_sock(const struct sockaddr_nl *addr, struct nlmsghdr *nlh,
@@ -2716,7 +3045,7 @@
char name[128];
struct sockstat stat = { .name = "*", .peer_name = "*" };
- parse_rtattr(tb, UNIX_DIAG_MAX, (struct rtattr*)(r+1),
+ parse_rtattr(tb, UNIX_DIAG_MAX, (struct rtattr *)(r+1),
nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
stat.type = r->udiag_type;
@@ -2729,6 +3058,7 @@
if (tb[UNIX_DIAG_RQLEN]) {
struct unix_diag_rqlen *rql = RTA_DATA(tb[UNIX_DIAG_RQLEN]);
+
stat.rq = rql->udiag_rqueue;
stat.wq = rql->udiag_wqueue;
}
@@ -2737,8 +3067,12 @@
memcpy(name, RTA_DATA(tb[UNIX_DIAG_NAME]), len);
name[len] = '\0';
- if (name[0] == '\0')
- name[0] = '@';
+ if (name[0] == '\0') {
+ int i;
+ for (i = 0; i < len; i++)
+ if (name[i] == '\0')
+ name[i] = '@';
+ }
stat.name = &name[0];
memcpy(stat.local.data, &stat.name, sizeof(stat.name));
}
@@ -2750,19 +3084,17 @@
unix_stats_print(&stat, f);
- if (show_mem) {
- printf("\t");
+ if (show_mem)
print_skmeminfo(tb, UNIX_DIAG_MEMINFO);
- }
if (show_details) {
if (tb[UNIX_DIAG_SHUTDOWN]) {
unsigned char mask;
- mask = *(__u8 *)RTA_DATA(tb[UNIX_DIAG_SHUTDOWN]);
+
+ mask = rta_getattr_u8(tb[UNIX_DIAG_SHUTDOWN]);
printf(" %c-%c", mask & 1 ? '-' : '<', mask & 2 ? '-' : '>');
}
}
- if (show_mem || show_details)
- printf("\n");
+ printf("\n");
return 0;
}
@@ -2811,11 +3143,14 @@
int newformat = 0;
int cnt;
struct sockstat *list = NULL;
+ const int unix_state_map[] = { SS_CLOSE, SS_SYN_SENT,
+ SS_ESTABLISHED, SS_CLOSING };
if (!filter_af_get(f, AF_UNIX))
return 0;
- if (!unix_use_proc() && unix_show_netlink(f) == 0)
+ if (!getenv("PROC_NET_UNIX") && !getenv("PROC_ROOT")
+ && unix_show_netlink(f) == 0)
return 0;
if ((fp = net_unix_open()) == NULL)
@@ -2835,8 +3170,6 @@
if (!(u = calloc(1, sizeof(*u))))
break;
- u->name = NULL;
- u->peer_name = NULL;
if (sscanf(buf, "%x: %x %x %x %x %x %d %s",
&u->rport, &u->rq, &u->wq, &flags, &u->type,
@@ -2848,11 +3181,17 @@
if (flags & (1 << 16)) {
u->state = SS_LISTEN;
- } else {
+ } else if (u->state > 0 &&
+ u->state <= ARRAY_SIZE(unix_state_map)) {
u->state = unix_state_map[u->state-1];
if (u->type == SOCK_DGRAM && u->state == SS_CLOSE && u->rport)
u->state = SS_ESTABLISHED;
}
+ if (unix_type_skip(u, f) ||
+ !(f->states & (1 << u->state))) {
+ free(u);
+ continue;
+ }
if (!newformat) {
u->rport = 0;
@@ -2860,6 +3199,44 @@
u->wq = 0;
}
+ if (name[0]) {
+ u->name = strdup(name);
+ if (!u->name) {
+ free(u);
+ break;
+ }
+ }
+
+ if (u->rport) {
+ struct sockstat *p;
+
+ for (p = list; p; p = p->next) {
+ if (u->rport == p->lport)
+ break;
+ }
+ if (!p)
+ u->peer_name = "?";
+ else
+ u->peer_name = p->name ? : "*";
+ }
+
+ if (f->f) {
+ struct sockstat st = {
+ .local.family = AF_UNIX,
+ .remote.family = AF_UNIX,
+ };
+
+ memcpy(st.local.data, &u->name, sizeof(u->name));
+ if (strcmp(u->peer_name, "*"))
+ memcpy(st.remote.data, &u->peer_name,
+ sizeof(u->peer_name));
+ if (run_ssfilter(f->f, &st) == 0) {
+ free(u->name);
+ free(u);
+ continue;
+ }
+ }
+
insp = &list;
while (*insp) {
if (u->type < (*insp)->type ||
@@ -2871,24 +3248,22 @@
u->next = *insp;
*insp = u;
- if (name[0]) {
- if ((u->name = malloc(strlen(name)+1)) == NULL)
- break;
- strcpy(u->name, name);
- }
if (++cnt > MAX_UNIX_REMEMBER) {
- unix_stats_print(list, f);
- unix_list_free(list);
- list = NULL;
+ while (list) {
+ unix_stats_print(list, f);
+ printf("\n");
+
+ unix_list_drop_first(&list);
+ }
cnt = 0;
}
}
fclose(fp);
- if (list) {
+ while (list) {
unix_stats_print(list, f);
- unix_list_free(list);
- list = NULL;
- cnt = 0;
+ printf("\n");
+
+ unix_list_drop_first(&list);
}
return 0;
@@ -2896,19 +3271,18 @@
static int packet_stats_print(struct sockstat *s, const struct filter *f)
{
- char *buf = NULL;
const char *addr, *port;
char ll_name[16];
+ s->local.family = s->remote.family = AF_PACKET;
+
if (f->f) {
- s->local.family = AF_PACKET;
- s->remote.family = AF_PACKET;
s->local.data[0] = s->prot;
if (run_ssfilter(f->f, s) == 0)
return 1;
}
- sock_state_print(s, s->type == SOCK_RAW ? "p_raw" : "p_dgr");
+ sock_state_print(s);
if (s->prot == 3)
addr = "*";
@@ -2923,19 +3297,7 @@
sock_addr_print(addr, ":", port, NULL);
sock_addr_print("", "*", "", NULL);
- if (show_proc_ctx || show_sock_ctx) {
- if (find_entry(s->ino, &buf,
- (show_proc_ctx & show_sock_ctx) ?
- PROC_SOCK_CTX : PROC_CTX) > 0) {
- printf(" users:(%s)", buf);
- free(buf);
- }
- } else if (show_users) {
- if (find_entry(s->ino, &buf, USERS) > 0) {
- printf(" users:(%s)", buf);
- free(buf);
- }
- }
+ proc_ctx_print(s);
if (show_details)
sock_details_print(s);
@@ -2965,7 +3327,7 @@
uint32_t fanout = 0;
bool has_fanout = false;
- parse_rtattr(tb, PACKET_DIAG_MAX, (struct rtattr*)(r+1),
+ parse_rtattr(tb, PACKET_DIAG_MAX, (struct rtattr *)(r+1),
nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
/* use /proc/net/packet if all info are not available */
@@ -2980,6 +3342,7 @@
if (tb[PACKET_DIAG_MEMINFO]) {
__u32 *skmeminfo = RTA_DATA(tb[PACKET_DIAG_MEMINFO]);
+
stat.rq = skmeminfo[SK_MEMINFO_RMEM_ALLOC];
}
@@ -2989,7 +3352,7 @@
}
if (tb[PACKET_DIAG_UID])
- stat.uid = *(__u32 *)RTA_DATA(tb[PACKET_DIAG_UID]);
+ stat.uid = rta_getattr_u32(tb[PACKET_DIAG_UID]);
if (tb[PACKET_DIAG_RX_RING])
ring_rx = RTA_DATA(tb[PACKET_DIAG_RX_RING]);
@@ -2999,7 +3362,7 @@
if (tb[PACKET_DIAG_FANOUT]) {
has_fanout = true;
- fanout = *(uint32_t *)RTA_DATA(tb[PACKET_DIAG_FANOUT]);
+ fanout = rta_getattr_u32(tb[PACKET_DIAG_FANOUT]);
}
if (packet_stats_print(&stat, f))
@@ -3143,23 +3506,24 @@
}
static int netlink_show_one(struct filter *f,
- int prot, int pid, unsigned groups,
- int state, int dst_pid, unsigned dst_group,
+ int prot, int pid, unsigned int groups,
+ int state, int dst_pid, unsigned int dst_group,
int rq, int wq,
unsigned long long sk, unsigned long long cb)
{
- struct sockstat st;
+ struct sockstat st = {
+ .state = SS_CLOSE,
+ .rq = rq,
+ .wq = wq,
+ .local.family = AF_NETLINK,
+ .remote.family = AF_NETLINK,
+ };
+
SPRINT_BUF(prot_buf) = {};
const char *prot_name;
char procname[64] = {};
- st.state = SS_CLOSE;
- st.rq = rq;
- st.wq = wq;
-
if (f->f) {
- st.local.family = AF_NETLINK;
- st.remote.family = AF_NETLINK;
st.rport = -1;
st.lport = pid;
st.local.data[0] = prot;
@@ -3167,7 +3531,7 @@
return 1;
}
- sock_state_print(&st, "nl");
+ sock_state_print(&st);
if (resolve_services)
prot_name = nl_proto_n2a(prot, prot_buf, sizeof(prot_buf));
@@ -3178,11 +3542,13 @@
procname[0] = '*';
} else if (resolve_services) {
int done = 0;
+
if (!pid) {
done = 1;
strncpy(procname, "kernel", 6);
} else if (pid > 0) {
FILE *fp;
+
snprintf(procname, sizeof(procname), "%s/%d/stat",
getenv("PROC_ROOT") ? : "/proc", pid);
if ((fp = fopen(procname, "r")) != NULL) {
@@ -3206,6 +3572,7 @@
if (state == NETLINK_CONNECTED) {
char dst_group_buf[30];
char dst_pid_buf[30];
+
sock_addr_print(int_to_str(dst_group, dst_group_buf), ":",
int_to_str(dst_pid, dst_pid_buf), NULL);
} else {
@@ -3213,6 +3580,7 @@
}
char *pid_context = NULL;
+
if (show_proc_ctx) {
/* The pid value will either be:
* 0 if destination kernel - show kernel initial context.
@@ -3225,12 +3593,8 @@
else if (pid > 0)
getpidcon(pid, &pid_context);
- if (pid_context != NULL) {
- printf("proc_ctx=%-*s ", serv_width, pid_context);
- free(pid_context);
- } else {
- printf("proc_ctx=%-*s ", serv_width, "unavailable");
- }
+ printf(" proc_ctx=%s", pid_context ? : "unavailable");
+ free(pid_context);
}
if (show_details) {
@@ -3250,7 +3614,7 @@
int rq = 0, wq = 0;
unsigned long groups = 0;
- parse_rtattr(tb, NETLINK_DIAG_MAX, (struct rtattr*)(r+1),
+ parse_rtattr(tb, NETLINK_DIAG_MAX, (struct rtattr *)(r+1),
nlh->nlmsg_len - NLMSG_LENGTH(sizeof(*r)));
if (tb[NETLINK_DIAG_GROUPS] && RTA_PAYLOAD(tb[NETLINK_DIAG_GROUPS]))
@@ -3258,6 +3622,7 @@
if (tb[NETLINK_DIAG_MEMINFO]) {
const __u32 *skmeminfo;
+
skmeminfo = RTA_DATA(tb[NETLINK_DIAG_MEMINFO]);
rq = skmeminfo[SK_MEMINFO_RMEM_ALLOC];
@@ -3295,7 +3660,7 @@
FILE *fp;
char buf[256];
int prot, pid;
- unsigned groups;
+ unsigned int groups;
int rq, wq, rc;
unsigned long long sk, cb;
@@ -3352,7 +3717,7 @@
static int handle_follow_request(struct filter *f)
{
- int ret = -1;
+ int ret = 0;
int groups = 0;
struct rtnl_handle rth;
@@ -3375,19 +3740,12 @@
rth.local.nl_pid = 0;
if (rtnl_dump_filter(&rth, generic_show_sock, f))
- goto Exit;
+ ret = -1;
- ret = 0;
-Exit:
rtnl_close(&rth);
return ret;
}
-struct snmpstat
-{
- int tcp_estab;
-};
-
static int get_snmp_int(char *proto, char *key, int *result)
{
char buf[1024];
@@ -3403,6 +3761,7 @@
while (fgets(buf, sizeof(buf), fp) != NULL) {
char *p = buf;
int pos = 0;
+
if (memcmp(buf, proto, protolen))
continue;
while ((p = strchr(p, ' ')) != NULL) {
@@ -3435,8 +3794,7 @@
/* Get stats from sockstat */
-struct ssummary
-{
+struct ssummary {
int socks;
int tcp_mem;
int tcp_total;
@@ -3492,13 +3850,13 @@
if ((fp = net_sockstat_open()) == NULL)
return -1;
- while(fgets(buf, sizeof(buf), fp) != NULL)
+ while (fgets(buf, sizeof(buf), fp) != NULL)
get_sockstat_line(buf, s);
fclose(fp);
if ((fp = net_sockstat6_open()) == NULL)
return 0;
- while(fgets(buf, sizeof(buf), fp) != NULL)
+ while (fgets(buf, sizeof(buf), fp) != NULL)
get_sockstat_line(buf, s);
fclose(fp);
@@ -3508,11 +3866,11 @@
static int print_summary(void)
{
struct ssummary s;
- struct snmpstat sn;
+ int tcp_estab;
if (get_sockstat(&s) < 0)
perror("ss: get_sockstat");
- if (get_snmp_int("Tcp:", "CurrEstab", &sn.tcp_estab) < 0)
+ if (get_snmp_int("Tcp:", "CurrEstab", &tcp_estab) < 0)
perror("ss: get_snmpstat");
get_slabstat(&slabstat);
@@ -3521,7 +3879,7 @@
printf("TCP: %d (estab %d, closed %d, orphaned %d, synrecv %d, timewait %d/%d), ports %d\n",
s.tcp_total + slabstat.tcp_syns + s.tcp_tws,
- sn.tcp_estab,
+ tcp_estab,
s.tcp_total - (s.tcp4_hashed+s.tcp6_hashed-s.tcp_tws),
s.tcp_orphans,
slabstat.tcp_syns,
@@ -3574,13 +3932,16 @@
" -6, --ipv6 display only IP version 6 sockets\n"
" -0, --packet display PACKET sockets\n"
" -t, --tcp display only TCP sockets\n"
+" -S, --sctp display only SCTP sockets\n"
" -u, --udp display only UDP sockets\n"
" -d, --dccp display only DCCP sockets\n"
" -w, --raw display only RAW sockets\n"
" -x, --unix display only Unix domain sockets\n"
" -f, --family=FAMILY display sockets of type FAMILY\n"
+" FAMILY := {inet|inet6|link|unix|netlink|help}\n"
"\n"
" -K, --kill forcibly close sockets, display what was closed\n"
+" -H, --no-header Suppress header line\n"
"\n"
" -A, --query=QUERY, --socket=QUERY\n"
" QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]\n"
@@ -3589,11 +3950,11 @@
" -F, --filter=FILE read filter information from FILE\n"
" FILTER := [ state STATE-FILTER ] [ EXPRESSION ]\n"
" STATE-FILTER := {all|connected|synchronized|bucket|big|TCP-STATES}\n"
-" TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listen|closing}\n"
+" TCP-STATES := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|closed|close-wait|last-ack|listening|closing}\n"
" connected := {established|syn-sent|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}\n"
" synchronized := {established|syn-recv|fin-wait-{1,2}|time-wait|close-wait|last-ack|closing}\n"
" bucket := {syn-recv|time-wait}\n"
-" big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listen|closing}\n"
+" big := {established|syn-sent|fin-wait-{1,2}|closed|close-wait|last-ack|listening|closing}\n"
);
}
@@ -3614,7 +3975,22 @@
static int scan_state(const char *state)
{
+ static const char * const sstate_namel[] = {
+ "UNKNOWN",
+ [SS_ESTABLISHED] = "established",
+ [SS_SYN_SENT] = "syn-sent",
+ [SS_SYN_RECV] = "syn-recv",
+ [SS_FIN_WAIT1] = "fin-wait-1",
+ [SS_FIN_WAIT2] = "fin-wait-2",
+ [SS_TIME_WAIT] = "time-wait",
+ [SS_CLOSE] = "unconnected",
+ [SS_CLOSE_WAIT] = "close-wait",
+ [SS_LAST_ACK] = "last-ack",
+ [SS_LISTEN] = "listening",
+ [SS_CLOSING] = "closing",
+ };
int i;
+
if (strcasecmp(state, "close") == 0 ||
strcasecmp(state, "closed") == 0)
return (1<<SS_CLOSE);
@@ -3632,7 +4008,7 @@
return (1<<SS_SYN_RECV)|(1<<SS_TIME_WAIT);
if (strcasecmp(state, "big") == 0)
return SS_ALL & ~((1<<SS_SYN_RECV)|(1<<SS_TIME_WAIT));
- for (i=0; i<SS_MAX; i++) {
+ for (i = 0; i < SS_MAX; i++) {
if (strcasecmp(state, sstate_namel[i]) == 0)
return (1<<i);
}
@@ -3653,6 +4029,7 @@
{ "events", 0, 0, 'E' },
{ "dccp", 0, 0, 'd' },
{ "tcp", 0, 0, 't' },
+ { "sctp", 0, 0, 'S' },
{ "udp", 0, 0, 'u' },
{ "raw", 0, 0, 'w' },
{ "unix", 0, 0, 'x' },
@@ -3673,6 +4050,7 @@
{ "contexts", 0, 0, 'z' },
{ "net", 1, 0, 'N' },
{ "kill", 0, 0, 'K' },
+ { "no-header", 0, 0, 'H' },
{ 0 }
};
@@ -3686,10 +4064,12 @@
FILE *filter_fp = NULL;
int ch;
int state_filter = 0;
+ int addrp_width, screen_width = 80;
- while ((ch = getopt_long(argc, argv, "dhaletuwxnro460spbEf:miA:D:F:vVzZN:K",
+ while ((ch = getopt_long(argc, argv,
+ "dhaletuwxnro460spbEf:miA:D:F:vVzZN:KHS",
long_opts, NULL)) != EOF) {
- switch(ch) {
+ switch (ch) {
case 'n':
resolve_services = 0;
break;
@@ -3726,6 +4106,9 @@
case 't':
filter_db_set(¤t_filter, TCP_DB);
break;
+ case 'S':
+ filter_db_set(¤t_filter, SCTP_DB);
+ break;
case 'u':
filter_db_set(¤t_filter, UDP_DB);
break;
@@ -3772,10 +4155,11 @@
case 'A':
{
char *p, *p1;
+
if (!saw_query) {
current_filter.dbs = 0;
state_filter = state_filter ?
- state_filter : SS_CONN;
+ state_filter : SS_CONN;
saw_query = 1;
do_default = 0;
}
@@ -3789,6 +4173,7 @@
filter_db_set(¤t_filter, UDP_DB);
filter_db_set(¤t_filter, DCCP_DB);
filter_db_set(¤t_filter, TCP_DB);
+ filter_db_set(¤t_filter, SCTP_DB);
filter_db_set(¤t_filter, RAW_DB);
} else if (strcmp(p, "udp") == 0) {
filter_db_set(¤t_filter, UDP_DB);
@@ -3796,6 +4181,8 @@
filter_db_set(¤t_filter, DCCP_DB);
} else if (strcmp(p, "tcp") == 0) {
filter_db_set(¤t_filter, TCP_DB);
+ } else if (strcmp(p, "sctp") == 0) {
+ filter_db_set(¤t_filter, SCTP_DB);
} else if (strcmp(p, "raw") == 0) {
filter_db_set(¤t_filter, RAW_DB);
} else if (strcmp(p, "unix") == 0) {
@@ -3856,6 +4243,7 @@
exit(0);
case 'z':
show_sock_ctx++;
+ /* fall through */
case 'Z':
if (is_selinux_enabled() <= 0) {
fprintf(stderr, "ss: SELinux is not enabled.\n");
@@ -3871,6 +4259,9 @@
case 'K':
current_filter.kill = 1;
break;
+ case 'H':
+ show_header = 0;
+ break;
case 'h':
help();
case '?':
@@ -3917,10 +4308,9 @@
filter_merge_defaults(¤t_filter);
if (resolve_services && resolve_hosts &&
- (current_filter.dbs&(UNIX_DBM|(1<<TCP_DB)|(1<<UDP_DB)|(1<<DCCP_DB))))
+ (current_filter.dbs & (UNIX_DBM|INET_L4_DBM)))
init_service_resolver();
-
if (current_filter.dbs == 0) {
fprintf(stderr, "ss: no socket tables to show with such filter.\n");
exit(0);
@@ -3936,6 +4326,7 @@
if (dump_tcpdiag) {
FILE *dump_fp = stdout;
+
if (!(current_filter.dbs & (1<<TCP_DB))) {
fprintf(stderr, "ss: tcpdiag dump requested and no tcp in filter.\n");
exit(0);
@@ -3963,7 +4354,6 @@
if (current_filter.states&(current_filter.states-1))
state_width = 10;
- screen_width = 80;
if (isatty(STDOUT_FILENO)) {
struct winsize w;
@@ -3974,8 +4364,10 @@
}
addrp_width = screen_width;
- addrp_width -= netid_width+1;
- addrp_width -= state_width+1;
+ if (netid_width)
+ addrp_width -= netid_width + 1;
+ if (state_width)
+ addrp_width -= state_width + 1;
addrp_width -= 14;
if (addrp_width&1) {
@@ -3983,6 +4375,8 @@
netid_width++;
else if (state_width)
state_width++;
+ else
+ odd_width_pad = " ";
}
addrp_width /= 2;
@@ -3995,19 +4389,23 @@
addr_width = addrp_width - serv_width - 1;
- if (netid_width)
- printf("%-*s ", netid_width, "Netid");
- if (state_width)
- printf("%-*s ", state_width, "State");
- printf("%-6s %-6s ", "Recv-Q", "Send-Q");
+ if (show_header) {
+ if (netid_width)
+ printf("%-*s ", netid_width, "Netid");
+ if (state_width)
+ printf("%-*s ", state_width, "State");
+ printf("%-6s %-6s %s", "Recv-Q", "Send-Q", odd_width_pad);
+ }
/* Make enough space for the local/remote port field */
addr_width -= 13;
serv_width += 13;
- printf("%*s:%-*s %*s:%-*s\n",
- addr_width, "Local Address", serv_width, "Port",
- addr_width, "Peer Address", serv_width, "Port");
+ if (show_header) {
+ printf("%*s:%-*s %*s:%-*s\n",
+ addr_width, "Local Address", serv_width, "Port",
+ addr_width, "Peer Address", serv_width, "Port");
+ }
fflush(stdout);
@@ -4025,9 +4423,11 @@
if (current_filter.dbs & (1<<UDP_DB))
udp_show(¤t_filter);
if (current_filter.dbs & (1<<TCP_DB))
- tcp_show(¤t_filter, IPPROTO_TCP);
+ tcp_show(¤t_filter);
if (current_filter.dbs & (1<<DCCP_DB))
- tcp_show(¤t_filter, IPPROTO_DCCP);
+ dccp_show(¤t_filter);
+ if (current_filter.dbs & (1<<SCTP_DB))
+ sctp_show(¤t_filter);
if (show_users || show_proc_ctx || show_sock_ctx)
user_ent_destroy();
diff --git a/misc/ssfilter.h b/misc/ssfilter.h
index c7293cc..dfc5b93 100644
--- a/misc/ssfilter.h
+++ b/misc/ssfilter.h
@@ -8,6 +8,7 @@
#define SSF_S_GE 7
#define SSF_S_LE 8
#define SSF_S_AUTO 9
+#define SSF_DEVCOND 10
#define SSF_MARKMASK 11
#include <stdbool.h>
@@ -21,4 +22,5 @@
int ssfilter_parse(struct ssfilter **f, int argc, char **argv, FILE *fp);
void *parse_hostcond(char *addr, bool is_port);
+void *parse_devcond(char *name);
void *parse_markmask(const char *markmask);
diff --git a/misc/ssfilter.y b/misc/ssfilter.y
index ba6b06f..7b0fb16 100644
--- a/misc/ssfilter.y
+++ b/misc/ssfilter.y
@@ -39,7 +39,7 @@
%}
-%token HOSTCOND DCOND SCOND DPORT SPORT LEQ GEQ NEQ AUTOBOUND MARKMASK FWMARK
+%token HOSTCOND DCOND SCOND DPORT SPORT LEQ GEQ NEQ AUTOBOUND DEVCOND DEVNAME MARKMASK FWMARK
%left '|'
%left '&'
%nonassoc '!'
@@ -111,6 +111,14 @@
{
$$ = alloc_node(SSF_NOT, alloc_node(SSF_SCOND, $3));
}
+ | DEVNAME '=' DEVCOND
+ {
+ $$ = alloc_node(SSF_DEVCOND, $3);
+ }
+ | DEVNAME NEQ DEVCOND
+ {
+ $$ = alloc_node(SSF_NOT, alloc_node(SSF_DEVCOND, $3));
+ }
| FWMARK '=' MARKMASK
{
$$ = alloc_node(SSF_MARKMASK, $3);
@@ -247,6 +255,10 @@
tok_type = SPORT;
return SPORT;
}
+ if (strcmp(curtok, "dev") == 0) {
+ tok_type = DEVNAME;
+ return DEVNAME;
+ }
if (strcmp(curtok, "fwmark") == 0) {
tok_type = FWMARK;
return FWMARK;
@@ -277,6 +289,14 @@
tok_type = AUTOBOUND;
return AUTOBOUND;
}
+ if (tok_type == DEVNAME) {
+ yylval = (void*)parse_devcond(curtok);
+ if (yylval == NULL) {
+ fprintf(stderr, "Cannot parse device.\n");
+ exit(1);
+ }
+ return DEVCOND;
+ }
if (tok_type == FWMARK) {
yylval = (void*)parse_markmask(curtok);
if (yylval == NULL) {
diff --git a/netem/Makefile b/netem/Makefile
index e52e125..4341852 100644
--- a/netem/Makefile
+++ b/netem/Makefile
@@ -1,9 +1,11 @@
+include ../config.mk
+
DISTGEN = maketable normal pareto paretonormal
DISTDATA = normal.dist pareto.dist paretonormal.dist experimental.dist
HOSTCC ?= $(CC)
CCOPTS = $(CBUILD_CFLAGS)
-LDLIBS += -lm
+LDLIBS += -lm
all: $(DISTGEN) $(DISTDATA)
diff --git a/netem/maketable.c b/netem/maketable.c
index a5452b6..ccb8f0c 100644
--- a/netem/maketable.c
+++ b/netem/maketable.c
@@ -24,8 +24,8 @@
int limit;
int n=0, i;
- fstat(fileno(fp), &info);
- if (info.st_size > 0) {
+ if (!fstat(fileno(fp), &info) &&
+ info.st_size > 0) {
limit = 2*info.st_size/sizeof(double); /* @@ approximate */
} else {
limit = 10000;
@@ -38,8 +38,8 @@
}
for (i=0; i<limit; ++i){
- fscanf(fp, "%lf", &x[i]);
- if (feof(fp))
+ if (fscanf(fp, "%lf", &x[i]) != 1 ||
+ feof(fp))
break;
++n;
}
@@ -149,6 +149,8 @@
inversevalue = (int)rint(findex*TABLEFACTOR);
if (inversevalue <= MINSHORT) inversevalue = MINSHORT+1;
if (inversevalue > MAXSHORT) inversevalue = MAXSHORT;
+ if (inverseindex >= inversesize) inverseindex = inversesize- 1;
+
inverse[inverseindex] = inversevalue;
}
return inverse;
@@ -210,7 +212,7 @@
}
} else {
fp = stdin;
- }
+ }
x = readdoubles(fp, &limit);
if (limit <= 0) {
fprintf(stderr, "Nothing much read!\n");
@@ -221,7 +223,7 @@
fprintf(stderr, "%d values, mu %10.4f, sigma %10.4f, rho %10.4f\n",
limit, mu, sigma, rho);
#endif
-
+
table = makedist(x, limit, mu, sigma);
free((void *) x);
cumulativedist(table, DISTTABLESIZE, &total);
diff --git a/netem/normal.c b/netem/normal.c
index dbdebb1..90963f4 100644
--- a/netem/normal.c
+++ b/netem/normal.c
@@ -33,7 +33,7 @@
table[i] = x;
}
-
+
printf("# This is the distribution table for the normal distribution.\n");
for (i = n = 0; i < TABLESIZE; i += 4) {
int value = (int) rint(table[i]*TABLEFACTOR);
diff --git a/netem/pareto.c b/netem/pareto.c
index 8aa647b..51d9437 100644
--- a/netem/pareto.c
+++ b/netem/pareto.c
@@ -36,6 +36,6 @@
n = 0;
}
}
-
+
return 0;
-}
+}
diff --git a/netem/paretonormal.c b/netem/paretonormal.c
index ed75f28..9773e37 100644
--- a/netem/paretonormal.c
+++ b/netem/paretonormal.c
@@ -11,7 +11,6 @@
*/
#include <stdio.h>
#include <stdlib.h>
-#include <stdlib.h>
#include <string.h>
#include <math.h>
#include <limits.h>
@@ -44,7 +43,7 @@
if (dvalue > 32767)
dvalue = 32767;
return (int)rint(dvalue);
-}
+}
int
main(int argc, char **argv)
diff --git a/rdma/.gitignore b/rdma/.gitignore
new file mode 100644
index 0000000..51fb172
--- /dev/null
+++ b/rdma/.gitignore
@@ -0,0 +1 @@
+rdma
diff --git a/rdma/Makefile b/rdma/Makefile
new file mode 100644
index 0000000..1b5aa50
--- /dev/null
+++ b/rdma/Makefile
@@ -0,0 +1,19 @@
+include ../config.mk
+
+ifeq ($(HAVE_MNL),y)
+
+RDMA_OBJ = rdma.o utils.o dev.o link.o
+
+TARGETS=rdma
+endif
+
+all: $(TARGETS) $(LIBS)
+
+rdma: $(RDMA_OBJ) $(LIBS)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
+
+install: all
+ install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR)
+
+clean:
+ rm -f $(RDMA_OBJ) $(TARGETS)
diff --git a/rdma/dev.c b/rdma/dev.c
new file mode 100644
index 0000000..9fadf3a
--- /dev/null
+++ b/rdma/dev.c
@@ -0,0 +1,284 @@
+/*
+ * dev.c RDMA tool
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Leon Romanovsky <leonro@mellanox.com>
+ */
+
+#include "rdma.h"
+
+static int dev_help(struct rd *rd)
+{
+ pr_out("Usage: %s dev show [DEV]\n", rd->filename);
+ return 0;
+}
+
+static const char *dev_caps_to_str(uint32_t idx)
+{
+#define RDMA_DEV_FLAGS(x) \
+ x(RESIZE_MAX_WR, 0) \
+ x(BAD_PKEY_CNTR, 1) \
+ x(BAD_QKEY_CNTR, 2) \
+ x(RAW_MULTI, 3) \
+ x(AUTO_PATH_MIG, 4) \
+ x(CHANGE_PHY_PORT, 5) \
+ x(UD_AV_PORT_ENFORCE_PORT_ENFORCE, 6) \
+ x(CURR_QP_STATE_MOD, 7) \
+ x(SHUTDOWN_PORT, 8) \
+ x(INIT_TYPE, 9) \
+ x(PORT_ACTIVE_EVENT, 10) \
+ x(SYS_IMAGE_GUID, 11) \
+ x(RC_RNR_NAK_GEN, 12) \
+ x(SRQ_RESIZE, 13) \
+ x(N_NOTIFY_CQ, 14) \
+ x(LOCAL_DMA_LKEY, 15) \
+ x(MEM_WINDOW, 17) \
+ x(UD_IP_CSUM, 18) \
+ x(UD_TSO, 19) \
+ x(XRC, 20) \
+ x(MEM_MGT_EXTENSIONS, 21) \
+ x(BLOCK_MULTICAST_LOOPBACK, 22) \
+ x(MEM_WINDOW_TYPE_2A, 23) \
+ x(MEM_WINDOW_TYPE_2B, 24) \
+ x(RC_IP_CSUM, 25) \
+ x(RAW_IP_CSUM, 26) \
+ x(CROSS_CHANNEL, 27) \
+ x(MANAGED_FLOW_STEERING, 29) \
+ x(SIGNATURE_HANDOVER, 30) \
+ x(ON_DEMAND_PAGING, 31) \
+ x(SG_GAPS_REG, 32) \
+ x(VIRTUAL_FUNCTION, 33) \
+ x(RAW_SCATTER_FCS, 34) \
+ x(RDMA_NETDEV_OPA_VNIC, 35)
+
+ enum { RDMA_DEV_FLAGS(RDMA_BITMAP_ENUM) };
+
+ static const char * const
+ rdma_dev_names[] = { RDMA_DEV_FLAGS(RDMA_BITMAP_NAMES) };
+ #undef RDMA_DEV_FLAGS
+
+ if (idx < ARRAY_SIZE(rdma_dev_names) && rdma_dev_names[idx])
+ return rdma_dev_names[idx];
+ return "UNKNOWN";
+}
+
+static void dev_print_caps(struct rd *rd, struct nlattr **tb)
+{
+ uint64_t caps;
+ uint32_t idx;
+
+ if (!tb[RDMA_NLDEV_ATTR_CAP_FLAGS])
+ return;
+
+ caps = mnl_attr_get_u64(tb[RDMA_NLDEV_ATTR_CAP_FLAGS]);
+
+ if (rd->json_output) {
+ jsonw_name(rd->jw, "caps");
+ jsonw_start_array(rd->jw);
+ } else {
+ pr_out("\n caps: <");
+ }
+ for (idx = 0; caps; idx++) {
+ if (caps & 0x1) {
+ if (rd->json_output) {
+ jsonw_string(rd->jw, dev_caps_to_str(idx));
+ } else {
+ pr_out("%s", dev_caps_to_str(idx));
+ if (caps >> 0x1)
+ pr_out(", ");
+ }
+ }
+ caps >>= 0x1;
+ }
+
+ if (rd->json_output)
+ jsonw_end_array(rd->jw);
+ else
+ pr_out(">");
+}
+
+static void dev_print_fw(struct rd *rd, struct nlattr **tb)
+{
+ const char *str;
+ if (!tb[RDMA_NLDEV_ATTR_FW_VERSION])
+ return;
+
+ str = mnl_attr_get_str(tb[RDMA_NLDEV_ATTR_FW_VERSION]);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "fw", str);
+ else
+ pr_out("fw %s ", str);
+}
+
+static void dev_print_node_guid(struct rd *rd, struct nlattr **tb)
+{
+ uint64_t node_guid;
+ uint16_t vp[4];
+ char str[32];
+
+ if (!tb[RDMA_NLDEV_ATTR_NODE_GUID])
+ return;
+
+ node_guid = mnl_attr_get_u64(tb[RDMA_NLDEV_ATTR_NODE_GUID]);
+ memcpy(vp, &node_guid, sizeof(uint64_t));
+ snprintf(str, 32, "%04x:%04x:%04x:%04x", vp[3], vp[2], vp[1], vp[0]);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "node_guid", str);
+ else
+ pr_out("node_guid %s ", str);
+}
+
+static void dev_print_sys_image_guid(struct rd *rd, struct nlattr **tb)
+{
+ uint64_t sys_image_guid;
+ uint16_t vp[4];
+ char str[32];
+
+ if (!tb[RDMA_NLDEV_ATTR_SYS_IMAGE_GUID])
+ return;
+
+ sys_image_guid = mnl_attr_get_u64(tb[RDMA_NLDEV_ATTR_SYS_IMAGE_GUID]);
+ memcpy(vp, &sys_image_guid, sizeof(uint64_t));
+ snprintf(str, 32, "%04x:%04x:%04x:%04x", vp[3], vp[2], vp[1], vp[0]);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "sys_image_guid", str);
+ else
+ pr_out("sys_image_guid %s ", str);
+}
+
+static const char *node_type_to_str(uint8_t node_type)
+{
+ static const char * const node_type_str[] = { "unknown", "ca",
+ "switch", "router",
+ "rnic", "usnic",
+ "usnic_dp" };
+ if (node_type < ARRAY_SIZE(node_type_str))
+ return node_type_str[node_type];
+ return "unknown";
+}
+
+static void dev_print_node_type(struct rd *rd, struct nlattr **tb)
+{
+ const char *node_str;
+ uint8_t node_type;
+
+ if (!tb[RDMA_NLDEV_ATTR_DEV_NODE_TYPE])
+ return;
+
+ node_type = mnl_attr_get_u8(tb[RDMA_NLDEV_ATTR_DEV_NODE_TYPE]);
+ node_str = node_type_to_str(node_type);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "node_type", node_str);
+ else
+ pr_out("node_type %s ", node_str);
+}
+
+static int dev_parse_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct nlattr *tb[RDMA_NLDEV_ATTR_MAX] = {};
+ struct rd *rd = data;
+ const char *name;
+ uint32_t idx;
+
+ mnl_attr_parse(nlh, 0, rd_attr_cb, tb);
+ if (!tb[RDMA_NLDEV_ATTR_DEV_INDEX] || !tb[RDMA_NLDEV_ATTR_DEV_NAME])
+ return MNL_CB_ERROR;
+
+ idx = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
+ name = mnl_attr_get_str(tb[RDMA_NLDEV_ATTR_DEV_NAME]);
+ if (rd->json_output) {
+ jsonw_uint_field(rd->jw, "ifindex", idx);
+ jsonw_string_field(rd->jw, "ifname", name);
+ } else {
+ pr_out("%u: %s: ", idx, name);
+ }
+
+ dev_print_node_type(rd, tb);
+ dev_print_fw(rd, tb);
+ dev_print_node_guid(rd, tb);
+ dev_print_sys_image_guid(rd, tb);
+ if (rd->show_details)
+ dev_print_caps(rd, tb);
+
+ if (!rd->json_output)
+ pr_out("\n");
+ return MNL_CB_OK;
+}
+
+static int dev_no_args(struct rd *rd)
+{
+ uint32_t seq;
+ int ret;
+
+ rd_prepare_msg(rd, RDMA_NLDEV_CMD_GET,
+ &seq, (NLM_F_REQUEST | NLM_F_ACK));
+ mnl_attr_put_u32(rd->nlh, RDMA_NLDEV_ATTR_DEV_INDEX, rd->dev_idx);
+ ret = rd_send_msg(rd);
+ if (ret)
+ return ret;
+
+ if (rd->json_output)
+ jsonw_start_object(rd->jw);
+ ret = rd_recv_msg(rd, dev_parse_cb, rd, seq);
+ if (rd->json_output)
+ jsonw_end_object(rd->jw);
+ return ret;
+}
+
+static int dev_one_show(struct rd *rd)
+{
+ const struct rd_cmd cmds[] = {
+ { NULL, dev_no_args},
+ { 0 }
+ };
+
+ return rd_exec_cmd(rd, cmds, "parameter");
+}
+
+static int dev_show(struct rd *rd)
+{
+ struct dev_map *dev_map;
+ int ret = 0;
+
+ if (rd->json_output)
+ jsonw_start_array(rd->jw);
+ if (rd_no_arg(rd)) {
+ list_for_each_entry(dev_map, &rd->dev_map_list, list) {
+ rd->dev_idx = dev_map->idx;
+ ret = dev_one_show(rd);
+ if (ret)
+ goto out;
+ }
+ } else {
+ dev_map = dev_map_lookup(rd, false);
+ if (!dev_map) {
+ pr_err("Wrong device name\n");
+ ret = -ENOENT;
+ goto out;
+ }
+ rd_arg_inc(rd);
+ rd->dev_idx = dev_map->idx;
+ ret = dev_one_show(rd);
+ }
+out:
+ if (rd->json_output)
+ jsonw_end_array(rd->jw);
+ return ret;
+}
+
+int cmd_dev(struct rd *rd)
+{
+ const struct rd_cmd cmds[] = {
+ { NULL, dev_show },
+ { "show", dev_show },
+ { "list", dev_show },
+ { "help", dev_help },
+ { 0 }
+ };
+
+ return rd_exec_cmd(rd, cmds, "dev command");
+}
diff --git a/rdma/link.c b/rdma/link.c
new file mode 100644
index 0000000..3a4b00b
--- /dev/null
+++ b/rdma/link.c
@@ -0,0 +1,343 @@
+/*
+ * link.c RDMA tool
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Leon Romanovsky <leonro@mellanox.com>
+ */
+
+#include "rdma.h"
+
+static int link_help(struct rd *rd)
+{
+ pr_out("Usage: %s link show [DEV/PORT_INDEX]\n", rd->filename);
+ return 0;
+}
+
+static const char *caps_to_str(uint32_t idx)
+{
+#define RDMA_PORT_FLAGS(x) \
+ x(SM, 1) \
+ x(NOTICE, 2) \
+ x(TRAP, 3) \
+ x(OPT_IPD, 4) \
+ x(AUTO_MIGR, 5) \
+ x(SL_MAP, 6) \
+ x(MKEY_NVRAM, 7) \
+ x(PKEY_NVRAM, 8) \
+ x(LED_INFO, 9) \
+ x(SM_DISABLED, 10) \
+ x(SYS_IMAGE_GUIG, 11) \
+ x(PKEY_SW_EXT_PORT_TRAP, 12) \
+ x(EXTENDED_SPEEDS, 14) \
+ x(CM, 16) \
+ x(SNMP_TUNNEL, 17) \
+ x(REINIT, 18) \
+ x(DEVICE_MGMT, 19) \
+ x(VENDOR_CLASS, 20) \
+ x(DR_NOTICE, 21) \
+ x(CAP_MASK_NOTICE, 22) \
+ x(BOOT_MGMT, 23) \
+ x(LINK_LATENCY, 24) \
+ x(CLIENT_REG, 25) \
+ x(IP_BASED_GIDS, 26)
+
+ enum { RDMA_PORT_FLAGS(RDMA_BITMAP_ENUM) };
+
+ static const char * const
+ rdma_port_names[] = { RDMA_PORT_FLAGS(RDMA_BITMAP_NAMES) };
+ #undef RDMA_PORT_FLAGS
+
+ if (idx < ARRAY_SIZE(rdma_port_names) && rdma_port_names[idx])
+ return rdma_port_names[idx];
+ return "UNKNOWN";
+}
+
+static void link_print_caps(struct rd *rd, struct nlattr **tb)
+{
+ uint64_t caps;
+ uint32_t idx;
+
+ if (!tb[RDMA_NLDEV_ATTR_CAP_FLAGS])
+ return;
+
+ caps = mnl_attr_get_u64(tb[RDMA_NLDEV_ATTR_CAP_FLAGS]);
+
+ if (rd->json_output) {
+ jsonw_name(rd->jw, "caps");
+ jsonw_start_array(rd->jw);
+ } else {
+ pr_out("\n caps: <");
+ }
+ for (idx = 0; caps; idx++) {
+ if (caps & 0x1) {
+ if (rd->json_output) {
+ jsonw_string(rd->jw, caps_to_str(idx));
+ } else {
+ pr_out("%s", caps_to_str(idx));
+ if (caps >> 0x1)
+ pr_out(", ");
+ }
+ }
+ caps >>= 0x1;
+ }
+
+ if (rd->json_output)
+ jsonw_end_array(rd->jw);
+ else
+ pr_out(">");
+}
+
+static void link_print_subnet_prefix(struct rd *rd, struct nlattr **tb)
+{
+ uint64_t subnet_prefix;
+ uint16_t vp[4];
+ char str[32];
+
+ if (!tb[RDMA_NLDEV_ATTR_SUBNET_PREFIX])
+ return;
+
+ subnet_prefix = mnl_attr_get_u64(tb[RDMA_NLDEV_ATTR_SUBNET_PREFIX]);
+ memcpy(vp, &subnet_prefix, sizeof(uint64_t));
+ snprintf(str, 32, "%04x:%04x:%04x:%04x", vp[3], vp[2], vp[1], vp[0]);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "subnet_prefix", str);
+ else
+ pr_out("subnet_prefix %s ", str);
+}
+
+static void link_print_lid(struct rd *rd, struct nlattr **tb)
+{
+ uint32_t lid;
+
+ if (!tb[RDMA_NLDEV_ATTR_LID])
+ return;
+
+ lid = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_LID]);
+ if (rd->json_output)
+ jsonw_uint_field(rd->jw, "lid", lid);
+ else
+ pr_out("lid %u ", lid);
+}
+
+static void link_print_sm_lid(struct rd *rd, struct nlattr **tb)
+{
+ uint32_t sm_lid;
+
+ if (!tb[RDMA_NLDEV_ATTR_SM_LID])
+ return;
+
+ sm_lid = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_SM_LID]);
+ if (rd->json_output)
+ jsonw_uint_field(rd->jw, "sm_lid", sm_lid);
+ else
+ pr_out("sm_lid %u ", sm_lid);
+}
+
+static void link_print_lmc(struct rd *rd, struct nlattr **tb)
+{
+ uint8_t lmc;
+
+ if (!tb[RDMA_NLDEV_ATTR_LMC])
+ return;
+
+ lmc = mnl_attr_get_u8(tb[RDMA_NLDEV_ATTR_LMC]);
+ if (rd->json_output)
+ jsonw_uint_field(rd->jw, "lmc", lmc);
+ else
+ pr_out("lmc %u ", lmc);
+}
+
+static const char *link_state_to_str(uint8_t link_state)
+{
+ static const char * const link_state_str[] = { "NOP", "DOWN",
+ "INIT", "ARMED",
+ "ACTIVE",
+ "ACTIVE_DEFER" };
+ if (link_state < ARRAY_SIZE(link_state_str))
+ return link_state_str[link_state];
+ return "UNKNOWN";
+}
+
+static void link_print_state(struct rd *rd, struct nlattr **tb)
+{
+ uint8_t state;
+
+ if (!tb[RDMA_NLDEV_ATTR_PORT_STATE])
+ return;
+
+ state = mnl_attr_get_u8(tb[RDMA_NLDEV_ATTR_PORT_STATE]);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "state", link_state_to_str(state));
+ else
+ pr_out("state %s ", link_state_to_str(state));
+}
+
+static const char *phys_state_to_str(uint8_t phys_state)
+{
+ static const char * const phys_state_str[] = { "NOP", "SLEEP",
+ "POLLING", "DISABLED",
+ "ARMED", "LINK_UP",
+ "LINK_ERROR_RECOVER",
+ "PHY_TEST", "UNKNOWN",
+ "OPA_OFFLINE",
+ "UNKNOWN", "OPA_TEST" };
+ if (phys_state < ARRAY_SIZE(phys_state_str))
+ return phys_state_str[phys_state];
+ return "UNKNOWN";
+};
+
+static void link_print_phys_state(struct rd *rd, struct nlattr **tb)
+{
+ uint8_t phys_state;
+
+ if (!tb[RDMA_NLDEV_ATTR_PORT_PHYS_STATE])
+ return;
+
+ phys_state = mnl_attr_get_u8(tb[RDMA_NLDEV_ATTR_PORT_PHYS_STATE]);
+ if (rd->json_output)
+ jsonw_string_field(rd->jw, "physical_state",
+ phys_state_to_str(phys_state));
+ else
+ pr_out("physical_state %s ", phys_state_to_str(phys_state));
+}
+
+static int link_parse_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct nlattr *tb[RDMA_NLDEV_ATTR_MAX] = {};
+ struct rd *rd = data;
+ uint32_t port, idx;
+ char name[32];
+
+ mnl_attr_parse(nlh, 0, rd_attr_cb, tb);
+ if (!tb[RDMA_NLDEV_ATTR_DEV_INDEX] || !tb[RDMA_NLDEV_ATTR_DEV_NAME])
+ return MNL_CB_ERROR;
+
+ if (!tb[RDMA_NLDEV_ATTR_PORT_INDEX]) {
+ pr_err("This tool doesn't support switches yet\n");
+ return MNL_CB_ERROR;
+ }
+
+ idx = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
+ port = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_PORT_INDEX]);
+ snprintf(name, 32, "%s/%u",
+ mnl_attr_get_str(tb[RDMA_NLDEV_ATTR_DEV_NAME]), port);
+
+ if (rd->json_output) {
+ jsonw_uint_field(rd->jw, "ifindex", idx);
+ jsonw_uint_field(rd->jw, "port", port);
+ jsonw_string_field(rd->jw, "ifname", name);
+
+ } else {
+ pr_out("%u/%u: %s: ", idx, port, name);
+ }
+
+ link_print_subnet_prefix(rd, tb);
+ link_print_lid(rd, tb);
+ link_print_sm_lid(rd, tb);
+ link_print_lmc(rd, tb);
+ link_print_state(rd, tb);
+ link_print_phys_state(rd, tb);
+ if (rd->show_details)
+ link_print_caps(rd, tb);
+
+ if (!rd->json_output)
+ pr_out("\n");
+ return MNL_CB_OK;
+}
+
+static int link_no_args(struct rd *rd)
+{
+ uint32_t seq;
+ int ret;
+
+ rd_prepare_msg(rd, RDMA_NLDEV_CMD_PORT_GET, &seq,
+ (NLM_F_REQUEST | NLM_F_ACK));
+ mnl_attr_put_u32(rd->nlh, RDMA_NLDEV_ATTR_DEV_INDEX, rd->dev_idx);
+ mnl_attr_put_u32(rd->nlh, RDMA_NLDEV_ATTR_PORT_INDEX, rd->port_idx);
+ ret = rd_send_msg(rd);
+ if (ret)
+ return ret;
+
+ if (rd->json_output)
+ jsonw_start_object(rd->jw);
+ ret = rd_recv_msg(rd, link_parse_cb, rd, seq);
+ if (rd->json_output)
+ jsonw_end_object(rd->jw);
+ return ret;
+}
+
+static int link_one_show(struct rd *rd)
+{
+ const struct rd_cmd cmds[] = {
+ { NULL, link_no_args},
+ { 0 }
+ };
+
+ return rd_exec_cmd(rd, cmds, "parameter");
+}
+
+static int link_show(struct rd *rd)
+{
+ struct dev_map *dev_map;
+ uint32_t port;
+ int ret = 0;
+
+ if (rd->json_output)
+ jsonw_start_array(rd->jw);
+ if (rd_no_arg(rd)) {
+ list_for_each_entry(dev_map, &rd->dev_map_list, list) {
+ rd->dev_idx = dev_map->idx;
+ for (port = 1; port < dev_map->num_ports + 1; port++) {
+ rd->port_idx = port;
+ ret = link_one_show(rd);
+ if (ret)
+ goto out;
+ }
+ }
+
+ } else {
+ dev_map = dev_map_lookup(rd, true);
+ port = get_port_from_argv(rd);
+ if (!dev_map || port > dev_map->num_ports) {
+ pr_err("Wrong device name\n");
+ ret = -ENOENT;
+ goto out;
+ }
+ rd_arg_inc(rd);
+ rd->dev_idx = dev_map->idx;
+ rd->port_idx = port ? : 1;
+ for (; rd->port_idx < dev_map->num_ports + 1; rd->port_idx++) {
+ ret = link_one_show(rd);
+ if (ret)
+ goto out;
+ if (port)
+ /*
+ * We got request to show link for devname
+ * with port index.
+ */
+ break;
+ }
+ }
+
+out:
+ if (rd->json_output)
+ jsonw_end_array(rd->jw);
+ return ret;
+}
+
+int cmd_link(struct rd *rd)
+{
+ const struct rd_cmd cmds[] = {
+ { NULL, link_show },
+ { "show", link_show },
+ { "list", link_show },
+ { "help", link_help },
+ { 0 }
+ };
+
+ return rd_exec_cmd(rd, cmds, "link command");
+}
diff --git a/rdma/rdma.c b/rdma/rdma.c
new file mode 100644
index 0000000..f9f4f2a
--- /dev/null
+++ b/rdma/rdma.c
@@ -0,0 +1,143 @@
+/*
+ * rdma.c RDMA tool
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Leon Romanovsky <leonro@mellanox.com>
+ */
+
+#include "rdma.h"
+#include "SNAPSHOT.h"
+
+static void help(char *name)
+{
+ pr_out("Usage: %s [ OPTIONS ] OBJECT { COMMAND | help }\n"
+ "where OBJECT := { dev | link | help }\n"
+ " OPTIONS := { -V[ersion] | -d[etails] | -j[son] | -p[retty]}\n", name);
+}
+
+static int cmd_help(struct rd *rd)
+{
+ help(rd->filename);
+ return 0;
+}
+
+static int rd_cmd(struct rd *rd)
+{
+ const struct rd_cmd cmds[] = {
+ { NULL, cmd_help },
+ { "help", cmd_help },
+ { "dev", cmd_dev },
+ { "link", cmd_link },
+ { 0 }
+ };
+
+ return rd_exec_cmd(rd, cmds, "object");
+}
+
+static int rd_init(struct rd *rd, int argc, char **argv, char *filename)
+{
+ uint32_t seq;
+ int ret;
+
+ rd->filename = filename;
+ rd->argc = argc;
+ rd->argv = argv;
+ INIT_LIST_HEAD(&rd->dev_map_list);
+
+ if (rd->json_output) {
+ rd->jw = jsonw_new(stdout);
+ if (!rd->jw) {
+ pr_err("Failed to create JSON writer\n");
+ return -ENOMEM;
+ }
+ jsonw_pretty(rd->jw, rd->pretty_output);
+ }
+
+ rd->buff = malloc(MNL_SOCKET_BUFFER_SIZE);
+ if (!rd->buff)
+ return -ENOMEM;
+
+ rd_prepare_msg(rd, RDMA_NLDEV_CMD_GET,
+ &seq, (NLM_F_REQUEST | NLM_F_ACK | NLM_F_DUMP));
+ ret = rd_send_msg(rd);
+ if (ret)
+ return ret;
+
+ return rd_recv_msg(rd, rd_dev_init_cb, rd, seq);
+}
+
+static void rd_free(struct rd *rd)
+{
+ if (rd->json_output)
+ jsonw_destroy(&rd->jw);
+ free(rd->buff);
+ rd_free_devmap(rd);
+}
+
+int main(int argc, char **argv)
+{
+ static const struct option long_options[] = {
+ { "version", no_argument, NULL, 'V' },
+ { "help", no_argument, NULL, 'h' },
+ { "json", no_argument, NULL, 'j' },
+ { "pretty", no_argument, NULL, 'p' },
+ { "details", no_argument, NULL, 'd' },
+ { NULL, 0, NULL, 0 }
+ };
+ bool pretty_output = false;
+ bool show_details = false;
+ bool json_output = false;
+ char *filename;
+ struct rd rd;
+ int opt;
+ int err;
+
+ filename = basename(argv[0]);
+
+ while ((opt = getopt_long(argc, argv, "Vhdpj",
+ long_options, NULL)) >= 0) {
+ switch (opt) {
+ case 'V':
+ printf("%s utility, iproute2-ss%s\n",
+ filename, SNAPSHOT);
+ return EXIT_SUCCESS;
+ case 'p':
+ pretty_output = true;
+ break;
+ case 'd':
+ show_details = true;
+ break;
+ case 'j':
+ json_output = true;
+ break;
+ case 'h':
+ help(filename);
+ return EXIT_SUCCESS;
+ default:
+ pr_err("Unknown option.\n");
+ help(filename);
+ return EXIT_FAILURE;
+ }
+ }
+
+ argc -= optind;
+ argv += optind;
+
+ rd.show_details = show_details;
+ rd.json_output = json_output;
+ rd.pretty_output = pretty_output;
+
+ err = rd_init(&rd, argc, argv, filename);
+ if (err)
+ goto out;
+
+ err = rd_cmd(&rd);
+out:
+ /* Always cleanup */
+ rd_free(&rd);
+ return err ? EXIT_FAILURE : EXIT_SUCCESS;
+}
diff --git a/rdma/rdma.h b/rdma/rdma.h
new file mode 100644
index 0000000..d551eb2
--- /dev/null
+++ b/rdma/rdma.h
@@ -0,0 +1,91 @@
+/*
+ * rdma.c RDMA tool
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Leon Romanovsky <leonro@mellanox.com>
+ */
+#ifndef _RDMA_TOOL_H_
+#define _RDMA_TOOL_H_
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <getopt.h>
+#include <libmnl/libmnl.h>
+#include <rdma/rdma_netlink.h>
+#include <time.h>
+
+#include "list.h"
+#include "utils.h"
+#include "json_writer.h"
+
+#define pr_err(args...) fprintf(stderr, ##args)
+#define pr_out(args...) fprintf(stdout, ##args)
+
+#define RDMA_BITMAP_ENUM(name, bit_no) RDMA_BITMAP_##name = BIT(bit_no),
+#define RDMA_BITMAP_NAMES(name, bit_no) [bit_no] = #name,
+
+struct dev_map {
+ struct list_head list;
+ char *dev_name;
+ uint32_t num_ports;
+ uint32_t idx;
+};
+
+struct rd {
+ int argc;
+ char **argv;
+ char *filename;
+ bool show_details;
+ struct list_head dev_map_list;
+ uint32_t dev_idx;
+ uint32_t port_idx;
+ struct mnl_socket *nl;
+ struct nlmsghdr *nlh;
+ char *buff;
+ json_writer_t *jw;
+ bool json_output;
+ bool pretty_output;
+};
+
+struct rd_cmd {
+ const char *cmd;
+ int (*func)(struct rd *rd);
+};
+
+/*
+ * Parser interface
+ */
+bool rd_no_arg(struct rd *rd);
+void rd_arg_inc(struct rd *rd);
+
+char *rd_argv(struct rd *rd);
+uint32_t get_port_from_argv(struct rd *rd);
+
+/*
+ * Commands interface
+ */
+int cmd_dev(struct rd *rd);
+int cmd_link(struct rd *rd);
+int rd_exec_cmd(struct rd *rd, const struct rd_cmd *c, const char *str);
+
+/*
+ * Device manipulation
+ */
+void rd_free_devmap(struct rd *rd);
+struct dev_map *dev_map_lookup(struct rd *rd, bool allow_port_index);
+struct dev_map *_dev_map_lookup(struct rd *rd, const char *dev_name);
+
+/*
+ * Netlink
+ */
+int rd_send_msg(struct rd *rd);
+int rd_recv_msg(struct rd *rd, mnl_cb_t callback, void *data, uint32_t seq);
+void rd_prepare_msg(struct rd *rd, uint32_t cmd, uint32_t *seq, uint16_t flags);
+int rd_dev_init_cb(const struct nlmsghdr *nlh, void *data);
+int rd_attr_cb(const struct nlattr *attr, void *data);
+#endif /* _RDMA_TOOL_H_ */
diff --git a/rdma/utils.c b/rdma/utils.c
new file mode 100644
index 0000000..eb4377c
--- /dev/null
+++ b/rdma/utils.c
@@ -0,0 +1,266 @@
+/*
+ * utils.c RDMA tool
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Leon Romanovsky <leonro@mellanox.com>
+ */
+
+#include "rdma.h"
+
+static int rd_argc(struct rd *rd)
+{
+ return rd->argc;
+}
+
+char *rd_argv(struct rd *rd)
+{
+ if (!rd_argc(rd))
+ return NULL;
+ return *rd->argv;
+}
+
+static int strcmpx(const char *str1, const char *str2)
+{
+ if (strlen(str1) > strlen(str2))
+ return -1;
+ return strncmp(str1, str2, strlen(str1));
+}
+
+static bool rd_argv_match(struct rd *rd, const char *pattern)
+{
+ if (!rd_argc(rd))
+ return false;
+ return strcmpx(rd_argv(rd), pattern) == 0;
+}
+
+void rd_arg_inc(struct rd *rd)
+{
+ if (!rd_argc(rd))
+ return;
+ rd->argc--;
+ rd->argv++;
+}
+
+bool rd_no_arg(struct rd *rd)
+{
+ return rd_argc(rd) == 0;
+}
+
+uint32_t get_port_from_argv(struct rd *rd)
+{
+ char *slash;
+
+ slash = strchr(rd_argv(rd), '/');
+ /* if no port found, return 0 */
+ return slash ? atoi(slash + 1) : 0;
+}
+
+static struct dev_map *dev_map_alloc(const char *dev_name)
+{
+ struct dev_map *dev_map;
+
+ dev_map = calloc(1, sizeof(*dev_map));
+ if (!dev_map)
+ return NULL;
+ dev_map->dev_name = strdup(dev_name);
+
+ return dev_map;
+}
+
+static void dev_map_free(struct dev_map *dev_map)
+{
+ if (!dev_map)
+ return;
+
+ free(dev_map->dev_name);
+ free(dev_map);
+}
+
+static void dev_map_cleanup(struct rd *rd)
+{
+ struct dev_map *dev_map, *tmp;
+
+ list_for_each_entry_safe(dev_map, tmp,
+ &rd->dev_map_list, list) {
+ list_del(&dev_map->list);
+ dev_map_free(dev_map);
+ }
+}
+
+static const enum mnl_attr_data_type nldev_policy[RDMA_NLDEV_ATTR_MAX] = {
+ [RDMA_NLDEV_ATTR_DEV_INDEX] = MNL_TYPE_U32,
+ [RDMA_NLDEV_ATTR_DEV_NAME] = MNL_TYPE_NUL_STRING,
+ [RDMA_NLDEV_ATTR_PORT_INDEX] = MNL_TYPE_U32,
+ [RDMA_NLDEV_ATTR_CAP_FLAGS] = MNL_TYPE_U64,
+ [RDMA_NLDEV_ATTR_FW_VERSION] = MNL_TYPE_NUL_STRING,
+ [RDMA_NLDEV_ATTR_NODE_GUID] = MNL_TYPE_U64,
+ [RDMA_NLDEV_ATTR_SYS_IMAGE_GUID] = MNL_TYPE_U64,
+ [RDMA_NLDEV_ATTR_LID] = MNL_TYPE_U32,
+ [RDMA_NLDEV_ATTR_SM_LID] = MNL_TYPE_U32,
+ [RDMA_NLDEV_ATTR_LMC] = MNL_TYPE_U8,
+ [RDMA_NLDEV_ATTR_PORT_STATE] = MNL_TYPE_U8,
+ [RDMA_NLDEV_ATTR_PORT_PHYS_STATE] = MNL_TYPE_U8,
+ [RDMA_NLDEV_ATTR_DEV_NODE_TYPE] = MNL_TYPE_U8,
+};
+
+int rd_attr_cb(const struct nlattr *attr, void *data)
+{
+ const struct nlattr **tb = data;
+ int type;
+
+ if (mnl_attr_type_valid(attr, RDMA_NLDEV_ATTR_MAX) < 0)
+ return MNL_CB_ERROR;
+
+ type = mnl_attr_get_type(attr);
+
+ if (mnl_attr_validate(attr, nldev_policy[type]) < 0)
+ return MNL_CB_ERROR;
+
+ tb[type] = attr;
+ return MNL_CB_OK;
+}
+
+int rd_dev_init_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct nlattr *tb[RDMA_NLDEV_ATTR_MAX] = {};
+ struct dev_map *dev_map;
+ struct rd *rd = data;
+ const char *dev_name;
+
+ mnl_attr_parse(nlh, 0, rd_attr_cb, tb);
+ if (!tb[RDMA_NLDEV_ATTR_DEV_NAME] || !tb[RDMA_NLDEV_ATTR_DEV_INDEX])
+ return MNL_CB_ERROR;
+ if (!tb[RDMA_NLDEV_ATTR_PORT_INDEX]) {
+ pr_err("This tool doesn't support switches yet\n");
+ return MNL_CB_ERROR;
+ }
+
+ dev_name = mnl_attr_get_str(tb[RDMA_NLDEV_ATTR_DEV_NAME]);
+
+ dev_map = dev_map_alloc(dev_name);
+ if (!dev_map)
+ /* The main function will cleanup the allocations */
+ return MNL_CB_ERROR;
+ list_add_tail(&dev_map->list, &rd->dev_map_list);
+
+ dev_map->num_ports = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_PORT_INDEX]);
+ dev_map->idx = mnl_attr_get_u32(tb[RDMA_NLDEV_ATTR_DEV_INDEX]);
+ return MNL_CB_OK;
+}
+
+void rd_free_devmap(struct rd *rd)
+{
+ if (!rd)
+ return;
+ dev_map_cleanup(rd);
+}
+
+int rd_exec_cmd(struct rd *rd, const struct rd_cmd *cmds, const char *str)
+{
+ const struct rd_cmd *c;
+
+ /* First argument in objs table is default variant */
+ if (rd_no_arg(rd))
+ return cmds->func(rd);
+
+ for (c = cmds + 1; c->cmd; ++c) {
+ if (rd_argv_match(rd, c->cmd)) {
+ /* Move to next argument */
+ rd_arg_inc(rd);
+ return c->func(rd);
+ }
+ }
+
+ pr_err("Unknown %s '%s'.\n", str, rd_argv(rd));
+ return 0;
+}
+
+void rd_prepare_msg(struct rd *rd, uint32_t cmd, uint32_t *seq, uint16_t flags)
+{
+ *seq = time(NULL);
+
+ rd->nlh = mnl_nlmsg_put_header(rd->buff);
+ rd->nlh->nlmsg_type = RDMA_NL_GET_TYPE(RDMA_NL_NLDEV, cmd);
+ rd->nlh->nlmsg_seq = *seq;
+ rd->nlh->nlmsg_flags = flags;
+}
+
+int rd_send_msg(struct rd *rd)
+{
+ int ret;
+
+ rd->nl = mnl_socket_open(NETLINK_RDMA);
+ if (!rd->nl) {
+ pr_err("Failed to open NETLINK_RDMA socket\n");
+ return -ENODEV;
+ }
+
+ ret = mnl_socket_bind(rd->nl, 0, MNL_SOCKET_AUTOPID);
+ if (ret < 0) {
+ pr_err("Failed to bind socket with err %d\n", ret);
+ goto err;
+ }
+
+ ret = mnl_socket_sendto(rd->nl, rd->nlh, rd->nlh->nlmsg_len);
+ if (ret < 0) {
+ pr_err("Failed to send to socket with err %d\n", ret);
+ goto err;
+ }
+ return 0;
+
+err:
+ mnl_socket_close(rd->nl);
+ return ret;
+}
+
+int rd_recv_msg(struct rd *rd, mnl_cb_t callback, void *data, unsigned int seq)
+{
+ int ret;
+ unsigned int portid;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+
+ portid = mnl_socket_get_portid(rd->nl);
+ do {
+ ret = mnl_socket_recvfrom(rd->nl, buf, sizeof(buf));
+ if (ret <= 0)
+ break;
+
+ ret = mnl_cb_run(buf, ret, seq, portid, callback, data);
+ } while (ret > 0);
+
+ mnl_socket_close(rd->nl);
+ return ret;
+}
+
+struct dev_map *_dev_map_lookup(struct rd *rd, const char *dev_name)
+{
+ struct dev_map *dev_map;
+
+ list_for_each_entry(dev_map, &rd->dev_map_list, list)
+ if (strcmp(dev_name, dev_map->dev_name) == 0)
+ return dev_map;
+
+ return NULL;
+}
+
+struct dev_map *dev_map_lookup(struct rd *rd, bool allow_port_index)
+{
+ struct dev_map *dev_map;
+ char *dev_name;
+ char *slash;
+
+ dev_name = strdup(rd_argv(rd));
+ if (allow_port_index) {
+ slash = strrchr(dev_name, '/');
+ if (slash)
+ *slash = '\0';
+ }
+
+ dev_map = _dev_map_lookup(rd, dev_name);
+ free(dev_name);
+ return dev_map;
+}
diff --git a/schema/bridge_fdb_schema.json b/schema/bridge_fdb_schema.json
new file mode 100644
index 0000000..3e5be8d
--- /dev/null
+++ b/schema/bridge_fdb_schema.json
@@ -0,0 +1,62 @@
+{
+ "$schema": "http://json-schema.org/draft-04/schema#",
+ "description": "bridge fdb show",
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "dev": {
+ "type": "string"
+ },
+ "dst": {
+ "description" : "host name or ip address",
+ "type": "string"
+ },
+ "flags": {
+ "type": "array",
+ "items": {
+ "enum": ["self", "master", "router", "offload"]
+ },
+ "uniqueItems": true
+ },
+ "linkNetNsId": {
+ "type": "integer"
+ },
+ "mac": {
+ "type": "string"
+ },
+ "master": {
+ "type": "string"
+ },
+ "opCode": {
+ "description" : "used to indicate fdb entry del",
+ "enum": ["deleted"]
+ },
+ "port": {
+ "type": "integer"
+ },
+ "state": {
+ "description" : "permanent, static, stale, state=#x",
+ "type": "string"
+ },
+ "updated": {
+ "type": "integer"
+ },
+ "used": {
+ "type": "integer"
+ },
+ "viaIf": {
+ "type": "string"
+ },
+ "viaIfIndex": {
+ "type": "integer"
+ },
+ "vlan": {
+ "type": "integer"
+ },
+ "vni": {
+ "type": "integer"
+ }
+ }
+ }
+}
diff --git a/tc/Android.mk b/tc/Android.mk
index 467b08a..78463a8 100644
--- a/tc/Android.mk
+++ b/tc/Android.mk
@@ -12,7 +12,7 @@
LOCAL_SHARED_LIBRARIES += libiprouteutil libnetlink
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include
+LOCAL_C_INCLUDES := $(LOCAL_PATH)/../include $(UAPI_INCLUDES)
LOCAL_CFLAGS := -O2 -g -W -Wall -Wno-pointer-arith -Wno-sign-compare -Werror \
-Wno-unused-parameter \
diff --git a/tc/Makefile b/tc/Makefile
index f5bea87..777de5e 100644
--- a/tc/Makefile
+++ b/tc/Makefile
@@ -1,12 +1,8 @@
TCOBJ= tc.o tc_qdisc.o tc_class.o tc_filter.o tc_util.o tc_monitor.o \
- tc_exec.o tc_bpf.o m_police.o m_estimator.o m_action.o m_ematch.o \
+ tc_exec.o m_police.o m_estimator.o m_action.o m_ematch.o \
emp_ematch.yacc.o emp_ematch.lex.o
-include ../Config
-
-ifeq ($(IP_CONFIG_SETNS),y)
- CFLAGS += -DHAVE_SETNS
-endif
+include ../config.mk
SHARED_LIBS ?= y
@@ -43,14 +39,20 @@
TCMODULES += m_mirred.o
TCMODULES += m_nat.o
TCMODULES += m_pedit.o
+TCMODULES += m_ife.o
TCMODULES += m_skbedit.o
+TCMODULES += m_skbmod.o
TCMODULES += m_csum.o
TCMODULES += m_simple.o
TCMODULES += m_vlan.o
TCMODULES += m_connmark.o
TCMODULES += m_bpf.o
+TCMODULES += m_tunnel_key.o
+TCMODULES += m_sample.o
TCMODULES += p_ip.o
+TCMODULES += p_ip6.o
TCMODULES += p_icmp.o
+TCMODULES += p_eth.o
TCMODULES += p_tcp.o
TCMODULES += p_udp.o
TCMODULES += em_nbyte.o
@@ -66,40 +68,35 @@
TCMODULES += q_hhf.o
TCMODULES += q_clsact.o
TCMODULES += e_bpf.o
-
-ifeq ($(TC_CONFIG_IPSET), y)
- ifeq ($(TC_CONFIG_XT), y)
- TCMODULES += em_ipset.o
- endif
-endif
+TCMODULES += f_matchall.o
TCSO :=
ifeq ($(TC_CONFIG_ATM),y)
TCSO += q_atm.so
endif
-ifeq ($(TC_CONFIG_XT),y)
- TCSO += m_xt.so
-else
- ifeq ($(TC_CONFIG_XT_OLD),y)
- TCSO += m_xt_old.so
+ifneq ($(TC_CONFIG_NO_XT),y)
+ ifeq ($(TC_CONFIG_XT),y)
+ TCSO += m_xt.so
+ ifeq ($(TC_CONFIG_IPSET),y)
+ TCMODULES += em_ipset.o
+ endif
else
- ifeq ($(TC_CONFIG_XT_OLD_H),y)
- CFLAGS += -DTC_CONFIG_XT_H
- TCSO += m_xt_old.so
+ ifeq ($(TC_CONFIG_XT_OLD),y)
+ TCSO += m_xt_old.so
else
- TCMODULES += m_ipt.o
+ ifeq ($(TC_CONFIG_XT_OLD_H),y)
+ CFLAGS += -DTC_CONFIG_XT_H
+ TCSO += m_xt_old.so
+ else
+ TCMODULES += m_ipt.o
+ endif
endif
endif
endif
-ifeq ($(TC_CONFIG_ELF),y)
- CFLAGS += -DHAVE_ELF
- LDLIBS += -lelf
-endif
-
TCOBJ += $(TCMODULES)
-LDLIBS += -L. -ltc -lm
+LDLIBS += -L. -lm
ifeq ($(SHARED_LIBS),y)
LDLIBS += -ldl
@@ -124,15 +121,16 @@
MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc
%.so: %.c
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic $< -o $@
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic $< -o $@
-all: libtc.a tc $(TCSO)
+all: tc $(TCSO)
-tc: $(TCOBJ) $(TCLIB)
+tc: $(TCOBJ) $(LIBNETLINK) libtc.a
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
libtc.a: $(TCLIB)
- $(AR) rcs $@ $(TCLIB)
+ $(QUIET_AR)$(AR) rcs $@ $^
install: all
mkdir -p $(MODDESTDIR)
@@ -153,21 +151,21 @@
rm -f emp_ematch.yacc.*
q_atm.so: q_atm.c
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm
m_xt.so: m_xt.c
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs)
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs)
m_xt_old.so: m_xt_old.c
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o m_xt_old.so m_xt_old.c $$($(PKG_CONFIG) xtables --cflags --libs)
+ $(QUIET_CC)$(CC) $(CFLAGS) $(LDFLAGS) -shared -fpic -o m_xt_old.so m_xt_old.c $$($(PKG_CONFIG) xtables --cflags --libs)
em_ipset.o: CFLAGS += $$($(PKG_CONFIG) xtables --cflags)
%.yacc.c: %.y
- $(YACC) $(YACCFLAGS) -o $@ $<
+ $(QUIET_YACC)$(YACC) $(YACCFLAGS) -o $@ $<
%.lex.c: %.l
- $(LEX) $(LEXFLAGS) -o$@ $<
+ $(QUIET_LEX)$(LEX) $(LEXFLAGS) -o$@ $<
# our lexer includes the header from yacc, so make sure
# we don't attempt to compile it before the header has
diff --git a/tc/e_bpf.c b/tc/e_bpf.c
index 2d650a4..84f43e6 100644
--- a/tc/e_bpf.c
+++ b/tc/e_bpf.c
@@ -15,8 +15,8 @@
#include "utils.h"
#include "tc_util.h"
-#include "tc_bpf.h"
+#include "bpf_util.h"
#include "bpf_elf.h"
#include "bpf_scm.h"
@@ -56,8 +56,8 @@
char **argv_run = argv_default, **envp_run, *tmp;
int ret, i, env_old, env_num, env_map;
const char *bpf_uds_name = NULL;
- int fds[BPF_SCM_MAX_FDS];
- struct bpf_map_aux aux;
+ int fds[BPF_SCM_MAX_FDS] = {};
+ struct bpf_map_aux aux = {};
if (argc == 0)
return 0;
@@ -115,9 +115,6 @@
return -1;
}
- memset(fds, 0, sizeof(fds));
- memset(&aux, 0, sizeof(aux));
-
ret = bpf_recv_map_fds(bpf_uds_name, fds, &aux, ARRAY_SIZE(fds));
if (ret < 0) {
fprintf(stderr, "bpf: Could not receive fds!\n");
diff --git a/tc/em_canid.c b/tc/em_canid.c
index 16f6ed5..ceb64cb 100644
--- a/tc/em_canid.c
+++ b/tc/em_canid.c
@@ -106,8 +106,8 @@
if (args == NULL)
return PARSE_ERR(args, "canid: missing arguments");
- rules.rules_raw = malloc(sizeof(struct can_filter) * rules.rules_capacity);
- memset(rules.rules_raw, 0, sizeof(struct can_filter) * rules.rules_capacity);
+ rules.rules_raw = calloc(rules.rules_capacity,
+ sizeof(struct can_filter));
do {
if (!bstrcmp(args, "sff")) {
diff --git a/tc/em_cmp.c b/tc/em_cmp.c
index 3e6d00e..8ea0acc 100644
--- a/tc/em_cmp.c
+++ b/tc/em_cmp.c
@@ -44,12 +44,10 @@
int align, opnd = 0;
unsigned long offset = 0, layer = TCF_LAYER_NETWORK, mask = 0, value = 0;
int offset_present = 0, value_present = 0;
- struct tcf_em_cmp cmp;
-
- memset(&cmp, 0, sizeof(cmp));
+ struct tcf_em_cmp cmp = {};
#define PARSE_ERR(CARG, FMT, ARGS...) \
- em_parse_error(EINVAL, args, CARG, &cmp_ematch_util, FMT ,##ARGS)
+ em_parse_error(EINVAL, args, CARG, &cmp_ematch_util, FMT, ##ARGS)
if (args == NULL)
return PARSE_ERR(args, "cmp: missing arguments");
diff --git a/tc/em_ipset.c b/tc/em_ipset.c
index a2d0d15..48b287f 100644
--- a/tc/em_ipset.c
+++ b/tc/em_ipset.c
@@ -52,8 +52,8 @@
#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
struct ip_set_req_get_set {
- unsigned op;
- unsigned version;
+ unsigned int op;
+ unsigned int version;
union ip_set_name_index set;
};
@@ -62,14 +62,14 @@
#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
struct ip_set_req_version {
- unsigned op;
- unsigned version;
+ unsigned int op;
+ unsigned int version;
};
#endif /* IPSET_INVALID_ID */
extern struct ematch_util ipset_ematch_util;
-static int get_version(unsigned *version)
+static int get_version(unsigned int *version)
{
int res, sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
struct ip_set_req_version req_version;
@@ -84,6 +84,7 @@
res = getsockopt(sockfd, SOL_IP, SO_IP_SET, &req_version, &size);
if (res != 0) {
perror("xt_set getsockopt");
+ close(sockfd);
return -1;
}
@@ -95,6 +96,7 @@
{
int sockfd, res;
socklen_t size = sizeof(struct ip_set_req_get_set);
+
sockfd = get_version(&req->version);
if (sockfd < 0)
return -1;
@@ -107,8 +109,7 @@
if (size != sizeof(struct ip_set_req_get_set)) {
fprintf(stderr,
- "Incorrect return size from kernel during ipset lookup, "
- "(want %zu, got %zu)\n",
+ "Incorrect return size from kernel during ipset lookup, (want %zu, got %zu)\n",
sizeof(struct ip_set_req_get_set), (size_t)size);
return -1;
}
@@ -144,8 +145,7 @@
int res;
req.op = IP_SET_OP_GET_BYNAME;
- strncpy(req.set.name, setname, IPSET_MAXNAMELEN);
- req.set.name[IPSET_MAXNAMELEN - 1] = '\0';
+ strlcpy(req.set.name, setname, IPSET_MAXNAMELEN);
res = do_getsockopt(&req);
if (res != 0)
return -1;
@@ -158,29 +158,29 @@
static int
parse_dirs(const char *opt_arg, struct xt_set_info *info)
{
- char *saved = strdup(opt_arg);
- char *ptr, *tmp = saved;
+ char *saved = strdup(opt_arg);
+ char *ptr, *tmp = saved;
if (!tmp) {
perror("strdup");
return -1;
}
- while (info->dim < IPSET_DIM_MAX && tmp != NULL) {
- info->dim++;
- ptr = strsep(&tmp, ",");
- if (strncmp(ptr, "src", 3) == 0)
- info->flags |= (1 << info->dim);
- else if (strncmp(ptr, "dst", 3) != 0) {
- fputs("You must specify (the comma separated list of) 'src' or 'dst'\n", stderr);
+ while (info->dim < IPSET_DIM_MAX && tmp != NULL) {
+ info->dim++;
+ ptr = strsep(&tmp, ",");
+ if (strncmp(ptr, "src", 3) == 0)
+ info->flags |= (1 << info->dim);
+ else if (strncmp(ptr, "dst", 3) != 0) {
+ fputs("You must specify (the comma separated list of) 'src' or 'dst'\n", stderr);
free(saved);
return -1;
}
- }
+ }
- if (tmp)
- fprintf(stderr, "Can't be more src/dst options than %u", IPSET_DIM_MAX);
- free(saved);
+ if (tmp)
+ fprintf(stderr, "Can't be more src/dst options than %u", IPSET_DIM_MAX);
+ free(saved);
return tmp ? -1 : 0;
}
@@ -198,13 +198,11 @@
static int ipset_parse_eopt(struct nlmsghdr *n, struct tcf_ematch_hdr *hdr,
struct bstr *args)
{
- struct xt_set_info set_info;
+ struct xt_set_info set_info = {};
int ret;
- memset(&set_info, 0, sizeof(set_info));
-
#define PARSE_ERR(CARG, FMT, ARGS...) \
- em_parse_error(EINVAL, args, CARG, &ipset_ematch_util, FMT ,##ARGS)
+ em_parse_error(EINVAL, args, CARG, &ipset_ematch_util, FMT, ##ARGS)
if (args == NULL)
return PARSE_ERR(args, "ipset: missing set name");
@@ -238,7 +236,7 @@
int data_len)
{
int i;
- char setname[IPSET_MAXNAMELEN];
+ char setname[IPSET_MAXNAMELEN];
const struct xt_set_info *set_info = data;
if (data_len != sizeof(*set_info)) {
@@ -246,7 +244,7 @@
return -1;
}
- if (get_set_byid(setname, set_info->index))
+ if (get_set_byid(setname, set_info->index))
return -1;
fputs(setname, fd);
for (i = 1; i <= set_info->dim; i++) {
diff --git a/tc/em_meta.c b/tc/em_meta.c
index b64f333..bf47093 100644
--- a/tc/em_meta.c
+++ b/tc/em_meta.c
@@ -41,9 +41,9 @@
struct meta_entry {
int id;
- char * kind;
- char * mask;
- char * desc;
+ char *kind;
+ char *mask;
+ char *desc;
} meta_table[] = {
#define TCF_META_ID_SECTION 0
#define __A(id, name, mask, desc) { TCF_META_ID_##id, name, mask, desc }
@@ -102,7 +102,7 @@
__A(SK_RMEM_ALLOC, "sk_rmem", "i", "RMEM"),
__A(SK_WMEM_ALLOC, "sk_wmem", "i", "WMEM"),
__A(SK_OMEM_ALLOC, "sk_omem", "i", "OMEM"),
- __A(SK_WMEM_QUEUED, "sk_wmem_queue","i", "WMEM queue"),
+ __A(SK_WMEM_QUEUED, "sk_wmem_queue", "i", "WMEM queue"),
__A(SK_SND_QLEN, "sk_snd_queue", "i", "Send queue length"),
__A(SK_RCV_QLEN, "sk_rcv_queue", "i", "Receive queue length"),
__A(SK_ERR_QLEN, "sk_err_queue", "i", "Error queue length"),
@@ -122,11 +122,11 @@
return INT_MAX;
}
-static struct meta_entry * lookup_meta_entry(struct bstr *kind)
+static struct meta_entry *lookup_meta_entry(struct bstr *kind)
{
int i;
- for (i = 0; i < (sizeof(meta_table)/sizeof(meta_table[0])); i++)
+ for (i = 0; i < ARRAY_SIZE(meta_table); i++)
if (!bstrcmp(kind, meta_table[i].kind) &&
meta_table[i].id != 0)
return &meta_table[i];
@@ -134,11 +134,11 @@
return NULL;
}
-static struct meta_entry * lookup_meta_entry_byid(int id)
+static struct meta_entry *lookup_meta_entry_byid(int id)
{
int i;
- for (i = 0; i < (sizeof(meta_table)/sizeof(meta_table[0])); i++)
+ for (i = 0; i < ARRAY_SIZE(meta_table); i++)
if (meta_table[i].id == id)
return &meta_table[i];
@@ -159,6 +159,7 @@
case TCF_META_TYPE_VAR:
if (TCF_META_ID(hdr->kind) == TCF_META_ID_VALUE) {
struct bstr *a = (struct bstr *) val;
+
addattr_l(n, MAX_MSG, tlv, a->data, a->len);
}
break;
@@ -192,7 +193,7 @@
" ID Type Description\n" \
"--------------------------------------------------------");
- for (i = 0; i < (sizeof(meta_table)/sizeof(meta_table[0])); i++) {
+ for (i = 0; i < ARRAY_SIZE(meta_table); i++) {
if (meta_table[i].id == TCF_META_ID_SECTION) {
fprintf(fd, "\n%s:\n", meta_table[i].kind);
} else {
@@ -231,7 +232,7 @@
#define PARSE_FAILURE ((void *) (-1))
#define PARSE_ERR(CARG, FMT, ARGS...) \
- em_parse_error(EINVAL, args, CARG, &meta_ematch_util, FMT ,##ARGS)
+ em_parse_error(EINVAL, args, CARG, &meta_ematch_util, FMT, ##ARGS)
static inline int can_adopt(struct tcf_meta_val *val)
{
@@ -308,7 +309,7 @@
a = bstr_next(arg);
- while(a) {
+ while (a) {
if (!bstrcmp(a, "shift")) {
unsigned long shift;
@@ -360,11 +361,9 @@
{
int opnd;
struct bstr *a;
- struct tcf_meta_hdr meta_hdr;
+ struct tcf_meta_hdr meta_hdr = {};
unsigned long lvalue = 0, rvalue = 0;
- memset(&meta_hdr, 0, sizeof(meta_hdr));
-
if (args == NULL)
return PARSE_ERR(args, "meta: missing arguments");
@@ -441,7 +440,7 @@
return -1;
}
- switch(type) {
+ switch (type) {
case TCF_META_TYPE_INT:
if (RTA_PAYLOAD(rta) < sizeof(__u32)) {
fprintf(stderr, "meta int type value TLV " \
@@ -484,8 +483,9 @@
if (RTA_PAYLOAD(rta) < sizeof(__u32))
goto size_mismatch;
- fprintf(fd, " mask 0x%08x",
- rta_getattr_u32(rta));
+ if (rta_getattr_u32(rta))
+ fprintf(fd, " mask 0x%08x",
+ rta_getattr_u32(rta));
}
break;
}
diff --git a/tc/em_nbyte.c b/tc/em_nbyte.c
index 87f3e9d..52b4d10 100644
--- a/tc/em_nbyte.c
+++ b/tc/em_nbyte.c
@@ -44,12 +44,10 @@
struct bstr *needle = args;
unsigned long offset = 0, layer = TCF_LAYER_NETWORK;
int offset_present = 0;
- struct tcf_em_nbyte nb;
-
- memset(&nb, 0, sizeof(nb));
+ struct tcf_em_nbyte nb = {};
#define PARSE_ERR(CARG, FMT, ARGS...) \
- em_parse_error(EINVAL, args, CARG, &nbyte_ematch_util, FMT ,##ARGS)
+ em_parse_error(EINVAL, args, CARG, &nbyte_ematch_util, FMT, ##ARGS)
if (args == NULL)
return PARSE_ERR(args, "nbyte: missing arguments");
diff --git a/tc/em_u32.c b/tc/em_u32.c
index 21ed70f..869ebde 100644
--- a/tc/em_u32.c
+++ b/tc/em_u32.c
@@ -39,12 +39,10 @@
struct bstr *a;
int align, nh_len;
unsigned long key, mask, offmask = 0, offset;
- struct tc_u32_key u_key;
-
- memset(&u_key, 0, sizeof(u_key));
+ struct tc_u32_key u_key = {};
#define PARSE_ERR(CARG, FMT, ARGS...) \
- em_parse_error(EINVAL, args, CARG, &u32_ematch_util, FMT ,##ARGS)
+ em_parse_error(EINVAL, args, CARG, &u32_ematch_util, FMT, ##ARGS)
if (args == NULL)
return PARSE_ERR(args, "u32: missing arguments");
@@ -85,6 +83,7 @@
nh_len = strlen("nexthdr+");
if (a->len > nh_len && !memcmp(a->data, "nexthdr+", nh_len)) {
char buf[a->len - nh_len + 1];
+
offmask = -1;
memcpy(buf, a->data + nh_len, a->len - nh_len);
offset = strtoul(buf, NULL, 0);
diff --git a/tc/f_basic.c b/tc/f_basic.c
index 4adf1d2..8370ea6 100644
--- a/tc/f_basic.c
+++ b/tc/f_basic.c
@@ -27,7 +27,7 @@
static void explain(void)
{
- fprintf(stderr, "Usage: ... basic [ match EMATCH_TREE ] \n");
+ fprintf(stderr, "Usage: ... basic [ match EMATCH_TREE ]\n");
fprintf(stderr, " [ action ACTION_SPEC ] [ classid CLASSID ]\n");
fprintf(stderr, "\n");
fprintf(stderr, "Where: SELECTOR := SAMPLE SAMPLE ...\n");
@@ -56,7 +56,7 @@
if (argc == 0)
return 0;
- tail = (struct rtattr*)(((void*)n)+NLMSG_ALIGN(n->nlmsg_len));
+ tail = (struct rtattr *)(((void *)n)+NLMSG_ALIGN(n->nlmsg_len));
addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
while (argc > 0) {
@@ -69,7 +69,8 @@
continue;
} else if (matches(*argv, "classid") == 0 ||
strcmp(*argv, "flowid") == 0) {
- unsigned handle;
+ unsigned int handle;
+
NEXT_ARG();
if (get_tc_classid(&handle, *argv)) {
fprintf(stderr, "Illegal \"classid\"\n");
@@ -102,7 +103,7 @@
argc--; argv++;
}
- tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail;
+ tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
return 0;
}
@@ -134,7 +135,7 @@
}
if (tb[TCA_BASIC_ACT]) {
- tc_print_action(f, tb[TCA_BASIC_ACT]);
+ tc_print_action(f, tb[TCA_BASIC_ACT], 0);
}
return 0;
diff --git a/tc/f_bpf.c b/tc/f_bpf.c
index afc2e58..3f619d0 100644
--- a/tc/f_bpf.c
+++ b/tc/f_bpf.c
@@ -6,7 +6,7 @@
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
- * Authors: Daniel Borkmann <dborkman@redhat.com>
+ * Authors: Daniel Borkmann <daniel@iogearbox.net>
*/
#include <stdio.h>
@@ -15,18 +15,12 @@
#include <linux/bpf.h>
#include "utils.h"
+
#include "tc_util.h"
-#include "tc_bpf.h"
+#include "bpf_util.h"
static const enum bpf_prog_type bpf_type = BPF_PROG_TYPE_SCHED_CLS;
-static const int nla_tbl[BPF_NLA_MAX] = {
- [BPF_NLA_OPS_LEN] = TCA_BPF_OPS_LEN,
- [BPF_NLA_OPS] = TCA_BPF_OPS,
- [BPF_NLA_FD] = TCA_BPF_FD,
- [BPF_NLA_NAME] = TCA_BPF_NAME,
-};
-
static void explain(void)
{
fprintf(stderr, "Usage: ... bpf ...\n");
@@ -37,8 +31,8 @@
fprintf(stderr, "\n");
fprintf(stderr, "eBPF use case:\n");
fprintf(stderr, " object-file FILE [ section CLS_NAME ] [ export UDS_FILE ]");
- fprintf(stderr, " [ verbose ] [ direct-action ]\n");
- fprintf(stderr, " object-pinned FILE [ direct-action ]\n");
+ fprintf(stderr, " [ verbose ] [ direct-action ] [ skip_hw | skip_sw ]\n");
+ fprintf(stderr, " object-pinned FILE [ direct-action ] [ skip_hw | skip_sw ]\n");
fprintf(stderr, "\n");
fprintf(stderr, "Common remaining options:\n");
fprintf(stderr, " [ action ACTION_SPEC ]\n");
@@ -52,7 +46,7 @@
fprintf(stderr, "pinned eBPF program.\n");
fprintf(stderr, "\n");
fprintf(stderr, "Where CLS_NAME refers to the section name containing the\n");
- fprintf(stderr, "classifier (default \'%s\').\n", bpf_default_section(bpf_type));
+ fprintf(stderr, "classifier (default \'%s\').\n", bpf_prog_to_default_section(bpf_type));
fprintf(stderr, "\n");
fprintf(stderr, "Where UDS_FILE points to a unix domain socket file in order\n");
fprintf(stderr, "to hand off control of all created eBPF maps to an agent.\n");
@@ -61,19 +55,36 @@
fprintf(stderr, "NOTE: CLASSID is parsed as hexadecimal input.\n");
}
+static void bpf_cbpf_cb(void *nl, const struct sock_filter *ops, int ops_len)
+{
+ addattr16(nl, MAX_MSG, TCA_BPF_OPS_LEN, ops_len);
+ addattr_l(nl, MAX_MSG, TCA_BPF_OPS, ops,
+ ops_len * sizeof(struct sock_filter));
+}
+
+static void bpf_ebpf_cb(void *nl, int fd, const char *annotation)
+{
+ addattr32(nl, MAX_MSG, TCA_BPF_FD, fd);
+ addattrstrz(nl, MAX_MSG, TCA_BPF_NAME, annotation);
+}
+
+static const struct bpf_cfg_ops bpf_cb_ops = {
+ .cbpf_cb = bpf_cbpf_cb,
+ .ebpf_cb = bpf_ebpf_cb,
+};
+
static int bpf_parse_opt(struct filter_util *qu, char *handle,
int argc, char **argv, struct nlmsghdr *n)
{
const char *bpf_obj = NULL, *bpf_uds_name = NULL;
struct tcmsg *t = NLMSG_DATA(n);
+ unsigned int bpf_gen_flags = 0;
unsigned int bpf_flags = 0;
+ struct bpf_cfg_in cfg = {};
bool seen_run = false;
struct rtattr *tail;
int ret = 0;
- if (argc == 0)
- return 0;
-
if (handle) {
if (get_u32(&t->tcm_handle, handle, 0)) {
fprintf(stderr, "Illegal \"handle\"\n");
@@ -81,6 +92,9 @@
}
}
+ if (argc == 0)
+ return 0;
+
tail = (struct rtattr *)(((void *)n) + NLMSG_ALIGN(n->nlmsg_len));
addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
@@ -89,11 +103,17 @@
NEXT_ARG();
opt_bpf:
seen_run = true;
- if (bpf_parse_common(&argc, &argv, nla_tbl, bpf_type,
- &bpf_obj, &bpf_uds_name, n)) {
- fprintf(stderr, "Failed to retrieve (e)BPF data!\n");
+ cfg.argc = argc;
+ cfg.argv = argv;
+
+ if (bpf_parse_common(bpf_type, &cfg, &bpf_cb_ops, n))
return -1;
- }
+
+ argc = cfg.argc;
+ argv = cfg.argv;
+
+ bpf_obj = cfg.object;
+ bpf_uds_name = cfg.uds;
} else if (matches(*argv, "classid") == 0 ||
matches(*argv, "flowid") == 0) {
unsigned int handle;
@@ -107,6 +127,10 @@
} else if (matches(*argv, "direct-action") == 0 ||
matches(*argv, "da") == 0) {
bpf_flags |= TCA_BPF_FLAG_ACT_DIRECT;
+ } else if (matches(*argv, "skip_hw") == 0) {
+ bpf_gen_flags |= TCA_CLS_FLAGS_SKIP_HW;
+ } else if (matches(*argv, "skip_sw") == 0) {
+ bpf_gen_flags |= TCA_CLS_FLAGS_SKIP_SW;
} else if (matches(*argv, "action") == 0) {
NEXT_ARG();
if (parse_action(&argc, &argv, TCA_BPF_ACT, n)) {
@@ -136,7 +160,9 @@
NEXT_ARG_FWD();
}
- if (bpf_obj && bpf_flags)
+ if (bpf_gen_flags)
+ addattr32(n, MAX_MSG, TCA_BPF_FLAGS_GEN, bpf_gen_flags);
+ if (bpf_flags)
addattr32(n, MAX_MSG, TCA_BPF_FLAGS, bpf_flags);
tail->rta_len = (((void *)n) + n->nlmsg_len) - (void *)tail;
@@ -151,6 +177,7 @@
struct rtattr *opt, __u32 handle)
{
struct rtattr *tb[TCA_BPF_MAX + 1];
+ int dump_ok = 0;
if (opt == NULL)
return 0;
@@ -168,8 +195,6 @@
if (tb[TCA_BPF_NAME])
fprintf(f, "%s ", rta_getattr_str(tb[TCA_BPF_NAME]));
- else if (tb[TCA_BPF_FD])
- fprintf(f, "pfd %u ", rta_getattr_u32(tb[TCA_BPF_FD]));
if (tb[TCA_BPF_FLAGS]) {
unsigned int flags = rta_getattr_u32(tb[TCA_BPF_FLAGS]);
@@ -178,10 +203,34 @@
fprintf(f, "direct-action ");
}
- if (tb[TCA_BPF_OPS] && tb[TCA_BPF_OPS_LEN]) {
+ if (tb[TCA_BPF_FLAGS_GEN]) {
+ unsigned int flags =
+ rta_getattr_u32(tb[TCA_BPF_FLAGS_GEN]);
+
+ if (flags & TCA_CLS_FLAGS_SKIP_HW)
+ fprintf(f, "skip_hw ");
+ if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ fprintf(f, "skip_sw ");
+
+ if (flags & TCA_CLS_FLAGS_IN_HW)
+ fprintf(f, "in_hw ");
+ else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
+ fprintf(f, "not_in_hw ");
+ }
+
+ if (tb[TCA_BPF_OPS] && tb[TCA_BPF_OPS_LEN])
bpf_print_ops(f, tb[TCA_BPF_OPS],
rta_getattr_u16(tb[TCA_BPF_OPS_LEN]));
- fprintf(f, "\n");
+
+ if (tb[TCA_BPF_ID])
+ dump_ok = bpf_dump_prog_info(f, rta_getattr_u32(tb[TCA_BPF_ID]));
+ if (!dump_ok && tb[TCA_BPF_TAG]) {
+ SPRINT_BUF(b);
+
+ fprintf(f, "tag %s ",
+ hexstring_n2a(RTA_DATA(tb[TCA_BPF_TAG]),
+ RTA_PAYLOAD(tb[TCA_BPF_TAG]),
+ b, sizeof(b)));
}
if (tb[TCA_BPF_POLICE]) {
@@ -189,9 +238,8 @@
tc_print_police(f, tb[TCA_BPF_POLICE]);
}
- if (tb[TCA_BPF_ACT]) {
- tc_print_action(f, tb[TCA_BPF_ACT]);
- }
+ if (tb[TCA_BPF_ACT])
+ tc_print_action(f, tb[TCA_BPF_ACT], 0);
return 0;
}
diff --git a/tc/f_cgroup.c b/tc/f_cgroup.c
index 53f7406..633700e 100644
--- a/tc/f_cgroup.c
+++ b/tc/f_cgroup.c
@@ -40,7 +40,7 @@
t->tcm_handle = h;
- tail = (struct rtattr*)(((void*)n)+NLMSG_ALIGN(n->nlmsg_len));
+ tail = (struct rtattr *)(((void *)n)+NLMSG_ALIGN(n->nlmsg_len));
addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
while (argc > 0) {
@@ -76,7 +76,7 @@
}
}
- tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail;
+ tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
return 0;
}
@@ -102,7 +102,7 @@
}
if (tb[TCA_CGROUP_ACT])
- tc_print_action(f, tb[TCA_CGROUP_ACT]);
+ tc_print_action(f, tb[TCA_CGROUP_ACT], 0);
return 0;
}
diff --git a/tc/f_flow.c b/tc/f_flow.c
index f398f55..b157104 100644
--- a/tc/f_flow.c
+++ b/tc/f_flow.c
@@ -30,8 +30,8 @@
" [ action ACTION_SPEC ]\n"
"\n"
"KEY-LIST := [ KEY-LIST , ] KEY\n"
-"KEY := [ src | dst | proto | proto-src | proto-dst | iif | priority | \n"
-" mark | nfct | nfct-src | nfct-dst | nfct-proto-src | \n"
+"KEY := [ src | dst | proto | proto-src | proto-dst | iif | priority |\n"
+" mark | nfct | nfct-src | nfct-dst | nfct-proto-src |\n"
" nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n"
" vlan-tag | rxhash ]\n"
"OPS := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n"
@@ -133,7 +133,6 @@
static int flow_parse_opt(struct filter_util *fu, char *handle,
int argc, char **argv, struct nlmsghdr *n)
{
- struct tc_police tp;
struct tcmsg *t = NLMSG_DATA(n);
struct rtattr *tail;
__u32 mask = ~0U, xor = 0;
@@ -141,8 +140,6 @@
__u32 mode = FLOW_MODE_MAP;
__u32 tmp;
- memset(&tp, 0, sizeof(tp));
-
if (handle) {
if (get_u32(&t->tcm_handle, handle, 0)) {
fprintf(stderr, "Illegal \"handle\"\n");
@@ -270,6 +267,7 @@
__u32 handle)
{
struct rtattr *tb[TCA_FLOW_MAX+1];
+
SPRINT_BUF(b1);
unsigned int i;
__u32 mask = ~0, val = 0;
@@ -349,7 +347,7 @@
tc_print_police(f, tb[TCA_FLOW_POLICE]);
if (tb[TCA_FLOW_ACT]) {
fprintf(f, "\n");
- tc_print_action(f, tb[TCA_FLOW_ACT]);
+ tc_print_action(f, tb[TCA_FLOW_ACT], 0);
}
return 0;
}
diff --git a/tc/f_flower.c b/tc/f_flower.c
index db9cc29..b180210 100644
--- a/tc/f_flower.c
+++ b/tc/f_flower.c
@@ -15,48 +15,184 @@
#include <syslog.h>
#include <string.h>
#include <net/if.h>
+#include <linux/if_arp.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
+#include <linux/tc_act/tc_vlan.h>
#include "utils.h"
#include "tc_util.h"
#include "rt_names.h"
+enum flower_matching_flags {
+ FLOWER_IP_FLAGS,
+};
+
+enum flower_endpoint {
+ FLOWER_ENDPOINT_SRC,
+ FLOWER_ENDPOINT_DST
+};
+
+enum flower_icmp_field {
+ FLOWER_ICMP_FIELD_TYPE,
+ FLOWER_ICMP_FIELD_CODE
+};
+
static void explain(void)
{
- fprintf(stderr, "Usage: ... flower [ MATCH-LIST ]\n");
- fprintf(stderr, " [ action ACTION-SPEC ] [ classid CLASSID ]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n");
- fprintf(stderr, " MATCH := { indev DEV-NAME | \n");
- fprintf(stderr, " dst_mac MAC-ADDR | \n");
- fprintf(stderr, " src_mac MAC-ADDR | \n");
- fprintf(stderr, " [ipv4 | ipv6 ] | \n");
- fprintf(stderr, " ip_proto [tcp | udp | IP-PROTO ] | \n");
- fprintf(stderr, " dst_ip [ IPV4-ADDR | IPV6-ADDR ] | \n");
- fprintf(stderr, " src_ip [ IPV4-ADDR | IPV6-ADDR ] | \n");
- fprintf(stderr, " dst_port PORT-NUMBER | \n");
- fprintf(stderr, " src_port PORT-NUMBER }\n");
- fprintf(stderr, " FILTERID := X:Y:Z\n");
- fprintf(stderr, " ACTION-SPEC := ... look at individual actions\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "NOTE: CLASSID, ETH-TYPE, IP-PROTO are parsed as hexadecimal input.\n");
- fprintf(stderr, "NOTE: There can be only used one mask per one prio. If user needs\n");
- fprintf(stderr, " to specify different mask, he has to use different prio.\n");
+ fprintf(stderr,
+ "Usage: ... flower [ MATCH-LIST ]\n"
+ " [ skip_sw | skip_hw ]\n"
+ " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
+ "\n"
+ "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
+ " MATCH := { indev DEV-NAME |\n"
+ " vlan_id VID |\n"
+ " vlan_prio PRIORITY |\n"
+ " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
+ " dst_mac MASKED-LLADDR |\n"
+ " src_mac MASKED-LLADDR |\n"
+ " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
+ " ip_tos MASKED-IP_TOS |\n"
+ " ip_ttl MASKED-IP_TTL |\n"
+ " dst_ip PREFIX |\n"
+ " src_ip PREFIX |\n"
+ " dst_port PORT-NUMBER |\n"
+ " src_port PORT-NUMBER |\n"
+ " tcp_flags MASKED-TCP_FLAGS |\n"
+ " type MASKED-ICMP-TYPE |\n"
+ " code MASKED-ICMP-CODE |\n"
+ " arp_tip IPV4-PREFIX |\n"
+ " arp_sip IPV4-PREFIX |\n"
+ " arp_op [ request | reply | OP ] |\n"
+ " arp_tha MASKED-LLADDR |\n"
+ " arp_sha MASKED-LLADDR |\n"
+ " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
+ " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
+ " enc_key_id [ KEY-ID ] |\n"
+ " ip_flags IP-FLAGS | \n"
+ " enc_dst_port [ port_number ] }\n"
+ " FILTERID := X:Y:Z\n"
+ " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
+ " ACTION-SPEC := ... look at individual actions\n"
+ "\n"
+ "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
+ "NOTE: There can be only used one mask per one prio. If user needs\n"
+ " to specify different mask, he has to use different prio.\n");
}
static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
struct nlmsghdr *n)
{
- int ret;
- char addr[ETH_ALEN];
+ int ret, err = -1;
+ char addr[ETH_ALEN], *slash;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
ret = ll_addr_a2n(addr, sizeof(addr), str);
if (ret < 0)
- return -1;
+ goto err;
addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
- memset(addr, 0xff, ETH_ALEN);
+
+ if (slash) {
+ unsigned bits;
+
+ if (!get_unsigned(&bits, slash + 1, 10)) {
+ uint64_t mask;
+
+ /* Extra 16 bit shift to push mac address into
+ * high bits of uint64_t
+ */
+ mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
+ memcpy(addr, &mask, ETH_ALEN);
+ } else {
+ ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
+ if (ret < 0)
+ goto err;
+ }
+ } else {
+ memset(addr, 0xff, ETH_ALEN);
+ }
addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
+ __be16 *p_vlan_eth_type,
+ struct nlmsghdr *n)
+{
+ __be16 vlan_eth_type;
+
+ if (eth_type != htons(ETH_P_8021Q)) {
+ fprintf(stderr,
+ "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n");
+ return -1;
+ }
+
+ if (ll_proto_a2n(&vlan_eth_type, str))
+ invarg("invalid vlan_ethtype", str);
+ addattr16(n, MAX_MSG, type, vlan_eth_type);
+ *p_vlan_eth_type = vlan_eth_type;
+ return 0;
+}
+
+struct flag_to_string {
+ int flag;
+ enum flower_matching_flags type;
+ char *string;
+};
+
+static struct flag_to_string flags_str[] = {
+ { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
+};
+
+static int flower_parse_matching_flags(char *str,
+ enum flower_matching_flags type,
+ __u32 *mtf, __u32 *mtf_mask)
+{
+ char *token;
+ bool no;
+ bool found;
+ int i;
+
+ token = strtok(str, "/");
+
+ while (token) {
+ if (!strncmp(token, "no", 2)) {
+ no = true;
+ token += 2;
+ } else
+ no = false;
+
+ found = false;
+ for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
+ if (type != flags_str[i].type)
+ continue;
+
+ if (!strcmp(token, flags_str[i].string)) {
+ if (no)
+ *mtf &= ~flags_str[i].flag;
+ else
+ *mtf |= flags_str[i].flag;
+
+ *mtf_mask |= flags_str[i].flag;
+ found = true;
+ break;
+ }
+ }
+ if (!found)
+ return -1;
+
+ token = strtok(NULL, "/");
+ }
+
return 0;
}
@@ -66,14 +202,23 @@
int ret;
__u8 ip_proto;
- if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6)) {
- fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
- return -1;
- }
+ if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
+ goto err;
+
if (matches(str, "tcp") == 0) {
ip_proto = IPPROTO_TCP;
} else if (matches(str, "udp") == 0) {
ip_proto = IPPROTO_UDP;
+ } else if (matches(str, "sctp") == 0) {
+ ip_proto = IPPROTO_SCTP;
+ } else if (matches(str, "icmp") == 0) {
+ if (eth_type != htons(ETH_P_IP))
+ goto err;
+ ip_proto = IPPROTO_ICMP;
+ } else if (matches(str, "icmpv6") == 0) {
+ if (eth_type != htons(ETH_P_IPV6))
+ goto err;
+ ip_proto = IPPROTO_ICMPV6;
} else {
ret = get_u8(&ip_proto, str, 16);
if (ret)
@@ -82,34 +227,30 @@
addattr8(n, MAX_MSG, type, ip_proto);
*p_ip_proto = ip_proto;
return 0;
+
+err:
+ fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
+ return -1;
}
-static int flower_parse_ip_addr(char *str, __be16 eth_type,
- int addr4_type, int mask4_type,
- int addr6_type, int mask6_type,
- struct nlmsghdr *n)
+static int __flower_parse_ip_addr(char *str, int family,
+ int addr4_type, int mask4_type,
+ int addr6_type, int mask6_type,
+ struct nlmsghdr *n)
{
int ret;
inet_prefix addr;
- int family;
int bits;
int i;
- if (eth_type == htons(ETH_P_IP)) {
- family = AF_INET;
- } else if (eth_type == htons(ETH_P_IPV6)) {
- family = AF_INET6;
- } else {
- fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
- return -1;
- }
-
ret = get_prefix(&addr, str, family);
if (ret)
return -1;
- if (addr.family != family)
+ if (family && (addr.family != family)) {
+ fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
return -1;
+ }
addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
addr.data, addr.bytelen);
@@ -134,27 +275,300 @@
return 0;
}
-static int flower_parse_port(char *str, __u8 ip_port,
- int tcp_type, int udp_type, struct nlmsghdr *n)
+static int flower_parse_ip_addr(char *str, __be16 eth_type,
+ int addr4_type, int mask4_type,
+ int addr6_type, int mask6_type,
+ struct nlmsghdr *n)
+{
+ int family;
+
+ if (eth_type == htons(ETH_P_IP)) {
+ family = AF_INET;
+ } else if (eth_type == htons(ETH_P_IPV6)) {
+ family = AF_INET6;
+ } else if (!eth_type) {
+ family = AF_UNSPEC;
+ } else {
+ return -1;
+ }
+
+ return __flower_parse_ip_addr(str, family, addr4_type, mask4_type,
+ addr6_type, mask6_type, n);
+}
+
+static bool flower_eth_type_arp(__be16 eth_type)
+{
+ return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
+}
+
+static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
+ int addr_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ if (!flower_eth_type_arp(eth_type))
+ return -1;
+
+ return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
+ TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
+}
+
+static int flower_parse_u8(char *str, int value_type, int mask_type,
+ int (*value_from_name)(const char *str,
+ __u8 *value),
+ bool (*value_validate)(__u8 value),
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u8 value, mask;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = value_from_name ? value_from_name(str, &value) : -1;
+ if (ret < 0) {
+ ret = get_u8(&value, str, 10);
+ if (ret)
+ goto err;
+ }
+
+ if (value_validate && !value_validate(value))
+ goto err;
+
+ if (slash) {
+ ret = get_u8(&mask, slash + 1, 10);
+ if (ret)
+ goto err;
+ }
+ else {
+ mask = UINT8_MAX;
+ }
+
+ addattr8(n, MAX_MSG, value_type, value);
+ addattr8(n, MAX_MSG, mask_type, mask);
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static const char *flower_print_arp_op_to_name(__u8 op)
+{
+ switch (op) {
+ case ARPOP_REQUEST:
+ return "request";
+ case ARPOP_REPLY:
+ return "reply";
+ default:
+ return NULL;
+ }
+}
+
+static int flower_arp_op_from_name(const char *name, __u8 *op)
+{
+ if (!strcmp(name, "request"))
+ *op = ARPOP_REQUEST;
+ else if (!strcmp(name, "reply"))
+ *op = ARPOP_REPLY;
+ else
+ return -1;
+
+ return 0;
+}
+
+static bool flow_arp_op_validate(__u8 op)
+{
+ return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY;
+}
+
+static int flower_parse_arp_op(char *str, __be16 eth_type,
+ int op_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ if (!flower_eth_type_arp(eth_type))
+ return -1;
+
+ return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name,
+ flow_arp_op_validate, n);
+}
+
+static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
+ enum flower_icmp_field field)
+{
+ if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV4_CODE :
+ TCA_FLOWER_KEY_ICMPV4_TYPE;
+ else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV6_CODE :
+ TCA_FLOWER_KEY_ICMPV6_TYPE;
+
+ return -1;
+}
+
+static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto,
+ enum flower_icmp_field field)
+{
+ if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV4_CODE_MASK :
+ TCA_FLOWER_KEY_ICMPV4_TYPE_MASK;
+ else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV6_CODE_MASK :
+ TCA_FLOWER_KEY_ICMPV6_TYPE_MASK;
+
+ return -1;
+}
+
+static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
+ enum flower_icmp_field field, struct nlmsghdr *n)
+{
+ int value_type, mask_type;
+
+ value_type = flower_icmp_attr_type(eth_type, ip_proto, field);
+ mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field);
+ if (value_type < 0 || mask_type < 0)
+ return -1;
+
+ return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n);
+}
+
+static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
+{
+ if (ip_proto == IPPROTO_TCP)
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_TCP_SRC :
+ TCA_FLOWER_KEY_TCP_DST;
+ else if (ip_proto == IPPROTO_UDP)
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_UDP_SRC :
+ TCA_FLOWER_KEY_UDP_DST;
+ else if (ip_proto == IPPROTO_SCTP)
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_SCTP_SRC :
+ TCA_FLOWER_KEY_SCTP_DST;
+ else
+ return -1;
+}
+
+static int flower_parse_port(char *str, __u8 ip_proto,
+ enum flower_endpoint endpoint,
+ struct nlmsghdr *n)
{
int ret;
int type;
__be16 port;
- if (ip_port == IPPROTO_TCP) {
- type = tcp_type;
- } else if (ip_port == IPPROTO_UDP) {
- type = udp_type;
- } else {
- fprintf(stderr, "Illegal \"ip_proto\" for port\n");
+ type = flower_port_attr_type(ip_proto, endpoint);
+ if (type < 0)
return -1;
- }
- ret = get_u16(&port, str, 10);
+ ret = get_be16(&port, str, 10);
if (ret)
return -1;
- addattr16(n, MAX_MSG, type, htons(port));
+ addattr16(n, MAX_MSG, type, port);
+
+ return 0;
+}
+
+#define TCP_FLAGS_MAX_MASK 0xfff
+
+static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u16 flags;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = get_u16(&flags, str, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+
+ addattr16(n, MAX_MSG, flags_type, htons(flags));
+
+ if (slash) {
+ ret = get_u16(&flags, slash + 1, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+ } else {
+ flags = TCP_FLAGS_MAX_MASK;
+ }
+ addattr16(n, MAX_MSG, mask_type, htons(flags));
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static int flower_parse_ip_tos_ttl(char *str, int key_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u8 tos_ttl;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = get_u8(&tos_ttl, str, 10);
+ if (ret < 0)
+ ret = get_u8(&tos_ttl, str, 16);
+ if (ret < 0)
+ goto err;
+
+ addattr8(n, MAX_MSG, key_type, tos_ttl);
+
+ if (slash) {
+ ret = get_u8(&tos_ttl, slash + 1, 16);
+ if (ret < 0)
+ goto err;
+ } else {
+ tos_ttl = 0xff;
+ }
+ addattr8(n, MAX_MSG, mask_type, tos_ttl);
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
+{
+ int ret;
+ __be32 key_id;
+
+ ret = get_be32(&key_id, str, 10);
+ if (!ret)
+ addattr32(n, MAX_MSG, type, key_id);
+
+ return ret;
+}
+
+static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
+{
+ int ret;
+ __be16 port;
+
+ ret = get_be16(&port, str, 10);
+ if (ret)
+ return -1;
+
+ addattr16(n, MAX_MSG, type, port);
return 0;
}
@@ -166,7 +580,11 @@
struct tcmsg *t = NLMSG_DATA(n);
struct rtattr *tail;
__be16 eth_type = TC_H_MIN(t->tcm_info);
+ __be16 vlan_ethtype = 0;
__u8 ip_proto = 0xff;
+ __u32 flags = 0;
+ __u32 mtf = 0;
+ __u32 mtf_mask = 0;
if (handle) {
ret = get_u32(&t->tcm_handle, handle, 0);
@@ -187,7 +605,7 @@
while (argc > 0) {
if (matches(*argv, "classid") == 0 ||
matches(*argv, "flowid") == 0) {
- unsigned handle;
+ unsigned int handle;
NEXT_ARG();
ret = get_tc_classid(&handle, *argv);
@@ -196,13 +614,63 @@
return -1;
}
addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
+ } else if (matches(*argv, "ip_flags") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_matching_flags(*argv,
+ FLOWER_IP_FLAGS,
+ &mtf,
+ &mtf_mask);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_flags\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "skip_hw") == 0) {
+ flags |= TCA_CLS_FLAGS_SKIP_HW;
+ } else if (matches(*argv, "skip_sw") == 0) {
+ flags |= TCA_CLS_FLAGS_SKIP_SW;
} else if (matches(*argv, "indev") == 0) {
- char ifname[IFNAMSIZ];
+ NEXT_ARG();
+ if (check_ifname(*argv))
+ invarg("\"indev\" not a valid ifname", *argv);
+ addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv);
+ } else if (matches(*argv, "vlan_id") == 0) {
+ __u16 vid;
NEXT_ARG();
- memset(ifname, 0, sizeof(ifname));
- strncpy(ifname, *argv, sizeof(ifname) - 1);
- addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, ifname);
+ if (eth_type != htons(ETH_P_8021Q)) {
+ fprintf(stderr,
+ "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n");
+ return -1;
+ }
+ ret = get_u16(&vid, *argv, 10);
+ if (ret < 0 || vid & ~0xfff) {
+ fprintf(stderr, "Illegal \"vlan_id\"\n");
+ return -1;
+ }
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
+ } else if (matches(*argv, "vlan_prio") == 0) {
+ __u8 vlan_prio;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_8021Q)) {
+ fprintf(stderr,
+ "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n");
+ return -1;
+ }
+ ret = get_u8(&vlan_prio, *argv, 10);
+ if (ret < 0 || vlan_prio & ~0x7) {
+ fprintf(stderr, "Illegal \"vlan_prio\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG,
+ TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
+ } else if (matches(*argv, "vlan_ethtype") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_vlan_eth_type(*argv, eth_type,
+ TCA_FLOWER_KEY_VLAN_ETH_TYPE,
+ &vlan_ethtype, n);
+ if (ret < 0)
+ return -1;
} else if (matches(*argv, "dst_mac") == 0) {
NEXT_ARG();
ret = flower_parse_eth_addr(*argv,
@@ -225,16 +693,38 @@
}
} else if (matches(*argv, "ip_proto") == 0) {
NEXT_ARG();
- ret = flower_parse_ip_proto(*argv, eth_type,
+ ret = flower_parse_ip_proto(*argv, vlan_ethtype ?
+ vlan_ethtype : eth_type,
TCA_FLOWER_KEY_IP_PROTO,
&ip_proto, n);
if (ret < 0) {
fprintf(stderr, "Illegal \"ip_proto\"\n");
return -1;
}
+ } else if (matches(*argv, "ip_tos") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_tos_ttl(*argv,
+ TCA_FLOWER_KEY_IP_TOS,
+ TCA_FLOWER_KEY_IP_TOS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_tos\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ip_ttl") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_tos_ttl(*argv,
+ TCA_FLOWER_KEY_IP_TTL,
+ TCA_FLOWER_KEY_IP_TTL_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_ttl\"\n");
+ return -1;
+ }
} else if (matches(*argv, "dst_ip") == 0) {
NEXT_ARG();
- ret = flower_parse_ip_addr(*argv, eth_type,
+ ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
+ vlan_ethtype : eth_type,
TCA_FLOWER_KEY_IPV4_DST,
TCA_FLOWER_KEY_IPV4_DST_MASK,
TCA_FLOWER_KEY_IPV6_DST,
@@ -246,7 +736,8 @@
}
} else if (matches(*argv, "src_ip") == 0) {
NEXT_ARG();
- ret = flower_parse_ip_addr(*argv, eth_type,
+ ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
+ vlan_ethtype : eth_type,
TCA_FLOWER_KEY_IPV4_SRC,
TCA_FLOWER_KEY_IPV4_SRC_MASK,
TCA_FLOWER_KEY_IPV6_SRC,
@@ -259,8 +750,7 @@
} else if (matches(*argv, "dst_port") == 0) {
NEXT_ARG();
ret = flower_parse_port(*argv, ip_proto,
- TCA_FLOWER_KEY_TCP_DST,
- TCA_FLOWER_KEY_UDP_DST, n);
+ FLOWER_ENDPOINT_DST, n);
if (ret < 0) {
fprintf(stderr, "Illegal \"dst_port\"\n");
return -1;
@@ -268,12 +758,130 @@
} else if (matches(*argv, "src_port") == 0) {
NEXT_ARG();
ret = flower_parse_port(*argv, ip_proto,
- TCA_FLOWER_KEY_TCP_SRC,
- TCA_FLOWER_KEY_UDP_SRC, n);
+ FLOWER_ENDPOINT_SRC, n);
if (ret < 0) {
fprintf(stderr, "Illegal \"src_port\"\n");
return -1;
}
+ } else if (matches(*argv, "tcp_flags") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_tcp_flags(*argv,
+ TCA_FLOWER_KEY_TCP_FLAGS,
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"tcp_flags\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "type") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_icmp(*argv, eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_TYPE, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"icmp type\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "code") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_icmp(*argv, eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_CODE, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"icmp code\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_tip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
+ vlan_ethtype : eth_type,
+ TCA_FLOWER_KEY_ARP_TIP,
+ TCA_FLOWER_KEY_ARP_TIP_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_tip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_sip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
+ vlan_ethtype : eth_type,
+ TCA_FLOWER_KEY_ARP_SIP,
+ TCA_FLOWER_KEY_ARP_SIP_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_sip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_op") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_arp_op(*argv, vlan_ethtype ?
+ vlan_ethtype : eth_type,
+ TCA_FLOWER_KEY_ARP_OP,
+ TCA_FLOWER_KEY_ARP_OP_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_op\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_tha") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_eth_addr(*argv,
+ TCA_FLOWER_KEY_ARP_THA,
+ TCA_FLOWER_KEY_ARP_THA_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_tha\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_sha") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_eth_addr(*argv,
+ TCA_FLOWER_KEY_ARP_SHA,
+ TCA_FLOWER_KEY_ARP_SHA_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_sha\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_dst_ip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_addr(*argv, 0,
+ TCA_FLOWER_KEY_ENC_IPV4_DST,
+ TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
+ TCA_FLOWER_KEY_ENC_IPV6_DST,
+ TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_src_ip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_addr(*argv, 0,
+ TCA_FLOWER_KEY_ENC_IPV4_SRC,
+ TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
+ TCA_FLOWER_KEY_ENC_IPV6_SRC,
+ TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_src_ip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_key_id") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_key_id(*argv,
+ TCA_FLOWER_KEY_ENC_KEY_ID, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_key_id\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_dst_port") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_enc_port(*argv,
+ TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_dst_port\"\n");
+ return -1;
+ }
} else if (matches(*argv, "action") == 0) {
NEXT_ARG();
ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
@@ -294,14 +902,27 @@
}
parse_done:
- ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
- if (ret) {
- fprintf(stderr, "Illegal \"eth_type\"(0x%x)\n",
- ntohs(eth_type));
- return -1;
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
+ if (ret)
+ return ret;
+
+ if (mtf_mask) {
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
+ if (ret)
+ return ret;
+
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
+ if (ret)
+ return ret;
}
- tail->rta_len = (((void*)n)+n->nlmsg_len) - (void*)tail;
+ if (eth_type != htons(ETH_P_ALL)) {
+ ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
+ if (ret)
+ return ret;
+ }
+
+ tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
return 0;
}
@@ -364,6 +985,10 @@
fprintf(f, "ipv4");
else if (eth_type == htons(ETH_P_IPV6))
fprintf(f, "ipv6");
+ else if (eth_type == htons(ETH_P_ARP))
+ fprintf(f, "arp");
+ else if (eth_type == htons(ETH_P_RARP))
+ fprintf(f, "rarp");
else
fprintf(f, "%04x", ntohs(eth_type));
*p_eth_type = eth_type;
@@ -383,18 +1008,69 @@
fprintf(f, "tcp");
else if (ip_proto == IPPROTO_UDP)
fprintf(f, "udp");
+ else if (ip_proto == IPPROTO_SCTP)
+ fprintf(f, "sctp");
+ else if (ip_proto == IPPROTO_ICMP)
+ fprintf(f, "icmp");
+ else if (ip_proto == IPPROTO_ICMPV6)
+ fprintf(f, "icmpv6");
else
fprintf(f, "%02x", ip_proto);
*p_ip_proto = ip_proto;
}
+static void flower_print_ip_attr(FILE *f, char *name,
+ struct rtattr *key_attr,
+ struct rtattr *mask_attr)
+{
+ if (!key_attr)
+ return;
+
+ fprintf(f, "\n %s %x", name, rta_getattr_u8(key_attr));
+ if (!mask_attr)
+ return;
+ fprintf(f, "/%x", rta_getattr_u8(mask_attr));
+}
+
+static void flower_print_matching_flags(FILE *f, char *name,
+ enum flower_matching_flags type,
+ struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ int i;
+ int count = 0;
+ __u32 mtf;
+ __u32 mtf_mask;
+
+ if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
+ return;
+
+ mtf = ntohl(rta_getattr_u32(attr));
+ mtf_mask = ntohl(rta_getattr_u32(mask_attr));
+
+ for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
+ if (type != flags_str[i].type)
+ continue;
+ if (mtf_mask & flags_str[i].flag) {
+ if (++count == 1)
+ fprintf(f, "\n %s ", name);
+ else
+ fprintf(f, "/");
+
+ if (mtf & flags_str[i].flag)
+ fprintf(f, "%s", flags_str[i].string);
+ else
+ fprintf(f, "no%s", flags_str[i].string);
+ }
+ }
+}
+
static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type,
struct rtattr *addr4_attr,
struct rtattr *mask4_attr,
struct rtattr *addr6_attr,
struct rtattr *mask6_attr)
{
- SPRINT_BUF(b1);
struct rtattr *addr_attr;
struct rtattr *mask_attr;
int family;
@@ -416,43 +1092,89 @@
}
if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
return;
- fprintf(f, "\n %s %s", name, rt_addr_n2a(family,
- RTA_PAYLOAD(addr_attr),
- RTA_DATA(addr_attr),
- b1, sizeof(b1)));
+ fprintf(f, "\n %s %s", name, rt_addr_n2a_rta(family, addr_attr));
if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
return;
bits = __mask_bits(RTA_DATA(mask_attr), len);
if (bits < 0)
- fprintf(f, "/%s", rt_addr_n2a(family,
- RTA_PAYLOAD(mask_attr),
- RTA_DATA(mask_attr),
- b1, sizeof(b1)));
+ fprintf(f, "/%s", rt_addr_n2a_rta(family, mask_attr));
else if (bits < len * 8)
fprintf(f, "/%d", bits);
}
-
-static void flower_print_port(FILE *f, char *name, __u8 ip_proto,
- struct rtattr *tcp_attr,
- struct rtattr *udp_attr)
+static void flower_print_ip4_addr(FILE *f, char *name,
+ struct rtattr *addr_attr,
+ struct rtattr *mask_attr)
{
- struct rtattr *attr;
+ return flower_print_ip_addr(f, name, htons(ETH_P_IP),
+ addr_attr, mask_attr, 0, 0);
+}
- if (ip_proto == IPPROTO_TCP)
- attr = tcp_attr;
- else if (ip_proto == IPPROTO_UDP)
- attr = udp_attr;
- else
+static void flower_print_port(FILE *f, char *name, struct rtattr *attr)
+{
+ if (attr)
+ fprintf(f, "\n %s %d", name, rta_getattr_be16(attr));
+}
+
+static void flower_print_tcp_flags(FILE *f, char *name,
+ struct rtattr *flags_attr,
+ struct rtattr *mask_attr)
+{
+ if (!flags_attr)
return;
+ fprintf(f, "\n %s %x", name, rta_getattr_be16(flags_attr));
+ if (!mask_attr)
+ return;
+ fprintf(f, "/%x", rta_getattr_be16(mask_attr));
+}
+
+
+static void flower_print_key_id(FILE *f, const char *name,
+ struct rtattr *attr)
+{
+ if (attr)
+ fprintf(f, "\n %s %d", name, rta_getattr_be32(attr));
+}
+
+static void flower_print_masked_u8(FILE *f, const char *name,
+ struct rtattr *attr,
+ struct rtattr *mask_attr,
+ const char *(*value_to_str)(__u8 value))
+{
+ const char *value_str = NULL;
+ __u8 value, mask;
+
if (!attr)
return;
- fprintf(f, "\n %s %d", name, ntohs(rta_getattr_u16(attr)));
+
+ value = rta_getattr_u8(attr);
+ mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
+ if (mask == UINT8_MAX && value_to_str)
+ value_str = value_to_str(value);
+
+ fprintf(f, "\n %s ", name);
+
+ if (value_str)
+ fputs(value_str, f);
+ else
+ fprintf(f, "%d", value);
+
+ if (mask != UINT8_MAX)
+ fprintf(f, "/%d", mask);
+}
+
+static void flower_print_arp_op(FILE *f, const char *name,
+ struct rtattr *op_attr,
+ struct rtattr *mask_attr)
+{
+ flower_print_masked_u8(f, name, op_attr, mask_attr,
+ flower_print_arp_op_to_name);
}
static int flower_print_opt(struct filter_util *qu, FILE *f,
struct rtattr *opt, __u32 handle)
{
struct rtattr *tb[TCA_FLOWER_MAX + 1];
+ int nl_type, nl_mask_type;
__be16 eth_type = 0;
__u8 ip_proto = 0xff;
@@ -477,6 +1199,18 @@
fprintf(f, "\n indev %s", rta_getattr_str(attr));
}
+ if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
+
+ fprintf(f, "\n vlan_id %d", rta_getattr_u16(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
+
+ fprintf(f, "\n vlan_prio %d", rta_getattr_u8(attr));
+ }
+
flower_print_eth_addr(f, "dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
flower_print_eth_addr(f, "src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
@@ -485,6 +1219,11 @@
flower_print_eth_type(f, ð_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
flower_print_ip_proto(f, &ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
+ flower_print_ip_attr(f, "ip_tos", tb[TCA_FLOWER_KEY_IP_TOS],
+ tb[TCA_FLOWER_KEY_IP_TOS_MASK]);
+ flower_print_ip_attr(f, "ip_ttl", tb[TCA_FLOWER_KEY_IP_TTL],
+ tb[TCA_FLOWER_KEY_IP_TTL_MASK]);
+
flower_print_ip_addr(f, "dst_ip", eth_type,
tb[TCA_FLOWER_KEY_IPV4_DST],
tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
@@ -497,18 +1236,87 @@
tb[TCA_FLOWER_KEY_IPV6_SRC],
tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
- flower_print_port(f, "dst_port", ip_proto,
- tb[TCA_FLOWER_KEY_TCP_DST],
- tb[TCA_FLOWER_KEY_UDP_DST]);
+ nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
+ if (nl_type >= 0)
+ flower_print_port(f, "dst_port", tb[nl_type]);
+ nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
+ if (nl_type >= 0)
+ flower_print_port(f, "src_port", tb[nl_type]);
- flower_print_port(f, "src_port", ip_proto,
- tb[TCA_FLOWER_KEY_TCP_SRC],
- tb[TCA_FLOWER_KEY_UDP_SRC]);
+ flower_print_tcp_flags(f, "tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
+ tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
- if (tb[TCA_FLOWER_ACT]) {
- tc_print_action(f, tb[TCA_FLOWER_ACT]);
+ nl_type = flower_icmp_attr_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_TYPE);
+ nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_TYPE);
+ if (nl_type >= 0 && nl_mask_type >= 0)
+ flower_print_masked_u8(f, "icmp_type", tb[nl_type],
+ tb[nl_mask_type], NULL);
+
+ nl_type = flower_icmp_attr_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_CODE);
+ nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_CODE);
+ if (nl_type >= 0 && nl_mask_type >= 0)
+ flower_print_masked_u8(f, "icmp_code", tb[nl_type],
+ tb[nl_mask_type], NULL);
+
+ flower_print_ip4_addr(f, "arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
+ tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
+ flower_print_ip4_addr(f, "arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
+ tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
+ flower_print_arp_op(f, "arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
+ tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
+ flower_print_eth_addr(f, "arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
+ tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
+ flower_print_eth_addr(f, "arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
+ tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
+
+ flower_print_ip_addr(f, "enc_dst_ip",
+ tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
+ htons(ETH_P_IP) : htons(ETH_P_IPV6),
+ tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
+ tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
+
+ flower_print_ip_addr(f, "enc_src_ip",
+ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
+ htons(ETH_P_IP) : htons(ETH_P_IPV6),
+ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
+ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
+
+ flower_print_key_id(f, "enc_key_id",
+ tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
+
+ flower_print_port(f, "enc_dst_port",
+ tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
+
+ flower_print_matching_flags(f, "ip_flags",
+ FLOWER_IP_FLAGS,
+ tb[TCA_FLOWER_KEY_FLAGS],
+ tb[TCA_FLOWER_KEY_FLAGS_MASK]);
+
+ if (tb[TCA_FLOWER_FLAGS]) {
+ __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
+
+ if (flags & TCA_CLS_FLAGS_SKIP_HW)
+ fprintf(f, "\n skip_hw");
+ if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ fprintf(f, "\n skip_sw");
+
+ if (flags & TCA_CLS_FLAGS_IN_HW)
+ fprintf(f, "\n in_hw");
+ else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
+ fprintf(f, "\n not_in_hw");
}
+ if (tb[TCA_FLOWER_ACT])
+ tc_print_action(f, tb[TCA_FLOWER_ACT], 0);
+
return 0;
}
diff --git a/tc/f_fw.c b/tc/f_fw.c
index 165f489..c39789b 100644
--- a/tc/f_fw.c
+++ b/tc/f_fw.c
@@ -25,24 +25,31 @@
static void explain(void)
{
- fprintf(stderr, "Usage: ... fw [ classid CLASSID ] [ action ACTION_SPEC ]\n");
- fprintf(stderr, " ACTION_SPEC := ... look at individual actions\n");
- fprintf(stderr, " CLASSID := X:Y\n");
- fprintf(stderr, "\nNOTE: CLASSID is parsed as hexadecimal input.\n");
+ fprintf(stderr,
+ "Usage: ... fw [ classid CLASSID ] [ indev DEV ] [ action ACTION_SPEC ]\n");
+ fprintf(stderr,
+ " CLASSID := Push matching packets to the class identified by CLASSID with format X:Y\n");
+ fprintf(stderr,
+ " CLASSID is parsed as hexadecimal input.\n");
+ fprintf(stderr,
+ " DEV := specify device for incoming device classification.\n");
+ fprintf(stderr,
+ " ACTION_SPEC := Apply an action on matching packets.\n");
+ fprintf(stderr,
+ " NOTE: handle is represented as HANDLE[/FWMASK].\n");
+ fprintf(stderr, " FWMASK is 0xffffffff by default.\n");
}
static int fw_parse_opt(struct filter_util *qu, char *handle, int argc, char **argv, struct nlmsghdr *n)
{
- struct tc_police tp;
struct tcmsg *t = NLMSG_DATA(n);
struct rtattr *tail;
__u32 mask = 0;
int mask_set = 0;
- memset(&tp, 0, sizeof(tp));
-
if (handle) {
char *slash;
+
if ((slash = strchr(handle, '/')) != NULL)
*slash = '\0';
if (get_u32(&t->tcm_handle, handle, 0)) {
@@ -70,7 +77,8 @@
while (argc > 0) {
if (matches(*argv, "classid") == 0 ||
matches(*argv, "flowid") == 0) {
- unsigned handle;
+ unsigned int handle;
+
NEXT_ARG();
if (get_tc_classid(&handle, *argv)) {
fprintf(stderr, "Illegal \"classid\"\n");
@@ -92,15 +100,15 @@
}
continue;
} else if (strcmp(*argv, "indev") == 0) {
- char d[IFNAMSIZ+1];
- memset(d, 0, sizeof (d));
+ char d[IFNAMSIZ+1] = {};
+
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "Illegal indev\n");
return -1;
}
- strncpy(d, *argv, sizeof (d) - 1);
+ strncpy(d, *argv, sizeof(d) - 1);
addattr_l(n, MAX_MSG, TCA_FW_INDEV, d, strlen(d) + 1);
} else if (strcmp(*argv, "help") == 0) {
explain();
@@ -127,9 +135,10 @@
if (handle || tb[TCA_FW_MASK]) {
__u32 mark = 0, mask = 0;
- if(handle)
+
+ if (handle)
mark = handle;
- if(tb[TCA_FW_MASK] &&
+ if (tb[TCA_FW_MASK] &&
(mask = rta_getattr_u32(tb[TCA_FW_MASK])) != 0xFFFFFFFF)
fprintf(f, "handle 0x%x/0x%x ", mark, mask);
else
@@ -145,12 +154,13 @@
tc_print_police(f, tb[TCA_FW_POLICE]);
if (tb[TCA_FW_INDEV]) {
struct rtattr *idev = tb[TCA_FW_INDEV];
- fprintf(f, "input dev %s ",rta_getattr_str(idev));
+
+ fprintf(f, "input dev %s ", rta_getattr_str(idev));
}
if (tb[TCA_FW_ACT]) {
fprintf(f, "\n");
- tc_print_action(f, tb[TCA_FW_ACT]);
+ tc_print_action(f, tb[TCA_FW_ACT], 0);
}
return 0;
}
diff --git a/tc/f_matchall.c b/tc/f_matchall.c
new file mode 100644
index 0000000..d78660e
--- /dev/null
+++ b/tc/f_matchall.c
@@ -0,0 +1,157 @@
+/*
+ * f_matchall.c Match-all Classifier
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Jiri Pirko <jiri@mellanox.com>, Yotam Gigi <yotamg@mellanox.com>
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include <linux/if.h>
+
+#include "utils.h"
+#include "tc_util.h"
+
+static void explain(void)
+{
+ fprintf(stderr, "Usage: ... matchall [skip_sw | skip_hw]\n");
+ fprintf(stderr, " [ action ACTION_SPEC ] [ classid CLASSID ]\n");
+ fprintf(stderr, "\n");
+ fprintf(stderr, "Where: SELECTOR := SAMPLE SAMPLE ...\n");
+ fprintf(stderr, " FILTERID := X:Y:Z\n");
+ fprintf(stderr, " ACTION_SPEC := ... look at individual actions\n");
+ fprintf(stderr, "\nNOTE: CLASSID is parsed as hexadecimal input.\n");
+}
+
+static int matchall_parse_opt(struct filter_util *qu, char *handle,
+ int argc, char **argv, struct nlmsghdr *n)
+{
+ struct tcmsg *t = NLMSG_DATA(n);
+ struct rtattr *tail;
+ __u32 flags = 0;
+ long h = 0;
+
+ if (handle) {
+ h = strtol(handle, NULL, 0);
+ if (h == LONG_MIN || h == LONG_MAX) {
+ fprintf(stderr, "Illegal handle \"%s\", must be numeric.\n",
+ handle);
+ return -1;
+ }
+ }
+ t->tcm_handle = h;
+
+ if (argc == 0)
+ return 0;
+
+ tail = (struct rtattr *)(((void *)n)+NLMSG_ALIGN(n->nlmsg_len));
+ addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
+
+ while (argc > 0) {
+ if (matches(*argv, "classid") == 0 ||
+ strcmp(*argv, "flowid") == 0) {
+ unsigned int handle;
+
+ NEXT_ARG();
+ if (get_tc_classid(&handle, *argv)) {
+ fprintf(stderr, "Illegal \"classid\"\n");
+ return -1;
+ }
+ addattr_l(n, MAX_MSG, TCA_MATCHALL_CLASSID, &handle, 4);
+ } else if (matches(*argv, "action") == 0) {
+ NEXT_ARG();
+ if (parse_action(&argc, &argv, TCA_MATCHALL_ACT, n)) {
+ fprintf(stderr, "Illegal \"action\"\n");
+ return -1;
+ }
+ continue;
+
+ } else if (strcmp(*argv, "skip_hw") == 0) {
+ NEXT_ARG();
+ flags |= TCA_CLS_FLAGS_SKIP_HW;
+ continue;
+ } else if (strcmp(*argv, "skip_sw") == 0) {
+ NEXT_ARG();
+ flags |= TCA_CLS_FLAGS_SKIP_SW;
+ continue;
+ } else if (strcmp(*argv, "help") == 0) {
+ explain();
+ return -1;
+ } else {
+ fprintf(stderr, "What is \"%s\"?\n", *argv);
+ explain();
+ return -1;
+ }
+ argc--; argv++;
+ }
+
+ if (flags) {
+ if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW |
+ TCA_CLS_FLAGS_SKIP_SW))) {
+ fprintf(stderr,
+ "skip_hw and skip_sw are mutually exclusive\n");
+ return -1;
+ }
+ addattr_l(n, MAX_MSG, TCA_MATCHALL_FLAGS, &flags, 4);
+ }
+
+ tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
+ return 0;
+}
+
+static int matchall_print_opt(struct filter_util *qu, FILE *f,
+ struct rtattr *opt, __u32 handle)
+{
+ struct rtattr *tb[TCA_MATCHALL_MAX+1];
+
+ if (opt == NULL)
+ return 0;
+
+ parse_rtattr_nested(tb, TCA_MATCHALL_MAX, opt);
+
+ if (handle)
+ fprintf(f, "handle 0x%x ", handle);
+
+ if (tb[TCA_MATCHALL_CLASSID]) {
+ SPRINT_BUF(b1);
+ fprintf(f, "flowid %s ",
+ sprint_tc_classid(rta_getattr_u32(tb[TCA_MATCHALL_CLASSID]), b1));
+ }
+
+ if (tb[TCA_MATCHALL_FLAGS]) {
+ __u32 flags = rta_getattr_u32(tb[TCA_MATCHALL_FLAGS]);
+
+ if (flags & TCA_CLS_FLAGS_SKIP_HW)
+ fprintf(f, "\n skip_hw");
+ if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ fprintf(f, "\n skip_sw");
+
+ if (flags & TCA_CLS_FLAGS_IN_HW)
+ fprintf(f, "\n in_hw");
+ else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
+ fprintf(f, "\n not_in_hw");
+ }
+
+ if (tb[TCA_MATCHALL_ACT])
+ tc_print_action(f, tb[TCA_MATCHALL_ACT], 0);
+
+ return 0;
+}
+
+struct filter_util matchall_filter_util = {
+ .id = "matchall",
+ .parse_fopt = matchall_parse_opt,
+ .print_fopt = matchall_print_opt,
+};
diff --git a/tc/f_route.c b/tc/f_route.c
index 4e9032c..e88313f 100644
--- a/tc/f_route.c
+++ b/tc/f_route.c
@@ -36,14 +36,11 @@
static int route_parse_opt(struct filter_util *qu, char *handle, int argc, char **argv, struct nlmsghdr *n)
{
- struct tc_police tp;
struct tcmsg *t = NLMSG_DATA(n);
struct rtattr *tail;
__u32 fh = 0xFFFF8000;
__u32 order = 0;
- memset(&tp, 0, sizeof(tp));
-
if (handle) {
if (get_u32(&t->tcm_handle, handle, 0)) {
fprintf(stderr, "Illegal \"handle\"\n");
@@ -60,6 +57,7 @@
while (argc > 0) {
if (matches(*argv, "to") == 0) {
__u32 id;
+
NEXT_ARG();
if (rtnl_rtrealm_a2n(&id, *argv)) {
fprintf(stderr, "Illegal \"to\"\n");
@@ -70,6 +68,7 @@
fh |= id&0xFF;
} else if (matches(*argv, "from") == 0) {
__u32 id;
+
NEXT_ARG();
if (rtnl_rtrealm_a2n(&id, *argv)) {
fprintf(stderr, "Illegal \"from\"\n");
@@ -80,9 +79,10 @@
fh |= id<<16;
} else if (matches(*argv, "fromif") == 0) {
__u32 id;
+
NEXT_ARG();
ll_init_map(&rth);
- if ((id=ll_name_to_index(*argv)) <= 0) {
+ if ((id = ll_name_to_index(*argv)) <= 0) {
fprintf(stderr, "Illegal \"fromif\"\n");
return -1;
}
@@ -91,7 +91,8 @@
fh |= (0x8000|id)<<16;
} else if (matches(*argv, "classid") == 0 ||
strcmp(*argv, "flowid") == 0) {
- unsigned handle;
+ unsigned int handle;
+
NEXT_ARG();
if (get_tc_classid(&handle, *argv)) {
fprintf(stderr, "Illegal \"classid\"\n");
@@ -141,6 +142,7 @@
static int route_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt, __u32 handle)
{
struct rtattr *tb[TCA_ROUTE4_MAX+1];
+
SPRINT_BUF(b1);
if (opt == NULL)
@@ -162,11 +164,11 @@
if (tb[TCA_ROUTE4_FROM])
fprintf(f, "from %s ", rtnl_rtrealm_n2a(rta_getattr_u32(tb[TCA_ROUTE4_FROM]), b1, sizeof(b1)));
if (tb[TCA_ROUTE4_IIF])
- fprintf(f, "fromif %s", ll_index_to_name(*(int*)RTA_DATA(tb[TCA_ROUTE4_IIF])));
+ fprintf(f, "fromif %s", ll_index_to_name(rta_getattr_u32(tb[TCA_ROUTE4_IIF])));
if (tb[TCA_ROUTE4_POLICE])
tc_print_police(f, tb[TCA_ROUTE4_POLICE]);
if (tb[TCA_ROUTE4_ACT])
- tc_print_action(f, tb[TCA_ROUTE4_ACT]);
+ tc_print_action(f, tb[TCA_ROUTE4_ACT], 0);
return 0;
}
diff --git a/tc/f_rsvp.c b/tc/f_rsvp.c
index 1fe9b15..65caeb4 100644
--- a/tc/f_rsvp.c
+++ b/tc/f_rsvp.c
@@ -37,7 +37,7 @@
fprintf(stderr, "\nNOTE: CLASSID is parsed as hexadecimal input.\n");
}
-static int get_addr_and_pi(int *argc_p, char ***argv_p, inet_prefix * addr,
+static int get_addr_and_pi(int *argc_p, char ***argv_p, inet_prefix *addr,
struct tc_rsvp_pinfo *pinfo, int dir, int family)
{
int argc = *argc_p;
@@ -76,6 +76,7 @@
if (strcmp(*argv, "spi/ah") == 0 ||
strcmp(*argv, "gpi/ah") == 0) {
__u32 gpi;
+
NEXT_ARG();
if (get_u32(&gpi, *argv, 0))
return -1;
@@ -88,6 +89,7 @@
} else if (strcmp(*argv, "spi/esp") == 0 ||
strcmp(*argv, "gpi/esp") == 0) {
__u32 gpi;
+
NEXT_ARG();
if (get_u32(&gpi, *argv, 0))
return -1;
@@ -99,6 +101,7 @@
argc--; argv++;
} else if (strcmp(*argv, "flowlabel") == 0) {
__u32 flabel;
+
NEXT_ARG();
if (get_u32(&flabel, *argv, 0))
return -1;
@@ -114,6 +117,7 @@
int sz = 1;
__u32 tmp;
__u32 mask = 0xff;
+
if (strcmp(*argv, "u32") == 0) {
sz = 4;
mask = 0xffff;
@@ -169,15 +173,11 @@
static int rsvp_parse_opt(struct filter_util *qu, char *handle, int argc, char **argv, struct nlmsghdr *n)
{
int family = strcmp(qu->id, "rsvp") == 0 ? AF_INET : AF_INET6;
- struct tc_rsvp_pinfo pinfo;
- struct tc_police tp;
+ struct tc_rsvp_pinfo pinfo = {};
struct tcmsg *t = NLMSG_DATA(n);
int pinfo_ok = 0;
struct rtattr *tail;
- memset(&pinfo, 0, sizeof(pinfo));
- memset(&tp, 0, sizeof(tp));
-
if (handle) {
if (get_u32(&t->tcm_handle, handle, 0)) {
fprintf(stderr, "Illegal \"handle\"\n");
@@ -194,6 +194,7 @@
while (argc > 0) {
if (matches(*argv, "session") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (get_addr_and_pi(&argc, &argv, &addr, &pinfo, 1, family)) {
fprintf(stderr, "Illegal \"session\"\n");
@@ -206,6 +207,7 @@
} else if (matches(*argv, "sender") == 0 ||
matches(*argv, "flowspec") == 0) {
inet_prefix addr;
+
NEXT_ARG();
if (get_addr_and_pi(&argc, &argv, &addr, &pinfo, 0, family)) {
fprintf(stderr, "Illegal \"sender\"\n");
@@ -217,6 +219,7 @@
continue;
} else if (matches("ipproto", *argv) == 0) {
int num;
+
NEXT_ARG();
num = inet_proto_a2n(*argv);
if (num < 0) {
@@ -227,7 +230,8 @@
pinfo_ok++;
} else if (matches(*argv, "classid") == 0 ||
strcmp(*argv, "flowid") == 0) {
- unsigned handle;
+ unsigned int handle;
+
NEXT_ARG();
if (get_tc_classid(&handle, *argv)) {
fprintf(stderr, "Illegal \"classid\"\n");
@@ -235,7 +239,8 @@
}
addattr_l(n, 4096, TCA_RSVP_CLASSID, &handle, 4);
} else if (strcmp(*argv, "tunnelid") == 0) {
- unsigned tid;
+ unsigned int tid;
+
NEXT_ARG();
if (get_unsigned(&tid, *argv, 0)) {
fprintf(stderr, "Illegal \"tunnelid\"\n");
@@ -244,7 +249,8 @@
pinfo.tunnelid = tid;
pinfo_ok++;
} else if (strcmp(*argv, "tunnel") == 0) {
- unsigned tid;
+ unsigned int tid;
+
NEXT_ARG();
if (get_unsigned(&tid, *argv, 0)) {
fprintf(stderr, "Illegal \"tunnel\"\n");
@@ -292,7 +298,7 @@
return 0;
}
-static char * sprint_spi(struct tc_rsvp_gpi *pi, int dir, char *buf)
+static char *sprint_spi(struct tc_rsvp_gpi *pi, int dir, char *buf)
{
if (pi->offset == 0) {
if (dir && pi->mask == htonl(0xFFFF)) {
@@ -351,6 +357,7 @@
if (tb[TCA_RSVP_DST]) {
char buf[128];
+
fprintf(f, "session ");
if (inet_ntop(family, RTA_DATA(tb[TCA_RSVP_DST]), buf, sizeof(buf)) == 0)
fprintf(f, " [INVALID DADDR] ");
@@ -377,6 +384,7 @@
fprintf(f, "tunnelid %d ", pinfo->tunnelid);
if (tb[TCA_RSVP_SRC]) {
char buf[128];
+
fprintf(f, "sender ");
if (inet_ntop(family, RTA_DATA(tb[TCA_RSVP_SRC]), buf, sizeof(buf)) == 0) {
fprintf(f, "[BAD]");
@@ -394,7 +402,7 @@
}
if (tb[TCA_RSVP_ACT]) {
- tc_print_action(f, tb[TCA_RSVP_ACT]);
+ tc_print_action(f, tb[TCA_RSVP_ACT], 0);
}
if (tb[TCA_RSVP_POLICE])
tc_print_police(f, tb[TCA_RSVP_POLICE]);
diff --git a/tc/f_tcindex.c b/tc/f_tcindex.c
index b1847c8..dd1cb47 100644
--- a/tc/f_tcindex.c
+++ b/tc/f_tcindex.c
@@ -17,22 +17,20 @@
static void explain(void)
{
- fprintf(stderr," Usage: ... tcindex [ hash SIZE ] [ mask MASK ]"
- " [ shift SHIFT ]\n");
- fprintf(stderr," [ pass_on | fall_through ]\n");
- fprintf(stderr," [ classid CLASSID ] "
- "[ action ACTION_SPEC ]\n");
+ fprintf(stderr," Usage: ... tcindex [ hash SIZE ] [ mask MASK ] [ shift SHIFT ]\n");
+ fprintf(stderr, " [ pass_on | fall_through ]\n");
+ fprintf(stderr," [ classid CLASSID ] [ action ACTION_SPEC ]\n");
}
static int tcindex_parse_opt(struct filter_util *qu, char *handle, int argc,
- char **argv, struct nlmsghdr *n)
+ char **argv, struct nlmsghdr *n)
{
struct tcmsg *t = NLMSG_DATA(n);
struct rtattr *tail;
char *end;
if (handle) {
- t->tcm_handle = strtoul(handle,&end,0);
+ t->tcm_handle = strtoul(handle, &end, 0);
if (*end) {
fprintf(stderr, "Illegal filter ID\n");
return -1;
@@ -40,81 +38,75 @@
}
if (!argc) return 0;
tail = NLMSG_TAIL(n);
- addattr_l(n,4096,TCA_OPTIONS,NULL,0);
+ addattr_l(n, 4096, TCA_OPTIONS, NULL, 0);
while (argc) {
- if (!strcmp(*argv,"hash")) {
+ if (!strcmp(*argv, "hash")) {
int hash;
NEXT_ARG();
- hash = strtoul(*argv,&end,0);
+ hash = strtoul(*argv, &end, 0);
if (*end || !hash || hash > 0x10000) {
explain();
return -1;
}
- addattr_l(n,4096,TCA_TCINDEX_HASH,&hash,sizeof(hash));
- }
- else if (!strcmp(*argv,"mask")) {
+ addattr_l(n, 4096, TCA_TCINDEX_HASH, &hash,
+ sizeof(hash));
+ } else if (!strcmp(*argv,"mask")) {
__u16 mask;
NEXT_ARG();
- mask = strtoul(*argv,&end,0);
+ mask = strtoul(*argv, &end, 0);
if (*end) {
explain();
return -1;
}
- addattr_l(n,4096,TCA_TCINDEX_MASK,&mask,sizeof(mask));
- }
- else if (!strcmp(*argv,"shift")) {
+ addattr_l(n, 4096, TCA_TCINDEX_MASK, &mask,
+ sizeof(mask));
+ } else if (!strcmp(*argv,"shift")) {
int shift;
NEXT_ARG();
- shift = strtoul(*argv,&end,0);
+ shift = strtoul(*argv, &end, 0);
if (*end) {
explain();
return -1;
}
- addattr_l(n,4096,TCA_TCINDEX_SHIFT,&shift,
+ addattr_l(n, 4096, TCA_TCINDEX_SHIFT, &shift,
sizeof(shift));
- }
- else if (!strcmp(*argv,"fall_through")) {
+ } else if (!strcmp(*argv,"fall_through")) {
int value = 1;
- addattr_l(n,4096,TCA_TCINDEX_FALL_THROUGH,&value,
+ addattr_l(n, 4096, TCA_TCINDEX_FALL_THROUGH, &value,
sizeof(value));
- }
- else if (!strcmp(*argv,"pass_on")) {
+ } else if (!strcmp(*argv,"pass_on")) {
int value = 0;
- addattr_l(n,4096,TCA_TCINDEX_FALL_THROUGH,&value,
+ addattr_l(n, 4096, TCA_TCINDEX_FALL_THROUGH, &value,
sizeof(value));
- }
- else if (!strcmp(*argv,"classid")) {
+ } else if (!strcmp(*argv,"classid")) {
__u32 handle;
NEXT_ARG();
- if (get_tc_classid(&handle,*argv)) {
+ if (get_tc_classid(&handle, *argv)) {
fprintf(stderr, "Illegal \"classid\"\n");
return -1;
}
addattr_l(n, 4096, TCA_TCINDEX_CLASSID, &handle, 4);
- }
- else if (!strcmp(*argv,"police")) {
+ } else if (!strcmp(*argv,"police")) {
NEXT_ARG();
if (parse_police(&argc, &argv, TCA_TCINDEX_POLICE, n)) {
fprintf(stderr, "Illegal \"police\"\n");
return -1;
}
continue;
- }
- else if (!strcmp(*argv,"action")) {
+ } else if (!strcmp(*argv,"action")) {
NEXT_ARG();
- if (parse_police(&argc, &argv, TCA_TCINDEX_ACT, n)) {
+ if (parse_action(&argc, &argv, TCA_TCINDEX_ACT, n)) {
fprintf(stderr, "Illegal \"action\"\n");
return -1;
}
continue;
- }
- else {
+ } else {
explain();
return -1;
}
@@ -127,7 +119,7 @@
static int tcindex_print_opt(struct filter_util *qu, FILE *f,
- struct rtattr *opt, __u32 handle)
+ struct rtattr *opt, __u32 handle)
{
struct rtattr *tb[TCA_TCINDEX_MAX+1];
@@ -136,14 +128,14 @@
parse_rtattr_nested(tb, TCA_TCINDEX_MAX, opt);
- if (handle != ~0) fprintf(f,"handle 0x%04x ",handle);
+ if (handle != ~0) fprintf(f, "handle 0x%04x ", handle);
if (tb[TCA_TCINDEX_HASH]) {
__u16 hash;
if (RTA_PAYLOAD(tb[TCA_TCINDEX_HASH]) < sizeof(hash))
return -1;
hash = rta_getattr_u16(tb[TCA_TCINDEX_HASH]);
- fprintf(f,"hash %d ",hash);
+ fprintf(f, "hash %d ", hash);
}
if (tb[TCA_TCINDEX_MASK]) {
__u16 mask;
@@ -151,15 +143,15 @@
if (RTA_PAYLOAD(tb[TCA_TCINDEX_MASK]) < sizeof(mask))
return -1;
mask = rta_getattr_u16(tb[TCA_TCINDEX_MASK]);
- fprintf(f,"mask 0x%04x ",mask);
+ fprintf(f, "mask 0x%04x ", mask);
}
if (tb[TCA_TCINDEX_SHIFT]) {
int shift;
if (RTA_PAYLOAD(tb[TCA_TCINDEX_SHIFT]) < sizeof(shift))
return -1;
- shift = *(int *) RTA_DATA(tb[TCA_TCINDEX_SHIFT]);
- fprintf(f,"shift %d ",shift);
+ shift = rta_getattr_u32(tb[TCA_TCINDEX_SHIFT]);
+ fprintf(f, "shift %d ", shift);
}
if (tb[TCA_TCINDEX_FALL_THROUGH]) {
int fall_through;
@@ -167,12 +159,12 @@
if (RTA_PAYLOAD(tb[TCA_TCINDEX_FALL_THROUGH]) <
sizeof(fall_through))
return -1;
- fall_through = *(int *) RTA_DATA(tb[TCA_TCINDEX_FALL_THROUGH]);
- fprintf(f,fall_through ? "fall_through " : "pass_on ");
+ fall_through = rta_getattr_u32(tb[TCA_TCINDEX_FALL_THROUGH]);
+ fprintf(f, fall_through ? "fall_through " : "pass_on ");
}
if (tb[TCA_TCINDEX_CLASSID]) {
SPRINT_BUF(b1);
- fprintf(f, "classid %s ",sprint_tc_classid(*(__u32 *)
+ fprintf(f, "classid %s ", sprint_tc_classid(*(__u32 *)
RTA_DATA(tb[TCA_TCINDEX_CLASSID]), b1));
}
if (tb[TCA_TCINDEX_POLICE]) {
@@ -181,7 +173,7 @@
}
if (tb[TCA_TCINDEX_ACT]) {
fprintf(f, "\n");
- tc_print_police(f, tb[TCA_TCINDEX_ACT]);
+ tc_print_action(f, tb[TCA_TCINDEX_ACT], 0);
}
return 0;
}
diff --git a/tc/f_u32.c b/tc/f_u32.c
index 0b97678..14b9588 100644
--- a/tc/f_u32.c
+++ b/tc/f_u32.c
@@ -30,24 +30,23 @@
static void explain(void)
{
- fprintf(stderr, "Usage: ... u32 [ match SELECTOR ... ] [ link HTID ]"
- " [ classid CLASSID ]\n");
- fprintf(stderr, " [ action ACTION_SPEC ]"
- " [ offset OFFSET_SPEC ]\n");
- fprintf(stderr, " [ ht HTID ] [ hashkey HASHKEY_SPEC ]\n");
- fprintf(stderr, " [ sample SAMPLE ]\n");
- fprintf(stderr, "or u32 divisor DIVISOR\n");
- fprintf(stderr, "\n");
- fprintf(stderr, "Where: SELECTOR := SAMPLE SAMPLE ...\n");
- fprintf(stderr, " SAMPLE := { ip | ip6 | udp | tcp | icmp |"
- " u{32|16|8} | mark } SAMPLE_ARGS [divisor DIVISOR]\n");
- fprintf(stderr, " FILTERID := X:Y:Z\n");
- fprintf(stderr, "\nNOTE: CLASSID is parsed at hexadecimal input.\n");
+ fprintf(stderr,
+ "Usage: ... u32 [ match SELECTOR ... ] [ link HTID ] [ classid CLASSID ]\n"
+ " [ action ACTION_SPEC ] [ offset OFFSET_SPEC ]\n"
+ " [ ht HTID ] [ hashkey HASHKEY_SPEC ]\n"
+ " [ sample SAMPLE ] [skip_hw | skip_sw]\n"
+ "or u32 divisor DIVISOR\n"
+ "\n"
+ "Where: SELECTOR := SAMPLE SAMPLE ...\n"
+ " SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} | mark }\n"
+ " SAMPLE_ARGS [ divisor DIVISOR ]\n"
+ " FILTERID := X:Y:Z\n"
+ "\nNOTE: CLASSID is parsed at hexadecimal input.\n");
}
static int get_u32_handle(__u32 *handle, const char *str)
{
- __u32 htid=0, hash=0, nodeid=0;
+ __u32 htid = 0, hash = 0, nodeid = 0;
char *tmp = strchr(str, ':');
if (tmp == NULL) {
@@ -58,21 +57,21 @@
htid = strtoul(str, &tmp, 16);
if (tmp == str && *str != ':' && *str != 0)
return -1;
- if (htid>=0x1000)
+ if (htid >= 0x1000)
return -1;
if (*tmp) {
str = tmp + 1;
hash = strtoul(str, &tmp, 16);
if (tmp == str && *str != ':' && *str != 0)
return -1;
- if (hash>=0x100)
+ if (hash >= 0x100)
return -1;
if (*tmp) {
str = tmp + 1;
nodeid = strtoul(str, &tmp, 16);
if (tmp == str && *str != 0)
return -1;
- if (nodeid>=0x1000)
+ if (nodeid >= 0x1000)
return -1;
}
}
@@ -80,7 +79,7 @@
return 0;
}
-static char * sprint_u32_handle(__u32 handle, char *buf)
+static char *sprint_u32_handle(__u32 handle, char *buf)
{
int bsize = SPRINT_BSIZE-1;
__u32 htid = TC_U32_HTID(handle);
@@ -94,17 +93,20 @@
}
if (htid) {
int l = snprintf(b, bsize, "%x:", htid>>20);
+
bsize -= l;
b += l;
}
if (nodeid|hash) {
if (hash) {
int l = snprintf(b, bsize, "%x", hash);
+
bsize -= l;
b += l;
}
if (nodeid) {
int l = snprintf(b, bsize, ":%x", nodeid);
+
bsize -= l;
b += l;
}
@@ -122,7 +124,7 @@
key &= mask;
- for (i=0; i<hwm; i++) {
+ for (i = 0; i < hwm; i++) {
if (sel->keys[i].off == off && sel->keys[i].offmask == offmask) {
__u32 intersect = mask & sel->keys[i].mask;
@@ -171,7 +173,8 @@
return pack_key(sel, key, mask, off, offmask);
}
-static int pack_key8(struct tc_u32_sel *sel, __u32 key, __u32 mask, int off, int offmask)
+static int pack_key8(struct tc_u32_sel *sel, __u32 key, __u32 mask, int off,
+ int offmask)
{
if (key > 0xFF || mask > 0xFF)
return -1;
@@ -382,14 +385,14 @@
plen = addr.bitlen;
for (i = 0; i < plen; i += 32) {
-// if (((i + 31) & ~0x1F) <= plen) {
- if (i + 31 <= plen) {
+ if (i + 31 < plen) {
res = pack_key(sel, addr.data[i / 32],
0xFFFFFFFF, off + 4 * (i / 32), offmask);
if (res < 0)
return -1;
} else if (i < plen) {
__u32 mask = htonl(0xFFFFFFFF << (32 - (plen - i)));
+
res = pack_key(sel, addr.data[i / 32],
mask, off + 4 * (i / 32), offmask);
if (res < 0)
@@ -712,7 +715,7 @@
} else if (matches(*argv, "ip") == 0) {
NEXT_ARG();
res = parse_ip(&argc, &argv, sel);
- } else if (matches(*argv, "ip6") == 0) {
+ } else if (matches(*argv, "ip6") == 0) {
NEXT_ARG();
res = parse_ip6(&argc, &argv, sel);
} else if (matches(*argv, "udp") == 0) {
@@ -746,6 +749,7 @@
while (argc > 0) {
if (matches(*argv, "plus") == 0) {
int off;
+
NEXT_ARG();
if (get_integer(&off, *argv, 0))
return -1;
@@ -753,6 +757,7 @@
sel->flags |= TC_U32_OFFSET;
} else if (matches(*argv, "at") == 0) {
int off;
+
NEXT_ARG();
if (get_integer(&off, *argv, 0))
return -1;
@@ -763,14 +768,13 @@
}
sel->flags |= TC_U32_VAROFFSET;
} else if (matches(*argv, "mask") == 0) {
- __u16 mask;
NEXT_ARG();
- if (get_u16(&mask, *argv, 16))
+ if (get_be16(&sel->offmask, *argv, 16))
return -1;
- sel->offmask = htons(mask);
sel->flags |= TC_U32_VAROFFSET;
} else if (matches(*argv, "shift") == 0) {
int shift;
+
NEXT_ARG();
if (get_integer(&shift, *argv, 0))
return -1;
@@ -796,13 +800,12 @@
while (argc > 0) {
if (matches(*argv, "mask") == 0) {
- __u32 mask;
NEXT_ARG();
- if (get_u32(&mask, *argv, 16))
+ if (get_be32(&sel->hmask, *argv, 16))
return -1;
- sel->hmask = htonl(mask);
} else if (matches(*argv, "at") == 0) {
int num;
+
NEXT_ARG();
if (get_integer(&num, *argv, 0))
return -1;
@@ -828,22 +831,26 @@
case 0:
switch (ntohl(key->mask)) {
case 0x0f000000:
- fprintf(f, "\n match IP ihl %u", ntohl(key->val) >> 24);
+ fprintf(f, "\n match IP ihl %u",
+ ntohl(key->val) >> 24);
return;
case 0x00ff0000:
- fprintf(f, "\n match IP dsfield %#x", ntohl(key->val) >> 16);
+ fprintf(f, "\n match IP dsfield %#x",
+ ntohl(key->val) >> 16);
return;
}
break;
case 8:
if (ntohl(key->mask) == 0x00ff0000) {
- fprintf(f, "\n match IP protocol %d", ntohl(key->val) >> 16);
+ fprintf(f, "\n match IP protocol %d",
+ ntohl(key->val) >> 16);
return;
}
break;
case 12:
case 16: {
int bits = mask2bits(key->mask);
+
if (bits >= 0) {
fprintf(f, "\n %s %s/%d",
key->off == 12 ? "match IP src" : "match IP dst",
@@ -884,22 +891,26 @@
case 0:
switch (ntohl(key->mask)) {
case 0x0f000000:
- fprintf(f, "\n match IP ihl %u", ntohl(key->val) >> 24);
+ fprintf(f, "\n match IP ihl %u",
+ ntohl(key->val) >> 24);
return;
case 0x00ff0000:
- fprintf(f, "\n match IP dsfield %#x", ntohl(key->val) >> 16);
+ fprintf(f, "\n match IP dsfield %#x",
+ ntohl(key->val) >> 16);
return;
}
break;
case 8:
if (ntohl(key->mask) == 0x00ff0000) {
- fprintf(f, "\n match IP protocol %d", ntohl(key->val) >> 16);
+ fprintf(f, "\n match IP protocol %d",
+ ntohl(key->val) >> 16);
return;
}
break;
case 12:
case 16: {
int bits = mask2bits(key->mask);
+
if (bits >= 0) {
fprintf(f, "\n %s %s/%d",
key->off == 12 ? "match IP src" : "match IP dst",
@@ -946,7 +957,7 @@
__u16 pad;
void (*pprinter)(FILE *f, const struct tc_u32_key *key);
} u32_pprinters[] = {
- {0, 0, print_raw},
+ {0, 0, print_raw},
{ETH_P_IP, 0, print_ipv4},
{ETH_P_IPV6, 0, print_ipv6},
};
@@ -958,7 +969,7 @@
if (!show_pretty)
goto show_k;
- for (i = 0; i < sizeof(u32_pprinters) / sizeof(u32_pprinters[0]); i++) {
+ for (i = 0; i < ARRAY_SIZE(u32_pprinters); i++) {
if (u32_pprinters[i].proto == ntohs(f_proto)) {
show_k:
u32_pprinters[i].pprinter(f, key);
@@ -976,15 +987,14 @@
struct {
struct tc_u32_sel sel;
struct tc_u32_key keys[128];
- } sel;
+ } sel = {};
struct tcmsg *t = NLMSG_DATA(n);
struct rtattr *tail;
int sel_ok = 0, terminal_ok = 0;
int sample_ok = 0;
__u32 htid = 0;
__u32 order = 0;
-
- memset(&sel, 0, sizeof(sel));
+ __u32 flags = 0;
if (handle && get_u32_handle(&t->tcm_handle, handle)) {
fprintf(stderr, "Illegal filter ID\n");
@@ -1022,16 +1032,18 @@
continue;
} else if (matches(*argv, "classid") == 0 ||
strcmp(*argv, "flowid") == 0) {
- unsigned handle;
+ unsigned int flowid;
+
NEXT_ARG();
- if (get_tc_classid(&handle, *argv)) {
+ if (get_tc_classid(&flowid, *argv)) {
fprintf(stderr, "Illegal \"classid\"\n");
return -1;
}
- addattr_l(n, MAX_MSG, TCA_U32_CLASSID, &handle, 4);
+ addattr_l(n, MAX_MSG, TCA_U32_CLASSID, &flowid, 4);
sel.sel.flags |= TC_U32_TERMINAL;
} else if (matches(*argv, "divisor") == 0) {
- unsigned divisor;
+ unsigned int divisor;
+
NEXT_ARG();
if (get_unsigned(&divisor, *argv, 0) ||
divisor == 0 ||
@@ -1047,55 +1059,56 @@
return -1;
}
} else if (strcmp(*argv, "link") == 0) {
- unsigned handle;
+ unsigned int linkid;
+
NEXT_ARG();
- if (get_u32_handle(&handle, *argv)) {
+ if (get_u32_handle(&linkid, *argv)) {
fprintf(stderr, "Illegal \"link\"\n");
return -1;
}
- if (handle && TC_U32_NODE(handle)) {
+ if (linkid && TC_U32_NODE(linkid)) {
fprintf(stderr, "\"link\" must be a hash table.\n");
return -1;
}
- addattr_l(n, MAX_MSG, TCA_U32_LINK, &handle, 4);
+ addattr_l(n, MAX_MSG, TCA_U32_LINK, &linkid, 4);
} else if (strcmp(*argv, "ht") == 0) {
- unsigned handle;
+ unsigned int ht;
+
NEXT_ARG();
- if (get_u32_handle(&handle, *argv)) {
+ if (get_u32_handle(&ht, *argv)) {
fprintf(stderr, "Illegal \"ht\"\n");
return -1;
}
- if (handle && TC_U32_NODE(handle)) {
+ if (handle && TC_U32_NODE(ht)) {
fprintf(stderr, "\"ht\" must be a hash table.\n");
return -1;
}
if (sample_ok)
- htid = (htid & 0xFF000) | (handle & 0xFFF00000);
+ htid = (htid & 0xFF000) | (ht & 0xFFF00000);
else
- htid = (handle & 0xFFFFF000);
+ htid = (ht & 0xFFFFF000);
} else if (strcmp(*argv, "sample") == 0) {
__u32 hash;
- unsigned divisor = 0x100;
-
+ unsigned int divisor = 0x100;
struct {
struct tc_u32_sel sel;
struct tc_u32_key keys[4];
- } sel2;
- memset(&sel2, 0, sizeof(sel2));
+ } sel2 = {};
+
NEXT_ARG();
if (parse_selector(&argc, &argv, &sel2.sel, n)) {
fprintf(stderr, "Illegal \"sample\"\n");
return -1;
}
if (sel2.sel.nkeys != 1) {
- fprintf(stderr, "\"sample\" must contain"
- " exactly ONE key.\n");
+ fprintf(stderr, "\"sample\" must contain exactly ONE key.\n");
return -1;
}
if (*argv != 0 && strcmp(*argv, "divisor") == 0) {
NEXT_ARG();
- if (get_unsigned(&divisor, *argv, 0) || divisor == 0 ||
- divisor > 0x100 || ((divisor - 1) & divisor)) {
+ if (get_unsigned(&divisor, *argv, 0) ||
+ divisor == 0 || divisor > 0x100 ||
+ ((divisor - 1) & divisor)) {
fprintf(stderr, "Illegal sample \"divisor\"\n");
return -1;
}
@@ -1108,16 +1121,17 @@
sample_ok = 1;
continue;
} else if (strcmp(*argv, "indev") == 0) {
- char ind[IFNAMSIZ + 1];
- memset(ind, 0, sizeof (ind));
+ char ind[IFNAMSIZ + 1] = {};
+
argc--;
argv++;
if (argc < 1) {
fprintf(stderr, "Illegal indev\n");
return -1;
}
- strncpy(ind, *argv, sizeof (ind) - 1);
- addattr_l(n, MAX_MSG, TCA_U32_INDEV, ind, strlen(ind) + 1);
+ strncpy(ind, *argv, sizeof(ind) - 1);
+ addattr_l(n, MAX_MSG, TCA_U32_INDEV, ind,
+ strlen(ind) + 1);
} else if (matches(*argv, "action") == 0) {
NEXT_ARG();
@@ -1136,6 +1150,14 @@
}
terminal_ok++;
continue;
+ } else if (strcmp(*argv, "skip_hw") == 0) {
+ NEXT_ARG();
+ flags |= TCA_CLS_FLAGS_SKIP_HW;
+ continue;
+ } else if (strcmp(*argv, "skip_sw") == 0) {
+ NEXT_ARG();
+ flags |= TCA_CLS_FLAGS_SKIP_SW;
+ continue;
} else if (strcmp(*argv, "help") == 0) {
explain();
return -1;
@@ -1152,7 +1174,8 @@
sel.sel.flags |= TC_U32_TERMINAL;
if (order) {
- if (TC_U32_NODE(t->tcm_handle) && order != TC_U32_NODE(t->tcm_handle)) {
+ if (TC_U32_NODE(t->tcm_handle) &&
+ order != TC_U32_NODE(t->tcm_handle)) {
fprintf(stderr, "\"order\" contradicts \"handle\"\n");
return -1;
}
@@ -1163,7 +1186,18 @@
addattr_l(n, MAX_MSG, TCA_U32_HASH, &htid, 4);
if (sel_ok)
addattr_l(n, MAX_MSG, TCA_U32_SEL, &sel,
- sizeof(sel.sel) + sel.sel.nkeys * sizeof(struct tc_u32_key));
+ sizeof(sel.sel) +
+ sel.sel.nkeys * sizeof(struct tc_u32_key));
+ if (flags) {
+ if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW |
+ TCA_CLS_FLAGS_SKIP_SW))) {
+ fprintf(stderr,
+ "skip_hw and skip_sw are mutually exclusive\n");
+ return -1;
+ }
+ addattr_l(n, MAX_MSG, TCA_U32_FLAGS, &flags, 4);
+ }
+
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
return 0;
}
@@ -1184,9 +1218,9 @@
SPRINT_BUF(b1);
fprintf(f, "fh %s ", sprint_u32_handle(handle, b1));
}
- if (TC_U32_NODE(handle)) {
+
+ if (TC_U32_NODE(handle))
fprintf(f, "order %d ", TC_U32_NODE(handle));
- }
if (tb[TCA_U32_SEL]) {
if (RTA_PAYLOAD(tb[TCA_U32_SEL]) < sizeof(*sel))
@@ -1196,9 +1230,11 @@
}
if (tb[TCA_U32_DIVISOR]) {
- fprintf(f, "ht divisor %d ", rta_getattr_u32(tb[TCA_U32_DIVISOR]));
+ fprintf(f, "ht divisor %d ",
+ rta_getattr_u32(tb[TCA_U32_DIVISOR]));
} else if (tb[TCA_U32_HASH]) {
__u32 htid = rta_getattr_u32(tb[TCA_U32_HASH]);
+
fprintf(f, "key ht %x bkt %x ", TC_U32_USERHTID(htid),
TC_U32_HASH(htid));
} else {
@@ -1208,19 +1244,35 @@
SPRINT_BUF(b1);
fprintf(f, "%sflowid %s ",
!sel || !(sel->flags & TC_U32_TERMINAL) ? "*" : "",
- sprint_tc_classid(rta_getattr_u32(tb[TCA_U32_CLASSID]), b1));
+ sprint_tc_classid(rta_getattr_u32(tb[TCA_U32_CLASSID]),
+ b1));
} else if (sel && sel->flags & TC_U32_TERMINAL) {
fprintf(f, "terminal flowid ??? ");
}
if (tb[TCA_U32_LINK]) {
SPRINT_BUF(b1);
fprintf(f, "link %s ",
- sprint_u32_handle(rta_getattr_u32(tb[TCA_U32_LINK]), b1));
+ sprint_u32_handle(rta_getattr_u32(tb[TCA_U32_LINK]),
+ b1));
+ }
+
+ if (tb[TCA_U32_FLAGS]) {
+ __u32 flags = rta_getattr_u32(tb[TCA_U32_FLAGS]);
+
+ if (flags & TCA_CLS_FLAGS_SKIP_HW)
+ fprintf(f, "skip_hw ");
+ if (flags & TCA_CLS_FLAGS_SKIP_SW)
+ fprintf(f, "skip_sw ");
+
+ if (flags & TCA_CLS_FLAGS_IN_HW)
+ fprintf(f, "in_hw ");
+ else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
+ fprintf(f, "not_in_hw ");
}
if (tb[TCA_U32_PCNT]) {
if (RTA_PAYLOAD(tb[TCA_U32_PCNT]) < sizeof(*pf)) {
- fprintf(f, "Broken perf counters \n");
+ fprintf(f, "Broken perf counters\n");
return -1;
}
pf = RTA_DATA(tb[TCA_U32_PCNT]);
@@ -1233,6 +1285,7 @@
if (tb[TCA_U32_MARK]) {
struct tc_u32_mark *mark = RTA_DATA(tb[TCA_U32_MARK]);
+
if (RTA_PAYLOAD(tb[TCA_U32_MARK]) < sizeof(*mark)) {
fprintf(f, "\n Invalid mark (kernel&iproute2 mismatch)\n");
} else {
@@ -1244,7 +1297,8 @@
if (sel) {
if (sel->nkeys) {
int i;
- for (i=0; i<sel->nkeys; i++) {
+
+ for (i = 0; i < sel->nkeys; i++) {
show_keys(f, sel->keys + i);
if (show_stats && NULL != pf)
fprintf(f, " (success %llu ) ",
@@ -1274,13 +1328,15 @@
fprintf(f, "\n");
tc_print_police(f, tb[TCA_U32_POLICE]);
}
+
if (tb[TCA_U32_INDEV]) {
struct rtattr *idev = tb[TCA_U32_INDEV];
+
fprintf(f, "\n input dev %s\n", rta_getattr_str(idev));
}
- if (tb[TCA_U32_ACT]) {
- tc_print_action(f, tb[TCA_U32_ACT]);
- }
+
+ if (tb[TCA_U32_ACT])
+ tc_print_action(f, tb[TCA_U32_ACT], 0);
return 0;
}
diff --git a/tc/m_action.c b/tc/m_action.c
index 8d3d51e..e8c94e5 100644
--- a/tc/m_action.c
+++ b/tc/m_action.c
@@ -28,16 +28,15 @@
#include "tc_common.h"
#include "tc_util.h"
-static struct action_util * action_list;
-
+static struct action_util *action_list;
#ifdef ANDROID
extern struct action_util mirred_action_util;
#endif
#ifdef CONFIG_GACT
-int gact_ld = 0 ; //fuckin backward compatibility
+int gact_ld; /* f*ckin backward compatibility */
#endif
-int tab_flush = 0;
+int tab_flush;
static void act_usage(void)
{
@@ -48,10 +47,10 @@
* does that, they would know how to fix this ..
*
*/
- fprintf (stderr, "usage: tc actions <ACTSPECOP>*\n");
+ fprintf(stderr, "usage: tc actions <ACTSPECOP>*\n");
fprintf(stderr,
"Where: \tACTSPECOP := ACR | GD | FL\n"
- "\tACR := add | change | replace <ACTSPEC>* \n"
+ "\tACR := add | change | replace <ACTSPEC>*\n"
"\tGD := get | delete | <ACTISPEC>*\n"
"\tFL := ls | list | flush | <ACTNAMESPEC>\n"
"\tACTNAMESPEC := action <ACTNAME>\n"
@@ -70,7 +69,7 @@
{
if (opt && RTA_PAYLOAD(opt))
fprintf(f, "[Unknown action, optlen=%u] ",
- (unsigned) RTA_PAYLOAD(opt));
+ (unsigned int) RTA_PAYLOAD(opt));
return 0;
}
@@ -135,13 +134,12 @@
#ifdef CONFIG_GACT
if (!looked4gact) {
looked4gact = 1;
- strcpy(str,"gact");
+ strcpy(str, "gact");
goto restart_s;
}
#endif
- a = malloc(sizeof(*a));
+ a = calloc(1, sizeof(*a));
if (a) {
- memset(a, 0, sizeof(*a));
strncpy(a->id, "noact", 15);
a->parse_aopt = parse_noaopt;
a->print_aopt = print_noaopt;
@@ -154,9 +152,9 @@
new_cmd(char **argv)
{
if ((matches(*argv, "change") == 0) ||
- (matches(*argv, "replace") == 0)||
- (matches(*argv, "delete") == 0)||
- (matches(*argv, "get") == 0)||
+ (matches(*argv, "replace") == 0) ||
+ (matches(*argv, "delete") == 0) ||
+ (matches(*argv, "get") == 0) ||
(matches(*argv, "add") == 0))
return 1;
@@ -164,18 +162,19 @@
}
-int
-parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
+int parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
{
int argc = *argc_p;
char **argv = *argv_p;
struct rtattr *tail, *tail2;
char k[16];
+ int act_ck_len = 0;
int ok = 0;
int eap = 0; /* expect action parameters */
int ret = 0;
int prio = 0;
+ unsigned char act_ck[TC_COOKIE_MAX_SIZE];
if (argc <= 0)
return -1;
@@ -186,9 +185,9 @@
while (argc > 0) {
- memset(k, 0, sizeof (k));
+ memset(k, 0, sizeof(k));
- if (strcmp(*argv, "action") == 0 ) {
+ if (strcmp(*argv, "action") == 0) {
argc--;
argv++;
eap = 1;
@@ -208,9 +207,10 @@
goto done0;
} else {
struct action_util *a = NULL;
- strncpy(k, *argv, sizeof (k) - 1);
+
+ strncpy(k, *argv, sizeof(k) - 1);
eap = 0;
- if (argc > 0 ) {
+ if (argc > 0) {
a = get_action_kind(k);
} else {
done0:
@@ -220,7 +220,7 @@
goto done;
}
- if (NULL == a) {
+ if (a == NULL) {
goto bad_val;
}
@@ -228,20 +228,48 @@
addattr_l(n, MAX_MSG, ++prio, NULL, 0);
addattr_l(n, MAX_MSG, TCA_ACT_KIND, k, strlen(k) + 1);
- ret = a->parse_aopt(a,&argc, &argv, TCA_ACT_OPTIONS, n);
+ ret = a->parse_aopt(a, &argc, &argv, TCA_ACT_OPTIONS,
+ n);
if (ret < 0) {
- fprintf(stderr,"bad action parsing\n");
+ fprintf(stderr, "bad action parsing\n");
goto bad_val;
}
+
+ if (*argv && strcmp(*argv, "cookie") == 0) {
+ size_t slen;
+
+ NEXT_ARG();
+ slen = strlen(*argv);
+ if (slen > TC_COOKIE_MAX_SIZE * 2) {
+ char cookie_err_m[128];
+
+ snprintf(cookie_err_m, 128,
+ "%zd Max allowed size %d",
+ slen, TC_COOKIE_MAX_SIZE*2);
+ invarg(cookie_err_m, *argv);
+ }
+
+ if (hex2mem(*argv, act_ck, slen / 2) < 0)
+ invarg("cookie must be a hex string\n",
+ *argv);
+
+ act_ck_len = slen / 2;
+ argc--;
+ argv++;
+ }
+
+ if (act_ck_len)
+ addattr_l(n, MAX_MSG, TCA_ACT_COOKIE,
+ &act_ck, act_ck_len);
+
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
ok++;
}
-
}
if (eap > 0) {
- fprintf(stderr,"bad action empty %d\n",eap);
+ fprintf(stderr, "bad action empty %d\n", eap);
goto bad_val;
}
@@ -254,12 +282,11 @@
bad_val:
/* no need to undo things, returning from here should
* cause enough pain */
- fprintf(stderr, "parse_action: bad value (%d:%s)!\n",argc,*argv);
+ fprintf(stderr, "parse_action: bad value (%d:%s)!\n", argc, *argv);
return -1;
}
-static int
-tc_print_one_action(FILE * f, struct rtattr *arg)
+static int tc_print_one_action(FILE *f, struct rtattr *arg)
{
struct rtattr *tb[TCA_ACT_MAX + 1];
@@ -278,17 +305,26 @@
a = get_action_kind(RTA_DATA(tb[TCA_ACT_KIND]));
- if (NULL == a)
+ if (a == NULL)
return err;
err = a->print_aopt(a, f, tb[TCA_ACT_OPTIONS]);
- if (0 > err)
+ if (err < 0)
return err;
if (show_stats && tb[TCA_ACT_STATS]) {
+
fprintf(f, "\tAction statistics:\n");
print_tcstats2_attr(f, tb[TCA_ACT_STATS], "\t", NULL);
+ if (tb[TCA_ACT_COOKIE]) {
+ int strsz = RTA_PAYLOAD(tb[TCA_ACT_COOKIE]);
+ char b1[strsz * 2 + 1];
+
+ fprintf(f, "\n\tcookie len %d %s ", strsz,
+ hexstring_n2a(RTA_DATA(tb[TCA_ACT_COOKIE]),
+ strsz, b1, sizeof(b1)));
+ }
fprintf(f, "\n");
}
@@ -312,34 +348,38 @@
}
a = get_action_kind(RTA_DATA(tb[TCA_KIND]));
- if (NULL == a)
+ if (a == NULL)
return err;
delete_count = RTA_DATA(tb[TCA_FCNT]);
- fprintf(f," %s (%d entries)\n", a->id, *delete_count);
+ fprintf(f, " %s (%d entries)\n", a->id, *delete_count);
tab_flush = 0;
return 0;
}
int
-tc_print_action(FILE *f, const struct rtattr *arg)
+tc_print_action(FILE *f, const struct rtattr *arg, unsigned short tot_acts)
{
int i;
- struct rtattr *tb[TCA_ACT_MAX_PRIO + 1];
if (arg == NULL)
return 0;
- parse_rtattr_nested(tb, TCA_ACT_MAX_PRIO, arg);
+ if (!tot_acts)
+ tot_acts = TCA_ACT_MAX_PRIO;
+
+ struct rtattr *tb[tot_acts + 1];
+
+ parse_rtattr_nested(tb, tot_acts, arg);
if (tab_flush && NULL != tb[0] && NULL == tb[1])
return tc_print_action_flush(f, tb[0]);
- for (i = 0; i < TCA_ACT_MAX_PRIO; i++) {
+ for (i = 0; i < tot_acts; i++) {
if (tb[i]) {
fprintf(f, "\n\taction order %d: ", i);
- if (0 > tc_print_one_action(f, tb[i])) {
+ if (tc_print_one_action(f, tb[i]) < 0) {
fprintf(f, "Error printing action\n");
}
}
@@ -353,10 +393,11 @@
struct nlmsghdr *n,
void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct tcamsg *t = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[TCAA_MAX+1];
+ __u32 *tot_acts = NULL;
+ struct rtattr *tb[TCA_ROOT_MAX+1];
len -= NLMSG_LENGTH(sizeof(*t));
@@ -365,9 +406,13 @@
return -1;
}
- parse_rtattr(tb, TCAA_MAX, TA_RTA(t), len);
+ parse_rtattr(tb, TCA_ROOT_MAX, TA_RTA(t), len);
- if (NULL == tb[TCA_ACT_TAB]) {
+ if (tb[TCA_ROOT_COUNT])
+ tot_acts = RTA_DATA(tb[TCA_ROOT_COUNT]);
+
+ fprintf(fp, "total acts %d\n", tot_acts ? *tot_acts:0);
+ if (tb[TCA_ACT_TAB] == NULL) {
if (n->nlmsg_type != RTM_GETACTION)
fprintf(stderr, "print_action: NULL kind\n");
return -1;
@@ -378,18 +423,26 @@
fprintf(fp, "Flushed table ");
tab_flush = 1;
} else {
- fprintf(fp, "deleted action ");
+ fprintf(fp, "Deleted action ");
}
}
- if (n->nlmsg_type == RTM_NEWACTION)
- fprintf(fp, "Added action ");
- tc_print_action(fp, tb[TCA_ACT_TAB]);
+ if (n->nlmsg_type == RTM_NEWACTION) {
+ if ((n->nlmsg_flags & NLM_F_CREATE) &&
+ !(n->nlmsg_flags & NLM_F_REPLACE)) {
+ fprintf(fp, "Added action ");
+ } else if (n->nlmsg_flags & NLM_F_REPLACE) {
+ fprintf(fp, "Replaced action ");
+ }
+ }
+
+
+ tc_print_action(fp, tb[TCA_ACT_TAB], tot_acts ? *tot_acts:0);
return 0;
}
-static int tc_action_gd(int cmd, unsigned flags, int *argc_p, char ***argv_p)
+static int tc_action_gd(int cmd, unsigned int flags, int *argc_p, char ***argv_p)
{
char k[16];
struct action_util *a = NULL;
@@ -397,8 +450,7 @@
char **argv = *argv_p;
int prio = 0;
int ret = 0;
- __u32 i;
- struct sockaddr_nl nladdr;
+ __u32 i = 0;
struct rtattr *tail;
struct rtattr *tail2;
struct nlmsghdr *ans = NULL;
@@ -407,27 +459,22 @@
struct nlmsghdr n;
struct tcamsg t;
char buf[MAX_MSG];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcamsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .t.tca_family = AF_UNSPEC,
+ };
- req.t.tca_family = AF_UNSPEC;
-
- memset(&req, 0, sizeof(req));
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcamsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- argc -=1;
- argv +=1;
+ argc -= 1;
+ argv += 1;
tail = NLMSG_TAIL(&req.n);
addattr_l(&req.n, MAX_MSG, TCA_ACT_TAB, NULL, 0);
while (argc > 0) {
- if (strcmp(*argv, "action") == 0 ) {
+ if (strcmp(*argv, "action") == 0) {
argc--;
argv++;
continue;
@@ -435,23 +482,23 @@
return -1;
}
- strncpy(k, *argv, sizeof (k) - 1);
+ strncpy(k, *argv, sizeof(k) - 1);
a = get_action_kind(k);
- if (NULL == a) {
- fprintf(stderr, "Error: non existent action: %s\n",k);
+ if (a == NULL) {
+ fprintf(stderr, "Error: non existent action: %s\n", k);
ret = -1;
goto bad_val;
}
if (strcmp(a->id, k) != 0) {
- fprintf(stderr, "Error: non existent action: %s\n",k);
+ fprintf(stderr, "Error: non existent action: %s\n", k);
ret = -1;
goto bad_val;
}
- argc -=1;
- argv +=1;
+ argc -= 1;
+ argv += 1;
if (argc <= 0) {
- fprintf(stderr, "Error: no index specified action: %s\n",k);
+ fprintf(stderr, "Error: no index specified action: %s\n", k);
ret = -1;
goto bad_val;
}
@@ -463,10 +510,10 @@
ret = -1;
goto bad_val;
}
- argc -=1;
- argv +=1;
+ argc -= 1;
+ argv += 1;
} else {
- fprintf(stderr, "Error: no index specified action: %s\n",k);
+ fprintf(stderr, "Error: no index specified action: %s\n", k);
ret = -1;
goto bad_val;
}
@@ -474,7 +521,8 @@
tail2 = NLMSG_TAIL(&req.n);
addattr_l(&req.n, MAX_MSG, ++prio, NULL, 0);
addattr_l(&req.n, MAX_MSG, TCA_ACT_KIND, k, strlen(k) + 1);
- addattr32(&req.n, MAX_MSG, TCA_ACT_INDEX, i);
+ if (i > 0)
+ addattr32(&req.n, MAX_MSG, TCA_ACT_INDEX, i);
tail2->rta_len = (void *) NLMSG_TAIL(&req.n) - (void *) tail2;
}
@@ -490,7 +538,7 @@
return 1;
}
- if (ans && print_action(NULL, &req.n, (void*)stdout) < 0) {
+ if (ans && print_action(NULL, &req.n, (void *)stdout) < 0) {
fprintf(stderr, "Dump terminated\n");
return 1;
}
@@ -501,29 +549,25 @@
return ret;
}
-static int tc_action_modify(int cmd, unsigned flags, int *argc_p, char ***argv_p)
+static int tc_action_modify(int cmd, unsigned int flags, int *argc_p, char ***argv_p)
{
int argc = *argc_p;
char **argv = *argv_p;
int ret = 0;
-
- struct rtattr *tail;
struct {
struct nlmsghdr n;
struct tcamsg t;
char buf[MAX_MSG];
- } req;
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcamsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .t.tca_family = AF_UNSPEC,
+ };
+ struct rtattr *tail = NLMSG_TAIL(&req.n);
- req.t.tca_family = AF_UNSPEC;
-
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcamsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- tail = NLMSG_TAIL(&req.n);
- argc -=1;
- argv +=1;
+ argc -= 1;
+ argv += 1;
if (parse_action(&argc, &argv, TCA_ACT_TAB, &req.n)) {
fprintf(stderr, "Illegal \"action\"\n");
return -1;
@@ -541,50 +585,71 @@
return ret;
}
-static int tc_act_list_or_flush(int argc, char **argv, int event)
+static int tc_act_list_or_flush(int *argc_p, char ***argv_p, int event)
{
+ struct rtattr *tail, *tail2, *tail3, *tail4;
int ret = 0, prio = 0, msg_size = 0;
- char k[16];
- struct rtattr *tail,*tail2;
struct action_util *a = NULL;
+ struct nla_bitfield32 flag_select = { 0 };
+ char **argv = *argv_p;
+ __u32 msec_since = 0;
+ int argc = *argc_p;
+ char k[16];
struct {
struct nlmsghdr n;
struct tcamsg t;
char buf[MAX_MSG];
- } req;
-
- req.t.tca_family = AF_UNSPEC;
-
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcamsg));
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcamsg)),
+ .t.tca_family = AF_UNSPEC,
+ };
tail = NLMSG_TAIL(&req.n);
addattr_l(&req.n, MAX_MSG, TCA_ACT_TAB, NULL, 0);
tail2 = NLMSG_TAIL(&req.n);
- strncpy(k, *argv, sizeof (k) - 1);
+ strncpy(k, *argv, sizeof(k) - 1);
#ifdef CONFIG_GACT
if (!gact_ld) {
get_action_kind("gact");
}
#endif
a = get_action_kind(k);
- if (NULL == a) {
- fprintf(stderr,"bad action %s\n",k);
+ if (a == NULL) {
+ fprintf(stderr, "bad action %s\n", k);
goto bad_val;
}
if (strcmp(a->id, k) != 0) {
- fprintf(stderr,"bad action %s\n",k);
+ fprintf(stderr, "bad action %s\n", k);
goto bad_val;
}
- strncpy(k, *argv, sizeof (k) - 1);
+ strncpy(k, *argv, sizeof(k) - 1);
+
+ argc -= 1;
+ argv += 1;
+
+ if (argc && (strcmp(*argv, "since") == 0)) {
+ NEXT_ARG();
+ if (get_u32(&msec_since, *argv, 0))
+ invarg("dump time \"since\" is invalid", *argv);
+ }
addattr_l(&req.n, MAX_MSG, ++prio, NULL, 0);
addattr_l(&req.n, MAX_MSG, TCA_ACT_KIND, k, strlen(k) + 1);
tail2->rta_len = (void *) NLMSG_TAIL(&req.n) - (void *) tail2;
tail->rta_len = (void *) NLMSG_TAIL(&req.n) - (void *) tail;
+ tail3 = NLMSG_TAIL(&req.n);
+ flag_select.value |= TCA_FLAG_LARGE_DUMP_ON;
+ flag_select.selector |= TCA_FLAG_LARGE_DUMP_ON;
+ addattr_l(&req.n, MAX_MSG, TCA_ROOT_FLAGS, &flag_select,
+ sizeof(struct nla_bitfield32));
+ tail3->rta_len = (void *) NLMSG_TAIL(&req.n) - (void *) tail3;
+ if (msec_since) {
+ tail4 = NLMSG_TAIL(&req.n);
+ addattr32(&req.n, MAX_MSG, TCA_ROOT_TIME_DELTA, msec_since);
+ tail4->rta_len = (void *) NLMSG_TAIL(&req.n) - (void *) tail4;
+ }
msg_size = NLMSG_ALIGN(req.n.nlmsg_len) - NLMSG_ALIGN(sizeof(struct nlmsghdr));
if (event == RTM_GETACTION) {
@@ -609,6 +674,8 @@
bad_val:
+ *argc_p = argc;
+ *argv_p = argv;
return ret;
}
@@ -625,12 +692,12 @@
matches(*argv, "replace") == 0) {
ret = tc_action_modify(RTM_NEWACTION, NLM_F_CREATE|NLM_F_REPLACE, &argc, &argv);
} else if (matches(*argv, "delete") == 0) {
- argc -=1;
- argv +=1;
+ argc -= 1;
+ argv += 1;
ret = tc_action_gd(RTM_DELACTION, 0, &argc, &argv);
} else if (matches(*argv, "get") == 0) {
- argc -=1;
- argv +=1;
+ argc -= 1;
+ argv += 1;
ret = tc_action_gd(RTM_GETACTION, 0, &argc, &argv);
} else if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0
|| matches(*argv, "lst") == 0) {
@@ -638,25 +705,31 @@
act_usage();
return -1;
}
- return tc_act_list_or_flush(argc-2, argv+2, RTM_GETACTION);
+
+ argc -= 2;
+ argv += 2;
+ return tc_act_list_or_flush(&argc, &argv,
+ RTM_GETACTION);
} else if (matches(*argv, "flush") == 0) {
if (argc <= 2) {
act_usage();
return -1;
}
- return tc_act_list_or_flush(argc-2, argv+2, RTM_DELACTION);
+
+ argc -= 2;
+ argv += 2;
+ return tc_act_list_or_flush(&argc, &argv,
+ RTM_DELACTION);
} else if (matches(*argv, "help") == 0) {
act_usage();
return -1;
} else {
-
- ret = -1;
- }
-
- if (ret < 0) {
fprintf(stderr, "Command \"%s\" is unknown, try \"tc actions help\".\n", *argv);
return -1;
}
+
+ if (ret < 0)
+ return -1;
}
return 0;
diff --git a/tc/m_bpf.c b/tc/m_bpf.c
index c5e2fa5..e3d0a2b 100644
--- a/tc/m_bpf.c
+++ b/tc/m_bpf.c
@@ -17,18 +17,12 @@
#include <linux/tc_act/tc_bpf.h>
#include "utils.h"
+
#include "tc_util.h"
-#include "tc_bpf.h"
+#include "bpf_util.h"
static const enum bpf_prog_type bpf_type = BPF_PROG_TYPE_SCHED_ACT;
-static const int nla_tbl[BPF_NLA_MAX] = {
- [BPF_NLA_OPS_LEN] = TCA_ACT_BPF_OPS_LEN,
- [BPF_NLA_OPS] = TCA_ACT_BPF_OPS,
- [BPF_NLA_FD] = TCA_ACT_BPF_FD,
- [BPF_NLA_NAME] = TCA_ACT_BPF_NAME,
-};
-
static void explain(void)
{
fprintf(stderr, "Usage: ... bpf ... [ index INDEX ]\n");
@@ -50,7 +44,7 @@
fprintf(stderr, "pinned eBPF program.\n");
fprintf(stderr, "\n");
fprintf(stderr, "Where ACT_NAME refers to the section name containing the\n");
- fprintf(stderr, "action (default \'%s\').\n", bpf_default_section(bpf_type));
+ fprintf(stderr, "action (default \'%s\').\n", bpf_prog_to_default_section(bpf_type));
fprintf(stderr, "\n");
fprintf(stderr, "Where UDS_FILE points to a unix domain socket file in order\n");
fprintf(stderr, "to hand off control of all created eBPF maps to an agent.\n");
@@ -59,11 +53,30 @@
fprintf(stderr, "explicitly specifies an action index upon creation.\n");
}
+static void bpf_cbpf_cb(void *nl, const struct sock_filter *ops, int ops_len)
+{
+ addattr16(nl, MAX_MSG, TCA_ACT_BPF_OPS_LEN, ops_len);
+ addattr_l(nl, MAX_MSG, TCA_ACT_BPF_OPS, ops,
+ ops_len * sizeof(struct sock_filter));
+}
+
+static void bpf_ebpf_cb(void *nl, int fd, const char *annotation)
+{
+ addattr32(nl, MAX_MSG, TCA_ACT_BPF_FD, fd);
+ addattrstrz(nl, MAX_MSG, TCA_ACT_BPF_NAME, annotation);
+}
+
+static const struct bpf_cfg_ops bpf_cb_ops = {
+ .cbpf_cb = bpf_cbpf_cb,
+ .ebpf_cb = bpf_ebpf_cb,
+};
+
static int bpf_parse_opt(struct action_util *a, int *ptr_argc, char ***ptr_argv,
int tca_id, struct nlmsghdr *n)
{
const char *bpf_obj = NULL, *bpf_uds_name = NULL;
- struct tc_act_bpf parm;
+ struct tc_act_bpf parm = {};
+ struct bpf_cfg_in cfg = {};
bool seen_run = false;
struct rtattr *tail;
int argc, ret = 0;
@@ -85,11 +98,17 @@
NEXT_ARG();
opt_bpf:
seen_run = true;
- if (bpf_parse_common(&argc, &argv, nla_tbl, bpf_type,
- &bpf_obj, &bpf_uds_name, n)) {
- fprintf(stderr, "Failed to retrieve (e)BPF data!\n");
+ cfg.argc = argc;
+ cfg.argv = argv;
+
+ if (bpf_parse_common(bpf_type, &cfg, &bpf_cb_ops, n))
return -1;
- }
+
+ argc = cfg.argc;
+ argv = cfg.argv;
+
+ bpf_obj = cfg.object;
+ bpf_uds_name = cfg.uds;
} else if (matches(*argv, "help") == 0) {
explain();
return -1;
@@ -104,29 +123,8 @@
NEXT_ARG_FWD();
}
- memset(&parm, 0, sizeof(parm));
- parm.action = TC_ACT_PIPE;
-
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- parm.action = TC_ACT_RECLASSIFY;
- NEXT_ARG_FWD();
- } else if (matches(*argv, "pipe") == 0) {
- parm.action = TC_ACT_PIPE;
- NEXT_ARG_FWD();
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- parm.action = TC_ACT_SHOT;
- NEXT_ARG_FWD();
- } else if (matches(*argv, "continue") == 0) {
- parm.action = TC_ACT_UNSPEC;
- NEXT_ARG_FWD();
- } else if (matches(*argv, "pass") == 0 ||
- matches(*argv, "ok") == 0) {
- parm.action = TC_ACT_OK;
- NEXT_ARG_FWD();
- }
- }
+ parse_action_control_dflt(&argc, &argv, &parm.action,
+ false, TC_ACT_PIPE);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -156,7 +154,7 @@
{
struct rtattr *tb[TCA_ACT_BPF_MAX + 1];
struct tc_act_bpf *parm;
- SPRINT_BUF(action_buf);
+ int dump_ok = 0;
if (arg == NULL)
return -1;
@@ -173,8 +171,6 @@
if (tb[TCA_ACT_BPF_NAME])
fprintf(f, "%s ", rta_getattr_str(tb[TCA_ACT_BPF_NAME]));
- else if (tb[TCA_ACT_BPF_FD])
- fprintf(f, "pfd %u ", rta_getattr_u32(tb[TCA_ACT_BPF_FD]));
if (tb[TCA_ACT_BPF_OPS] && tb[TCA_ACT_BPF_OPS_LEN]) {
bpf_print_ops(f, tb[TCA_ACT_BPF_OPS],
@@ -182,14 +178,25 @@
fprintf(f, " ");
}
- fprintf(f, "default-action %s\n", action_n2a(parm->action, action_buf,
- sizeof(action_buf)));
- fprintf(f, "\tindex %d ref %d bind %d", parm->index, parm->refcnt,
+ if (tb[TCA_ACT_BPF_ID])
+ dump_ok = bpf_dump_prog_info(f, rta_getattr_u32(tb[TCA_ACT_BPF_ID]));
+ if (!dump_ok && tb[TCA_ACT_BPF_TAG]) {
+ SPRINT_BUF(b);
+
+ fprintf(f, "tag %s ",
+ hexstring_n2a(RTA_DATA(tb[TCA_ACT_BPF_TAG]),
+ RTA_PAYLOAD(tb[TCA_ACT_BPF_TAG]),
+ b, sizeof(b)));
+ }
+
+ print_action_control(f, "default-action ", parm->action, "\n");
+ fprintf(f, "\tindex %u ref %d bind %d", parm->index, parm->refcnt,
parm->bindcnt);
if (show_stats) {
if (tb[TCA_ACT_BPF_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_ACT_BPF_TM]);
+
print_tm(f, tm);
}
}
diff --git a/tc/m_connmark.c b/tc/m_connmark.c
index 6974c9b..37d7185 100644
--- a/tc/m_connmark.c
+++ b/tc/m_connmark.c
@@ -27,10 +27,11 @@
static void
explain(void)
{
- fprintf(stderr, "Usage: ... connmark [zone ZONE] [BRANCH] [index <INDEX>]\n");
+ fprintf(stderr, "Usage: ... connmark [zone ZONE] [CONTROL] [index <INDEX>]\n");
fprintf(stderr, "where :\n"
"\tZONE is the conntrack zone\n"
- "\tBRANCH := reclassify|pipe|drop|continue|ok\n");
+ "\tCONTROL := reclassify | pipe | drop | continue | ok |\n"
+ "\t goto chain <CHAIN_INDEX>\n");
}
static void
@@ -80,31 +81,7 @@
}
}
- sel.action = TC_ACT_PIPE;
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- sel.action = TC_ACT_RECLASSIFY;
- argc--;
- argv++;
- } else if (matches(*argv, "pipe") == 0) {
- sel.action = TC_ACT_PIPE;
- argc--;
- argv++;
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- sel.action = TC_ACT_SHOT;
- argc--;
- argv++;
- } else if (matches(*argv, "continue") == 0) {
- sel.action = TC_ACT_UNSPEC;
- argc--;
- argv++;
- } else if (matches(*argv, "pass") == 0) {
- sel.action = TC_ACT_OK;
- argc--;
- argv++;
- }
- }
+ parse_action_control_dflt(&argc, &argv, &sel.action, false, TC_ACT_PIPE);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -145,12 +122,13 @@
ci = RTA_DATA(tb[TCA_CONNMARK_PARMS]);
fprintf(f, " connmark zone %d\n", ci->zone);
- fprintf(f, "\t index %d ref %d bind %d", ci->index,
+ fprintf(f, "\t index %u ref %d bind %d", ci->index,
ci->refcnt, ci->bindcnt);
if (show_stats) {
if (tb[TCA_CONNMARK_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_CONNMARK_TM]);
+
print_tm(f, tm);
}
}
diff --git a/tc/m_csum.c b/tc/m_csum.c
index f7da6f0..7b15673 100644
--- a/tc/m_csum.c
+++ b/tc/m_csum.c
@@ -24,8 +24,7 @@
{
fprintf(stderr, "Usage: ... csum <UPDATE>\n"
"Where: UPDATE := <TARGET> [<UPDATE>]\n"
- " TARGET := { ip4h | icmp | igmp |"
- " tcp | udp | udplite | <SWEETS> }\n"
+ " TARGET := { ip4h | icmp | igmp | tcp | udp | udplite | sctp | <SWEETS> }\n"
" SWEETS := { and | or | \'+\' }\n");
}
@@ -45,7 +44,7 @@
if (argc <= 0)
return -1;
- while(argc > 0) {
+ while (argc > 0) {
if ((matches(*argv, "iph") == 0) ||
(matches(*argv, "ip4h") == 0) ||
(matches(*argv, "ipv4h") == 0))
@@ -66,6 +65,9 @@
else if (matches(*argv, "udplite") == 0)
sel->update_flags |= TCA_CSUM_UPDATE_FLAG_UDPLITE;
+ else if (matches(*argv, "sctp") == 0)
+ sel->update_flags |= TCA_CSUM_UPDATE_FLAG_SCTP;
+
else if ((matches(*argv, "and") == 0) ||
(matches(*argv, "or") == 0) ||
(matches(*argv, "+") == 0))
@@ -86,15 +88,13 @@
parse_csum(struct action_util *a, int *argc_p,
char ***argv_p, int tca_id, struct nlmsghdr *n)
{
- struct tc_csum sel;
+ struct tc_csum sel = {};
int argc = *argc_p;
char **argv = *argv_p;
int ok = 0;
struct rtattr *tail;
- memset(&sel, 0, sizeof(sel));
-
while (argc > 0) {
if (matches(*argv, "csum") == 0) {
NEXT_ARG();
@@ -108,8 +108,7 @@
continue;
} else if (matches(*argv, "help") == 0) {
usage();
- }
- else {
+ } else {
break;
}
}
@@ -124,30 +123,7 @@
return -1;
}
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- sel.action = TC_ACT_RECLASSIFY;
- argc--;
- argv++;
- } else if (matches(*argv, "pipe") == 0) {
- sel.action = TC_ACT_PIPE;
- argc--;
- argv++;
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- sel.action = TC_ACT_SHOT;
- argc--;
- argv++;
- } else if (matches(*argv, "continue") == 0) {
- sel.action = TC_ACT_UNSPEC;
- argc--;
- argv++;
- } else if (matches(*argv, "pass") == 0) {
- sel.action = TC_ACT_OK;
- argc--;
- argv++;
- }
- }
+ parse_action_control_dflt(&argc, &argv, &sel.action, false, TC_ACT_OK);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -174,7 +150,7 @@
}
static int
-print_csum(struct action_util *au, FILE * f, struct rtattr *arg)
+print_csum(struct action_util *au, FILE *f, struct rtattr *arg)
{
struct tc_csum *sel;
@@ -186,7 +162,7 @@
char *uflag_4 = "";
char *uflag_5 = "";
char *uflag_6 = "";
- SPRINT_BUF(action_buf);
+ char *uflag_7 = "";
int uflag_count = 0;
@@ -212,26 +188,29 @@
", " flag_string : flag_string; \
uflag_count++; \
} \
- } while(0)
+ } while (0)
CSUM_UFLAG_BUFFER(uflag_2, TCA_CSUM_UPDATE_FLAG_ICMP, "icmp");
CSUM_UFLAG_BUFFER(uflag_3, TCA_CSUM_UPDATE_FLAG_IGMP, "igmp");
CSUM_UFLAG_BUFFER(uflag_4, TCA_CSUM_UPDATE_FLAG_TCP, "tcp");
CSUM_UFLAG_BUFFER(uflag_5, TCA_CSUM_UPDATE_FLAG_UDP, "udp");
CSUM_UFLAG_BUFFER(uflag_6, TCA_CSUM_UPDATE_FLAG_UDPLITE, "udplite");
+ CSUM_UFLAG_BUFFER(uflag_7, TCA_CSUM_UPDATE_FLAG_SCTP, "sctp");
if (!uflag_count) {
uflag_1 = "?empty";
}
- fprintf(f, "csum (%s%s%s%s%s%s) action %s\n",
+ fprintf(f, "csum (%s%s%s%s%s%s%s) ",
uflag_1, uflag_2, uflag_3,
- uflag_4, uflag_5, uflag_6,
- action_n2a(sel->action, action_buf, sizeof(action_buf)));
- fprintf(f, "\tindex %d ref %d bind %d", sel->index, sel->refcnt, sel->bindcnt);
+ uflag_4, uflag_5, uflag_6, uflag_7);
+ print_action_control(f, "action ", sel->action, "\n");
+ fprintf(f, "\tindex %u ref %d bind %d", sel->index, sel->refcnt,
+ sel->bindcnt);
if (show_stats) {
if (tb[TCA_CSUM_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_CSUM_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
fprintf(f, "\n");
diff --git a/tc/m_ematch.c b/tc/m_ematch.c
index 4c3acf8..e18a395 100644
--- a/tc/m_ematch.c
+++ b/tc/m_ematch.c
@@ -33,7 +33,7 @@
/* export to bison parser */
int ematch_argc;
char **ematch_argv;
-char *ematch_err = NULL;
+char *ematch_err;
struct ematch *ematch_root;
static int begin_argc;
@@ -177,9 +177,7 @@
for (t = tree; t; t = t->next) {
struct rtattr *tail = NLMSG_TAIL(n);
- struct tcf_ematch_hdr hdr = {
- .flags = t->relation
- };
+ struct tcf_ematch_hdr hdr = { .flags = t->relation };
if (t->inverted)
hdr.flags |= TCF_EM_INVERT;
@@ -188,6 +186,7 @@
if (t->child) {
__u32 r = t->child_ref;
+
addraw_l(n, MAX_MSG, &hdr, sizeof(hdr));
addraw_l(n, MAX_MSG, &r, sizeof(r));
} else {
@@ -198,7 +197,7 @@
if (t->args == NULL)
return -1;
- strncpy(buf, (char*) t->args->data, sizeof(buf)-1);
+ strncpy(buf, (char *) t->args->data, sizeof(buf)-1);
e = get_ematch_kind(buf);
if (e == NULL) {
fprintf(stderr, "Unknown ematch \"%s\"\n",
@@ -218,7 +217,7 @@
return -1;
}
- tail->rta_len = (void*) NLMSG_TAIL(n) - (void*) tail;
+ tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
}
return 0;
@@ -353,8 +352,8 @@
if (parse_tree(n, ematch_root) < 0)
return -1;
- tail_list->rta_len = (void*) NLMSG_TAIL(n) - (void*) tail_list;
- tail->rta_len = (void*) NLMSG_TAIL(n) - (void*) tail;
+ tail_list->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail_list;
+ tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
}
*argc_p = ematch_argc;
@@ -492,7 +491,7 @@
return print_ematch_list(fd, hdr, tb[TCA_EMATCH_TREE_LIST]);
}
-struct bstr * bstr_alloc(const char *text)
+struct bstr *bstr_alloc(const char *text)
{
struct bstr *b = calloc(1, sizeof(*b));
@@ -558,6 +557,7 @@
printf(")");
} else {
struct bstr *b;
+
for (b = t->args; b; b = b->next)
printf("%s%s", b->data, b->next ? " " : "");
}
diff --git a/tc/m_estimator.c b/tc/m_estimator.c
index 3dc8624..87745cc 100644
--- a/tc/m_estimator.c
+++ b/tc/m_estimator.c
@@ -38,7 +38,7 @@
{
int argc = *p_argc;
char **argv = *p_argv;
- unsigned A, time_const;
+ unsigned int A, time_const;
NEXT_ARG();
if (est->ewma_log)
diff --git a/tc/m_gact.c b/tc/m_gact.c
index 94bd5e7..38949e9 100644
--- a/tc/m_gact.c
+++ b/tc/m_gact.c
@@ -45,17 +45,21 @@
#ifdef CONFIG_GACT_PROB
fprintf(stderr, "Usage: ... gact <ACTION> [RAND] [INDEX]\n");
fprintf(stderr,
- "Where: \tACTION := reclassify | drop | continue | pass \n"
- "\tRAND := random <RANDTYPE> <ACTION> <VAL>\n"
- "\tRANDTYPE := netrand | determ\n"
+ "Where: \tACTION := reclassify | drop | continue | pass | pipe |\n"
+ " \t goto chain <CHAIN_INDEX> | jump <JUMP_COUNT>\n"
+ "\tRAND := random <RANDTYPE> <ACTION> <VAL>\n"
+ "\tRANDTYPE := netrand | determ\n"
"\tVAL : = value not exceeding 10000\n"
+ "\tJUMP_COUNT := Absolute jump from start of action list\n"
"\tINDEX := index value used\n"
"\n");
#else
fprintf(stderr, "Usage: ... gact <ACTION> [INDEX]\n");
fprintf(stderr,
- "Where: \tACTION := reclassify | drop | continue | pass \n"
+ "Where: \tACTION := reclassify | drop | continue | pass | pipe |\n"
+ " \t goto chain <CHAIN_INDEX> | jump <JUMP_COUNT>\n"
"\tINDEX := index value used\n"
+ "\tJUMP_COUNT := Absolute jump from start of action list\n"
"\n");
#endif
}
@@ -69,68 +73,31 @@
}
static int
-get_act(char ***argv_p)
-{
- char **argv = *argv_p;
-
- if (matches(*argv, "reclassify") == 0) {
- return TC_ACT_RECLASSIFY;
- } else if (matches(*argv, "drop") == 0 || matches(*argv, "shot") == 0) {
- return TC_ACT_SHOT;
- } else if (matches(*argv, "continue") == 0) {
- return TC_ACT_UNSPEC;
- } else if (matches(*argv, "pipe") == 0) {
- return TC_ACT_PIPE;
- } else if (matches(*argv, "pass") == 0 || matches(*argv, "ok") == 0) {
- return TC_ACT_OK;
- } else {
- fprintf(stderr,"bad action type %s\n",*argv);
- return -10;
- }
-}
-
-static int
parse_gact(struct action_util *a, int *argc_p, char ***argv_p,
int tca_id, struct nlmsghdr *n)
{
int argc = *argc_p;
char **argv = *argv_p;
- int ok = 0;
- int action = TC_POLICE_RECLASSIFY;
- struct tc_gact p;
+ struct tc_gact p = { 0 };
#ifdef CONFIG_GACT_PROB
int rd = 0;
struct tc_gact_p pp;
#endif
struct rtattr *tail;
- memset(&p, 0, sizeof (p));
- p.action = TC_POLICE_RECLASSIFY;
-
if (argc < 0)
return -1;
if (matches(*argv, "gact") == 0) {
- ok++;
- } else {
- action = get_act(&argv);
- if (action != -10) {
- p.action = action;
- ok++;
- } else {
- explain();
- return action;
- }
- }
-
- if (ok) {
argc--;
argv++;
+ } else if (parse_action_control(&argc, &argv, &p.action, false) == -1) {
+ usage(); /* does not return */
}
#ifdef CONFIG_GACT_PROB
- if (ok && argc > 0) {
+ if (argc > 0) {
if (matches(*argv, "random") == 0) {
rd = 1;
NEXT_ARG();
@@ -145,21 +112,15 @@
return -1;
}
- action = get_act(&argv);
- if (action != -10) { /* FIXME */
- pp.paction = action;
- } else {
- explain();
- return -1;
- }
- argc--;
- argv++;
+ if (parse_action_control(&argc, &argv,
+ &pp.paction, false) == -1)
+ usage();
if (get_u16(&pp.pval, *argv, 10)) {
- fprintf(stderr, "Illegal probability val 0x%x\n",pp.pval);
+ fprintf(stderr, "Illegal probability val 0x%x\n", pp.pval);
return -1;
}
if (pp.pval > 10000) {
- fprintf(stderr, "Illegal probability val 0x%x\n",pp.pval);
+ fprintf(stderr, "Illegal probability val 0x%x\n", pp.pval);
return -1;
}
argc--;
@@ -179,21 +140,17 @@
}
argc--;
argv++;
- ok++;
} else if (matches(*argv, "help") == 0) {
usage();
}
}
- if (!ok)
- return -1;
-
tail = NLMSG_TAIL(n);
addattr_l(n, MAX_MSG, tca_id, NULL, 0);
- addattr_l(n, MAX_MSG, TCA_GACT_PARMS, &p, sizeof (p));
+ addattr_l(n, MAX_MSG, TCA_GACT_PARMS, &p, sizeof(p));
#ifdef CONFIG_GACT_PROB
if (rd) {
- addattr_l(n, MAX_MSG, TCA_GACT_PROB, &pp, sizeof (pp));
+ addattr_l(n, MAX_MSG, TCA_GACT_PROB, &pp, sizeof(pp));
}
#endif
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
@@ -204,11 +161,9 @@
}
static int
-print_gact(struct action_util *au,FILE * f, struct rtattr *arg)
+print_gact(struct action_util *au, FILE * f, struct rtattr *arg)
{
- SPRINT_BUF(b1);
#ifdef CONFIG_GACT_PROB
- SPRINT_BUF(b2);
struct tc_gact_p *pp = NULL;
struct tc_gact_p pp_dummy;
#endif
@@ -226,22 +181,27 @@
}
p = RTA_DATA(tb[TCA_GACT_PARMS]);
- fprintf(f, "gact action %s", action_n2a(p->action, b1, sizeof (b1)));
+ fprintf(f, "gact ");
+ print_action_control(f, "action ", p->action, "");
#ifdef CONFIG_GACT_PROB
- if (NULL != tb[TCA_GACT_PROB]) {
+ if (tb[TCA_GACT_PROB] != NULL) {
pp = RTA_DATA(tb[TCA_GACT_PROB]);
} else {
/* need to keep consistent output */
- memset(&pp_dummy, 0, sizeof (pp_dummy));
+ memset(&pp_dummy, 0, sizeof(pp_dummy));
pp = &pp_dummy;
}
- fprintf(f, "\n\t random type %s %s val %d",prob_n2a(pp->ptype), action_n2a(pp->paction, b2, sizeof (b2)), pp->pval);
+ fprintf(f, "\n\t random type %s", prob_n2a(pp->ptype));
+ print_action_control(f, " ", pp->paction, " ");
+ fprintf(f, "val %d", pp->pval);
#endif
- fprintf(f, "\n\t index %d ref %d bind %d",p->index, p->refcnt, p->bindcnt);
+ fprintf(f, "\n\t index %u ref %d bind %d", p->index, p->refcnt,
+ p->bindcnt);
if (show_stats) {
if (tb[TCA_GACT_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_GACT_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
fprintf(f, "\n ");
diff --git a/tc/m_ife.c b/tc/m_ife.c
new file mode 100644
index 0000000..8d0fd31
--- /dev/null
+++ b/tc/m_ife.c
@@ -0,0 +1,336 @@
+/*
+ * m_ife.c IFE actions module
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: J Hadi Salim (jhs@mojatatu.com)
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include <linux/netdevice.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "tc_util.h"
+#include <linux/tc_act/tc_ife.h>
+
+static void ife_explain(void)
+{
+ fprintf(stderr,
+ "Usage:... ife {decode|encode} [{ALLOW|USE} ATTR] [dst DMAC] [src SMAC] [type TYPE] [CONTROL] [index INDEX]\n");
+ fprintf(stderr,
+ "\tALLOW := Encode direction. Allows encoding specified metadata\n"
+ "\t\t e.g \"allow mark\"\n"
+ "\tUSE := Encode direction. Enforce Static encoding of specified metadata\n"
+ "\t\t e.g \"use mark 0x12\"\n"
+ "\tATTR := mark (32-bit), prio (32-bit), tcindex (16-bit)\n"
+ "\tDMAC := 6 byte Destination MAC address to encode\n"
+ "\tSMAC := optional 6 byte Source MAC address to encode\n"
+ "\tTYPE := optional 16 bit ethertype to encode\n"
+ "\tCONTROL := reclassify|pipe|drop|continue|ok\n"
+ "\tINDEX := optional IFE table index value used\n");
+ fprintf(stderr, "encode is used for sending IFE packets\n");
+ fprintf(stderr, "decode is used for receiving IFE packets\n");
+}
+
+static void ife_usage(void)
+{
+ ife_explain();
+ exit(-1);
+}
+
+static int parse_ife(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
+{
+ int argc = *argc_p;
+ char **argv = *argv_p;
+ int ok = 0;
+ struct tc_ife p = { 0 };
+ struct rtattr *tail;
+ struct rtattr *tail2;
+ char dbuf[ETH_ALEN];
+ char sbuf[ETH_ALEN];
+ __u16 ife_type = 0;
+ int user_type = 0;
+ __u32 ife_prio = 0;
+ __u32 ife_prio_v = 0;
+ __u32 ife_mark = 0;
+ __u32 ife_mark_v = 0;
+ __u16 ife_tcindex = 0;
+ __u16 ife_tcindex_v = 0;
+ char *daddr = NULL;
+ char *saddr = NULL;
+
+ if (argc <= 0)
+ return -1;
+
+ while (argc > 0) {
+ if (matches(*argv, "ife") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "decode") == 0) {
+ p.flags = IFE_DECODE; /* readability aid */
+ ok++;
+ } else if (matches(*argv, "encode") == 0) {
+ p.flags = IFE_ENCODE;
+ ok++;
+ } else if (matches(*argv, "allow") == 0) {
+ NEXT_ARG();
+ if (matches(*argv, "mark") == 0) {
+ ife_mark = IFE_META_SKBMARK;
+ } else if (matches(*argv, "prio") == 0) {
+ ife_prio = IFE_META_PRIO;
+ } else if (matches(*argv, "tcindex") == 0) {
+ ife_tcindex = IFE_META_TCINDEX;
+ } else {
+ fprintf(stderr, "Illegal meta define <%s>\n",
+ *argv);
+ return -1;
+ }
+ } else if (matches(*argv, "use") == 0) {
+ NEXT_ARG();
+ if (matches(*argv, "mark") == 0) {
+ NEXT_ARG();
+ if (get_u32(&ife_mark_v, *argv, 0))
+ invarg("ife mark val is invalid",
+ *argv);
+ } else if (matches(*argv, "prio") == 0) {
+ NEXT_ARG();
+ if (get_u32(&ife_prio_v, *argv, 0))
+ invarg("ife prio val is invalid",
+ *argv);
+ } else if (matches(*argv, "tcindex") == 0) {
+ NEXT_ARG();
+ if (get_u16(&ife_tcindex_v, *argv, 0))
+ invarg("ife tcindex val is invalid",
+ *argv);
+ } else {
+ fprintf(stderr, "Illegal meta use type <%s>\n",
+ *argv);
+ return -1;
+ }
+ } else if (matches(*argv, "type") == 0) {
+ NEXT_ARG();
+ if (get_u16(&ife_type, *argv, 0))
+ invarg("ife type is invalid", *argv);
+ fprintf(stderr, "IFE type 0x%04X\n", ife_type);
+ user_type = 1;
+ } else if (matches(*argv, "dst") == 0) {
+ NEXT_ARG();
+ daddr = *argv;
+ if (sscanf(daddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ dbuf, dbuf + 1, dbuf + 2,
+ dbuf + 3, dbuf + 4, dbuf + 5) != 6) {
+ fprintf(stderr, "Invalid mac address %s\n",
+ daddr);
+ }
+ fprintf(stderr, "dst MAC address <%s>\n", daddr);
+
+ } else if (matches(*argv, "src") == 0) {
+ NEXT_ARG();
+ saddr = *argv;
+ if (sscanf(saddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ sbuf, sbuf + 1, sbuf + 2,
+ sbuf + 3, sbuf + 4, sbuf + 5) != 6) {
+ fprintf(stderr, "Invalid mac address %s\n",
+ saddr);
+ }
+ fprintf(stderr, "src MAC address <%s>\n", saddr);
+ } else if (matches(*argv, "help") == 0) {
+ ife_usage();
+ } else {
+ break;
+ }
+
+ argc--;
+ argv++;
+ }
+
+ parse_action_control_dflt(&argc, &argv, &p.action, false, TC_ACT_PIPE);
+
+ if (argc) {
+ if (matches(*argv, "index") == 0) {
+ NEXT_ARG();
+ if (get_u32(&p.index, *argv, 0)) {
+ fprintf(stderr, "ife: Illegal \"index\"\n");
+ return -1;
+ }
+ ok++;
+ argc--;
+ argv++;
+ }
+ }
+
+ if (!ok) {
+ fprintf(stderr, "IFE requires decode/encode specified\n");
+ ife_usage();
+ }
+
+ tail = NLMSG_TAIL(n);
+ addattr_l(n, MAX_MSG, tca_id, NULL, 0);
+ addattr_l(n, MAX_MSG, TCA_IFE_PARMS, &p, sizeof(p));
+
+ if (!(p.flags & IFE_ENCODE))
+ goto skip_encode;
+
+ if (daddr)
+ addattr_l(n, MAX_MSG, TCA_IFE_DMAC, dbuf, ETH_ALEN);
+ if (user_type)
+ addattr_l(n, MAX_MSG, TCA_IFE_TYPE, &ife_type, 2);
+ else
+ fprintf(stderr, "IFE type 0x%04X\n", ETH_P_IFE);
+ if (saddr)
+ addattr_l(n, MAX_MSG, TCA_IFE_SMAC, sbuf, ETH_ALEN);
+
+ tail2 = NLMSG_TAIL(n);
+ addattr_l(n, MAX_MSG, TCA_IFE_METALST, NULL, 0);
+ if (ife_mark || ife_mark_v) {
+ if (ife_mark_v)
+ addattr_l(n, MAX_MSG, IFE_META_SKBMARK, &ife_mark_v, 4);
+ else
+ addattr_l(n, MAX_MSG, IFE_META_SKBMARK, NULL, 0);
+ }
+ if (ife_prio || ife_prio_v) {
+ if (ife_prio_v)
+ addattr_l(n, MAX_MSG, IFE_META_PRIO, &ife_prio_v, 4);
+ else
+ addattr_l(n, MAX_MSG, IFE_META_PRIO, NULL, 0);
+ }
+ if (ife_tcindex || ife_tcindex_v) {
+ if (ife_tcindex_v)
+ addattr_l(n, MAX_MSG, IFE_META_TCINDEX, &ife_tcindex_v,
+ 2);
+ else
+ addattr_l(n, MAX_MSG, IFE_META_TCINDEX, NULL, 0);
+ }
+
+ tail2->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail2;
+
+skip_encode:
+ tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
+
+ *argc_p = argc;
+ *argv_p = argv;
+ return 0;
+}
+
+static int print_ife(struct action_util *au, FILE *f, struct rtattr *arg)
+{
+ struct tc_ife *p = NULL;
+ struct rtattr *tb[TCA_IFE_MAX + 1];
+ __u16 ife_type = 0;
+ __u32 mmark = 0;
+ __u16 mtcindex = 0;
+ __u32 mprio = 0;
+ int has_optional = 0;
+ SPRINT_BUF(b2);
+
+ if (arg == NULL)
+ return -1;
+
+ parse_rtattr_nested(tb, TCA_IFE_MAX, arg);
+
+ if (tb[TCA_IFE_PARMS] == NULL) {
+ fprintf(f, "[NULL ife parameters]");
+ return -1;
+ }
+ p = RTA_DATA(tb[TCA_IFE_PARMS]);
+
+ fprintf(f, "ife %s ", p->flags & IFE_ENCODE ? "encode" : "decode");
+ print_action_control(f, "action ", p->action, " ");
+
+ if (tb[TCA_IFE_TYPE]) {
+ ife_type = rta_getattr_u16(tb[TCA_IFE_TYPE]);
+ has_optional = 1;
+ fprintf(f, "type 0x%X ", ife_type);
+ }
+
+ if (has_optional)
+ fprintf(f, "\n\t ");
+
+ if (tb[TCA_IFE_METALST]) {
+ struct rtattr *metalist[IFE_META_MAX + 1];
+ int len = 0;
+
+ parse_rtattr_nested(metalist, IFE_META_MAX,
+ tb[TCA_IFE_METALST]);
+
+ if (metalist[IFE_META_SKBMARK]) {
+ len = RTA_PAYLOAD(metalist[IFE_META_SKBMARK]);
+ if (len) {
+ mmark = rta_getattr_u32(metalist[IFE_META_SKBMARK]);
+ fprintf(f, "use mark %u ", mmark);
+ } else
+ fprintf(f, "allow mark ");
+ }
+
+ if (metalist[IFE_META_TCINDEX]) {
+ len = RTA_PAYLOAD(metalist[IFE_META_TCINDEX]);
+ if (len) {
+ mtcindex =
+ rta_getattr_u16(metalist[IFE_META_TCINDEX]);
+ fprintf(f, "use tcindex %d ", mtcindex);
+ } else
+ fprintf(f, "allow tcindex ");
+ }
+
+ if (metalist[IFE_META_PRIO]) {
+ len = RTA_PAYLOAD(metalist[IFE_META_PRIO]);
+ if (len) {
+ mprio = rta_getattr_u32(metalist[IFE_META_PRIO]);
+ fprintf(f, "use prio %u ", mprio);
+ } else
+ fprintf(f, "allow prio ");
+ }
+
+ }
+
+ if (tb[TCA_IFE_DMAC]) {
+ has_optional = 1;
+ fprintf(f, "dst %s ",
+ ll_addr_n2a(RTA_DATA(tb[TCA_IFE_DMAC]),
+ RTA_PAYLOAD(tb[TCA_IFE_DMAC]), 0, b2,
+ sizeof(b2)));
+
+ }
+
+ if (tb[TCA_IFE_SMAC]) {
+ has_optional = 1;
+ fprintf(f, "src %s ",
+ ll_addr_n2a(RTA_DATA(tb[TCA_IFE_SMAC]),
+ RTA_PAYLOAD(tb[TCA_IFE_SMAC]), 0, b2,
+ sizeof(b2)));
+ }
+
+ fprintf(f, "\n\t index %u ref %d bind %d", p->index, p->refcnt,
+ p->bindcnt);
+ if (show_stats) {
+ if (tb[TCA_IFE_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_IFE_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+
+ fprintf(f, "\n");
+
+ return 0;
+}
+
+struct action_util ife_action_util = {
+ .id = "ife",
+ .parse_aopt = parse_ife,
+ .print_aopt = print_ife,
+};
diff --git a/tc/m_ipt.c b/tc/m_ipt.c
index 948becb..1b935ec 100644
--- a/tc/m_ipt.c
+++ b/tc/m_ipt.c
@@ -14,7 +14,6 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <linux/if.h>
#include <iptables.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_tables.h>
@@ -51,40 +50,29 @@
{0, 0, 0, 0}
};
-static struct iptables_target *t_list = NULL;
+static struct xtables_target *t_list;
static struct option *opts = original_opts;
-static unsigned int global_option_offset = 0;
+static unsigned int global_option_offset;
#define OPTION_OFFSET 256
char *lib_dir;
void
-register_target(struct iptables_target *me)
+xtables_register_target(struct xtables_target *me)
{
-/* fprintf(stderr, "\nDummy register_target %s \n", me->name);
-*/
me->next = t_list;
t_list = me;
}
-void
-xtables_register_target(struct iptables_target *me)
-{
- me->next = t_list;
- t_list = me;
-}
-
-void
-exit_tryhelp(int status)
+static void exit_tryhelp(int status)
{
fprintf(stderr, "Try `%s -h' or '%s --help' for more information.\n",
pname, pname);
exit(status);
}
-void
-exit_error(enum exittype status, char *msg, ...)
+static void exit_error(enum xtables_exittype status, char *msg, ...)
{
va_list args;
@@ -106,61 +94,6 @@
Email them next time i remember
*/
-char *
-addr_to_dotted(const struct in_addr *addrp)
-{
- static char buf[20];
- const unsigned char *bytep;
-
- bytep = (const unsigned char *) &(addrp->s_addr);
- sprintf(buf, "%d.%d.%d.%d", bytep[0], bytep[1], bytep[2], bytep[3]);
- return buf;
-}
-
-int string_to_number_ll(const char *s, unsigned long long min,
- unsigned long long max,
- unsigned long long *ret)
-{
- unsigned long long number;
- char *end;
-
- /* Handle hex, octal, etc. */
- errno = 0;
- number = strtoull(s, &end, 0);
- if (*end == '\0' && end != s) {
- /* we parsed a number, let's see if we want this */
- if (errno != ERANGE && min <= number && (!max || number <= max)) {
- *ret = number;
- return 0;
- }
- }
- return -1;
-}
-
-int string_to_number_l(const char *s, unsigned long min, unsigned long max,
- unsigned long *ret)
-{
- int result;
- unsigned long long number;
-
- result = string_to_number_ll(s, min, max, &number);
- *ret = (unsigned long)number;
-
- return result;
-}
-
-int string_to_number(const char *s, unsigned int min, unsigned int max,
- unsigned int *ret)
-{
- int result;
- unsigned long number;
-
- result = string_to_number_l(s, min, max, &number);
- *ret = (unsigned int)number;
-
- return result;
-}
-
static void free_opts(struct option *local_opts)
{
if (local_opts != original_opts) {
@@ -177,18 +110,18 @@
struct option *merge;
unsigned int num_old, num_new, i;
- for (num_old = 0; oldopts[num_old].name; num_old++) ;
- for (num_new = 0; newopts[num_new].name; num_new++) ;
+ for (num_old = 0; oldopts[num_old].name; num_old++);
+ for (num_new = 0; newopts[num_new].name; num_new++);
*option_offset = global_option_offset + OPTION_OFFSET;
- merge = malloc(sizeof (struct option) * (num_new + num_old + 1));
- memcpy(merge, oldopts, num_old * sizeof (struct option));
+ merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
+ memcpy(merge, oldopts, num_old * sizeof(struct option));
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
merge[num_old + i].val += *option_offset;
}
- memset(merge + num_old + num_new, 0, sizeof (struct option));
+ memset(merge + num_old + num_new, 0, sizeof(struct option));
return merge;
}
@@ -205,10 +138,11 @@
return p;
}
-static struct iptables_target *
+static struct xtables_target *
find_t(char *name)
{
- struct iptables_target *m;
+ struct xtables_target *m;
+
for (m = t_list; m; m = m->next) {
if (strcmp(m->name, name) == 0)
return m;
@@ -217,29 +151,24 @@
return NULL;
}
-static struct iptables_target *
+static struct xtables_target *
get_target_name(const char *name)
{
void *handle;
char *error;
char *new_name, *lname;
- struct iptables_target *m;
- char path[strlen(lib_dir) + sizeof ("/libipt_.so") + strlen(name)];
+ struct xtables_target *m;
+ char path[strlen(lib_dir) + sizeof("/libipt_.so") + strlen(name)];
#ifdef NO_SHARED_LIBS
return NULL;
#endif
- new_name = malloc(strlen(name) + 1);
- lname = malloc(strlen(name) + 1);
- if (new_name)
- memset(new_name, '\0', strlen(name) + 1);
- else
+ new_name = calloc(1, strlen(name) + 1);
+ lname = calloc(1, strlen(name) + 1);
+ if (!new_name)
exit_error(PARAMETER_PROBLEM, "get_target_name");
-
- if (lname)
- memset(lname, '\0', strlen(name) + 1);
- else
+ if (!lname)
exit_error(PARAMETER_PROBLEM, "get_target_name");
strcpy(new_name, name);
@@ -247,6 +176,7 @@
if (isupper(lname[0])) {
int i;
+
for (i = 0; i < strlen(name); i++) {
lname[i] = tolower(lname[i]);
}
@@ -254,6 +184,7 @@
if (islower(new_name[0])) {
int i;
+
for (i = 0; i < strlen(new_name); i++) {
new_name[i] = toupper(new_name[i]);
}
@@ -268,12 +199,12 @@
handle = dlopen(path, RTLD_LAZY);
if (!handle) {
- sprintf(path, "%s/libxt_%s.so", lib_dir , lname);
+ sprintf(path, "%s/libxt_%s.so", lib_dir, lname);
handle = dlopen(path, RTLD_LAZY);
}
if (!handle) {
- sprintf(path, "%s/libipt_%s.so", lib_dir , lname);
+ sprintf(path, "%s/libipt_%s.so", lib_dir, lname);
handle = dlopen(path, RTLD_LAZY);
}
/* ok, lets give up .. */
@@ -288,12 +219,12 @@
m = dlsym(handle, new_name);
if ((error = dlerror()) != NULL) {
- m = (struct iptables_target *) dlsym(handle, lname);
+ m = (struct xtables_target *) dlsym(handle, lname);
if ((error = dlerror()) != NULL) {
m = find_t(new_name);
- if (NULL == m) {
+ if (m == NULL) {
m = find_t(lname);
- if (NULL == m) {
+ if (m == NULL) {
fputs(error, stderr);
fprintf(stderr, "\n");
dlclose(handle);
@@ -310,42 +241,6 @@
return m;
}
-
-struct in_addr *dotted_to_addr(const char *dotted)
-{
- static struct in_addr addr;
- unsigned char *addrp;
- char *p, *q;
- unsigned int onebyte;
- int i;
- char buf[20];
-
- /* copy dotted string, because we need to modify it */
- strncpy(buf, dotted, sizeof (buf) - 1);
- addrp = (unsigned char *) &(addr.s_addr);
-
- p = buf;
- for (i = 0; i < 3; i++) {
- if ((q = strchr(p, '.')) == NULL)
- return (struct in_addr *) NULL;
-
- *q = '\0';
- if (string_to_number(p, 0, 255, &onebyte) == -1)
- return (struct in_addr *) NULL;
-
- addrp[i] = (unsigned char) onebyte;
- p = q + 1;
- }
-
- /* we've checked 3 bytes, now we check the last one */
- if (string_to_number(p, 0, 255, &onebyte) == -1)
- return (struct in_addr *) NULL;
-
- addrp[3] = (unsigned char) onebyte;
-
- return &addr;
-}
-
static void set_revision(char *name, u_int8_t revision)
{
/* Old kernel sources don't have ".revision" field,
@@ -357,23 +252,20 @@
/*
* we may need to check for version mismatch
*/
-int
-build_st(struct iptables_target *target, struct ipt_entry_target *t)
+static int build_st(struct xtables_target *target, struct ipt_entry_target *t)
{
- unsigned int nfcache = 0;
-
if (target) {
size_t size;
size =
- IPT_ALIGN(sizeof (struct ipt_entry_target)) + target->size;
+ XT_ALIGN(sizeof(struct ipt_entry_target)) + target->size;
- if (NULL == t) {
+ if (t == NULL) {
target->t = fw_calloc(1, size);
target->t->u.target_size = size;
if (target->init != NULL)
- target->init(target->t, &nfcache);
+ target->init(target->t);
set_revision(target->t->u.user.name, target->revision);
} else {
target->t = t;
@@ -385,10 +277,10 @@
return -1;
}
-static int parse_ipt(struct action_util *a,int *argc_p,
+static int parse_ipt(struct action_util *a, int *argc_p,
char ***argv_p, int tca_id, struct nlmsghdr *n)
{
- struct iptables_target *m = NULL;
+ struct xtables_target *m = NULL;
struct ipt_entry fw;
struct rtattr *tail;
int c;
@@ -406,6 +298,7 @@
{
int i;
+
for (i = 0; i < rargc; i++) {
if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) {
break;
@@ -415,7 +308,7 @@
}
if (argc <= 2) {
- fprintf(stderr,"bad arguments to ipt %d vs %d \n", argc, rargc);
+ fprintf(stderr, "bad arguments to ipt %d vs %d\n", argc, rargc);
return -1;
}
@@ -426,29 +319,29 @@
switch (c) {
case 'j':
m = get_target_name(optarg);
- if (NULL != m) {
+ if (m != NULL) {
- if (0 > build_st(m, NULL)) {
- printf(" %s error \n", m->name);
+ if (build_st(m, NULL) < 0) {
+ printf(" %s error\n", m->name);
return -1;
}
opts =
merge_options(opts, m->extra_opts,
&m->option_offset);
} else {
- fprintf(stderr," failed to find target %s\n\n", optarg);
+ fprintf(stderr, " failed to find target %s\n\n", optarg);
return -1;
}
ok++;
break;
default:
- memset(&fw, 0, sizeof (fw));
+ memset(&fw, 0, sizeof(fw));
if (m) {
m->parse(c - m->option_offset, argv, 0,
&m->tflags, NULL, &m->t);
} else {
- fprintf(stderr," failed to find target %s\n\n", optarg);
+ fprintf(stderr, " failed to find target %s\n\n", optarg);
return -1;
}
@@ -472,7 +365,7 @@
}
if (!ok && !iok) {
- fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv);
+ fprintf(stderr, " ipt Parser BAD!! (%s)\n", *argv);
return -1;
}
@@ -482,6 +375,7 @@
{
struct tcmsg *t = NLMSG_DATA(n);
+
if (t->tcm_parent != TC_H_ROOT
&& t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) {
hook = NF_IP_PRE_ROUTING;
@@ -522,11 +416,11 @@
optind = 0;
free_opts(opts);
/* Clear flags if target will be used again */
- m->tflags=0;
- m->used=0;
+ m->tflags = 0;
+ m->used = 0;
/* Free allocated memory */
- if (m->t)
- free(m->t);
+ if (m->t)
+ free(m->t);
return 0;
@@ -534,7 +428,7 @@
}
static int
-print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
+print_ipt(struct action_util *au, FILE * f, struct rtattr *arg)
{
struct rtattr *tb[TCA_IPT_MAX + 1];
struct ipt_entry_target *t = NULL;
@@ -560,20 +454,22 @@
return -1;
} else {
__u32 hook;
+
hook = rta_getattr_u32(tb[TCA_IPT_HOOK]);
- fprintf(f, " hook: %s \n", ipthooks[hook]);
+ fprintf(f, " hook: %s\n", ipthooks[hook]);
}
if (tb[TCA_IPT_TARG] == NULL) {
- fprintf(f, "\t[NULL ipt target parameters ] \n");
+ fprintf(f, "\t[NULL ipt target parameters ]\n");
return -1;
} else {
- struct iptables_target *m = NULL;
+ struct xtables_target *m = NULL;
+
t = RTA_DATA(tb[TCA_IPT_TARG]);
m = get_target_name(t->u.user.name);
- if (NULL != m) {
- if (0 > build_st(m, t)) {
- fprintf(stderr, " %s error \n", m->name);
+ if (m != NULL) {
+ if (build_st(m, t) < 0) {
+ fprintf(stderr, " %s error\n", m->name);
return -1;
}
@@ -591,21 +487,24 @@
fprintf(f, " [NULL ipt target index ]\n");
} else {
__u32 index;
+
index = rta_getattr_u32(tb[TCA_IPT_INDEX]);
- fprintf(f, " \n\tindex %d", index);
+ fprintf(f, "\n\tindex %u", index);
}
if (tb[TCA_IPT_CNT]) {
- struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);;
+ struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);
+
fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt);
}
if (show_stats) {
if (tb[TCA_IPT_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
- fprintf(f, " \n");
+ fprintf(f, "\n");
}
free_opts(opts);
@@ -614,7 +513,7 @@
}
struct action_util ipt_action_util = {
- .id = "ipt",
- .parse_aopt = parse_ipt,
- .print_aopt = print_ipt,
+ .id = "ipt",
+ .parse_aopt = parse_ipt,
+ .print_aopt = print_ipt,
};
diff --git a/tc/m_mirred.c b/tc/m_mirred.c
index dc231d7..2384bda 100644
--- a/tc/m_mirred.c
+++ b/tc/m_mirred.c
@@ -29,12 +29,12 @@
static void
explain(void)
{
- fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME> \n");
- fprintf(stderr, "where: \n");
+ fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME>\n");
+ fprintf(stderr, "where:\n");
fprintf(stderr, "\tDIRECTION := <ingress | egress>\n");
fprintf(stderr, "\tACTION := <mirror | redirect>\n");
fprintf(stderr, "\tINDEX is the specific policy instance id\n");
- fprintf(stderr, "\tDEVICENAME is the devicename \n");
+ fprintf(stderr, "\tDEVICENAME is the devicename\n");
}
@@ -62,25 +62,36 @@
}
static int
-parse_egress(struct action_util *a, int *argc_p, char ***argv_p,
- int tca_id, struct nlmsghdr *n)
+parse_direction(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
{
int argc = *argc_p;
char **argv = *argv_p;
- int ok = 0, iok = 0, mirror=0,redir=0;
- struct tc_mirred p;
+ int ok = 0, iok = 0, mirror = 0, redir = 0, ingress = 0, egress = 0;
+ struct tc_mirred p = {};
struct rtattr *tail;
- char d[16];
-
- memset(d,0,sizeof(d)-1);
- memset(&p,0,sizeof(struct tc_mirred));
+ char d[16] = {};
while (argc > 0) {
if (matches(*argv, "action") == 0) {
break;
- } else if (matches(*argv, "egress") == 0) {
+ } else if (!egress && matches(*argv, "egress") == 0) {
+ egress = 1;
+ if (ingress) {
+ fprintf(stderr, "Can't have both egress and ingress\n");
+ return -1;
+ }
+ NEXT_ARG();
+ ok++;
+ continue;
+ } else if (!ingress && matches(*argv, "ingress") == 0) {
+ ingress = 1;
+ if (egress) {
+ fprintf(stderr, "Can't have both ingress and egress\n");
+ return -1;
+ }
NEXT_ARG();
ok++;
continue;
@@ -98,26 +109,28 @@
argv++;
break;
}
- } else if(!ok) {
- fprintf(stderr, "was expecting egress (%s)\n", *argv);
+ } else if (!ok) {
+ fprintf(stderr, "was expecting egress or ingress (%s)\n", *argv);
break;
} else if (!mirror && matches(*argv, "mirror") == 0) {
- mirror=1;
+ mirror = 1;
if (redir) {
fprintf(stderr, "Can't have both mirror and redir\n");
return -1;
}
- p.eaction = TCA_EGRESS_MIRROR;
+ p.eaction = egress ? TCA_EGRESS_MIRROR :
+ TCA_INGRESS_MIRROR;
p.action = TC_ACT_PIPE;
ok++;
} else if (!redir && matches(*argv, "redirect") == 0) {
- redir=1;
+ redir = 1;
if (mirror) {
fprintf(stderr, "Can't have both mirror and redir\n");
return -1;
}
- p.eaction = TCA_EGRESS_REDIR;
+ p.eaction = egress ? TCA_EGRESS_REDIR :
+ TCA_INGRESS_REDIR;
p.action = TC_ACT_STOLEN;
ok++;
} else if ((redir || mirror) && matches(*argv, "dev") == 0) {
@@ -145,6 +158,7 @@
if (d[0]) {
int idx;
+
ll_init_map(&rth);
if ((idx = ll_name_to_index(d)) == 0) {
@@ -156,27 +170,8 @@
}
- if (argc && p.eaction == TCA_EGRESS_MIRROR) {
-
- if (matches(*argv, "reclassify") == 0) {
- p.action = TC_POLICE_RECLASSIFY;
- NEXT_ARG();
- } else if (matches(*argv, "pipe") == 0) {
- p.action = TC_POLICE_PIPE;
- NEXT_ARG();
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- p.action = TC_POLICE_SHOT;
- NEXT_ARG();
- } else if (matches(*argv, "continue") == 0) {
- p.action = TC_POLICE_UNSPEC;
- NEXT_ARG();
- } else if (matches(*argv, "pass") == 0) {
- p.action = TC_POLICE_OK;
- NEXT_ARG();
- }
-
- }
+ if (p.eaction == TCA_EGRESS_MIRROR || p.eaction == TCA_INGRESS_MIRROR)
+ parse_action_control(&argc, &argv, &p.action, false);
if (argc) {
if (iok && matches(*argv, "index") == 0) {
@@ -197,7 +192,7 @@
tail = NLMSG_TAIL(n);
addattr_l(n, MAX_MSG, tca_id, NULL, 0);
- addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof (p));
+ addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof(p));
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
*argc_p = argc;
@@ -215,32 +210,32 @@
char **argv = *argv_p;
if (argc < 0) {
- fprintf(stderr,"mirred bad argument count %d\n", argc);
+ fprintf(stderr, "mirred bad argument count %d\n", argc);
return -1;
}
if (matches(*argv, "mirred") == 0) {
NEXT_ARG();
} else {
- fprintf(stderr,"mirred bad argument %s\n", *argv);
+ fprintf(stderr, "mirred bad argument %s\n", *argv);
return -1;
}
- if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) {
- int ret = parse_egress(a, &argc, &argv, tca_id, n);
+ if (matches(*argv, "egress") == 0 || matches(*argv, "ingress") == 0 ||
+ matches(*argv, "index") == 0) {
+ int ret = parse_direction(a, &argc, &argv, tca_id, n);
+
if (ret == 0) {
*argc_p = argc;
*argv_p = argv;
return 0;
}
- } else if (matches(*argv, "ingress") == 0) {
- fprintf(stderr,"mirred ingress not supported at the moment\n");
} else if (matches(*argv, "help") == 0) {
usage();
} else {
- fprintf(stderr,"mirred option not supported %s\n", *argv);
+ fprintf(stderr, "mirred option not supported %s\n", *argv);
}
return -1;
@@ -248,12 +243,11 @@
}
static int
-print_mirred(struct action_util *au,FILE * f, struct rtattr *arg)
+print_mirred(struct action_util *au, FILE * f, struct rtattr *arg)
{
struct tc_mirred *p;
struct rtattr *tb[TCA_MIRRED_MAX + 1];
const char *dev;
- SPRINT_BUF(b1);
if (arg == NULL)
return -1;
@@ -276,15 +270,18 @@
return -1;
}
- fprintf(f, "mirred (%s to device %s) %s", mirred_n2a(p->eaction), dev,action_n2a(p->action, b1, sizeof (b1)));
+ fprintf(f, "mirred (%s to device %s)", mirred_n2a(p->eaction), dev);
+ print_action_control(f, " ", p->action, "");
fprintf(f, "\n ");
- fprintf(f, "\tindex %d ref %d bind %d",p->index,p->refcnt,p->bindcnt);
+ fprintf(f, "\tindex %u ref %d bind %d", p->index, p->refcnt,
+ p->bindcnt);
if (show_stats) {
if (tb[TCA_MIRRED_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
fprintf(f, "\n ");
diff --git a/tc/m_nat.c b/tc/m_nat.c
index d502a81..31b68fb 100644
--- a/tc/m_nat.c
+++ b/tc/m_nat.c
@@ -41,7 +41,7 @@
}
static int
-parse_nat_args(int *argc_p, char ***argv_p,struct tc_nat *sel)
+parse_nat_args(int *argc_p, char ***argv_p, struct tc_nat *sel)
{
int argc = *argc_p;
char **argv = *argv_p;
@@ -84,20 +84,18 @@
static int
parse_nat(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
{
- struct tc_nat sel;
+ struct tc_nat sel = {};
int argc = *argc_p;
char **argv = *argv_p;
int ok = 0;
struct rtattr *tail;
- memset(&sel, 0, sizeof(sel));
-
while (argc > 0) {
if (matches(*argv, "nat") == 0) {
NEXT_ARG();
if (parse_nat_args(&argc, &argv, &sel)) {
- fprintf(stderr, "Illegal nat construct (%s) \n",
+ fprintf(stderr, "Illegal nat construct (%s)\n",
*argv);
explain();
return -1;
@@ -117,30 +115,7 @@
return -1;
}
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- sel.action = TC_ACT_RECLASSIFY;
- argc--;
- argv++;
- } else if (matches(*argv, "pipe") == 0) {
- sel.action = TC_ACT_PIPE;
- argc--;
- argv++;
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- sel.action = TC_ACT_SHOT;
- argc--;
- argv++;
- } else if (matches(*argv, "continue") == 0) {
- sel.action = TC_ACT_UNSPEC;
- argc--;
- argv++;
- } else if (matches(*argv, "pass") == 0) {
- sel.action = TC_ACT_OK;
- argc--;
- argv++;
- }
- }
+ parse_action_control_dflt(&argc, &argv, &sel.action, false, TC_ACT_OK);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -165,13 +140,13 @@
}
static int
-print_nat(struct action_util *au,FILE * f, struct rtattr *arg)
+print_nat(struct action_util *au, FILE * f, struct rtattr *arg)
{
struct tc_nat *sel;
struct rtattr *tb[TCA_NAT_MAX + 1];
char buf1[256];
char buf2[256];
- SPRINT_BUF(buf3);
+
int len;
if (arg == NULL)
@@ -188,17 +163,18 @@
len = ffs(sel->mask);
len = len ? 33 - len : 0;
- fprintf(f, " nat %s %s/%d %s %s", sel->flags & TCA_NAT_FLAG_EGRESS ?
- "egress" : "ingress",
- format_host(AF_INET, 4, &sel->old_addr, buf1, sizeof(buf1)),
+ fprintf(f, " nat %s %s/%d %s", sel->flags & TCA_NAT_FLAG_EGRESS ?
+ "egress" : "ingress",
+ format_host_r(AF_INET, 4, &sel->old_addr, buf1, sizeof(buf1)),
len,
- format_host(AF_INET, 4, &sel->new_addr, buf2, sizeof(buf2)),
- action_n2a(sel->action, buf3, sizeof (buf3)));
+ format_host_r(AF_INET, 4, &sel->new_addr, buf2, sizeof(buf2)));
+ print_action_control(f, " ", sel->action, "");
if (show_stats) {
if (tb[TCA_NAT_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_NAT_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
diff --git a/tc/m_pedit.c b/tc/m_pedit.c
index 4fdd189..5d89ab1 100644
--- a/tc/m_pedit.c
+++ b/tc/m_pedit.c
@@ -28,45 +28,48 @@
#include "utils.h"
#include "tc_util.h"
#include "m_pedit.h"
+#include "rt_names.h"
static struct m_pedit_util *pedit_list;
static int pedit_debug;
-static void
-explain(void)
+static void explain(void)
{
- fprintf(stderr, "Usage: ... pedit munge <MUNGE>\n");
+ fprintf(stderr, "Usage: ... pedit munge [ex] <MUNGE> [CONTROL]\n");
fprintf(stderr,
"Where: MUNGE := <RAW>|<LAYERED>\n"
- "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n "
- "\t\tOFFSETC:= offset <offval> <u8|u16|u32>\n "
- "\t\tATC:= at <atval> offmask <maskval> shift <shiftval>\n "
- "\t\tNOTE: offval is byte offset, must be multiple of 4\n "
- "\t\tNOTE: maskval is a 32 bit hex number\n "
- "\t\tNOTE: shiftval is a is a shift value\n "
- "\t\tCMD:= clear | invert | set <setval>| retain\n "
- "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data> \n "
- " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata> \n"
+ "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n \t\tOFFSETC:= offset <offval> <u8|u16|u32>\n"
+ "\t\tATC:= at <atval> offmask <maskval> shift <shiftval>\n"
+ "\t\tNOTE: offval is byte offset, must be multiple of 4\n"
+ "\t\tNOTE: maskval is a 32 bit hex number\n \t\tNOTE: shiftval is a shift value\n"
+ "\t\tCMD:= clear | invert | set <setval>| add <addval> | retain\n"
+ "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data>\n"
+ " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata>\n"
+ "\tCONTROL:= reclassify | pipe | drop | continue | pass |\n"
+ "\t goto chain <CHAIN_INDEX>\n"
+ "\tNOTE: if 'ex' is set, extended functionality will be supported (kernel >= 4.11)\n"
"For Example usage look at the examples directory\n");
}
-static void
-usage(void)
+static void usage(void)
{
explain();
exit(-1);
}
-static int
-pedit_parse_nopopt (int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+static int pedit_parse_nopopt(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey)
{
int argc = *argc_p;
char **argv = *argv_p;
if (argc) {
- fprintf(stderr, "Unknown action hence option \"%s\" is unparsable\n", *argv);
- return -1;
+ fprintf(stderr,
+ "Unknown action hence option \"%s\" is unparsable\n",
+ *argv);
+ return -1;
}
return 0;
@@ -78,7 +81,7 @@
static void *pBODY;
void *dlh;
char buf[256];
- struct m_pedit_util *p;
+ struct m_pedit_util *p;
for (p = pedit_list; p; p = p->next) {
if (strcmp(p->id, str) == 0)
@@ -107,19 +110,19 @@
return p;
noexist:
- p = malloc(sizeof(*p));
+ p = calloc(1, sizeof(*p));
if (p) {
- memset(p, 0, sizeof(*p));
- strncpy(p->id, str, sizeof(p->id)-1);
+ strncpy(p->id, str, sizeof(p->id) - 1);
p->parse_peopt = pedit_parse_nopopt;
goto reg;
}
return p;
}
-int
-pack_key(struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+int pack_key(struct m_pedit_sel *_sel, struct m_pedit_key *tkey)
{
+ struct tc_pedit_sel *sel = &_sel->sel;
+ struct m_pedit_key_ex *keys_ex = _sel->keys_ex;
int hwm = sel->nkeys;
if (hwm >= MAX_OFFS)
@@ -136,13 +139,25 @@
sel->keys[hwm].at = tkey->at;
sel->keys[hwm].offmask = tkey->offmask;
sel->keys[hwm].shift = tkey->shift;
+
+ if (_sel->extended) {
+ keys_ex[hwm].htype = tkey->htype;
+ keys_ex[hwm].cmd = tkey->cmd;
+ } else {
+ if (tkey->htype != TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK ||
+ tkey->cmd != TCA_PEDIT_KEY_EX_CMD_SET) {
+ fprintf(stderr,
+ "Munge parameters not supported. Use 'pedit ex munge ...'.\n");
+ return -1;
+ }
+ }
+
sel->nkeys++;
return 0;
}
-
-int
-pack_key32(__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+int pack_key32(__u32 retain, struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey)
{
if (tkey->off > (tkey->off & ~3)) {
fprintf(stderr,
@@ -152,16 +167,14 @@
tkey->val = htonl(tkey->val & retain);
tkey->mask = htonl(tkey->mask | ~retain);
- /* jamal remove this - it is not necessary given the if check above */
- tkey->off &= ~3;
- return pack_key(sel,tkey);
+ return pack_key(sel, tkey);
}
-int
-pack_key16(__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+int pack_key16(__u32 retain, struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey)
{
int ind, stride;
- __u32 m[4] = {0xFFFF0000,0xFF0000FF,0x0000FFFF};
+ __u32 m[4] = { 0x0000FFFF, 0xFF0000FF, 0xFFFF0000 };
if (tkey->val > 0xFFFF || tkey->mask > 0xFFFF) {
fprintf(stderr, "pack_key16 bad value\n");
@@ -171,53 +184,107 @@
ind = tkey->off & 3;
if (ind == 3) {
- fprintf(stderr, "pack_key16 bad index value %d\n",ind);
+ fprintf(stderr, "pack_key16 bad index value %d\n", ind);
return -1;
}
- stride = 8 * ind;
- tkey->val = htons(tkey->val);
- tkey->val <<= stride;
- tkey->mask <<= stride;
- retain <<= stride;
- tkey->mask = retain|m[ind];
+ stride = 8 * (2 - ind);
+ tkey->val = htonl((tkey->val & retain) << stride);
+ tkey->mask = htonl(((tkey->mask | ~retain) << stride) | m[ind]);
tkey->off &= ~3;
if (pedit_debug)
- printf("pack_key16: Final val %08x mask %08x \n",tkey->val,tkey->mask);
- return pack_key(sel,tkey);
+ printf("pack_key16: Final val %08x mask %08x\n",
+ tkey->val, tkey->mask);
+ return pack_key(sel, tkey);
}
-int
-pack_key8(__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+int pack_key8(__u32 retain, struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
int ind, stride;
- __u32 m[4] = {0xFFFFFF00,0xFFFF00FF,0xFF00FFFF,0x00FFFFFF};
+ __u32 m[4] = { 0x00FFFFFF, 0xFF00FFFF, 0xFFFF00FF, 0xFFFFFF00 };
if (tkey->val > 0xFF || tkey->mask > 0xFF) {
- fprintf(stderr, "pack_key8 bad value (val %x mask %x\n", tkey->val, tkey->mask);
+ fprintf(stderr, "pack_key8 bad value (val %x mask %x\n",
+ tkey->val, tkey->mask);
return -1;
}
ind = tkey->off & 3;
- stride = 8 * ind;
- tkey->val <<= stride;
- tkey->mask <<= stride;
- retain <<= stride;
- tkey->mask = retain|m[ind];
+ stride = 8 * (3 - ind);
+ tkey->val = htonl((tkey->val & retain) << stride);
+ tkey->mask = htonl(((tkey->mask | ~retain) << stride) | m[ind]);
tkey->off &= ~3;
if (pedit_debug)
- printf("pack_key8: Final word off %d val %08x mask %08x \n",tkey->off , tkey->val,tkey->mask);
- return pack_key(sel,tkey);
+ printf("pack_key8: Final word off %d val %08x mask %08x\n",
+ tkey->off, tkey->val, tkey->mask);
+ return pack_key(sel, tkey);
}
-int
-parse_val(int *argc_p, char ***argv_p, __u32 * val, int type)
+static int pack_mac(struct m_pedit_sel *sel, struct m_pedit_key *tkey,
+ __u8 *mac)
+{
+ int ret = 0;
+
+ if (!(tkey->off & 0x3)) {
+ tkey->mask = 0;
+ tkey->val = ntohl(*((__u32 *)mac));
+ ret |= pack_key32(~0, sel, tkey);
+
+ tkey->off += 4;
+ tkey->mask = 0;
+ tkey->val = ntohs(*((__u16 *)&mac[4]));
+ ret |= pack_key16(~0, sel, tkey);
+ } else if (!(tkey->off & 0x1)) {
+ tkey->mask = 0;
+ tkey->val = ntohs(*((__u16 *)mac));
+ ret |= pack_key16(~0, sel, tkey);
+
+ tkey->off += 4;
+ tkey->mask = 0;
+ tkey->val = ntohl(*((__u32 *)(mac + 2)));
+ ret |= pack_key32(~0, sel, tkey);
+ } else {
+ fprintf(stderr,
+ "pack_mac: mac offsets must begin in 32bit or 16bit boundaries\n");
+ return -1;
+ }
+
+ return ret;
+}
+
+static int pack_ipv6(struct m_pedit_sel *sel, struct m_pedit_key *tkey,
+ __u32 *ipv6)
+{
+ int ret = 0;
+ int i;
+
+ if (tkey->off & 0x3) {
+ fprintf(stderr,
+ "pack_ipv6: IPv6 offsets must begin in 32bit boundaries\n");
+ return -1;
+ }
+
+ for (i = 0; i < 4; i++) {
+ tkey->mask = 0;
+ tkey->val = ntohl(ipv6[i]);
+
+ ret = pack_key32(~0, sel, tkey);
+ if (ret)
+ return ret;
+
+ tkey->off += 4;
+ }
+
+ return 0;
+}
+
+int parse_val(int *argc_p, char ***argv_p, __u32 *val, int type)
{
int argc = *argc_p;
char **argv = *argv_p;
@@ -225,32 +292,51 @@
if (argc <= 0)
return -1;
- if (TINT == type)
- return get_integer((int *) val, *argv, 0);
+ if (type == TINT)
+ return get_integer((int *)val, *argv, 0);
- if (TU32 == type)
+ if (type == TU32)
return get_u32(val, *argv, 0);
- if (TIPV4 == type) {
+ if (type == TIPV4) {
inet_prefix addr;
- if (get_prefix_1(&addr, *argv, AF_INET)) {
+
+ if (get_prefix_1(&addr, *argv, AF_INET))
return -1;
- }
- *val=addr.data[0];
+
+ *val = addr.data[0];
return 0;
}
- if (TIPV6 == type) {
- /* not implemented yet */
- return -1;
+
+ if (type == TIPV6) {
+ inet_prefix addr;
+
+ if (get_prefix_1(&addr, *argv, AF_INET6))
+ return -1;
+
+ memcpy(val, addr.data, addr.bytelen);
+
+ return 0;
+ }
+
+ if (type == TMAC) {
+#define MAC_ALEN 6
+ int ret = ll_addr_a2n((char *)val, MAC_ALEN, *argv);
+
+ if (ret == MAC_ALEN)
+ return 0;
}
return -1;
}
-int
-parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type,__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type, __u32 retain,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
- __u32 mask = 0, val = 0;
+ __u32 mask[4] = { 0 };
+ __u32 val[4] = { 0 };
+ __u32 *m = &mask[0];
+ __u32 *v = &val[0];
__u32 o = 0xFF;
int res = -1;
int argc = *argc_p;
@@ -260,7 +346,8 @@
return -1;
if (pedit_debug)
- printf("parse_cmd argc %d %s offset %d length %d\n",argc,*argv,tkey->off,len);
+ printf("parse_cmd argc %d %s offset %d length %d\n",
+ argc, *argv, tkey->off, len);
if (len == 2)
o = 0xFFFF;
@@ -268,57 +355,87 @@
o = 0xFFFFFFFF;
if (matches(*argv, "invert") == 0) {
- retain = val = mask = o;
- } else if (matches(*argv, "set") == 0) {
+ *v = *m = o;
+ } else if (matches(*argv, "set") == 0 ||
+ matches(*argv, "add") == 0) {
+ if (matches(*argv, "add") == 0)
+ tkey->cmd = TCA_PEDIT_KEY_EX_CMD_ADD;
+
+ if (!sel->extended && tkey->cmd) {
+ fprintf(stderr,
+ "Non extended mode. only 'set' command is supported\n");
+ return -1;
+ }
+
NEXT_ARG();
- if (parse_val(&argc, &argv, &val, type))
+ if (parse_val(&argc, &argv, val, type))
return -1;
} else if (matches(*argv, "preserve") == 0) {
- retain = mask = o;
+ retain = 0;
} else {
if (matches(*argv, "clear") != 0)
return -1;
}
- argc--; argv++;
+ argc--;
+ argv++;
if (argc && matches(*argv, "retain") == 0) {
NEXT_ARG();
if (parse_val(&argc, &argv, &retain, TU32))
return -1;
- argc--; argv++;
+ argc--;
+ argv++;
}
- tkey->val = val;
+ if (len > 4 && retain != ~0) {
+ fprintf(stderr,
+ "retain is not supported for fields longer the 32 bits\n");
+ return -1;
+ }
+
+ if (type == TMAC) {
+ res = pack_mac(sel, tkey, (__u8 *)val);
+ goto done;
+ }
+
+ if (type == TIPV6) {
+ res = pack_ipv6(sel, tkey, val);
+ goto done;
+ }
+
+ tkey->val = *v;
+ tkey->mask = *m;
+
+ if (type == TIPV4)
+ tkey->val = ntohl(tkey->val);
if (len == 1) {
- tkey->mask = 0xFF;
- res = pack_key8(retain,sel,tkey);
+ res = pack_key8(retain, sel, tkey);
goto done;
}
if (len == 2) {
- tkey->mask = mask;
- res = pack_key16(retain,sel,tkey);
+ res = pack_key16(retain, sel, tkey);
goto done;
}
if (len == 4) {
- tkey->mask = mask;
- res = pack_key32(retain,sel,tkey);
+ res = pack_key32(retain, sel, tkey);
goto done;
}
return -1;
done:
if (pedit_debug)
- printf("parse_cmd done argc %d %s offset %d length %d\n",argc,*argv,tkey->off,len);
+ printf("parse_cmd done argc %d %s offset %d length %d\n",
+ argc, *argv, tkey->off, len);
*argc_p = argc;
*argv_p = argv;
return res;
}
-int
-parse_offset(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+int parse_offset(int *argc_p, char ***argv_p, struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey)
{
int off;
__u32 len, retain;
@@ -339,7 +456,6 @@
if (argc <= 0)
return -1;
-
if (matches(*argv, "u32") == 0) {
len = 4;
retain = 0xFFFFFFFF;
@@ -347,12 +463,12 @@
}
if (matches(*argv, "u16") == 0) {
len = 2;
- retain = 0x0;
+ retain = 0xffff;
goto done;
}
if (matches(*argv, "u8") == 0) {
len = 1;
- retain = 0x0;
+ retain = 0xff;
goto done;
}
@@ -365,7 +481,7 @@
/* [at <someval> offmask <maskval> shift <shiftval>] */
if (matches(*argv, "at") == 0) {
- __u32 atv=0,offmask=0x0,shift=0;
+ __u32 atv = 0, offmask = 0x0, shift = 0;
NEXT_ARG();
if (get_u32(&atv, *argv, 0))
@@ -387,17 +503,16 @@
NEXT_ARG();
}
- res = parse_cmd(&argc, &argv, len, TU32,retain,sel,tkey);
+ res = parse_cmd(&argc, &argv, len, TU32, retain, sel, tkey);
*argc_p = argc;
*argv_p = argv;
return res;
}
-static int
-parse_munge(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel)
+static int parse_munge(int *argc_p, char ***argv_p, struct m_pedit_sel *sel)
{
- struct tc_pedit_key tkey;
+ struct m_pedit_key tkey = {};
int argc = *argc_p;
char **argv = *argv_p;
int res = -1;
@@ -405,25 +520,24 @@
if (argc <= 0)
return -1;
- memset(&tkey, 0, sizeof(tkey));
-
if (matches(*argv, "offset") == 0) {
NEXT_ARG();
- res = parse_offset(&argc, &argv,sel,&tkey);
+ res = parse_offset(&argc, &argv, sel, &tkey);
goto done;
} else {
char k[16];
struct m_pedit_util *p = NULL;
- strncpy(k, *argv, sizeof (k) - 1);
+ strncpy(k, *argv, sizeof(k) - 1);
- if (argc > 0 ) {
+ if (argc > 0) {
p = get_pedit_kind(k);
- if (NULL == p)
+ if (p == NULL)
goto bad_val;
- res = p->parse_peopt(&argc, &argv, sel,&tkey);
+ NEXT_ARG();
+ res = p->parse_peopt(&argc, &argv, sel, &tkey);
if (res < 0) {
- fprintf(stderr,"bad pedit parsing\n");
+ fprintf(stderr, "bad pedit parsing\n");
goto bad_val;
}
goto done;
@@ -440,39 +554,108 @@
return res;
}
-int
-parse_pedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
+static int pedit_keys_ex_getattr(struct rtattr *attr,
+ struct m_pedit_key_ex *keys_ex, int n)
{
- struct {
- struct tc_pedit_sel sel;
- struct tc_pedit_key keys[MAX_OFFS];
- } sel;
+ struct rtattr *i;
+ int rem = RTA_PAYLOAD(attr);
+ struct rtattr *tb[TCA_PEDIT_KEY_EX_MAX + 1];
+ struct m_pedit_key_ex *k = keys_ex;
+
+ for (i = RTA_DATA(attr); RTA_OK(i, rem); i = RTA_NEXT(i, rem)) {
+ if (!n)
+ return -1;
+
+ if (i->rta_type != TCA_PEDIT_KEY_EX)
+ return -1;
+
+ parse_rtattr_nested(tb, TCA_PEDIT_KEY_EX_MAX, i);
+
+ k->htype = rta_getattr_u16(tb[TCA_PEDIT_KEY_EX_HTYPE]);
+ k->cmd = rta_getattr_u16(tb[TCA_PEDIT_KEY_EX_CMD]);
+
+ k++;
+ n--;
+ }
+
+ return !!n;
+}
+
+static int pedit_keys_ex_addattr(struct m_pedit_sel *sel, struct nlmsghdr *n)
+{
+ struct m_pedit_key_ex *k = sel->keys_ex;
+ struct rtattr *keys_start;
+ int i;
+
+ if (!sel->extended)
+ return 0;
+
+ keys_start = addattr_nest(n, MAX_MSG, TCA_PEDIT_KEYS_EX | NLA_F_NESTED);
+
+ for (i = 0; i < sel->sel.nkeys; i++) {
+ struct rtattr *key_start;
+
+ key_start = addattr_nest(n, MAX_MSG,
+ TCA_PEDIT_KEY_EX | NLA_F_NESTED);
+
+ if (addattr16(n, MAX_MSG, TCA_PEDIT_KEY_EX_HTYPE, k->htype) ||
+ addattr16(n, MAX_MSG, TCA_PEDIT_KEY_EX_CMD, k->cmd)) {
+ return -1;
+ }
+
+ addattr_nest_end(n, key_start);
+
+ k++;
+ }
+
+ addattr_nest_end(n, keys_start);
+
+ return 0;
+}
+
+int parse_pedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
+ struct nlmsghdr *n)
+{
+ struct m_pedit_sel sel = {};
int argc = *argc_p;
char **argv = *argv_p;
int ok = 0, iok = 0;
struct rtattr *tail;
- memset(&sel, 0, sizeof(sel));
-
while (argc > 0) {
if (pedit_debug > 1)
- fprintf(stderr, "while pedit (%d:%s)\n",argc, *argv);
+ fprintf(stderr, "while pedit (%d:%s)\n", argc, *argv);
if (matches(*argv, "pedit") == 0) {
NEXT_ARG();
ok++;
+
+ if (matches(*argv, "ex") == 0) {
+ if (ok > 1) {
+ fprintf(stderr,
+ "'ex' must be before first 'munge'\n");
+ explain();
+ return -1;
+ }
+ sel.extended = true;
+ NEXT_ARG();
+ }
+
continue;
} else if (matches(*argv, "help") == 0) {
usage();
} else if (matches(*argv, "munge") == 0) {
if (!ok) {
- fprintf(stderr, "Illegal pedit construct (%s) \n", *argv);
+ fprintf(stderr, "Bad pedit construct (%s)\n",
+ *argv);
explain();
return -1;
}
NEXT_ARG();
- if (parse_munge(&argc, &argv,&sel.sel)) {
- fprintf(stderr, "Illegal pedit construct (%s) \n", *argv);
+
+ if (parse_munge(&argc, &argv, &sel)) {
+ fprintf(stderr, "Bad pedit construct (%s)\n",
+ *argv);
explain();
return -1;
}
@@ -488,25 +671,7 @@
return -1;
}
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- sel.sel.action = TC_ACT_RECLASSIFY;
- NEXT_ARG();
- } else if (matches(*argv, "pipe") == 0) {
- sel.sel.action = TC_ACT_PIPE;
- NEXT_ARG();
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- sel.sel.action = TC_ACT_SHOT;
- NEXT_ARG();
- } else if (matches(*argv, "continue") == 0) {
- sel.sel.action = TC_ACT_UNSPEC;
- NEXT_ARG();
- } else if (matches(*argv, "pass") == 0) {
- sel.sel.action = TC_ACT_OK;
- NEXT_ARG();
- }
- }
+ parse_action_control_dflt(&argc, &argv, &sel.sel.action, false, TC_ACT_OK);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -523,63 +688,147 @@
tail = NLMSG_TAIL(n);
addattr_l(n, MAX_MSG, tca_id, NULL, 0);
- addattr_l(n, MAX_MSG, TCA_PEDIT_PARMS,&sel, sizeof(sel.sel)+sel.sel.nkeys*sizeof(struct tc_pedit_key));
- tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
+ if (!sel.extended) {
+ addattr_l(n, MAX_MSG, TCA_PEDIT_PARMS, &sel,
+ sizeof(sel.sel) +
+ sel.sel.nkeys * sizeof(struct tc_pedit_key));
+ } else {
+ addattr_l(n, MAX_MSG, TCA_PEDIT_PARMS_EX, &sel,
+ sizeof(sel.sel) +
+ sel.sel.nkeys * sizeof(struct tc_pedit_key));
+
+ pedit_keys_ex_addattr(&sel, n);
+ }
+
+ tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
*argc_p = argc;
*argv_p = argv;
return 0;
}
-int
-print_pedit(struct action_util *au,FILE * f, struct rtattr *arg)
+const char *pedit_htype_str[] = {
+ [TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK] = "",
+ [TCA_PEDIT_KEY_EX_HDR_TYPE_ETH] = "eth",
+ [TCA_PEDIT_KEY_EX_HDR_TYPE_IP4] = "ipv4",
+ [TCA_PEDIT_KEY_EX_HDR_TYPE_IP6] = "ipv6",
+ [TCA_PEDIT_KEY_EX_HDR_TYPE_TCP] = "tcp",
+ [TCA_PEDIT_KEY_EX_HDR_TYPE_UDP] = "udp",
+};
+
+static void print_pedit_location(FILE *f,
+ enum pedit_header_type htype, __u32 off)
+{
+ if (htype == TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK) {
+ fprintf(f, "%d", (unsigned int)off);
+ return;
+ }
+
+ if (htype < ARRAY_SIZE(pedit_htype_str))
+ fprintf(f, "%s", pedit_htype_str[htype]);
+ else
+ fprintf(f, "unknown(%d)", htype);
+
+ fprintf(f, "%c%d", (int)off >= 0 ? '+' : '-', abs((int)off));
+}
+
+int print_pedit(struct action_util *au, FILE *f, struct rtattr *arg)
{
struct tc_pedit_sel *sel;
struct rtattr *tb[TCA_PEDIT_MAX + 1];
- SPRINT_BUF(b1);
+ struct m_pedit_key_ex *keys_ex = NULL;
if (arg == NULL)
return -1;
parse_rtattr_nested(tb, TCA_PEDIT_MAX, arg);
- if (tb[TCA_PEDIT_PARMS] == NULL) {
+ if (!tb[TCA_PEDIT_PARMS] && !tb[TCA_PEDIT_PARMS_EX]) {
fprintf(f, "[NULL pedit parameters]");
return -1;
}
- sel = RTA_DATA(tb[TCA_PEDIT_PARMS]);
- fprintf(f, " pedit action %s keys %d\n ", action_n2a(sel->action, b1, sizeof (b1)),sel->nkeys);
- fprintf(f, "\t index %d ref %d bind %d", sel->index,sel->refcnt, sel->bindcnt);
+ if (tb[TCA_PEDIT_PARMS]) {
+ sel = RTA_DATA(tb[TCA_PEDIT_PARMS]);
+ } else {
+ int err;
+
+ sel = RTA_DATA(tb[TCA_PEDIT_PARMS_EX]);
+
+ if (!tb[TCA_PEDIT_KEYS_EX]) {
+ fprintf(f, "Netlink error\n");
+ return -1;
+ }
+
+ keys_ex = calloc(sel->nkeys, sizeof(*keys_ex));
+ if (!keys_ex) {
+ fprintf(f, "Out of memory\n");
+ return -1;
+ }
+
+ err = pedit_keys_ex_getattr(tb[TCA_PEDIT_KEYS_EX], keys_ex,
+ sel->nkeys);
+ if (err) {
+ fprintf(f, "Netlink error\n");
+
+ free(keys_ex);
+ return -1;
+ }
+ }
+
+ fprintf(f, " pedit ");
+ print_action_control(f, "action ", sel->action, " ");
+ fprintf(f,"keys %d\n ", sel->nkeys);
+ fprintf(f, "\t index %u ref %d bind %d", sel->index, sel->refcnt,
+ sel->bindcnt);
if (show_stats) {
if (tb[TCA_PEDIT_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_PEDIT_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
if (sel->nkeys) {
int i;
struct tc_pedit_key *key = sel->keys;
+ struct m_pedit_key_ex *key_ex = keys_ex;
- for (i=0; i<sel->nkeys; i++, key++) {
- fprintf(f, "\n\t key #%d",i);
- fprintf(f, " at %d: val %08x mask %08x",
- (unsigned int)key->off,
- (unsigned int)ntohl(key->val),
- (unsigned int)ntohl(key->mask));
+ for (i = 0; i < sel->nkeys; i++, key++) {
+ enum pedit_header_type htype =
+ TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK;
+ enum pedit_cmd cmd = TCA_PEDIT_KEY_EX_CMD_SET;
+
+ if (keys_ex) {
+ htype = key_ex->htype;
+ cmd = key_ex->cmd;
+
+ key_ex++;
+ }
+
+ fprintf(f, "\n\t key #%d", i);
+
+ fprintf(f, " at ");
+
+ print_pedit_location(f, htype, key->off);
+
+ fprintf(f, ": %s %08x mask %08x",
+ cmd ? "add" : "val",
+ (unsigned int)ntohl(key->val),
+ (unsigned int)ntohl(key->mask));
}
} else {
- fprintf(f, "\npedit %x keys %d is not LEGIT", sel->index,sel->nkeys);
+ fprintf(f, "\npedit %x keys %d is not LEGIT", sel->index,
+ sel->nkeys);
}
-
fprintf(f, "\n ");
+
+ free(keys_ex);
return 0;
}
-int
-pedit_print_xstats(struct action_util *au, FILE *f, struct rtattr *xstats)
+int pedit_print_xstats(struct action_util *au, FILE *f, struct rtattr *xstats)
{
return 0;
}
diff --git a/tc/m_pedit.h b/tc/m_pedit.h
index 1698c95..0bc0297 100644
--- a/tc/m_pedit.h
+++ b/tc/m_pedit.h
@@ -32,6 +32,7 @@
#define TIPV6 2
#define TINT 3
#define TU32 4
+#define TMAC 5
#define RU32 0xFFFFFFFF
#define RU16 0xFFFF
@@ -39,24 +40,55 @@
#define PEDITKINDSIZ 16
-struct m_pedit_util
-{
- struct m_pedit_util *next;
- char id[PEDITKINDSIZ];
- int (*parse_peopt)(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
+struct m_pedit_key {
+ __u32 mask; /* AND */
+ __u32 val; /*XOR */
+ __u32 off; /*offset */
+ __u32 at;
+ __u32 offmask;
+ __u32 shift;
+
+ enum pedit_header_type htype;
+ enum pedit_cmd cmd;
};
+struct m_pedit_key_ex {
+ enum pedit_header_type htype;
+ enum pedit_cmd cmd;
+};
-extern int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type,__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-extern int pack_key(struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-extern int pack_key32(__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-extern int pack_key16(__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-extern int pack_key8(__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-extern int parse_val(int *argc_p, char ***argv_p, __u32 * val, int type);
-extern int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type,__u32 retain,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-extern int parse_offset(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey);
-int parse_pedit(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n);
-extern int print_pedit(struct action_util *au,FILE * f, struct rtattr *arg);
-extern int pedit_print_xstats(struct action_util *au, FILE *f, struct rtattr *xstats);
+struct m_pedit_sel {
+ struct tc_pedit_sel sel;
+ struct tc_pedit_key keys[MAX_OFFS];
+ struct m_pedit_key_ex keys_ex[MAX_OFFS];
+ bool extended;
+};
+
+struct m_pedit_util {
+ struct m_pedit_util *next;
+ char id[PEDITKINDSIZ];
+ int (*parse_peopt)(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey);
+};
+
+extern int pack_key(struct m_pedit_sel *sel, struct m_pedit_key *tkey);
+extern int pack_key32(__u32 retain, struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey);
+extern int pack_key16(__u32 retain, struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey);
+extern int pack_key8(__u32 retain, struct m_pedit_sel *sel,
+ struct m_pedit_key *tkey);
+extern int parse_val(int *argc_p, char ***argv_p, __u32 *val, int type);
+extern int parse_cmd(int *argc_p, char ***argv_p, __u32 len, int type,
+ __u32 retain,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey);
+extern int parse_offset(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey);
+int parse_pedit(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n);
+extern int print_pedit(struct action_util *au, FILE *f, struct rtattr *arg);
+extern int pedit_print_xstats(struct action_util *au, FILE *f,
+ struct rtattr *xstats);
#endif
diff --git a/tc/m_police.c b/tc/m_police.c
index 915f1a5..86117db 100644
--- a/tc/m_police.c
+++ b/tc/m_police.c
@@ -36,11 +36,13 @@
{
fprintf(stderr, "Usage: ... police rate BPS burst BYTES[/BYTES] [ mtu BYTES[/BYTES] ]\n");
fprintf(stderr, " [ peakrate BPS ] [ avrate BPS ] [ overhead BYTES ]\n");
- fprintf(stderr, " [ linklayer TYPE ] [ ACTIONTERM ]\n");
+ fprintf(stderr, " [ linklayer TYPE ] [ CONTROL ]\n");
- fprintf(stderr, "New Syntax ACTIONTERM := conform-exceed <EXCEEDACT>[/NOTEXCEEDACT] \n");
- fprintf(stderr, "Where: *EXCEEDACT := pipe | ok | reclassify | drop | continue \n");
- fprintf(stderr, "Where: pipe is only valid for new syntax \n");
+ fprintf(stderr, "Where: CONTROL := conform-exceed <EXCEEDACT>[/NOTEXCEEDACT]\n");
+ fprintf(stderr, " Define how to handle packets which exceed (<EXCEEDACT>)\n");
+ fprintf(stderr, " or conform (<NOTEXCEEDACT>) the configured bandwidth limit.\n");
+ fprintf(stderr, " EXCEEDACT/NOTEXCEEDACT := { pipe | ok | reclassify | drop | continue |\n");
+ fprintf(stderr, " goto chain <CHAIN_INDEX> }\n");
exit(-1);
}
@@ -49,98 +51,24 @@
fprintf(stderr, "Illegal \"%s\"\n", arg);
}
-static const char *police_action_n2a(int action, char *buf, int len)
-{
- switch (action) {
- case -1:
- return "continue";
- break;
- case TC_POLICE_OK:
- return "pass";
- break;
- case TC_POLICE_SHOT:
- return "drop";
- break;
- case TC_POLICE_RECLASSIFY:
- return "reclassify";
- case TC_POLICE_PIPE:
- return "pipe";
- default:
- snprintf(buf, len, "%d", action);
- return buf;
- }
-}
-
-static int police_action_a2n(const char *arg, int *result)
-{
- int res;
-
- if (matches(arg, "continue") == 0)
- res = -1;
- else if (matches(arg, "drop") == 0)
- res = TC_POLICE_SHOT;
- else if (matches(arg, "shot") == 0)
- res = TC_POLICE_SHOT;
- else if (matches(arg, "pass") == 0)
- res = TC_POLICE_OK;
- else if (strcmp(arg, "ok") == 0)
- res = TC_POLICE_OK;
- else if (matches(arg, "reclassify") == 0)
- res = TC_POLICE_RECLASSIFY;
- else if (matches(arg, "pipe") == 0)
- res = TC_POLICE_PIPE;
- else {
- char dummy;
- if (sscanf(arg, "%d%c", &res, &dummy) != 1)
- return -1;
- }
- *result = res;
- return 0;
-}
-
-
-static int get_police_result(int *action, int *result, char *arg)
-{
- char *p = strchr(arg, '/');
-
- if (p)
- *p = 0;
-
- if (police_action_a2n(arg, action)) {
- if (p)
- *p = '/';
- return -1;
- }
-
- if (p) {
- *p = '/';
- if (police_action_a2n(p+1, result))
- return -1;
- }
- return 0;
-}
-
-
-int act_parse_police(struct action_util *a,int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
+int act_parse_police(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
{
int argc = *argc_p;
char **argv = *argv_p;
int res = -1;
- int ok=0;
- struct tc_police p;
+ int ok = 0;
+ struct tc_police p = { .action = TC_POLICE_RECLASSIFY };
__u32 rtab[256];
__u32 ptab[256];
__u32 avrate = 0;
int presult = 0;
- unsigned buffer=0, mtu=0, mpu=0;
- unsigned short overhead=0;
+ unsigned buffer = 0, mtu = 0, mpu = 0;
+ unsigned short overhead = 0;
unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */
- int Rcell_log=-1, Pcell_log = -1;
+ int Rcell_log = -1, Pcell_log = -1;
struct rtattr *tail;
- memset(&p, 0, sizeof(p));
- p.action = TC_POLICE_RECLASSIFY;
-
if (a) /* new way of doing things */
NEXT_ARG();
@@ -218,23 +146,20 @@
explain1("peakrate");
return -1;
}
- } else if (matches(*argv, "reclassify") == 0) {
- p.action = TC_POLICE_RECLASSIFY;
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- p.action = TC_POLICE_SHOT;
- } else if (matches(*argv, "continue") == 0) {
- p.action = TC_POLICE_UNSPEC;
- } else if (matches(*argv, "pass") == 0) {
- p.action = TC_POLICE_OK;
- } else if (matches(*argv, "pipe") == 0) {
- p.action = TC_POLICE_PIPE;
+ } else if (matches(*argv, "reclassify") == 0 ||
+ matches(*argv, "drop") == 0 ||
+ matches(*argv, "shot") == 0 ||
+ matches(*argv, "continue") == 0 ||
+ matches(*argv, "pass") == 0 ||
+ matches(*argv, "pipe") == 0 ||
+ matches(*argv, "goto") == 0) {
+ if (parse_action_control(&argc, &argv, &p.action, false))
+ return -1;
} else if (strcmp(*argv, "conform-exceed") == 0) {
NEXT_ARG();
- if (get_police_result(&p.action, &presult, *argv)) {
- fprintf(stderr, "Illegal \"action\"\n");
+ if (parse_action_control_slash(&argc, &argv, &p.action,
+ &presult, true))
return -1;
- }
} else if (matches(*argv, "overhead") == 0) {
NEXT_ARG();
if (get_u16(&overhead, *argv, 10)) {
@@ -257,10 +182,21 @@
if (!ok)
return -1;
- if (p.rate.rate && !buffer) {
+ if (p.rate.rate && avrate)
+ return -1;
+
+ /* Must at least do late binding, use TB or ewma policing */
+ if (!p.rate.rate && !avrate && !p.index) {
+ fprintf(stderr, "\"rate\" or \"avrate\" MUST be specified.\n");
+ return -1;
+ }
+
+ /* When the TB policer is used, burst is required */
+ if (p.rate.rate && !buffer && !avrate) {
fprintf(stderr, "\"burst\" requires \"rate\".\n");
return -1;
}
+
if (p.peakrate.rate) {
if (!p.rate.rate) {
fprintf(stderr, "\"peakrate\" requires \"rate\".\n");
@@ -275,8 +211,9 @@
if (p.rate.rate) {
p.rate.mpu = mpu;
p.rate.overhead = overhead;
- if (tc_calc_rtable(&p.rate, rtab, Rcell_log, mtu, linklayer) < 0) {
- fprintf(stderr, "TBF: failed to calculate rate table.\n");
+ if (tc_calc_rtable(&p.rate, rtab, Rcell_log, mtu,
+ linklayer) < 0) {
+ fprintf(stderr, "POLICE: failed to calculate rate table.\n");
return -1;
}
p.burst = tc_calc_xmittime(p.rate.rate, buffer);
@@ -285,7 +222,8 @@
if (p.peakrate.rate) {
p.peakrate.mpu = mpu;
p.peakrate.overhead = overhead;
- if (tc_calc_rtable(&p.peakrate, ptab, Pcell_log, mtu, linklayer) < 0) {
+ if (tc_calc_rtable(&p.peakrate, ptab, Pcell_log, mtu,
+ linklayer) < 0) {
fprintf(stderr, "POLICE: failed to calculate peak rate table.\n");
return -1;
}
@@ -297,7 +235,7 @@
if (p.rate.rate)
addattr_l(n, MAX_MSG, TCA_POLICE_RATE, rtab, 1024);
if (p.peakrate.rate)
- addattr_l(n, MAX_MSG, TCA_POLICE_PEAKRATE, ptab, 1024);
+ addattr_l(n, MAX_MSG, TCA_POLICE_PEAKRATE, ptab, 1024);
if (avrate)
addattr32(n, MAX_MSG, TCA_POLICE_AVRATE, avrate);
if (presult)
@@ -313,17 +251,16 @@
int parse_police(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
{
- return act_parse_police(NULL,argc_p,argv_p,tca_id,n);
+ return act_parse_police(NULL, argc_p, argv_p, tca_id, n);
}
-int
-print_police(struct action_util *a, FILE *f, struct rtattr *arg)
+int print_police(struct action_util *a, FILE *f, struct rtattr *arg)
{
SPRINT_BUF(b1);
SPRINT_BUF(b2);
struct tc_police *p;
struct rtattr *tb[TCA_POLICE_MAX+1];
- unsigned buffer;
+ unsigned int buffer;
unsigned int linklayer;
if (arg == NULL)
@@ -350,25 +287,43 @@
fprintf(f, "mtu %s ", sprint_size(p->mtu, b1));
if (show_raw)
fprintf(f, "[%08x] ", p->burst);
+
if (p->peakrate.rate)
fprintf(f, "peakrate %s ", sprint_rate(p->peakrate.rate, b1));
+
if (tb[TCA_POLICE_AVRATE])
- fprintf(f, "avrate %s ", sprint_rate(rta_getattr_u32(tb[TCA_POLICE_AVRATE]), b1));
- fprintf(f, "action %s", police_action_n2a(p->action, b1, sizeof(b1)));
+ fprintf(f, "avrate %s ",
+ sprint_rate(rta_getattr_u32(tb[TCA_POLICE_AVRATE]),
+ b1));
+
+ print_action_control(f, "action ", p->action, "");
+
if (tb[TCA_POLICE_RESULT]) {
- fprintf(f, "/%s ", police_action_n2a(*(int*)RTA_DATA(tb[TCA_POLICE_RESULT]), b1, sizeof(b1)));
+ __u32 action = rta_getattr_u32(tb[TCA_POLICE_RESULT]);
+
+ print_action_control(f, "/", action, " ");
} else
fprintf(f, " ");
+
fprintf(f, "overhead %ub ", p->rate.overhead);
linklayer = (p->rate.linklayer & TC_LINKLAYER_MASK);
if (linklayer > TC_LINKLAYER_ETHERNET || show_details)
fprintf(f, "linklayer %s ", sprint_linklayer(linklayer, b2));
- fprintf(f, "\nref %d bind %d\n",p->refcnt, p->bindcnt);
+ fprintf(f, "\n\tref %d bind %d", p->refcnt, p->bindcnt);
+ if (show_stats) {
+ if (tb[TCA_POLICE_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_POLICE_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+ fprintf(f, "\n");
+
return 0;
}
-int
-tc_print_police(FILE *f, struct rtattr *arg) {
- return print_police(&police_action_util,f,arg);
+int tc_print_police(FILE *f, struct rtattr *arg)
+{
+ return print_police(&police_action_util, f, arg);
}
diff --git a/tc/m_sample.c b/tc/m_sample.c
new file mode 100644
index 0000000..ff5ee6b
--- /dev/null
+++ b/tc/m_sample.c
@@ -0,0 +1,184 @@
+/*
+ * m_sample.c ingress/egress packet sampling module
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Yotam Gigi <yotamg@mellanox.com>
+ *
+ */
+
+#include <stdio.h>
+#include "utils.h"
+#include "tc_util.h"
+#include "tc_common.h"
+#include <linux/tc_act/tc_sample.h>
+
+static void explain(void)
+{
+ fprintf(stderr, "Usage: sample SAMPLE_CONF\n");
+ fprintf(stderr, "where:\n");
+ fprintf(stderr, "\tSAMPLE_CONF := SAMPLE_PARAMS | SAMPLE_INDEX\n");
+ fprintf(stderr, "\tSAMPLE_PARAMS := rate RATE group GROUP [trunc SIZE] [SAMPLE_INDEX]\n");
+ fprintf(stderr, "\tSAMPLE_INDEX := index INDEX\n");
+ fprintf(stderr, "\tRATE := The ratio of packets observed at the data source to the samples generated.\n");
+ fprintf(stderr, "\tGROUP := the psample sampling group\n");
+ fprintf(stderr, "\tSIZE := the truncation size\n");
+ fprintf(stderr, "\tINDEX := integer index of the sample action\n");
+}
+
+static void usage(void)
+{
+ explain();
+ exit(-1);
+}
+
+static int parse_sample(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
+{
+ struct tc_sample p = { 0 };
+ bool trunc_set = false;
+ bool group_set = false;
+ bool rate_set = false;
+ char **argv = *argv_p;
+ struct rtattr *tail;
+ int argc = *argc_p;
+ __u32 trunc;
+ __u32 group;
+ __u32 rate;
+
+ if (argc <= 1) {
+ fprintf(stderr, "sample bad argument count %d\n", argc);
+ usage();
+ return -1;
+ }
+
+ if (matches(*argv, "sample") == 0) {
+ NEXT_ARG();
+ } else {
+ fprintf(stderr, "sample bad argument %s\n", *argv);
+ return -1;
+ }
+
+ while (argc > 0) {
+ if (matches(*argv, "rate") == 0) {
+ NEXT_ARG();
+ if (get_unsigned(&rate, *argv, 10) != 0) {
+ fprintf(stderr, "Illegal rate %s\n", *argv);
+ usage();
+ return -1;
+ }
+ rate_set = true;
+ } else if (matches(*argv, "group") == 0) {
+ NEXT_ARG();
+ if (get_unsigned(&group, *argv, 10) != 0) {
+ fprintf(stderr, "Illegal group num %s\n",
+ *argv);
+ usage();
+ return -1;
+ }
+ group_set = true;
+ } else if (matches(*argv, "trunc") == 0) {
+ NEXT_ARG();
+ if (get_unsigned(&trunc, *argv, 10) != 0) {
+ fprintf(stderr, "Illegal truncation size %s\n",
+ *argv);
+ usage();
+ return -1;
+ }
+ trunc_set = true;
+ } else if (matches(*argv, "help") == 0) {
+ usage();
+ } else {
+ break;
+ }
+
+ NEXT_ARG_FWD();
+ }
+
+ parse_action_control_dflt(&argc, &argv, &p.action, false, TC_ACT_PIPE);
+
+ if (argc) {
+ if (matches(*argv, "index") == 0) {
+ NEXT_ARG();
+ if (get_u32(&p.index, *argv, 10)) {
+ fprintf(stderr, "sample: Illegal \"index\"\n");
+ return -1;
+ }
+ NEXT_ARG_FWD();
+ }
+ }
+
+ if (!p.index && !group_set) {
+ fprintf(stderr, "param \"group\" not set\n");
+ usage();
+ }
+
+ if (!p.index && !rate_set) {
+ fprintf(stderr, "param \"rate\" not set\n");
+ usage();
+ }
+
+ tail = NLMSG_TAIL(n);
+ addattr_l(n, MAX_MSG, tca_id, NULL, 0);
+ addattr_l(n, MAX_MSG, TCA_SAMPLE_PARMS, &p, sizeof(p));
+ if (rate_set)
+ addattr32(n, MAX_MSG, TCA_SAMPLE_RATE, rate);
+ if (group_set)
+ addattr32(n, MAX_MSG, TCA_SAMPLE_PSAMPLE_GROUP, group);
+ if (trunc_set)
+ addattr32(n, MAX_MSG, TCA_SAMPLE_TRUNC_SIZE, trunc);
+
+ tail->rta_len = (char *)NLMSG_TAIL(n) - (char *)tail;
+
+ *argc_p = argc;
+ *argv_p = argv;
+ return 0;
+}
+
+static int print_sample(struct action_util *au, FILE *f, struct rtattr *arg)
+{
+ struct rtattr *tb[TCA_SAMPLE_MAX + 1];
+ struct tc_sample *p;
+
+ if (arg == NULL)
+ return -1;
+
+ parse_rtattr_nested(tb, TCA_SAMPLE_MAX, arg);
+
+ if (!tb[TCA_SAMPLE_PARMS] || !tb[TCA_SAMPLE_RATE] ||
+ !tb[TCA_SAMPLE_PSAMPLE_GROUP]) {
+ fprintf(f, "[NULL sample parameters]");
+ return -1;
+ }
+ p = RTA_DATA(tb[TCA_SAMPLE_PARMS]);
+
+ fprintf(f, "sample rate 1/%d group %d",
+ rta_getattr_u32(tb[TCA_SAMPLE_RATE]),
+ rta_getattr_u32(tb[TCA_SAMPLE_PSAMPLE_GROUP]));
+
+ if (tb[TCA_SAMPLE_TRUNC_SIZE])
+ fprintf(f, " trunc_size %d",
+ rta_getattr_u32(tb[TCA_SAMPLE_TRUNC_SIZE]));
+
+ fprintf(f, "\n\tindex %d ref %d bind %d", p->index, p->refcnt,
+ p->bindcnt);
+
+ if (show_stats) {
+ if (tb[TCA_SAMPLE_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_SAMPLE_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+ fprintf(f, "\n");
+ return 0;
+}
+
+struct action_util sample_action_util = {
+ .id = "sample",
+ .parse_aopt = parse_sample,
+ .print_aopt = print_sample,
+};
diff --git a/tc/m_simple.c b/tc/m_simple.c
index 1ad5526..f8937bc 100644
--- a/tc/m_simple.c
+++ b/tc/m_simple.c
@@ -81,9 +81,10 @@
#endif
static void explain(void)
{
- fprintf(stderr, "Usage: ... simple STRING\n"
- "STRING being an arbitrary string\n"
- "example: \"simple blah\"\n");
+ fprintf(stderr, "Usage:... simple [sdata STRING] [index INDEX] [CONTROL]\n");
+ fprintf(stderr, "\tSTRING being an arbitrary string\n"
+ "\tINDEX := optional index value used\n"
+ "\tCONTROL := reclassify|pipe|drop|continue|ok\n");
}
static void usage(void)
@@ -103,21 +104,34 @@
struct rtattr *tail;
char *simpdata = NULL;
-
while (argc > 0) {
if (matches(*argv, "simple") == 0) {
NEXT_ARG();
+ } else if (matches(*argv, "sdata") == 0) {
+ NEXT_ARG();
+ ok += 1;
simpdata = *argv;
- ok = 1;
argc--;
argv++;
- break;
} else if (matches(*argv, "help") == 0) {
usage();
} else {
break;
}
+ }
+ if (argc) {
+ if (matches(*argv, "index") == 0) {
+ NEXT_ARG();
+ if (get_u32(&sel.index, *argv, 10)) {
+ fprintf(stderr, "simple: Illegal \"index\" (%s)\n",
+ *argv);
+ return -1;
+ }
+ ok += 1;
+ argc--;
+ argv++;
+ }
}
if (!ok) {
@@ -125,20 +139,8 @@
return -1;
}
- if (argc) {
- if (matches(*argv, "index") == 0) {
- NEXT_ARG();
- if (get_u32(&sel.index, *argv, 10)) {
- fprintf(stderr, "simple: Illegal \"index\"\n");
- return -1;
- }
- argc--;
- argv++;
- }
- }
-
- if (strlen(simpdata) > (SIMP_MAX_DATA - 1)) {
- fprintf(stderr, "simple: Illegal string len %zu <%s> \n",
+ if (simpdata && (strlen(simpdata) > (SIMP_MAX_DATA - 1))) {
+ fprintf(stderr, "simple: Illegal string len %zu <%s>\n",
strlen(simpdata), simpdata);
return -1;
}
@@ -148,7 +150,8 @@
tail = NLMSG_TAIL(n);
addattr_l(n, MAX_MSG, tca_id, NULL, 0);
addattr_l(n, MAX_MSG, TCA_DEF_PARMS, &sel, sizeof(sel));
- addattr_l(n, MAX_MSG, TCA_DEF_DATA, simpdata, SIMP_MAX_DATA);
+ if (simpdata)
+ addattr_l(n, MAX_MSG, TCA_DEF_DATA, simpdata, SIMP_MAX_DATA);
tail->rta_len = (char *)NLMSG_TAIL(n) - (char *)tail;
*argc_p = argc;
@@ -156,7 +159,7 @@
return 0;
}
-static int print_simple(struct action_util *au, FILE * f, struct rtattr *arg)
+static int print_simple(struct action_util *au, FILE *f, struct rtattr *arg)
{
struct tc_defact *sel;
struct rtattr *tb[TCA_DEF_MAX + 1];
@@ -181,12 +184,13 @@
simpdata = RTA_DATA(tb[TCA_DEF_DATA]);
fprintf(f, "Simple <%s>\n", simpdata);
- fprintf(f, "\t index %d ref %d bind %d", sel->index,
+ fprintf(f, "\t index %u ref %d bind %d", sel->index,
sel->refcnt, sel->bindcnt);
if (show_stats) {
if (tb[TCA_DEF_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_DEF_TM]);
+
print_tm(f, tm);
}
}
diff --git a/tc/m_skbedit.c b/tc/m_skbedit.c
index 36323a9..aa374fc 100644
--- a/tc/m_skbedit.c
+++ b/tc/m_skbedit.c
@@ -26,14 +26,17 @@
#include "utils.h"
#include "tc_util.h"
#include <linux/tc_act/tc_skbedit.h>
+#include <linux/if_packet.h>
-static void
-explain(void)
+static void explain(void)
{
- fprintf(stderr, "Usage: ... skbedit <[QM] [PM] [MM]>\n"
+ fprintf(stderr, "Usage: ... skbedit <[QM] [PM] [MM] [PT]>\n"
"QM = queue_mapping QUEUE_MAPPING\n"
- "PM = priority PRIORITY \n"
- "MM = mark MARK \n"
+ "PM = priority PRIORITY\n"
+ "MM = mark MARK\n"
+ "PT = ptype PACKETYPE\n"
+ "PACKETYPE = is one of:\n"
+ " host, otherhost, broadcast, multicast\n"
"QUEUE_MAPPING = device transmit queue to use\n"
"PRIORITY = classID to assign to priority field\n"
"MARK = firewall mark to set\n");
@@ -55,7 +58,7 @@
int ok = 0;
struct rtattr *tail;
unsigned int tmp;
- __u16 queue_mapping;
+ __u16 queue_mapping, ptype;
__u32 flags = 0, priority, mark;
struct tc_skbedit sel = { 0 };
@@ -90,6 +93,24 @@
return -1;
}
ok++;
+ } else if (matches(*argv, "ptype") == 0) {
+
+ NEXT_ARG();
+ if (matches(*argv, "host") == 0) {
+ ptype = PACKET_HOST;
+ } else if (matches(*argv, "broadcast") == 0) {
+ ptype = PACKET_BROADCAST;
+ } else if (matches(*argv, "multicast") == 0) {
+ ptype = PACKET_MULTICAST;
+ } else if (matches(*argv, "otherhost") == 0) {
+ ptype = PACKET_OTHERHOST;
+ } else {
+ fprintf(stderr, "Illegal ptype (%s)\n",
+ *argv);
+ return -1;
+ }
+ flags |= SKBEDIT_F_PTYPE;
+ ok++;
} else if (matches(*argv, "help") == 0) {
usage();
} else {
@@ -99,26 +120,8 @@
argv++;
}
- sel.action = TC_ACT_PIPE;
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- sel.action = TC_ACT_RECLASSIFY;
- NEXT_ARG();
- } else if (matches(*argv, "pipe") == 0) {
- sel.action = TC_ACT_PIPE;
- NEXT_ARG();
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- sel.action = TC_ACT_SHOT;
- NEXT_ARG();
- } else if (matches(*argv, "continue") == 0) {
- sel.action = TC_ACT_UNSPEC;
- NEXT_ARG();
- } else if (matches(*argv, "pass") == 0) {
- sel.action = TC_ACT_OK;
- NEXT_ARG();
- }
- }
+ parse_action_control_dflt(&argc, &argv, &sel.action,
+ false, TC_ACT_PIPE);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -151,6 +154,9 @@
if (flags & SKBEDIT_F_MARK)
addattr_l(n, MAX_MSG, TCA_SKBEDIT_MARK,
&mark, sizeof(mark));
+ if (flags & SKBEDIT_F_PTYPE)
+ addattr_l(n, MAX_MSG, TCA_SKBEDIT_PTYPE,
+ &ptype, sizeof(ptype));
tail->rta_len = (char *)NLMSG_TAIL(n) - (char *)tail;
*argc_p = argc;
@@ -161,10 +167,11 @@
static int print_skbedit(struct action_util *au, FILE *f, struct rtattr *arg)
{
struct rtattr *tb[TCA_SKBEDIT_MAX + 1];
+
SPRINT_BUF(b1);
__u32 *priority;
__u32 *mark;
- __u16 *queue_mapping;
+ __u16 *queue_mapping, *ptype;
struct tc_skbedit *p = NULL;
if (arg == NULL)
@@ -192,12 +199,29 @@
mark = RTA_DATA(tb[TCA_SKBEDIT_MARK]);
fprintf(f, " mark %d", *mark);
}
+ if (tb[TCA_SKBEDIT_PTYPE] != NULL) {
+ ptype = RTA_DATA(tb[TCA_SKBEDIT_PTYPE]);
+ if (*ptype == PACKET_HOST)
+ fprintf(f, " ptype host");
+ else if (*ptype == PACKET_BROADCAST)
+ fprintf(f, " ptype broadcast");
+ else if (*ptype == PACKET_MULTICAST)
+ fprintf(f, " ptype multicast");
+ else if (*ptype == PACKET_OTHERHOST)
+ fprintf(f, " ptype otherhost");
+ else
+ fprintf(f, " ptype %d", *ptype);
+ }
- fprintf(f, "\n\t index %d ref %d bind %d", p->index, p->refcnt, p->bindcnt);
+ print_action_control(f, " ", p->action, "");
+
+ fprintf(f, "\n\t index %u ref %d bind %d",
+ p->index, p->refcnt, p->bindcnt);
if (show_stats) {
if (tb[TCA_SKBEDIT_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_SKBEDIT_TM]);
+
print_tm(f, tm);
}
}
diff --git a/tc/m_skbmod.c b/tc/m_skbmod.c
new file mode 100644
index 0000000..ba79308
--- /dev/null
+++ b/tc/m_skbmod.c
@@ -0,0 +1,236 @@
+/*
+ * m_skbmod.c skb modifier action module
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: J Hadi Salim (jhs@mojatatu.com)
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include <linux/netdevice.h>
+
+#include "rt_names.h"
+#include "utils.h"
+#include "tc_util.h"
+#include <linux/tc_act/tc_skbmod.h>
+
+static void skbmod_explain(void)
+{
+ fprintf(stderr,
+ "Usage:... skbmod {[set <SETTABLE>] [swap <SWAPABLE>]} [CONTROL] [index INDEX]\n"
+ "where SETTABLE is: [dmac DMAC] [smac SMAC] [etype ETYPE]\n"
+ "where SWAPABLE is: \"mac\" to swap mac addresses\n"
+ "note: \"swap mac\" is done after any outstanding D/SMAC change\n"
+ "\tDMAC := 6 byte Destination MAC address\n"
+ "\tSMAC := optional 6 byte Source MAC address\n"
+ "\tETYPE := optional 16 bit ethertype\n"
+ "\tCONTROL := reclassify | pipe | drop | continue | ok |\n"
+ "\t goto chain <CHAIN_INDEX>\n"
+ "\tINDEX := skbmod index value to use\n");
+}
+
+static void skbmod_usage(void)
+{
+ skbmod_explain();
+ exit(-1);
+}
+
+static int parse_skbmod(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
+{
+ int argc = *argc_p;
+ char **argv = *argv_p;
+ int ok = 0;
+ struct tc_skbmod p;
+ struct rtattr *tail;
+ char dbuf[ETH_ALEN];
+ char sbuf[ETH_ALEN];
+ __u16 skbmod_etype = 0;
+ char *daddr = NULL;
+ char *saddr = NULL;
+
+ memset(&p, 0, sizeof(p));
+
+ if (argc <= 0)
+ return -1;
+
+ while (argc > 0) {
+ if (matches(*argv, "skbmod") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "swap") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "mac") == 0) {
+ p.flags |= SKBMOD_F_SWAPMAC;
+ ok += 1;
+ } else if (matches(*argv, "set") == 0) {
+ NEXT_ARG();
+ continue;
+ } else if (matches(*argv, "etype") == 0) {
+ NEXT_ARG();
+ if (get_u16(&skbmod_etype, *argv, 0))
+ invarg("ethertype is invalid", *argv);
+ fprintf(stderr, "skbmod etype 0x%x\n", skbmod_etype);
+ p.flags |= SKBMOD_F_ETYPE;
+ ok += 1;
+ } else if (matches(*argv, "dmac") == 0) {
+ NEXT_ARG();
+ daddr = *argv;
+ if (sscanf(daddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ dbuf, dbuf + 1, dbuf + 2,
+ dbuf + 3, dbuf + 4, dbuf + 5) != 6) {
+ fprintf(stderr, "Invalid dst mac address %s\n",
+ daddr);
+ return -1;
+ }
+ p.flags |= SKBMOD_F_DMAC;
+ fprintf(stderr, "dst MAC address <%s>\n", daddr);
+ ok += 1;
+
+ } else if (matches(*argv, "smac") == 0) {
+ NEXT_ARG();
+ saddr = *argv;
+ if (sscanf(saddr, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ sbuf, sbuf + 1, sbuf + 2,
+ sbuf + 3, sbuf + 4, sbuf + 5) != 6) {
+ fprintf(stderr, "Invalid smac address %s\n",
+ saddr);
+ return -1;
+ }
+ p.flags |= SKBMOD_F_SMAC;
+ fprintf(stderr, "src MAC address <%s>\n", saddr);
+ ok += 1;
+ } else if (matches(*argv, "help") == 0) {
+ skbmod_usage();
+ } else {
+ break;
+ }
+
+ argc--;
+ argv++;
+ }
+
+ parse_action_control_dflt(&argc, &argv, &p.action, false, TC_ACT_PIPE);
+
+ if (argc) {
+ if (matches(*argv, "index") == 0) {
+ NEXT_ARG();
+ if (get_u32(&p.index, *argv, 0)) {
+ fprintf(stderr, "skbmod: Illegal \"index\"\n");
+ return -1;
+ }
+ ok++;
+ argc--;
+ argv++;
+ }
+ }
+
+ if (!ok) {
+ fprintf(stderr, "skbmod requires at least one option\n");
+ skbmod_usage();
+ }
+
+ tail = NLMSG_TAIL(n);
+ addattr_l(n, MAX_MSG, tca_id, NULL, 0);
+ addattr_l(n, MAX_MSG, TCA_SKBMOD_PARMS, &p, sizeof(p));
+
+ if (daddr)
+ addattr_l(n, MAX_MSG, TCA_SKBMOD_DMAC, dbuf, ETH_ALEN);
+ if (skbmod_etype)
+ addattr16(n, MAX_MSG, TCA_SKBMOD_ETYPE, skbmod_etype);
+ if (saddr)
+ addattr_l(n, MAX_MSG, TCA_SKBMOD_SMAC, sbuf, ETH_ALEN);
+
+ tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
+
+ *argc_p = argc;
+ *argv_p = argv;
+ return 0;
+}
+
+static int print_skbmod(struct action_util *au, FILE *f, struct rtattr *arg)
+{
+ struct tc_skbmod *p = NULL;
+ struct rtattr *tb[TCA_SKBMOD_MAX + 1];
+ __u16 skbmod_etype = 0;
+ int has_optional = 0;
+ SPRINT_BUF(b1);
+ SPRINT_BUF(b2);
+
+ if (arg == NULL)
+ return -1;
+
+ parse_rtattr_nested(tb, TCA_SKBMOD_MAX, arg);
+
+ if (tb[TCA_SKBMOD_PARMS] == NULL) {
+ fprintf(f, "[NULL skbmod parameters]");
+ return -1;
+ }
+
+ p = RTA_DATA(tb[TCA_SKBMOD_PARMS]);
+
+ fprintf(f, "skbmod ");
+ print_action_control(f, "", p->action, " ");
+
+ if (tb[TCA_SKBMOD_ETYPE]) {
+ skbmod_etype = rta_getattr_u16(tb[TCA_SKBMOD_ETYPE]);
+ has_optional = 1;
+ fprintf(f, "set etype 0x%X ", skbmod_etype);
+ }
+
+ if (has_optional)
+ fprintf(f, "\n\t ");
+
+ if (tb[TCA_SKBMOD_DMAC]) {
+ has_optional = 1;
+ fprintf(f, "set dmac %s ",
+ ll_addr_n2a(RTA_DATA(tb[TCA_SKBMOD_DMAC]),
+ RTA_PAYLOAD(tb[TCA_SKBMOD_DMAC]), 0, b1,
+ sizeof(b1)));
+
+ }
+
+ if (tb[TCA_SKBMOD_SMAC]) {
+ has_optional = 1;
+ fprintf(f, "set smac %s ",
+ ll_addr_n2a(RTA_DATA(tb[TCA_SKBMOD_SMAC]),
+ RTA_PAYLOAD(tb[TCA_SKBMOD_SMAC]), 0, b2,
+ sizeof(b2)));
+ }
+
+ if (p->flags & SKBMOD_F_SWAPMAC)
+ fprintf(f, "swap mac ");
+
+ fprintf(f, "\n\t index %u ref %d bind %d", p->index, p->refcnt,
+ p->bindcnt);
+ if (show_stats) {
+ if (tb[TCA_SKBMOD_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_SKBMOD_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+
+ fprintf(f, "\n");
+
+ return 0;
+}
+
+struct action_util skbmod_action_util = {
+ .id = "skbmod",
+ .parse_aopt = parse_skbmod,
+ .print_aopt = print_skbmod,
+};
diff --git a/tc/m_tunnel_key.c b/tc/m_tunnel_key.c
new file mode 100644
index 0000000..1cdd035
--- /dev/null
+++ b/tc/m_tunnel_key.c
@@ -0,0 +1,315 @@
+/*
+ * m_tunnel_key.c ip tunnel manipulation module
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Amir Vadai <amir@vadai.me>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <linux/if_ether.h>
+#include "utils.h"
+#include "rt_names.h"
+#include "tc_util.h"
+#include <linux/tc_act/tc_tunnel_key.h>
+
+static void explain(void)
+{
+ fprintf(stderr, "Usage: tunnel_key unset\n");
+ fprintf(stderr, " tunnel_key set <TUNNEL_KEY>\n");
+ fprintf(stderr,
+ "Where TUNNEL_KEY is a combination of:\n"
+ "id <TUNNELID> (mandatory)\n"
+ "src_ip <IP> (mandatory)\n"
+ "dst_ip <IP> (mandatory)\n"
+ "dst_port <UDP_PORT>\n"
+ "csum | nocsum (default is \"csum\")\n");
+}
+
+static void usage(void)
+{
+ explain();
+ exit(-1);
+}
+
+static int tunnel_key_parse_ip_addr(const char *str, int addr4_type,
+ int addr6_type, struct nlmsghdr *n)
+{
+ inet_prefix addr;
+ int ret;
+
+ ret = get_addr(&addr, str, AF_UNSPEC);
+ if (ret)
+ return ret;
+
+ addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
+ addr.data, addr.bytelen);
+
+ return 0;
+}
+
+static int tunnel_key_parse_key_id(const char *str, int type,
+ struct nlmsghdr *n)
+{
+ __be32 key_id;
+ int ret;
+
+ ret = get_be32(&key_id, str, 10);
+ if (!ret)
+ addattr32(n, MAX_MSG, type, key_id);
+
+ return ret;
+}
+
+static int tunnel_key_parse_dst_port(char *str, int type, struct nlmsghdr *n)
+{
+ int ret;
+ __be16 dst_port;
+
+ ret = get_be16(&dst_port, str, 10);
+ if (ret)
+ return -1;
+
+ addattr16(n, MAX_MSG, type, dst_port);
+
+ return 0;
+}
+
+static int parse_tunnel_key(struct action_util *a, int *argc_p, char ***argv_p,
+ int tca_id, struct nlmsghdr *n)
+{
+ struct tc_tunnel_key parm = {};
+ char **argv = *argv_p;
+ int argc = *argc_p;
+ struct rtattr *tail;
+ int action = 0;
+ int ret;
+ int has_src_ip = 0;
+ int has_dst_ip = 0;
+ int has_key_id = 0;
+ int csum = 1;
+
+ if (matches(*argv, "tunnel_key") != 0)
+ return -1;
+
+ tail = NLMSG_TAIL(n);
+ addattr_l(n, MAX_MSG, tca_id, NULL, 0);
+
+ NEXT_ARG();
+
+ while (argc > 0) {
+ if (matches(*argv, "unset") == 0) {
+ if (action) {
+ fprintf(stderr, "unexpected \"%s\" - action already specified\n",
+ *argv);
+ explain();
+ return -1;
+ }
+ action = TCA_TUNNEL_KEY_ACT_RELEASE;
+ } else if (matches(*argv, "set") == 0) {
+ if (action) {
+ fprintf(stderr, "unexpected \"%s\" - action already specified\n",
+ *argv);
+ explain();
+ return -1;
+ }
+ action = TCA_TUNNEL_KEY_ACT_SET;
+ } else if (matches(*argv, "src_ip") == 0) {
+ NEXT_ARG();
+ ret = tunnel_key_parse_ip_addr(*argv,
+ TCA_TUNNEL_KEY_ENC_IPV4_SRC,
+ TCA_TUNNEL_KEY_ENC_IPV6_SRC,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"src_ip\"\n");
+ return -1;
+ }
+ has_src_ip = 1;
+ } else if (matches(*argv, "dst_ip") == 0) {
+ NEXT_ARG();
+ ret = tunnel_key_parse_ip_addr(*argv,
+ TCA_TUNNEL_KEY_ENC_IPV4_DST,
+ TCA_TUNNEL_KEY_ENC_IPV6_DST,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"dst_ip\"\n");
+ return -1;
+ }
+ has_dst_ip = 1;
+ } else if (matches(*argv, "id") == 0) {
+ NEXT_ARG();
+ ret = tunnel_key_parse_key_id(*argv, TCA_TUNNEL_KEY_ENC_KEY_ID, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"id\"\n");
+ return -1;
+ }
+ has_key_id = 1;
+ } else if (matches(*argv, "dst_port") == 0) {
+ NEXT_ARG();
+ ret = tunnel_key_parse_dst_port(*argv,
+ TCA_TUNNEL_KEY_ENC_DST_PORT, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"dst port\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "csum") == 0) {
+ csum = 1;
+ } else if (matches(*argv, "nocsum") == 0) {
+ csum = 0;
+ } else if (matches(*argv, "help") == 0) {
+ usage();
+ } else {
+ break;
+ }
+ NEXT_ARG_FWD();
+ }
+
+ addattr8(n, MAX_MSG, TCA_TUNNEL_KEY_NO_CSUM, !csum);
+
+ parse_action_control_dflt(&argc, &argv, &parm.action,
+ false, TC_ACT_PIPE);
+
+ if (argc) {
+ if (matches(*argv, "index") == 0) {
+ NEXT_ARG();
+ if (get_u32(&parm.index, *argv, 10)) {
+ fprintf(stderr, "tunnel_key: Illegal \"index\"\n");
+ return -1;
+ }
+
+ NEXT_ARG_FWD();
+ }
+ }
+
+ if (action == TCA_TUNNEL_KEY_ACT_SET &&
+ (!has_src_ip || !has_dst_ip || !has_key_id)) {
+ fprintf(stderr, "set needs tunnel_key parameters\n");
+ explain();
+ return -1;
+ }
+
+ parm.t_action = action;
+ addattr_l(n, MAX_MSG, TCA_TUNNEL_KEY_PARMS, &parm, sizeof(parm));
+ tail->rta_len = (char *)NLMSG_TAIL(n) - (char *)tail;
+
+ *argc_p = argc;
+ *argv_p = argv;
+
+ return 0;
+}
+
+static void tunnel_key_print_ip_addr(FILE *f, const char *name,
+ struct rtattr *attr)
+{
+ int family;
+ size_t len;
+
+ if (!attr)
+ return;
+
+ len = RTA_PAYLOAD(attr);
+
+ if (len == 4)
+ family = AF_INET;
+ else if (len == 16)
+ family = AF_INET6;
+ else
+ return;
+
+ fprintf(f, "\n\t%s %s", name, rt_addr_n2a_rta(family, attr));
+}
+
+static void tunnel_key_print_key_id(FILE *f, const char *name,
+ struct rtattr *attr)
+{
+ if (!attr)
+ return;
+ fprintf(f, "\n\t%s %d", name, rta_getattr_be32(attr));
+}
+
+static void tunnel_key_print_dst_port(FILE *f, char *name,
+ struct rtattr *attr)
+{
+ if (!attr)
+ return;
+ fprintf(f, "\n\t%s %d", name, rta_getattr_be16(attr));
+}
+
+static void tunnel_key_print_flag(FILE *f, const char *name_on,
+ const char *name_off,
+ struct rtattr *attr)
+{
+ if (!attr)
+ return;
+ fprintf(f, "\n\t%s", rta_getattr_u8(attr) ? name_on : name_off);
+}
+
+static int print_tunnel_key(struct action_util *au, FILE *f, struct rtattr *arg)
+{
+ struct rtattr *tb[TCA_TUNNEL_KEY_MAX + 1];
+ struct tc_tunnel_key *parm;
+
+ if (!arg)
+ return -1;
+
+ parse_rtattr_nested(tb, TCA_TUNNEL_KEY_MAX, arg);
+
+ if (!tb[TCA_TUNNEL_KEY_PARMS]) {
+ fprintf(f, "[NULL tunnel_key parameters]");
+ return -1;
+ }
+ parm = RTA_DATA(tb[TCA_TUNNEL_KEY_PARMS]);
+
+ fprintf(f, "tunnel_key");
+
+ switch (parm->t_action) {
+ case TCA_TUNNEL_KEY_ACT_RELEASE:
+ fprintf(f, " unset");
+ break;
+ case TCA_TUNNEL_KEY_ACT_SET:
+ fprintf(f, " set");
+ tunnel_key_print_ip_addr(f, "src_ip",
+ tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC]);
+ tunnel_key_print_ip_addr(f, "dst_ip",
+ tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]);
+ tunnel_key_print_ip_addr(f, "src_ip",
+ tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]);
+ tunnel_key_print_ip_addr(f, "dst_ip",
+ tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]);
+ tunnel_key_print_key_id(f, "key_id",
+ tb[TCA_TUNNEL_KEY_ENC_KEY_ID]);
+ tunnel_key_print_dst_port(f, "dst_port",
+ tb[TCA_TUNNEL_KEY_ENC_DST_PORT]);
+ tunnel_key_print_flag(f, "nocsum", "csum",
+ tb[TCA_TUNNEL_KEY_NO_CSUM]);
+ break;
+ }
+ print_action_control(f, " ", parm->action, "");
+
+ fprintf(f, "\n\tindex %d ref %d bind %d", parm->index, parm->refcnt,
+ parm->bindcnt);
+
+ if (show_stats) {
+ if (tb[TCA_TUNNEL_KEY_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_TUNNEL_KEY_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+
+ fprintf(f, "\n ");
+
+ return 0;
+}
+
+struct action_util tunnel_key_action_util = {
+ .id = "tunnel_key",
+ .parse_aopt = parse_tunnel_key,
+ .print_aopt = print_tunnel_key,
+};
diff --git a/tc/m_vlan.c b/tc/m_vlan.c
index 32db5ed..cccb499 100644
--- a/tc/m_vlan.c
+++ b/tc/m_vlan.c
@@ -19,12 +19,21 @@
#include "tc_util.h"
#include <linux/tc_act/tc_vlan.h>
+static const char * const action_names[] = {
+ [TCA_VLAN_ACT_POP] = "pop",
+ [TCA_VLAN_ACT_PUSH] = "push",
+ [TCA_VLAN_ACT_MODIFY] = "modify",
+};
+
static void explain(void)
{
fprintf(stderr, "Usage: vlan pop\n");
- fprintf(stderr, " vlan push [ protocol VLANPROTO ] id VLANID\n");
+ fprintf(stderr, " vlan push [ protocol VLANPROTO ] id VLANID [ priority VLANPRIO ] [CONTROL]\n");
+ fprintf(stderr, " vlan modify [ protocol VLANPROTO ] id VLANID [ priority VLANPRIO ] [CONTROL]\n");
fprintf(stderr, " VLANPROTO is one of 802.1Q or 802.1AD\n");
fprintf(stderr, " with default: 802.1Q\n");
+ fprintf(stderr, " CONTROL := reclassify | pipe | drop | continue | pass |\n");
+ fprintf(stderr, " goto chain <CHAIN_INDEX>\n");
}
static void usage(void)
@@ -33,6 +42,11 @@
exit(-1);
}
+static bool has_push_attribs(int action)
+{
+ return action == TCA_VLAN_ACT_PUSH || action == TCA_VLAN_ACT_MODIFY;
+}
+
static int parse_vlan(struct action_util *a, int *argc_p, char ***argv_p,
int tca_id, struct nlmsghdr *n)
{
@@ -44,7 +58,9 @@
int id_set = 0;
__u16 proto;
int proto_set = 0;
- struct tc_vlan parm = { 0 };
+ __u8 prio;
+ int prio_set = 0;
+ struct tc_vlan parm = {};
if (matches(*argv, "vlan") != 0)
return -1;
@@ -68,9 +84,17 @@
return -1;
}
action = TCA_VLAN_ACT_PUSH;
+ } else if (matches(*argv, "modify") == 0) {
+ if (action) {
+ fprintf(stderr, "unexpected \"%s\" - action already specified\n",
+ *argv);
+ explain();
+ return -1;
+ }
+ action = TCA_VLAN_ACT_MODIFY;
} else if (matches(*argv, "id") == 0) {
- if (action != TCA_VLAN_ACT_PUSH) {
- fprintf(stderr, "\"%s\" is only valid for push\n",
+ if (!has_push_attribs(action)) {
+ fprintf(stderr, "\"%s\" is only valid for push/modify\n",
*argv);
explain();
return -1;
@@ -80,8 +104,8 @@
invarg("id is invalid", *argv);
id_set = 1;
} else if (matches(*argv, "protocol") == 0) {
- if (action != TCA_VLAN_ACT_PUSH) {
- fprintf(stderr, "\"%s\" is only valid for push\n",
+ if (!has_push_attribs(action)) {
+ fprintf(stderr, "\"%s\" is only valid for push/modify\n",
*argv);
explain();
return -1;
@@ -90,6 +114,17 @@
if (ll_proto_a2n(&proto, *argv))
invarg("protocol is invalid", *argv);
proto_set = 1;
+ } else if (matches(*argv, "priority") == 0) {
+ if (!has_push_attribs(action)) {
+ fprintf(stderr, "\"%s\" is only valid for push/modify\n",
+ *argv);
+ explain();
+ return -1;
+ }
+ NEXT_ARG();
+ if (get_u8(&prio, *argv, 0) || (prio & ~0x7))
+ invarg("prio is invalid", *argv);
+ prio_set = 1;
} else if (matches(*argv, "help") == 0) {
usage();
} else {
@@ -99,31 +134,8 @@
argv++;
}
- parm.action = TC_ACT_PIPE;
- if (argc) {
- if (matches(*argv, "reclassify") == 0) {
- parm.action = TC_ACT_RECLASSIFY;
- argc--;
- argv++;
- } else if (matches(*argv, "pipe") == 0) {
- parm.action = TC_ACT_PIPE;
- argc--;
- argv++;
- } else if (matches(*argv, "drop") == 0 ||
- matches(*argv, "shot") == 0) {
- parm.action = TC_ACT_SHOT;
- argc--;
- argv++;
- } else if (matches(*argv, "continue") == 0) {
- parm.action = TC_ACT_UNSPEC;
- argc--;
- argv++;
- } else if (matches(*argv, "pass") == 0) {
- parm.action = TC_ACT_OK;
- argc--;
- argv++;
- }
- }
+ parse_action_control_dflt(&argc, &argv, &parm.action,
+ false, TC_ACT_PIPE);
if (argc) {
if (matches(*argv, "index") == 0) {
@@ -137,8 +149,9 @@
}
}
- if (action == TCA_VLAN_ACT_PUSH && !id_set) {
- fprintf(stderr, "id needs to be set for push\n");
+ if (has_push_attribs(action) && !id_set) {
+ fprintf(stderr, "id needs to be set for %s\n",
+ action_names[action]);
explain();
return -1;
}
@@ -159,6 +172,9 @@
addattr_l(n, MAX_MSG, TCA_VLAN_PUSH_VLAN_PROTOCOL, &proto, 2);
}
+ if (prio_set)
+ addattr8(n, MAX_MSG, TCA_VLAN_PUSH_VLAN_PRIORITY, prio);
+
tail->rta_len = (char *)NLMSG_TAIL(n) - (char *)tail;
*argc_p = argc;
@@ -186,12 +202,13 @@
fprintf(f, " vlan");
- switch(parm->v_action) {
+ switch (parm->v_action) {
case TCA_VLAN_ACT_POP:
fprintf(f, " pop");
break;
case TCA_VLAN_ACT_PUSH:
- fprintf(f, " push");
+ case TCA_VLAN_ACT_MODIFY:
+ fprintf(f, " %s", action_names[parm->v_action]);
if (tb[TCA_VLAN_PUSH_VLAN_ID]) {
val = rta_getattr_u16(tb[TCA_VLAN_PUSH_VLAN_ID]);
fprintf(f, " id %u", val);
@@ -201,16 +218,21 @@
ll_proto_n2a(rta_getattr_u16(tb[TCA_VLAN_PUSH_VLAN_PROTOCOL]),
b1, sizeof(b1)));
}
+ if (tb[TCA_VLAN_PUSH_VLAN_PRIORITY]) {
+ val = rta_getattr_u8(tb[TCA_VLAN_PUSH_VLAN_PRIORITY]);
+ fprintf(f, " priority %u", val);
+ }
break;
}
- fprintf(f, " %s", action_n2a(parm->action, b1, sizeof (b1)));
+ print_action_control(f, " ", parm->action, "");
- fprintf(f, "\n\t index %d ref %d bind %d", parm->index, parm->refcnt,
+ fprintf(f, "\n\t index %u ref %d bind %d", parm->index, parm->refcnt,
parm->bindcnt);
if (show_stats) {
if (tb[TCA_VLAN_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_VLAN_TM]);
+
print_tm(f, tm);
}
}
diff --git a/tc/m_xt.c b/tc/m_xt.c
index bf603fc..9218b14 100644
--- a/tc/m_xt.c
+++ b/tc/m_xt.c
@@ -39,19 +39,21 @@
#endif
#ifndef __ALIGN_KERNEL
-#define __ALIGN_KERNEL(x, a) __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
-#define __ALIGN_KERNEL_MASK(x, mask) (((x) + (mask)) & ~(mask))
+#define __ALIGN_KERNEL(x, a) \
+ __ALIGN_KERNEL_MASK(x, (typeof(x))(a) - 1)
+#define __ALIGN_KERNEL_MASK(x, mask) \
+ (((x) + (mask)) & ~(mask))
#endif
#ifndef ALIGN
-#define ALIGN(x,a) __ALIGN_KERNEL((x), (a))
+#define ALIGN(x, a) __ALIGN_KERNEL((x), (a))
#endif
static const char *tname = "mangle";
char *lib_dir;
-static const char *ipthooks[] = {
+static const char * const ipthooks[] = {
"NF_IP_PRE_ROUTING",
"NF_IP_LOCAL_IN",
"NF_IP_FORWARD",
@@ -75,6 +77,9 @@
.orig_opts = original_opts,
.opts = original_opts,
.exit_err = NULL,
+#if XTABLES_VERSION_CODE >= 11
+ .compat_rev = xtables_compatible_revision,
+#endif
};
/*
@@ -85,12 +90,13 @@
{
size_t size =
- XT_ALIGN(sizeof (struct xt_entry_target)) + target->size;
+ XT_ALIGN(sizeof(struct xt_entry_target)) + target->size;
- if (NULL == t) {
+ if (t == NULL) {
target->t = xtables_calloc(1, size);
target->t->u.target_size = size;
- strcpy(target->t->u.user.name, target->name);
+ strncpy(target->t->u.user.name, target->name,
+ sizeof(target->t->u.user.name) - 1);
target->t->u.user.revision = target->revision;
if (target->init != NULL)
@@ -109,95 +115,110 @@
if (!lib_dir) {
lib_dir = getenv("IPTABLES_LIB_DIR");
if (lib_dir)
- fprintf(stderr, "using deprecated IPTABLES_LIB_DIR \n");
+ fprintf(stderr, "using deprecated IPTABLES_LIB_DIR\n");
}
if (lib_dir == NULL)
lib_dir = XT_LIB_DIR;
}
-static int parse_ipt(struct action_util *a,int *argc_p,
+static int get_xtables_target_opts(struct xtables_globals *globals,
+ struct xtables_target *m)
+{
+ struct option *opts;
+
+#if XTABLES_VERSION_CODE >= 6
+ opts = xtables_options_xfrm(globals->orig_opts,
+ globals->opts,
+ m->x6_options,
+ &m->option_offset);
+#else
+ opts = xtables_merge_options(globals->opts,
+ m->extra_opts,
+ &m->option_offset);
+#endif
+ if (!opts)
+ return -1;
+ globals->opts = opts;
+ return 0;
+}
+
+static int parse_ipt(struct action_util *a, int *argc_p,
char ***argv_p, int tca_id, struct nlmsghdr *n)
{
struct xtables_target *m = NULL;
- struct ipt_entry fw;
+#if XTABLES_VERSION_CODE >= 6
+ struct ipt_entry fw = {};
+#endif
struct rtattr *tail;
int c;
- int rargc = *argc_p;
char **argv = *argv_p;
- int argc = 0, iargc = 0;
+ int argc;
char k[16];
int size = 0;
int iok = 0, ok = 0;
__u32 hook = 0, index = 0;
- struct option *opts = NULL;
- xtables_init_all(&tcipt_globals, NFPROTO_IPV4);
+ /* copy tcipt_globals because .opts will be modified by iptables */
+ struct xtables_globals tmp_tcipt_globals = tcipt_globals;
+
+ xtables_init_all(&tmp_tcipt_globals, NFPROTO_IPV4);
set_lib_dir();
- {
- int i;
- for (i = 0; i < rargc; i++) {
- if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) {
- break;
- }
- }
- iargc = argc = i;
+ /* parse only up until the next action */
+ for (argc = 0; argc < *argc_p; argc++) {
+ if (!argv[argc] || !strcmp(argv[argc], "action"))
+ break;
}
if (argc <= 2) {
- fprintf(stderr,"bad arguments to ipt %d vs %d \n", argc, rargc);
+ fprintf(stderr,
+ "too few arguments for xt, need at least '-j <target>'\n");
return -1;
}
while (1) {
- c = getopt_long(argc, argv, "j:", tcipt_globals.opts, NULL);
+ c = getopt_long(argc, argv, "j:", tmp_tcipt_globals.opts, NULL);
if (c == -1)
break;
switch (c) {
case 'j':
m = xtables_find_target(optarg, XTF_TRY_LOAD);
- if (NULL != m) {
-
- if (0 > build_st(m, NULL)) {
- printf(" %s error \n", m->name);
- return -1;
- }
-#if (XTABLES_VERSION_CODE >= 6)
- opts = xtables_options_xfrm(tcipt_globals.orig_opts,
- tcipt_globals.opts,
- m->x6_options,
- &m->option_offset);
-#else
- opts = xtables_merge_options(tcipt_globals.opts,
- m->extra_opts,
- &m->option_offset);
-#endif
- if (opts == NULL) {
- fprintf(stderr, " failed to find additional options for target %s\n\n", optarg);
+ if (!m) {
+ fprintf(stderr,
+ " failed to find target %s\n\n",
+ optarg);
return -1;
- } else
- tcipt_globals.opts = opts;
- } else {
- fprintf(stderr," failed to find target %s\n\n", optarg);
+ }
+
+ if (build_st(m, NULL) < 0) {
+ printf(" %s error\n", m->name);
+ return -1;
+ }
+
+ if (get_xtables_target_opts(&tmp_tcipt_globals,
+ m) < 0) {
+ fprintf(stderr,
+ " failed to find additional options for target %s\n\n",
+ optarg);
return -1;
}
ok++;
break;
default:
- memset(&fw, 0, sizeof (fw));
-#if (XTABLES_VERSION_CODE >= 6)
- if (m != NULL && m->x6_parse != NULL ) {
- xtables_option_tpcall(c, argv, 0 , m, NULL);
+#if XTABLES_VERSION_CODE >= 6
+ if (m != NULL && m->x6_parse != NULL) {
+ xtables_option_tpcall(c, argv, 0, m, &fw);
#else
- if (m != NULL && m->parse != NULL ) {
- m->parse(c - m->option_offset, argv, 0, &m->tflags,
- NULL, &m->t);
+ if (m != NULL && m->parse != NULL) {
+ m->parse(c - m->option_offset, argv, 0,
+ &m->tflags, NULL, &m->t);
#endif
} else {
- fprintf(stderr,"failed to find target %s\n\n", optarg);
+ fprintf(stderr,
+ "failed to find target %s\n\n", optarg);
return -1;
}
@@ -206,7 +227,7 @@
}
}
- if (iargc > optind) {
+ if (argc > optind) {
if (matches(argv[optind], "index") == 0) {
if (get_u32(&index, argv[optind + 1], 10)) {
fprintf(stderr, "Illegal \"index\"\n");
@@ -220,12 +241,12 @@
}
if (!ok && !iok) {
- fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv);
+ fprintf(stderr, " ipt Parser BAD!! (%s)\n", *argv);
return -1;
}
/* check that we passed the correct parameters to the target */
-#if (XTABLES_VERSION_CODE >= 6)
+#if XTABLES_VERSION_CODE >= 6
if (m)
xtables_option_tfcall(m);
#else
@@ -235,6 +256,7 @@
{
struct tcmsg *t = NLMSG_DATA(n);
+
if (t->tcm_parent != TC_H_ROOT
&& t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) {
hook = NF_IP_PRE_ROUTING;
@@ -248,12 +270,16 @@
fprintf(stdout, "tablename: %s hook: %s\n ", tname, ipthooks[hook]);
fprintf(stdout, "\ttarget: ");
- if (m)
- m->print(NULL, m->t, 0);
+ if (m) {
+ if (m->print)
+ m->print(NULL, m->t, 0);
+ else
+ printf("%s ", m->name);
+ }
fprintf(stdout, " index %d\n", index);
- if (strlen(tname) > 16) {
- size = 16;
+ if (strlen(tname) >= 16) {
+ size = 15;
k[15] = 0;
} else {
size = 1 + strlen(tname);
@@ -267,9 +293,8 @@
addattr_l(n, MAX_MSG, TCA_IPT_TARG, m->t, m->t->u.target_size);
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
- argc -= optind;
argv += optind;
- *argc_p = rargc - iargc;
+ *argc_p -= argc;
*argv_p = argv;
optind = 0;
@@ -289,11 +314,11 @@
}
static int
-print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
+print_ipt(struct action_util *au, FILE *f, struct rtattr *arg)
{
+ struct xtables_target *m;
struct rtattr *tb[TCA_IPT_MAX + 1];
struct xt_entry_target *t = NULL;
- struct option *opts = NULL;
if (arg == NULL)
return -1;
@@ -318,73 +343,66 @@
return -1;
} else {
__u32 hook;
+
hook = rta_getattr_u32(tb[TCA_IPT_HOOK]);
- fprintf(f, " hook: %s \n", ipthooks[hook]);
+ fprintf(f, " hook: %s\n", ipthooks[hook]);
}
if (tb[TCA_IPT_TARG] == NULL) {
- fprintf(f, "\t[NULL ipt target parameters ] \n");
+ fprintf(f, "\t[NULL ipt target parameters ]\n");
return -1;
- } else {
- struct xtables_target *m = NULL;
- t = RTA_DATA(tb[TCA_IPT_TARG]);
- m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
- if (NULL != m) {
- if (0 > build_st(m, t)) {
- fprintf(stderr, " %s error \n", m->name);
- return -1;
- }
-
-#if (XTABLES_VERSION_CODE >= 6)
- opts = xtables_options_xfrm(tmp_tcipt_globals.orig_opts,
- tmp_tcipt_globals.opts,
- m->x6_options,
- &m->option_offset);
-#else
- opts = xtables_merge_options(tmp_tcipt_globals.opts,
- m->extra_opts,
- &m->option_offset);
-#endif
- if (opts == NULL) {
- fprintf(stderr, " failed to find additional options for target %s\n\n", optarg);
- return -1;
- } else
- tmp_tcipt_globals.opts = opts;
- } else {
- fprintf(stderr, " failed to find target %s\n\n",
- t->u.user.name);
- return -1;
- }
- fprintf(f, "\ttarget ");
- m->print(NULL, m->t, 0);
- if (tb[TCA_IPT_INDEX] == NULL) {
- fprintf(f, " [NULL ipt target index ]\n");
- } else {
- __u32 index;
- index = rta_getattr_u32(tb[TCA_IPT_INDEX]);
- fprintf(f, " \n\tindex %d", index);
- }
-
- if (tb[TCA_IPT_CNT]) {
- struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);;
- fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt);
- }
- if (show_stats) {
- if (tb[TCA_IPT_TM]) {
- struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]);
- print_tm(f,tm);
- }
- }
- fprintf(f, " \n");
-
}
+
+ t = RTA_DATA(tb[TCA_IPT_TARG]);
+ m = xtables_find_target(t->u.user.name, XTF_TRY_LOAD);
+ if (!m) {
+ fprintf(stderr, " failed to find target %s\n\n",
+ t->u.user.name);
+ return -1;
+ }
+ if (build_st(m, t) < 0) {
+ fprintf(stderr, " %s error\n", m->name);
+ return -1;
+ }
+
+ if (get_xtables_target_opts(&tmp_tcipt_globals, m) < 0) {
+ fprintf(stderr,
+ " failed to find additional options for target %s\n\n",
+ t->u.user.name);
+ return -1;
+ }
+ fprintf(f, "\ttarget ");
+ m->print(NULL, m->t, 0);
+ if (tb[TCA_IPT_INDEX] == NULL) {
+ fprintf(f, " [NULL ipt target index ]\n");
+ } else {
+ __u32 index;
+
+ index = rta_getattr_u32(tb[TCA_IPT_INDEX]);
+ fprintf(f, "\n\tindex %u", index);
+ }
+
+ if (tb[TCA_IPT_CNT]) {
+ struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);
+
+ fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt);
+ }
+ if (show_stats) {
+ if (tb[TCA_IPT_TM]) {
+ struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]);
+
+ print_tm(f, tm);
+ }
+ }
+ fprintf(f, "\n");
+
xtables_free_opts(1);
return 0;
}
struct action_util xt_action_util = {
- .id = "xt",
- .parse_aopt = parse_ipt,
- .print_aopt = print_ipt,
+ .id = "xt",
+ .parse_aopt = parse_ipt,
+ .print_aopt = print_ipt,
};
diff --git a/tc/m_xt_old.c b/tc/m_xt_old.c
index 6e64308..e9cc624 100644
--- a/tc/m_xt_old.c
+++ b/tc/m_xt_old.c
@@ -41,8 +41,8 @@
#endif
#ifndef ALIGN
-#define ALIGN(x,a) __ALIGN_MASK(x,(typeof(x))(a)-1)
-#define __ALIGN_MASK(x,mask) (((x)+(mask))&~(mask))
+#define ALIGN(x, a) __ALIGN_MASK(x, (typeof(x))(a)-1)
+#define __ALIGN_MASK(x, mask) (((x)+(mask))&~(mask))
#endif
static const char *pname = "tc-ipt";
@@ -63,7 +63,7 @@
};
static struct option *opts = original_opts;
-static unsigned int global_option_offset = 0;
+static unsigned int global_option_offset;
char *lib_dir;
const char *program_version = XTABLES_VERSION;
const char *program_name = "tc-ipt";
@@ -96,18 +96,18 @@
struct option *merge;
unsigned int num_old, num_new, i;
- for (num_old = 0; oldopts[num_old].name; num_old++) ;
- for (num_new = 0; newopts[num_new].name; num_new++) ;
+ for (num_old = 0; oldopts[num_old].name; num_old++);
+ for (num_new = 0; newopts[num_new].name; num_new++);
*option_offset = global_option_offset + OPTION_OFFSET;
- merge = malloc(sizeof (struct option) * (num_new + num_old + 1));
- memcpy(merge, oldopts, num_old * sizeof (struct option));
+ merge = malloc(sizeof(struct option) * (num_new + num_old + 1));
+ memcpy(merge, oldopts, num_old * sizeof(struct option));
for (i = 0; i < num_new; i++) {
merge[num_old + i] = newopts[i];
merge[num_old + i].val += *option_offset;
}
- memset(merge + num_old + num_new, 0, sizeof (struct option));
+ memset(merge + num_old + num_new, 0, sizeof(struct option));
return merge;
}
@@ -125,35 +125,35 @@
int
check_inverse(const char option[], int *invert, int *my_optind, int argc)
{
- if (option && strcmp(option, "!") == 0) {
- if (*invert)
- exit_error(PARAMETER_PROBLEM,
- "Multiple `!' flags not allowed");
- *invert = TRUE;
- if (my_optind != NULL) {
- ++*my_optind;
- if (argc && *my_optind > argc)
- exit_error(PARAMETER_PROBLEM,
- "no argument following `!'");
- }
+ if (option && strcmp(option, "!") == 0) {
+ if (*invert)
+ exit_error(PARAMETER_PROBLEM,
+ "Multiple `!' flags not allowed");
+ *invert = TRUE;
+ if (my_optind != NULL) {
+ ++*my_optind;
+ if (argc && *my_optind > argc)
+ exit_error(PARAMETER_PROBLEM,
+ "no argument following `!'");
+ }
- return TRUE;
- }
- return FALSE;
+ return TRUE;
+ }
+ return FALSE;
}
/*XXX: TC_CONFIG_XT_H */
void exit_error(enum exittype status, const char *msg, ...)
{
- va_list args;
+ va_list args;
- va_start(args, msg);
- fprintf(stderr, "%s v%s: ", pname, pversion);
- vfprintf(stderr, msg, args);
- va_end(args);
- fprintf(stderr, "\n");
- /* On error paths, make sure that we don't leak memory */
- exit(status);
+ va_start(args, msg);
+ fprintf(stderr, "%s v%s: ", pname, pversion);
+ vfprintf(stderr, msg, args);
+ va_end(args);
+ fprintf(stderr, "\n");
+ /* On error paths, make sure that we don't leak memory */
+ exit(status);
}
/*XXX: TC_CONFIG_XT_H */
@@ -173,9 +173,9 @@
{
size_t size =
- XT_ALIGN(sizeof (struct xt_entry_target)) + target->size;
+ XT_ALIGN(sizeof(struct xt_entry_target)) + target->size;
- if (NULL == t) {
+ if (t == NULL) {
target->t = fw_calloc(1, size);
target->t->u.target_size = size;
strcpy(target->t->u.user.name, target->name);
@@ -197,14 +197,14 @@
if (!lib_dir) {
lib_dir = getenv("IPTABLES_LIB_DIR");
if (lib_dir)
- fprintf(stderr, "using deprecated IPTABLES_LIB_DIR \n");
+ fprintf(stderr, "using deprecated IPTABLES_LIB_DIR\n");
}
if (lib_dir == NULL)
lib_dir = XT_LIB_DIR;
}
-static int parse_ipt(struct action_util *a,int *argc_p,
+static int parse_ipt(struct action_util *a, int *argc_p,
char ***argv_p, int tca_id, struct nlmsghdr *n)
{
struct xtables_target *m = NULL;
@@ -223,6 +223,7 @@
{
int i;
+
for (i = 0; i < rargc; i++) {
if (NULL == argv[i] || 0 == strcmp(argv[i], "action")) {
break;
@@ -232,7 +233,7 @@
}
if (argc <= 2) {
- fprintf(stderr,"bad arguments to ipt %d vs %d \n", argc, rargc);
+ fprintf(stderr, "bad arguments to ipt %d vs %d\n", argc, rargc);
return -1;
}
@@ -243,29 +244,29 @@
switch (c) {
case 'j':
m = find_target(optarg, TRY_LOAD);
- if (NULL != m) {
+ if (m != NULL) {
- if (0 > build_st(m, NULL)) {
- printf(" %s error \n", m->name);
+ if (build_st(m, NULL) < 0) {
+ printf(" %s error\n", m->name);
return -1;
}
opts =
merge_options(opts, m->extra_opts,
&m->option_offset);
} else {
- fprintf(stderr," failed to find target %s\n\n", optarg);
+ fprintf(stderr, " failed to find target %s\n\n", optarg);
return -1;
}
ok++;
break;
default:
- memset(&fw, 0, sizeof (fw));
+ memset(&fw, 0, sizeof(fw));
if (m) {
m->parse(c - m->option_offset, argv, 0,
&m->tflags, NULL, &m->t);
} else {
- fprintf(stderr," failed to find target %s\n\n", optarg);
+ fprintf(stderr, " failed to find target %s\n\n", optarg);
return -1;
}
@@ -289,7 +290,7 @@
}
if (!ok && !iok) {
- fprintf(stderr," ipt Parser BAD!! (%s)\n", *argv);
+ fprintf(stderr, " ipt Parser BAD!! (%s)\n", *argv);
return -1;
}
@@ -299,6 +300,7 @@
{
struct tcmsg *t = NLMSG_DATA(n);
+
if (t->tcm_parent != TC_H_ROOT
&& t->tcm_parent == TC_H_MAJ(TC_H_INGRESS)) {
hook = NF_IP_PRE_ROUTING;
@@ -339,11 +341,11 @@
optind = 0;
free_opts(opts);
/* Clear flags if target will be used again */
- m->tflags=0;
- m->used=0;
+ m->tflags = 0;
+ m->used = 0;
/* Free allocated memory */
- if (m->t)
- free(m->t);
+ if (m->t)
+ free(m->t);
return 0;
@@ -351,7 +353,7 @@
}
static int
-print_ipt(struct action_util *au,FILE * f, struct rtattr *arg)
+print_ipt(struct action_util *au, FILE * f, struct rtattr *arg)
{
struct rtattr *tb[TCA_IPT_MAX + 1];
struct xt_entry_target *t = NULL;
@@ -375,20 +377,22 @@
return -1;
} else {
__u32 hook;
+
hook = rta_getattr_u32(tb[TCA_IPT_HOOK]);
- fprintf(f, " hook: %s \n", ipthooks[hook]);
+ fprintf(f, " hook: %s\n", ipthooks[hook]);
}
if (tb[TCA_IPT_TARG] == NULL) {
- fprintf(f, "\t[NULL ipt target parameters ] \n");
+ fprintf(f, "\t[NULL ipt target parameters ]\n");
return -1;
} else {
struct xtables_target *m = NULL;
+
t = RTA_DATA(tb[TCA_IPT_TARG]);
m = find_target(t->u.user.name, TRY_LOAD);
- if (NULL != m) {
- if (0 > build_st(m, t)) {
- fprintf(stderr, " %s error \n", m->name);
+ if (m != NULL) {
+ if (build_st(m, t) < 0) {
+ fprintf(stderr, " %s error\n", m->name);
return -1;
}
@@ -406,21 +410,24 @@
fprintf(f, " [NULL ipt target index ]\n");
} else {
__u32 index;
+
index = rta_getattr_u32(tb[TCA_IPT_INDEX]);
- fprintf(f, " \n\tindex %d", index);
+ fprintf(f, "\n\tindex %u", index);
}
if (tb[TCA_IPT_CNT]) {
- struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);;
+ struct tc_cnt *c = RTA_DATA(tb[TCA_IPT_CNT]);
+
fprintf(f, " ref %d bind %d", c->refcnt, c->bindcnt);
}
if (show_stats) {
if (tb[TCA_IPT_TM]) {
struct tcf_t *tm = RTA_DATA(tb[TCA_IPT_TM]);
- print_tm(f,tm);
+
+ print_tm(f, tm);
}
}
- fprintf(f, " \n");
+ fprintf(f, "\n");
}
free_opts(opts);
@@ -429,7 +436,7 @@
}
struct action_util ipt_action_util = {
- .id = "ipt",
- .parse_aopt = parse_ipt,
- .print_aopt = print_ipt,
+ .id = "ipt",
+ .parse_aopt = parse_ipt,
+ .print_aopt = print_ipt,
};
diff --git a/tc/p_eth.c b/tc/p_eth.c
new file mode 100644
index 0000000..2d2f96c
--- /dev/null
+++ b/tc/p_eth.c
@@ -0,0 +1,75 @@
+/*
+ * m_pedit_eth.c packet editor: ETH header
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Amir Vadai (amir@vadai.me)
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include "utils.h"
+#include "tc_util.h"
+#include "m_pedit.h"
+
+static int
+parse_eth(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
+{
+ int res = -1;
+ int argc = *argc_p;
+ char **argv = *argv_p;
+
+ if (argc < 2)
+ return -1;
+
+ if (!sel->extended)
+ return -1;
+
+ tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_ETH;
+
+ if (strcmp(*argv, "type") == 0) {
+ NEXT_ARG();
+ tkey->off = 12;
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
+ goto done;
+ }
+
+ if (strcmp(*argv, "dst") == 0) {
+ NEXT_ARG();
+ tkey->off = 0;
+ res = parse_cmd(&argc, &argv, 6, TMAC, RU32, sel, tkey);
+ goto done;
+ }
+
+ if (strcmp(*argv, "src") == 0) {
+ NEXT_ARG();
+ tkey->off = 6;
+ res = parse_cmd(&argc, &argv, 6, TMAC, RU32, sel, tkey);
+ goto done;
+ }
+
+ return -1;
+
+done:
+ *argc_p = argc;
+ *argv_p = argv;
+ return res;
+}
+
+struct m_pedit_util p_pedit_eth = {
+ NULL,
+ "eth",
+ parse_eth,
+};
diff --git a/tc/p_icmp.c b/tc/p_icmp.c
index a4b80c2..1c3a5d9 100644
--- a/tc/p_icmp.c
+++ b/tc/p_icmp.c
@@ -25,7 +25,8 @@
static int
-parse_icmp(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+parse_icmp(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
int res = -1;
#if 0
@@ -47,7 +48,7 @@
}
return -1;
- done:
+done:
*argc_p = argc;
*argv_p = argv;
#endif
diff --git a/tc/p_ip.c b/tc/p_ip.c
index 08fdbaa..0272a6e 100644
--- a/tc/p_ip.c
+++ b/tc/p_ip.c
@@ -1,5 +1,5 @@
/*
- * m_pedit.c packet editor: IPV4/6 header
+ * p_ip.c packet editor: IPV4 header
*
* This program is free software; you can distribute it and/or
* modify it under the terms of the GNU General Public License
@@ -24,7 +24,8 @@
#include "m_pedit.h"
static int
-parse_ip(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+parse_ip(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
int res = -1;
int argc = *argc_p;
@@ -33,16 +34,20 @@
if (argc < 2)
return -1;
+ tkey->htype = sel->extended ?
+ TCA_PEDIT_KEY_EX_HDR_TYPE_IP4 :
+ TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK;
+
if (strcmp(*argv, "src") == 0) {
NEXT_ARG();
tkey->off = 12;
- res = parse_cmd(&argc, &argv, 4, TIPV4,RU32,sel,tkey);
+ res = parse_cmd(&argc, &argv, 4, TIPV4, RU32, sel, tkey);
goto done;
}
if (strcmp(*argv, "dst") == 0) {
NEXT_ARG();
tkey->off = 16;
- res = parse_cmd(&argc, &argv, 4, TIPV4,RU32,sel,tkey);
+ res = parse_cmd(&argc, &argv, 4, TIPV4, RU32, sel, tkey);
goto done;
}
/* jamal - look at these and make them either old or new
@@ -52,108 +57,107 @@
if (strcmp(*argv, "tos") == 0 || matches(*argv, "dsfield") == 0) {
NEXT_ARG();
tkey->off = 1;
- res = parse_cmd(&argc, &argv, 1, TU32,RU8,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
goto done;
}
if (strcmp(*argv, "ihl") == 0) {
NEXT_ARG();
tkey->off = 0;
- res = parse_cmd(&argc, &argv, 1, TU32,RU8,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, 0x0f, sel, tkey);
+ goto done;
+ }
+ if (strcmp(*argv, "ttl") == 0) {
+ NEXT_ARG();
+ tkey->off = 8;
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
goto done;
}
if (strcmp(*argv, "protocol") == 0) {
NEXT_ARG();
tkey->off = 9;
- res = parse_cmd(&argc, &argv, 1, TU32,RU8,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
goto done;
}
/* jamal - fix this */
if (matches(*argv, "precedence") == 0) {
NEXT_ARG();
tkey->off = 1;
- res = parse_cmd(&argc, &argv, 1, TU32,RU8,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
goto done;
}
/* jamal - validate this at some point */
if (strcmp(*argv, "nofrag") == 0) {
NEXT_ARG();
tkey->off = 6;
- res = parse_cmd(&argc, &argv, 1, TU32,0x3F,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, 0x3F, sel, tkey);
goto done;
}
/* jamal - validate this at some point */
if (strcmp(*argv, "firstfrag") == 0) {
NEXT_ARG();
tkey->off = 6;
- res = parse_cmd(&argc, &argv, 1, TU32,0x1F,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, 0x1F, sel, tkey);
goto done;
}
if (strcmp(*argv, "ce") == 0) {
NEXT_ARG();
tkey->off = 6;
- res = parse_cmd(&argc, &argv, 1, TU32,0x80,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, 0x80, sel, tkey);
goto done;
}
if (strcmp(*argv, "df") == 0) {
NEXT_ARG();
tkey->off = 6;
- res = parse_cmd(&argc, &argv, 1, TU32,0x40,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, 0x40, sel, tkey);
goto done;
}
if (strcmp(*argv, "mf") == 0) {
NEXT_ARG();
tkey->off = 6;
- res = parse_cmd(&argc, &argv, 1, TU32,0x20,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, 0x20, sel, tkey);
goto done;
}
+
+ if (sel->extended)
+ return -1; /* fields located outside IP header should be
+ * addressed using the relevant header type in
+ * extended pedit kABI
+ */
+
if (strcmp(*argv, "dport") == 0) {
NEXT_ARG();
tkey->off = 22;
- res = parse_cmd(&argc, &argv, 2, TU32,RU16,sel,tkey);
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
goto done;
}
if (strcmp(*argv, "sport") == 0) {
NEXT_ARG();
tkey->off = 20;
- res = parse_cmd(&argc, &argv, 2, TU32,RU16,sel,tkey);
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
goto done;
}
if (strcmp(*argv, "icmp_type") == 0) {
NEXT_ARG();
tkey->off = 20;
- res = parse_cmd(&argc, &argv, 1, TU32,RU8,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
goto done;
}
if (strcmp(*argv, "icmp_code") == 0) {
NEXT_ARG();
tkey->off = 20;
- res = parse_cmd(&argc, &argv, 1, TU32,RU8,sel,tkey);
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
goto done;
}
return -1;
- done:
+done:
*argc_p = argc;
*argv_p = argv;
return res;
}
-static int
-parse_ip6(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
-{
- int res = -1;
- return res;
-}
-
struct m_pedit_util p_pedit_ip = {
NULL,
"ip",
parse_ip,
};
-
-
-struct m_pedit_util p_pedit_ip6 = {
- NULL,
- "ip6",
- parse_ip6,
-};
diff --git a/tc/p_ip6.c b/tc/p_ip6.c
new file mode 100644
index 0000000..a4824bd
--- /dev/null
+++ b/tc/p_ip6.c
@@ -0,0 +1,91 @@
+/*
+ * p_ip6.c packet editor: IPV6 header
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Amir Vadai <amir@vadai.me>
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <syslog.h>
+#include <fcntl.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <string.h>
+#include "utils.h"
+#include "tc_util.h"
+#include "m_pedit.h"
+
+static int
+parse_ip6(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
+{
+ int res = -1;
+ int argc = *argc_p;
+ char **argv = *argv_p;
+
+ if (argc < 2)
+ return -1;
+
+ if (!sel->extended)
+ return -1;
+
+ tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_IP6;
+
+ if (strcmp(*argv, "src") == 0) {
+ NEXT_ARG();
+ tkey->off = 8;
+ res = parse_cmd(&argc, &argv, 16, TIPV6, RU32, sel, tkey);
+ goto done;
+ }
+ if (strcmp(*argv, "dst") == 0) {
+ NEXT_ARG();
+ tkey->off = 24;
+ res = parse_cmd(&argc, &argv, 16, TIPV6, RU32, sel, tkey);
+ goto done;
+ }
+ if (strcmp(*argv, "flow_lbl") == 0) {
+ NEXT_ARG();
+ tkey->off = 0;
+ res = parse_cmd(&argc, &argv, 4, TU32, 0x0007ffff, sel, tkey);
+ goto done;
+ }
+ if (strcmp(*argv, "payload_len") == 0) {
+ NEXT_ARG();
+ tkey->off = 4;
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
+ goto done;
+ }
+ if (strcmp(*argv, "nexthdr") == 0) {
+ NEXT_ARG();
+ tkey->off = 6;
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
+ goto done;
+ }
+ if (strcmp(*argv, "hoplimit") == 0) {
+ NEXT_ARG();
+ tkey->off = 7;
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
+ goto done;
+ }
+
+ return -1;
+
+done:
+ *argc_p = argc;
+ *argv_p = argv;
+ return res;
+}
+
+struct m_pedit_util p_pedit_ip6 = {
+ NULL,
+ "ipv6",
+ parse_ip6,
+};
diff --git a/tc/p_tcp.c b/tc/p_tcp.c
index 32ffc02..cf14574 100644
--- a/tc/p_tcp.c
+++ b/tc/p_tcp.c
@@ -24,9 +24,47 @@
#include "m_pedit.h"
static int
-parse_tcp(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+parse_tcp(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
int res = -1;
+ int argc = *argc_p;
+ char **argv = *argv_p;
+
+ if (argc < 2)
+ return -1;
+
+ if (!sel->extended)
+ return -1;
+
+ tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_TCP;
+
+ if (strcmp(*argv, "sport") == 0) {
+ NEXT_ARG();
+ tkey->off = 0;
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
+ goto done;
+ }
+
+ if (strcmp(*argv, "dport") == 0) {
+ NEXT_ARG();
+ tkey->off = 2;
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
+ goto done;
+ }
+
+ if (strcmp(*argv, "flags") == 0) {
+ NEXT_ARG();
+ tkey->off = 13;
+ res = parse_cmd(&argc, &argv, 1, TU32, RU8, sel, tkey);
+ goto done;
+ }
+
+ return -1;
+
+done:
+ *argc_p = argc;
+ *argv_p = argv;
return res;
}
struct m_pedit_util p_pedit_tcp = {
diff --git a/tc/p_udp.c b/tc/p_udp.c
index 2b9b88f..3916d95 100644
--- a/tc/p_udp.c
+++ b/tc/p_udp.c
@@ -24,9 +24,40 @@
#include "m_pedit.h"
static int
-parse_udp(int *argc_p, char ***argv_p,struct tc_pedit_sel *sel,struct tc_pedit_key *tkey)
+parse_udp(int *argc_p, char ***argv_p,
+ struct m_pedit_sel *sel, struct m_pedit_key *tkey)
{
int res = -1;
+ int argc = *argc_p;
+ char **argv = *argv_p;
+
+ if (argc < 2)
+ return -1;
+
+ if (!sel->extended)
+ return -1;
+
+ tkey->htype = TCA_PEDIT_KEY_EX_HDR_TYPE_UDP;
+
+ if (strcmp(*argv, "sport") == 0) {
+ NEXT_ARG();
+ tkey->off = 0;
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
+ goto done;
+ }
+
+ if (strcmp(*argv, "dport") == 0) {
+ NEXT_ARG();
+ tkey->off = 2;
+ res = parse_cmd(&argc, &argv, 2, TU32, RU16, sel, tkey);
+ goto done;
+ }
+
+ return -1;
+
+done:
+ *argc_p = argc;
+ *argv_p = argv;
return res;
}
diff --git a/tc/q_atm.c b/tc/q_atm.c
index 2598e29..56e7ad8 100644
--- a/tc/q_atm.c
+++ b/tc/q_atm.c
@@ -30,7 +30,7 @@
static int atm_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
if (argc) {
- fprintf(stderr,"Usage: atm\n");
+ fprintf(stderr, "Usage: atm\n");
return -1;
}
return 0;
@@ -39,17 +39,15 @@
static void explain(void)
{
- fprintf(stderr, "Usage: ... atm ( pvc ADDR | svc ADDR [ sap SAP ] ) "
- "[ qos QOS ] [ sndbuf BYTES ]\n");
- fprintf(stderr, " [ hdr HEX... ] [ excess ( CLASSID | clp ) ] "
- "[ clip ]\n");
+ fprintf(stderr, "Usage: ... atm ( pvc ADDR | svc ADDR [ sap SAP ] ) [ qos QOS ] [ sndbuf BYTES ]\n");
+ fprintf(stderr, " [ hdr HEX... ] [ excess ( CLASSID | clp ) ] [ clip ]\n");
}
static int atm_parse_class_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- struct sockaddr_atmsvc addr;
+ struct sockaddr_atmsvc addr = {};
struct atm_qos qos;
struct atm_sap sap;
unsigned char hdr[MAX_HDR_LEN];
@@ -60,52 +58,46 @@
int set_clip = 0;
int s;
- memset(&addr,0,sizeof(addr));
- (void) text2qos("aal5,ubr:sdu=9180,rx:none",&qos,0);
- (void) text2sap("blli:l2=iso8802",&sap,0);
+ (void) text2qos("aal5,ubr:sdu=9180,rx:none", &qos, 0);
+ (void) text2sap("blli:l2=iso8802", &sap, 0);
while (argc > 0) {
- if (!strcmp(*argv,"pvc")) {
+ if (!strcmp(*argv, "pvc")) {
NEXT_ARG();
- if (text2atm(*argv,(struct sockaddr *) &addr,
- sizeof(addr),T2A_PVC | T2A_NAME) < 0) {
+ if (text2atm(*argv, (struct sockaddr *) &addr,
+ sizeof(addr), T2A_PVC | T2A_NAME) < 0) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"svc")) {
+ } else if (!strcmp(*argv,"svc")) {
NEXT_ARG();
- if (text2atm(*argv,(struct sockaddr *) &addr,
- sizeof(addr),T2A_SVC | T2A_NAME) < 0) {
+ if (text2atm(*argv, (struct sockaddr *) &addr,
+ sizeof(addr), T2A_SVC | T2A_NAME) < 0) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"qos")) {
+ } else if (!strcmp(*argv,"qos")) {
NEXT_ARG();
- if (text2qos(*argv,&qos,0) < 0) {
+ if (text2qos(*argv, &qos, 0) < 0) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"sndbuf")) {
+ } else if (!strcmp(*argv,"sndbuf")) {
char *end;
NEXT_ARG();
- sndbuf = strtol(*argv,&end,0);
+ sndbuf = strtol(*argv, &end, 0);
if (*end) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"sap")) {
+ } else if (!strcmp(*argv,"sap")) {
NEXT_ARG();
if (addr.sas_family != AF_ATMSVC ||
- text2sap(*argv,&sap,T2A_NAME) < 0) {
+ text2sap(*argv, &sap, T2A_NAME) < 0) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"hdr")) {
+ } else if (!strcmp(*argv,"hdr")) {
unsigned char *ptr;
char *walk;
@@ -115,7 +107,7 @@
int tmp;
if (ptr == hdr+MAX_HDR_LEN) {
- fprintf(stderr,"header is too long\n");
+ fprintf(stderr, "header is too long\n");
return -1;
}
if (*walk == '.') continue;
@@ -124,64 +116,61 @@
explain();
return -1;
}
- sscanf(walk,"%2x",&tmp);
+ sscanf(walk, "%2x", &tmp);
*ptr++ = tmp;
walk++;
}
hdr_len = ptr-hdr;
- }
- else if (!strcmp(*argv,"excess")) {
+ } else if (!strcmp(*argv,"excess")) {
NEXT_ARG();
- if (!strcmp(*argv,"clp")) excess = 0;
- else if (get_tc_classid(&excess,*argv)) {
+ if (!strcmp(*argv, "clp")) excess = 0;
+ else if (get_tc_classid(&excess, *argv)) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"clip")) {
+ } else if (!strcmp(*argv,"clip")) {
set_clip = 1;
- }
- else {
+ } else {
explain();
return 1;
}
argc--;
argv++;
}
- s = socket(addr.sas_family,SOCK_DGRAM,0);
+ s = socket(addr.sas_family, SOCK_DGRAM, 0);
if (s < 0) {
perror("socket");
return -1;
}
- if (setsockopt(s,SOL_ATM,SO_ATMQOS,&qos,sizeof(qos)) < 0) {
+ if (setsockopt(s, SOL_ATM, SO_ATMQOS, &qos, sizeof(qos)) < 0) {
perror("SO_ATMQOS");
return -1;
}
if (sndbuf)
- if (setsockopt(s,SOL_SOCKET,SO_SNDBUF,&sndbuf,sizeof(sndbuf)) < 0) {
+ if (setsockopt(s, SOL_SOCKET, SO_SNDBUF, &sndbuf, sizeof(sndbuf)) < 0) {
perror("SO_SNDBUF");
return -1;
}
- if (addr.sas_family == AF_ATMSVC && setsockopt(s,SOL_ATM,SO_ATMSAP,
- &sap,sizeof(sap)) < 0) {
+ if (addr.sas_family == AF_ATMSVC && setsockopt(s, SOL_ATM, SO_ATMSAP,
+ &sap, sizeof(sap)) < 0) {
perror("SO_ATMSAP");
return -1;
}
- if (connect(s,(struct sockaddr *) &addr,addr.sas_family == AF_ATMPVC ?
+ if (connect(s, (struct sockaddr *) &addr, addr.sas_family == AF_ATMPVC ?
sizeof(struct sockaddr_atmpvc) : sizeof(addr)) < 0) {
perror("connect");
return -1;
}
if (set_clip)
- if (ioctl(s,ATMARP_MKIP,0) < 0) {
+ if (ioctl(s, ATMARP_MKIP, 0) < 0) {
perror("ioctl ATMARP_MKIP");
return -1;
}
tail = NLMSG_TAIL(n);
- addattr_l(n,1024,TCA_OPTIONS,NULL,0);
- addattr_l(n,1024,TCA_ATM_FD,&s,sizeof(s));
- if (excess) addattr_l(n,1024,TCA_ATM_EXCESS,&excess,sizeof(excess));
- if (hdr_len != -1) addattr_l(n,1024,TCA_ATM_HDR,hdr,hdr_len);
+ addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
+ addattr_l(n, 1024, TCA_ATM_FD, &s, sizeof(s));
+ if (excess) addattr_l(n, 1024, TCA_ATM_EXCESS, &excess, sizeof(excess));
+ if (hdr_len != -1) addattr_l(n, 1024, TCA_ATM_HDR, hdr, hdr_len);
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
return 0;
}
@@ -200,37 +189,37 @@
if (tb[TCA_ATM_ADDR]) {
if (RTA_PAYLOAD(tb[TCA_ATM_ADDR]) <
sizeof(struct sockaddr_atmpvc))
- fprintf(stderr,"ATM: address too short\n");
+ fprintf(stderr, "ATM: address too short\n");
else {
- if (atm2text(buffer,MAX_ATM_ADDR_LEN,
- RTA_DATA(tb[TCA_ATM_ADDR]),A2T_PRETTY | A2T_NAME) <
- 0) fprintf(stderr,"atm2text error\n");
- fprintf(f,"pvc %s ",buffer);
+ if (atm2text(buffer, MAX_ATM_ADDR_LEN,
+ RTA_DATA(tb[TCA_ATM_ADDR]), A2T_PRETTY | A2T_NAME) <
+ 0) fprintf(stderr, "atm2text error\n");
+ fprintf(f, "pvc %s ", buffer);
}
}
if (tb[TCA_ATM_HDR]) {
int i;
const __u8 *hdr = RTA_DATA(tb[TCA_ATM_HDR]);
- fprintf(f,"hdr");
+ fprintf(f, "hdr");
for (i = 0; i < RTA_PAYLOAD(tb[TCA_ATM_HDR]); i++)
- fprintf(f,"%c%02x", i ? '.' : ' ', hdr[i]);
- if (!i) fprintf(f," .");
- fprintf(f," ");
+ fprintf(f, "%c%02x", i ? '.' : ' ', hdr[i]);
+ if (!i) fprintf(f, " .");
+ fprintf(f, " ");
}
if (tb[TCA_ATM_EXCESS]) {
__u32 excess;
if (RTA_PAYLOAD(tb[TCA_ATM_EXCESS]) < sizeof(excess))
- fprintf(stderr,"ATM: excess class ID too short\n");
+ fprintf(stderr, "ATM: excess class ID too short\n");
else {
excess = rta_getattr_u32(tb[TCA_ATM_EXCESS]);
- if (!excess) fprintf(f,"excess clp ");
+ if (!excess) fprintf(f, "excess clp ");
else {
char buf[64];
- print_tc_classid(buf,sizeof(buf),excess);
- fprintf(f,"excess %s ",buf);
+ print_tc_classid(buf, sizeof(buf), excess);
+ fprintf(f, "excess %s ", buf);
}
}
}
@@ -239,10 +228,10 @@
int state;
if (RTA_PAYLOAD(tb[TCA_ATM_STATE]) < sizeof(state))
- fprintf(stderr,"ATM: state field too short\n");
+ fprintf(stderr, "ATM: state field too short\n");
else {
- state = *(int *) RTA_DATA(tb[TCA_ATM_STATE]);
- fprintf(f,"%s ",map[state]);
+ state = rta_getattr_u32(tb[TCA_ATM_STATE]);
+ fprintf(f, "%s ", map[state]);
}
}
return 0;
@@ -250,7 +239,7 @@
struct qdisc_util atm_qdisc_util = {
- .id = "atm",
+ .id = "atm",
.parse_qopt = atm_parse_opt,
.print_qopt = atm_print_opt,
.parse_copt = atm_parse_class_opt,
diff --git a/tc/q_cbq.c b/tc/q_cbq.c
index 38a6163..f148175 100644
--- a/tc/q_cbq.c
+++ b/tc/q_cbq.c
@@ -49,19 +49,16 @@
static int cbq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- struct tc_ratespec r;
- struct tc_cbq_lssopt lss;
+ struct tc_ratespec r = {};
+ struct tc_cbq_lssopt lss = {};
__u32 rtab[256];
- unsigned mpu=0, avpkt=0, allot=0;
- unsigned short overhead=0;
+ unsigned mpu = 0, avpkt = 0, allot = 0;
+ unsigned short overhead = 0;
unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */
- int cell_log=-1;
- int ewma_log=-1;
+ int cell_log = -1;
+ int ewma_log = -1;
struct rtattr *tail;
- memset(&lss, 0, sizeof(lss));
- memset(&r, 0, sizeof(r));
-
while (argc > 0) {
if (matches(*argv, "bandwidth") == 0 ||
matches(*argv, "rate") == 0) {
@@ -81,17 +78,18 @@
return -1;
}
} else if (matches(*argv, "cell") == 0) {
- unsigned cell;
+ unsigned int cell;
int i;
+
NEXT_ARG();
if (get_size(&cell, *argv)) {
explain1("cell");
return -1;
}
- for (i=0; i<32; i++)
+ for (i = 0; i < 32; i++)
if ((1<<i) == cell)
break;
- if (i>=32) {
+ if (i >= 32) {
fprintf(stderr, "cell must be 2^n\n");
return -1;
}
@@ -170,7 +168,8 @@
addattr_l(n, 3024, TCA_CBQ_RTAB, rtab, 1024);
if (show_raw) {
int i;
- for (i=0; i<256; i++)
+
+ for (i = 0; i < 256; i++)
printf("%u ", rtab[i]);
printf("\n");
}
@@ -180,28 +179,21 @@
static int cbq_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- int wrr_ok=0, fopt_ok=0;
- struct tc_ratespec r;
- struct tc_cbq_lssopt lss;
- struct tc_cbq_wrropt wrr;
- struct tc_cbq_fopt fopt;
- struct tc_cbq_ovl ovl;
+ int wrr_ok = 0, fopt_ok = 0;
+ struct tc_ratespec r = {};
+ struct tc_cbq_lssopt lss = {};
+ struct tc_cbq_wrropt wrr = {};
+ struct tc_cbq_fopt fopt = {};
__u32 rtab[256];
- unsigned mpu=0;
- int cell_log=-1;
- int ewma_log=-1;
- unsigned bndw = 0;
- unsigned minburst=0, maxburst=0;
- unsigned short overhead=0;
+ unsigned mpu = 0;
+ int cell_log = -1;
+ int ewma_log = -1;
+ unsigned int bndw = 0;
+ unsigned minburst = 0, maxburst = 0;
+ unsigned short overhead = 0;
unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */
struct rtattr *tail;
- memset(&r, 0, sizeof(r));
- memset(&lss, 0, sizeof(lss));
- memset(&wrr, 0, sizeof(wrr));
- memset(&fopt, 0, sizeof(fopt));
- memset(&ovl, 0, sizeof(ovl));
-
while (argc > 0) {
if (matches(*argv, "rate") == 0) {
NEXT_ARG();
@@ -260,23 +252,25 @@
}
lss.change |= TCF_CBQ_LSS_EWMA;
} else if (matches(*argv, "cell") == 0) {
- unsigned cell;
+ unsigned int cell;
int i;
+
NEXT_ARG();
if (get_size(&cell, *argv)) {
explain1("cell");
return -1;
}
- for (i=0; i<32; i++)
+ for (i = 0; i < 32; i++)
if ((1<<i) == cell)
break;
- if (i>=32) {
+ if (i >= 32) {
fprintf(stderr, "cell must be 2^n\n");
return -1;
}
cell_log = i;
} else if (matches(*argv, "prio") == 0) {
- unsigned prio;
+ unsigned int prio;
+
NEXT_ARG();
if (get_u32(&prio, *argv, 0)) {
explain1("prio");
@@ -323,6 +317,7 @@
fopt_ok++;
} else if (matches(*argv, "defmap") == 0) {
int err;
+
NEXT_ARG();
err = sscanf(*argv, "%08x/%08x", &fopt.defmap, &fopt.defchange);
if (err < 1) {
@@ -357,7 +352,8 @@
/* 1. Prepare link sharing scheduler parameters */
if (r.rate) {
- unsigned pktsize = wrr.allot;
+ unsigned int pktsize = wrr.allot;
+
if (wrr.allot < (lss.avpkt*3)/2)
wrr.allot = (lss.avpkt*3)/2;
r.mpu = mpu;
@@ -375,7 +371,7 @@
fprintf(stderr, "CBQ: avpkt is required for max/minburst.\n");
return -1;
}
- if (bndw==0 || r.rate == 0) {
+ if (bndw == 0 || r.rate == 0) {
fprintf(stderr, "CBQ: bandwidth&rate are required for max/minburst.\n");
return -1;
}
@@ -424,7 +420,8 @@
addattr_l(n, 3024, TCA_CBQ_RTAB, rtab, 1024);
if (show_raw) {
int i;
- for (i=0; i<256; i++)
+
+ for (i = 0; i < 256; i++)
printf("%u ", rtab[i]);
printf("\n");
}
@@ -443,6 +440,7 @@
struct tc_cbq_fopt *fopt = NULL;
struct tc_cbq_ovl *ovl = NULL;
unsigned int linklayer;
+
SPRINT_BUF(b1);
SPRINT_BUF(b2);
@@ -478,14 +476,15 @@
if (tb[TCA_CBQ_OVL_STRATEGY]) {
if (RTA_PAYLOAD(tb[TCA_CBQ_OVL_STRATEGY]) < sizeof(*ovl))
fprintf(stderr, "CBQ: too short overlimit strategy %u/%u\n",
- (unsigned) RTA_PAYLOAD(tb[TCA_CBQ_OVL_STRATEGY]),
- (unsigned) sizeof(*ovl));
+ (unsigned int) RTA_PAYLOAD(tb[TCA_CBQ_OVL_STRATEGY]),
+ (unsigned int) sizeof(*ovl));
else
ovl = RTA_DATA(tb[TCA_CBQ_OVL_STRATEGY]);
}
if (r) {
char buf[64];
+
print_rate(buf, sizeof(buf), r->rate);
fprintf(f, "rate %s ", buf);
linklayer = (r->linklayer & TC_LINKLAYER_MASK);
@@ -500,11 +499,12 @@
}
}
if (lss && lss->flags) {
- int comma=0;
+ int comma = 0;
+
fprintf(f, "(");
if (lss->flags&TCF_CBQ_LSS_BOUNDED) {
fprintf(f, "bounded");
- comma=1;
+ comma = 1;
}
if (lss->flags&TCF_CBQ_LSS_ISOLATED) {
if (comma)
@@ -520,6 +520,7 @@
fprintf(f, "prio no-transmit");
if (show_details) {
char buf[64];
+
fprintf(f, "/%u ", wrr->cpriority);
if (wrr->weight != 1) {
print_rate(buf, sizeof(buf), wrr->weight);
@@ -536,7 +537,7 @@
if (show_raw)
fprintf(f, "[%08x] ", lss->maxidle);
}
- if (lss->minidle!=0x7fffffff) {
+ if (lss->minidle != 0x7fffffff) {
fprintf(f, "minidle %s ", sprint_ticks(lss->minidle>>lss->ewma_log, b1));
if (show_raw)
fprintf(f, "[%08x] ", lss->minidle);
@@ -549,6 +550,7 @@
}
if (fopt && show_details) {
char buf[64];
+
print_tc_classid(buf, sizeof(buf), fopt->split);
fprintf(f, "\nsplit %s ", buf);
if (fopt->defmap) {
diff --git a/tc/q_choke.c b/tc/q_choke.c
index bd9ceb8..a234d2e 100644
--- a/tc/q_choke.c
+++ b/tc/q_choke.c
@@ -34,19 +34,17 @@
static int choke_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- struct tc_red_qopt opt;
- unsigned burst = 0;
- unsigned avpkt = 1000;
+ struct tc_red_qopt opt = {};
+ unsigned int burst = 0;
+ unsigned int avpkt = 1000;
double probability = 0.02;
- unsigned rate = 0;
+ unsigned int rate = 0;
int ecn_ok = 0;
int wlog;
__u8 sbuf[256];
__u32 max_P;
struct rtattr *tail;
- memset(&opt, 0, sizeof(opt));
-
while (argc > 0) {
if (strcmp(*argv, "limit") == 0) {
NEXT_ARG();
diff --git a/tc/q_clsact.c b/tc/q_clsact.c
index 0c05dbd..e2a1a71 100644
--- a/tc/q_clsact.c
+++ b/tc/q_clsact.c
@@ -18,7 +18,6 @@
return -1;
}
- addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
return 0;
}
diff --git a/tc/q_codel.c b/tc/q_codel.c
index c24246c..09222a1 100644
--- a/tc/q_codel.c
+++ b/tc/q_codel.c
@@ -53,7 +53,7 @@
static void explain(void)
{
- fprintf(stderr, "Usage: ... codel [ limit PACKETS ] [ target TIME]\n");
+ fprintf(stderr, "Usage: ... codel [ limit PACKETS ] [ target TIME ]\n");
fprintf(stderr, " [ interval TIME ] [ ecn | noecn ]\n");
fprintf(stderr, " [ ce_threshold TIME ]\n");
}
@@ -61,10 +61,10 @@
static int codel_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- unsigned limit = 0;
- unsigned target = 0;
- unsigned interval = 0;
- unsigned ce_threshold = ~0U;
+ unsigned int limit = 0;
+ unsigned int target = 0;
+ unsigned int interval = 0;
+ unsigned int ce_threshold = ~0U;
int ecn = -1;
struct rtattr *tail;
@@ -129,11 +129,12 @@
static int codel_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
{
struct rtattr *tb[TCA_CODEL_MAX + 1];
- unsigned limit;
- unsigned interval;
- unsigned target;
- unsigned ecn;
- unsigned ce_threshold;
+ unsigned int limit;
+ unsigned int interval;
+ unsigned int target;
+ unsigned int ecn;
+ unsigned int ce_threshold;
+
SPRINT_BUF(b1);
if (opt == NULL)
@@ -174,7 +175,8 @@
static int codel_print_xstats(struct qdisc_util *qu, FILE *f,
struct rtattr *xstats)
{
- struct tc_codel_xstats _st, *st;
+ struct tc_codel_xstats _st = {}, *st;
+
SPRINT_BUF(b1);
if (xstats == NULL)
@@ -182,7 +184,6 @@
st = RTA_DATA(xstats);
if (RTA_PAYLOAD(xstats) < sizeof(*st)) {
- memset(&_st, 0, sizeof(_st));
memcpy(&_st, st, RTA_PAYLOAD(xstats));
st = &_st;
}
diff --git a/tc/q_drr.c b/tc/q_drr.c
index 746736d..79c81a2 100644
--- a/tc/q_drr.c
+++ b/tc/q_drr.c
@@ -84,6 +84,7 @@
static int drr_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
{
struct rtattr *tb[TCA_DRR_MAX + 1];
+
SPRINT_BUF(b1);
if (opt == NULL)
@@ -100,6 +101,7 @@
static int drr_print_xstats(struct qdisc_util *qu, FILE *f, struct rtattr *xstats)
{
struct tc_drr_stats *x;
+
SPRINT_BUF(b1);
if (xstats == NULL)
diff --git a/tc/q_dsmark.c b/tc/q_dsmark.c
index 05185c0..79dfd9a 100644
--- a/tc/q_dsmark.c
+++ b/tc/q_dsmark.c
@@ -21,8 +21,7 @@
static void explain(void)
{
- fprintf(stderr,"Usage: dsmark indices INDICES [ default_index "
- "DEFAULT_INDEX ] [ set_tc_index ]\n");
+ fprintf(stderr,"Usage: dsmark indices INDICES [ default_index DEFAULT_INDEX ] [ set_tc_index ]\n");
}
@@ -32,32 +31,29 @@
struct rtattr *tail;
__u16 ind;
char *end;
- int dflt,set_tc_index;
+ int dflt, set_tc_index;
ind = set_tc_index = 0;
dflt = -1;
while (argc > 0) {
- if (!strcmp(*argv,"indices")) {
+ if (!strcmp(*argv, "indices")) {
NEXT_ARG();
- ind = strtoul(*argv,&end,0);
+ ind = strtoul(*argv, &end, 0);
if (*end) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"default_index") || !strcmp(*argv,
+ } else if (!strcmp(*argv,"default_index") || !strcmp(*argv,
"default")) {
NEXT_ARG();
- dflt = strtoul(*argv,&end,0);
+ dflt = strtoul(*argv, &end, 0);
if (*end) {
explain();
return -1;
}
- }
- else if (!strcmp(*argv,"set_tc_index")) {
+ } else if (!strcmp(*argv,"set_tc_index")) {
set_tc_index = 1;
- }
- else {
+ } else {
explain();
return -1;
}
@@ -69,14 +65,14 @@
return -1;
}
tail = NLMSG_TAIL(n);
- addattr_l(n,1024,TCA_OPTIONS,NULL,0);
- addattr_l(n,1024,TCA_DSMARK_INDICES,&ind,sizeof(ind));
+ addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
+ addattr_l(n, 1024, TCA_DSMARK_INDICES, &ind, sizeof(ind));
if (dflt != -1) {
__u16 tmp = dflt;
- addattr_l(n,1024,TCA_DSMARK_DEFAULT_INDEX,&tmp,sizeof(tmp));
+ addattr_l(n, 1024, TCA_DSMARK_DEFAULT_INDEX, &tmp, sizeof(tmp));
}
- if (set_tc_index) addattr_l(n,1024,TCA_DSMARK_SET_TC_INDEX,NULL,0);
+ if (set_tc_index) addattr_l(n, 1024, TCA_DSMARK_SET_TC_INDEX, NULL, 0);
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
return 0;
}
@@ -96,27 +92,25 @@
char *end;
tail = NLMSG_TAIL(n);
- addattr_l(n,1024,TCA_OPTIONS,NULL,0);
+ addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
while (argc > 0) {
- if (!strcmp(*argv,"mask")) {
+ if (!strcmp(*argv, "mask")) {
NEXT_ARG();
- tmp = strtoul(*argv,&end,0);
+ tmp = strtoul(*argv, &end, 0);
if (*end) {
explain_class();
return -1;
}
- addattr_l(n,1024,TCA_DSMARK_MASK,&tmp,1);
- }
- else if (!strcmp(*argv,"value")) {
+ addattr_l(n, 1024, TCA_DSMARK_MASK, &tmp, 1);
+ } else if (!strcmp(*argv,"value")) {
NEXT_ARG();
- tmp = strtoul(*argv,&end,0);
+ tmp = strtoul(*argv, &end, 0);
if (*end) {
explain_class();
return -1;
}
- addattr_l(n,1024,TCA_DSMARK_VALUE,&tmp,1);
- }
- else {
+ addattr_l(n, 1024, TCA_DSMARK_VALUE, &tmp, 1);
+ } else {
explain_class();
return -1;
}
@@ -134,33 +128,32 @@
struct rtattr *tb[TCA_DSMARK_MAX+1];
if (!opt) return 0;
- memset(tb, 0, sizeof(tb));
parse_rtattr(tb, TCA_DSMARK_MAX, RTA_DATA(opt), RTA_PAYLOAD(opt));
if (tb[TCA_DSMARK_MASK]) {
if (!RTA_PAYLOAD(tb[TCA_DSMARK_MASK]))
- fprintf(stderr,"dsmark: empty mask\n");
- else fprintf(f,"mask 0x%02x ",
+ fprintf(stderr, "dsmark: empty mask\n");
+ else fprintf(f, "mask 0x%02x ",
rta_getattr_u8(tb[TCA_DSMARK_MASK]));
}
if (tb[TCA_DSMARK_VALUE]) {
if (!RTA_PAYLOAD(tb[TCA_DSMARK_VALUE]))
- fprintf(stderr,"dsmark: empty value\n");
- else fprintf(f,"value 0x%02x ",
+ fprintf(stderr, "dsmark: empty value\n");
+ else fprintf(f, "value 0x%02x ",
rta_getattr_u8(tb[TCA_DSMARK_VALUE]));
}
if (tb[TCA_DSMARK_INDICES]) {
if (RTA_PAYLOAD(tb[TCA_DSMARK_INDICES]) < sizeof(__u16))
- fprintf(stderr,"dsmark: indices too short\n");
- else fprintf(f,"indices 0x%04x ",
+ fprintf(stderr, "dsmark: indices too short\n");
+ else fprintf(f, "indices 0x%04x ",
rta_getattr_u16(tb[TCA_DSMARK_INDICES]));
}
if (tb[TCA_DSMARK_DEFAULT_INDEX]) {
if (RTA_PAYLOAD(tb[TCA_DSMARK_DEFAULT_INDEX]) < sizeof(__u16))
- fprintf(stderr,"dsmark: default_index too short\n");
- else fprintf(f,"default_index 0x%04x ",
+ fprintf(stderr, "dsmark: default_index too short\n");
+ else fprintf(f, "default_index 0x%04x ",
rta_getattr_u16(tb[TCA_DSMARK_DEFAULT_INDEX]));
}
- if (tb[TCA_DSMARK_SET_TC_INDEX]) fprintf(f,"set_tc_index ");
+ if (tb[TCA_DSMARK_SET_TC_INDEX]) fprintf(f, "set_tc_index ");
return 0;
}
diff --git a/tc/q_fifo.c b/tc/q_fifo.c
index c9ab123..3ee8ce9 100644
--- a/tc/q_fifo.c
+++ b/tc/q_fifo.c
@@ -30,9 +30,8 @@
static int fifo_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- int ok=0;
- struct tc_fifo_qopt opt;
- memset(&opt, 0, sizeof(opt));
+ int ok = 0;
+ struct tc_fifo_qopt opt = {};
while (argc > 0) {
if (strcmp(*argv, "limit") == 0) {
diff --git a/tc/q_fq.c b/tc/q_fq.c
index 2a370b3..45b2ffd 100644
--- a/tc/q_fq.c
+++ b/tc/q_fq.c
@@ -55,6 +55,7 @@
fprintf(stderr, " [ quantum BYTES ] [ initial_quantum BYTES ]\n");
fprintf(stderr, " [ maxrate RATE ] [ buckets NUMBER ]\n");
fprintf(stderr, " [ [no]pacing ] [ refill_delay TIME ]\n");
+ fprintf(stderr, " [ low_rate_threshold RATE ]\n");
fprintf(stderr, " [ orphan_mask MASK]\n");
}
@@ -79,6 +80,7 @@
unsigned int initial_quantum;
unsigned int buckets = 0;
unsigned int maxrate;
+ unsigned int low_rate_threshold;
unsigned int defrate;
unsigned int refill_delay;
unsigned int orphan_mask;
@@ -90,6 +92,7 @@
bool set_defrate = false;
bool set_refill_delay = false;
bool set_orphan_mask = false;
+ bool set_low_rate_threshold = false;
int pacing = -1;
struct rtattr *tail;
@@ -121,6 +124,13 @@
return -1;
}
set_maxrate = true;
+ } else if (strcmp(*argv, "low_rate_threshold") == 0) {
+ NEXT_ARG();
+ if (get_rate(&low_rate_threshold, *argv)) {
+ fprintf(stderr, "Illegal \"low_rate_threshold\"\n");
+ return -1;
+ }
+ set_low_rate_threshold = true;
} else if (strcmp(*argv, "defrate") == 0) {
NEXT_ARG();
if (get_rate(&defrate, *argv)) {
@@ -196,6 +206,9 @@
if (set_maxrate)
addattr_l(n, 1024, TCA_FQ_FLOW_MAX_RATE,
&maxrate, sizeof(maxrate));
+ if (set_low_rate_threshold)
+ addattr_l(n, 1024, TCA_FQ_LOW_RATE_THRESHOLD,
+ &low_rate_threshold, sizeof(low_rate_threshold));
if (set_defrate)
addattr_l(n, 1024, TCA_FQ_FLOW_DEFAULT_RATE,
&defrate, sizeof(defrate));
@@ -218,6 +231,7 @@
unsigned int rate, quantum;
unsigned int refill_delay;
unsigned int orphan_mask;
+
SPRINT_BUF(b1);
if (opt == NULL)
@@ -275,6 +289,13 @@
if (rate != 0)
fprintf(f, "defrate %s ", sprint_rate(rate, b1));
}
+ if (tb[TCA_FQ_LOW_RATE_THRESHOLD] &&
+ RTA_PAYLOAD(tb[TCA_FQ_LOW_RATE_THRESHOLD]) >= sizeof(__u32)) {
+ rate = rta_getattr_u32(tb[TCA_FQ_LOW_RATE_THRESHOLD]);
+
+ if (rate != 0)
+ fprintf(f, "low_rate_threshold %s ", sprint_rate(rate, b1));
+ }
if (tb[TCA_FQ_FLOW_REFILL_DELAY] &&
RTA_PAYLOAD(tb[TCA_FQ_FLOW_REFILL_DELAY]) >= sizeof(__u32)) {
refill_delay = rta_getattr_u32(tb[TCA_FQ_FLOW_REFILL_DELAY]);
@@ -311,6 +332,9 @@
fprintf(f, ", %llu throttled", st->throttled);
+ if (st->unthrottle_latency_ns)
+ fprintf(f, ", %u ns latency", st->unthrottle_latency_ns);
+
if (st->flows_plimit)
fprintf(f, ", %llu flows_plimit", st->flows_plimit);
diff --git a/tc/q_fq_codel.c b/tc/q_fq_codel.c
index 4f747eb..500e620 100644
--- a/tc/q_fq_codel.c
+++ b/tc/q_fq_codel.c
@@ -51,7 +51,7 @@
static void explain(void)
{
fprintf(stderr, "Usage: ... fq_codel [ limit PACKETS ] [ flows NUMBER ]\n");
- fprintf(stderr, " [ target TIME] [ interval TIME ]\n");
+ fprintf(stderr, " [ target TIME ] [ interval TIME ]\n");
fprintf(stderr, " [ quantum BYTES ] [ [no]ecn ]\n");
fprintf(stderr, " [ ce_threshold TIME ]\n");
}
@@ -59,12 +59,13 @@
static int fq_codel_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- unsigned limit = 0;
- unsigned flows = 0;
- unsigned target = 0;
- unsigned interval = 0;
- unsigned quantum = 0;
- unsigned ce_threshold = ~0U;
+ unsigned int limit = 0;
+ unsigned int flows = 0;
+ unsigned int target = 0;
+ unsigned int interval = 0;
+ unsigned int quantum = 0;
+ unsigned int ce_threshold = ~0U;
+ unsigned int memory = ~0U;
int ecn = -1;
struct rtattr *tail;
@@ -99,6 +100,12 @@
fprintf(stderr, "Illegal \"ce_threshold\"\n");
return -1;
}
+ } else if (strcmp(*argv, "memory_limit") == 0) {
+ NEXT_ARG();
+ if (get_size(&memory, *argv)) {
+ fprintf(stderr, "Illegal \"memory_limit\"\n");
+ return -1;
+ }
} else if (strcmp(*argv, "interval") == 0) {
NEXT_ARG();
if (get_time(&interval, *argv)) {
@@ -137,6 +144,10 @@
if (ce_threshold != ~0U)
addattr_l(n, 1024, TCA_FQ_CODEL_CE_THRESHOLD,
&ce_threshold, sizeof(ce_threshold));
+ if (memory != ~0U)
+ addattr_l(n, 1024, TCA_FQ_CODEL_MEMORY_LIMIT,
+ &memory, sizeof(memory));
+
tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
return 0;
}
@@ -144,13 +155,15 @@
static int fq_codel_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
{
struct rtattr *tb[TCA_FQ_CODEL_MAX + 1];
- unsigned limit;
- unsigned flows;
- unsigned interval;
- unsigned target;
- unsigned ecn;
- unsigned quantum;
- unsigned ce_threshold;
+ unsigned int limit;
+ unsigned int flows;
+ unsigned int interval;
+ unsigned int target;
+ unsigned int ecn;
+ unsigned int quantum;
+ unsigned int ce_threshold;
+ unsigned int memory_limit;
+
SPRINT_BUF(b1);
if (opt == NULL)
@@ -188,6 +201,12 @@
interval = rta_getattr_u32(tb[TCA_FQ_CODEL_INTERVAL]);
fprintf(f, "interval %s ", sprint_time(interval, b1));
}
+ if (tb[TCA_FQ_CODEL_MEMORY_LIMIT] &&
+ RTA_PAYLOAD(tb[TCA_FQ_CODEL_MEMORY_LIMIT]) >= sizeof(__u32)) {
+ memory_limit = rta_getattr_u32(tb[TCA_FQ_CODEL_MEMORY_LIMIT]);
+
+ fprintf(f, "memory_limit %s ", sprint_size(memory_limit, b1));
+ }
if (tb[TCA_FQ_CODEL_ECN] &&
RTA_PAYLOAD(tb[TCA_FQ_CODEL_ECN]) >= sizeof(__u32)) {
ecn = rta_getattr_u32(tb[TCA_FQ_CODEL_ECN]);
@@ -201,7 +220,8 @@
static int fq_codel_print_xstats(struct qdisc_util *qu, FILE *f,
struct rtattr *xstats)
{
- struct tc_fq_codel_xstats _st, *st;
+ struct tc_fq_codel_xstats _st = {}, *st;
+
SPRINT_BUF(b1);
if (xstats == NULL)
@@ -209,7 +229,6 @@
st = RTA_DATA(xstats);
if (RTA_PAYLOAD(xstats) < sizeof(*st)) {
- memset(&_st, 0, sizeof(_st));
memcpy(&_st, st, RTA_PAYLOAD(xstats));
st = &_st;
}
@@ -221,6 +240,10 @@
st->qdisc_stats.ecn_mark);
if (st->qdisc_stats.ce_mark)
fprintf(f, " ce_mark %u", st->qdisc_stats.ce_mark);
+ if (st->qdisc_stats.memory_usage)
+ fprintf(f, " memory_used %u", st->qdisc_stats.memory_usage);
+ if (st->qdisc_stats.drop_overmemory)
+ fprintf(f, " drop_overmemory %u", st->qdisc_stats.drop_overmemory);
fprintf(f, "\n new_flows_len %u old_flows_len %u",
st->qdisc_stats.new_flows_len,
st->qdisc_stats.old_flows_len);
diff --git a/tc/q_gred.c b/tc/q_gred.c
index f31daa3..0a98949 100644
--- a/tc/q_gred.c
+++ b/tc/q_gred.c
@@ -30,9 +30,9 @@
#if 0
-#define DPRINTF(format,args...) fprintf(stderr,format,##args)
+#define DPRINTF(format, args...) fprintf(stderr, format, ##args)
#else
-#define DPRINTF(format,args...)
+#define DPRINTF(format, args...)
#endif
static void explain(void)
@@ -55,7 +55,7 @@
opt.def_DP = MAX_DPs;
while (argc > 0) {
- DPRINTF(stderr,"init_gred: invoked with %s\n",*argv);
+ DPRINTF(stderr, "init_gred: invoked with %s\n", *argv);
if (strcmp(*argv, "vqs") == 0 ||
strcmp(*argv, "DPs") == 0) {
NEXT_ARG();
@@ -63,14 +63,13 @@
fprintf(stderr, "Illegal \"vqs\"\n");
return -1;
} else if (opt.DPs > MAX_DPs) {
- fprintf(stderr, "GRED: only %u VQs are "
- "currently supported\n", MAX_DPs);
+ fprintf(stderr, "GRED: only %u VQs are currently supported\n",
+ MAX_DPs);
return -1;
}
} else if (strcmp(*argv, "default") == 0) {
if (opt.DPs == 0) {
- fprintf(stderr, "\"default\" must be defined "
- "after \"vqs\"\n");
+ fprintf(stderr, "\"default\" must be defined after \"vqs\"\n");
return -1;
}
NEXT_ARG();
@@ -78,8 +77,7 @@
fprintf(stderr, "Illegal \"default\"\n");
return -1;
} else if (opt.def_DP >= opt.DPs) {
- fprintf(stderr, "\"default\" must be less than "
- "\"vqs\"\n");
+ fprintf(stderr, "\"default\" must be less than \"vqs\"\n");
return -1;
}
} else if (strcmp(*argv, "grio") == 0) {
@@ -102,12 +100,12 @@
}
if (!opt.DPs || opt.def_DP == MAX_DPs) {
- fprintf(stderr, "Illegal gred setup parameters \n");
+ fprintf(stderr, "Illegal gred setup parameters\n");
return -1;
}
- DPRINTF("TC_GRED: sending DPs=%u def_DP=%u\n",opt.DPs,opt.def_DP);
- n->nlmsg_flags|=NLM_F_CREATE;
+ DPRINTF("TC_GRED: sending DPs=%u def_DP=%u\n", opt.DPs, opt.def_DP);
+ n->nlmsg_flags |= NLM_F_CREATE;
tail = NLMSG_TAIL(n);
addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
addattr_l(n, 1024, TCA_GRED_DPS, &opt, sizeof(struct tc_gred_sopt));
@@ -121,12 +119,12 @@
*/
static int gred_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- int ok=0;
+ int ok = 0;
struct tc_gred_qopt opt = { 0 };
- unsigned burst = 0;
- unsigned avpkt = 0;
+ unsigned int burst = 0;
+ unsigned int avpkt = 0;
double probability = 0.02;
- unsigned rate = 0;
+ unsigned int rate = 0;
int parm;
__u8 sbuf[256];
struct rtattr *tail;
@@ -169,8 +167,8 @@
fprintf(stderr, "Illegal \"vq\"\n");
return -1;
} else if (opt.DP >= MAX_DPs) {
- fprintf(stderr, "GRED: only %u VQs are "
- "currently supported\n", MAX_DPs);
+ fprintf(stderr, "GRED: only %u VQs are currently supported\n",
+ MAX_DPs);
return -1;
} /* need a better error check */
ok++;
@@ -197,7 +195,7 @@
ok++;
} else if (strcmp(*argv, "prio") == 0) {
NEXT_ARG();
- opt.prio=strtol(*argv, (char **)NULL, 10);
+ opt.prio = strtol(*argv, (char **)NULL, 10);
/* some error check here */
ok++;
} else if (strcmp(*argv, "bandwidth") == 0) {
@@ -224,8 +222,7 @@
}
if (opt.DP == MAX_DPs || !opt.limit || !opt.qth_min || !opt.qth_max ||
!avpkt) {
- fprintf(stderr, "Required parameter (vq, limit, min, max, "
- "avpkt) is missing\n");
+ fprintf(stderr, "Required parameter (vq, limit, min, max, avpkt) is missing\n");
return -1;
}
if (!burst) {
@@ -241,8 +238,8 @@
return -1;
}
if (parm >= 10)
- fprintf(stderr, "GRED: WARNING. Burst %u seems to be too "
- "large.\n", burst);
+ fprintf(stderr, "GRED: WARNING. Burst %u seems to be too large.\n",
+ burst);
opt.Wlog = parm;
if ((parm = tc_red_eval_P(opt.qth_min, opt.qth_max, probability)) < 0) {
fprintf(stderr, "GRED: failed to calculate probability.\n");
@@ -251,8 +248,7 @@
opt.Plog = parm;
if ((parm = tc_red_eval_idle_damping(opt.Wlog, avpkt, rate, sbuf)) < 0)
{
- fprintf(stderr, "GRED: failed to calculate idle damping "
- "table.\n");
+ fprintf(stderr, "GRED: failed to calculate idle damping table.\n");
return -1;
}
opt.Scell_log = parm;
@@ -274,7 +270,8 @@
struct tc_gred_qopt *qopt;
__u32 *max_p = NULL;
__u32 *limit = NULL;
- unsigned i;
+ unsigned int i;
+
SPRINT_BUF(b1);
SPRINT_BUF(b2);
SPRINT_BUF(b3);
@@ -299,7 +296,7 @@
qopt = RTA_DATA(tb[TCA_GRED_PARMS]);
if (RTA_PAYLOAD(tb[TCA_GRED_DPS]) < sizeof(*sopt) ||
RTA_PAYLOAD(tb[TCA_GRED_PARMS]) < sizeof(*qopt)*MAX_DPs) {
- fprintf(f,"\n GRED received message smaller than expected\n");
+ fprintf(f, "\n GRED received message smaller than expected\n");
return -1;
}
@@ -314,7 +311,7 @@
fprintf(f, "limit %s ",
sprint_size(*limit, b1));
- for (i=0;i<MAX_DPs;i++, qopt++) {
+ for (i = 0; i < MAX_DPs; i++, qopt++) {
if (qopt->DP >= MAX_DPs) continue;
fprintf(f, "\n vq %u prio %hhu limit %s min %s max %s ",
qopt->DP,
diff --git a/tc/q_hfsc.c b/tc/q_hfsc.c
index 03539ec..cf784f1 100644
--- a/tc/q_hfsc.c
+++ b/tc/q_hfsc.c
@@ -73,9 +73,7 @@
static int
hfsc_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- struct tc_hfsc_qopt qopt;
-
- memset(&qopt, 0, sizeof(qopt));
+ struct tc_hfsc_qopt qopt = {};
while (argc > 0) {
if (matches(*argv, "default") == 0) {
@@ -144,17 +142,12 @@
static int
hfsc_parse_class_opt(struct qdisc_util *qu, int argc, char **argv,
- struct nlmsghdr *n)
+ struct nlmsghdr *n)
{
- struct tc_service_curve rsc, fsc, usc;
- int rsc_ok, fsc_ok, usc_ok;
+ struct tc_service_curve rsc = {}, fsc = {}, usc = {};
+ int rsc_ok = 0, fsc_ok = 0, usc_ok = 0;
struct rtattr *tail;
- memset(&rsc, 0, sizeof(rsc));
- memset(&fsc, 0, sizeof(fsc));
- memset(&usc, 0, sizeof(usc));
- rsc_ok = fsc_ok = usc_ok = 0;
-
while (argc > 0) {
if (matches(*argv, "rt") == 0) {
NEXT_ARG();
@@ -203,8 +196,7 @@
return -1;
}
if (usc_ok && !fsc_ok) {
- fprintf(stderr, "HFSC: Upper-limit Service Curve without "
- "Link-Share Service Curve\n");
+ fprintf(stderr, "HFSC: Upper-limit Service Curve without Link-Share Service Curve\n");
explain_class();
return -1;
}
diff --git a/tc/q_hhf.c b/tc/q_hhf.c
index 06ec8a2..738b563 100644
--- a/tc/q_hhf.c
+++ b/tc/q_hhf.c
@@ -28,13 +28,13 @@
static int hhf_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- unsigned limit = 0;
- unsigned quantum = 0;
- unsigned hh_limit = 0;
- unsigned reset_timeout = 0;
- unsigned admit_bytes = 0;
- unsigned evict_timeout = 0;
- unsigned non_hh_weight = 0;
+ unsigned int limit = 0;
+ unsigned int quantum = 0;
+ unsigned int hh_limit = 0;
+ unsigned int reset_timeout = 0;
+ unsigned int admit_bytes = 0;
+ unsigned int evict_timeout = 0;
+ unsigned int non_hh_weight = 0;
struct rtattr *tail;
while (argc > 0) {
@@ -120,13 +120,14 @@
static int hhf_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
{
struct rtattr *tb[TCA_HHF_MAX + 1];
- unsigned limit;
- unsigned quantum;
- unsigned hh_limit;
- unsigned reset_timeout;
- unsigned admit_bytes;
- unsigned evict_timeout;
- unsigned non_hh_weight;
+ unsigned int limit;
+ unsigned int quantum;
+ unsigned int hh_limit;
+ unsigned int reset_timeout;
+ unsigned int admit_bytes;
+ unsigned int evict_timeout;
+ unsigned int non_hh_weight;
+
SPRINT_BUF(b1);
if (opt == NULL)
diff --git a/tc/q_htb.c b/tc/q_htb.c
index 7075a4c..a811c28 100644
--- a/tc/q_htb.c
+++ b/tc/q_htb.c
@@ -49,7 +49,7 @@
" mtu max packet size we create rate map for {1600}\n"
" prio priority of leaf; lower are served first {0}\n"
" quantum how much bytes to serve from leaf at once {use r2q}\n"
- "\nTC HTB version %d.%d\n",HTB_TC_VER>>16,HTB_TC_VER&0xffff
+ "\nTC HTB version %d.%d\n", HTB_TC_VER>>16, HTB_TC_VER&0xffff
);
}
@@ -63,12 +63,12 @@
static int htb_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
unsigned int direct_qlen = ~0U;
- struct tc_htb_glob opt;
+ struct tc_htb_glob opt = {
+ .rate2quantum = 10,
+ .version = 3,
+ };
struct rtattr *tail;
- unsigned i; char *p;
- memset(&opt,0,sizeof(opt));
- opt.rate2quantum = 10;
- opt.version = 3;
+ unsigned int i; char *p;
while (argc > 0) {
if (matches(*argv, "r2q") == 0) {
@@ -83,8 +83,8 @@
}
} else if (matches(*argv, "debug") == 0) {
NEXT_ARG(); p = *argv;
- for (i=0; i<16; i++,p++) {
- if (*p<'0' || *p>'3') break;
+ for (i = 0; i < 16; i++, p++) {
+ if (*p < '0' || *p > '3') break;
opt.debug |= (*p-'0')<<(2*i);
}
} else if (matches(*argv, "direct_qlen") == 0) {
@@ -111,20 +111,18 @@
static int htb_parse_class_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- int ok=0;
- struct tc_htb_opt opt;
- __u32 rtab[256],ctab[256];
- unsigned buffer=0,cbuffer=0;
- int cell_log=-1,ccell_log = -1;
- unsigned mtu;
+ int ok = 0;
+ struct tc_htb_opt opt = {};
+ __u32 rtab[256], ctab[256];
+ unsigned buffer = 0, cbuffer = 0;
+ int cell_log = -1, ccell_log = -1;
+ unsigned int mtu = 1600; /* eth packet len */
unsigned short mpu = 0;
unsigned short overhead = 0;
unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */
struct rtattr *tail;
__u64 ceil64 = 0, rate64 = 0;
- memset(&opt, 0, sizeof(opt)); mtu = 1600; /* eth packet len */
-
while (argc > 0) {
if (matches(*argv, "prio") == 0) {
NEXT_ARG();
@@ -268,13 +266,13 @@
struct rtattr *tb[TCA_HTB_MAX + 1];
struct tc_htb_opt *hopt;
struct tc_htb_glob *gopt;
- double buffer,cbuffer;
+ double buffer, cbuffer;
unsigned int linklayer;
__u64 rate64, ceil64;
+
SPRINT_BUF(b1);
SPRINT_BUF(b2);
SPRINT_BUF(b3);
- SPRINT_BUF(b4);
if (opt == NULL)
return 0;
@@ -311,18 +309,16 @@
cbuffer = tc_calc_xmitsize(ceil64, hopt->cbuffer);
linklayer = (hopt->rate.linklayer & TC_LINKLAYER_MASK);
if (linklayer > TC_LINKLAYER_ETHERNET || show_details)
- fprintf(f, "linklayer %s ", sprint_linklayer(linklayer, b4));
+ fprintf(f, "linklayer %s ", sprint_linklayer(linklayer, b3));
if (show_details) {
- fprintf(f, "burst %s/%u mpu %s overhead %s ",
+ fprintf(f, "burst %s/%u mpu %s ",
sprint_size(buffer, b1),
1<<hopt->rate.cell_log,
- sprint_size(hopt->rate.mpu&0xFF, b2),
- sprint_size((hopt->rate.mpu>>8)&0xFF, b3));
- fprintf(f, "cburst %s/%u mpu %s overhead %s ",
+ sprint_size(hopt->rate.mpu, b2));
+ fprintf(f, "cburst %s/%u mpu %s ",
sprint_size(cbuffer, b1),
1<<hopt->ceil.cell_log,
- sprint_size(hopt->ceil.mpu&0xFF, b2),
- sprint_size((hopt->ceil.mpu>>8)&0xFF, b3));
+ sprint_size(hopt->ceil.mpu, b2));
fprintf(f, "level %d ", (int)hopt->level);
} else {
fprintf(f, "burst %s ", sprint_size(buffer, b1));
@@ -330,16 +326,16 @@
}
if (show_raw)
fprintf(f, "buffer [%08x] cbuffer [%08x] ",
- hopt->buffer,hopt->cbuffer);
+ hopt->buffer, hopt->cbuffer);
}
if (tb[TCA_HTB_INIT]) {
gopt = RTA_DATA(tb[TCA_HTB_INIT]);
if (RTA_PAYLOAD(tb[TCA_HTB_INIT]) < sizeof(*gopt)) return -1;
fprintf(f, "r2q %d default %x direct_packets_stat %u",
- gopt->rate2quantum,gopt->defcls,gopt->direct_pkts);
+ gopt->rate2quantum, gopt->defcls, gopt->direct_pkts);
if (show_details)
- fprintf(f," ver %d.%d",gopt->version >> 16,gopt->version & 0xffff);
+ fprintf(f, " ver %d.%d", gopt->version >> 16, gopt->version & 0xffff);
}
if (tb[TCA_HTB_DIRECT_QLEN] &&
RTA_PAYLOAD(tb[TCA_HTB_DIRECT_QLEN]) >= sizeof(__u32)) {
@@ -353,6 +349,7 @@
static int htb_print_xstats(struct qdisc_util *qu, FILE *f, struct rtattr *xstats)
{
struct tc_htb_xstats *st;
+
if (xstats == NULL)
return 0;
@@ -361,16 +358,16 @@
st = RTA_DATA(xstats);
fprintf(f, " lended: %u borrowed: %u giants: %u\n",
- st->lends,st->borrows,st->giants);
- fprintf(f, " tokens: %d ctokens: %d\n", st->tokens,st->ctokens);
+ st->lends, st->borrows, st->giants);
+ fprintf(f, " tokens: %d ctokens: %d\n", st->tokens, st->ctokens);
return 0;
}
struct qdisc_util htb_qdisc_util = {
- .id = "htb",
+ .id = "htb",
.parse_qopt = htb_parse_opt,
.print_qopt = htb_print_opt,
- .print_xstats = htb_print_xstats,
+ .print_xstats = htb_print_xstats,
.parse_copt = htb_parse_class_opt,
.print_copt = htb_print_opt,
};
diff --git a/tc/q_ingress.c b/tc/q_ingress.c
index c3c9b40..31699a8 100644
--- a/tc/q_ingress.c
+++ b/tc/q_ingress.c
@@ -34,7 +34,6 @@
}
}
- addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
return 0;
}
diff --git a/tc/q_mqprio.c b/tc/q_mqprio.c
index fa1022b..d6718fb 100644
--- a/tc/q_mqprio.c
+++ b/tc/q_mqprio.c
@@ -34,10 +34,12 @@
{
int idx;
struct tc_mqprio_qopt opt = {
- 8,
- {0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 1, 1, 3, 3, 3, 3},
- 1,
- };
+ .num_tc = 8,
+ .prio_tc_map = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 1, 1, 3, 3, 3, 3 },
+ .hw = 1,
+ .count = { },
+ .offset = { },
+ };
while (argc > 0) {
idx = 0;
diff --git a/tc/q_multiq.c b/tc/q_multiq.c
index f4f41f7..9c09c9a 100644
--- a/tc/q_multiq.c
+++ b/tc/q_multiq.c
@@ -43,7 +43,7 @@
static int multiq_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- struct tc_multiq_qopt opt;
+ struct tc_multiq_qopt opt = {};
if (argc) {
if (strcmp(*argv, "help") == 0) {
@@ -77,7 +77,7 @@
}
struct qdisc_util multiq_qdisc_util = {
- .id = "multiq",
+ .id = "multiq",
.parse_qopt = multiq_parse_opt,
.print_qopt = multiq_print_opt,
};
diff --git a/tc/q_netem.c b/tc/q_netem.c
index 7bc8c6a..cdaddce 100644
--- a/tc/q_netem.c
+++ b/tc/q_netem.c
@@ -30,10 +30,10 @@
static void explain(void)
{
fprintf(stderr,
-"Usage: ... netem [ limit PACKETS ] \n" \
+"Usage: ... netem [ limit PACKETS ]\n" \
" [ delay TIME [ JITTER [CORRELATION]]]\n" \
" [ distribution {uniform|normal|pareto|paretonormal} ]\n" \
-" [ corrupt PERCENT [CORRELATION]] \n" \
+" [ corrupt PERCENT [CORRELATION]]\n" \
" [ duplicate PERCENT [CORRELATION]]\n" \
" [ loss random PERCENT [CORRELATION]]\n" \
" [ loss state P13 [P31 [P32 [P23 P14]]]\n" \
@@ -58,7 +58,7 @@
/* scaled value used to percent of maximum. */
static void set_percent(__u32 *percent, double per)
{
- *percent = (unsigned) rint(per * max_percent_value);
+ *percent = (unsigned int) rint(per * max_percent_value);
}
@@ -70,7 +70,7 @@
char *p;
*val = strtod(str, &p) / 100.;
- if (*p && strcmp(p, "%") )
+ if (*p && strcmp(p, "%"))
return -1;
return 0;
@@ -92,7 +92,7 @@
snprintf(buf, len, "%g%%", 100. * (double) per / max_percent_value);
}
-static char * sprint_percent(__u32 per, char *buf)
+static char *sprint_percent(__u32 per, char *buf)
{
print_percent(buf, SPRINT_BSIZE-1, per);
return buf;
@@ -123,6 +123,7 @@
n = 0;
while (getline(&line, &len, f) != -1) {
char *p, *endp;
+
if (*line == '\n' || *line == '#')
continue;
@@ -154,9 +155,9 @@
(based on kernel PSCHED_CLOCK configuration */
static int get_ticks(__u32 *ticks, const char *str)
{
- unsigned t;
+ unsigned int t;
- if(get_time(&t, str))
+ if (get_time(&t, str))
return -1;
if (tc_core_time2big(t)) {
@@ -174,24 +175,18 @@
int dist_size = 0;
struct rtattr *tail;
struct tc_netem_qopt opt = { .limit = 1000 };
- struct tc_netem_corr cor;
- struct tc_netem_reorder reorder;
- struct tc_netem_corrupt corrupt;
+ struct tc_netem_corr cor = {};
+ struct tc_netem_reorder reorder = {};
+ struct tc_netem_corrupt corrupt = {};
struct tc_netem_gimodel gimodel;
struct tc_netem_gemodel gemodel;
- struct tc_netem_rate rate;
+ struct tc_netem_rate rate = {};
__s16 *dist_data = NULL;
__u16 loss_type = NETEM_LOSS_UNSPEC;
- int present[__TCA_NETEM_MAX];
+ int present[__TCA_NETEM_MAX] = {};
__u64 rate64 = 0;
- memset(&cor, 0, sizeof(cor));
- memset(&reorder, 0, sizeof(reorder));
- memset(&corrupt, 0, sizeof(corrupt));
- memset(&rate, 0, sizeof(rate));
- memset(present, 0, sizeof(present));
-
- for( ; argc > 0; --argc, ++argv) {
+ for ( ; argc > 0; --argc, ++argv) {
if (matches(*argv, "limit") == 0) {
NEXT_ARG();
if (get_size(&opt.limit, *argv)) {
@@ -236,7 +231,7 @@
if (!strcmp(*argv, "random")) {
NEXT_ARG();
- random_loss_model:
+ random_loss_model:
if (get_percent(&opt.loss, *argv)) {
explain1("loss percent");
return -1;
@@ -343,7 +338,7 @@
return -1;
}
} else if (matches(*argv, "ecn") == 0) {
- present[TCA_NETEM_ECN] = 1;
+ present[TCA_NETEM_ECN] = 1;
} else if (matches(*argv, "reorder") == 0) {
NEXT_ARG();
present[TCA_NETEM_REORDER] = 1;
@@ -474,7 +469,7 @@
if (present[TCA_NETEM_CORR] &&
addattr_l(n, 1024, TCA_NETEM_CORR, &cor, sizeof(cor)) < 0)
- return -1;
+ return -1;
if (present[TCA_NETEM_REORDER] &&
addattr_l(n, 1024, TCA_NETEM_REORDER, &reorder, sizeof(reorder)) < 0)
@@ -483,7 +478,7 @@
if (present[TCA_NETEM_ECN] &&
addattr_l(n, 1024, TCA_NETEM_ECN, &present[TCA_NETEM_ECN],
sizeof(present[TCA_NETEM_ECN])) < 0)
- return -1;
+ return -1;
if (present[TCA_NETEM_CORRUPT] &&
addattr_l(n, 1024, TCA_NETEM_CORRUPT, &corrupt, sizeof(corrupt)) < 0)
@@ -496,11 +491,11 @@
if (loss_type == NETEM_LOSS_GI) {
if (addattr_l(n, 1024, NETEM_LOSS_GI,
&gimodel, sizeof(gimodel)) < 0)
- return -1;
+ return -1;
} else if (loss_type == NETEM_LOSS_GE) {
if (addattr_l(n, 1024, NETEM_LOSS_GE,
&gemodel, sizeof(gemodel)) < 0)
- return -1;
+ return -1;
} else {
fprintf(stderr, "loss in the weeds!\n");
return -1;
@@ -543,13 +538,15 @@
int *ecn = NULL;
struct tc_netem_qopt qopt;
const struct tc_netem_rate *rate = NULL;
- int len = RTA_PAYLOAD(opt) - sizeof(qopt);
+ int len;
__u64 rate64 = 0;
+
SPRINT_BUF(b1);
if (opt == NULL)
return 0;
+ len = RTA_PAYLOAD(opt) - sizeof(qopt);
if (len < 0) {
fprintf(stderr, "options size error\n");
return -1;
@@ -558,6 +555,7 @@
if (len > 0) {
struct rtattr *tb[TCA_NETEM_MAX+1];
+
parse_rtattr(tb, TCA_NETEM_MAX, RTA_DATA(opt) + sizeof(qopt),
len);
@@ -684,7 +682,7 @@
}
struct qdisc_util netem_qdisc_util = {
- .id = "netem",
+ .id = "netem",
.parse_qopt = netem_parse_opt,
.print_qopt = netem_print_opt,
};
diff --git a/tc/q_pie.c b/tc/q_pie.c
index 193b05d..a697db7 100644
--- a/tc/q_pie.c
+++ b/tc/q_pie.c
@@ -37,9 +37,7 @@
}
#define ALPHA_MAX 32
-#define ALPHA_MIN 0
#define BETA_MAX 32
-#define BETA_MIN 0
static int pie_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
@@ -75,14 +73,14 @@
} else if (strcmp(*argv, "alpha") == 0) {
NEXT_ARG();
if (get_unsigned(&alpha, *argv, 0) ||
- (alpha > ALPHA_MAX) || (alpha < ALPHA_MIN)) {
+ (alpha > ALPHA_MAX)) {
fprintf(stderr, "Illegal \"alpha\"\n");
return -1;
}
} else if (strcmp(*argv, "beta") == 0) {
NEXT_ARG();
if (get_unsigned(&beta, *argv, 0) ||
- (beta > BETA_MAX) || (beta < BETA_MIN)) {
+ (beta > BETA_MAX)) {
fprintf(stderr, "Illegal \"beta\"\n");
return -1;
}
@@ -136,8 +134,9 @@
unsigned int target;
unsigned int alpha;
unsigned int beta;
- unsigned ecn;
- unsigned bytemode;
+ unsigned int ecn;
+ unsigned int bytemode;
+
SPRINT_BUF(b1);
if (opt == NULL)
diff --git a/tc/q_prio.c b/tc/q_prio.c
index 3236bec..a28928a 100644
--- a/tc/q_prio.c
+++ b/tc/q_prio.c
@@ -32,7 +32,7 @@
{
int pmap_mode = 0;
int idx = 0;
- struct tc_prio_qopt opt={3,{ 1, 2, 2, 2, 1, 2, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 }};
+ struct tc_prio_qopt opt = {3, { 1, 2, 2, 2, 1, 2, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 } };
struct rtattr *nest;
unsigned char mq = 0;
@@ -57,7 +57,8 @@
explain();
return -1;
} else {
- unsigned band;
+ unsigned int band;
+
if (!pmap_mode) {
fprintf(stderr, "What is \"%s\"?\n", *argv);
explain();
@@ -104,10 +105,10 @@
if (parse_rtattr_nested_compat(tb, TCA_PRIO_MAX, opt, qopt,
sizeof(*qopt)))
- return -1;
+ return -1;
fprintf(f, "bands %u priomap ", qopt->bands);
- for (i=0; i<=TC_PRIO_MAX; i++)
+ for (i = 0; i <= TC_PRIO_MAX; i++)
fprintf(f, " %d", qopt->priomap[i]);
if (tb[TCA_PRIO_MQ])
@@ -118,7 +119,7 @@
}
struct qdisc_util prio_qdisc_util = {
- .id = "prio",
+ .id = "prio",
.parse_qopt = prio_parse_opt,
.print_qopt = prio_print_opt,
};
diff --git a/tc/q_qfq.c b/tc/q_qfq.c
index 05b4d84..0e02674 100644
--- a/tc/q_qfq.c
+++ b/tc/q_qfq.c
@@ -38,16 +38,11 @@
static int qfq_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- while (argc > 0) {
- if (matches(*argv, "help") == 0) {
- explain();
- return -1;
- } else {
+ if (argc > 0) {
+ if (matches(*argv, "help") != 0)
fprintf(stderr, "What is \"%s\"?\n", *argv);
- explain();
- return -1;
- }
- argc--; argv++;
+ explain();
+ return -1;
}
return 0;
diff --git a/tc/q_red.c b/tc/q_red.c
index abd86c7..ec706aa 100644
--- a/tc/q_red.c
+++ b/tc/q_red.c
@@ -35,18 +35,16 @@
static int red_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- struct tc_red_qopt opt;
- unsigned burst = 0;
- unsigned avpkt = 0;
+ struct tc_red_qopt opt = {};
+ unsigned int burst = 0;
+ unsigned int avpkt = 0;
double probability = 0.02;
- unsigned rate = 0;
+ unsigned int rate = 0;
int parm;
__u8 sbuf[256];
__u32 max_P;
struct rtattr *tail;
- memset(&opt, 0, sizeof(opt));
-
while (argc > 0) {
if (strcmp(*argv, "limit") == 0) {
NEXT_ARG();
@@ -160,6 +158,7 @@
struct rtattr *tb[TCA_RED_MAX + 1];
struct tc_red_qopt *qopt;
__u32 max_P = 0;
+
SPRINT_BUF(b1);
SPRINT_BUF(b2);
SPRINT_BUF(b3);
diff --git a/tc/q_rr.c b/tc/q_rr.c
index e8a9165..f330311 100644
--- a/tc/q_rr.c
+++ b/tc/q_rr.c
@@ -33,7 +33,7 @@
{
int pmap_mode = 0;
int idx = 0;
- struct tc_prio_qopt opt={3,{ 1, 2, 2, 2, 1, 2, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 }};
+ struct tc_prio_qopt opt = {3, { 1, 2, 2, 2, 1, 2, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1 } };
struct rtattr *nest;
unsigned char mq = 0;
@@ -58,7 +58,8 @@
} else if (strcmp(*argv, "multiqueue") == 0) {
mq = 1;
} else {
- unsigned band;
+ unsigned int band;
+
if (!pmap_mode) {
fprintf(stderr, "What is \"%s\"?\n", *argv);
explain();
@@ -102,7 +103,7 @@
return -1;
fprintf(f, "bands %u priomap ", qopt->bands);
- for (i=0; i <= TC_PRIO_MAX; i++)
+ for (i = 0; i <= TC_PRIO_MAX; i++)
fprintf(f, " %d", qopt->priomap[i]);
if (tb[TCA_PRIO_MQ])
@@ -113,7 +114,7 @@
}
struct qdisc_util rr_qdisc_util = {
- .id = "rr",
+ .id = "rr",
.parse_qopt = rr_parse_opt,
.print_qopt = rr_print_opt,
};
diff --git a/tc/q_sfb.c b/tc/q_sfb.c
index f11c33a..05c5f13 100644
--- a/tc/q_sfb.c
+++ b/tc/q_sfb.c
@@ -51,17 +51,16 @@
static int sfb_parse_opt(struct qdisc_util *qu, int argc, char **argv,
struct nlmsghdr *n)
{
- struct tc_sfb_qopt opt;
+ struct tc_sfb_qopt opt = {
+ .rehash_interval = 600*1000,
+ .warmup_time = 60*1000,
+ .penalty_rate = 10,
+ .penalty_burst = 20,
+ .increment = (SFB_MAX_PROB + 1000) / 2000,
+ .decrement = (SFB_MAX_PROB + 10000) / 20000,
+ };
struct rtattr *tail;
- memset(&opt, 0, sizeof(opt));
- opt.rehash_interval = 600*1000;
- opt.warmup_time = 60*1000;
- opt.penalty_rate = 10;
- opt.penalty_burst = 20;
- opt.increment = (SFB_MAX_PROB + 1000) / 2000;
- opt.decrement = (SFB_MAX_PROB + 10000) / 20000;
-
while (argc > 0) {
if (strcmp(*argv, "rehash") == 0) {
NEXT_ARG();
@@ -158,8 +157,7 @@
fprintf(f,
"limit %d max %d target %d\n"
- " increment %.5f decrement %.5f penalty rate %d burst %d "
- "(%ums %ums)",
+ " increment %.5f decrement %.5f penalty rate %d burst %d (%ums %ums)",
qopt->limit, qopt->max, qopt->bin_size,
(double)qopt->increment / SFB_MAX_PROB,
(double)qopt->decrement / SFB_MAX_PROB,
diff --git a/tc/q_sfq.c b/tc/q_sfq.c
index 50846a9..b5a9895 100644
--- a/tc/q_sfq.c
+++ b/tc/q_sfq.c
@@ -38,14 +38,12 @@
static int sfq_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
int ok = 0, red = 0;
- struct tc_sfq_qopt_v1 opt;
+ struct tc_sfq_qopt_v1 opt = {};
unsigned int burst = 0;
int wlog;
unsigned int avpkt = 1000;
double probability = 0.02;
- memset(&opt, 0, sizeof(opt));
-
while (argc > 0) {
if (strcmp(*argv, "quantum") == 0) {
NEXT_ARG();
@@ -207,6 +205,7 @@
{
struct tc_sfq_qopt *qopt;
struct tc_sfq_qopt_v1 *qopt_ext = NULL;
+
SPRINT_BUF(b1);
SPRINT_BUF(b2);
SPRINT_BUF(b3);
diff --git a/tc/q_tbf.c b/tc/q_tbf.c
index 0981e6f..18b2193 100644
--- a/tc/q_tbf.c
+++ b/tc/q_tbf.c
@@ -38,19 +38,17 @@
static int tbf_parse_opt(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n)
{
- int ok=0;
- struct tc_tbf_qopt opt;
+ int ok = 0;
+ struct tc_tbf_qopt opt = {};
__u32 rtab[256];
__u32 ptab[256];
- unsigned buffer=0, mtu=0, mpu=0, latency=0;
- int Rcell_log=-1, Pcell_log = -1;
- unsigned short overhead=0;
+ unsigned buffer = 0, mtu = 0, mpu = 0, latency = 0;
+ int Rcell_log = -1, Pcell_log = -1;
+ unsigned short overhead = 0;
unsigned int linklayer = LINKLAYER_ETHERNET; /* Assume ethernet */
struct rtattr *tail;
__u64 rate64 = 0, prate64 = 0;
- memset(&opt, 0, sizeof(opt));
-
while (argc > 0) {
if (matches(*argv, "limit") == 0) {
NEXT_ARG();
@@ -86,6 +84,7 @@
strcmp(*argv, "buffer") == 0 ||
strcmp(*argv, "maxburst") == 0) {
const char *parm_name = *argv;
+
NEXT_ARG();
if (buffer) {
fprintf(stderr, "tbf: duplicate \"buffer/burst/maxburst\" specification\n");
@@ -99,6 +98,7 @@
} else if (strcmp(*argv, "mtu") == 0 ||
strcmp(*argv, "minburst") == 0) {
const char *parm_name = *argv;
+
NEXT_ARG();
if (mtu) {
fprintf(stderr, "tbf: duplicate \"mtu/minburst\" specification\n");
@@ -167,12 +167,12 @@
argc--; argv++;
}
- int verdict = 0;
+ int verdict = 0;
- /* Be nice to the user: try to emit all error messages in
- * one go rather than reveal one more problem when a
- * previous one has been fixed.
- */
+ /* Be nice to the user: try to emit all error messages in
+ * one go rather than reveal one more problem when a
+ * previous one has been fixed.
+ */
if (rate64 == 0) {
fprintf(stderr, "tbf: the \"rate\" parameter is mandatory.\n");
verdict = -1;
@@ -193,18 +193,20 @@
verdict = -1;
}
- if (verdict != 0) {
- explain();
- return verdict;
- }
+ if (verdict != 0) {
+ explain();
+ return verdict;
+ }
opt.rate.rate = (rate64 >= (1ULL << 32)) ? ~0U : rate64;
opt.peakrate.rate = (prate64 >= (1ULL << 32)) ? ~0U : prate64;
if (opt.limit == 0) {
double lim = rate64*(double)latency/TIME_UNITS_PER_SEC + buffer;
+
if (prate64) {
double lim2 = prate64*(double)latency/TIME_UNITS_PER_SEC + mtu;
+
if (lim2 < lim)
lim = lim2;
}
@@ -254,6 +256,7 @@
double buffer, mtu;
double latency;
__u64 rate64 = 0, prate64 = 0;
+
SPRINT_BUF(b1);
SPRINT_BUF(b2);
SPRINT_BUF(b3);
@@ -305,6 +308,7 @@
latency = TIME_UNITS_PER_SEC*(qopt->limit/(double)rate64) - tc_core_tick2time(qopt->buffer);
if (prate64) {
double lat2 = TIME_UNITS_PER_SEC*(qopt->limit/(double)prate64) - tc_core_tick2time(qopt->mtu);
+
if (lat2 > latency)
latency = lat2;
}
diff --git a/tc/tc.c b/tc/tc.c
index e1d4bc3..82a3004 100644
--- a/tc/tc.c
+++ b/tc/tc.c
@@ -31,26 +31,25 @@
#include "tc_common.h"
#include "namespace.h"
-int show_stats = 0;
-int show_details = 0;
-int show_raw = 0;
-int show_pretty = 0;
-int show_graph = 0;
+int show_stats;
+int show_details;
+int show_raw;
+int show_pretty;
+int show_graph;
int timestamp;
-int batch_mode = 0;
-int resolve_hosts = 0;
-int use_iec = 0;
-int force = 0;
-bool use_names = false;
+int batch_mode;
+int use_iec;
+int force;
+bool use_names;
static char *conf_file;
struct rtnl_handle rth;
-static void *BODY = NULL; /* cached handle dlopen(NULL) */
-static struct qdisc_util * qdisc_list;
-static struct filter_util * filter_list;
+static void *BODY; /* cached handle dlopen(NULL) */
+static struct qdisc_util *qdisc_list;
+static struct filter_util *filter_list;
#ifdef ANDROID
extern struct qdisc_util cbq_qdisc_util;
@@ -64,7 +63,7 @@
{
if (opt && RTA_PAYLOAD(opt))
fprintf(f, "[Unknown qdisc, optlen=%u] ",
- (unsigned) RTA_PAYLOAD(opt));
+ (unsigned int) RTA_PAYLOAD(opt));
return 0;
}
@@ -81,7 +80,7 @@
{
if (opt && RTA_PAYLOAD(opt))
fprintf(f, "fh %08x [Unknown filter, optlen=%u] ",
- fhandle, (unsigned) RTA_PAYLOAD(opt));
+ fhandle, (unsigned int) RTA_PAYLOAD(opt));
else if (fhandle)
fprintf(f, "fh %08x ", fhandle);
return 0;
@@ -97,6 +96,7 @@
}
if (fhandle) {
struct tcmsg *t = NLMSG_DATA(n);
+
if (get_u32(&handle, fhandle, 16)) {
fprintf(stderr, "Unparsable filter ID \"%s\"\n", fhandle);
return -1;
@@ -151,11 +151,9 @@
return q;
noexist:
- q = malloc(sizeof(*q));
+ q = calloc(1, sizeof(*q));
if (q) {
-
- memset(q, 0, sizeof(*q));
- q->id = strcpy(malloc(strlen(str)+1), str);
+ q->id = strdup(str);
q->parse_qopt = parse_noqopt;
q->print_qopt = print_noqopt;
goto reg;
@@ -203,9 +201,8 @@
filter_list = q;
return q;
noexist:
- q = malloc(sizeof(*q));
+ q = calloc(1, sizeof(*q));
if (q) {
- memset(q, 0, sizeof(*q));
strncpy(q->id, str, 15);
q->parse_fopt = parse_nofopt;
q->print_fopt = print_nofopt;
@@ -222,9 +219,8 @@
#else
" tc [-force] -batch filename\n"
#endif
- "where OBJECT := { qdisc | class | filter | action | monitor | exec }\n"
- " OPTIONS := { -s[tatistics] | -d[etails] | -r[aw] | -p[retty] | -b[atch] [filename] | "
- "-n[etns] name |\n"
+ "where OBJECT := { qdisc | class | filter | action | monitor | exec }\n"
+ " OPTIONS := { -s[tatistics] | -d[etails] | -r[aw] | -p[retty] | -b[atch] [filename] | -n[etns] name |\n"
" -nm | -nam[es] | { -cf | -conf } path }\n");
}
diff --git a/tc/tc_bpf.c b/tc/tc_bpf.c
deleted file mode 100644
index 42c8841..0000000
--- a/tc/tc_bpf.c
+++ /dev/null
@@ -1,1892 +0,0 @@
-/*
- * tc_bpf.c BPF common code
- *
- * This program is free software; you can distribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * Authors: Daniel Borkmann <dborkman@redhat.com>
- * Jiri Pirko <jiri@resnulli.us>
- * Alexei Starovoitov <ast@plumgrid.com>
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdbool.h>
-#include <stdint.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-
-#ifdef HAVE_ELF
-#include <libelf.h>
-#include <gelf.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/un.h>
-#include <sys/vfs.h>
-#include <sys/mount.h>
-#include <sys/syscall.h>
-#include <sys/sendfile.h>
-#include <sys/resource.h>
-
-#include <linux/bpf.h>
-#include <linux/filter.h>
-#include <linux/if_alg.h>
-
-#include <arpa/inet.h>
-
-#include "utils.h"
-
-#include "bpf_elf.h"
-#include "bpf_scm.h"
-
-#include "tc_util.h"
-#include "tc_bpf.h"
-
-#ifdef HAVE_ELF
-static int bpf_obj_open(const char *path, enum bpf_prog_type type,
- const char *sec, bool verbose);
-#else
-static int bpf_obj_open(const char *path, enum bpf_prog_type type,
- const char *sec, bool verbose)
-{
- fprintf(stderr, "No ELF library support compiled in.\n");
- errno = ENOSYS;
- return -1;
-}
-#endif
-
-static inline __u64 bpf_ptr_to_u64(const void *ptr)
-{
- return (__u64)(unsigned long)ptr;
-}
-
-static int bpf(int cmd, union bpf_attr *attr, unsigned int size)
-{
-#ifdef __NR_bpf
- return syscall(__NR_bpf, cmd, attr, size);
-#else
- fprintf(stderr, "No bpf syscall, kernel headers too old?\n");
- errno = ENOSYS;
- return -1;
-#endif
-}
-
-static int bpf_map_update(int fd, const void *key, const void *value,
- uint64_t flags)
-{
- union bpf_attr attr = {
- .map_fd = fd,
- .key = bpf_ptr_to_u64(key),
- .value = bpf_ptr_to_u64(value),
- .flags = flags,
- };
-
- return bpf(BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr));
-}
-
-static int bpf_parse_string(char *arg, bool from_file, __u16 *bpf_len,
- char **bpf_string, bool *need_release,
- const char separator)
-{
- char sp;
-
- if (from_file) {
- size_t tmp_len, op_len = sizeof("65535 255 255 4294967295,");
- char *tmp_string;
- FILE *fp;
-
- tmp_len = sizeof("4096,") + BPF_MAXINSNS * op_len;
- tmp_string = malloc(tmp_len);
- if (tmp_string == NULL)
- return -ENOMEM;
-
- memset(tmp_string, 0, tmp_len);
-
- fp = fopen(arg, "r");
- if (fp == NULL) {
- perror("Cannot fopen");
- free(tmp_string);
- return -ENOENT;
- }
-
- if (!fgets(tmp_string, tmp_len, fp)) {
- free(tmp_string);
- fclose(fp);
- return -EIO;
- }
-
- fclose(fp);
-
- *need_release = true;
- *bpf_string = tmp_string;
- } else {
- *need_release = false;
- *bpf_string = arg;
- }
-
- if (sscanf(*bpf_string, "%hu%c", bpf_len, &sp) != 2 ||
- sp != separator) {
- if (*need_release)
- free(*bpf_string);
- return -EINVAL;
- }
-
- return 0;
-}
-
-static int bpf_ops_parse(int argc, char **argv, struct sock_filter *bpf_ops,
- bool from_file)
-{
- char *bpf_string, *token, separator = ',';
- int ret = 0, i = 0;
- bool need_release;
- __u16 bpf_len = 0;
-
- if (argc < 1)
- return -EINVAL;
- if (bpf_parse_string(argv[0], from_file, &bpf_len, &bpf_string,
- &need_release, separator))
- return -EINVAL;
- if (bpf_len == 0 || bpf_len > BPF_MAXINSNS) {
- ret = -EINVAL;
- goto out;
- }
-
- token = bpf_string;
- while ((token = strchr(token, separator)) && (++token)[0]) {
- if (i >= bpf_len) {
- fprintf(stderr, "Real program length exceeds encoded "
- "length parameter!\n");
- ret = -EINVAL;
- goto out;
- }
-
- if (sscanf(token, "%hu %hhu %hhu %u,",
- &bpf_ops[i].code, &bpf_ops[i].jt,
- &bpf_ops[i].jf, &bpf_ops[i].k) != 4) {
- fprintf(stderr, "Error at instruction %d!\n", i);
- ret = -EINVAL;
- goto out;
- }
-
- i++;
- }
-
- if (i != bpf_len) {
- fprintf(stderr, "Parsed program length is less than encoded"
- "length parameter!\n");
- ret = -EINVAL;
- goto out;
- }
- ret = bpf_len;
-out:
- if (need_release)
- free(bpf_string);
-
- return ret;
-}
-
-void bpf_print_ops(FILE *f, struct rtattr *bpf_ops, __u16 len)
-{
- struct sock_filter *ops = (struct sock_filter *) RTA_DATA(bpf_ops);
- int i;
-
- if (len == 0)
- return;
-
- fprintf(f, "bytecode \'%u,", len);
-
- for (i = 0; i < len - 1; i++)
- fprintf(f, "%hu %hhu %hhu %u,", ops[i].code, ops[i].jt,
- ops[i].jf, ops[i].k);
-
- fprintf(f, "%hu %hhu %hhu %u\'", ops[i].code, ops[i].jt,
- ops[i].jf, ops[i].k);
-}
-
-static int bpf_map_selfcheck_pinned(int fd, const struct bpf_elf_map *map,
- int length)
-{
- char file[PATH_MAX], buff[4096];
- struct bpf_elf_map tmp, zero;
- unsigned int val;
- FILE *fp;
-
- snprintf(file, sizeof(file), "/proc/%d/fdinfo/%d", getpid(), fd);
-
- fp = fopen(file, "r");
- if (!fp) {
- fprintf(stderr, "No procfs support?!\n");
- return -EIO;
- }
-
- memset(&tmp, 0, sizeof(tmp));
- while (fgets(buff, sizeof(buff), fp)) {
- if (sscanf(buff, "map_type:\t%u", &val) == 1)
- tmp.type = val;
- else if (sscanf(buff, "key_size:\t%u", &val) == 1)
- tmp.size_key = val;
- else if (sscanf(buff, "value_size:\t%u", &val) == 1)
- tmp.size_value = val;
- else if (sscanf(buff, "max_entries:\t%u", &val) == 1)
- tmp.max_elem = val;
- }
-
- fclose(fp);
-
- if (!memcmp(&tmp, map, length)) {
- return 0;
- } else {
- memset(&zero, 0, sizeof(zero));
- /* If kernel doesn't have eBPF-related fdinfo, we cannot do much,
- * so just accept it. We know we do have an eBPF fd and in this
- * case, everything is 0. It is guaranteed that no such map exists
- * since map type of 0 is unloadable BPF_MAP_TYPE_UNSPEC.
- */
- if (!memcmp(&tmp, &zero, length))
- return 0;
-
- fprintf(stderr, "Map specs from pinned file differ!\n");
- return -EINVAL;
- }
-}
-
-static int bpf_mnt_fs(const char *target)
-{
- bool bind_done = false;
-
- while (mount("", target, "none", MS_PRIVATE | MS_REC, NULL)) {
- if (errno != EINVAL || bind_done) {
- fprintf(stderr, "mount --make-private %s failed: %s\n",
- target, strerror(errno));
- return -1;
- }
-
- if (mount(target, target, "none", MS_BIND, NULL)) {
- fprintf(stderr, "mount --bind %s %s failed: %s\n",
- target, target, strerror(errno));
- return -1;
- }
-
- bind_done = true;
- }
-
- if (mount("bpf", target, "bpf", 0, NULL)) {
- fprintf(stderr, "mount -t bpf bpf %s failed: %s\n",
- target, strerror(errno));
- return -1;
- }
-
- return 0;
-}
-
-static int bpf_valid_mntpt(const char *mnt, unsigned long magic)
-{
- struct statfs st_fs;
-
- if (statfs(mnt, &st_fs) < 0)
- return -ENOENT;
- if ((unsigned long)st_fs.f_type != magic)
- return -ENOENT;
-
- return 0;
-}
-
-static const char *bpf_find_mntpt(const char *fstype, unsigned long magic,
- char *mnt, int len,
- const char * const *known_mnts)
-{
- const char * const *ptr;
- char type[100];
- FILE *fp;
-
- if (known_mnts) {
- ptr = known_mnts;
- while (*ptr) {
- if (bpf_valid_mntpt(*ptr, magic) == 0) {
- strncpy(mnt, *ptr, len - 1);
- mnt[len - 1] = 0;
- return mnt;
- }
- ptr++;
- }
- }
-
- fp = fopen("/proc/mounts", "r");
- if (fp == NULL || len != PATH_MAX)
- return NULL;
-
- while (fscanf(fp, "%*s %" textify(PATH_MAX) "s %99s %*s %*d %*d\n",
- mnt, type) == 2) {
- if (strcmp(type, fstype) == 0)
- break;
- }
-
- fclose(fp);
- if (strcmp(type, fstype) != 0)
- return NULL;
-
- return mnt;
-}
-
-int bpf_trace_pipe(void)
-{
- char tracefs_mnt[PATH_MAX] = TRACE_DIR_MNT;
- static const char * const tracefs_known_mnts[] = {
- TRACE_DIR_MNT,
- "/sys/kernel/debug/tracing",
- "/tracing",
- "/trace",
- 0,
- };
- char tpipe[PATH_MAX];
- const char *mnt;
- int fd;
-
- mnt = bpf_find_mntpt("tracefs", TRACEFS_MAGIC, tracefs_mnt,
- sizeof(tracefs_mnt), tracefs_known_mnts);
- if (!mnt) {
- fprintf(stderr, "tracefs not mounted?\n");
- return -1;
- }
-
- snprintf(tpipe, sizeof(tpipe), "%s/trace_pipe", mnt);
-
- fd = open(tpipe, O_RDONLY);
- if (fd < 0)
- return -1;
-
- fprintf(stderr, "Running! Hang up with ^C!\n\n");
- while (1) {
- static char buff[4096];
- ssize_t ret;
-
- ret = read(fd, buff, sizeof(buff) - 1);
- if (ret > 0) {
- write(2, buff, ret);
- fflush(stderr);
- }
- }
-
- return 0;
-}
-
-static const char *bpf_get_tc_dir(void)
-{
- static bool bpf_mnt_cached = false;
- static char bpf_tc_dir[PATH_MAX];
- static const char *mnt;
- static const char * const bpf_known_mnts[] = {
- BPF_DIR_MNT,
- 0,
- };
- char bpf_mnt[PATH_MAX] = BPF_DIR_MNT;
- char bpf_glo_dir[PATH_MAX];
- int ret;
-
- if (bpf_mnt_cached)
- goto done;
-
- mnt = bpf_find_mntpt("bpf", BPF_FS_MAGIC, bpf_mnt, sizeof(bpf_mnt),
- bpf_known_mnts);
- if (!mnt) {
- mnt = getenv(BPF_ENV_MNT);
- if (!mnt)
- mnt = BPF_DIR_MNT;
- ret = bpf_mnt_fs(mnt);
- if (ret) {
- mnt = NULL;
- goto out;
- }
- }
-
- snprintf(bpf_tc_dir, sizeof(bpf_tc_dir), "%s/%s", mnt, BPF_DIR_TC);
- ret = mkdir(bpf_tc_dir, S_IRWXU);
- if (ret && errno != EEXIST) {
- fprintf(stderr, "mkdir %s failed: %s\n", bpf_tc_dir,
- strerror(errno));
- mnt = NULL;
- goto out;
- }
-
- snprintf(bpf_glo_dir, sizeof(bpf_glo_dir), "%s/%s",
- bpf_tc_dir, BPF_DIR_GLOBALS);
- ret = mkdir(bpf_glo_dir, S_IRWXU);
- if (ret && errno != EEXIST) {
- fprintf(stderr, "mkdir %s failed: %s\n", bpf_glo_dir,
- strerror(errno));
- mnt = NULL;
- goto out;
- }
-
- mnt = bpf_tc_dir;
-out:
- bpf_mnt_cached = true;
-done:
- return mnt;
-}
-
-static int bpf_obj_get(const char *pathname)
-{
- union bpf_attr attr;
- char tmp[PATH_MAX];
-
- if (strlen(pathname) > 2 && pathname[0] == 'm' &&
- pathname[1] == ':' && bpf_get_tc_dir()) {
- snprintf(tmp, sizeof(tmp), "%s/%s",
- bpf_get_tc_dir(), pathname + 2);
- pathname = tmp;
- }
-
- memset(&attr, 0, sizeof(attr));
- attr.pathname = bpf_ptr_to_u64(pathname);
-
- return bpf(BPF_OBJ_GET, &attr, sizeof(attr));
-}
-
-const char *bpf_default_section(const enum bpf_prog_type type)
-{
- switch (type) {
- case BPF_PROG_TYPE_SCHED_CLS:
- return ELF_SECTION_CLASSIFIER;
- case BPF_PROG_TYPE_SCHED_ACT:
- return ELF_SECTION_ACTION;
- default:
- return NULL;
- }
-}
-
-enum bpf_mode {
- CBPF_BYTECODE = 0,
- CBPF_FILE,
- EBPF_OBJECT,
- EBPF_PINNED,
- __BPF_MODE_MAX,
-#define BPF_MODE_MAX __BPF_MODE_MAX
-};
-
-static int bpf_parse(int *ptr_argc, char ***ptr_argv, const bool *opt_tbl,
- enum bpf_prog_type *type, enum bpf_mode *mode,
- const char **ptr_object, const char **ptr_section,
- const char **ptr_uds_name, struct sock_filter *opcodes)
-{
- const char *file, *section, *uds_name;
- bool verbose = false;
- int ret, argc;
- char **argv;
-
- argv = *ptr_argv;
- argc = *ptr_argc;
-
- if (opt_tbl[CBPF_BYTECODE] &&
- (matches(*argv, "bytecode") == 0 ||
- strcmp(*argv, "bc") == 0)) {
- *mode = CBPF_BYTECODE;
- } else if (opt_tbl[CBPF_FILE] &&
- (matches(*argv, "bytecode-file") == 0 ||
- strcmp(*argv, "bcf") == 0)) {
- *mode = CBPF_FILE;
- } else if (opt_tbl[EBPF_OBJECT] &&
- (matches(*argv, "object-file") == 0 ||
- strcmp(*argv, "obj") == 0)) {
- *mode = EBPF_OBJECT;
- } else if (opt_tbl[EBPF_PINNED] &&
- (matches(*argv, "object-pinned") == 0 ||
- matches(*argv, "pinned") == 0 ||
- matches(*argv, "fd") == 0)) {
- *mode = EBPF_PINNED;
- } else {
- fprintf(stderr, "What mode is \"%s\"?\n", *argv);
- return -1;
- }
-
- NEXT_ARG();
- file = section = uds_name = NULL;
- if (*mode == EBPF_OBJECT || *mode == EBPF_PINNED) {
- file = *argv;
- NEXT_ARG_FWD();
-
- if (*type == BPF_PROG_TYPE_UNSPEC) {
- if (argc > 0 && matches(*argv, "type") == 0) {
- NEXT_ARG();
- if (matches(*argv, "cls") == 0) {
- *type = BPF_PROG_TYPE_SCHED_CLS;
- } else if (matches(*argv, "act") == 0) {
- *type = BPF_PROG_TYPE_SCHED_ACT;
- } else {
- fprintf(stderr, "What type is \"%s\"?\n",
- *argv);
- return -1;
- }
- NEXT_ARG_FWD();
- } else {
- *type = BPF_PROG_TYPE_SCHED_CLS;
- }
- }
-
- section = bpf_default_section(*type);
- if (argc > 0 && matches(*argv, "section") == 0) {
- NEXT_ARG();
- section = *argv;
- NEXT_ARG_FWD();
- }
-
- uds_name = getenv(BPF_ENV_UDS);
- if (argc > 0 && !uds_name &&
- matches(*argv, "export") == 0) {
- NEXT_ARG();
- uds_name = *argv;
- NEXT_ARG_FWD();
- }
-
- if (argc > 0 && matches(*argv, "verbose") == 0) {
- verbose = true;
- NEXT_ARG_FWD();
- }
-
- PREV_ARG();
- }
-
- if (*mode == CBPF_BYTECODE || *mode == CBPF_FILE)
- ret = bpf_ops_parse(argc, argv, opcodes, *mode == CBPF_FILE);
- else if (*mode == EBPF_OBJECT)
- ret = bpf_obj_open(file, *type, section, verbose);
- else if (*mode == EBPF_PINNED)
- ret = bpf_obj_get(file);
- else
- return -1;
-
- if (ptr_object)
- *ptr_object = file;
- if (ptr_section)
- *ptr_section = section;
- if (ptr_uds_name)
- *ptr_uds_name = uds_name;
-
- *ptr_argc = argc;
- *ptr_argv = argv;
-
- return ret;
-}
-
-int bpf_parse_common(int *ptr_argc, char ***ptr_argv, const int *nla_tbl,
- enum bpf_prog_type type, const char **ptr_object,
- const char **ptr_uds_name, struct nlmsghdr *n)
-{
- struct sock_filter opcodes[BPF_MAXINSNS];
- const bool opt_tbl[BPF_MODE_MAX] = {
- [CBPF_BYTECODE] = true,
- [CBPF_FILE] = true,
- [EBPF_OBJECT] = true,
- [EBPF_PINNED] = true,
- };
- char annotation[256];
- const char *section;
- enum bpf_mode mode;
- int ret;
-
- ret = bpf_parse(ptr_argc, ptr_argv, opt_tbl, &type, &mode,
- ptr_object, §ion, ptr_uds_name, opcodes);
- if (ret < 0)
- return ret;
-
- if (mode == CBPF_BYTECODE || mode == CBPF_FILE) {
- addattr16(n, MAX_MSG, nla_tbl[BPF_NLA_OPS_LEN], ret);
- addattr_l(n, MAX_MSG, nla_tbl[BPF_NLA_OPS], opcodes,
- ret * sizeof(struct sock_filter));
- }
-
- if (mode == EBPF_OBJECT || mode == EBPF_PINNED) {
- snprintf(annotation, sizeof(annotation), "%s:[%s]",
- basename(*ptr_object), mode == EBPF_PINNED ?
- "*fsobj" : section);
-
- addattr32(n, MAX_MSG, nla_tbl[BPF_NLA_FD], ret);
- addattrstrz(n, MAX_MSG, nla_tbl[BPF_NLA_NAME], annotation);
- }
-
- return 0;
-}
-
-int bpf_graft_map(const char *map_path, uint32_t *key, int argc, char **argv)
-{
- enum bpf_prog_type type = BPF_PROG_TYPE_UNSPEC;
- const bool opt_tbl[BPF_MODE_MAX] = {
- [CBPF_BYTECODE] = false,
- [CBPF_FILE] = false,
- [EBPF_OBJECT] = true,
- [EBPF_PINNED] = true,
- };
- const struct bpf_elf_map test = {
- .type = BPF_MAP_TYPE_PROG_ARRAY,
- .size_key = sizeof(int),
- .size_value = sizeof(int),
- };
- int ret, prog_fd, map_fd;
- const char *section;
- enum bpf_mode mode;
- uint32_t map_key;
-
- prog_fd = bpf_parse(&argc, &argv, opt_tbl, &type, &mode,
- NULL, §ion, NULL, NULL);
- if (prog_fd < 0)
- return prog_fd;
- if (key) {
- map_key = *key;
- } else {
- ret = sscanf(section, "%*i/%i", &map_key);
- if (ret != 1) {
- fprintf(stderr, "Couldn\'t infer map key from section "
- "name! Please provide \'key\' argument!\n");
- ret = -EINVAL;
- goto out_prog;
- }
- }
-
- map_fd = bpf_obj_get(map_path);
- if (map_fd < 0) {
- fprintf(stderr, "Couldn\'t retrieve pinned map \'%s\': %s\n",
- map_path, strerror(errno));
- ret = map_fd;
- goto out_prog;
- }
-
- ret = bpf_map_selfcheck_pinned(map_fd, &test,
- offsetof(struct bpf_elf_map, max_elem));
- if (ret < 0) {
- fprintf(stderr, "Map \'%s\' self-check failed!\n", map_path);
- goto out_map;
- }
-
- ret = bpf_map_update(map_fd, &map_key, &prog_fd, BPF_ANY);
- if (ret < 0)
- fprintf(stderr, "Map update failed: %s\n", strerror(errno));
-out_map:
- close(map_fd);
-out_prog:
- close(prog_fd);
- return ret;
-}
-
-#ifdef HAVE_ELF
-struct bpf_elf_prog {
- enum bpf_prog_type type;
- const struct bpf_insn *insns;
- size_t size;
- const char *license;
-};
-
-struct bpf_hash_entry {
- unsigned int pinning;
- const char *subpath;
- struct bpf_hash_entry *next;
-};
-
-struct bpf_elf_ctx {
- Elf *elf_fd;
- GElf_Ehdr elf_hdr;
- Elf_Data *sym_tab;
- Elf_Data *str_tab;
- int obj_fd;
- int map_fds[ELF_MAX_MAPS];
- struct bpf_elf_map maps[ELF_MAX_MAPS];
- int sym_num;
- int map_num;
- bool *sec_done;
- int sec_maps;
- char license[ELF_MAX_LICENSE_LEN];
- enum bpf_prog_type type;
- bool verbose;
- struct bpf_elf_st stat;
- struct bpf_hash_entry *ht[256];
-};
-
-struct bpf_elf_sec_data {
- GElf_Shdr sec_hdr;
- Elf_Data *sec_data;
- const char *sec_name;
-};
-
-struct bpf_map_data {
- int *fds;
- const char *obj;
- struct bpf_elf_st *st;
- struct bpf_elf_map *ent;
-};
-
-/* If we provide a small buffer with log level enabled, the kernel
- * could fail program load as no buffer space is available for the
- * log and thus verifier fails. In case something doesn't pass the
- * verifier we still want to hand something descriptive to the user.
- */
-static char bpf_log_buf[65536];
-
-static __check_format_string(1, 2) void bpf_dump_error(const char *format, ...)
-{
- va_list vl;
-
- va_start(vl, format);
- vfprintf(stderr, format, vl);
- va_end(vl);
-
- if (bpf_log_buf[0]) {
- fprintf(stderr, "%s\n", bpf_log_buf);
- memset(bpf_log_buf, 0, sizeof(bpf_log_buf));
- }
-}
-
-static int bpf_map_create(enum bpf_map_type type, unsigned int size_key,
- unsigned int size_value, unsigned int max_elem)
-{
- union bpf_attr attr = {
- .map_type = type,
- .key_size = size_key,
- .value_size = size_value,
- .max_entries = max_elem,
- };
-
- return bpf(BPF_MAP_CREATE, &attr, sizeof(attr));
-}
-
-static int bpf_prog_load(enum bpf_prog_type type, const struct bpf_insn *insns,
- size_t size, const char *license)
-{
- union bpf_attr attr = {
- .prog_type = type,
- .insns = bpf_ptr_to_u64(insns),
- .insn_cnt = size / sizeof(struct bpf_insn),
- .license = bpf_ptr_to_u64(license),
- .log_buf = bpf_ptr_to_u64(bpf_log_buf),
- .log_size = sizeof(bpf_log_buf),
- .log_level = 1,
- };
-
- if (getenv(BPF_ENV_NOLOG)) {
- attr.log_buf = 0;
- attr.log_size = 0;
- attr.log_level = 0;
- }
-
- return bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
-}
-
-static int bpf_obj_pin(int fd, const char *pathname)
-{
- union bpf_attr attr = {
- .pathname = bpf_ptr_to_u64(pathname),
- .bpf_fd = fd,
- };
-
- return bpf(BPF_OBJ_PIN, &attr, sizeof(attr));
-}
-
-static int bpf_obj_hash(const char *object, uint8_t *out, size_t len)
-{
- struct sockaddr_alg alg = {
- .salg_family = AF_ALG,
- .salg_type = "hash",
- .salg_name = "sha1",
- };
- int ret, cfd, ofd, ffd;
- struct stat stbuff;
- ssize_t size;
-
- if (!object || len != 20)
- return -EINVAL;
-
- cfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
- if (cfd < 0) {
- fprintf(stderr, "Cannot get AF_ALG socket: %s\n",
- strerror(errno));
- return cfd;
- }
-
- ret = bind(cfd, (struct sockaddr *)&alg, sizeof(alg));
- if (ret < 0) {
- fprintf(stderr, "Error binding socket: %s\n", strerror(errno));
- goto out_cfd;
- }
-
- ofd = accept(cfd, NULL, 0);
- if (ofd < 0) {
- fprintf(stderr, "Error accepting socket: %s\n",
- strerror(errno));
- ret = ofd;
- goto out_cfd;
- }
-
- ffd = open(object, O_RDONLY);
- if (ffd < 0) {
- fprintf(stderr, "Error opening object %s: %s\n",
- object, strerror(errno));
- ret = ffd;
- goto out_ofd;
- }
-
- ret = fstat(ffd, &stbuff);
- if (ret < 0) {
- fprintf(stderr, "Error doing fstat: %s\n",
- strerror(errno));
- goto out_ffd;
- }
-
- size = sendfile(ofd, ffd, NULL, stbuff.st_size);
- if (size != stbuff.st_size) {
- fprintf(stderr, "Error from sendfile (%zd vs %zu bytes): %s\n",
- size, stbuff.st_size, strerror(errno));
- ret = -1;
- goto out_ffd;
- }
-
- size = read(ofd, out, len);
- if (size != len) {
- fprintf(stderr, "Error from read (%zd vs %zu bytes): %s\n",
- size, len, strerror(errno));
- ret = -1;
- } else {
- ret = 0;
- }
-out_ffd:
- close(ffd);
-out_ofd:
- close(ofd);
-out_cfd:
- close(cfd);
- return ret;
-}
-
-static const char *bpf_get_obj_uid(const char *pathname)
-{
- static bool bpf_uid_cached = false;
- static char bpf_uid[64];
- uint8_t tmp[20];
- int ret;
-
- if (bpf_uid_cached)
- goto done;
-
- ret = bpf_obj_hash(pathname, tmp, sizeof(tmp));
- if (ret) {
- fprintf(stderr, "Object hashing failed!\n");
- return NULL;
- }
-
- hexstring_n2a(tmp, sizeof(tmp), bpf_uid, sizeof(bpf_uid));
- bpf_uid_cached = true;
-done:
- return bpf_uid;
-}
-
-static int bpf_init_env(const char *pathname)
-{
- struct rlimit limit = {
- .rlim_cur = RLIM_INFINITY,
- .rlim_max = RLIM_INFINITY,
- };
-
- /* Don't bother in case we fail! */
- setrlimit(RLIMIT_MEMLOCK, &limit);
-
- if (!bpf_get_tc_dir()) {
- fprintf(stderr, "Continuing without mounted eBPF fs. "
- "Too old kernel?\n");
- return 0;
- }
-
- if (!bpf_get_obj_uid(pathname))
- return -1;
-
- return 0;
-}
-
-static const char *bpf_custom_pinning(const struct bpf_elf_ctx *ctx,
- uint32_t pinning)
-{
- struct bpf_hash_entry *entry;
-
- entry = ctx->ht[pinning & (ARRAY_SIZE(ctx->ht) - 1)];
- while (entry && entry->pinning != pinning)
- entry = entry->next;
-
- return entry ? entry->subpath : NULL;
-}
-
-static bool bpf_no_pinning(const struct bpf_elf_ctx *ctx,
- uint32_t pinning)
-{
- switch (pinning) {
- case PIN_OBJECT_NS:
- case PIN_GLOBAL_NS:
- return false;
- case PIN_NONE:
- return true;
- default:
- return !bpf_custom_pinning(ctx, pinning);
- }
-}
-
-static void bpf_make_pathname(char *pathname, size_t len, const char *name,
- const struct bpf_elf_ctx *ctx, uint32_t pinning)
-{
- switch (pinning) {
- case PIN_OBJECT_NS:
- snprintf(pathname, len, "%s/%s/%s", bpf_get_tc_dir(),
- bpf_get_obj_uid(NULL), name);
- break;
- case PIN_GLOBAL_NS:
- snprintf(pathname, len, "%s/%s/%s", bpf_get_tc_dir(),
- BPF_DIR_GLOBALS, name);
- break;
- default:
- snprintf(pathname, len, "%s/../%s/%s", bpf_get_tc_dir(),
- bpf_custom_pinning(ctx, pinning), name);
- break;
- }
-}
-
-static int bpf_probe_pinned(const char *name, const struct bpf_elf_ctx *ctx,
- uint32_t pinning)
-{
- char pathname[PATH_MAX];
-
- if (bpf_no_pinning(ctx, pinning) || !bpf_get_tc_dir())
- return 0;
-
- bpf_make_pathname(pathname, sizeof(pathname), name, ctx, pinning);
- return bpf_obj_get(pathname);
-}
-
-static int bpf_make_obj_path(void)
-{
- char tmp[PATH_MAX];
- int ret;
-
- snprintf(tmp, sizeof(tmp), "%s/%s", bpf_get_tc_dir(),
- bpf_get_obj_uid(NULL));
-
- ret = mkdir(tmp, S_IRWXU);
- if (ret && errno != EEXIST) {
- fprintf(stderr, "mkdir %s failed: %s\n", tmp, strerror(errno));
- return ret;
- }
-
- return 0;
-}
-
-static int bpf_make_custom_path(const char *todo)
-{
- char tmp[PATH_MAX], rem[PATH_MAX], *sub;
- int ret;
-
- snprintf(tmp, sizeof(tmp), "%s/../", bpf_get_tc_dir());
- snprintf(rem, sizeof(rem), "%s/", todo);
- sub = strtok(rem, "/");
-
- while (sub) {
- if (strlen(tmp) + strlen(sub) + 2 > PATH_MAX)
- return -EINVAL;
-
- strcat(tmp, sub);
- strcat(tmp, "/");
-
- ret = mkdir(tmp, S_IRWXU);
- if (ret && errno != EEXIST) {
- fprintf(stderr, "mkdir %s failed: %s\n", tmp,
- strerror(errno));
- return ret;
- }
-
- sub = strtok(NULL, "/");
- }
-
- return 0;
-}
-
-static int bpf_place_pinned(int fd, const char *name,
- const struct bpf_elf_ctx *ctx, uint32_t pinning)
-{
- char pathname[PATH_MAX];
- const char *tmp;
- int ret = 0;
-
- if (bpf_no_pinning(ctx, pinning) || !bpf_get_tc_dir())
- return 0;
-
- if (pinning == PIN_OBJECT_NS)
- ret = bpf_make_obj_path();
- else if ((tmp = bpf_custom_pinning(ctx, pinning)))
- ret = bpf_make_custom_path(tmp);
- if (ret < 0)
- return ret;
-
- bpf_make_pathname(pathname, sizeof(pathname), name, ctx, pinning);
- return bpf_obj_pin(fd, pathname);
-}
-
-static int bpf_prog_attach(const char *section,
- const struct bpf_elf_prog *prog, bool verbose)
-{
- int fd;
-
- /* We can add pinning here later as well, same as bpf_map_attach(). */
- errno = 0;
- fd = bpf_prog_load(prog->type, prog->insns, prog->size,
- prog->license);
- if (fd < 0 || verbose) {
- bpf_dump_error("Prog section \'%s\' (type:%u insns:%zu "
- "license:\'%s\') %s%s (%d)!\n\n",
- section, prog->type,
- prog->size / sizeof(struct bpf_insn),
- prog->license, fd < 0 ? "rejected: " :
- "loaded", fd < 0 ? strerror(errno) : "",
- fd < 0 ? errno : fd);
- }
-
- return fd;
-}
-
-static int bpf_map_attach(const char *name, const struct bpf_elf_map *map,
- const struct bpf_elf_ctx *ctx, bool verbose)
-{
- int fd, ret;
-
- fd = bpf_probe_pinned(name, ctx, map->pinning);
- if (fd > 0) {
- ret = bpf_map_selfcheck_pinned(fd, map,
- offsetof(struct bpf_elf_map,
- id));
- if (ret < 0) {
- close(fd);
- fprintf(stderr, "Map \'%s\' self-check failed!\n",
- name);
- return ret;
- }
- if (verbose)
- fprintf(stderr, "Map \'%s\' loaded as pinned!\n",
- name);
- return fd;
- }
-
- errno = 0;
- fd = bpf_map_create(map->type, map->size_key, map->size_value,
- map->max_elem);
- if (fd < 0 || verbose) {
- bpf_dump_error("Map \'%s\' (type:%u id:%u pinning:%u "
- "ksize:%u vsize:%u max-elems:%u) %s%s (%d)!\n",
- name, map->type, map->id, map->pinning,
- map->size_key, map->size_value, map->max_elem,
- fd < 0 ? "rejected: " : "loaded", fd < 0 ?
- strerror(errno) : "", fd < 0 ? errno : fd);
- if (fd < 0)
- return fd;
- }
-
- ret = bpf_place_pinned(fd, name, ctx, map->pinning);
- if (ret < 0 && errno != EEXIST) {
- fprintf(stderr, "Could not pin %s map: %s\n", name,
- strerror(errno));
- close(fd);
- return ret;
- }
-
- return fd;
-}
-
-#define __ELF_ST_BIND(x) ((x) >> 4)
-#define __ELF_ST_TYPE(x) (((unsigned int) x) & 0xf)
-
-static const char *bpf_str_tab_name(const struct bpf_elf_ctx *ctx,
- const GElf_Sym *sym)
-{
- return ctx->str_tab->d_buf + sym->st_name;
-}
-
-static const char *bpf_map_fetch_name(struct bpf_elf_ctx *ctx, int which)
-{
- GElf_Sym sym;
- int i;
-
- for (i = 0; i < ctx->sym_num; i++) {
- if (gelf_getsym(ctx->sym_tab, i, &sym) != &sym)
- continue;
-
- if (__ELF_ST_BIND(sym.st_info) != STB_GLOBAL ||
- __ELF_ST_TYPE(sym.st_info) != STT_NOTYPE ||
- sym.st_shndx != ctx->sec_maps ||
- sym.st_value / sizeof(struct bpf_elf_map) != which)
- continue;
-
- return bpf_str_tab_name(ctx, &sym);
- }
-
- return NULL;
-}
-
-static int bpf_maps_attach_all(struct bpf_elf_ctx *ctx)
-{
- const char *map_name;
- int i, fd;
-
- for (i = 0; i < ctx->map_num; i++) {
- map_name = bpf_map_fetch_name(ctx, i);
- if (!map_name)
- return -EIO;
-
- fd = bpf_map_attach(map_name, &ctx->maps[i], ctx,
- ctx->verbose);
- if (fd < 0)
- return fd;
-
- ctx->map_fds[i] = fd;
- }
-
- return 0;
-}
-
-static int bpf_fill_section_data(struct bpf_elf_ctx *ctx, int section,
- struct bpf_elf_sec_data *data)
-{
- Elf_Data *sec_edata;
- GElf_Shdr sec_hdr;
- Elf_Scn *sec_fd;
- char *sec_name;
-
- memset(data, 0, sizeof(*data));
-
- sec_fd = elf_getscn(ctx->elf_fd, section);
- if (!sec_fd)
- return -EINVAL;
- if (gelf_getshdr(sec_fd, &sec_hdr) != &sec_hdr)
- return -EIO;
-
- sec_name = elf_strptr(ctx->elf_fd, ctx->elf_hdr.e_shstrndx,
- sec_hdr.sh_name);
- if (!sec_name || !sec_hdr.sh_size)
- return -ENOENT;
-
- sec_edata = elf_getdata(sec_fd, NULL);
- if (!sec_edata || elf_getdata(sec_fd, sec_edata))
- return -EIO;
-
- memcpy(&data->sec_hdr, &sec_hdr, sizeof(sec_hdr));
-
- data->sec_name = sec_name;
- data->sec_data = sec_edata;
- return 0;
-}
-
-static int bpf_fetch_maps(struct bpf_elf_ctx *ctx, int section,
- struct bpf_elf_sec_data *data)
-{
- if (data->sec_data->d_size % sizeof(struct bpf_elf_map) != 0)
- return -EINVAL;
-
- ctx->map_num = data->sec_data->d_size / sizeof(struct bpf_elf_map);
- ctx->sec_maps = section;
- ctx->sec_done[section] = true;
-
- if (ctx->map_num > ARRAY_SIZE(ctx->map_fds)) {
- fprintf(stderr, "Too many BPF maps in ELF section!\n");
- return -ENOMEM;
- }
-
- memcpy(ctx->maps, data->sec_data->d_buf, data->sec_data->d_size);
- return 0;
-}
-
-static int bpf_fetch_license(struct bpf_elf_ctx *ctx, int section,
- struct bpf_elf_sec_data *data)
-{
- if (data->sec_data->d_size > sizeof(ctx->license))
- return -ENOMEM;
-
- memcpy(ctx->license, data->sec_data->d_buf, data->sec_data->d_size);
- ctx->sec_done[section] = true;
- return 0;
-}
-
-static int bpf_fetch_symtab(struct bpf_elf_ctx *ctx, int section,
- struct bpf_elf_sec_data *data)
-{
- ctx->sym_tab = data->sec_data;
- ctx->sym_num = data->sec_hdr.sh_size / data->sec_hdr.sh_entsize;
- ctx->sec_done[section] = true;
- return 0;
-}
-
-static int bpf_fetch_strtab(struct bpf_elf_ctx *ctx, int section,
- struct bpf_elf_sec_data *data)
-{
- ctx->str_tab = data->sec_data;
- ctx->sec_done[section] = true;
- return 0;
-}
-
-static int bpf_fetch_ancillary(struct bpf_elf_ctx *ctx)
-{
- struct bpf_elf_sec_data data;
- int i, ret = -1;
-
- for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
- ret = bpf_fill_section_data(ctx, i, &data);
- if (ret < 0)
- continue;
-
- if (data.sec_hdr.sh_type == SHT_PROGBITS &&
- !strcmp(data.sec_name, ELF_SECTION_MAPS))
- ret = bpf_fetch_maps(ctx, i, &data);
- else if (data.sec_hdr.sh_type == SHT_PROGBITS &&
- !strcmp(data.sec_name, ELF_SECTION_LICENSE))
- ret = bpf_fetch_license(ctx, i, &data);
- else if (data.sec_hdr.sh_type == SHT_SYMTAB &&
- !strcmp(data.sec_name, ".symtab"))
- ret = bpf_fetch_symtab(ctx, i, &data);
- else if (data.sec_hdr.sh_type == SHT_STRTAB &&
- !strcmp(data.sec_name, ".strtab"))
- ret = bpf_fetch_strtab(ctx, i, &data);
- if (ret < 0) {
- fprintf(stderr, "Error parsing section %d! Perhaps"
- "check with readelf -a?\n", i);
- break;
- }
- }
-
- if (ctx->sym_tab && ctx->str_tab && ctx->sec_maps) {
- ret = bpf_maps_attach_all(ctx);
- if (ret < 0) {
- fprintf(stderr, "Error loading maps into kernel!\n");
- return ret;
- }
- }
-
- return ret;
-}
-
-static int bpf_fetch_prog(struct bpf_elf_ctx *ctx, const char *section)
-{
- struct bpf_elf_sec_data data;
- struct bpf_elf_prog prog;
- int ret, i, fd = -1;
-
- for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
- if (ctx->sec_done[i])
- continue;
-
- ret = bpf_fill_section_data(ctx, i, &data);
- if (ret < 0 ||
- !(data.sec_hdr.sh_type == SHT_PROGBITS &&
- data.sec_hdr.sh_flags & SHF_EXECINSTR &&
- !strcmp(data.sec_name, section)))
- continue;
-
- memset(&prog, 0, sizeof(prog));
- prog.type = ctx->type;
- prog.insns = data.sec_data->d_buf;
- prog.size = data.sec_data->d_size;
- prog.license = ctx->license;
-
- fd = bpf_prog_attach(section, &prog, ctx->verbose);
- if (fd < 0)
- continue;
-
- ctx->sec_done[i] = true;
- break;
- }
-
- return fd;
-}
-
-static int bpf_apply_relo_data(struct bpf_elf_ctx *ctx,
- struct bpf_elf_sec_data *data_relo,
- struct bpf_elf_sec_data *data_insn)
-{
- Elf_Data *idata = data_insn->sec_data;
- GElf_Shdr *rhdr = &data_relo->sec_hdr;
- int relo_ent, relo_num = rhdr->sh_size / rhdr->sh_entsize;
- struct bpf_insn *insns = idata->d_buf;
- unsigned int num_insns = idata->d_size / sizeof(*insns);
-
- for (relo_ent = 0; relo_ent < relo_num; relo_ent++) {
- unsigned int ioff, rmap;
- GElf_Rel relo;
- GElf_Sym sym;
-
- if (gelf_getrel(data_relo->sec_data, relo_ent, &relo) != &relo)
- return -EIO;
-
- ioff = relo.r_offset / sizeof(struct bpf_insn);
- if (ioff >= num_insns ||
- insns[ioff].code != (BPF_LD | BPF_IMM | BPF_DW))
- return -EINVAL;
-
- if (gelf_getsym(ctx->sym_tab, GELF_R_SYM(relo.r_info), &sym) != &sym)
- return -EIO;
-
- rmap = sym.st_value / sizeof(struct bpf_elf_map);
- if (rmap >= ARRAY_SIZE(ctx->map_fds))
- return -EINVAL;
- if (!ctx->map_fds[rmap])
- return -EINVAL;
-
- if (ctx->verbose)
- fprintf(stderr, "Map \'%s\' (%d) injected into prog "
- "section \'%s\' at offset %u!\n",
- bpf_str_tab_name(ctx, &sym), ctx->map_fds[rmap],
- data_insn->sec_name, ioff);
-
- insns[ioff].src_reg = BPF_PSEUDO_MAP_FD;
- insns[ioff].imm = ctx->map_fds[rmap];
- }
-
- return 0;
-}
-
-static int bpf_fetch_prog_relo(struct bpf_elf_ctx *ctx, const char *section)
-{
- struct bpf_elf_sec_data data_relo, data_insn;
- struct bpf_elf_prog prog;
- int ret, idx, i, fd = -1;
-
- for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
- ret = bpf_fill_section_data(ctx, i, &data_relo);
- if (ret < 0 || data_relo.sec_hdr.sh_type != SHT_REL)
- continue;
-
- idx = data_relo.sec_hdr.sh_info;
- ret = bpf_fill_section_data(ctx, idx, &data_insn);
- if (ret < 0 ||
- !(data_insn.sec_hdr.sh_type == SHT_PROGBITS &&
- data_insn.sec_hdr.sh_flags & SHF_EXECINSTR &&
- !strcmp(data_insn.sec_name, section)))
- continue;
-
- ret = bpf_apply_relo_data(ctx, &data_relo, &data_insn);
- if (ret < 0)
- continue;
-
- memset(&prog, 0, sizeof(prog));
- prog.type = ctx->type;
- prog.insns = data_insn.sec_data->d_buf;
- prog.size = data_insn.sec_data->d_size;
- prog.license = ctx->license;
-
- fd = bpf_prog_attach(section, &prog, ctx->verbose);
- if (fd < 0)
- continue;
-
- ctx->sec_done[i] = true;
- ctx->sec_done[idx] = true;
- break;
- }
-
- return fd;
-}
-
-static int bpf_fetch_prog_sec(struct bpf_elf_ctx *ctx, const char *section)
-{
- int ret = -1;
-
- if (ctx->sym_tab)
- ret = bpf_fetch_prog_relo(ctx, section);
- if (ret < 0)
- ret = bpf_fetch_prog(ctx, section);
-
- return ret;
-}
-
-static int bpf_find_map_by_id(struct bpf_elf_ctx *ctx, uint32_t id)
-{
- int i;
-
- for (i = 0; i < ARRAY_SIZE(ctx->map_fds); i++)
- if (ctx->map_fds[i] && ctx->maps[i].id == id &&
- ctx->maps[i].type == BPF_MAP_TYPE_PROG_ARRAY)
- return i;
- return -1;
-}
-
-static int bpf_fill_prog_arrays(struct bpf_elf_ctx *ctx)
-{
- struct bpf_elf_sec_data data;
- uint32_t map_id, key_id;
- int fd, i, ret, idx;
-
- for (i = 1; i < ctx->elf_hdr.e_shnum; i++) {
- if (ctx->sec_done[i])
- continue;
-
- ret = bpf_fill_section_data(ctx, i, &data);
- if (ret < 0)
- continue;
-
- ret = sscanf(data.sec_name, "%i/%i", &map_id, &key_id);
- if (ret != 2)
- continue;
-
- idx = bpf_find_map_by_id(ctx, map_id);
- if (idx < 0)
- continue;
-
- fd = bpf_fetch_prog_sec(ctx, data.sec_name);
- if (fd < 0)
- return -EIO;
-
- ret = bpf_map_update(ctx->map_fds[idx], &key_id,
- &fd, BPF_ANY);
- if (ret < 0)
- return -ENOENT;
-
- ctx->sec_done[i] = true;
- }
-
- return 0;
-}
-
-static void bpf_save_finfo(struct bpf_elf_ctx *ctx)
-{
- struct stat st;
- int ret;
-
- memset(&ctx->stat, 0, sizeof(ctx->stat));
-
- ret = fstat(ctx->obj_fd, &st);
- if (ret < 0) {
- fprintf(stderr, "Stat of elf file failed: %s\n",
- strerror(errno));
- return;
- }
-
- ctx->stat.st_dev = st.st_dev;
- ctx->stat.st_ino = st.st_ino;
-}
-
-static int bpf_read_pin_mapping(FILE *fp, uint32_t *id, char *path)
-{
- char buff[PATH_MAX];
-
- while (fgets(buff, sizeof(buff), fp)) {
- char *ptr = buff;
-
- while (*ptr == ' ' || *ptr == '\t')
- ptr++;
-
- if (*ptr == '#' || *ptr == '\n' || *ptr == 0)
- continue;
-
- if (sscanf(ptr, "%i %s\n", id, path) != 2 &&
- sscanf(ptr, "%i %s #", id, path) != 2) {
- strcpy(path, ptr);
- return -1;
- }
-
- return 1;
- }
-
- return 0;
-}
-
-static bool bpf_pinning_reserved(uint32_t pinning)
-{
- switch (pinning) {
- case PIN_NONE:
- case PIN_OBJECT_NS:
- case PIN_GLOBAL_NS:
- return true;
- default:
- return false;
- }
-}
-
-static void bpf_hash_init(struct bpf_elf_ctx *ctx, const char *db_file)
-{
- struct bpf_hash_entry *entry;
- char subpath[PATH_MAX];
- uint32_t pinning;
- FILE *fp;
- int ret;
-
- fp = fopen(db_file, "r");
- if (!fp)
- return;
-
- memset(subpath, 0, sizeof(subpath));
- while ((ret = bpf_read_pin_mapping(fp, &pinning, subpath))) {
- if (ret == -1) {
- fprintf(stderr, "Database %s is corrupted at: %s\n",
- db_file, subpath);
- fclose(fp);
- return;
- }
-
- if (bpf_pinning_reserved(pinning)) {
- fprintf(stderr, "Database %s, id %u is reserved - "
- "ignoring!\n", db_file, pinning);
- continue;
- }
-
- entry = malloc(sizeof(*entry));
- if (!entry) {
- fprintf(stderr, "No memory left for db entry!\n");
- continue;
- }
-
- entry->pinning = pinning;
- entry->subpath = strdup(subpath);
- if (!entry->subpath) {
- fprintf(stderr, "No memory left for db entry!\n");
- free(entry);
- continue;
- }
-
- entry->next = ctx->ht[pinning & (ARRAY_SIZE(ctx->ht) - 1)];
- ctx->ht[pinning & (ARRAY_SIZE(ctx->ht) - 1)] = entry;
- }
-
- fclose(fp);
-}
-
-static void bpf_hash_destroy(struct bpf_elf_ctx *ctx)
-{
- struct bpf_hash_entry *entry;
- int i;
-
- for (i = 0; i < ARRAY_SIZE(ctx->ht); i++) {
- while ((entry = ctx->ht[i]) != NULL) {
- ctx->ht[i] = entry->next;
- free((char *)entry->subpath);
- free(entry);
- }
- }
-}
-
-static int bpf_elf_check_ehdr(const struct bpf_elf_ctx *ctx)
-{
- if (ctx->elf_hdr.e_type != ET_REL ||
- ctx->elf_hdr.e_machine != 0 ||
- ctx->elf_hdr.e_version != EV_CURRENT) {
- fprintf(stderr, "ELF format error, ELF file not for eBPF?\n");
- return -EINVAL;
- }
-
- switch (ctx->elf_hdr.e_ident[EI_DATA]) {
- default:
- fprintf(stderr, "ELF format error, wrong endianness info?\n");
- return -EINVAL;
- case ELFDATA2LSB:
- if (htons(1) == 1) {
- fprintf(stderr,
- "We are big endian, eBPF object is little endian!\n");
- return -EIO;
- }
- break;
- case ELFDATA2MSB:
- if (htons(1) != 1) {
- fprintf(stderr,
- "We are little endian, eBPF object is big endian!\n");
- return -EIO;
- }
- break;
- }
-
- return 0;
-}
-
-static int bpf_elf_ctx_init(struct bpf_elf_ctx *ctx, const char *pathname,
- enum bpf_prog_type type, bool verbose)
-{
- int ret = -EINVAL;
-
- if (elf_version(EV_CURRENT) == EV_NONE ||
- bpf_init_env(pathname))
- return ret;
-
- memset(ctx, 0, sizeof(*ctx));
- ctx->verbose = verbose;
- ctx->type = type;
-
- ctx->obj_fd = open(pathname, O_RDONLY);
- if (ctx->obj_fd < 0)
- return ctx->obj_fd;
-
- ctx->elf_fd = elf_begin(ctx->obj_fd, ELF_C_READ, NULL);
- if (!ctx->elf_fd) {
- ret = -EINVAL;
- goto out_fd;
- }
-
- if (elf_kind(ctx->elf_fd) != ELF_K_ELF) {
- ret = -EINVAL;
- goto out_fd;
- }
-
- if (gelf_getehdr(ctx->elf_fd, &ctx->elf_hdr) !=
- &ctx->elf_hdr) {
- ret = -EIO;
- goto out_elf;
- }
-
- ret = bpf_elf_check_ehdr(ctx);
- if (ret < 0)
- goto out_elf;
-
- ctx->sec_done = calloc(ctx->elf_hdr.e_shnum,
- sizeof(*(ctx->sec_done)));
- if (!ctx->sec_done) {
- ret = -ENOMEM;
- goto out_elf;
- }
-
- bpf_save_finfo(ctx);
- bpf_hash_init(ctx, CONFDIR "/bpf_pinning");
-
- return 0;
-out_elf:
- elf_end(ctx->elf_fd);
-out_fd:
- close(ctx->obj_fd);
- return ret;
-}
-
-static int bpf_maps_count(struct bpf_elf_ctx *ctx)
-{
- int i, count = 0;
-
- for (i = 0; i < ARRAY_SIZE(ctx->map_fds); i++) {
- if (!ctx->map_fds[i])
- break;
- count++;
- }
-
- return count;
-}
-
-static void bpf_maps_teardown(struct bpf_elf_ctx *ctx)
-{
- int i;
-
- for (i = 0; i < ARRAY_SIZE(ctx->map_fds); i++) {
- if (ctx->map_fds[i])
- close(ctx->map_fds[i]);
- }
-}
-
-static void bpf_elf_ctx_destroy(struct bpf_elf_ctx *ctx, bool failure)
-{
- if (failure)
- bpf_maps_teardown(ctx);
-
- bpf_hash_destroy(ctx);
- free(ctx->sec_done);
- elf_end(ctx->elf_fd);
- close(ctx->obj_fd);
-}
-
-static struct bpf_elf_ctx __ctx;
-
-static int bpf_obj_open(const char *pathname, enum bpf_prog_type type,
- const char *section, bool verbose)
-{
- struct bpf_elf_ctx *ctx = &__ctx;
- int fd = 0, ret;
-
- ret = bpf_elf_ctx_init(ctx, pathname, type, verbose);
- if (ret < 0) {
- fprintf(stderr, "Cannot initialize ELF context!\n");
- return ret;
- }
-
- ret = bpf_fetch_ancillary(ctx);
- if (ret < 0) {
- fprintf(stderr, "Error fetching ELF ancillary data!\n");
- goto out;
- }
-
- fd = bpf_fetch_prog_sec(ctx, section);
- if (fd < 0) {
- fprintf(stderr, "Error fetching program/map!\n");
- ret = fd;
- goto out;
- }
-
- ret = bpf_fill_prog_arrays(ctx);
- if (ret < 0)
- fprintf(stderr, "Error filling program arrays!\n");
-out:
- bpf_elf_ctx_destroy(ctx, ret < 0);
- if (ret < 0) {
- if (fd)
- close(fd);
- return ret;
- }
-
- return fd;
-}
-
-static int
-bpf_map_set_send(int fd, struct sockaddr_un *addr, unsigned int addr_len,
- const struct bpf_map_data *aux, unsigned int entries)
-{
- struct bpf_map_set_msg msg;
- int *cmsg_buf, min_fd;
- char *amsg_buf;
- int i;
-
- memset(&msg, 0, sizeof(msg));
-
- msg.aux.uds_ver = BPF_SCM_AUX_VER;
- msg.aux.num_ent = entries;
-
- strncpy(msg.aux.obj_name, aux->obj, sizeof(msg.aux.obj_name));
- memcpy(&msg.aux.obj_st, aux->st, sizeof(msg.aux.obj_st));
-
- cmsg_buf = bpf_map_set_init(&msg, addr, addr_len);
- amsg_buf = (char *)msg.aux.ent;
-
- for (i = 0; i < entries; i += min_fd) {
- int ret;
-
- min_fd = min(BPF_SCM_MAX_FDS * 1U, entries - i);
- bpf_map_set_init_single(&msg, min_fd);
-
- memcpy(cmsg_buf, &aux->fds[i], sizeof(aux->fds[0]) * min_fd);
- memcpy(amsg_buf, &aux->ent[i], sizeof(aux->ent[0]) * min_fd);
-
- ret = sendmsg(fd, &msg.hdr, 0);
- if (ret <= 0)
- return ret ? : -1;
- }
-
- return 0;
-}
-
-static int
-bpf_map_set_recv(int fd, int *fds, struct bpf_map_aux *aux,
- unsigned int entries)
-{
- struct bpf_map_set_msg msg;
- int *cmsg_buf, min_fd;
- char *amsg_buf, *mmsg_buf;
- unsigned int needed = 1;
- int i;
-
- cmsg_buf = bpf_map_set_init(&msg, NULL, 0);
- amsg_buf = (char *)msg.aux.ent;
- mmsg_buf = (char *)&msg.aux;
-
- for (i = 0; i < min(entries, needed); i += min_fd) {
- struct cmsghdr *cmsg;
- int ret;
-
- min_fd = min(entries, entries - i);
- bpf_map_set_init_single(&msg, min_fd);
-
- ret = recvmsg(fd, &msg.hdr, 0);
- if (ret <= 0)
- return ret ? : -1;
-
- cmsg = CMSG_FIRSTHDR(&msg.hdr);
- if (!cmsg || cmsg->cmsg_type != SCM_RIGHTS)
- return -EINVAL;
- if (msg.hdr.msg_flags & MSG_CTRUNC)
- return -EIO;
- if (msg.aux.uds_ver != BPF_SCM_AUX_VER)
- return -ENOSYS;
-
- min_fd = (cmsg->cmsg_len - sizeof(*cmsg)) / sizeof(fd);
- if (min_fd > entries || min_fd <= 0)
- return -EINVAL;
-
- memcpy(&fds[i], cmsg_buf, sizeof(fds[0]) * min_fd);
- memcpy(&aux->ent[i], amsg_buf, sizeof(aux->ent[0]) * min_fd);
- memcpy(aux, mmsg_buf, offsetof(struct bpf_map_aux, ent));
-
- needed = aux->num_ent;
- }
-
- return 0;
-}
-
-int bpf_send_map_fds(const char *path, const char *obj)
-{
- struct bpf_elf_ctx *ctx = &__ctx;
- struct sockaddr_un addr;
- struct bpf_map_data bpf_aux;
- int fd, ret;
-
- fd = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (fd < 0) {
- fprintf(stderr, "Cannot open socket: %s\n",
- strerror(errno));
- return -1;
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, path, sizeof(addr.sun_path));
-
- ret = connect(fd, (struct sockaddr *)&addr, sizeof(addr));
- if (ret < 0) {
- fprintf(stderr, "Cannot connect to %s: %s\n",
- path, strerror(errno));
- return -1;
- }
-
- memset(&bpf_aux, 0, sizeof(bpf_aux));
-
- bpf_aux.fds = ctx->map_fds;
- bpf_aux.ent = ctx->maps;
- bpf_aux.st = &ctx->stat;
- bpf_aux.obj = obj;
-
- ret = bpf_map_set_send(fd, &addr, sizeof(addr), &bpf_aux,
- bpf_maps_count(ctx));
- if (ret < 0)
- fprintf(stderr, "Cannot send fds to %s: %s\n",
- path, strerror(errno));
-
- bpf_maps_teardown(ctx);
- close(fd);
- return ret;
-}
-
-int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux,
- unsigned int entries)
-{
- struct sockaddr_un addr;
- int fd, ret;
-
- fd = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (fd < 0) {
- fprintf(stderr, "Cannot open socket: %s\n",
- strerror(errno));
- return -1;
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, path, sizeof(addr.sun_path));
-
- ret = bind(fd, (struct sockaddr *)&addr, sizeof(addr));
- if (ret < 0) {
- fprintf(stderr, "Cannot bind to socket: %s\n",
- strerror(errno));
- return -1;
- }
-
- ret = bpf_map_set_recv(fd, fds, aux, entries);
- if (ret < 0)
- fprintf(stderr, "Cannot recv fds from %s: %s\n",
- path, strerror(errno));
-
- unlink(addr.sun_path);
- close(fd);
- return ret;
-}
-#endif /* HAVE_ELF */
diff --git a/tc/tc_bpf.h b/tc/tc_bpf.h
deleted file mode 100644
index 526d0b1..0000000
--- a/tc/tc_bpf.h
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * tc_bpf.h BPF common code
- *
- * This program is free software; you can distribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- *
- * Authors: Daniel Borkmann <dborkman@redhat.com>
- * Jiri Pirko <jiri@resnulli.us>
- */
-
-#ifndef _TC_BPF_H_
-#define _TC_BPF_H_ 1
-
-#include <linux/netlink.h>
-#include <linux/bpf.h>
-#include <linux/magic.h>
-
-#include "utils.h"
-#include "bpf_scm.h"
-
-enum {
- BPF_NLA_OPS_LEN = 0,
- BPF_NLA_OPS,
- BPF_NLA_FD,
- BPF_NLA_NAME,
- __BPF_NLA_MAX,
-};
-
-#define BPF_NLA_MAX __BPF_NLA_MAX
-
-#define BPF_ENV_UDS "TC_BPF_UDS"
-#define BPF_ENV_MNT "TC_BPF_MNT"
-#define BPF_ENV_NOLOG "TC_BPF_NOLOG"
-
-#ifndef BPF_FS_MAGIC
-# define BPF_FS_MAGIC 0xcafe4a11
-#endif
-
-#define BPF_DIR_MNT "/sys/fs/bpf"
-
-#define BPF_DIR_TC "tc"
-#define BPF_DIR_GLOBALS "globals"
-
-#ifndef TRACEFS_MAGIC
-# define TRACEFS_MAGIC 0x74726163
-#endif
-
-#define TRACE_DIR_MNT "/sys/kernel/tracing"
-
-int bpf_trace_pipe(void);
-const char *bpf_default_section(const enum bpf_prog_type type);
-
-int bpf_parse_common(int *ptr_argc, char ***ptr_argv, const int *nla_tbl,
- enum bpf_prog_type type, const char **ptr_object,
- const char **ptr_uds_name, struct nlmsghdr *n);
-int bpf_graft_map(const char *map_path, uint32_t *key, int argc, char **argv);
-
-void bpf_print_ops(FILE *f, struct rtattr *bpf_ops, __u16 len);
-
-#ifdef HAVE_ELF
-int bpf_send_map_fds(const char *path, const char *obj);
-int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux,
- unsigned int entries);
-#else
-static inline int bpf_send_map_fds(const char *path, const char *obj)
-{
- return 0;
-}
-
-static inline int bpf_recv_map_fds(const char *path, int *fds,
- struct bpf_map_aux *aux,
- unsigned int entries)
-{
- return -1;
-}
-#endif /* HAVE_ELF */
-#endif /* _TC_BPF_H_ */
diff --git a/tc/tc_cbq.c b/tc/tc_cbq.c
index 0bb262e..5e50afa 100644
--- a/tc/tc_cbq.c
+++ b/tc/tc_cbq.c
@@ -24,8 +24,8 @@
#include "tc_core.h"
#include "tc_cbq.h"
-unsigned tc_cbq_calc_maxidle(unsigned bndw, unsigned rate, unsigned avpkt,
- int ewma_log, unsigned maxburst)
+unsigned int tc_cbq_calc_maxidle(unsigned int bndw, unsigned int rate, unsigned int avpkt,
+ int ewma_log, unsigned int maxburst)
{
double maxidle;
double g = 1.0 - 1.0/(1<<ewma_log);
@@ -34,6 +34,7 @@
maxidle = xmt*(1-g);
if (bndw != rate && maxburst) {
double vxmt = (double)avpkt/rate - xmt;
+
vxmt *= (pow(g, -(double)maxburst) - 1);
if (vxmt > maxidle)
maxidle = vxmt;
@@ -41,8 +42,8 @@
return tc_core_time2tick(maxidle*(1<<ewma_log)*TIME_UNITS_PER_SEC);
}
-unsigned tc_cbq_calc_offtime(unsigned bndw, unsigned rate, unsigned avpkt,
- int ewma_log, unsigned minburst)
+unsigned int tc_cbq_calc_offtime(unsigned int bndw, unsigned int rate, unsigned int avpkt,
+ int ewma_log, unsigned int minburst)
{
double g = 1.0 - 1.0/(1<<ewma_log);
double offtime = (double)avpkt/rate - (double)avpkt/bndw;
diff --git a/tc/tc_class.c b/tc/tc_class.c
index 3acd030..1a1f1fa 100644
--- a/tc/tc_class.c
+++ b/tc/tc_class.c
@@ -24,7 +24,7 @@
#include "utils.h"
#include "tc_util.h"
#include "tc_common.h"
-#include "hlist.h"
+#include "list.h"
struct graph_node {
struct hlist_node hlist;
@@ -52,30 +52,24 @@
fprintf(stderr, "Where:\n");
fprintf(stderr, "QDISC_KIND := { prio | cbq | etc. }\n");
fprintf(stderr, "OPTIONS := ... try tc class add <desired QDISC_KIND> help\n");
- return;
}
-static int tc_class_modify(int cmd, unsigned flags, int argc, char **argv)
+static int tc_class_modify(int cmd, unsigned int flags, int argc, char **argv)
{
struct {
- struct nlmsghdr n;
- struct tcmsg t;
- char buf[4096];
- } req;
+ struct nlmsghdr n;
+ struct tcmsg t;
+ char buf[4096];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .t.tcm_family = AF_UNSPEC,
+ };
struct qdisc_util *q = NULL;
- struct tc_estimator est;
- char d[16];
- char k[16];
-
- memset(&req, 0, sizeof(req));
- memset(&est, 0, sizeof(est));
- memset(d, 0, sizeof(d));
- memset(k, 0, sizeof(k));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.t.tcm_family = AF_UNSPEC;
+ struct tc_estimator est = {};
+ char d[16] = {};
+ char k[16] = {};
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
@@ -85,6 +79,7 @@
strncpy(d, *argv, sizeof(d)-1);
} else if (strcmp(*argv, "classid") == 0) {
__u32 handle;
+
NEXT_ARG();
if (req.t.tcm_handle)
duparg("classid", *argv);
@@ -102,6 +97,7 @@
req.t.tcm_parent = TC_H_ROOT;
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
+
NEXT_ARG();
if (req.t.tcm_parent)
duparg("parent", *argv);
@@ -166,9 +162,8 @@
static void graph_node_add(__u32 parent_id, __u32 id, void *data,
int len)
{
- struct graph_node *node = malloc(sizeof(struct graph_node));
+ struct graph_node *node = calloc(1, sizeof(struct graph_node));
- memset(node, 0, sizeof(*node));
node->id = id;
node->parent_id = parent_id;
@@ -223,7 +218,7 @@
{
struct hlist_node *n, *tmp_cls;
char cls_id_str[256] = {};
- struct rtattr *tb[TCA_MAX + 1] = {};
+ struct rtattr *tb[TCA_MAX + 1];
struct qdisc_util *q;
char str[100] = {};
@@ -305,10 +300,10 @@
int print_class(const struct sockaddr_nl *who,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct tcmsg *t = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr *tb[TCA_MAX + 1] = {};
+ struct rtattr *tb[TCA_MAX + 1];
struct qdisc_util *q;
char abuf[256];
@@ -393,14 +388,10 @@
static int tc_class_list(int argc, char **argv)
{
- struct tcmsg t;
- char d[16];
+ struct tcmsg t = { .tcm_family = AF_UNSPEC };
+ char d[16] = {};
char buf[1024] = {0};
- memset(&t, 0, sizeof(t));
- t.tcm_family = AF_UNSPEC;
- memset(d, 0, sizeof(d));
-
filter_qdisc = 0;
filter_classid = 0;
@@ -430,6 +421,7 @@
t.tcm_parent = TC_H_ROOT;
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
+
if (t.tcm_parent)
duparg("parent", *argv);
NEXT_ARG();
diff --git a/tc/tc_core.c b/tc/tc_core.c
index 46eaefb..821b741 100644
--- a/tc/tc_core.c
+++ b/tc/tc_core.c
@@ -12,6 +12,7 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stdint.h>
#include <unistd.h>
#include <syslog.h>
#include <fcntl.h>
@@ -27,7 +28,7 @@
static double tick_in_usec = 1;
static double clock_factor = 1;
-int tc_core_time2big(unsigned time)
+int tc_core_time2big(unsigned int time)
{
__u64 t = time;
@@ -36,32 +37,32 @@
}
-unsigned tc_core_time2tick(unsigned time)
+unsigned int tc_core_time2tick(unsigned int time)
{
return time*tick_in_usec;
}
-unsigned tc_core_tick2time(unsigned tick)
+unsigned int tc_core_tick2time(unsigned int tick)
{
return tick/tick_in_usec;
}
-unsigned tc_core_time2ktime(unsigned time)
+unsigned int tc_core_time2ktime(unsigned int time)
{
return time * clock_factor;
}
-unsigned tc_core_ktime2time(unsigned ktime)
+unsigned int tc_core_ktime2time(unsigned int ktime)
{
return ktime / clock_factor;
}
-unsigned tc_calc_xmittime(__u64 rate, unsigned size)
+unsigned int tc_calc_xmittime(__u64 rate, unsigned int size)
{
return tc_core_time2tick(TIME_UNITS_PER_SEC*((double)size/(double)rate));
}
-unsigned tc_calc_xmitsize(__u64 rate, unsigned ticks)
+unsigned int tc_calc_xmitsize(__u64 rate, unsigned int ticks)
{
return ((double)rate*tc_core_tick2time(ticks))/TIME_UNITS_PER_SEC;
}
@@ -76,9 +77,10 @@
* (as the table will always be aligned for 48 bytes).
* --Hawk, d.7/11-2004. <hawk@diku.dk>
*/
-static unsigned tc_align_to_atm(unsigned size)
+static unsigned int tc_align_to_atm(unsigned int size)
{
int linksize, cells;
+
cells = size / ATM_CELL_PAYLOAD;
if ((size % ATM_CELL_PAYLOAD) > 0)
cells++;
@@ -87,7 +89,7 @@
return linksize;
}
-static unsigned tc_adjust_size(unsigned sz, unsigned mpu, enum link_layer linklayer)
+static unsigned int tc_adjust_size(unsigned int sz, unsigned int mpu, enum link_layer linklayer)
{
if (sz < mpu)
sz = mpu;
@@ -97,7 +99,7 @@
return tc_align_to_atm(sz);
case LINKLAYER_ETHERNET:
default:
- // No size adjustments on Ethernet
+ /* No size adjustments on Ethernet */
return sz;
}
}
@@ -122,13 +124,13 @@
*/
int tc_calc_rtable(struct tc_ratespec *r, __u32 *rtab,
- int cell_log, unsigned mtu,
+ int cell_log, unsigned int mtu,
enum link_layer linklayer)
{
int i;
- unsigned sz;
- unsigned bps = r->rate;
- unsigned mpu = r->mpu;
+ unsigned int sz;
+ unsigned int bps = r->rate;
+ unsigned int mpu = r->mpu;
if (mtu == 0)
mtu = 2047;
@@ -139,13 +141,13 @@
cell_log++;
}
- for (i=0; i<256; i++) {
+ for (i = 0; i < 256; i++) {
sz = tc_adjust_size((i + 1) << cell_log, mpu, linklayer);
rtab[i] = tc_calc_xmittime(bps, sz);
}
- r->cell_align=-1; // Due to the sz calc
- r->cell_log=cell_log;
+ r->cell_align = -1;
+ r->cell_log = cell_log;
r->linklayer = (linklayer & TC_LINKLAYER_MASK);
return cell_log;
}
@@ -193,7 +195,7 @@
(*stab)[i] = sz >> s->size_log;
}
- s->cell_align = -1; // Due to the sz calc
+ s->cell_align = -1; /* Due to the sz calc */
return 0;
}
diff --git a/tc/tc_estimator.c b/tc/tc_estimator.c
index e559add..c40eea9 100644
--- a/tc/tc_estimator.c
+++ b/tc/tc_estimator.c
@@ -23,22 +23,23 @@
#include "tc_core.h"
-int tc_setup_estimator(unsigned A, unsigned time_const, struct tc_estimator *est)
+int tc_setup_estimator(unsigned int A, unsigned int time_const, struct tc_estimator *est)
{
- for (est->interval=0; est->interval<=5; est->interval++) {
+ for (est->interval = 0; est->interval <= 5; est->interval++) {
if (A <= (1<<est->interval)*(TIME_UNITS_PER_SEC/4))
break;
}
if (est->interval > 5)
return -1;
est->interval -= 2;
- for (est->ewma_log=1; est->ewma_log<32; est->ewma_log++) {
+ for (est->ewma_log = 1; est->ewma_log < 32; est->ewma_log++) {
double w = 1.0 - 1.0/(1<<est->ewma_log);
+
if (A/(-log(w)) > time_const)
break;
}
est->ewma_log--;
- if (est->ewma_log==0 || est->ewma_log >= 31)
+ if (est->ewma_log == 0 || est->ewma_log >= 31)
return -1;
return 0;
}
diff --git a/tc/tc_exec.c b/tc/tc_exec.c
index 61be672..d23a825 100644
--- a/tc/tc_exec.c
+++ b/tc/tc_exec.c
@@ -19,7 +19,7 @@
#include "tc_common.h"
static struct exec_util *exec_list;
-static void *BODY = NULL;
+static void *BODY;
static void usage(void)
{
@@ -32,8 +32,8 @@
static int parse_noeopt(struct exec_util *eu, int argc, char **argv)
{
if (argc) {
- fprintf(stderr, "Unknown exec \"%s\", hence option \"%s\" "
- "is unparsable\n", eu->id, *argv);
+ fprintf(stderr, "Unknown exec \"%s\", hence option \"%s\" is unparsable\n",
+ eu->id, *argv);
return -1;
}
@@ -71,9 +71,8 @@
return eu;
noexist:
- eu = malloc(sizeof(*eu));
+ eu = calloc(1, sizeof(*eu));
if (eu) {
- memset(eu, 0, sizeof(*eu));
strncpy(eu->id, name, sizeof(eu->id) - 1);
eu->parse_eopt = parse_noeopt;
goto reg;
@@ -85,7 +84,7 @@
int do_exec(int argc, char **argv)
{
struct exec_util *eu;
- char kind[16];
+ char kind[16] = {};
if (argc < 1) {
fprintf(stderr, "No command given, try \"tc exec help\".\n");
@@ -97,7 +96,6 @@
return 0;
}
- memset(kind, 0, sizeof(kind));
strncpy(kind, *argv, sizeof(kind) - 1);
eu = get_exec_kind(kind);
diff --git a/tc/tc_filter.c b/tc/tc_filter.c
index 1a1082b..cf290ae 100644
--- a/tc/tc_filter.c
+++ b/tc/tc_filter.c
@@ -28,45 +28,43 @@
static void usage(void)
{
- fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n");
- fprintf(stderr, " [ pref PRIO ] protocol PROTO\n");
- fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n");
- fprintf(stderr, " [ root | ingress | egress | parent CLASSID ]\n");
- fprintf(stderr, " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n");
- fprintf(stderr, "\n");
- fprintf(stderr, " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n");
- fprintf(stderr, "Where:\n");
- fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n");
- fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n");
- fprintf(stderr, "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
+ fprintf(stderr,
+ "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"
+ "Usage: tc filter get dev STRING parent CLASSID protocol PROTO handle FILTERID pref PRIO FILTER_TYPE\n"
+ " [ pref PRIO ] protocol PROTO [ chain CHAIN_INDEX ]\n"
+ " [ estimator INTERVAL TIME_CONSTANT ]\n"
+ " [ root | ingress | egress | parent CLASSID ]\n"
+ " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"
+ "\n"
+ " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"
+ "Where:\n"
+ "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n"
+ "FILTERID := ... format depends on classifier, see there\n"
+ "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
}
-static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv)
+static int tc_filter_modify(int cmd, unsigned int flags, int argc, char **argv)
{
struct {
- struct nlmsghdr n;
- struct tcmsg t;
- char buf[MAX_MSG];
- } req;
+ struct nlmsghdr n;
+ struct tcmsg t;
+ char buf[MAX_MSG];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .t.tcm_family = AF_UNSPEC,
+ };
struct filter_util *q = NULL;
__u32 prio = 0;
__u32 protocol = 0;
int protocol_set = 0;
+ __u32 chain_index;
+ int chain_index_set = 0;
char *fhandle = NULL;
- char d[16];
- char k[16];
- struct tc_estimator est;
-
- memset(&req, 0, sizeof(req));
- memset(&est, 0, sizeof(est));
- memset(d, 0, sizeof(d));
- memset(k, 0, sizeof(k));
- memset(&req, 0, sizeof(req));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.t.tcm_family = AF_UNSPEC;
+ char d[16] = {};
+ char k[16] = {};
+ struct tc_estimator est = {};
if (cmd == RTM_NEWTFILTER && flags & NLM_F_CREATE)
protocol = htons(ETH_P_ALL);
@@ -79,26 +77,30 @@
strncpy(d, *argv, sizeof(d)-1);
} else if (strcmp(*argv, "root") == 0) {
if (req.t.tcm_parent) {
- fprintf(stderr, "Error: \"root\" is duplicate parent ID\n");
+ fprintf(stderr,
+ "Error: \"root\" is duplicate parent ID\n");
return -1;
}
req.t.tcm_parent = TC_H_ROOT;
} else if (strcmp(*argv, "ingress") == 0) {
if (req.t.tcm_parent) {
- fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n");
+ fprintf(stderr,
+ "Error: \"ingress\" is duplicate parent ID\n");
return -1;
}
req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
TC_H_MIN_INGRESS);
} else if (strcmp(*argv, "egress") == 0) {
if (req.t.tcm_parent) {
- fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n");
+ fprintf(stderr,
+ "Error: \"egress\" is duplicate parent ID\n");
return -1;
}
req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
TC_H_MIN_EGRESS);
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
+
NEXT_ARG();
if (req.t.tcm_parent)
duparg("parent", *argv);
@@ -119,6 +121,7 @@
invarg("invalid priority value", *argv);
} else if (matches(*argv, "protocol") == 0) {
__u16 id;
+
NEXT_ARG();
if (protocol_set)
duparg("protocol", *argv);
@@ -126,6 +129,13 @@
invarg("invalid protocol", *argv);
protocol = id;
protocol_set = 1;
+ } else if (matches(*argv, "chain") == 0) {
+ NEXT_ARG();
+ if (chain_index_set)
+ duparg("chain", *argv);
+ if (get_u32(&chain_index, *argv, 0))
+ invarg("invalid chain index value", *argv);
+ chain_index_set = 1;
} else if (matches(*argv, "estimator") == 0) {
if (parse_estimator(&argc, &argv, &est) < 0)
return -1;
@@ -145,6 +155,9 @@
req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
+ if (chain_index_set)
+ addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
+
if (k[0])
addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1);
@@ -153,17 +166,20 @@
return 1;
} else {
if (fhandle) {
- fprintf(stderr, "Must specify filter type when using "
- "\"handle\"\n");
+ fprintf(stderr,
+ "Must specify filter type when using \"handle\"\n");
return -1;
}
if (argc) {
if (matches(*argv, "help") == 0)
usage();
- fprintf(stderr, "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n", *argv);
+ fprintf(stderr,
+ "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
+ *argv);
return -1;
}
}
+
if (est.ewma_log)
addattr_l(&req.n, sizeof(req), TCA_RATE, &est, sizeof(est));
@@ -171,7 +187,8 @@
if (d[0]) {
ll_init_map(&rth);
- if ((req.t.tcm_ifindex = ll_name_to_index(d)) == 0) {
+ req.t.tcm_ifindex = ll_name_to_index(d);
+ if (req.t.tcm_ifindex == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", d);
return 1;
}
@@ -189,21 +206,23 @@
static int filter_ifindex;
static __u32 filter_prio;
static __u32 filter_protocol;
-__u16 f_proto = 0;
+static __u32 filter_chain_index;
+static int filter_chain_index_set;
+__u16 f_proto;
-int print_filter(const struct sockaddr_nl *who,
- struct nlmsghdr *n,
- void *arg)
+int print_filter(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct tcmsg *t = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[TCA_MAX+1];
+ struct rtattr *tb[TCA_MAX+1];
struct filter_util *q;
char abuf[256];
- if (n->nlmsg_type != RTM_NEWTFILTER && n->nlmsg_type != RTM_DELTFILTER) {
- fprintf(stderr, "Not a filter\n");
+ if (n->nlmsg_type != RTM_NEWTFILTER &&
+ n->nlmsg_type != RTM_GETTFILTER &&
+ n->nlmsg_type != RTM_DELTFILTER) {
+ fprintf(stderr, "Not a filter(cmd %d)\n", n->nlmsg_type);
return 0;
}
len -= NLMSG_LENGTH(sizeof(*t));
@@ -212,7 +231,6 @@
return -1;
}
- memset(tb, 0, sizeof(tb));
parse_rtattr(tb, TCA_MAX, TCA_RTA(t), len);
if (tb[TCA_KIND] == NULL) {
@@ -223,6 +241,16 @@
if (n->nlmsg_type == RTM_DELTFILTER)
fprintf(fp, "deleted ");
+ if (n->nlmsg_type == RTM_NEWTFILTER &&
+ (n->nlmsg_flags & NLM_F_CREATE) &&
+ !(n->nlmsg_flags & NLM_F_EXCL))
+ fprintf(fp, "replaced ");
+
+ if (n->nlmsg_type == RTM_NEWTFILTER &&
+ (n->nlmsg_flags & NLM_F_CREATE) &&
+ (n->nlmsg_flags & NLM_F_EXCL))
+ fprintf(fp, "added ");
+
fprintf(fp, "filter ");
if (!filter_ifindex || filter_ifindex != t->tcm_ifindex)
fprintf(fp, "dev %s ", ll_index_to_name(t->tcm_ifindex));
@@ -243,6 +271,7 @@
if (t->tcm_info) {
f_proto = TC_H_MIN(t->tcm_info);
__u32 prio = TC_H_MAJ(t->tcm_info)>>16;
+
if (!filter_protocol || filter_protocol != f_proto) {
if (f_proto) {
SPRINT_BUF(b1);
@@ -256,6 +285,15 @@
}
}
fprintf(fp, "%s ", rta_getattr_str(tb[TCA_KIND]));
+
+ if (tb[TCA_CHAIN]) {
+ __u32 chain_index = rta_getattr_u32(tb[TCA_CHAIN]);
+
+ if (!filter_chain_index_set ||
+ filter_chain_index != chain_index)
+ fprintf(fp, "chain %u ", chain_index);
+ }
+
q = get_filter_kind(RTA_DATA(tb[TCA_KIND]));
if (tb[TCA_OPTIONS]) {
if (q)
@@ -274,17 +312,35 @@
return 0;
}
-static int tc_filter_list(int argc, char **argv)
+static int tc_filter_get(int cmd, unsigned int flags, int argc, char **argv)
{
- struct tcmsg t;
- char d[16];
+ struct {
+ struct nlmsghdr n;
+ struct tcmsg t;
+ char buf[MAX_MSG];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
+ /* NLM_F_ECHO is for backward compatibility. old kernels never
+ * respond without it and newer kernels will ignore it.
+ * In old kernels there is a side effect:
+ * In addition to a response to the GET you will receive an
+ * event (if you do tc mon).
+ */
+ .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ECHO | flags,
+ .n.nlmsg_type = cmd,
+ .t.tcm_parent = TC_H_UNSPEC,
+ .t.tcm_family = AF_UNSPEC,
+ };
+ struct filter_util *q = NULL;
__u32 prio = 0;
__u32 protocol = 0;
+ int protocol_set = 0;
+ __u32 chain_index;
+ int chain_index_set = 0;
+ __u32 parent_handle = 0;
char *fhandle = NULL;
-
- memset(&t, 0, sizeof(t));
- t.tcm_family = AF_UNSPEC;
- memset(d, 0, sizeof(d));
+ char d[16] = {};
+ char k[16] = {};
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
@@ -293,35 +349,209 @@
duparg("dev", *argv);
strncpy(d, *argv, sizeof(d)-1);
} else if (strcmp(*argv, "root") == 0) {
- if (t.tcm_parent) {
- fprintf(stderr, "Error: \"root\" is duplicate parent ID\n");
+ if (req.t.tcm_parent) {
+ fprintf(stderr,
+ "Error: \"root\" is duplicate parent ID\n");
return -1;
}
- filter_parent = t.tcm_parent = TC_H_ROOT;
+ req.t.tcm_parent = TC_H_ROOT;
} else if (strcmp(*argv, "ingress") == 0) {
- if (t.tcm_parent) {
- fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n");
+ if (req.t.tcm_parent) {
+ fprintf(stderr,
+ "Error: \"ingress\" is duplicate parent ID\n");
+ return -1;
+ }
+ req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
+ TC_H_MIN_INGRESS);
+ } else if (strcmp(*argv, "egress") == 0) {
+ if (req.t.tcm_parent) {
+ fprintf(stderr,
+ "Error: \"egress\" is duplicate parent ID\n");
+ return -1;
+ }
+ req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
+ TC_H_MIN_EGRESS);
+ } else if (strcmp(*argv, "parent") == 0) {
+
+ NEXT_ARG();
+ if (req.t.tcm_parent)
+ duparg("parent", *argv);
+ if (get_tc_classid(&parent_handle, *argv))
+ invarg("Invalid parent ID", *argv);
+ req.t.tcm_parent = parent_handle;
+ } else if (strcmp(*argv, "handle") == 0) {
+ NEXT_ARG();
+ if (fhandle)
+ duparg("handle", *argv);
+ fhandle = *argv;
+ } else if (matches(*argv, "preference") == 0 ||
+ matches(*argv, "priority") == 0) {
+ NEXT_ARG();
+ if (prio)
+ duparg("priority", *argv);
+ if (get_u32(&prio, *argv, 0) || prio > 0xFFFF)
+ invarg("invalid priority value", *argv);
+ } else if (matches(*argv, "protocol") == 0) {
+ __u16 id;
+
+ NEXT_ARG();
+ if (protocol_set)
+ duparg("protocol", *argv);
+ if (ll_proto_a2n(&id, *argv))
+ invarg("invalid protocol", *argv);
+ protocol = id;
+ protocol_set = 1;
+ } else if (matches(*argv, "chain") == 0) {
+ NEXT_ARG();
+ if (chain_index_set)
+ duparg("chain", *argv);
+ if (get_u32(&chain_index, *argv, 0))
+ invarg("invalid chain index value", *argv);
+ chain_index_set = 1;
+ } else if (matches(*argv, "help") == 0) {
+ usage();
+ return 0;
+ } else {
+ if (!**argv)
+ invarg("invalid filter name", *argv);
+
+ strncpy(k, *argv, sizeof(k)-1);
+
+ q = get_filter_kind(k);
+ argc--; argv++;
+ break;
+ }
+
+ argc--; argv++;
+ }
+
+ if (!protocol_set) {
+ fprintf(stderr, "Must specify filter protocol\n");
+ return -1;
+ }
+
+ if (!prio) {
+ fprintf(stderr, "Must specify filter priority\n");
+ return -1;
+ }
+
+ req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
+
+ if (chain_index_set)
+ addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
+
+ if (req.t.tcm_parent == TC_H_UNSPEC) {
+ fprintf(stderr, "Must specify filter parent\n");
+ return -1;
+ }
+
+ if (k[0])
+ addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1);
+ else {
+ fprintf(stderr, "Must specify filter type\n");
+ return -1;
+ }
+
+ if (q->parse_fopt(q, fhandle, argc, argv, &req.n))
+ return 1;
+
+
+ if (!fhandle) {
+ fprintf(stderr, "Must specify filter \"handle\"\n");
+ return -1;
+ }
+
+ if (argc) {
+ if (matches(*argv, "help") == 0)
+ usage();
+ fprintf(stderr,
+ "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
+ *argv);
+ return -1;
+ }
+
+ if (d[0]) {
+ ll_init_map(&rth);
+
+ req.t.tcm_ifindex = ll_name_to_index(d);
+ if (req.t.tcm_ifindex == 0) {
+ fprintf(stderr, "Cannot find device \"%s\"\n", d);
+ return 1;
+ }
+ filter_ifindex = req.t.tcm_ifindex;
+ } else {
+ fprintf(stderr, "Must specify netdevice \"dev\"\n");
+ return -1;
+ }
+
+ if (rtnl_talk(&rth, &req.n, &req.n, MAX_MSG) < 0) {
+ fprintf(stderr, "We have an error talking to the kernel\n");
+ return 2;
+ }
+
+ print_filter(NULL, &req.n, (void *)stdout);
+
+ return 0;
+}
+
+static int tc_filter_list(int argc, char **argv)
+{
+ struct {
+ struct nlmsghdr n;
+ struct tcmsg t;
+ char buf[MAX_MSG];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
+ .n.nlmsg_type = RTM_GETTFILTER,
+ .t.tcm_parent = TC_H_UNSPEC,
+ .t.tcm_family = AF_UNSPEC,
+ };
+ char d[16] = {};
+ __u32 prio = 0;
+ __u32 protocol = 0;
+ __u32 chain_index;
+ char *fhandle = NULL;
+
+ while (argc > 0) {
+ if (strcmp(*argv, "dev") == 0) {
+ NEXT_ARG();
+ if (d[0])
+ duparg("dev", *argv);
+ strncpy(d, *argv, sizeof(d)-1);
+ } else if (strcmp(*argv, "root") == 0) {
+ if (req.t.tcm_parent) {
+ fprintf(stderr,
+ "Error: \"root\" is duplicate parent ID\n");
+ return -1;
+ }
+ filter_parent = req.t.tcm_parent = TC_H_ROOT;
+ } else if (strcmp(*argv, "ingress") == 0) {
+ if (req.t.tcm_parent) {
+ fprintf(stderr,
+ "Error: \"ingress\" is duplicate parent ID\n");
return -1;
}
filter_parent = TC_H_MAKE(TC_H_CLSACT,
TC_H_MIN_INGRESS);
- t.tcm_parent = filter_parent;
+ req.t.tcm_parent = filter_parent;
} else if (strcmp(*argv, "egress") == 0) {
- if (t.tcm_parent) {
- fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n");
+ if (req.t.tcm_parent) {
+ fprintf(stderr,
+ "Error: \"egress\" is duplicate parent ID\n");
return -1;
}
filter_parent = TC_H_MAKE(TC_H_CLSACT,
TC_H_MIN_EGRESS);
- t.tcm_parent = filter_parent;
+ req.t.tcm_parent = filter_parent;
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
+
NEXT_ARG();
- if (t.tcm_parent)
+ if (req.t.tcm_parent)
duparg("parent", *argv);
if (get_tc_classid(&handle, *argv))
invarg("invalid parent ID", *argv);
- filter_parent = t.tcm_parent = handle;
+ filter_parent = req.t.tcm_parent = handle;
} else if (strcmp(*argv, "handle") == 0) {
NEXT_ARG();
if (fhandle)
@@ -337,6 +567,7 @@
filter_prio = prio;
} else if (matches(*argv, "protocol") == 0) {
__u16 res;
+
NEXT_ARG();
if (protocol)
duparg("protocol", *argv);
@@ -344,29 +575,43 @@
invarg("invalid protocol", *argv);
protocol = res;
filter_protocol = protocol;
+ } else if (matches(*argv, "chain") == 0) {
+ NEXT_ARG();
+ if (filter_chain_index_set)
+ duparg("chain", *argv);
+ if (get_u32(&chain_index, *argv, 0))
+ invarg("invalid chain index value", *argv);
+ filter_chain_index_set = 1;
+ filter_chain_index = chain_index;
} else if (matches(*argv, "help") == 0) {
usage();
} else {
- fprintf(stderr, " What is \"%s\"? Try \"tc filter help\"\n", *argv);
+ fprintf(stderr,
+ " What is \"%s\"? Try \"tc filter help\"\n",
+ *argv);
return -1;
}
argc--; argv++;
}
- t.tcm_info = TC_H_MAKE(prio<<16, protocol);
+ req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
ll_init_map(&rth);
if (d[0]) {
- if ((t.tcm_ifindex = ll_name_to_index(d)) == 0) {
+ req.t.tcm_ifindex = ll_name_to_index(d);
+ if (req.t.tcm_ifindex == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", d);
return 1;
}
- filter_ifindex = t.tcm_ifindex;
+ filter_ifindex = req.t.tcm_ifindex;
}
- if (rtnl_dump_request(&rth, RTM_GETTFILTER, &t, sizeof(t)) < 0) {
+ if (filter_chain_index_set)
+ addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
+
+ if (rtnl_dump_request_n(&rth, &req.n) < 0) {
perror("Cannot send dump request");
return 1;
}
@@ -384,24 +629,25 @@
if (argc < 1)
return tc_filter_list(0, NULL);
if (matches(*argv, "add") == 0)
- return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE, argc-1, argv+1);
+ return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE,
+ argc-1, argv+1);
if (matches(*argv, "change") == 0)
return tc_filter_modify(RTM_NEWTFILTER, 0, argc-1, argv+1);
if (matches(*argv, "replace") == 0)
- return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1, argv+1);
+ return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1,
+ argv+1);
if (matches(*argv, "delete") == 0)
return tc_filter_modify(RTM_DELTFILTER, 0, argc-1, argv+1);
-#if 0
if (matches(*argv, "get") == 0)
return tc_filter_get(RTM_GETTFILTER, 0, argc-1, argv+1);
-#endif
if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0
|| matches(*argv, "lst") == 0)
return tc_filter_list(argc-1, argv+1);
if (matches(*argv, "help") == 0) {
usage();
return 0;
- }
- fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n", *argv);
+ }
+ fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n",
+ *argv);
return -1;
}
diff --git a/tc/tc_monitor.c b/tc/tc_monitor.c
index ebb9432..83142cb 100644
--- a/tc/tc_monitor.c
+++ b/tc/tc_monitor.c
@@ -39,7 +39,7 @@
struct rtnl_ctrl_data *ctrl,
struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
if (timestamp)
print_timestamp(fp);
@@ -73,7 +73,7 @@
{
struct rtnl_handle rth;
char *file = NULL;
- unsigned groups = nl_mgrp(RTNLGRP_TC);
+ unsigned int groups = nl_mgrp(RTNLGRP_TC);
while (argc > 0) {
if (matches(*argv, "file") == 0) {
@@ -109,7 +109,7 @@
ll_init_map(&rth);
- if (rtnl_listen(&rth, accept_tcmsg, (void*)stdout) < 0) {
+ if (rtnl_listen(&rth, accept_tcmsg, (void *)stdout) < 0) {
rtnl_close(&rth);
exit(2);
}
diff --git a/tc/tc_qdisc.c b/tc/tc_qdisc.c
index cb861e0..493538c 100644
--- a/tc/tc_qdisc.c
+++ b/tc/tc_qdisc.c
@@ -34,7 +34,7 @@
fprintf(stderr, " [ stab [ help | STAB_OPTIONS] ]\n");
fprintf(stderr, " [ [ QDISC_KIND ] [ help | OPTIONS ] ]\n");
fprintf(stderr, "\n");
- fprintf(stderr, " tc qdisc show [ dev STRING ] [ ingress | clsact ]\n");
+ fprintf(stderr, " tc qdisc show [ dev STRING ] [ ingress | clsact ] [ invisible ]\n");
fprintf(stderr, "Where:\n");
fprintf(stderr, "QDISC_KIND := { [p|b]fifo | tbf | prio | cbq | red | etc. }\n");
fprintf(stderr, "OPTIONS := ... try tc qdisc add <desired QDISC_KIND> help\n");
@@ -42,32 +42,26 @@
return -1;
}
-static int tc_qdisc_modify(int cmd, unsigned flags, int argc, char **argv)
+static int tc_qdisc_modify(int cmd, unsigned int flags, int argc, char **argv)
{
struct qdisc_util *q = NULL;
- struct tc_estimator est;
+ struct tc_estimator est = {};
struct {
struct tc_sizespec szopts;
__u16 *data;
- } stab;
- char d[16];
- char k[16];
+ } stab = {};
+ char d[16] = {};
+ char k[16] = {};
struct {
- struct nlmsghdr n;
- struct tcmsg t;
- char buf[TCA_BUF_MAX];
- } req;
-
- memset(&req, 0, sizeof(req));
- memset(&stab, 0, sizeof(stab));
- memset(&est, 0, sizeof(est));
- memset(&d, 0, sizeof(d));
- memset(&k, 0, sizeof(k));
-
- req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
- req.n.nlmsg_flags = NLM_F_REQUEST|flags;
- req.n.nlmsg_type = cmd;
- req.t.tcm_family = AF_UNSPEC;
+ struct nlmsghdr n;
+ struct tcmsg t;
+ char buf[TCA_BUF_MAX];
+ } req = {
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
+ .n.nlmsg_flags = NLM_F_REQUEST | flags,
+ .n.nlmsg_type = cmd,
+ .t.tcm_family = AF_UNSPEC,
+ };
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
@@ -77,6 +71,7 @@
strncpy(d, *argv, sizeof(d)-1);
} else if (strcmp(*argv, "handle") == 0) {
__u32 handle;
+
if (req.t.tcm_handle)
duparg("handle", *argv);
NEXT_ARG();
@@ -113,6 +108,7 @@
break;
} else if (strcmp(*argv, "parent") == 0) {
__u32 handle;
+
NEXT_ARG();
if (req.t.tcm_parent)
duparg("parent", *argv);
@@ -186,7 +182,8 @@
ll_init_map(&rth);
- if ((idx = ll_name_to_index(d)) == 0) {
+ idx = ll_name_to_index(d);
+ if (idx == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", d);
return 1;
}
@@ -202,13 +199,12 @@
static int filter_ifindex;
int print_qdisc(const struct sockaddr_nl *who,
- struct nlmsghdr *n,
- void *arg)
+ struct nlmsghdr *n, void *arg)
{
- FILE *fp = (FILE*)arg;
+ FILE *fp = (FILE *)arg;
struct tcmsg *t = NLMSG_DATA(n);
int len = n->nlmsg_len;
- struct rtattr * tb[TCA_MAX+1];
+ struct rtattr *tb[TCA_MAX+1];
struct qdisc_util *q;
char abuf[256];
@@ -225,7 +221,6 @@
if (filter_ifindex && filter_ifindex != t->tcm_ifindex)
return 0;
- memset(tb, 0, sizeof(tb));
parse_rtattr(tb, TCA_MAX, TCA_RTA(t), len);
if (tb[TCA_KIND] == NULL) {
@@ -236,21 +231,39 @@
if (n->nlmsg_type == RTM_DELQDISC)
fprintf(fp, "deleted ");
- fprintf(fp, "qdisc %s %x: ", rta_getattr_str(tb[TCA_KIND]), t->tcm_handle>>16);
+ if (n->nlmsg_type == RTM_NEWQDISC &&
+ (n->nlmsg_flags & NLM_F_CREATE) &&
+ (n->nlmsg_flags & NLM_F_REPLACE))
+ fprintf(fp, "replaced ");
+
+ if (n->nlmsg_type == RTM_NEWQDISC &&
+ (n->nlmsg_flags & NLM_F_CREATE) &&
+ (n->nlmsg_flags & NLM_F_EXCL))
+ fprintf(fp, "added ");
+
+ if (show_raw)
+ fprintf(fp, "qdisc %s %x:[%08x] ",
+ rta_getattr_str(tb[TCA_KIND]),
+ t->tcm_handle >> 16, t->tcm_handle);
+ else
+ fprintf(fp, "qdisc %s %x: ", rta_getattr_str(tb[TCA_KIND]),
+ t->tcm_handle >> 16);
+
if (filter_ifindex == 0)
fprintf(fp, "dev %s ", ll_index_to_name(t->tcm_ifindex));
+
if (t->tcm_parent == TC_H_ROOT)
fprintf(fp, "root ");
else if (t->tcm_parent) {
print_tc_classid(abuf, sizeof(abuf), t->tcm_parent);
fprintf(fp, "parent %s ", abuf);
}
- if (t->tcm_info != 1) {
- fprintf(fp, "refcnt %d ", t->tcm_info);
- }
- /* pfifo_fast is generic enough to warrant the hardcoding --JHS */
- if (0 == strcmp("pfifo_fast", RTA_DATA(tb[TCA_KIND])))
+ if (t->tcm_info != 1)
+ fprintf(fp, "refcnt %d ", t->tcm_info);
+
+ /* pfifo_fast is generic enough to warrant the hardcoding --JHS */
+ if (strcmp("pfifo_fast", RTA_DATA(tb[TCA_KIND])) == 0)
q = get_qdisc_kind("prio");
else
q = get_qdisc_kind(RTA_DATA(tb[TCA_KIND]));
@@ -262,10 +275,12 @@
fprintf(fp, "[cannot parse qdisc parameters]");
}
fprintf(fp, "\n");
+
if (show_details && tb[TCA_STAB]) {
print_size_table(fp, " ", tb[TCA_STAB]);
fprintf(fp, "\n");
}
+
if (show_stats) {
struct rtattr *xstats = NULL;
@@ -285,26 +300,25 @@
static int tc_qdisc_list(int argc, char **argv)
{
- struct tcmsg t;
- char d[16];
-
- memset(&t, 0, sizeof(t));
- t.tcm_family = AF_UNSPEC;
- memset(&d, 0, sizeof(d));
+ struct tcmsg t = { .tcm_family = AF_UNSPEC };
+ char d[16] = {};
+ bool dump_invisible = false;
while (argc > 0) {
if (strcmp(*argv, "dev") == 0) {
NEXT_ARG();
strncpy(d, *argv, sizeof(d)-1);
- } else if (strcmp(*argv, "ingress") == 0 ||
+ } else if (strcmp(*argv, "ingress") == 0 ||
strcmp(*argv, "clsact") == 0) {
- if (t.tcm_parent) {
- fprintf(stderr, "Duplicate parent ID\n");
- usage();
- }
- t.tcm_parent = TC_H_INGRESS;
+ if (t.tcm_parent) {
+ fprintf(stderr, "Duplicate parent ID\n");
+ usage();
+ }
+ t.tcm_parent = TC_H_INGRESS;
} else if (matches(*argv, "help") == 0) {
usage();
+ } else if (strcmp(*argv, "invisible") == 0) {
+ dump_invisible = true;
} else {
fprintf(stderr, "What is \"%s\"? Try \"tc qdisc help\".\n", *argv);
return -1;
@@ -316,14 +330,33 @@
ll_init_map(&rth);
if (d[0]) {
- if ((t.tcm_ifindex = ll_name_to_index(d)) == 0) {
+ t.tcm_ifindex = ll_name_to_index(d);
+ if (t.tcm_ifindex == 0) {
fprintf(stderr, "Cannot find device \"%s\"\n", d);
return 1;
}
filter_ifindex = t.tcm_ifindex;
}
- if (rtnl_dump_request(&rth, RTM_GETQDISC, &t, sizeof(t)) < 0) {
+ if (dump_invisible) {
+ struct {
+ struct nlmsghdr n;
+ struct tcmsg t;
+ char buf[256];
+ } req = {
+ .n.nlmsg_type = RTM_GETQDISC,
+ .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
+ };
+
+ req.t.tcm_family = AF_UNSPEC;
+
+ addattr(&req.n, 256, TCA_DUMP_INVISIBLE);
+ if (rtnl_dump_request_n(&rth, &req.n) < 0) {
+ perror("Cannot send dump request");
+ return 1;
+ }
+
+ } else if (rtnl_dump_request(&rth, RTM_GETQDISC, &t, sizeof(t)) < 0) {
perror("Cannot send dump request");
return 1;
}
@@ -360,7 +393,7 @@
if (matches(*argv, "help") == 0) {
usage();
return 0;
- }
+ }
fprintf(stderr, "Command \"%s\" is unknown, try \"tc qdisc help\".\n", *argv);
return -1;
}
diff --git a/tc/tc_red.c b/tc/tc_red.c
index 81a83bd..e9b2f0e 100644
--- a/tc/tc_red.c
+++ b/tc/tc_red.c
@@ -27,7 +27,7 @@
/*
Plog = log(prob/(qmax - qmin))
*/
-int tc_red_eval_P(unsigned qmin, unsigned qmax, double prob)
+int tc_red_eval_P(unsigned int qmin, unsigned int qmax, double prob)
{
int i = qmax - qmin;
@@ -36,12 +36,12 @@
prob /= i;
- for (i=0; i<32; i++) {
+ for (i = 0; i < 32; i++) {
if (prob > 1.0)
break;
prob *= 2;
}
- if (i>=32)
+ if (i >= 32)
return -1;
return i;
}
@@ -50,18 +50,18 @@
burst + 1 - qmin/avpkt < (1-(1-W)^burst)/W
*/
-int tc_red_eval_ewma(unsigned qmin, unsigned burst, unsigned avpkt)
+int tc_red_eval_ewma(unsigned int qmin, unsigned int burst, unsigned int avpkt)
{
int wlog = 1;
double W = 0.5;
double a = (double)burst + 1 - (double)qmin/avpkt;
if (a < 1.0) {
- fprintf(stderr, "tc_red_eval_ewma() burst %u is too small ?"
- " Try burst %u\n", burst, 1 + qmin/avpkt);
+ fprintf(stderr, "tc_red_eval_ewma() burst %u is too small ? Try burst %u\n",
+ burst, 1 + qmin/avpkt);
return -1;
}
- for (wlog=1; wlog<32; wlog++, W /= 2) {
+ for (wlog = 1; wlog < 32; wlog++, W /= 2) {
if (a <= (1 - pow(1-W, burst))/W)
return wlog;
}
@@ -72,7 +72,7 @@
Stab[t>>Scell_log] = -log(1-W) * t/xmit_time
*/
-int tc_red_eval_idle_damping(int Wlog, unsigned avpkt, unsigned bps, __u8 *sbuf)
+int tc_red_eval_idle_damping(int Wlog, unsigned int avpkt, unsigned int bps, __u8 *sbuf)
{
double xmit_time = tc_calc_xmittime(bps, avpkt);
double lW = -log(1.0 - 1.0/(1<<Wlog))/xmit_time;
@@ -80,7 +80,7 @@
int clog;
int i;
- for (clog=0; clog<32; clog++) {
+ for (clog = 0; clog < 32; clog++) {
if (maxtime/(1<<clog) < 512)
break;
}
@@ -88,7 +88,7 @@
return -1;
sbuf[0] = 0;
- for (i=1; i<255; i++) {
+ for (i = 1; i < 255; i++) {
sbuf[i] = (i<<clog)*lW;
if (sbuf[i] > 31)
sbuf[i] = 31;
diff --git a/tc/tc_stab.c b/tc/tc_stab.c
index aba8ae8..1a0a3e3 100644
--- a/tc/tc_stab.c
+++ b/tc/tc_stab.c
@@ -31,7 +31,7 @@
static void stab_help(void)
{
fprintf(stderr,
- "Usage: ... stab [ mtu BYTES ] [ tsize SLOTS ] [ mpu BYTES ] \n"
+ "Usage: ... stab [ mtu BYTES ] [ tsize SLOTS ] [ mpu BYTES ]\n"
" [ overhead BYTES ] [ linklayer TYPE ] ...\n"
" mtu : max packet size we create rate map for {2047}\n"
" tsize : how many slots should size table have {512}\n"
@@ -40,7 +40,6 @@
" linklayer : adapting to a linklayer e.g. atm\n"
"Example: ... stab overhead 20 linklayer atm\n");
- return;
}
int check_size_table_opts(struct tc_sizespec *s)
@@ -53,9 +52,7 @@
{
char **argv = *argvp;
int argc = *argcp;
- struct tc_sizespec s;
-
- memset(&s, 0, sizeof(s));
+ struct tc_sizespec s = {};
NEXT_ARG();
if (matches(*argv, "help") == 0) {
@@ -110,12 +107,14 @@
void print_size_table(FILE *fp, const char *prefix, struct rtattr *rta)
{
struct rtattr *tb[TCA_STAB_MAX + 1];
+
SPRINT_BUF(b1);
parse_rtattr_nested(tb, TCA_STAB_MAX, rta);
if (tb[TCA_STAB_BASE]) {
struct tc_sizespec s = {0};
+
memcpy(&s, RTA_DATA(tb[TCA_STAB_BASE]),
MIN(RTA_PAYLOAD(tb[TCA_STAB_BASE]), sizeof(s)));
@@ -135,8 +134,9 @@
#if 0
if (tb[TCA_STAB_DATA]) {
- unsigned i, j, dlen;
+ unsigned int i, j, dlen;
__u16 *data = RTA_DATA(tb[TCA_STAB_DATA]);
+
dlen = RTA_PAYLOAD(tb[TCA_STAB_DATA]) / sizeof(__u16);
fprintf(fp, "\n%sstab data:", prefix);
diff --git a/tc/tc_util.c b/tc/tc_util.c
index 4764ecc..b39e550 100644
--- a/tc/tc_util.c
+++ b/tc/tc_util.c
@@ -32,7 +32,7 @@
#define LIBDIR "/usr/lib"
#endif
-static struct db_names *cls_names = NULL;
+static struct db_names *cls_names;
#define NAMES_DB "/etc/iproute2/tc_cls"
@@ -82,10 +82,10 @@
if (strcmp(str, "none") == 0)
goto ok;
maj = strtoul(str, &p, 16);
- if (p == str)
+ if (p == str || maj >= (1 << 16))
return -1;
maj <<= 16;
- if (*p != ':' && *p!=0)
+ if (*p != ':' && *p != 0)
return -1;
ok:
*h = maj;
@@ -192,7 +192,7 @@
};
-int get_rate(unsigned *rate, const char *str)
+int get_rate(unsigned int *rate, const char *str)
{
char *p;
double bps = strtod(str, &p);
@@ -266,13 +266,13 @@
snprintf(buf, len, "%.0f%s%sbit", (double)rate, units[i], str);
}
-char * sprint_rate(__u64 rate, char *buf)
+char *sprint_rate(__u64 rate, char *buf)
{
print_rate(buf, SPRINT_BSIZE-1, rate);
return buf;
}
-int get_time(unsigned *time, const char *str)
+int get_time(unsigned int *time, const char *str)
{
double t;
char *p;
@@ -282,13 +282,13 @@
return -1;
if (*p) {
- if (strcasecmp(p, "s") == 0 || strcasecmp(p, "sec")==0 ||
- strcasecmp(p, "secs")==0)
+ if (strcasecmp(p, "s") == 0 || strcasecmp(p, "sec") == 0 ||
+ strcasecmp(p, "secs") == 0)
t *= TIME_UNITS_PER_SEC;
- else if (strcasecmp(p, "ms") == 0 || strcasecmp(p, "msec")==0 ||
+ else if (strcasecmp(p, "ms") == 0 || strcasecmp(p, "msec") == 0 ||
strcasecmp(p, "msecs") == 0)
t *= TIME_UNITS_PER_SEC/1000;
- else if (strcasecmp(p, "us") == 0 || strcasecmp(p, "usec")==0 ||
+ else if (strcasecmp(p, "us") == 0 || strcasecmp(p, "usec") == 0 ||
strcasecmp(p, "usecs") == 0)
t *= TIME_UNITS_PER_SEC/1000000;
else
@@ -312,18 +312,18 @@
snprintf(buf, len, "%uus", time);
}
-char * sprint_time(__u32 time, char *buf)
+char *sprint_time(__u32 time, char *buf)
{
print_time(buf, SPRINT_BSIZE-1, time);
return buf;
}
-char * sprint_ticks(__u32 ticks, char *buf)
+char *sprint_ticks(__u32 ticks, char *buf)
{
return sprint_time(tc_core_tick2time(ticks), buf);
}
-int get_size(unsigned *size, const char *str)
+int get_size(unsigned int *size, const char *str)
{
double sz;
char *p;
@@ -333,13 +333,13 @@
return -1;
if (*p) {
- if (strcasecmp(p, "kb") == 0 || strcasecmp(p, "k")==0)
+ if (strcasecmp(p, "kb") == 0 || strcasecmp(p, "k") == 0)
sz *= 1024;
- else if (strcasecmp(p, "gb") == 0 || strcasecmp(p, "g")==0)
+ else if (strcasecmp(p, "gb") == 0 || strcasecmp(p, "g") == 0)
sz *= 1024*1024*1024;
else if (strcasecmp(p, "gbit") == 0)
sz *= 1024*1024*1024/8;
- else if (strcasecmp(p, "mb") == 0 || strcasecmp(p, "m")==0)
+ else if (strcasecmp(p, "mb") == 0 || strcasecmp(p, "m") == 0)
sz *= 1024*1024;
else if (strcasecmp(p, "mbit") == 0)
sz *= 1024*1024/8;
@@ -353,9 +353,9 @@
return 0;
}
-int get_size_and_cell(unsigned *size, int *cell_log, char *str)
+int get_size_and_cell(unsigned int *size, int *cell_log, char *str)
{
- char * slash = strchr(str, '/');
+ char *slash = strchr(str, '/');
if (slash)
*slash = 0;
@@ -371,7 +371,7 @@
return -1;
*slash = '/';
- for (i=0; i<32; i++) {
+ for (i = 0; i < 32; i++) {
if ((1<<i) == cell) {
*cell_log = i;
return 0;
@@ -394,7 +394,7 @@
snprintf(buf, len, "%ub", sz);
}
-char * sprint_size(__u32 size, char *buf)
+char *sprint_size(__u32 size, char *buf)
{
print_size(buf, SPRINT_BSIZE-1, size);
return buf;
@@ -405,62 +405,258 @@
snprintf(buf, len, "%x:", TC_H_MAJ(h)>>16);
}
-char * sprint_qdisc_handle(__u32 h, char *buf)
+char *sprint_qdisc_handle(__u32 h, char *buf)
{
print_qdisc_handle(buf, SPRINT_BSIZE-1, h);
return buf;
}
-char * action_n2a(int action, char *buf, int len)
+static const char *action_n2a(int action)
{
+ static char buf[64];
+
+ if (TC_ACT_EXT_CMP(action, TC_ACT_GOTO_CHAIN))
+ return "goto";
+ if (TC_ACT_EXT_CMP(action, TC_ACT_JUMP))
+ return "jump";
switch (action) {
- case -1:
+ case TC_ACT_UNSPEC:
return "continue";
- break;
case TC_ACT_OK:
return "pass";
- break;
case TC_ACT_SHOT:
return "drop";
- break;
case TC_ACT_RECLASSIFY:
return "reclassify";
case TC_ACT_PIPE:
return "pipe";
case TC_ACT_STOLEN:
return "stolen";
+ case TC_ACT_TRAP:
+ return "trap";
default:
- snprintf(buf, len, "%d", action);
+ snprintf(buf, 64, "%d", action);
return buf;
}
}
-int action_a2n(char *arg, int *result)
+/* Convert action branch name into numeric format.
+ *
+ * Parameters:
+ * @arg - string to parse
+ * @result - pointer to output variable
+ * @allow_num - whether @arg may be in numeric format already
+ *
+ * In error case, returns -1 and does not touch @result. Otherwise returns 0.
+ */
+static int action_a2n(char *arg, int *result, bool allow_num)
{
- int res;
+ int n;
+ char dummy;
+ struct {
+ const char *a;
+ int n;
+ } a2n[] = {
+ {"continue", TC_ACT_UNSPEC},
+ {"drop", TC_ACT_SHOT},
+ {"shot", TC_ACT_SHOT},
+ {"pass", TC_ACT_OK},
+ {"ok", TC_ACT_OK},
+ {"reclassify", TC_ACT_RECLASSIFY},
+ {"pipe", TC_ACT_PIPE},
+ {"goto", TC_ACT_GOTO_CHAIN},
+ {"jump", TC_ACT_JUMP},
+ {"trap", TC_ACT_TRAP},
+ { NULL },
+ }, *iter;
- if (matches(arg, "continue") == 0)
- res = -1;
- else if (matches(arg, "drop") == 0)
- res = TC_ACT_SHOT;
- else if (matches(arg, "shot") == 0)
- res = TC_ACT_SHOT;
- else if (matches(arg, "pass") == 0)
- res = TC_ACT_OK;
- else if (strcmp(arg, "ok") == 0)
- res = TC_ACT_OK;
- else if (matches(arg, "reclassify") == 0)
- res = TC_ACT_RECLASSIFY;
- else {
- char dummy;
- if (sscanf(arg, "%d%c", &res, &dummy) != 1)
- return -1;
+ for (iter = a2n; iter->a; iter++) {
+ if (matches(arg, iter->a) != 0)
+ continue;
+ *result = iter->n;
+ return 0;
}
- *result = res;
+ if (!allow_num || sscanf(arg, "%d%c", &n, &dummy) != 1)
+ return -1;
+
+ *result = n;
return 0;
}
-int get_linklayer(unsigned *val, const char *arg)
+static int __parse_action_control(int *argc_p, char ***argv_p, int *result_p,
+ bool allow_num, bool ignore_a2n_miss)
+{
+ int argc = *argc_p;
+ char **argv = *argv_p;
+ int result;
+
+ if (!argc)
+ return -1;
+ if (action_a2n(*argv, &result, allow_num) == -1) {
+ if (!ignore_a2n_miss)
+ fprintf(stderr, "Bad action type %s\n", *argv);
+ return -1;
+ }
+ if (result == TC_ACT_GOTO_CHAIN) {
+ __u32 chain_index;
+
+ NEXT_ARG();
+ if (matches(*argv, "chain") != 0) {
+ fprintf(stderr, "\"chain index\" expected\n");
+ return -1;
+ }
+ NEXT_ARG();
+ if (get_u32(&chain_index, *argv, 10) ||
+ chain_index > TC_ACT_EXT_VAL_MASK) {
+ fprintf(stderr, "Illegal \"chain index\"\n");
+ return -1;
+ }
+ result |= chain_index;
+ }
+ if (result == TC_ACT_JUMP) {
+ __u32 jump_cnt = 0;
+
+ NEXT_ARG();
+ if (get_u32(&jump_cnt, *argv, 10) ||
+ jump_cnt > TC_ACT_EXT_VAL_MASK) {
+ fprintf(stderr, "Invalid \"jump count\" (%s)\n", *argv);
+ return -1;
+ }
+ result |= jump_cnt;
+ }
+ NEXT_ARG_FWD();
+ *argc_p = argc;
+ *argv_p = argv;
+ *result_p = result;
+ return 0;
+}
+
+/* Parse action control including possible options.
+ *
+ * Parameters:
+ * @argc_p - pointer to argc to parse
+ * @argv_p - pointer to argv to parse
+ * @result_p - pointer to output variable
+ * @allow_num - whether action may be in numeric format already
+ *
+ * In error case, returns -1 and does not touch @result_1p. Otherwise returns 0.
+ */
+int parse_action_control(int *argc_p, char ***argv_p,
+ int *result_p, bool allow_num)
+{
+ return __parse_action_control(argc_p, argv_p, result_p,
+ allow_num, false);
+}
+
+/* Parse action control including possible options.
+ *
+ * Parameters:
+ * @argc_p - pointer to argc to parse
+ * @argv_p - pointer to argv to parse
+ * @result_p - pointer to output variable
+ * @allow_num - whether action may be in numeric format already
+ * @default_result - set as a result in case of parsing error
+ *
+ * In case there is an error during parsing, the default result is used.
+ */
+void parse_action_control_dflt(int *argc_p, char ***argv_p,
+ int *result_p, bool allow_num,
+ int default_result)
+{
+ if (__parse_action_control(argc_p, argv_p, result_p, allow_num, true))
+ *result_p = default_result;
+}
+
+static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p,
+ int *result1_p, int *result2_p,
+ bool allow_num)
+{
+ int argc = *argc_p;
+ char **argv = *argv_p;
+ int result1, result2;
+ int *result_p = &result1;
+ int ok = 0;
+ int ret;
+
+ while (argc > 0) {
+ switch (ok) {
+ case 1:
+ if (strcmp(*argv, "/") != 0)
+ goto out;
+ result_p = &result2;
+ NEXT_ARG();
+ /* fall-through */
+ case 0: /* fall-through */
+ case 2:
+ ret = parse_action_control(&argc, &argv,
+ result_p, allow_num);
+ if (ret)
+ return ret;
+ ok++;
+ break;
+ default:
+ goto out;
+ }
+ }
+out:
+ *result1_p = result1;
+ if (ok == 2)
+ *result2_p = result2;
+ *argc_p = argc;
+ *argv_p = argv;
+ return 0;
+}
+
+/* Parse action control with slash including possible options.
+ *
+ * Parameters:
+ * @argc_p - pointer to argc to parse
+ * @argv_p - pointer to argv to parse
+ * @result1_p - pointer to the first (before slash) output variable
+ * @result2_p - pointer to the second (after slash) output variable
+ * @allow_num - whether action may be in numeric format already
+ *
+ * In error case, returns -1 and does not touch @result*. Otherwise returns 0.
+ */
+int parse_action_control_slash(int *argc_p, char ***argv_p,
+ int *result1_p, int *result2_p, bool allow_num)
+{
+ char **argv = *argv_p;
+ int result1, result2;
+ char *p = strchr(*argv, '/');
+
+ if (!p)
+ return parse_action_control_slash_spaces(argc_p, argv_p,
+ result1_p, result2_p,
+ allow_num);
+ *p = 0;
+ if (action_a2n(*argv, &result1, allow_num)) {
+ if (p)
+ *p = '/';
+ return -1;
+ }
+
+ *p = '/';
+ if (action_a2n(p + 1, &result2, allow_num))
+ return -1;
+
+ *result1_p = result1;
+ *result2_p = result2;
+ return 0;
+}
+
+void print_action_control(FILE *f, const char *prefix,
+ int action, const char *suffix)
+{
+ fprintf(f, "%s%s", prefix, action_n2a(action));
+ if (TC_ACT_EXT_CMP(action, TC_ACT_GOTO_CHAIN))
+ fprintf(f, " chain %u", action & TC_ACT_EXT_VAL_MASK);
+ if (TC_ACT_EXT_CMP(action, TC_ACT_JUMP))
+ fprintf(f, " %u", action & TC_ACT_EXT_VAL_MASK);
+ fprintf(f, "%s", suffix);
+}
+
+int get_linklayer(unsigned int *val, const char *arg)
{
int res;
@@ -477,7 +673,7 @@
return 0;
}
-void print_linklayer(char *buf, int len, unsigned linklayer)
+void print_linklayer(char *buf, int len, unsigned int linklayer)
{
switch (linklayer) {
case LINKLAYER_UNSPEC:
@@ -495,21 +691,22 @@
}
}
-char *sprint_linklayer(unsigned linklayer, char *buf)
+char *sprint_linklayer(unsigned int linklayer, char *buf)
{
print_linklayer(buf, SPRINT_BSIZE-1, linklayer);
return buf;
}
-void print_tm(FILE * f, const struct tcf_t *tm)
+void print_tm(FILE *f, const struct tcf_t *tm)
{
int hz = get_user_hz();
+
if (tm->install != 0)
- fprintf(f, " installed %u sec", (unsigned)(tm->install/hz));
+ fprintf(f, " installed %u sec", (unsigned int)(tm->install/hz));
if (tm->lastuse != 0)
- fprintf(f, " used %u sec", (unsigned)(tm->lastuse/hz));
+ fprintf(f, " used %u sec", (unsigned int)(tm->lastuse/hz));
if (tm->expires != 0)
- fprintf(f, " expires %u sec", (unsigned)(tm->expires/hz));
+ fprintf(f, " expires %u sec", (unsigned int)(tm->expires/hz));
}
void print_tcstats2_attr(FILE *fp, struct rtattr *rta, char *prefix, struct rtattr **xstats)
@@ -521,6 +718,7 @@
if (tbs[TCA_STATS_BASIC]) {
struct gnet_stats_basic bs = {0};
+
memcpy(&bs, RTA_DATA(tbs[TCA_STATS_BASIC]), MIN(RTA_PAYLOAD(tbs[TCA_STATS_BASIC]), sizeof(bs)));
fprintf(fp, "%sSent %llu bytes %u pkt",
prefix, (unsigned long long) bs.bytes, bs.packets);
@@ -528,6 +726,7 @@
if (tbs[TCA_STATS_QUEUE]) {
struct gnet_stats_queue q = {0};
+
memcpy(&q, RTA_DATA(tbs[TCA_STATS_QUEUE]), MIN(RTA_PAYLOAD(tbs[TCA_STATS_QUEUE]), sizeof(q)));
fprintf(fp, " (dropped %u, overlimits %u requeues %u) ",
q.drops, q.overlimits, q.requeues);
@@ -552,6 +751,7 @@
if (tbs[TCA_STATS_QUEUE]) {
struct gnet_stats_queue q = {0};
+
memcpy(&q, RTA_DATA(tbs[TCA_STATS_QUEUE]), MIN(RTA_PAYLOAD(tbs[TCA_STATS_QUEUE]), sizeof(q)));
if (!tbs[TCA_STATS_RATE_EST])
fprintf(fp, "\n%s", prefix);
@@ -575,10 +775,9 @@
}
/* backward compatibility */
if (tb[TCA_STATS]) {
- struct tc_stats st;
+ struct tc_stats st = {};
/* handle case where kernel returns more/less than we know about */
- memset(&st, 0, sizeof(st));
memcpy(&st, RTA_DATA(tb[TCA_STATS]), MIN(RTA_PAYLOAD(tb[TCA_STATS]), sizeof(st)));
fprintf(fp, "%sSent %llu bytes %u pkts (dropped %u, overlimits %u) ",
diff --git a/tc/tc_util.h b/tc/tc_util.h
index 61e60b1..583a21a 100644
--- a/tc/tc_util.h
+++ b/tc/tc_util.h
@@ -2,6 +2,7 @@
#define _TC_UTIL_H_ 1
#define MAX_MSG 16384
+#include <limits.h>
#include <linux/pkt_sched.h>
#include <linux/pkt_cls.h>
#include <linux/gen_stats.h>
@@ -22,89 +23,103 @@
struct qdisc_util {
struct qdisc_util *next;
const char *id;
- int (*parse_qopt)(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n);
- int (*print_qopt)(struct qdisc_util *qu, FILE *f, struct rtattr *opt);
- int (*print_xstats)(struct qdisc_util *qu, FILE *f, struct rtattr *xstats);
+ int (*parse_qopt)(struct qdisc_util *qu, int argc,
+ char **argv, struct nlmsghdr *n);
+ int (*print_qopt)(struct qdisc_util *qu,
+ FILE *f, struct rtattr *opt);
+ int (*print_xstats)(struct qdisc_util *qu,
+ FILE *f, struct rtattr *xstats);
- int (*parse_copt)(struct qdisc_util *qu, int argc, char **argv, struct nlmsghdr *n);
- int (*print_copt)(struct qdisc_util *qu, FILE *f, struct rtattr *opt);
+ int (*parse_copt)(struct qdisc_util *qu, int argc,
+ char **argv, struct nlmsghdr *n);
+ int (*print_copt)(struct qdisc_util *qu, FILE *f, struct rtattr *opt);
};
extern __u16 f_proto;
struct filter_util {
struct filter_util *next;
- char id[16];
- int (*parse_fopt)(struct filter_util *qu, char *fhandle, int argc,
- char **argv, struct nlmsghdr *n);
- int (*print_fopt)(struct filter_util *qu, FILE *f, struct rtattr *opt, __u32 fhandle);
+ char id[16];
+ int (*parse_fopt)(struct filter_util *qu, char *fhandle,
+ int argc, char **argv, struct nlmsghdr *n);
+ int (*print_fopt)(struct filter_util *qu,
+ FILE *f, struct rtattr *opt, __u32 fhandle);
};
struct action_util {
- struct action_util *next;
- char id[16];
- int (*parse_aopt)(struct action_util *a, int *argc, char ***argv,
- int code, struct nlmsghdr *n);
- int (*print_aopt)(struct action_util *au, FILE *f, struct rtattr *opt);
- int (*print_xstats)(struct action_util *au, FILE *f, struct rtattr *xstats);
+ struct action_util *next;
+ char id[16];
+ int (*parse_aopt)(struct action_util *a, int *argc,
+ char ***argv, int code, struct nlmsghdr *n);
+ int (*print_aopt)(struct action_util *au, FILE *f, struct rtattr *opt);
+ int (*print_xstats)(struct action_util *au,
+ FILE *f, struct rtattr *xstats);
};
struct exec_util {
- struct exec_util *next;
- char id[16];
- int (*parse_eopt)(struct exec_util *eu, int argc, char **argv);
+ struct exec_util *next;
+ char id[16];
+ int (*parse_eopt)(struct exec_util *eu, int argc, char **argv);
};
-extern const char *get_tc_lib(void);
+const char *get_tc_lib(void);
-extern struct qdisc_util *get_qdisc_kind(const char *str);
-extern struct filter_util *get_filter_kind(const char *str);
+struct qdisc_util *get_qdisc_kind(const char *str);
+struct filter_util *get_filter_kind(const char *str);
-extern int get_qdisc_handle(__u32 *h, const char *str);
-extern int get_rate(unsigned *rate, const char *str);
-extern int get_rate64(__u64 *rate, const char *str);
-extern int get_size(unsigned *size, const char *str);
-extern int get_size_and_cell(unsigned *size, int *cell_log, char *str);
-extern int get_time(unsigned *time, const char *str);
-extern int get_linklayer(unsigned *val, const char *arg);
+int get_qdisc_handle(__u32 *h, const char *str);
+int get_rate(unsigned int *rate, const char *str);
+int get_rate64(__u64 *rate, const char *str);
+int get_size(unsigned int *size, const char *str);
+int get_size_and_cell(unsigned int *size, int *cell_log, char *str);
+int get_time(unsigned int *time, const char *str);
+int get_linklayer(unsigned int *val, const char *arg);
-extern void print_rate(char *buf, int len, __u64 rate);
-extern void print_size(char *buf, int len, __u32 size);
-extern void print_qdisc_handle(char *buf, int len, __u32 h);
-extern void print_time(char *buf, int len, __u32 time);
-extern void print_linklayer(char *buf, int len, unsigned linklayer);
+void print_rate(char *buf, int len, __u64 rate);
+void print_size(char *buf, int len, __u32 size);
+void print_qdisc_handle(char *buf, int len, __u32 h);
+void print_time(char *buf, int len, __u32 time);
+void print_linklayer(char *buf, int len, unsigned int linklayer);
-extern char * sprint_rate(__u64 rate, char *buf);
-extern char * sprint_size(__u32 size, char *buf);
-extern char * sprint_qdisc_handle(__u32 h, char *buf);
-extern char * sprint_tc_classid(__u32 h, char *buf);
-extern char * sprint_time(__u32 time, char *buf);
-extern char * sprint_ticks(__u32 ticks, char *buf);
-extern char * sprint_linklayer(unsigned linklayer, char *buf);
+char *sprint_rate(__u64 rate, char *buf);
+char *sprint_size(__u32 size, char *buf);
+char *sprint_qdisc_handle(__u32 h, char *buf);
+char *sprint_tc_classid(__u32 h, char *buf);
+char *sprint_time(__u32 time, char *buf);
+char *sprint_ticks(__u32 ticks, char *buf);
+char *sprint_linklayer(unsigned int linklayer, char *buf);
-extern void print_tcstats_attr(FILE *fp, struct rtattr *tb[], char *prefix, struct rtattr **xstats);
-extern void print_tcstats2_attr(FILE *fp, struct rtattr *rta, char *prefix, struct rtattr **xstats);
+void print_tcstats_attr(FILE *fp, struct rtattr *tb[],
+ char *prefix, struct rtattr **xstats);
+void print_tcstats2_attr(FILE *fp, struct rtattr *rta,
+ char *prefix, struct rtattr **xstats);
-extern int get_tc_classid(__u32 *h, const char *str);
-extern int print_tc_classid(char *buf, int len, __u32 h);
-extern char * sprint_tc_classid(__u32 h, char *buf);
+int get_tc_classid(__u32 *h, const char *str);
+int print_tc_classid(char *buf, int len, __u32 h);
+char *sprint_tc_classid(__u32 h, char *buf);
-extern int tc_print_police(FILE *f, struct rtattr *tb);
-extern int parse_police(int *, char ***, int, struct nlmsghdr *);
+int tc_print_police(FILE *f, struct rtattr *tb);
+int parse_police(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n);
-extern char *action_n2a(int action, char *buf, int len);
-extern int action_a2n(char *arg, int *result);
-extern int act_parse_police(struct action_util *a,int *, char ***, int, struct nlmsghdr *);
-extern int print_police(struct action_util *a, FILE *f,
- struct rtattr *tb);
-extern int police_print_xstats(struct action_util *a,FILE *f,
- struct rtattr *tb);
-extern int tc_print_action(FILE *f, const struct rtattr *tb);
-extern int tc_print_ipt(FILE *f, const struct rtattr *tb);
-extern int parse_action(int *, char ***, int, struct nlmsghdr *);
-extern void print_tm(FILE *f, const struct tcf_t *tm);
-extern int prio_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt);
+int parse_action_control(int *argc_p, char ***argv_p,
+ int *result_p, bool allow_num);
+void parse_action_control_dflt(int *argc_p, char ***argv_p,
+ int *result_p, bool allow_num,
+ int default_result);
+int parse_action_control_slash(int *argc_p, char ***argv_p,
+ int *result1_p, int *result2_p, bool allow_num);
+void print_action_control(FILE *f, const char *prefix,
+ int action, const char *suffix);
+int act_parse_police(struct action_util *a, int *argc_p,
+ char ***argv_p, int tca_id, struct nlmsghdr *n);
+int print_police(struct action_util *a, FILE *f, struct rtattr *tb);
+int police_print_xstats(struct action_util *a, FILE *f, struct rtattr *tb);
+int tc_print_action(FILE *f, const struct rtattr *tb, unsigned short tot_acts);
+int tc_print_ipt(FILE *f, const struct rtattr *tb);
+int parse_action(int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n);
+void print_tm(FILE *f, const struct tcf_t *tm);
+int prio_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt);
-extern int cls_names_init(char *path);
-extern void cls_names_uninit(void);
+int cls_names_init(char *path);
+void cls_names_uninit(void);
#endif
diff --git a/testsuite/Makefile b/testsuite/Makefile
index 2027650..055136b 100644
--- a/testsuite/Makefile
+++ b/testsuite/Makefile
@@ -15,6 +15,13 @@
ifneq (,$(wildcard /proc/config.gz))
KENV := $(shell cat /proc/config.gz | gunzip | grep ^CONFIG)
+else
+KVER := $(shell uname -r)
+KCPATHS := /lib/modules/$(KVER)/config /boot/config-$(KVER)
+KCPATH := $(firstword $(wildcard $(KCPATHS)))
+ifneq (,$(KCPATH))
+ KENV := $(shell cat ${KCPATH} | grep ^CONFIG)
+endif
endif
.PHONY: compile listtests alltests configure $(TESTS)
@@ -43,6 +50,8 @@
ifeq (,$(HAVE_UNSHARED_UTIL))
$(error Please install util-linux tools to run tests in separated network namespace)
endif
+ @./tools/generate_nlmsg
+
@mkdir -p $(RESULTS_DIR)
@for d in $(TESTS_DIR); do \
diff --git a/testsuite/tests/ip/link/dev_wo_vf_rate.nl b/testsuite/tests/ip/link/dev_wo_vf_rate.nl
deleted file mode 100644
index 40fa87f..0000000
--- a/testsuite/tests/ip/link/dev_wo_vf_rate.nl
+++ /dev/null
Binary files differ
diff --git a/testsuite/tests/ip/link/new_link.t b/testsuite/tests/ip/link/new_link.t
index 699adbc..c17650a 100755
--- a/testsuite/tests/ip/link/new_link.t
+++ b/testsuite/tests/ip/link/new_link.t
@@ -1,6 +1,6 @@
#!/bin/sh
-source lib/generic.sh
+. lib/generic.sh
ts_log "[Testing add/del virtual links]"
diff --git a/testsuite/tests/ip/link/show_dev_wo_vf_rate.t b/testsuite/tests/ip/link/show_dev_wo_vf_rate.t
index a600ba6..5b3c004 100755
--- a/testsuite/tests/ip/link/show_dev_wo_vf_rate.t
+++ b/testsuite/tests/ip/link/show_dev_wo_vf_rate.t
@@ -1,6 +1,6 @@
#!/bin/sh
-source lib/generic.sh
+. lib/generic.sh
NL_FILE="tests/ip/link/dev_wo_vf_rate.nl"
ts_ip "$0" "Show VF devices w/o VF rate info" -d monitor file $NL_FILE
diff --git a/testsuite/tests/ip/netns/set_nsid.t b/testsuite/tests/ip/netns/set_nsid.t
new file mode 100755
index 0000000..8f8c779
--- /dev/null
+++ b/testsuite/tests/ip/netns/set_nsid.t
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+. lib/generic.sh
+
+ts_log "[Testing netns nsid]"
+
+NS=testnsid
+NSID=99
+
+ts_ip "$0" "Add new netns $NS" netns add $NS
+ts_ip "$0" "Set $NS nsid to $NSID" netns set $NS $NSID
+
+ts_ip "$0" "List netns" netns list
+test_on "$NS \(id: $NSID\)"
+
+ts_ip "$0" "List netns without explicit list or show" netns
+test_on "$NS \(id: $NSID\)"
+
+ts_ip "$0" "List nsid" netns list-id
+test_on "$NSID \(iproute2 netns name: $NS\)"
+
+ts_ip "$0" "Delete netns $NS" netns del $NS
diff --git a/testsuite/tests/ip/netns/set_nsid_batch.t b/testsuite/tests/ip/netns/set_nsid_batch.t
new file mode 100755
index 0000000..196fd4b
--- /dev/null
+++ b/testsuite/tests/ip/netns/set_nsid_batch.t
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+. lib/generic.sh
+
+ts_log "[Testing netns nsid in batch mode]"
+
+NS=testnsid
+NSID=99
+BATCHFILE=`mktemp`
+
+echo "netns add $NS" >> $BATCHFILE
+echo "netns set $NS $NSID" >> $BATCHFILE
+echo "netns list-id" >> $BATCHFILE
+ts_ip "$0" "Add ns, set nsid and list in batch mode" -b $BATCHFILE
+test_on "nsid $NSID \(iproute2 netns name: $NS\)"
+rm -f $BATCHFILE
+
+ts_ip "$0" "Delete netns $NS" netns del $NS
diff --git a/testsuite/tests/ip/route/add_default_route.t b/testsuite/tests/ip/route/add_default_route.t
index e5ea647..569ba1f 100755
--- a/testsuite/tests/ip/route/add_default_route.t
+++ b/testsuite/tests/ip/route/add_default_route.t
@@ -1,6 +1,6 @@
#!/bin/sh
-source lib/generic.sh
+. lib/generic.sh
ts_log "[Testing add default route]"
diff --git a/testsuite/tests/ip/tunnel/add_tunnel.t b/testsuite/tests/ip/tunnel/add_tunnel.t
index 18f6e37..3f5a9d3 100755
--- a/testsuite/tests/ip/tunnel/add_tunnel.t
+++ b/testsuite/tests/ip/tunnel/add_tunnel.t
@@ -1,6 +1,6 @@
#!/bin/sh
-source lib/generic.sh
+. lib/generic.sh
TUNNEL_NAME="tunnel_test_ip"
diff --git a/testsuite/tests/tc/cls-testbed.t b/testsuite/tests/tc/cls-testbed.t
index 2afc26f..d5c21e5 100755
--- a/testsuite/tests/tc/cls-testbed.t
+++ b/testsuite/tests/tc/cls-testbed.t
@@ -1,7 +1,7 @@
#!/bin/bash
# vim: ft=sh
-source lib/generic.sh
+. lib/generic.sh
QDISCS="cbq htb dsmark"
diff --git a/testsuite/tests/tc/dsmark.t b/testsuite/tests/tc/dsmark.t
index 6934165..177585e 100755
--- a/testsuite/tests/tc/dsmark.t
+++ b/testsuite/tests/tc/dsmark.t
@@ -1,7 +1,7 @@
#!/bin/bash
# vim: ft=sh
-source lib/generic.sh
+. lib/generic.sh
ts_qdisc_available "dsmark"
if [ $? -eq 0 ]; then
diff --git a/testsuite/tests/tc/pedit.t b/testsuite/tests/tc/pedit.t
new file mode 100755
index 0000000..8d531a0
--- /dev/null
+++ b/testsuite/tests/tc/pedit.t
@@ -0,0 +1,217 @@
+#!/bin/sh
+
+. lib/generic.sh
+
+DEV="$(rand_dev)"
+ts_ip "$0" "Add $DEV dummy interface" link add dev $DEV type dummy
+ts_ip "$0" "Enable $DEV" link set $DEV up
+ts_tc "pedit" "Add ingress qdisc" qdisc add dev $DEV ingress
+
+
+do_pedit() {
+ ts_tc "pedit" "Drop ingress qdisc" \
+ qdisc del dev $DEV ingress
+ ts_tc "pedit" "Add ingress qdisc" \
+ qdisc add dev $DEV ingress
+ ts_tc "pedit" "Add pedit action $*" \
+ filter add dev $DEV parent ffff: \
+ u32 match u32 0 0 \
+ action pedit munge $@
+ ts_tc "pedit" "Show ingress filters" \
+ filter show dev $DEV parent ffff:
+}
+
+do_pedit offset 12 u32 set 0x12345678
+test_on "key #0 at 12: val 12345678 mask 00000000"
+do_pedit offset 12 u16 set 0x1234
+test_on "key #0 at 12: val 12340000 mask 0000ffff"
+do_pedit offset 14 u16 set 0x1234
+test_on "key #0 at 12: val 00001234 mask ffff0000"
+do_pedit offset 12 u8 set 0x23
+test_on "key #0 at 12: val 23000000 mask 00ffffff"
+do_pedit offset 13 u8 set 0x23
+test_on "key #0 at 12: val 00230000 mask ff00ffff"
+do_pedit offset 14 u8 set 0x23
+test_on "key #0 at 12: val 00002300 mask ffff00ff"
+do_pedit offset 15 u8 set 0x23
+test_on "key #0 at 12: val 00000023 mask ffffff00"
+
+do_pedit offset 13 u8 invert
+test_on "key #0 at 12: val 00ff0000 mask ffffffff"
+do_pedit offset 13 u8 clear
+test_on "key #0 at 12: val 00000000 mask ff00ffff"
+do_pedit offset 13 u8 preserve
+test_on "key #0 at 12: val 00000000 mask ffffffff"
+
+# the following set of tests has been auto-generated by running this little
+# shell script:
+#
+# do_it() {
+# echo "do_pedit $@"
+# tc qd del dev veth0 ingress >/dev/null 2>&1
+# tc qd add dev veth0 ingress >/dev/null 2>&1
+# tc filter add dev veth0 parent ffff: u32 \
+# match u32 0 0 \
+# action pedit munge $@ >/dev/null 2>&1
+# tc filter show dev veth0 parent ffff: | \
+# sed -n 's/^[\t ]*\(key #0.*\)/test_on "\1"/p'
+# }
+#
+# do_it_all() { # (field, val1 [, val2, ...])
+# local field=$1
+# shift
+# for val in $@; do
+# do_it ip $field set $val
+# done
+# for i in preserve invert clear; do
+# do_it ip $field $i
+# done
+# }
+#
+# do_it_all ihl 0x04 0x40
+# do_it_all src 1.2.3.4
+# do_it_all dst 1.2.3.4
+# do_it_all tos 0x1 0x10
+# do_it_all protocol 0x23
+# do_it_all nofrag 0x23 0xf4
+# do_it_all firstfrag 0x03 0xfa
+# do_it_all ce 0x23 0x04 0xf3
+# do_it_all df 0x23 0x04 0xf3
+# do_it_all mf 0x23 0x04 0xf3
+# do_it_all dport 0x1234
+# do_it_all sport 0x1234
+# do_it_all icmp_type 0x23
+# do_it_all icmp_code 0x23
+
+do_pedit ip ihl set 0x04
+test_on "key #0 at 0: val 04000000 mask f0ffffff"
+do_pedit ip ihl set 0x40
+test_on "key #0 at 0: val 00000000 mask f0ffffff"
+do_pedit ip ihl preserve
+test_on "key #0 at 0: val 00000000 mask ffffffff"
+do_pedit ip ihl invert
+test_on "key #0 at 0: val 0f000000 mask ffffffff"
+do_pedit ip ihl clear
+test_on "key #0 at 0: val 00000000 mask f0ffffff"
+do_pedit ip src set 1.2.3.4
+test_on "key #0 at 12: val 01020304 mask 00000000"
+do_pedit ip src preserve
+test_on "key #0 at 12: val 00000000 mask ffffffff"
+do_pedit ip src invert
+test_on "key #0 at 12: val ffffffff mask ffffffff"
+do_pedit ip src clear
+test_on "key #0 at 12: val 00000000 mask 00000000"
+do_pedit ip dst set 1.2.3.4
+test_on "key #0 at 16: val 01020304 mask 00000000"
+do_pedit ip dst preserve
+test_on "key #0 at 16: val 00000000 mask ffffffff"
+do_pedit ip dst invert
+test_on "key #0 at 16: val ffffffff mask ffffffff"
+do_pedit ip dst clear
+test_on "key #0 at 16: val 00000000 mask 00000000"
+do_pedit ip tos set 0x1
+test_on "key #0 at 0: val 00010000 mask ff00ffff"
+do_pedit ip tos set 0x10
+test_on "key #0 at 0: val 00100000 mask ff00ffff"
+do_pedit ip tos preserve
+test_on "key #0 at 0: val 00000000 mask ffffffff"
+do_pedit ip tos invert
+test_on "key #0 at 0: val 00ff0000 mask ffffffff"
+do_pedit ip tos clear
+test_on "key #0 at 0: val 00000000 mask ff00ffff"
+do_pedit ip protocol set 0x23
+test_on "key #0 at 8: val 00230000 mask ff00ffff"
+do_pedit ip protocol preserve
+test_on "key #0 at 8: val 00000000 mask ffffffff"
+do_pedit ip protocol invert
+test_on "key #0 at 8: val 00ff0000 mask ffffffff"
+do_pedit ip protocol clear
+test_on "key #0 at 8: val 00000000 mask ff00ffff"
+do_pedit ip nofrag set 0x23
+test_on "key #0 at 4: val 00002300 mask ffffc0ff"
+do_pedit ip nofrag set 0xf4
+test_on "key #0 at 4: val 00003400 mask ffffc0ff"
+do_pedit ip nofrag preserve
+test_on "key #0 at 4: val 00000000 mask ffffffff"
+do_pedit ip nofrag invert
+test_on "key #0 at 4: val 00003f00 mask ffffffff"
+do_pedit ip nofrag clear
+test_on "key #0 at 4: val 00000000 mask ffffc0ff"
+do_pedit ip firstfrag set 0x03
+test_on "key #0 at 4: val 00000300 mask ffffe0ff"
+do_pedit ip firstfrag set 0xfa
+test_on "key #0 at 4: val 00001a00 mask ffffe0ff"
+do_pedit ip firstfrag preserve
+test_on "key #0 at 4: val 00000000 mask ffffffff"
+do_pedit ip firstfrag invert
+test_on "key #0 at 4: val 00001f00 mask ffffffff"
+do_pedit ip firstfrag clear
+test_on "key #0 at 4: val 00000000 mask ffffe0ff"
+do_pedit ip ce set 0x23
+test_on "key #0 at 4: val 00000000 mask ffff7fff"
+do_pedit ip ce set 0x04
+test_on "key #0 at 4: val 00000000 mask ffff7fff"
+do_pedit ip ce set 0xf3
+test_on "key #0 at 4: val 00008000 mask ffff7fff"
+do_pedit ip ce preserve
+test_on "key #0 at 4: val 00000000 mask ffffffff"
+do_pedit ip ce invert
+test_on "key #0 at 4: val 00008000 mask ffffffff"
+do_pedit ip ce clear
+test_on "key #0 at 4: val 00000000 mask ffff7fff"
+do_pedit ip df set 0x23
+test_on "key #0 at 4: val 00000000 mask ffffbfff"
+do_pedit ip df set 0x04
+test_on "key #0 at 4: val 00000000 mask ffffbfff"
+do_pedit ip df set 0xf3
+test_on "key #0 at 4: val 00004000 mask ffffbfff"
+do_pedit ip df preserve
+test_on "key #0 at 4: val 00000000 mask ffffffff"
+do_pedit ip df invert
+test_on "key #0 at 4: val 00004000 mask ffffffff"
+do_pedit ip df clear
+test_on "key #0 at 4: val 00000000 mask ffffbfff"
+do_pedit ip mf set 0x23
+test_on "key #0 at 4: val 00002000 mask ffffdfff"
+do_pedit ip mf set 0x04
+test_on "key #0 at 4: val 00000000 mask ffffdfff"
+do_pedit ip mf set 0xf3
+test_on "key #0 at 4: val 00002000 mask ffffdfff"
+do_pedit ip mf preserve
+test_on "key #0 at 4: val 00000000 mask ffffffff"
+do_pedit ip mf invert
+test_on "key #0 at 4: val 00002000 mask ffffffff"
+do_pedit ip mf clear
+test_on "key #0 at 4: val 00000000 mask ffffdfff"
+do_pedit ip dport set 0x1234
+test_on "key #0 at 20: val 00001234 mask ffff0000"
+do_pedit ip dport preserve
+test_on "key #0 at 20: val 00000000 mask ffffffff"
+do_pedit ip dport invert
+test_on "key #0 at 20: val 0000ffff mask ffffffff"
+do_pedit ip dport clear
+test_on "key #0 at 20: val 00000000 mask ffff0000"
+do_pedit ip sport set 0x1234
+test_on "key #0 at 20: val 12340000 mask 0000ffff"
+do_pedit ip sport preserve
+test_on "key #0 at 20: val 00000000 mask ffffffff"
+do_pedit ip sport invert
+test_on "key #0 at 20: val ffff0000 mask ffffffff"
+do_pedit ip sport clear
+test_on "key #0 at 20: val 00000000 mask 0000ffff"
+do_pedit ip icmp_type set 0x23
+test_on "key #0 at 20: val 23000000 mask 00ffffff"
+do_pedit ip icmp_type preserve
+test_on "key #0 at 20: val 00000000 mask ffffffff"
+do_pedit ip icmp_type invert
+test_on "key #0 at 20: val ff000000 mask ffffffff"
+do_pedit ip icmp_type clear
+test_on "key #0 at 20: val 00000000 mask 00ffffff"
+do_pedit ip icmp_code set 0x23
+test_on "key #0 at 20: val 23000000 mask 00ffffff"
+do_pedit ip icmp_code preserve
+test_on "key #0 at 20: val 00000000 mask ffffffff"
+do_pedit ip icmp_code invert
+test_on "key #0 at 20: val ff000000 mask ffffffff"
+do_pedit ip icmp_code clear
+test_on "key #0 at 20: val 00000000 mask 00ffffff"
diff --git a/testsuite/tools/Makefile b/testsuite/tools/Makefile
new file mode 100644
index 0000000..9581de5
--- /dev/null
+++ b/testsuite/tools/Makefile
@@ -0,0 +1,2 @@
+generate_nlmsg: generate_nlmsg.c ../../lib/libnetlink.c
+ $(CC) -o $@ $^
diff --git a/testsuite/tools/generate_nlmsg.c b/testsuite/tools/generate_nlmsg.c
new file mode 100644
index 0000000..fe96f26
--- /dev/null
+++ b/testsuite/tools/generate_nlmsg.c
@@ -0,0 +1,116 @@
+/*
+ * generate_nlmsg.c Testsuite helper generating nlmsg blob
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Phil Sutter <phil@nwl.cc>
+ */
+
+#include <netinet/ether.h>
+#include <libnetlink.h>
+#include <sys/socket.h>
+#include <linux/if.h>
+#include <errno.h>
+#include <stdio.h>
+
+int fill_vf_rate_test(void *buf, size_t buflen)
+{
+ char bcmac[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+ struct ifla_vf_mac vf_mac = {
+ .mac = { 0x0, 0x26, 0x6c, 0xff, 0xb5, 0xc0 },
+ };
+ struct ifla_vf_link_state vf_link_state = { 0 };
+ struct ifla_vf_tx_rate vf_tx_rate = { 0 };
+ struct ifla_vf_spoofchk vf_spoofchk = {
+ .setting = 1,
+ };
+ struct ifla_vf_vlan vf_vlan = { 0 };
+ struct rtattr *vfinfo_list, *vfinfo;
+ struct nlmsghdr *h = buf;
+ struct ifinfomsg *ifi;
+
+ h->nlmsg_type = RTM_NEWLINK;
+ h->nlmsg_len = NLMSG_LENGTH(sizeof(*ifi));
+
+ ifi = NLMSG_DATA(h);
+ ifi->ifi_type = ARPHRD_ETHER;
+ ifi->ifi_index = 1;
+ ifi->ifi_flags = IFF_RUNNING | IFF_BROADCAST |
+ IFF_MULTICAST | IFF_UP | IFF_LOWER_UP;
+
+#define ASSERT(x) if (x < 0) return -1
+#define ATTR_L(t, v, l) ASSERT(addattr_l(h, buflen, t, v, l))
+#define ATTR_8(t, v) ASSERT(addattr8(h, buflen, t, v))
+#define ATTR_32(t, v) ASSERT(addattr32(h, buflen, t, v))
+#define ATTR_STRZ(t, v) ASSERT(addattrstrz(h, buflen, t, v))
+
+#define NEST(t) addattr_nest(h, buflen, t)
+#define NEST_END(t) addattr_nest_end(h, t)
+
+ ATTR_STRZ(IFLA_IFNAME, "eth0");
+ ATTR_32(IFLA_TXQLEN, 10000);
+ ATTR_8(IFLA_OPERSTATE, 6);
+ ATTR_8(IFLA_LINKMODE, 0);
+ ATTR_32(IFLA_MTU, 9000);
+ ATTR_32(IFLA_GROUP, 0);
+ ATTR_32(IFLA_PROMISCUITY, 0);
+ ATTR_32(IFLA_NUM_TX_QUEUES, 8);
+ ATTR_32(IFLA_NUM_RX_QUEUES, 8);
+ ATTR_8(IFLA_CARRIER, 1);
+ ATTR_STRZ(IFLA_QDISC, "mq");
+ ATTR_L(IFLA_ADDRESS, vf_mac.mac, ETH_ALEN);
+ ATTR_L(IFLA_BROADCAST, bcmac, sizeof(bcmac));
+ ATTR_32(IFLA_NUM_VF, 2);
+
+ vfinfo_list = NEST(IFLA_VFINFO_LIST);
+
+ vfinfo = NEST(IFLA_VF_INFO);
+ ATTR_L(IFLA_VF_MAC, &vf_mac, sizeof(vf_mac));
+ ATTR_L(IFLA_VF_VLAN, &vf_vlan, sizeof(vf_vlan));
+ ATTR_L(IFLA_VF_TX_RATE, &vf_tx_rate, sizeof(vf_tx_rate));
+ ATTR_L(IFLA_VF_SPOOFCHK, &vf_spoofchk, sizeof(vf_spoofchk));
+ ATTR_L(IFLA_VF_LINK_STATE, &vf_link_state, sizeof(vf_link_state));
+ NEST_END(vfinfo);
+
+ vf_mac.vf = vf_vlan.vf = vf_tx_rate.vf = 1;
+ vf_spoofchk.vf = vf_link_state.vf = 1;
+
+ vfinfo = NEST(IFLA_VF_INFO);
+ ATTR_L(IFLA_VF_MAC, &vf_mac, sizeof(vf_mac));
+ ATTR_L(IFLA_VF_VLAN, &vf_vlan, sizeof(vf_vlan));
+ ATTR_L(IFLA_VF_TX_RATE, &vf_tx_rate, sizeof(vf_tx_rate));
+ ATTR_L(IFLA_VF_SPOOFCHK, &vf_spoofchk, sizeof(vf_spoofchk));
+ ATTR_L(IFLA_VF_LINK_STATE, &vf_link_state, sizeof(vf_link_state));
+ NEST_END(vfinfo);
+
+ NEST_END(vfinfo_list);
+
+ return h->nlmsg_len;
+}
+
+int main(void)
+{
+ char buf[16384] = { 0 };
+ int msglen;
+ FILE *fp;
+
+ msglen = fill_vf_rate_test(buf, sizeof(buf));
+ if (msglen < 0) {
+ fprintf(stderr, "fill_vf_rate_test() failed!\n");
+ return 1;
+ }
+ fp = fopen("tests/ip/link/dev_wo_vf_rate.nl", "w");
+ if (!fp) {
+ perror("fopen()");
+ return 1;
+ }
+ if (fwrite(buf, msglen, 1, fp) != 1) {
+ perror("fwrite()");
+ return 1;
+ }
+ fclose(fp);
+ return 0;
+}
diff --git a/tipc/Makefile b/tipc/Makefile
index f06dcb1..d3c957e 100644
--- a/tipc/Makefile
+++ b/tipc/Makefile
@@ -1,4 +1,5 @@
-include ../Config
+include ../config.mk
+
ifeq ($(HAVE_MNL),y)
TIPCOBJ=bearer.o \
@@ -8,17 +9,14 @@
node.o socket.o \
peer.o tipc.o
-include ../Config
-
TARGETS=tipc
-CFLAGS += $(shell $(PKG_CONFIG) libmnl --cflags)
-LDLIBS += $(shell $(PKG_CONFIG) libmnl --libs)
endif
all: $(TARGETS) $(LIBS)
tipc: $(TIPCOBJ)
+ $(QUIET_LINK)$(CC) $^ $(LDFLAGS) $(LDLIBS) -o $@
install: all
install -m 0755 $(TARGETS) $(DESTDIR)$(SBINDIR)
diff --git a/tipc/bearer.c b/tipc/bearer.c
index 30b54d9..0d84570 100644
--- a/tipc/bearer.c
+++ b/tipc/bearer.c
@@ -14,6 +14,7 @@
#include <string.h>
#include <netdb.h>
#include <errno.h>
+#include <arpa/inet.h>
#include <linux/tipc_netlink.h>
#include <linux/tipc.h>
@@ -26,16 +27,25 @@
#include "msg.h"
#include "bearer.h"
+#define UDP_PROP_IP 1
+#define UDP_PROP_PORT 2
+
+struct cb_data {
+ int attr;
+ int prop;
+ struct nlmsghdr *nlh;
+};
+
static void _print_bearer_opts(void)
{
fprintf(stderr,
- "\nOPTIONS\n"
+ "OPTIONS\n"
" priority - Bearer link priority\n"
" tolerance - Bearer link tolerance\n"
" window - Bearer link window\n");
}
-static void _print_bearer_media(void)
+void print_bearer_media(void)
{
fprintf(stderr,
"\nMEDIA\n"
@@ -44,43 +54,30 @@
" eth - Ethernet\n");
}
-static void cmd_bearer_enable_l2_help(struct cmdl *cmdl)
+static void cmd_bearer_enable_l2_help(struct cmdl *cmdl, char *media)
{
fprintf(stderr,
- "Usage: %s bearer enable media MEDIA device DEVICE [OPTIONS]\n"
+ "Usage: %s bearer enable media %s device DEVICE [OPTIONS]\n"
"\nOPTIONS\n"
" domain DOMAIN - Discovery domain\n"
" priority PRIORITY - Bearer priority\n",
- cmdl->argv[0]);
+ cmdl->argv[0], media);
}
-static void cmd_bearer_enable_udp_help(struct cmdl *cmdl)
+static void cmd_bearer_enable_udp_help(struct cmdl *cmdl, char *media)
{
fprintf(stderr,
- "Usage: %s bearer enable media udp name NAME localip IP [OPTIONS]\n"
- "\nOPTIONS\n"
+ "Usage: %s bearer enable [OPTIONS] media %s name NAME localip IP [UDP OPTIONS]\n\n",
+ cmdl->argv[0], media);
+ fprintf(stderr,
+ "OPTIONS\n"
" domain DOMAIN - Discovery domain\n"
- " priority PRIORITY - Bearer priority\n"
+ " priority PRIORITY - Bearer priority\n\n");
+ fprintf(stderr,
+ "UDP OPTIONS\n"
" localport PORT - Local UDP port (default 6118)\n"
" remoteip IP - Remote IP address\n"
- " remoteport IP - Remote UDP port (default 6118)\n",
- cmdl->argv[0]);
-}
-
-static int enable_l2_bearer(struct nlmsghdr *nlh, struct opt *opts,
- struct cmdl *cmdl)
-{
- struct opt *opt;
- char id[TIPC_MAX_BEARER_NAME];
-
- if (!(opt = get_opt(opts, "device"))) {
- fprintf(stderr, "error: missing bearer device\n");
- return -EINVAL;
- }
- snprintf(id, sizeof(id), "eth:%s", opt->val);
- mnl_attr_put_strz(nlh, TIPC_NLA_BEARER_NAME, id);
-
- return 0;
+ " remoteport PORT - Remote UDP port (default 6118)\n");
}
static int get_netid_cb(const struct nlmsghdr *nlh, void *data)
@@ -123,8 +120,8 @@
return 0;
}
-static int enable_udp_bearer(struct nlmsghdr *nlh, struct opt *opts,
- struct cmdl *cmdl)
+static int nl_add_udp_enable_opts(struct nlmsghdr *nlh, struct opt *opts,
+ struct cmdl *cmdl)
{
int err;
struct opt *opt;
@@ -134,7 +131,6 @@
char *remport = "6118";
char *locip = NULL;
char *remip = NULL;
- char name[TIPC_MAX_BEARER_NAME];
struct addrinfo *loc = NULL;
struct addrinfo *rem = NULL;
struct addrinfo hints = {
@@ -142,22 +138,9 @@
.ai_socktype = SOCK_DGRAM
};
- if (help_flag) {
- cmd_bearer_enable_udp_help(cmdl);
- /* TODO find a better error code? */
- return -EINVAL;
- }
-
- if (!(opt = get_opt(opts, "name"))) {
- fprintf(stderr, "error, udp bearer name missing\n");
- cmd_bearer_enable_udp_help(cmdl);
- return -EINVAL;
- }
- snprintf(name, sizeof(name), "udp:%s", opt->val);
-
if (!(opt = get_opt(opts, "localip"))) {
fprintf(stderr, "error, udp bearer localip missing\n");
- cmd_bearer_enable_udp_help(cmdl);
+ cmd_bearer_enable_udp_help(cmdl, "udp");
return -EINVAL;
}
locip = opt->val;
@@ -180,6 +163,7 @@
if (!remip) {
if (generate_multicast(loc->ai_family, buf, sizeof(buf))) {
fprintf(stderr, "Failed to generate multicast address\n");
+ freeaddrinfo(loc);
return -EINVAL;
}
remip = buf;
@@ -194,11 +178,11 @@
if (rem->ai_family != loc->ai_family) {
fprintf(stderr, "UDP local and remote AF mismatch\n");
+ freeaddrinfo(rem);
+ freeaddrinfo(loc);
return -EINVAL;
}
- mnl_attr_put_strz(nlh, TIPC_NLA_BEARER_NAME, name);
-
nest = mnl_attr_nest_start(nlh, TIPC_NLA_BEARER_UDP_OPTS);
mnl_attr_put(nlh, TIPC_NLA_UDP_LOCAL, loc->ai_addrlen, loc->ai_addr);
mnl_attr_put(nlh, TIPC_NLA_UDP_REMOTE, rem->ai_addrlen, rem->ai_addr);
@@ -210,43 +194,29 @@
return 0;
}
-static void cmd_bearer_enable_help(struct cmdl *cmdl)
+static int nl_add_bearer_name(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, struct opt *opts,
+ const struct tipc_sup_media *sup_media)
{
- fprintf(stderr,
- "Usage: %s bearer enable [OPTIONS] media MEDIA ARGS...\n\n"
- "OPTIONS\n"
- " domain DOMAIN - Discovery domain\n"
- " priority PRIORITY - Bearer priority\n",
- cmdl->argv[0]);
- _print_bearer_media();
+ char bname[TIPC_MAX_BEARER_NAME];
+ int err;
+
+ if ((err = cmd_get_unique_bearer_name(cmd, cmdl, opts, bname, sup_media)))
+ return err;
+
+ mnl_attr_put_strz(nlh, TIPC_NLA_BEARER_NAME, bname);
+ return 0;
}
-static int cmd_bearer_enable(struct nlmsghdr *nlh, const struct cmd *cmd,
- struct cmdl *cmdl, void *data)
+int cmd_get_unique_bearer_name(const struct cmd *cmd, struct cmdl *cmdl,
+ struct opt *opts, char *bname,
+ const struct tipc_sup_media *sup_media)
{
- int err;
- struct opt *opt;
- struct nlattr *nest;
- char buf[MNL_SOCKET_BUFFER_SIZE];
char *media;
- struct opt opts[] = {
- { "device", NULL },
- { "domain", NULL },
- { "localip", NULL },
- { "localport", NULL },
- { "media", NULL },
- { "name", NULL },
- { "priority", NULL },
- { "remoteip", NULL },
- { "remoteport", NULL },
- { NULL }
- };
+ char *identifier;
+ struct opt *opt;
+ const struct tipc_sup_media *entry;
- if (parse_opts(opts, cmdl) < 0) {
- if (help_flag)
- (cmd->help)(cmdl);
- return -EINVAL;
- }
if (!(opt = get_opt(opts, "media"))) {
if (help_flag)
@@ -257,6 +227,196 @@
}
media = opt->val;
+ for (entry = sup_media; entry->media; entry++) {
+ if (strcmp(entry->media, media))
+ continue;
+
+ if (!(opt = get_opt(opts, entry->identifier))) {
+ if (help_flag)
+ (entry->help)(cmdl, media);
+ else
+ fprintf(stderr, "error, missing bearer %s\n",
+ entry->identifier);
+ return -EINVAL;
+ }
+
+ identifier = opt->val;
+ snprintf(bname, TIPC_MAX_BEARER_NAME, "%s:%s", media, identifier);
+
+ return 0;
+ }
+
+ fprintf(stderr, "error, invalid media type %s\n", media);
+
+ return -EINVAL;
+}
+
+static void cmd_bearer_add_udp_help(struct cmdl *cmdl, char *media)
+{
+ fprintf(stderr, "Usage: %s bearer add media %s name NAME remoteip REMOTEIP\n\n",
+ cmdl->argv[0], media);
+}
+
+static void cmd_bearer_add_help(struct cmdl *cmdl)
+{
+ fprintf(stderr, "Usage: %s bearer add media udp name NAME remoteip REMOTEIP\n",
+ cmdl->argv[0]);
+}
+
+static int udp_bearer_add(struct nlmsghdr *nlh, struct opt *opts,
+ struct cmdl *cmdl)
+{
+ int err;
+ struct opt *opt;
+ struct nlattr *opts_nest;
+ char *remport = "6118";
+
+ opts_nest = mnl_attr_nest_start(nlh, TIPC_NLA_BEARER_UDP_OPTS);
+
+ if ((opt = get_opt(opts, "remoteport")))
+ remport = opt->val;
+
+ if ((opt = get_opt(opts, "remoteip"))) {
+ char *ip = opt->val;
+ struct addrinfo *addr = NULL;
+ struct addrinfo hints = {
+ .ai_family = AF_UNSPEC,
+ .ai_socktype = SOCK_DGRAM
+ };
+
+ if ((err = getaddrinfo(ip, remport, &hints, &addr))) {
+ fprintf(stderr, "UDP address error: %s\n",
+ gai_strerror(err));
+ freeaddrinfo(addr);
+ return err;
+ }
+
+ mnl_attr_put(nlh, TIPC_NLA_UDP_REMOTE, addr->ai_addrlen,
+ addr->ai_addr);
+ freeaddrinfo(addr);
+ } else {
+ fprintf(stderr, "error, missing remoteip\n");
+ return -EINVAL;
+ }
+ mnl_attr_nest_end(nlh, opts_nest);
+
+ return 0;
+}
+
+static int cmd_bearer_add_media(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ int err;
+ char *media;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct opt *opt;
+ struct nlattr *attrs;
+ struct opt opts[] = {
+ { "remoteip", OPT_KEYVAL, NULL },
+ { "remoteport", OPT_KEYVAL, NULL },
+ { "name", OPT_KEYVAL, NULL },
+ { "media", OPT_KEYVAL, NULL },
+ { NULL }
+ };
+ const struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_bearer_add_udp_help},
+ { NULL, },
+ };
+
+ /* Rewind optind to include media in the option list */
+ cmdl->optind--;
+ if (parse_opts(opts, cmdl) < 0)
+ return -EINVAL;
+
+ if (!(opt = get_opt(opts, "media"))) {
+ fprintf(stderr, "error, missing media value\n");
+ return -EINVAL;
+ }
+ media = opt->val;
+
+ if (strcmp(media, "udp") != 0) {
+ fprintf(stderr, "error, no \"%s\" media specific options available\n",
+ media);
+ return -EINVAL;
+ }
+ if (!(opt = get_opt(opts, "name"))) {
+ fprintf(stderr, "error, missing media name\n");
+ return -EINVAL;
+ }
+
+ if (!(nlh = msg_init(buf, TIPC_NL_BEARER_ADD))) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+
+ attrs = mnl_attr_nest_start(nlh, TIPC_NLA_BEARER);
+ err = nl_add_bearer_name(nlh, cmd, cmdl, opts, sup_media);
+ if (err)
+ return err;
+
+ err = udp_bearer_add(nlh, opts, cmdl);
+ if (err)
+ return err;
+
+ mnl_attr_nest_end(nlh, attrs);
+
+ return msg_doit(nlh, NULL, NULL);
+}
+
+static int cmd_bearer_add(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ const struct cmd cmds[] = {
+ { "media", cmd_bearer_add_media, cmd_bearer_add_help },
+ { NULL }
+ };
+
+ return run_cmd(nlh, cmd, cmds, cmdl, NULL);
+}
+
+static void cmd_bearer_enable_help(struct cmdl *cmdl)
+{
+ fprintf(stderr,
+ "Usage: %s bearer enable [OPTIONS] media MEDIA ARGS...\n\n"
+ "OPTIONS\n"
+ " domain DOMAIN - Discovery domain\n"
+ " priority PRIORITY - Bearer priority\n",
+ cmdl->argv[0]);
+ print_bearer_media();
+}
+
+static int cmd_bearer_enable(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ int err;
+ struct opt *opt;
+ struct nlattr *nest;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct opt opts[] = {
+ { "device", OPT_KEYVAL, NULL },
+ { "domain", OPT_KEYVAL, NULL },
+ { "localip", OPT_KEYVAL, NULL },
+ { "localport", OPT_KEYVAL, NULL },
+ { "media", OPT_KEYVAL, NULL },
+ { "name", OPT_KEYVAL, NULL },
+ { "priority", OPT_KEYVAL, NULL },
+ { "remoteip", OPT_KEYVAL, NULL },
+ { "remoteport", OPT_KEYVAL, NULL },
+ { NULL }
+ };
+ struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_bearer_enable_udp_help},
+ { "eth", "device", cmd_bearer_enable_l2_help },
+ { "ib", "device", cmd_bearer_enable_l2_help },
+ { NULL, },
+ };
+
+ if (parse_opts(opts, cmdl) < 0) {
+ if (help_flag)
+ (cmd->help)(cmdl);
+ return -EINVAL;
+ }
+
if (!(nlh = msg_init(buf, TIPC_NL_BEARER_ENABLE))) {
fprintf(stderr, "error: message initialisation failed\n");
return -1;
@@ -274,95 +434,58 @@
mnl_attr_nest_end(nlh, props);
}
- if (strcmp(media, "udp") == 0) {
- if (help_flag) {
- cmd_bearer_enable_udp_help(cmdl);
- return -EINVAL;
- }
- if ((err = enable_udp_bearer(nlh, opts, cmdl)))
- return err;
- } else if ((strcmp(media, "eth") == 0) || (strcmp(media, "udp") == 0)) {
- if (help_flag) {
- cmd_bearer_enable_l2_help(cmdl);
- return -EINVAL;
- }
- if ((err = enable_l2_bearer(nlh, opts, cmdl)))
- return err;
- } else {
- fprintf(stderr, "error, invalid media type \"%s\"\n", media);
- return -EINVAL;
- }
+ err = nl_add_bearer_name(nlh, cmd, cmdl, opts, sup_media);
+ if (err)
+ return err;
+ opt = get_opt(opts, "media");
+ if (opt && strcmp(opt->val, "udp") == 0) {
+ err = nl_add_udp_enable_opts(nlh, opts, cmdl);
+ if (err)
+ return err;
+ }
mnl_attr_nest_end(nlh, nest);
return msg_doit(nlh, NULL, NULL);
}
-static int add_l2_bearer(struct nlmsghdr *nlh, struct opt *opts)
+static void cmd_bearer_disable_l2_help(struct cmdl *cmdl, char *media)
{
- struct opt *opt;
- char id[TIPC_MAX_BEARER_NAME];
-
- if (!(opt = get_opt(opts, "device"))) {
- fprintf(stderr, "error: missing bearer device\n");
- return -EINVAL;
- }
- snprintf(id, sizeof(id), "eth:%s", opt->val);
-
- mnl_attr_put_strz(nlh, TIPC_NLA_BEARER_NAME, id);
-
- return 0;
+ fprintf(stderr, "Usage: %s bearer disable media %s device DEVICE\n",
+ cmdl->argv[0], media);
}
-static int add_udp_bearer(struct nlmsghdr *nlh, struct opt *opts)
+static void cmd_bearer_disable_udp_help(struct cmdl *cmdl, char *media)
{
- struct opt *opt;
- char id[TIPC_MAX_BEARER_NAME];
-
- if (!(opt = get_opt(opts, "name"))) {
- fprintf(stderr, "error: missing bearer name\n");
- return -EINVAL;
- }
- snprintf(id, sizeof(id), "udp:%s", opt->val);
-
- mnl_attr_put_strz(nlh, TIPC_NLA_BEARER_NAME, id);
-
- return 0;
-}
-
-static void cmd_bearer_disable_l2_help(struct cmdl *cmdl)
-{
- fprintf(stderr, "Usage: %s bearer disable media udp device DEVICE\n",
- cmdl->argv[0]);
-}
-
-static void cmd_bearer_disable_udp_help(struct cmdl *cmdl)
-{
- fprintf(stderr, "Usage: %s bearer disable media udp name NAME\n",
- cmdl->argv[0]);
+ fprintf(stderr, "Usage: %s bearer disable media %s name NAME\n",
+ cmdl->argv[0], media);
}
static void cmd_bearer_disable_help(struct cmdl *cmdl)
{
fprintf(stderr, "Usage: %s bearer disable media MEDIA ARGS...\n",
cmdl->argv[0]);
- _print_bearer_media();
+ print_bearer_media();
}
static int cmd_bearer_disable(struct nlmsghdr *nlh, const struct cmd *cmd,
struct cmdl *cmdl, void *data)
{
int err;
- char *media;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlattr *nest;
- struct opt *opt;
struct opt opts[] = {
- { "device", NULL },
- { "name", NULL },
- { "media", NULL },
+ { "device", OPT_KEYVAL, NULL },
+ { "name", OPT_KEYVAL, NULL },
+ { "media", OPT_KEYVAL, NULL },
{ NULL }
};
+ struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_bearer_disable_udp_help},
+ { "eth", "device", cmd_bearer_disable_l2_help },
+ { "ib", "device", cmd_bearer_disable_l2_help },
+ { NULL, },
+ };
if (parse_opts(opts, cmdl) < 0) {
if (help_flag)
@@ -370,40 +493,15 @@
return -EINVAL;
}
- if (!(opt = get_opt(opts, "media"))) {
- if (help_flag)
- (cmd->help)(cmdl);
- else
- fprintf(stderr, "error, missing bearer media\n");
- return -EINVAL;
- }
- media = opt->val;
-
if (!(nlh = msg_init(buf, TIPC_NL_BEARER_DISABLE))) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
nest = mnl_attr_nest_start(nlh, TIPC_NLA_BEARER);
-
- if (strcmp(media, "udp") == 0) {
- if (help_flag) {
- cmd_bearer_disable_udp_help(cmdl);
- return -EINVAL;
- }
- if ((err = add_udp_bearer(nlh, opts)))
- return err;
- } else if ((strcmp(media, "eth") == 0) || (strcmp(media, "udp") == 0)) {
- if (help_flag) {
- cmd_bearer_disable_l2_help(cmdl);
- return -EINVAL;
- }
- if ((err = add_l2_bearer(nlh, opts)))
- return err;
- } else {
- fprintf(stderr, "error, invalid media type \"%s\"\n", media);
- return -EINVAL;
- }
+ err = nl_add_bearer_name(nlh, cmd, cmdl, opts, sup_media);
+ if (err)
+ return err;
mnl_attr_nest_end(nlh, nest);
return msg_doit(nlh, NULL, NULL);
@@ -415,13 +513,13 @@
fprintf(stderr, "Usage: %s bearer set OPTION media MEDIA ARGS...\n",
cmdl->argv[0]);
_print_bearer_opts();
- _print_bearer_media();
+ print_bearer_media();
}
-static void cmd_bearer_set_udp_help(struct cmdl *cmdl)
+static void cmd_bearer_set_udp_help(struct cmdl *cmdl, char *media)
{
- fprintf(stderr, "Usage: %s bearer set OPTION media udp name NAME\n\n",
- cmdl->argv[0]);
+ fprintf(stderr, "Usage: %s bearer set OPTION media %s name NAME\n\n",
+ cmdl->argv[0], media);
_print_bearer_opts();
}
@@ -434,22 +532,26 @@
}
static int cmd_bearer_set_prop(struct nlmsghdr *nlh, const struct cmd *cmd,
- struct cmdl *cmdl, void *data)
+ struct cmdl *cmdl, void *data)
{
int err;
int val;
int prop;
- char *media;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlattr *props;
struct nlattr *attrs;
- struct opt *opt;
struct opt opts[] = {
- { "device", NULL },
- { "media", NULL },
- { "name", NULL },
+ { "device", OPT_KEYVAL, NULL },
+ { "media", OPT_KEYVAL, NULL },
+ { "name", OPT_KEYVAL, NULL },
{ NULL }
};
+ struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_bearer_set_udp_help},
+ { "eth", "device", cmd_bearer_set_l2_help },
+ { "ib", "device", cmd_bearer_set_l2_help },
+ { NULL, },
+ };
if (strcmp(cmd->cmd, "priority") == 0)
prop = TIPC_NLA_PROP_PRIO;
@@ -460,11 +562,6 @@
else
return -EINVAL;
- if (help_flag) {
- (cmd->help)(cmdl);
- return -EINVAL;
- }
-
if (cmdl->optind >= cmdl->argc) {
fprintf(stderr, "error, missing value\n");
return -EINVAL;
@@ -484,30 +581,10 @@
mnl_attr_put_u32(nlh, prop, val);
mnl_attr_nest_end(nlh, props);
- if (!(opt = get_opt(opts, "media"))) {
- fprintf(stderr, "error, missing media\n");
- return -EINVAL;
- }
- media = opt->val;
+ err = nl_add_bearer_name(nlh, cmd, cmdl, opts, sup_media);
+ if (err)
+ return err;
- if (strcmp(media, "udp") == 0) {
- if (help_flag) {
- cmd_bearer_set_udp_help(cmdl);
- return -EINVAL;
- }
- if ((err = add_udp_bearer(nlh, opts)))
- return err;
- } else if ((strcmp(media, "eth") == 0) || (strcmp(media, "udp") == 0)) {
- if (help_flag) {
- cmd_bearer_set_l2_help(cmdl, media);
- return -EINVAL;
- }
- if ((err = add_l2_bearer(nlh, opts)))
- return err;
- } else {
- fprintf(stderr, "error, invalid media type \"%s\"\n", media);
- return -EINVAL;
- }
mnl_attr_nest_end(nlh, attrs);
return msg_doit(nlh, NULL, NULL);
@@ -528,27 +605,142 @@
static void cmd_bearer_get_help(struct cmdl *cmdl)
{
- fprintf(stderr, "Usage: %s bearer get OPTION media MEDIA ARGS...\n",
+ fprintf(stderr, "Usage: %s bearer get [OPTION] media MEDIA ARGS...\n",
cmdl->argv[0]);
_print_bearer_opts();
- _print_bearer_media();
+ print_bearer_media();
}
-static void cmd_bearer_get_udp_help(struct cmdl *cmdl)
+static void cmd_bearer_get_udp_help(struct cmdl *cmdl, char *media)
{
- fprintf(stderr, "Usage: %s bearer get OPTION media udp name NAME\n\n",
- cmdl->argv[0]);
+ fprintf(stderr, "Usage: %s bearer get [OPTION] media %s name NAME [UDP OPTIONS]\n\n",
+ cmdl->argv[0], media);
+ fprintf(stderr,
+ "UDP OPTIONS\n"
+ " remoteip - Remote ip address\n"
+ " remoteport - Remote port\n"
+ " localip - Local ip address\n"
+ " localport - Local port\n\n");
_print_bearer_opts();
}
static void cmd_bearer_get_l2_help(struct cmdl *cmdl, char *media)
{
fprintf(stderr,
- "Usage: %s bearer get [OPTION]... media %s device DEVICE\n",
+ "Usage: %s bearer get OPTION media %s device DEVICE\n",
cmdl->argv[0], media);
_print_bearer_opts();
}
+
+static int bearer_dump_udp_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct sockaddr_storage *addr;
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct nlattr *info[TIPC_NLA_UDP_MAX + 1] = {};
+
+ mnl_attr_parse(nlh, sizeof(*genl), parse_attrs, info);
+
+ if (!info[TIPC_NLA_UDP_REMOTE])
+ return MNL_CB_ERROR;
+
+ addr = mnl_attr_get_payload(info[TIPC_NLA_UDP_REMOTE]);
+
+ if (addr->ss_family == AF_INET) {
+ struct sockaddr_in *ipv4 = (struct sockaddr_in *) addr;
+
+ printf("%s\n", inet_ntoa(ipv4->sin_addr));
+ } else if (addr->ss_family == AF_INET6) {
+ char straddr[INET6_ADDRSTRLEN];
+ struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *) addr;
+
+ if (!inet_ntop(AF_INET6, &ipv6->sin6_addr, straddr,
+ sizeof(straddr))) {
+ fprintf(stderr, "error, parsing IPv6 addr\n");
+ return MNL_CB_ERROR;
+ }
+ printf("%s\n", straddr);
+
+ } else {
+ return MNL_CB_ERROR;
+ }
+
+ return MNL_CB_OK;
+}
+
+static int bearer_get_udp_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct cb_data *cb_data = (struct cb_data *) data;
+ struct sockaddr_storage *addr;
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct nlattr *info[TIPC_NLA_MAX + 1] = {};
+ struct nlattr *attrs[TIPC_NLA_BEARER_MAX + 1] = {};
+ struct nlattr *opts[TIPC_NLA_UDP_MAX + 1] = {};
+
+ mnl_attr_parse(nlh, sizeof(*genl), parse_attrs, info);
+ if (!info[TIPC_NLA_BEARER])
+ return MNL_CB_ERROR;
+
+ mnl_attr_parse_nested(info[TIPC_NLA_BEARER], parse_attrs, attrs);
+ if (!attrs[TIPC_NLA_BEARER_UDP_OPTS])
+ return MNL_CB_ERROR;
+
+ mnl_attr_parse_nested(attrs[TIPC_NLA_BEARER_UDP_OPTS], parse_attrs, opts);
+ if (!opts[TIPC_NLA_UDP_LOCAL])
+ return MNL_CB_ERROR;
+
+ if ((cb_data->attr == TIPC_NLA_UDP_REMOTE) &&
+ (cb_data->prop == UDP_PROP_IP) &&
+ opts[TIPC_NLA_UDP_MULTI_REMOTEIP]) {
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(cb_data->nlh);
+
+ genl->cmd = TIPC_NL_UDP_GET_REMOTEIP;
+ return msg_dumpit(cb_data->nlh, bearer_dump_udp_cb, NULL);
+ }
+
+ addr = mnl_attr_get_payload(opts[cb_data->attr]);
+
+ if (addr->ss_family == AF_INET) {
+ struct sockaddr_in *ipv4 = (struct sockaddr_in *) addr;
+
+ switch (cb_data->prop) {
+ case UDP_PROP_IP:
+ printf("%s\n", inet_ntoa(ipv4->sin_addr));
+ break;
+ case UDP_PROP_PORT:
+ printf("%u\n", ntohs(ipv4->sin_port));
+ break;
+ default:
+ return MNL_CB_ERROR;
+ }
+
+ } else if (addr->ss_family == AF_INET6) {
+ char straddr[INET6_ADDRSTRLEN];
+ struct sockaddr_in6 *ipv6 = (struct sockaddr_in6 *) addr;
+
+ switch (cb_data->prop) {
+ case UDP_PROP_IP:
+ if (!inet_ntop(AF_INET6, &ipv6->sin6_addr, straddr,
+ sizeof(straddr))) {
+ fprintf(stderr, "error, parsing IPv6 addr\n");
+ return MNL_CB_ERROR;
+ }
+ printf("%s\n", straddr);
+ break;
+ case UDP_PROP_PORT:
+ printf("%u\n", ntohs(ipv6->sin6_port));
+ break;
+ default:
+ return MNL_CB_ERROR;
+ }
+
+ } else {
+ return MNL_CB_ERROR;
+ }
+
+ return MNL_CB_OK;
+}
+
static int bearer_get_cb(const struct nlmsghdr *nlh, void *data)
{
int *prop = data;
@@ -574,21 +766,110 @@
return MNL_CB_OK;
}
+static int cmd_bearer_get_media(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ int err;
+ char *media;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct opt *opt;
+ struct cb_data cb_data = {0};
+ struct nlattr *attrs;
+ struct opt opts[] = {
+ { "localip", OPT_KEY, NULL },
+ { "localport", OPT_KEY, NULL },
+ { "remoteip", OPT_KEY, NULL },
+ { "remoteport", OPT_KEY, NULL },
+ { "name", OPT_KEYVAL, NULL },
+ { "media", OPT_KEYVAL, NULL },
+ { NULL }
+ };
+ struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_bearer_get_udp_help},
+ { NULL, },
+ };
+
+ /* Rewind optind to include media in the option list */
+ cmdl->optind--;
+ if (parse_opts(opts, cmdl) < 0)
+ return -EINVAL;
+
+ if (!(opt = get_opt(opts, "media"))) {
+ fprintf(stderr, "error, missing media value\n");
+ return -EINVAL;
+ }
+ media = opt->val;
+
+ if (help_flag) {
+ cmd_bearer_get_udp_help(cmdl, media);
+ return -EINVAL;
+ }
+ if (strcmp(media, "udp") != 0) {
+ fprintf(stderr, "error, no \"%s\" media specific options\n", media);
+ return -EINVAL;
+ }
+ if (!(opt = get_opt(opts, "name"))) {
+ fprintf(stderr, "error, missing media name\n");
+ return -EINVAL;
+ }
+
+ if (!(nlh = msg_init(buf, TIPC_NL_BEARER_GET))) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+
+ attrs = mnl_attr_nest_start(nlh, TIPC_NLA_BEARER);
+ err = nl_add_bearer_name(nlh, cmd, cmdl, opts, sup_media);
+ if (err)
+ return err;
+ mnl_attr_nest_end(nlh, attrs);
+ cb_data.nlh = nlh;
+
+ if (has_opt(opts, "localip")) {
+ cb_data.attr = TIPC_NLA_UDP_LOCAL;
+ cb_data.prop = UDP_PROP_IP;
+ return msg_doit(nlh, bearer_get_udp_cb, &cb_data);
+ } else if (has_opt(opts, "localport")) {
+ cb_data.attr = TIPC_NLA_UDP_LOCAL;
+ cb_data.prop = UDP_PROP_PORT;
+ return msg_doit(nlh, bearer_get_udp_cb, &cb_data);
+ } else if (has_opt(opts, "remoteip")) {
+ cb_data.attr = TIPC_NLA_UDP_REMOTE;
+ cb_data.prop = UDP_PROP_IP;
+ return msg_doit(nlh, bearer_get_udp_cb, &cb_data);
+ } else if (has_opt(opts, "remoteport")) {
+ cb_data.attr = TIPC_NLA_UDP_REMOTE;
+ cb_data.prop = UDP_PROP_PORT;
+ return msg_doit(nlh, bearer_get_udp_cb, &cb_data);
+ }
+ fprintf(stderr, "error, missing UDP option\n");
+ return -EINVAL;
+}
+
static int cmd_bearer_get_prop(struct nlmsghdr *nlh, const struct cmd *cmd,
struct cmdl *cmdl, void *data)
{
int err;
int prop;
- char *media;
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlattr *attrs;
- struct opt *opt;
struct opt opts[] = {
- { "device", NULL },
- { "media", NULL },
- { "name", NULL },
+ { "device", OPT_KEYVAL, NULL },
+ { "media", OPT_KEYVAL, NULL },
+ { "name", OPT_KEYVAL, NULL },
{ NULL }
};
+ struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_bearer_get_udp_help},
+ { "eth", "device", cmd_bearer_get_l2_help },
+ { "ib", "device", cmd_bearer_get_l2_help },
+ { NULL, },
+ };
+
+ if (help_flag) {
+ (cmd->help)(cmdl);
+ return -EINVAL;
+ }
if (strcmp(cmd->cmd, "priority") == 0)
prop = TIPC_NLA_PROP_PRIO;
@@ -599,11 +880,6 @@
else
return -EINVAL;
- if (help_flag) {
- (cmd->help)(cmdl);
- return -EINVAL;
- }
-
if (parse_opts(opts, cmdl) < 0)
return -EINVAL;
@@ -612,31 +888,10 @@
return -1;
}
- if (!(opt = get_opt(opts, "media"))) {
- fprintf(stderr, "error, missing media\n");
- return -EINVAL;
- }
- media = opt->val;
-
attrs = mnl_attr_nest_start(nlh, TIPC_NLA_BEARER);
- if (strcmp(media, "udp") == 0) {
- if (help_flag) {
- cmd_bearer_get_udp_help(cmdl);
- return -EINVAL;
- }
- if ((err = add_udp_bearer(nlh, opts)))
- return err;
- } else if ((strcmp(media, "eth") == 0) || (strcmp(media, "udp") == 0)) {
- if (help_flag) {
- cmd_bearer_get_l2_help(cmdl, media);
- return -EINVAL;
- }
- if ((err = add_l2_bearer(nlh, opts)))
- return err;
- } else {
- fprintf(stderr, "error, invalid media type \"%s\"\n", media);
- return -EINVAL;
- }
+ err = nl_add_bearer_name(nlh, cmd, cmdl, opts, sup_media);
+ if (err)
+ return err;
mnl_attr_nest_end(nlh, attrs);
return msg_doit(nlh, bearer_get_cb, &prop);
@@ -649,6 +904,7 @@
{ "priority", cmd_bearer_get_prop, cmd_bearer_get_help },
{ "tolerance", cmd_bearer_get_prop, cmd_bearer_get_help },
{ "window", cmd_bearer_get_prop, cmd_bearer_get_help },
+ { "media", cmd_bearer_get_media, cmd_bearer_get_help },
{ NULL }
};
@@ -702,6 +958,7 @@
"Usage: %s bearer COMMAND [ARGS] ...\n"
"\n"
"COMMANDS\n"
+ " add - Add data to existing bearer\n"
" enable - Enable a bearer\n"
" disable - Disable a bearer\n"
" set - Set various bearer properties\n"
@@ -713,6 +970,7 @@
void *data)
{
const struct cmd cmds[] = {
+ { "add", cmd_bearer_add, cmd_bearer_add_help },
{ "disable", cmd_bearer_disable, cmd_bearer_disable_help },
{ "enable", cmd_bearer_enable, cmd_bearer_enable_help },
{ "get", cmd_bearer_get, cmd_bearer_get_help },
diff --git a/tipc/bearer.h b/tipc/bearer.h
index 9459d65..c0d0996 100644
--- a/tipc/bearer.h
+++ b/tipc/bearer.h
@@ -19,4 +19,8 @@
int cmd_bearer(struct nlmsghdr *nlh, const struct cmd *cmd, struct cmdl *cmdl, void *data);
void cmd_bearer_help(struct cmdl *cmdl);
+void print_bearer_media(void);
+int cmd_get_unique_bearer_name(const struct cmd *cmd, struct cmdl *cmdl,
+ struct opt *opts, char *bname,
+ const struct tipc_sup_media *sup_media);
#endif
diff --git a/tipc/cmdl.c b/tipc/cmdl.c
index b816f7d..4a2f4fd 100644
--- a/tipc/cmdl.c
+++ b/tipc/cmdl.c
@@ -62,6 +62,11 @@
return NULL;
}
+bool has_opt(struct opt *opts, char *key)
+{
+ return get_opt(opts, key) ? true : false;
+}
+
char *shift_cmdl(struct cmdl *cmdl)
{
int next;
@@ -80,7 +85,7 @@
int i;
int cnt = 0;
- for (i = cmdl->optind; i < cmdl->argc; i += 2) {
+ for (i = cmdl->optind; i < cmdl->argc; i++) {
struct opt *o;
o = find_opt(opts, cmdl->argv[i]);
@@ -89,9 +94,13 @@
cmdl->argv[i]);
return -EINVAL;
}
+ if (o->flag & OPT_KEYVAL) {
+ cmdl->optind++;
+ i++;
+ }
cnt++;
- o->val = cmdl->argv[i + 1];
- cmdl->optind += 2;
+ o->val = cmdl->argv[i];
+ cmdl->optind++;
}
return cnt;
diff --git a/tipc/cmdl.h b/tipc/cmdl.h
index 9f2666f..d37239f 100644
--- a/tipc/cmdl.h
+++ b/tipc/cmdl.h
@@ -16,12 +16,23 @@
extern int help_flag;
+enum {
+ OPT_KEY = (1 << 0),
+ OPT_KEYVAL = (1 << 1),
+};
+
struct cmdl {
int optind;
int argc;
char **argv;
};
+struct tipc_sup_media {
+ char *media;
+ char *identifier;
+ void (*help)(struct cmdl *cmdl, char *media);
+};
+
struct cmd {
const char *cmd;
int (*func)(struct nlmsghdr *nlh, const struct cmd *cmd,
@@ -31,10 +42,12 @@
struct opt {
const char *key;
+ uint16_t flag;
char *val;
};
struct opt *get_opt(struct opt *opts, char *key);
+bool has_opt(struct opt *opts, char *key);
int parse_opts(struct opt *opts, struct cmdl *cmdl);
char *shift_cmdl(struct cmdl *cmdl);
diff --git a/tipc/link.c b/tipc/link.c
index 89fb4ff..4ae1c91 100644
--- a/tipc/link.c
+++ b/tipc/link.c
@@ -22,6 +22,7 @@
#include "cmdl.h"
#include "msg.h"
#include "link.h"
+#include "bearer.h"
static int link_list_cb(const struct nlmsghdr *nlh, void *data)
{
@@ -57,7 +58,8 @@
return -EINVAL;
}
- if (!(nlh = msg_init(buf, TIPC_NL_LINK_GET))) {
+ nlh = msg_init(buf, TIPC_NL_LINK_GET);
+ if (!nlh) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
@@ -90,7 +92,6 @@
return MNL_CB_OK;
}
-
static int cmd_link_get_prop(struct nlmsghdr *nlh, const struct cmd *cmd,
struct cmdl *cmdl, void *data)
{
@@ -98,7 +99,7 @@
char buf[MNL_SOCKET_BUFFER_SIZE];
struct opt *opt;
struct opt opts[] = {
- { "link", NULL },
+ { "link", OPT_KEYVAL, NULL },
{ NULL }
};
@@ -119,12 +120,14 @@
if (parse_opts(opts, cmdl) < 0)
return -EINVAL;
- if (!(nlh = msg_init(buf, TIPC_NL_LINK_GET))) {
+ nlh = msg_init(buf, TIPC_NL_LINK_GET);
+ if (!nlh) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
- if (!(opt = get_opt(opts, "link"))) {
+ opt = get_opt(opts, "link");
+ if (!opt) {
fprintf(stderr, "error, missing link\n");
return -EINVAL;
}
@@ -169,7 +172,7 @@
struct opt *opt;
struct nlattr *nest;
struct opt opts[] = {
- { "link", NULL },
+ { "link", OPT_KEYVAL, NULL },
{ NULL }
};
@@ -183,12 +186,14 @@
return -EINVAL;
}
- if (!(nlh = msg_init(buf, TIPC_NL_LINK_RESET_STATS))) {
+ nlh = msg_init(buf, TIPC_NL_LINK_RESET_STATS);
+ if (!nlh) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
- if (!(opt = get_opt(opts, "link"))) {
+ opt = get_opt(opts, "link");
+ if (!opt) {
fprintf(stderr, "error, missing link\n");
return -EINVAL;
}
@@ -245,8 +250,7 @@
mnl_attr_get_u32(stats[TIPC_NLA_STATS_MSG_LEN_CNT]),
mnl_attr_get_u32(stats[TIPC_NLA_STATS_MSG_LEN_TOT]) / proft);
- printf(" 0-64:%u%% -256:%u%% -1024:%u%% -4096:%u%% "
- "-16384:%u%% -32768:%u%% -66000:%u%%\n",
+ printf(" 0-64:%u%% -256:%u%% -1024:%u%% -4096:%u%% -16384:%u%% -32768:%u%% -66000:%u%%\n",
perc(mnl_attr_get_u32(stats[TIPC_NLA_STATS_MSG_LEN_P0]), proft),
perc(mnl_attr_get_u32(stats[TIPC_NLA_STATS_MSG_LEN_P1]), proft),
perc(mnl_attr_get_u32(stats[TIPC_NLA_STATS_MSG_LEN_P2]), proft),
@@ -365,7 +369,7 @@
char buf[MNL_SOCKET_BUFFER_SIZE];
struct opt *opt;
struct opt opts[] = {
- { "link", NULL },
+ { "link", OPT_KEYVAL, NULL },
{ NULL }
};
@@ -374,7 +378,8 @@
return -EINVAL;
}
- if (!(nlh = msg_init(buf, TIPC_NL_LINK_GET))) {
+ nlh = msg_init(buf, TIPC_NL_LINK_GET);
+ if (!nlh) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
@@ -382,7 +387,8 @@
if (parse_opts(opts, cmdl) < 0)
return -EINVAL;
- if ((opt = get_opt(opts, "link")))
+ opt = get_opt(opts, "link");
+ if (opt)
link = opt->val;
return msg_dumpit(nlh, link_stat_show_cb, link);
@@ -429,7 +435,7 @@
struct nlattr *attrs;
struct opt *opt;
struct opt opts[] = {
- { "link", NULL },
+ { "link", OPT_KEYVAL, NULL },
{ NULL }
};
@@ -456,13 +462,15 @@
if (parse_opts(opts, cmdl) < 0)
return -EINVAL;
- if (!(nlh = msg_init(buf, TIPC_NL_LINK_SET))) {
+ nlh = msg_init(buf, TIPC_NL_LINK_SET);
+ if (!nlh) {
fprintf(stderr, "error, message initialisation failed\n");
return -1;
}
attrs = mnl_attr_nest_start(nlh, TIPC_NLA_LINK);
- if (!(opt = get_opt(opts, "link"))) {
+ opt = get_opt(opts, "link");
+ if (!opt) {
fprintf(stderr, "error, missing link\n");
return -EINVAL;
}
@@ -475,8 +483,6 @@
mnl_attr_nest_end(nlh, attrs);
return msg_doit(nlh, link_get_cb, &prop);
-
- return 0;
}
static int cmd_link_set(struct nlmsghdr *nlh, const struct cmd *cmd,
@@ -492,6 +498,414 @@
return run_cmd(nlh, cmd, cmds, cmdl, NULL);
}
+static int cmd_link_mon_set_prop(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ int size;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct nlattr *attrs;
+
+ if (cmdl->argc != cmdl->optind + 1) {
+ fprintf(stderr, "error, missing value\n");
+ return -EINVAL;
+ }
+ size = atoi(shift_cmdl(cmdl));
+
+ nlh = msg_init(buf, TIPC_NL_MON_SET);
+ if (!nlh) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+ attrs = mnl_attr_nest_start(nlh, TIPC_NLA_MON);
+
+ mnl_attr_put_u32(nlh, TIPC_NLA_MON_ACTIVATION_THRESHOLD, size);
+
+ mnl_attr_nest_end(nlh, attrs);
+
+ return msg_doit(nlh, NULL, NULL);
+}
+
+static int link_mon_summary_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct nlattr *info[TIPC_NLA_MAX + 1] = {};
+ struct nlattr *attrs[TIPC_NLA_MON_MAX + 1] = {};
+
+ mnl_attr_parse(nlh, sizeof(*genl), parse_attrs, info);
+ if (!info[TIPC_NLA_MON])
+ return MNL_CB_ERROR;
+
+ mnl_attr_parse_nested(info[TIPC_NLA_MON], parse_attrs, attrs);
+
+ printf("\nbearer %s\n",
+ mnl_attr_get_str(attrs[TIPC_NLA_MON_BEARER_NAME]));
+
+ printf(" table_generation %u\n",
+ mnl_attr_get_u32(attrs[TIPC_NLA_MON_LISTGEN]));
+ printf(" cluster_size %u\n",
+ mnl_attr_get_u32(attrs[TIPC_NLA_MON_PEERCNT]));
+ printf(" algorithm %s\n",
+ attrs[TIPC_NLA_MON_ACTIVE] ? "overlapping-ring" : "full-mesh");
+
+ return MNL_CB_OK;
+}
+
+static int cmd_link_mon_summary(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+
+ if (help_flag) {
+ fprintf(stderr, "Usage: %s monitor summary\n", cmdl->argv[0]);
+ return -EINVAL;
+ }
+
+ nlh = msg_init(buf, TIPC_NL_MON_GET);
+ if (!nlh) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+
+ return msg_dumpit(nlh, link_mon_summary_cb, NULL);
+}
+
+#define STATUS_WIDTH 7
+#define MAX_NODE_WIDTH 14 /* 255.4095.4095 */
+#define MAX_DOM_GEN_WIDTH 11 /* 65535 */
+#define DIRECTLY_MON_WIDTH 10
+
+#define APPL_NODE_STATUS_WIDTH 5
+
+static int map_get(uint64_t up_map, int i)
+{
+ return (up_map & (1 << i)) >> i;
+}
+
+/* print the applied members, since we know the the members
+ * are listed in ascending order, we print only the state
+ */
+static void link_mon_print_applied(uint16_t applied, uint64_t up_map)
+{
+ int i;
+ char state;
+
+ for (i = 0; i < applied; i++) {
+ /* print the delimiter for every -n- entry */
+ if (i && !(i % APPL_NODE_STATUS_WIDTH))
+ printf(",");
+
+ state = map_get(up_map, i) ? 'U' : 'D';
+ printf("%c", state);
+ }
+}
+
+/* print the non applied members, since we dont know
+ * the members, we print them along with the state
+ */
+static void link_mon_print_non_applied(uint16_t applied, uint16_t member_cnt,
+ uint64_t up_map, uint32_t *members)
+{
+ int i;
+ char state;
+
+ printf(" [");
+ for (i = applied; i < member_cnt; i++) {
+ char addr_str[16];
+
+ /* print the delimiter for every entry */
+ if (i != applied)
+ printf(",");
+
+ sprintf(addr_str, "%u.%u.%u:", tipc_zone(members[i]),
+ tipc_cluster(members[i]), tipc_node(members[i]));
+ state = map_get(up_map, i) ? 'U' : 'D';
+ printf("%s%c", addr_str, state);
+ }
+ printf("]");
+}
+
+static void link_mon_print_peer_state(const uint32_t addr, const char *status,
+ const char *monitored,
+ const uint32_t dom_gen)
+{
+ char addr_str[16];
+
+ sprintf(addr_str, "%u.%u.%u", tipc_zone(addr), tipc_cluster(addr),
+ tipc_node(addr));
+
+ printf("%-*s", MAX_NODE_WIDTH, addr_str);
+ printf("%-*s", STATUS_WIDTH, status);
+ printf("%-*s", DIRECTLY_MON_WIDTH, monitored);
+ printf("%-*u", MAX_DOM_GEN_WIDTH, dom_gen);
+}
+
+static int link_mon_peer_list_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct nlattr *attrs[TIPC_NLA_MON_PEER_MAX + 1] = {};
+ struct nlattr *info[TIPC_NLA_MAX + 1] = {};
+ uint16_t member_cnt;
+ uint32_t applied;
+ uint32_t dom_gen;
+ uint64_t up_map;
+ char status[16];
+ char monitored[16];
+
+ mnl_attr_parse(nlh, sizeof(*genl), parse_attrs, info);
+ if (!info[TIPC_NLA_MON_PEER])
+ return MNL_CB_ERROR;
+
+ mnl_attr_parse_nested(info[TIPC_NLA_MON_PEER], parse_attrs, attrs);
+
+ (attrs[TIPC_NLA_MON_PEER_LOCAL] || attrs[TIPC_NLA_MON_PEER_HEAD]) ?
+ strcpy(monitored, "direct") :
+ strcpy(monitored, "indirect");
+
+ attrs[TIPC_NLA_MON_PEER_UP] ?
+ strcpy(status, "up") :
+ strcpy(status, "down");
+
+ dom_gen = attrs[TIPC_NLA_MON_PEER_DOMGEN] ?
+ mnl_attr_get_u32(attrs[TIPC_NLA_MON_PEER_DOMGEN]) : 0;
+
+ link_mon_print_peer_state(mnl_attr_get_u32(attrs[TIPC_NLA_MON_PEER_ADDR]),
+ status, monitored, dom_gen);
+
+ applied = mnl_attr_get_u32(attrs[TIPC_NLA_MON_PEER_APPLIED]);
+
+ if (!applied)
+ goto exit;
+
+ up_map = mnl_attr_get_u64(attrs[TIPC_NLA_MON_PEER_UPMAP]);
+
+ member_cnt = mnl_attr_get_payload_len(attrs[TIPC_NLA_MON_PEER_MEMBERS]);
+
+ /* each tipc address occupies 4 bytes of payload, hence compensate it */
+ member_cnt /= sizeof(uint32_t);
+
+ link_mon_print_applied(applied, up_map);
+
+ link_mon_print_non_applied(applied, member_cnt, up_map,
+ mnl_attr_get_payload(attrs[TIPC_NLA_MON_PEER_MEMBERS]));
+
+exit:
+ printf("\n");
+
+ return MNL_CB_OK;
+}
+
+static int link_mon_peer_list(uint32_t mon_ref)
+{
+ struct nlmsghdr *nlh;
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ struct nlattr *nest;
+
+ nlh = msg_init(buf, TIPC_NL_MON_PEER_GET);
+ if (!nlh) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+
+ nest = mnl_attr_nest_start(nlh, TIPC_NLA_MON);
+ mnl_attr_put_u32(nlh, TIPC_NLA_MON_REF, mon_ref);
+ mnl_attr_nest_end(nlh, nest);
+
+ return msg_dumpit(nlh, link_mon_peer_list_cb, NULL);
+}
+
+static int link_mon_list_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct nlattr *info[TIPC_NLA_MAX + 1] = {};
+ struct nlattr *attrs[TIPC_NLA_MON_MAX + 1] = {};
+ char *req_bearer = data;
+ const char *bname;
+ const char title[] =
+ "node status monitored generation applied_node_status [non_applied_node:status]";
+
+ mnl_attr_parse(nlh, sizeof(*genl), parse_attrs, info);
+ if (!info[TIPC_NLA_MON])
+ return MNL_CB_ERROR;
+
+ mnl_attr_parse_nested(info[TIPC_NLA_MON], parse_attrs, attrs);
+
+ bname = mnl_attr_get_str(attrs[TIPC_NLA_MON_BEARER_NAME]);
+
+ if (*req_bearer && (strcmp(req_bearer, bname) != 0))
+ return MNL_CB_OK;
+
+ printf("\nbearer %s\n", bname);
+ printf("%s\n", title);
+
+ if (mnl_attr_get_u32(attrs[TIPC_NLA_MON_PEERCNT]))
+ link_mon_peer_list(mnl_attr_get_u32(attrs[TIPC_NLA_MON_REF]));
+
+ return MNL_CB_OK;
+}
+
+static void cmd_link_mon_list_help(struct cmdl *cmdl)
+{
+ fprintf(stderr, "Usage: %s monitor list [ media MEDIA ARGS...]\n\n",
+ cmdl->argv[0]);
+ print_bearer_media();
+}
+
+static void cmd_link_mon_list_l2_help(struct cmdl *cmdl, char *media)
+{
+ fprintf(stderr,
+ "Usage: %s monitor list media %s device DEVICE [OPTIONS]\n",
+ cmdl->argv[0], media);
+}
+
+static void cmd_link_mon_list_udp_help(struct cmdl *cmdl, char *media)
+{
+ fprintf(stderr,
+ "Usage: %s monitor list media udp name NAME\n\n",
+ cmdl->argv[0]);
+}
+
+static int cmd_link_mon_list(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+ char bname[TIPC_MAX_BEARER_NAME] = {0};
+ struct opt opts[] = {
+ { "media", OPT_KEYVAL, NULL },
+ { "device", OPT_KEYVAL, NULL },
+ { "name", OPT_KEYVAL, NULL },
+ { NULL }
+ };
+ struct tipc_sup_media sup_media[] = {
+ { "udp", "name", cmd_link_mon_list_udp_help},
+ { "eth", "device", cmd_link_mon_list_l2_help },
+ { "ib", "device", cmd_link_mon_list_l2_help },
+ { NULL, },
+ };
+
+ int err;
+
+ if (parse_opts(opts, cmdl) < 0)
+ return -EINVAL;
+
+ if (get_opt(opts, "media")) {
+ err = cmd_get_unique_bearer_name(cmd, cmdl, opts, bname,
+ sup_media);
+ if (err)
+ return err;
+ }
+
+ if (help_flag) {
+ cmd->help(cmdl);
+ return -EINVAL;
+ }
+
+ nlh = msg_init(buf, TIPC_NL_MON_GET);
+ if (!nlh) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+
+ return msg_dumpit(nlh, link_mon_list_cb, bname);
+}
+
+static void cmd_link_mon_set_help(struct cmdl *cmdl)
+{
+ fprintf(stderr, "Usage: %s monitor set PPROPERTY\n\n"
+ "PROPERTIES\n"
+ " threshold SIZE - Set monitor activation threshold\n",
+ cmdl->argv[0]);
+}
+
+static int cmd_link_mon_set(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ const struct cmd cmds[] = {
+ { "threshold", cmd_link_mon_set_prop, NULL },
+ { NULL }
+ };
+
+ return run_cmd(nlh, cmd, cmds, cmdl, NULL);
+}
+
+static void cmd_link_mon_get_help(struct cmdl *cmdl)
+{
+ fprintf(stderr, "Usage: %s monitor get PPROPERTY\n\n"
+ "PROPERTIES\n"
+ " threshold - Get monitor activation threshold\n",
+ cmdl->argv[0]);
+}
+
+static int link_mon_get_cb(const struct nlmsghdr *nlh, void *data)
+{
+ struct genlmsghdr *genl = mnl_nlmsg_get_payload(nlh);
+ struct nlattr *info[TIPC_NLA_MAX + 1] = {};
+ struct nlattr *attrs[TIPC_NLA_MON_MAX + 1] = {};
+
+ mnl_attr_parse(nlh, sizeof(*genl), parse_attrs, info);
+ if (!info[TIPC_NLA_MON])
+ return MNL_CB_ERROR;
+
+ mnl_attr_parse_nested(info[TIPC_NLA_MON], parse_attrs, attrs);
+ if (!attrs[TIPC_NLA_MON_ACTIVATION_THRESHOLD])
+ return MNL_CB_ERROR;
+
+ printf("%u\n",
+ mnl_attr_get_u32(attrs[TIPC_NLA_MON_ACTIVATION_THRESHOLD]));
+
+ return MNL_CB_OK;
+}
+
+static int cmd_link_mon_get_prop(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ char buf[MNL_SOCKET_BUFFER_SIZE];
+
+ nlh = msg_init(buf, TIPC_NL_MON_GET);
+ if (!nlh) {
+ fprintf(stderr, "error, message initialisation failed\n");
+ return -1;
+ }
+
+ return msg_doit(nlh, link_mon_get_cb, NULL);
+}
+
+static int cmd_link_mon_get(struct nlmsghdr *nlh, const struct cmd *cmd,
+ struct cmdl *cmdl, void *data)
+{
+ const struct cmd cmds[] = {
+ { "threshold", cmd_link_mon_get_prop, NULL},
+ { NULL }
+ };
+
+ return run_cmd(nlh, cmd, cmds, cmdl, NULL);
+}
+
+static void cmd_link_mon_help(struct cmdl *cmdl)
+{
+ fprintf(stderr,
+ "Usage: %s montior COMMAND [ARGS] ...\n\n"
+ "COMMANDS\n"
+ " set - Set monitor properties\n"
+ " get - Get monitor properties\n"
+ " list - List all cluster members\n"
+ " summary - Show local node monitor summary\n",
+ cmdl->argv[0]);
+}
+
+static int cmd_link_mon(struct nlmsghdr *nlh, const struct cmd *cmd, struct cmdl *cmdl,
+ void *data)
+{
+ const struct cmd cmds[] = {
+ { "set", cmd_link_mon_set, cmd_link_mon_set_help },
+ { "get", cmd_link_mon_get, cmd_link_mon_get_help },
+ { "list", cmd_link_mon_list, cmd_link_mon_list_help },
+ { "summary", cmd_link_mon_summary, NULL },
+ { NULL }
+ };
+
+ return run_cmd(nlh, cmd, cmds, cmdl, NULL);
+}
+
void cmd_link_help(struct cmdl *cmdl)
{
fprintf(stderr,
@@ -501,7 +915,8 @@
" list - List links\n"
" get - Get various link properties\n"
" set - Set various link properties\n"
- " statistics - Show or reset statistics\n",
+ " statistics - Show or reset statistics\n"
+ " monitor - Show or set link supervision\n",
cmdl->argv[0]);
}
@@ -513,6 +928,7 @@
{ "list", cmd_link_list, NULL },
{ "set", cmd_link_set, cmd_link_set_help },
{ "statistics", cmd_link_stat, cmd_link_stat_help },
+ { "monitor", cmd_link_mon, cmd_link_mon_help },
{ NULL }
};
diff --git a/tipc/media.c b/tipc/media.c
index a902ab7..6e10c7e 100644
--- a/tipc/media.c
+++ b/tipc/media.c
@@ -93,7 +93,7 @@
struct nlattr *nest;
struct opt *opt;
struct opt opts[] = {
- { "media", NULL },
+ { "media", OPT_KEYVAL, NULL },
{ NULL }
};
@@ -173,7 +173,7 @@
struct nlattr *attrs;
struct opt *opt;
struct opt opts[] = {
- { "media", NULL },
+ { "media", OPT_KEYVAL, NULL },
{ NULL }
};
diff --git a/tipc/node.c b/tipc/node.c
index 201fe1a..fe085ae 100644
--- a/tipc/node.c
+++ b/tipc/node.c
@@ -109,7 +109,8 @@
socklen_t sz = sizeof(struct sockaddr_tipc);
struct sockaddr_tipc addr;
- if (!(sk = socket(AF_TIPC, SOCK_RDM, 0))) {
+ sk = socket(AF_TIPC, SOCK_RDM, 0);
+ if (sk < 0) {
fprintf(stderr, "opening TIPC socket: %s\n", strerror(errno));
return -1;
}
